5 research outputs found
Multi-step scenario matching based on unification
This paper presents an approach to multi-step scenario specification and matching, which aims to address some of the issues and problems inherent in to scenario specification and event correlation found in most previous work. Our approach builds upon the unification algorithm which we have adapted to provide a seamless, integrated mechanism and framework to handle event matching, filtering, and correlation. Scenario specifications using our framework need to contain only a definition of the misuse activity to be matched. This characteristic differentiates our work from most of the previous work which generally requires scenario specifications also to include additional information regarding how to detect the misuse activity. In this paper we present a prototype implementation which demonstrates the effectiveness of the unification-based approach and our scenario specification framework. Also, we evaluate the practical usability of the approac
Improving Intrusion Prevention, Detection and Response
Merged with duplicate record 10026.1/479 on 10.04.2017 by CS (TIS)In the face of a wide range of attacks. Intrusion Detection Systems (IDS) and other Internet
security tools represent potentially valuable safeguards to identify and combat the problems
facing online systems. However, despite the fact that a variety o f commercial and open source
solutions are available across a range of operating systems and network platforms, it is notable
that the deployment of IDS is often markedly less than other well-known network security
countermeasures and other tools may often be used in an ineffective manner.
This thesis considers the challenges that users may face while using IDS, by conducting a web-based
questionnaire to assess these challenges. The challenges that are used in the questionnaire
were gathered from the well-established literature. The participants responses varies between
being with or against selecting them as challenges but all the listed challenges approved that
they are consider problems in the IDS field.
The aim of the research is to propose a novel set of Human Computer Interaction-Security
(HCI-S) usability criteria based on the findings of the web-based questionnaire. Moreover,
these criteria were inspired from previous literature in the field of HCI. The novelty of the
criteria is that they focus on the security aspects. The new criteria were promising when they
were applied to Norton 360, a well known Internet security suite. Testing the alerts issued by
security software was the initial step before testing other security software. Hence, a set of security software were selected and some alerts were triggered as a result of performing a
penetration test conducted within a test-bed environment using the network scanner Nmap. The
findings reveal that four of the HCI-S usability criteria were not fully addressed by all of these
security software.
Another aim of this thesis is to consider the development of a prototype to address the HCI-S
usability criteria that seem to be overlooked in the existing security solutions. The thesis
conducts a practical user trial and the findings are promising and attempt to find a proper
solution to solve this problem. For instance, to take advantage of previous security decisions, it
would be desirable for a system to consider the user's previous decisions on similar alerts, and
modify alerts accordingly to account for the user's previous behaviour. Moreover, in order to
give users a level of fiexibility, it is important to enable them to make informed decisions, and
to be able to recover from them if needed. It is important to address the proposed criteria that
enable users to confirm / recover the impact of their decision, maintain an awareness of system
status all the time, and to offer responses that match users' expectations.
The outcome of the current study is a set of a proposed 16 HCI-S usability criteria that can be
used to design and to assess security alerts issued by any Internet security suite. These criteria
are not equally important and they vary between high, medium and low.The embassy of the arab republic of Egypt (cultural centre & educational bureau) in Londo
Recommended from our members
A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment.
Recent research has indicated that although security systems are developing,
illegal intrusion to computers is on the rise. The research conducted here
illustrates that improving intrusion detection and prevention methods is
fundamental for improving the overall security of systems.
This research includes the design of a novel Intrusion Detection System (IDS)
which identifies four levels of visibility of attacks. Two major areas of security
concern were identified: speed and volume of attacks; and complexity of
multistage attacks. Hence, the Multistage Intrusion Detection and Prevention
System (MIDaPS) that is designed here is made of two fundamental elements:
a multistage attack engine that heavily depends on attack trees and a Denial of
Service Engine. MIDaPS were tested and found to improve current intrusion
detection and processing performances.
After an intensive literature review, over 25 GB of data was collected on
honeynets. This was then used to analyse the complexity of attacks in a series
of experiments. Statistical and analytic methods were used to design the novel
MIDaPS.
Key findings indicate that an attack needs to be protected at 4 different levels.
Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use
legitimate actions, MIDaPS uses a novel approach of attack trees to trace the
attacker¿s actions. MIDaPS was tested and results suggest an improvement to
current system performance by 84% whilst detecting DDOS attacks within 10
minutes
An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes