APHRODITE: an Anomaly-based Architecture for False Positive Reduction

We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimall

ATLANTIDES: Automatic Configuration for Alert Verification in Network Intrusion Detection Systems

We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%

Verifying Policy Enforcers

Policy enforcers are sophisticated runtime components that can prevent failures by enforcing the correct behavior of the software. While a single enforcer can be easily designed focusing only on the behavior of the application that must be monitored, the effect of multiple enforcers that enforce different policies might be hard to predict. So far, mechanisms to resolve interferences between enforcers have been based on priority mechanisms and heuristics. Although these methods provide a mechanism to take decisions when multiple enforcers try to affect the execution at a same time, they do not guarantee the lack of interference on the global behavior of the system. In this paper we present a verification strategy that can be exploited to discover interferences between sets of enforcers and thus safely identify a-priori the enforcers that can co-exist at run-time. In our evaluation, we experimented our verification method with several policy enforcers for Android and discovered some incompatibilities.Comment: Oliviero Riganelli, Daniela Micucci, Leonardo Mariani, and Yli\`es Falcone. Verifying Policy Enforcers. Proceedings of 17th International Conference on Runtime Verification (RV), 2017. (to appear

An Access Control Model for NoSQL Databases

Current development platforms are web scale, unlike recent platforms which were just network scale. There has been a rapid evolution in computing paradigm that has created the need for data storage as agile and scalable as the applications they support. Relational databases with their joins and locks influence performance in web scale systems negatively. Thus, various types of non-relational databases have emerged in recent years, commonly referred to as NoSQL databases. To fulfill the gaps created by their relational counter-part, they trade consistency and security for performance and scalability. With NoSQL databases being adopted by an increasing number of organizations, the provision of security for them has become a growing concern. This research presents a context based abstract model by extending traditional role based access control for access control in NoSQL databases. The said model evaluates and executes security policies which contain versatile access conditions against the dynamic nature of data. The goal is to devise a mechanism for a forward looking, assertive yet flexible security feature to regulate access to data in the database system that is devoid of rigid structures and consistency, namely a document based database such as MongoDB

Characterizations on microencapsulated sunflower oil as self-healing agent using In situ polymerization method

This paper emphasizes the characterization on the microencapsulation of sunflower oil as self-healing agent. In-situ polymerization method mainly implicates in the microencapsulation process. The analysis of microencapsulated sunflower oil via prominent characterization of yield of microcapsules, microcapsules characteristics and Fourier Transmission Infa-Red Spectroscopy (FTIR). The prime optimization used was reaction time of microencapsulation process in the ranges of 2, 3 and 4 h. The higher reaction time of microencapsulation process resulted in a higher yield of microcapsules. The yield of microcapsules increases from 46 to 53% respectively by the increasing of reaction time from 2 to 4 h. The surface morphology study associating the diameter of microcapsules measured to analyse the prepared microcapsules. It was indicated that microcapsules were round in shape with smooth micro-surfaces. It was discovered that the diameter of microcapsules during microencapsulation process after 4 h reaction time was in average of 70.53 μm. This size was measured before filtering the microcapsules with solvent and dried in vacuum oven. Apparently, after filtering and drying stage, the diameter of microcapsules specifically identified under Field Emission Scanning Electron Microscopy (FESEM) showing the size of 2.33 μm may be due to the removing the suspended oil surrounded the microcapsules. Sunflower oil as core content and urea formaldehyde (UF) as shell of microcapsules demonstrated the proven chemical properties on characterization by FTIR with the stretching peak of 1537.99 - 1538.90 cm-1 (-H in -CH2), 1235.49 - 1238.77 cm-1 (C-O-C Vibrations at Ester) and 1017.65 - 1034.11 cm-1 (C-OH Stretching Vibrations). It was showed that sunflower oil can be considered as an alternative nature resource for self-healing agent in microencapsulation process. The characterization of microencapsulated sunflower oil using in-situ polymerization method showed that sunflower oil was viable self-healing agent to be encapsulated and incorporated in metal coating