3,056 research outputs found
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
A Generic Alerting Service for Digital Libraries
Users of modern digital libraries (DLs) can keep themselves up-to-date by searching and browsing their favorite collections, or more conveniently by resorting to an alerting service. The alerting service notifies its clients about new or changed documents. Proprietary and mediating alerting services fail to fluidly integrate information from differing collections. This paper analyses the conceptual requirements of this much-sought after service for digital libraries. We demonstrate that the differing concepts of digital libraries and its underlying technical design has extensive influence (a) the expectations, needs and interests of users regarding an alerting service, and (b) on the technical possibilities of the implementation of the service. Our findings will show that the range of issues surrounding alerting services for digital libraries, their design and use is greater than one may anticipate. We also show that, conversely, the requirements for an alerting service have considerable impact on the concepts of DL design. Our findings should be of interest for librarians as well as system designers. We highlight and discuss the far-reaching implications for the design of, and interaction with, libraries. This paper discusses the lessons learned from building such a distributed alerting service. We present our prototype implementation as a proof-of-concept for an alerting service for open DL software
Characterizing and Managing Intrusion Detection System (IDS) Alerts with Multi-Server/Multi-Priority Queuing Theory
The DoD sets forth an objective to employ an active cyber defense capability to prevent intrusions onto DoD networks and systems. Intrusion Detection Systems (IDS) are a critical part of network defense architectures, but their alerts can be difficult to manage. This research applies Queuing Theory to the management of IDS alerts, seeking to answer how analysts and priority schemes effect alert processing performance. To characterize the effect of these two variables on queue wait times, a MATLAB simulation was developed to allow parametric analysis under two scenarios. The first varies the number of analysts and the second varies the number of alert priority levels. Results indicate that two analysts bring about drastic improvements (a 41% decrease) in queue wait times (from 116.1 to 49.8 minutes) compared to a single analyst, due to the reduced potential for bottlenecks, with diminishing returns thereafter. In the second scenario, it was found that three priority levels are sufficient to realize the benefits of prioritization, and that a five level priority scheme did not result in shorter wait queue times for Priority 1 alerts. Queuing models offer an effective approach to make IDS resource decisions in keeping with DoD goals for Active Cyber Defense
Science Hackathons for Cyberphysical System Security Research: Putting CPS testbed platforms to good use
A challenge is to develop cyber-physical system scenarios that reflect the
diversity and complexity of real-life cyber-physical systems in the research
questions that they address. Time-bounded collaborative events, such as
hackathons, jams and sprints, are increasingly used as a means of bringing
groups of individuals together, in order to explore challenges and develop
solutions. This paper describes our experiences, using a science hackathon to
bring individual researchers together, in order to develop a common use-case
implemented on a shared CPS testbed platform that embodies the diversity in
their own security research questions. A qualitative study of the event was
conducted, in order to evaluate the success of the process, with a view to
improving future similar events
Improving Intrusion Prevention, Detection and Response
Merged with duplicate record 10026.1/479 on 10.04.2017 by CS (TIS)In the face of a wide range of attacks. Intrusion Detection Systems (IDS) and other Internet
security tools represent potentially valuable safeguards to identify and combat the problems
facing online systems. However, despite the fact that a variety o f commercial and open source
solutions are available across a range of operating systems and network platforms, it is notable
that the deployment of IDS is often markedly less than other well-known network security
countermeasures and other tools may often be used in an ineffective manner.
This thesis considers the challenges that users may face while using IDS, by conducting a web-based
questionnaire to assess these challenges. The challenges that are used in the questionnaire
were gathered from the well-established literature. The participants responses varies between
being with or against selecting them as challenges but all the listed challenges approved that
they are consider problems in the IDS field.
The aim of the research is to propose a novel set of Human Computer Interaction-Security
(HCI-S) usability criteria based on the findings of the web-based questionnaire. Moreover,
these criteria were inspired from previous literature in the field of HCI. The novelty of the
criteria is that they focus on the security aspects. The new criteria were promising when they
were applied to Norton 360, a well known Internet security suite. Testing the alerts issued by
security software was the initial step before testing other security software. Hence, a set of security software were selected and some alerts were triggered as a result of performing a
penetration test conducted within a test-bed environment using the network scanner Nmap. The
findings reveal that four of the HCI-S usability criteria were not fully addressed by all of these
security software.
