11 research outputs found

    Classification of Polymorphic Virus Based on Integrated Features

    Get PDF
    Standard virus classification relies on the use of virus function, which is a small number of bytes written in assembly language. The addressable problem with current malware intrusion detection and prevention system is having difficulties in detecting unknown and multipath polymorphic computer virus solely based on either static or dynamic features. Thus, this paper presents an effective and efficient polymorphic classification technique based on integrated features. The integrated feature is selected based on Information Gain (IG) rank value between static and dynamic features. Then, all datasets are tested on Naïve Bayes and Random Forest classifiers. We extracted 49 features from 700 polymorphic computer virus samples from Netherland Net Lab and VXHeaven, which includes benign and polymorphic virus function. We spilt the dataset based on 60:40 split ratio sizes for training and testing respectively. Our proposed integrated features manage to achieve 98.9% of accuracy value

    Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns

    Get PDF
    Cloud computing inherits all the systems, networks as well asWeb Services’ security vulnerabilities, in particular for software as a service (SaaS), where business applications or services are provided over the Cloud as Web Service (WS). Hence, WS-based applications must be protected against loss of integrity, confidentiality and availability when they are deployed over to the Cloud environment. Many existing IDP systems address only attacks mostly occurring at PaaS and IaaS. In this paper, we present our fuzzy association rule-based (FAR) and fuzzy associative pattern-based (FAP) intrusion detection and prevention (IDP) systems in defending against WS attacks at the SaaS level. Our experimental results have validated the capabilities of these two IDP systems in terms of detection of known attacks and prediction of newvariant attacks with accuracy close to 100%. For each transaction transacted over the Cloud platform, detection, prevention or prediction is carried out in less than five seconds. For load and volume testing on the SaaS where the system is under stress (at a work load of 5000 concurrent users submitting normal, suspicious and malicious transactions over a time interval of 300 seconds), the FAR IDP system provides close to 95% service availability to normal transactions. Future work involves determining more quality attributes besides service availability, such as latency, throughput and accountability for a more trustworthy SaaS

    Deteksi serangan malware pada cloud server menggunakan metode anomaly based

    Get PDF
    INDONESIA: Malware merupakan salah satu jenis serangan yang paling umum dan berbahaya di internet dengan berbagai variasi dan jenisnya. Dengan masifnya perkembangan malware diperlukan sistem deteksi dengan metode yang efektif dan akurat untuk mendeteksi dan mengantisipasi serangan yang datang. Oleh karena itu, dalam penelitian ini bertujuan untuk melakukan implementasi pendekatan terbaru dalam mendeteksi serangan malware pada cloud server dengan tingkat akurasi serta efisiensi sumber daya yang baik. Metode yang diusulkan adalah Anomaly Based yang didukung dengan Isolation Forest sebagai model sistem pakar sehingga mampu meningkatkan akurasi dan efisiensi sumber daya dalam untuk mempercepat waktu komputasi. Data yang digunakan yaitu dataset MTA-KDD'19 oleh Ivan Letteri et al (2020), yang dibagi untuk data latih dan data uji. Proses uji menggunakan 5 fitur, dengan memperoleh tingkat akurasi sebesar 46,67%, presisi 93%, recall 47,05%, dan nilai f-measure 62%. Dari hasil percobaan tersebut, dapat disimpulkan bahwa Anomaly Based dengan model Isolation Forest memiliki kemampuan deteksi yang kurang baik terhadap serangan malware pada cloud server. ENGLISH: Malware is one of the most common and dangerous types of attacks on the internet, with various variations and types. With the massive development of malware, a detection system with effective and accurate methods is needed to detect and anticipate incoming attacks. Therefore, this study aims to implement the latest approach to seeing malware attacks on cloud servers with good accuracy and resource efficiency. The proposed method is Anomaly Based, which is supported by Isolation Forest as an expert system model to increase the accuracy and efficiency of internal resources to speed up computing time. The data used is the MTA-KDD'19 dataset by Ivan Letteri et al. (2020), divided into training and test data. The test process uses five features, obtaining an accuracy rate of 46.67%, 93% precision, 47.05% recall, and 62% f-measure value. From the results of these experiments, it can be concluded that Anomaly Based with the Isolation Forest model has poor detection capabilities against malware attacks on cloud servers. ARABIC: تعد البرمجية الخبيثة نوعا من أنواع الهجوم الأكثر شيوخا وخطيرة على الإنترنت مع كل تنوعها. وبسبب سرعة تطور البرمجيات الخبيثة، فهناك حاجة إلى نظام الكشف بالمنهج الفعالي والصحيح لاكتشاف وتوقع الهجوم القادمة. ولذلك، يهدف هذا البحث إلى تطبيق المدخل الجديد لاكتشاف هجوم البرمجيات الخبيثة على الخادم السحابي مع درجة الدقة وكفاءة الموارد الجيدة. والطريقة المقترحة هي الطريقة المستندة إلى الشذوذ تدعمها غابة العزلة كنموذج نظام الخبراء لكي تقدر على تحسين الدقة وكفاءة الموارد لتسريع وقت الحوسبة. والبيانات المستخدمة هي مجموعة بيانات MTA-KDD’19 لإيفان لتري و وآخرين (2020م) التي تنقسم إلى بيانات التدريب وبيانات الاختبار. استخدمت عملية الاختبار 5 وظائف وحصلت على درجة الدقة 46،67%، والدقة 93%، والاستدعاء 47،05%، وقيمة قياس-ف 62%. استنادا إلى هذه نتائج الاختبار، ففي الختام، إن الطريقة المستندة إلى الشذوذ مع نموذج غابة العزلة لها قدرة اكتشاف هجوم البرمجيات الخبيثة غير جيدة على الخادم السحابي

