983 research outputs found
Security information management with frame-based attack presentation and first-order reasoning
Internet has grown by several orders of magnitude in recent years, and this growth has escalated the importance of computer security. Intrusion Detection System (IDS) is used to protect computer networks. However, the overwhelming flow of log data generated by IDS hamper security administrators from uncovering new insights and hidden attack scenarios. Security Information Management (SIM) is a new growing area of interest for intrusion detection. The research work in this dissertation explores the semantics of attack behaviors and designs Frame-based Attack Representation and First-order logic Automatic Reasoning (FAR-FAR) using linguistics and First-order Logic (FOL) based approaches. Techniques based on linguistics can provide efficient solutions to acquire semantic information from alert contexts, while FOL can tackle a wide variety of problems in attack scenario reasoning and querying. In FAR-FAR, the modified case grammar PCTCG is used to convert raw alerts into frame-structured alert streams and the alert semantic network 2-AASN is used to generate the attack scenarios, which can then inform the security administrator. Based on the alert contexts and attack ontology, Space Vector Model (SVM) is applied to categorize the intrusion stages. Furthermore, a robust Variant Packet Sending-interval Link Padding algorithm (VPSLP) is proposed to prevent links between the IDS sensors and the FAR-FAR agents from traffic analysis attacks. Recent measurements and studies demonstrated that real network traffic exhibits statistical self-similarity over several time scales. The bursty traffic anomaly detection method, Multi-Time scaling Detection (MTD), is proposed to statistically analyze network traffic\u27s Histogram Feature Vector to detect traffic anomalies
Anticipating Information Needs Based on Check-in Activity
In this work we address the development of a smart personal assistant that is
capable of anticipating a user's information needs based on a novel type of
context: the person's activity inferred from her check-in records on a
location-based social network. Our main contribution is a method that
translates a check-in activity into an information need, which is in turn
addressed with an appropriate information card. This task is challenging
because of the large number of possible activities and related information
needs, which need to be addressed in a mobile dashboard that is limited in
size. Our approach considers each possible activity that might follow after the
last (and already finished) activity, and selects the top information cards
such that they maximize the likelihood of satisfying the user's information
needs for all possible future scenarios. The proposed models also incorporate
knowledge about the temporal dynamics of information needs. Using a combination
of historical check-in data and manual assessments collected via crowdsourcing,
we show experimentally the effectiveness of our approach.Comment: Proceedings of the 10th ACM International Conference on Web Search
and Data Mining (WSDM '17), 201
- …