发布求助
文献互助 智能选刊 最新文献

2010 European Conference on Computer Network Defense最新文献

筛选
英文 中文
Empirical Evaluation of the Internet Analysis System for Application in the Field of Anomaly Detection 互联网分析系统在异常检测领域应用的实证评价
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.10
Harald Lampesberger
{"title":"Empirical Evaluation of the Internet Analysis System for Application in the Field of Anomaly Detection","authors":"Harald Lampesberger","doi":"10.1109/EC2ND.2010.10","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.10","url":null,"abstract":"Anomaly detection in computer networks is an actively researched topic in the field of intrusion detection. The Internet Analysis System (IAS) is a software framework which provides passive probes and centralized backend services to collect purely statistical network data in distributed computer networks. This paper presents an empirical evaluation of the IAS data format for detecting anomalies, caused by attack traffic. This process involved the generation of labeled evaluation data based on the 1999 DARPA Intrusion Detection Evaluation data sets and two different supervised machine learning approaches for the assessment. The results of this evaluation conclude, that the IAS is not a convenient data source for advanced anomaly detection in the scope of our research.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114713032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
USB Device Drivers: A Stepping Stone into Your Kernel USB设备驱动程序:进入内核的踏脚石
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.16
M. Jodeit, Martin Johns
{"title":"USB Device Drivers: A Stepping Stone into Your Kernel","authors":"M. Jodeit, Martin Johns","doi":"10.1109/EC2ND.2010.16","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.16","url":null,"abstract":"The widely–used Universal Serial Bus (USB) exposes a physical attack vector which has received comparatively little attention in the past. While most research on device driver vulnerabilities concentrated on wireless protocols, we show that USB device drivers provide the same potential for vulnerabilities but offer a larger attack surface resulting from the universal nature of the USB protocol. To demonstrate the effectiveness of fuzzing USB device drivers, we present our prototypical implementation of a mutation–based, man-in-the-middle USB fuzzing framework based on an emulated environment. We practically applied our framework to fuzz the communication between an Apple iPod device and a WindowsXP system. This way, we found several potential vulnerabilities. This supports our claim that the USB architecture exposes real attack vectors and should be considered when assessing the physical security of computer systems in the future.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"208 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132014052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A Case of Aiming in Dim Light 一种寻找缓冲区溢出漏洞的进化计算方法:以昏暗光线下瞄准为例
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.14
S. Rawat, L. Mounier
{"title":"An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A Case of Aiming in Dim Light","authors":"S. Rawat, L. Mounier","doi":"10.1109/EC2ND.2010.14","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.14","url":null,"abstract":"We propose an approach in the form of a light weight smart fuzzer to generate string based inputs to detect buffer overflow vulnerability in C code. The approach is based on an evolutionary algorithm which is a combination of genetic algorithm and evolutionary strategies. In this preliminary work we focus on the problem that there are constraints on string inputs that must be satisfied in order to reach the vulnerable statement in the code and we have very little or no knowledge about them. Unlike other similar approaches, our approach is able to generate such inputs without knowing these constraints explicitly. It learns these constraints automatically while generating inputs dynamically by executing the vulnerable program. We provide few empirical results on a benchmarking dataset-Verisec suite of programs.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126036880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Response Initiation in Distributed Intrusion Response Systems for Tactical MANETs 战术机动网络中分布式入侵响应系统的响应发起
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.11
G. Klein, H. Rogge, F. Schneider, Jens Toelle, M. Jahnke, S. Karsch
{"title":"Response Initiation in Distributed Intrusion Response Systems for Tactical MANETs","authors":"G. Klein, H. Rogge, F. Schneider, Jens Toelle, M. Jahnke, S. Karsch","doi":"10.1109/EC2ND.2010.11","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.11","url":null,"abstract":"Even though Intrusion Detection Systems (IDS) are in wide-spread use, the question of how to efficiently initiate responses to detected attacks has been discussed far less often, especially in highly dynamic scenarios such as tactical MANETs. Despite being ???exible and robust in their ability to self-organize, these MANETS are distinctly more susceptible to attacks than their wired counterparts. Especially in military settings such as the interconnection of infantrymen or autonomous robots, remote initiation of countermeasures is critical since local administrative personnel may not be available. In this contribution we present an architecture for response initiation that is specifically tailored to the requirements intrinsic to mobile ad hoc networks in these settings. First we introduce IRMEF (Intrusion Response Message Exchange Format) as a means of specifying and parameterizing responses remotely which is an extension of the IDMEF RFC, an experimental yet well-established and recommended IETF draft for formatting event messages. Response initiation messages are dispatched from a central location via a secure, reliable, and robust communication infrastructure based on SNMPv3. An Authenticated Flooding service ensures that messages are delivered to their destination even while the network is under attack. Locally installed responder components are responsible for the application of the response measure. These mechanisms are designed and implemented explicitly with the limitations in mind which are imposed by the MANET operating environment: For example, resource constraints are taken into account by avoiding bandwidth intensive message formats, and the use of an intelligent ???ooding mechanism ensures resiliency under routing attacks.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127697187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
iLeak: A Lightweight System for Detecting Inadvertent Information Leaks iLeak:一个用于检测无意信息泄漏的轻量级系统
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.13
V. Kemerlis, Vasilis Pappas, G. Portokalidis, A. Keromytis
