EWMA Based Threshold Algorithm for Intrusion Detection

Intrusion detection is used to monitor and capture intrusions into computer and network systems which attempt to compromise their security. Many intrusions manifest in dramatic changes in the intensity of events occuring in computer networks. Because of the ability of exponentially weighted moving average control charts to monitor the rate of occurrences of events based on their intensity, this technique is appropriate for implementation in threshold based algorithms

Opšti aspekti digitalne anti-forenzike

Digital forensics is essential for the successful opposition of computer crime. It is associated with many challenges, including rapid changes in computer and digital devices, and more sophisticated attacks on computer systems and networks and the rapid increase in abuse of ICT systems. Though many of existing defensive techniques can reliably detect traditional forgeries, recent research has shown that they can be bypassed by anti-forensic operations designed to hide evidence of such activity. In response, new forensic techniques have been developed to detect the use of anti-forensics. In light of this, there is a need to develop a theoretical understanding of the interactions between anti-forensic act and a forensic investigator.Digitalna forenzika je suštinska oblast za uspešno suprotstavljanje kompjuterskom kriminalu. Ona je povezana sa mnogo izazova, uključujući i brze promene u kompjuterskim i digitalnim uređajima, kao i sve sofistici- ranije napade na računarske sisteme i mreže i brz porast zloupotreba informaciono-komunikacionih sistema. Iako postojeće odbrambene tehnike mogu pouzdano detektovati mnoge uobičajene oblike ugrožavanja, nedavna istraživanja su pokazala da one mogu da se izbegnu korišćenjem anti-forenzičkih aktivnosti, planiranih tako da sakriju dokaze o zlonamernim aktivnostima. Zato su kao odgovor na to, razvijene nove forenzičke tehnike u cilju detekcije upotrebe anti-forenzičkih sredstava. U svetlu ovoga, postoji izražena potreba za teorijskim razumevanjem interakcije između anti-forenzičkog akta i forenzičkog ispitivanja

EWMA STATISTICS AND FUZZY LOGIC IN FUNCTION OF NETWORK ANOMALY DETECTION

Anomaly detection is used to monitor and capture traffic anomalies in network systems. Many anomalies manifest in changes in the intensity of network events. Because of the ability of EWMA control chart to monitor the rate of occurrences of events based on their intensity, this statistic is appropriate for implementation in control limits based algorithms. The performance of standard EWMA algorithm can be made more effective combining the logic of adaptive threshold algorithm and adequate application of fuzzy theory. This paper analyzes the theoretical possibility of applying EWMA statistics and fuzzy logic to detect network anomalies. Different aspects of fuzzy rules are discussed as well as different membership functions, trying to find the most adequate choice. It is shown that the introduction of fuzzy logic in standard EWMA algorithm for anomaly detection opens the possibility of previous warning from a network attack. Besides, fuzzy logic enables precise determination of degree of the risk

Opšti aspekti kvantne kriptografije

Quantum cryptography is a relatively new area of computer security that deals with providing secure communication between the sender and recipient of information, using quantum-mechanical approach. It represents the vision of overcoming the classical methods of cryptography: asymmetric and symmetric algorithms, which have been used for several decades. It involves the establishment of a quantum channel between the participants, in which the transmission of information is realized using photons. The base of the quantum cryptography is formed by appropriate protocols that define the algorithm and method of exchanging and interpreting information. This type of security mechanisms has its undeniable theoretical advantages, but there are a number of problems related to the practical realization. The paper presents an overview of the general quantum principles and their characteristics underlying this form of cryptography and highlights the current advantages and disadvantages of quantum distribution security key.Kvantna kriptografija je relativno novija oblast računarske sigurnosti koja se bavi obezbeđenjem sigurne komunikacije između pošiljaoca i primaoca informacije, koristeći kvantno-mehanički pristup. Ona predstavlja vid prevazilaženja metoda klasične kriptografije: asimetričnih i simetričnih algoritama, koji se koriste već više desetina godina. Podrazumeva uspostavljanje kvantnog kanala između učesnika, u kome se za prenos informacija koriste fotoni. Bazu kvantne kriptografije čine odgovarajući protokoli, koji definišu algoritam i način razmene i tumačenja informacija. Ovaj vid sigurnosnih mehanizama ima svoje nesumnjive teoretske prednosti, ali ima i čitav niz problema u vezi sa praktičnom realizacijom. Rad predstavlja pregled opštih kvantnih principa i njihovih karakteristika na kojima počiva ova forma kriptografije i u kome se ukazuje na trenutne prednosti i nedostatke kvantne distribucije sigurnosnog ključa

