674 research outputs found

    Advanced Threat Intelligence: Interpretation of Anomalous Behavior in Ubiquitous Kernel Processes

    Get PDF
    Targeted attacks on digital infrastructures are a rising threat against the confidentiality, integrity, and availability of both IT systems and sensitive data. With the emergence of advanced persistent threats (APTs), identifying and understanding such attacks has become an increasingly difficult task. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. This thesis presents a multi-stage system able to detect and classify anomalous behavior within a user session by observing and analyzing ubiquitous kernel processes. Application candidates suitable for monitoring are initially selected through an adapted sentiment mining process using a score based on the log likelihood ratio (LLR). For transparent anomaly detection within a corpus of associated events, the author utilizes star structures, a bipartite representation designed to approximate the edit distance between graphs. Templates describing nominal behavior are generated automatically and are used for the computation of both an anomaly score and a report containing all deviating events. The extracted anomalies are classified using the Random Forest (RF) and Support Vector Machine (SVM) algorithms. Ultimately, the newly labeled patterns are mapped to a dedicated APT attacker–defender model that considers objectives, actions, actors, as well as assets, thereby bridging the gap between attack indicators and detailed threat semantics. This enables both risk assessment and decision support for mitigating targeted attacks. Results show that the prototype system is capable of identifying 99.8% of all star structure anomalies as benign or malicious. In multi-class scenarios that seek to associate each anomaly with a distinct attack pattern belonging to a particular APT stage we achieve a solid accuracy of 95.7%. Furthermore, we demonstrate that 88.3% of observed attacks could be identified by analyzing and classifying a single ubiquitous Windows process for a mere 10 seconds, thereby eliminating the necessity to monitor each and every (unknown) application running on a system. With its semantic take on threat detection and classification, the proposed system offers a formal as well as technical solution to an information security challenge of great significance.The financial support by the Christian Doppler Research Association, the Austrian Federal Ministry for Digital and Economic Affairs, and the National Foundation for Research, Technology and Development is gratefully acknowledged

    AIDIS: Detecting and Classifying Anomalous Behavior in UbiquitousKernel Processes

    Get PDF
    The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Targeted attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. With the rising prominence of advanced persistent threats (APTs), identifying and under-standing such attacks has become increasingly important. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst.In this article we propose AIDIS, an Advanced Intrusion Detection and Interpretation System capable to explain anomalous behavior within a network-enabled user session by considering kernel event anomalies identified through their deviation from a set of baseline process graphs. For this purpose we adapt star-structures, a bipartite representation used to approximate the edit distance be-tween two graphs. Baseline templates are generated automatically and adapt to the nature of the respective operating system process.We prototypically implemented smart anomaly classification through a set of competency questions applied to graph template deviations and evaluated the approach using both Random Forest and linear kernel support vector machines.The determined attack classes are ultimately mapped to a dedicated APT at-tacker/defender meta model that considers actions, actors, as well as assets and mitigating controls, thereby enabling decision support and contextual interpretation of ongoing attack

    Subject-Oriented Business Process Management

    Get PDF
    Information Systems Applications (incl.Internet); Business Information Systems; Computer Appl. in Administrative Data Processing; Management of Computing and Information System

    Computer Aided Verification

    Get PDF
    This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications

    Contextual Process Digitalization

    Get PDF
    This open access book presents an overview and step-by-step explanation of process management. It starts with the individual participants’ perspectives on their work in a process and its structuring and harmonization, and then moves on to its specification in a model and how it is embedded in the organizational and IT environment of the company. Lastly, the book examines the joint processing of instances in the resulting socio-technical systems. A corresponding illustration, which expands with the overview, enables readers to gain a comprehensive understanding of business process management. The book presents various facets of business process management from the perspective of the participants, and introduces a selection of models that have proved useful in practice. The design of such models supports the transition from a more-or-less unstructured or unsatisfactory way of working to a structured process that corresponds to the ideas of the company and its customers. The book is intended for professionals in industry as well as students in the field of business information systems who are looking for guidelines on how to discover, create and implement real-world processes

    Computer Aided Verification

    Get PDF
    This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications

    Adaptivity engineering : Modeling and quality assurance for self-adaptive software systems