Another aim of this thesis is to consider the development of a prototype to address the HCI-S
usability criteria that seem to be overlooked in the existing security solutions. The thesis
conducts a practical user trial and the findings are promising and attempt to find a proper
solution to solve this problem. For instance, to take advantage of previous security decisions, it
would be desirable for a system to consider the user's previous decisions on similar alerts, and
modify alerts accordingly to account for the user's previous behaviour. Moreover, in order to
give users a level of fiexibility, it is important to enable them to make informed decisions, and
to be able to recover from them if needed. It is important to address the proposed criteria that
enable users to confirm / recover the impact of their decision, maintain an awareness of system
status all the time, and to offer responses that match users' expectations.
The outcome of the current study is a set of a proposed 16 HCI-S usability criteria that can be
used to design and to assess security alerts issued by any Internet security suite. These criteria
are not equally important and they vary between high, medium and low.The embassy of the arab republic of Egypt (cultural centre & educational bureau) in Londo
Multiple Case Comparison of the In-Transit Visibility Business Process
Over the past decade, the Department of Defense has developed an In-transit Visibility capability. Despite significant funding and research in developing this capability, the initial deployment in support of Operation ENDURING FREEDOM (OEF) in 2001 highlighted an ongoing problem to achieve ITV within the U.S. Air Force. Initial results from Headquarters USAF initiated studies point to a need to focus on business processes related ITV management. This research employed a multiple case study design embedded in a functional benchmarking process to solicit ITV management best practices from leaders in the civilian logistics industry and to identify gaps between their practices and those of the Air Force. The data collection method used electronic mail as a portal to conducting subject matter expert interviews. Using the data collected from the benchmarking partners, the research recognized 19 best practices and compared the civilian and military environments in 41 areas. This evaluation highlighted gaps between practices used in the civilian industry and those used by the Air Force. These gaps served as areas of opportunity in which the Air Force can evaluate alternative management practices in an effort to improve the ITV process. Using these gaps as a foundation, the research proposed fourteen recommendations for action
A Holistic Approach to Service Survivability
We present SABER (Survivability Architecture: Block, Evade, React), a proposed survivability architecture that blocks, evades and reacts to a variety of attacks by using several security and survivability mechanisms in an automated and coordinated fashion. Contrary to the ad hoc manner in which contemporary survivable systems are built--using isolated, independent security mechanisms such as firewalls, intrusion detection systems and software sandboxes--SABER integrates several different technologies in an attempt to provide a unified framework for responding to the wide range of attacks malicious insiders and outsiders can launch. This coordinated multi-layer approach will be capable of defending against attacks targeted at various levels of the network stack, such as congestion-based DoS attacks, software-based DoS or code-injection attacks, and others. Our fundamental insight is that while multiple lines of defense are useful, most conventional, uncoordinated approaches fail to exploit the full range of available responses to incidents. By coordinating the response, the ability to survive even in the face of successful security breaches increases substantially. We discuss the key components of SABER, how they will be integrated together, and how we can leverage on the promising results of the individual components to improve survivability in a variety of coordinated attack scenarios. SABER is currently in the prototyping stages, with several interesting open research topics
A closer look at Intrusion Detection System for web applications
Intrusion Detection System (IDS) is one of the security measures being used
as an additional defence mechanism to prevent the security breaches on web. It
has been well known methodology for detecting network-based attacks but still
immature in the domain of securing web application. The objective of the paper
is to thoroughly understand the design methodology of the detection system in
respect to web applications. In this paper, we discuss several specific aspects
of a web application in detail that makes challenging for a developer to build
an efficient web IDS. The paper also provides a comprehensive overview of the
existing detection systems exclusively designed to observe web traffic.
Furthermore, we identify various dimensions for comparing the IDS from
different perspectives based on their design and functionalities. We also
provide a conceptual framework of an IDS with prevention mechanism to offer a
systematic guidance for the implementation of the system specific to the web
applications. We compare its features with five existing detection systems,
namely AppSensor, PHPIDS, ModSecurity, Shadow Daemon and AQTRONIX WebKnight.
The paper will highly facilitate the interest groups with the cutting edge
information to understand the stronger and weaker sections of the web IDS and
provide a firm foundation for developing an intelligent and efficient system
- …