Sistem za detekciju upada u mrežnu infrastrukturu

Intrusion detection (ID) is an area of computer security that involves the detection of unwanted manipulations to computers and computer networks. ID is used to monitor and capture intrusions into computer and network systems which attempt to compromise their security. Many intrusions (attacks) manifest in dramatic changes in the intensity of network events. An ID system is required to detect all types of malicious network traffic and computer usage that cannot be identified by a conventional firewall. This security method is needed in today’s computing environment because it is impossible to keep pace with the current and potential threats and vulnerabilities in information systems. This paper gives a general overview of intrusion detection systems.Detekcija upada je oblast računarske sigurnosti koja se bavi detekcijom neželjenih manipulacija računarima i računarskim mrežama. Ona se koristi za praćenje i hvatanje upada u pojedinačne računare i računarske sisteme koji imaju za cilj da kompromituju njihovu sigurnost. Mnogi upadi (napadi) se manifestuju dramatičnim promenama u intenzitetu mrežnih pojava. Od sistema za detekciju upada se traži da detektuje sve tipove zlonamernog mrežnog saobraćaja i upotrebe računara koji ne mogu biti identifikovani uobičajenim načinima. Ovaj sigurnosni metod je neophodan u današnjem računarskom okruženju, jer je bez njega vrlo teško održati ravnotežu između trenutnih i potencijalnih pretnji i ranjivosti informacionih sistema. Rad predstavlja opšti pregled sistema za detekciju upada

Opšti aspekti kvantne kriptografije

Quantum cryptography is a relatively new area of computer security that deals with providing secure communication between the sender and recipient of information, using quantum-mechanical approach. It represents the vision of overcoming the classical methods of cryptography: asymmetric and symmetric algorithms, which have been used for several decades. It involves the establishment of a quantum channel between the participants, in which the transmission of information is realized using photons. The base of the quantum cryptography is formed by appropriate protocols that define the algorithm and method of exchanging and interpreting information. This type of security mechanisms has its undeniable theoretical advantages, but there are a number of problems related to the practical realization. The paper presents an overview of the general quantum principles and their characteristics underlying this form of cryptography and highlights the current advantages and disadvantages of quantum distribution security key.Kvantna kriptografija je relativno novija oblast računarske sigurnosti koja se bavi obezbeđenjem sigurne komunikacije između pošiljaoca i primaoca informacije, koristeći kvantno-mehanički pristup. Ona predstavlja vid prevazilaženja metoda klasične kriptografije: asimetričnih i simetričnih algoritama, koji se koriste već više desetina godina. Podrazumeva uspostavljanje kvantnog kanala između učesnika, u kome se za prenos informacija koriste fotoni. Bazu kvantne kriptografije čine odgovarajući protokoli, koji definišu algoritam i način razmene i tumačenja informacija. Ovaj vid sigurnosnih mehanizama ima svoje nesumnjive teoretske prednosti, ali ima i čitav niz problema u vezi sa praktičnom realizacijom. Rad predstavlja pregled opštih kvantnih principa i njihovih karakteristika na kojima počiva ova forma kriptografije i u kome se ukazuje na trenutne prednosti i nedostatke kvantne distribucije sigurnosnog ključa