{"title":"iLeak: A Lightweight System for Detecting Inadvertent Information Leaks","authors":"V. Kemerlis, Vasilis Pappas, G. Portokalidis, A. Keromytis","doi":"10.1109/EC2ND.2010.13","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.13","url":null,"abstract":"Data loss incidents, where data of sensitive nature are exposed to the public, have become too frequent and have caused damages of millions of dollars to companies and other organizations. Repeatedly, information leaks occur over the Internet, and half of the time they are accidental, caused by user negligence, misconfiguration of software, or inadequate understanding of an application’s functionality. This paper presents iLeak, a lightweight, modular system for detecting inadvertent information leaks. Unlike previous solutions, iLeak builds on components already present in modern computers. In particular, we employ system tracing facilities and data indexing services, and combine them in a novel way to detect data leaks. Our design consists of three components: uaudits are responsible for capturing the information that exits the system, while Inspectors use the indexing service to identify if the transmitted data belong to files that contain potentially sensitive information. The Trail Gateway handles the communication and synchronization of uaudits and Inspectors. We implemented iLeak on Mac OS X using DTrace and the Spotlight indexing service. Finally, we show that iLeak is indeed lightweight, since it only incurs 4% overhead on protected applications.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"8 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132398298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Experiences and Observations from the NoAH Infrastructure 诺亚基础设施的经验和观察
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.12
Georgios Kontaxis, Iasonas Polakis, S. Antonatos, E. Markatos
{"title":"Experiences and Observations from the NoAH Infrastructure","authors":"Georgios Kontaxis, Iasonas Polakis, S. Antonatos, E. Markatos","doi":"10.1109/EC2ND.2010.12","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.12","url":null,"abstract":"Monitoring large chunks of unused IP address space yields interesting observations and useful results. However, the volume and diversity of the collected data makes the extraction of information a challenging task. Additionally, the maintenance of the monitoring infrastructure is another demanding and time-consuming effort. To overcome these problems, we present several visualization techniques that enable users to observe what happens in their unused address space over arbitrary time periods and provide the necessary tools for administrators to monitor their infrastructure. Our approach, which is based on open-source standard technologies, transforms the raw information at the network level and provides a customized and Web-accessible view. In this paper, we present the design, implementation and early experiences of the visualization techniques and tools deployed for the NoAH project, a large-scale honey pot-based infrastructure. Additionally, we provide a traffic analysis of data collected over a six month period of our infrastructure's operation. During the data collection period, we observed that the number of attackers continually increased as did the volume of traffic they generated. Furthermore, interesting patterns for specific types of traffic have been identified, such as the diurnal cycle of the traffic targeting TCP port 445 (Windows Directory Services), the port that receives the largest volume of attack traffic.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115523977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
HTTPreject: Handling Overload Situations without Losing the Contact to the User HTTPreject:在不失去与用户联系的情况下处理过载情况
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.7
J. Schneider, Sebastian Koch
{"title":"HTTPreject: Handling Overload Situations without Losing the Contact to the User","authors":"J. Schneider, Sebastian Koch","doi":"10.1109/EC2ND.2010.7","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.7","url":null,"abstract":"The web is a crucial source of information nowadays. At the same time, web applications become more and more complex. Therefore, a spontaneous increase in the number of visitors, e.g., based on news reports or events, easily brings a web server in an overload situation. In contrast to the classical model of distributed denial of service (DDoS) attacks, such a so-called flash effect situation is not triggered by a bulk of bots just aiming at hurting the system but by humans with a high interest in the content of the web site itself. While the bots do not stop their attack until told so by their operator, the user try repeatedly to access the site without knowing that the repeated reloads effectively increase the web server's overload. Classical approaches try to distinguish between real user and harmful requests, which is not applicable in this scenario. Simply restricting the number of connections leads to very technical error messages displayed by the users' client software if at all. Therefore, we propose a mean to efficiently block connection attempts and to keep the user informed at the same time. A small subset of HTTP and TCP is state lessly implemented to display simple busy messages or relevant news updates to the end user with only few resources. In this paper we present the protocol subset used and discuss the compatibility problems on the protocol and client software level. Furthermore, we show the results of performance experiments using a prototype implementation.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"333 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124696035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Embedded Malware - An Analysis of the Chuck Norris Botnet 嵌入式恶意软件-查克诺里斯僵尸网络分析
2010 European Conference on Computer Network Defense Pub Date : 2010-10-28 DOI: 10.1109/EC2ND.2010.15
Pavel Čeleda, Radek Krejcí, Jan Vykopal, Martin Drasar
{"title":"Embedded Malware - An Analysis of the Chuck Norris Botnet","authors":"Pavel Čeleda, Radek Krejcí, Jan Vykopal, Martin Drasar","doi":"10.1109/EC2ND.2010.15","DOIUrl":"https://doi.org/10.1109/EC2ND.2010.15","url":null,"abstract":"This paper describes a new botnet that we have discovered at the beginning of December 2009. Our Net Flow-based network monitoring system reported an increasing amount of Telnet scanning probes. Tracing back to a source we have identified world wide infected DSL modems and home routers. Nowadays, various vendors use Linux in this kind of devices. A further investigation has shown that most of deployed SoHo (small office/home office) devices use default passwords or an unpatched vulnerable firmware. Some devices allow a remote access via Telnet, SSH or a web interface. Linux malware exploiting weak passwords allows fast propagation and a virtually unlimited potential for malicious activities. In comparison to a traditional desktop oriented malware, end users have almost no chance to discover a bot infection. We call the botnet after Chuck Norris because an early version included the string [R]anger Killato : in nome di Chuck Norris!","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128971674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信