    A Framework for Hybrid Intrusion Detection Systems

    Get PDF
    Web application security is a definite threat to the world’s information technology infrastructure. The Open Web Application Security Project (OWASP), generally defines web application security violations as unauthorized or unintentional exposure, disclosure, or loss of personal information. These breaches occur without the company’s knowledge and it often takes a while before the web application attack is revealed to the public, specifically because the security violations are fixed. Due to the need to protect their reputation, organizations have begun researching solutions to these problems. The most widely accepted solution is the use of an Intrusion Detection System (IDS). Such systems currently rely on either signatures of the attack used for the data breach or changes in the behavior patterns of the system to identify an intruder. These systems, either signature-based or anomaly-based, are readily understood by attackers. Issues arise when attacks are not noticed by an existing IDS because the attack does not fit the pre-defined attack signatures the IDS is implemented to discover. Despite current IDSs capabilities, little research has identified a method to detect all potential attacks on a system. This thesis intends to address this problem. A particular emphasis will be placed on detecting advanced attacks, such as those that take place at the application layer. These types of attacks are able to bypass existing IDSs, increase the potential for a web application security breach to occur and not be detected. In particular, the attacks under study are all web application layer attacks. Those included in this thesis are SQL injection, cross-site scripting, directory traversal and remote file inclusion. This work identifies common and existing data breach detection methods as well as the necessary improvements for IDS models. Ultimately, the proposed approach combines an anomaly detection technique measured by cross entropy and a signature-based attack detection framework utilizing genetic algorithm. The proposed hybrid model for data breach detection benefits organizations by increasing security measures and allowing attacks to be identified in less time and more efficiently

    TOWARDS ENHANCING SECURITY IN CLOUD STORAGE ENVIRONMENTS

    Get PDF
    Although widely adopted, one of the biggest concerns with cloud computing is how to preserve the security and privacy of client data being processed and/or stored in a cloud computing environment. When it comes to cloud data protection, the methods employed can be very similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. Current research in cloud data protection primarily falls into three main categories: 1) Authentication & Access Control, 2) Encryption, and 3) Intrusion Detection. This thesis examines the various mechanisms that currently exist to protect data being stored in a public cloud computing environment. It also looks at the methods employed to detect intrusions targeting cloud data when and if data protection mechanisms fail. In response to these findings, we present three primary contributions that focus on enhancing the overall security of user data residing in a hosted environment such as the cloud. We first provide an analysis of Cloud Storage vendors that shows how data can be exposed when shared - even in the most `secure' environments. Secondly, we o er Pretty Good Privacy (PGP) as a method of securing data within this environment while enhancing PGP'sWeb of Trust validation mechanism using Bitcoin. Lastly, we provide a framework for protecting data exfiltration attempts in Software-as-a-Service (SaaS) Cloud Storage environments using Cyber Deception

    Applied Metaheuristic Computing

    Get PDF
    For decades, Applied Metaheuristic Computing (AMC) has been a prevailing optimization technique for tackling perplexing engineering and business problems, such as scheduling, routing, ordering, bin packing, assignment, facility layout planning, among others. This is partly because the classic exact methods are constrained with prior assumptions, and partly due to the heuristics being problem-dependent and lacking generalization. AMC, on the contrary, guides the course of low-level heuristics to search beyond the local optimality, which impairs the capability of traditional computation methods. This topic series has collected quality papers proposing cutting-edge methodology and innovative applications which drive the advances of AMC
    corecore