Opšti aspekti aplikativne it bezbednosti

To achieve a satisfactory level of security of an information system, different system and application methods are applied. The paper has a focus on general aspects of application IT security, thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report, out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools, which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications, Android operating system is especially featured, as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate, vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security, some of the newer solutions are shown, such as RASP approach. The paper particularly emphasizes the importance of security testing of applications, with accent on testing phase. Finally, in addition to the previously explained application of security methods, an overview of security methods of a general character is given.Za postizanje zadovoljavajućeg nivoa bezbednosti jednog informacionog sistema primenjuju se sistemske i aplikativne mere. Rad je fokusiran na opšte aspekte aplikativne IT bezbednosti, uz pregled bezbednosnih metoda primenjenih na veb i mobilne aplikacije. U skladu sa izveštajem OWASP, od veb-ranjivosti izdvojeni su, kao najčešći, napadi tipa SQL Injection i Cross-site Scripting. U radu je istaknuta i uloga alata za analizu koda, koji doprinose detekciji bezbednosnih propusta analizirane aplikacije. U kontekstu mobilnih aplikacija, posebno je izdvojen operativni sistem Android, kao jedan od najčešće korišćenih. Elaborirani su neophodni alati i okruženja za ispitivanje bezbednosti Android aplikacija, istaknute su ranjivosti i dat je veći broj bezbednosnih preporuka. U domenu aplikativne bezbednosti prikazana su i neka od novijih rešenja, kao što je pristup RASP. U radu je posebno istaknut značaj testiranja bezbednosti aplikacija, s akcentom na faze testiranja. Na kraju je, pored prethodno objašnjenih aplikativnih bezbednosnih metoda, dat i pregled metoda zaštite opšteg karaktera

Heuristic scanning and sandbox approach in malware detection

A heuristic approach in malware detection is similar to the method of detecting anomalies applied to the intrusion detection system (IDS). It speeds up the process of finding sufficiently good solution in situations where the implementation of detailed research is not practical or is very time-consuming - for example, using various general rules, informed speculation, intuition and common sense. Instead of looking for matches (like in static signature-based detection), heuristic intrusion detection looks for behavior that is out of ordinary, with regards to a baseline of the normal network traffic and activity. Heuristic scanning uses rules and/or algorithms to look for commands which may indicate malicious intent without needing a signature. Analysis of static signatures will fail to catch new types of attacks but have usually less false positives. Heuristics might catch more new malware but this usually comes with higher false positive rate. Because of that, most modern and efficient IDS software uses both signature and heuristic-based methods in combination, with the goal of increasing the chance to detect and remove malware. In parallel with the heuristic and signature-based method, sandboxing approach is also used in detection of network anomalies. This is a software management technique that isolates examined applications from critical system resources and other programs. Without sandboxing, an application may have unrestricted access to all system resources and user data on a computer. Similar to heuristics, this method also has its benefits and limitations. The general conclusion is that the best network security can be achieved utilizing more methods simultaneously - by multi-scanning (scanning with multiple anti-malware engines)

Overview of Some Security Aspectsof Smart Phones

Smart phones or mobile phones with advanced capabilities are used by more people. Their popularity and relatively weaker security level have made them attractive targets for attackers. Mobile phone security in the beginning has not kept pace with traditional computer security. Security methods, such as firewalls, antivirus software and encryption, were insufficiently represented on mobile phones, and mobile operating systems were not updated as frequently as those on personal computers. However, mobile security nowadays is a rapidly growing field in the security area. With the increase in the number of mobile devices and their applications, the need for mobile security has increased extremely over the past several years. This paper gives an overview of some of the security aspects that must be considered when choosing a particular model of a smart phone with a satisfactory level of security: biometrics, encryption, hardware-assisted security, sandboxed user data, VPN possibility etc. A special accent in the paper is placed on newer types of processors as one of the most important components of the mobile device and their security possibilities. A comparative analysis of the key technical characteristics of the most commonly used newer processors is also given. In addition, the paper also focuses on the use of mobile security software and Android browsers, pointing out its numerous useful features

Challenges of contemporary predictive policing

Big data algorithms developed for predictive policing are increasingly present in the everyday work of law enforcement. There are various applications of such technologies to pre-dict crimes, potential crime scenes, profiles of perpetrators, and more. In this way, police officers are provided with appropriate assistance in their work, increasing their efficiency or entirely replacing them in specific tasks. Although technologically advanced, police use force and arrest, so prediction algorithms can have significantly different, more drastic consequences as com-pared to those that similar technologies would produce in agriculture, industry, or health. For further development of predictive policing, it is necessary to have a clear picture of the problems it can cause. This paper discusses modern predictive policing from the perspective of challenges that negatively affect its application