发布求助
文献互助 智能选刊 最新文献

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)最新文献

筛选
英文 中文
Game theory-based defense mechanisms against DDoS attacks on TCP/TCP-friendly flows 基于博弈论的TCP/TCP友好流DDoS攻击防御机制
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949407
H. Bedi, Sankardas Roy, S. Shiva
{"title":"Game theory-based defense mechanisms against DDoS attacks on TCP/TCP-friendly flows","authors":"H. Bedi, Sankardas Roy, S. Shiva","doi":"10.1109/CICYBS.2011.5949407","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949407","url":null,"abstract":"While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. To this end, game theory poses huge potential in building a defense architecture based on a solid analytical setting. In this paper, we explore the applicability of game theoretic approaches to the cyber security problem while keeping the focus on active bandwidth depletion attacks on TCP/TCP-friendly flows. We model the interaction between the attacker and the defender as a game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender's challenge is to determine optimal firewall settings to block rogue traffic while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build a static game model to compute the Nash equilibrium that represents the best strategy for the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117217756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
Biodiversity: A security approach for ad hoc networks 生物多样性:自组织网络的安全方法
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949388
Jennifer T. Jackson, S. Creese, M. Leeson
{"title":"Biodiversity: A security approach for ad hoc networks","authors":"Jennifer T. Jackson, S. Creese, M. Leeson","doi":"10.1109/CICYBS.2011.5949388","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949388","url":null,"abstract":"Maintaining an adequate level of security in computer networks is a co-evolving process between improved security techniques and ever more sophisticated attack methods. Our appetite for new technologies shows no abating, evidenced most recently by the smartphone market. Malware continues to be a growing problem and saturation times are becoming so rapid that a continued reliance on signature based protection is becoming impractical as a strategy. We urgently require techniques which enable us to adapt to, and be tolerant of, malicious activity, even if it is an entirely new form of attack, to achieve resilience where otherwise our security fails. Ecology research has found that the impact of disturbances to a community, such as the spread of certain types of viruses, can be reduced by a greater level of biodiversity. There are similarities between dynamic ad hoc networks and natural communities due to their movement and short range communication patterns. We explore here whether biodiversity might offer a security strategy for ad hoc networks.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122610367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Large in-memory cyber-physical security-related analytics via scalable coherent shared memory architectures 通过可扩展的一致共享内存架构进行大型内存网络物理安全相关分析
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949414
John R. Williams, Sergio Herrero, Christopher Leonardi, Steve Chan, Abel Sanchez, Z. Aung
{"title":"Large in-memory cyber-physical security-related analytics via scalable coherent shared memory architectures","authors":"John R. Williams, Sergio Herrero, Christopher Leonardi, Steve Chan, Abel Sanchez, Z. Aung","doi":"10.1109/CICYBS.2011.5949414","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949414","url":null,"abstract":"Cyber-physical security-related queries and analytics run on traditional relational databases can take many hours to return. Furthermore, programming analytics on distributed databases requires great skill, and there is a shortage of such talent worldwide. In this talk on computational intelligence within cyber security, we will review developments of processing large datasets in-memory using a coherent shared memory approach. The coherent shared memory approach allows programmers to view a cluster of servers as a system with a single large RAM. By hiding the actual system architecture under a software layer, we proffer a more intuitive programming model. Furthermore, the design of applications is “timeless” since hardware upgrades require no changes to the software. The advantages of shared memory are countered by some disadvantages in that race conditions can occur; however, in many of these cases, we can provide models that protect us against such problems. Exemplars include sensemaking of Twitter feeds, the processing of Smart Meter datasets, and the large scale simulation of the caching of files at disparate points around the globe.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128234352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Intelligence, not integration: Distributed regret minimization for IDS Control 智能,而不是集成:IDS控制的分布式遗憾最小化
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949406
M. Rehák, Jan Stiborek, Martin Grill
{"title":"Intelligence, not integration: Distributed regret minimization for IDS Control","authors":"M. Rehák, Jan Stiborek, Martin Grill","doi":"10.1109/CICYBS.2011.5949406","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949406","url":null,"abstract":"We present an empirical study of regret minimization procedure used in a distributed Intrusion Detection System (IDS) to independently adapt the self-contained components of the system without any explicit coordination. We show that the regret minimization methods can be used to build survivable distributed security systems that can only communicate using standard data-transfer protocols (NetFlow, selective traffic mirroring or alerts) and do not need to rely on explicit communication required by more elaborate coordination protocols. The intended impact is dramatically easier integration, maintenance and repair of IDS systems, with only a small impact on system characteristics.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"02 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129113443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Genetic optimization and hierarchical clustering applied to encrypted traffic identification 遗传优化和分层聚类在加密流量识别中的应用
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949391
C. Bacquet, A. N. Zincir-Heywood, M. Heywood