    Get PDF
    Moderne Softwareentwicklung nutzt Techniken der Selbstadaptation, um Wartung von Softwaresystemen zu automatisieren und diese somit flexibler und robuster zu gestalten. Allerdings fĂŒhrt die EinfĂŒhrung solcher Techniken zu grĂ¶ĂŸeren und komplizierten SoftwareentwĂŒrfen. Die Konsequenz sind Fehler im Entwurf. In der Literatur werden konstruktive Methoden wie MDE oder Patterns und analytische Methoden wie Testen oder Model Checking vorgeschlagen, um das KomplexitĂ€tsproblem zu verringern. Allerdings werden die Techniken der Selbstadaption von solchen Methoden bisher noch wenig unterstĂŒtzt, d.h. dass es wenige integrierte AnsĂ€tze fĂŒr die explizite Modellierung und QualitĂ€tssicherung von Selbstadaptation gibt. In dieser Arbeit schlagen wir einen integrierten Modellierungs- und QualitĂ€tssicherungsansatz fĂŒr den Entwurf selbstadaptiver Softwaresysteme vor. Es werden sowohl konstruktive Methoden (z.B. Sprachen) als auch analytische Methoden (z.B. Model Checking) fĂŒr die UnterstĂŒtzung der Entwicklung solcher Systeme vorgeschlagen. Beide Typen von Methoden sind in Standardtechniken und Werkzeuge integriert. Im Ergebnis wird der Entwickler in der Modellierung selbstadaptiver Softwaresysteme durch den Einsatz von adaptionsspezifischen Sprachen unterstĂŒtzt. Durch die dazu passenden QualitĂ€tssicherungsverfahren erhĂ€lt der Entwickler unmittelbare RĂŒckmeldung ĂŒber die QualitĂ€t seiner Modelle. Somit wird die Entwicklung selbstadaptiver Systeme bereits in frĂŒhen Phasen des Entwicklungsprozesses unterstĂŒtzt, Entwurfsfehler werden vermieden und somit bessere Software gebaut.Modern software engineering introduces self-adaptivity features to perform automatic maintenance and make software systems more flexible and resilient. Unfortunately, introducing the additional self-adaptivity features makes software design bloated and complicated. As a consequence, software design models are often prone to errors. The literature proposes constructive approaches such as MDE, patterns, etc. as well as analytical approaches such as testing or model checking to solve the problem of complexity in general. However, there is no sufficient adaptivity-specific support throughout the engineering process, i.e. no approaches that support the creation of self-adaptivity specification models and their quality assurance. In this thesis, we will propose an integrated modeling and quality assurance environment for designing self-adaptive software systems. Therefore, we will propose constructive methods (e.g., languages) and analytical methods (e.g., model-checking) to support the engineering of these systems. Both types of methods are integrated into standard software engineering techniques and tools. As a result, the designer is supported in modeling self-adaptive software systems using concern-specific languages and receives immediate feedback about the quality of his models. This way, software engineering for self-adaptive systems is getting supported starting at the early design phase leading to less errors produced, and thus, to better software, overall.Tag der Verteidigung: 26.09.2013Paderborn, Univ., Diss., 201

    24th International Conference on Information Modelling and Knowledge Bases

    Get PDF
    In the last three decades information modelling and knowledge bases have become essentially important subjects not only in academic communities related to information systems and computer science but also in the business area where information technology is applied. The series of European – Japanese Conference on Information Modelling and Knowledge Bases (EJC) originally started as a co-operation initiative between Japan and Finland in 1982. The practical operations were then organised by professor Ohsuga in Japan and professors Hannu Kangassalo and Hannu Jaakkola in Finland (Nordic countries). Geographical scope has expanded to cover Europe and also other countries. Workshop characteristic - discussion, enough time for presentations and limited number of participants (50) / papers (30) - is typical for the conference. Suggested topics include, but are not limited to: 1. Conceptual modelling: Modelling and specification languages; Domain-specific conceptual modelling; Concepts, concept theories and ontologies; Conceptual modelling of large and heterogeneous systems; Conceptual modelling of spatial, temporal and biological data; Methods for developing, validating and communicating conceptual models. 2. Knowledge and information modelling and discovery: Knowledge discovery, knowledge representation and knowledge management; Advanced data mining and analysis methods; Conceptions of knowledge and information; Modelling information requirements; Intelligent information systems; Information recognition and information modelling. 3. Linguistic modelling: Models of HCI; Information delivery to users; Intelligent informal querying; Linguistic foundation of information and knowledge; Fuzzy linguistic models; Philosophical and linguistic foundations of conceptual models. 4. Cross-cultural communication and social computing: Cross-cultural support systems; Integration, evolution and migration of systems; Collaborative societies; Multicultural web-based software systems; Intercultural collaboration and support systems; Social computing, behavioral modeling and prediction. 5. Environmental modelling and engineering: Environmental information systems (architecture); Spatial, temporal and observational information systems; Large-scale environmental systems; Collaborative knowledge base systems; Agent concepts and conceptualisation; Hazard prediction, prevention and steering systems. 6. Multimedia data modelling and systems: Modelling multimedia information and knowledge; Contentbased multimedia data management; Content-based multimedia retrieval; Privacy and context enhancing technologies; Semantics and pragmatics of multimedia data; Metadata for multimedia information systems. Overall we received 56 submissions. After careful evaluation, 16 papers have been selected as long paper, 17 papers as short papers, 5 papers as position papers, and 3 papers for presentation of perspective challenges. We thank all colleagues for their support of this issue of the EJC conference, especially the program committee, the organising committee, and the programme coordination team. The long and the short papers presented in the conference are revised after the conference and published in the Series of “Frontiers in Artificial Intelligence” by IOS Press (Amsterdam). The books “Information Modelling and Knowledge Bases” are edited by the Editing Committee of the conference. We believe that the conference will be productive and fruitful in the advance of research and application of information modelling and knowledge bases. Bernhard Thalheim Hannu Jaakkola Yasushi Kiyok

    Contextual Process Digitalization

    Get PDF
    This open access book presents an overview and step-by-step explanation of process management. It starts with the individual participants’ perspectives on their work in a process and its structuring and harmonization, and then moves on to its specification in a model and how it is embedded in the organizational and IT environment of the company. Lastly, the book examines the joint processing of instances in the resulting socio-technical systems. A corresponding illustration, which expands with the overview, enables readers to gain a comprehensive understanding of business process management. The book presents various facets of business process management from the perspective of the participants, and introduces a selection of models that have proved useful in practice. The design of such models supports the transition from a more-or-less unstructured or unsatisfactory way of working to a structured process that corresponds to the ideas of the company and its customers. The book is intended for professionals in industry as well as students in the field of business information systems who are looking for guidelines on how to discover, create and implement real-world processes
    • 

    corecore