{"title":"Genetic optimization and hierarchical clustering applied to encrypted traffic identification","authors":"C. Bacquet, A. N. Zincir-Heywood, M. Heywood","doi":"10.1109/CICYBS.2011.5949391","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949391","url":null,"abstract":"An important part of network management requires the accurate identification and classification of network traffic for decisions regarding bandwidth management, quality of service, and security. This work explores the use of a Multi-Objective Genetic Algorithm (MOGA) for both, feature selection and cluster count optimization, for an unsupervised machine learning technique, K-Means, applied to encrypted traffic identification. Specifically, a hierarchical K-Means algorithm is employed, comparing its performance to the MOGA with a non-hierarchical (flat) K-Means algorithm. The latter has already been benchmarked against common unsupervised techniques found in the literature, where results have favored the proposed MOGA. The purpose of this paper is to explore the gains, if any, obtained by increasing cluster purity in the proposed model by means of a second layer of clusters. In this work, SSH is chosen as an example of an encrypted application. However, nothing prevents the proposed model to work with other types of encrypted traffic, such as SSL or Skype. Results show that with the hierarchical MOGA, significant gains are observed in terms of the classification performance of the system.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114526081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Phishing detection using stochastic learning-based weak estimators 基于随机学习的弱估计的网络钓鱼检测
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949409
J. Zhan, Lijo Thomas
{"title":"Phishing detection using stochastic learning-based weak estimators","authors":"J. Zhan, Lijo Thomas","doi":"10.1109/CICYBS.2011.5949409","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949409","url":null,"abstract":"Phishing attack has been a serious concern to online banking and e-commerce websites. This paper proposes a method to detect and filter phishing emails in dynamic environment by applying a family of weak estimators. Anomaly detection identifies observations that deviate from the normal behavior of a system and is achieved by identifying the phenomena that characterize the “normal” observation. The new observations are classified either a normal or abnormal based on the characteristics of data learnt. Most of the anomaly detection works with the assumption that the underlying distributions of observations are stationary, where this assumption is relevant to many applications. However some detection problem occurs within environments that are non-stationary. One good example to demonstrate the information is by identifying anomalous temperature pattern in meteorology that takes into account the seasonal changes of normal observations. It is necessary that anomalous observations are identified even with the changes or acquire the ability to adapt to the variations in non-stationary environments. Our experimental results show the feasibility and effectiveness of our approach.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131918510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Design considerations for a case-based reasoning engine for scenario-based cyber incident notification 用于基于场景的网络事件通知的基于案例的推理引擎的设计注意事项
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949397
Stephen M. Woskov, M. Grimaila, R. Mills, M. Haas
{"title":"Design considerations for a case-based reasoning engine for scenario-based cyber incident notification","authors":"Stephen M. Woskov, M. Grimaila, R. Mills, M. Haas","doi":"10.1109/CICYBS.2011.5949397","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949397","url":null,"abstract":"Virtually all modern organizations have embedded information systems into their core business processes as a means to increase operational efficiency, improve decision making quality, and minimize costs. Unfortunately, this dependence can place an organization's mission at risk if the confidentiality, integrity, or availability of a critical information resource has been lost or degraded. Within the military, this type of incident could ultimately result in serious consequences including physical destruction and loss of life. To reduce the likelihood of this outcome, personnel must be informed about cyber incidents, and their potential consequences, in a timely and relevant manner so that appropriate contingency actions can be taken. In this paper, we identify criteria for improving the relevance of incident notification, propose the use of case-based reasoning (CBR) for contingency decision support, and identify key design considerations for implementing a CBR system used to deliver relevant notification following a cyber incident.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115468981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Hybrid of the prefix algorithm and the q-hidden algorithm for generating single negative databases 基于前缀算法和q-hidden算法的单负数据库生成混合算法
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949400
Ran Liu, Wenjian Luo, Xufa Wang
{"title":"A Hybrid of the prefix algorithm and the q-hidden algorithm for generating single negative databases","authors":"Ran Liu, Wenjian Luo, Xufa Wang","doi":"10.1109/CICYBS.2011.5949400","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949400","url":null,"abstract":"The negative database (NDB) is a complement of the corresponding database. The NDB could protect the privacy of the data, but it should be complete and hard-to-reverse. However, existent techniques cannot generate the complete and hard-to-reverse negative database. In this paper, a hybrid method is proposed to generate single negative databases. The proposed hybrid method includes two phases. Firstly, a complete negative database with a small size is generated by the transformation of the prefix algorithm. Secondly, a hard-to-reverse negative database, which is generated with the q-hidden method, is added into the small complete negative database. Therefore, the hybrid negative database is both complete and hard-to-reverse. Experiment results show that the NDB generated by the hybrid method is better than the NDB generated by the typical q-hidden method. Especially, the NDB generated by the q-hidden method can be reversed on average when the string length is 300. However, the NDB generated by the hybrid method cannot be reversed on average when the string length is 150.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"111 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117199307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Modeling cyber conflicts using an extended Petri Net formalism 使用扩展Petri网形式化建模网络冲突
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949385
A. Zakrzewska, Erik M. Ferragut
{"title":"Modeling cyber conflicts using an extended Petri Net formalism","authors":"A. Zakrzewska, Erik M. Ferragut","doi":"10.1109/CICYBS.2011.5949385","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949385","url":null,"abstract":"When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real-time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129509852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Addressing the need for independence in the CSE model 解决CSE模型中对独立性的需求
2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI: 10.1109/CICYBS.2011.5949395
R. Abercrombie, Erik M. Ferragut, Frederick T. Sheldon, M. Grimaila
{"title":"Addressing the need for independence in the CSE model","authors":"R. Abercrombie, Erik M. Ferragut, Frederick T. Sheldon, M. Grimaila","doi":"10.1109/CICYBS.2011.5949395","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949395","url":null,"abstract":"Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130689746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信