The loosely-coupled and dynamic nature of web services architectures has many benefits, but also leads to an increased vulnerability to denial of service attacks. While many papers have surveyed and described these vulnerabilities, they are often theoretical and lack experimental data to validate them, and assume an obsolete state of web services technologies. This paper describes experiments involving several denial of service vulnerabilities in well-known web services platforms, including Java Metro, Apache Axis, and Microsoft.NET. The results both confirm and deny the presence of some of the most well-known vulnerabilities in web services technologies. Specifically, major web services platforms appear to cope well with attacks that target memory exhaustion. However, attacks targeting CPU-time exhaustion are still effective, regardless of the victim’s platform.
{"title":"Validating Denial of Service Vulnerabilities in Web Services","authors":"S. Suriadi, A. Clark, D. Schmidt","doi":"10.1109/NSS.2010.41","DOIUrl":"https://doi.org/10.1109/NSS.2010.41","url":null,"abstract":"The loosely-coupled and dynamic nature of web services architectures has many benefits, but also leads to an increased vulnerability to denial of service attacks. While many papers have surveyed and described these vulnerabilities, they are often theoretical and lack experimental data to validate them, and assume an obsolete state of web services technologies. This paper describes experiments involving several denial of service vulnerabilities in well-known web services platforms, including Java Metro, Apache Axis, and Microsoft.NET. The results both confirm and deny the presence of some of the most well-known vulnerabilities in web services technologies. Specifically, major web services platforms appear to cope well with attacks that target memory exhaustion. However, attacks targeting CPU-time exhaustion are still effective, regardless of the victim’s platform.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128662084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We study the challenge of identity protection in the large public survey rating data. Even though the survey participants do not reveal any of their ratings, their survey records are potentially identifiable by using information from other public sources. None of the existing anonymisation principles (e.g., $k$-anonymity, $l$-diversity, etc.) can effectively prevent such breaches in large survey rating data sets. In this paper, we tackle the problem by defining the $ (k, epsilon)$-anonymity principle. The principle requires for each transaction $t$ in the given survey rating data $T$, at least $ (k-1)$ other transactions in $T$ must have ratings similar with $t$, where the similarity is controlled by $epsilon$. We propose a greedy approach to anonymize survey rating data and apply the method to two real-life data sets to demonstrate their efficiency and practical utility.
{"title":"Towards Identify Anonymization in Large Survey Rating Data","authors":"Xiaoxun Sun, Hua Wang","doi":"10.1109/NSS.2010.11","DOIUrl":"https://doi.org/10.1109/NSS.2010.11","url":null,"abstract":"We study the challenge of identity protection in the large public survey rating data. Even though the survey participants do not reveal any of their ratings, their survey records are potentially identifiable by using information from other public sources. None of the existing anonymisation principles (e.g., $k$-anonymity, $l$-diversity, etc.) can effectively prevent such breaches in large survey rating data sets. In this paper, we tackle the problem by defining the $ (k, epsilon)$-anonymity principle. The principle requires for each transaction $t$ in the given survey rating data $T$, at least $ (k-1)$ other transactions in $T$ must have ratings similar with $t$, where the similarity is controlled by $epsilon$. We propose a greedy approach to anonymize survey rating data and apply the method to two real-life data sets to demonstrate their efficiency and practical utility.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128346911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents new families of two and three-dimensional arrays designed for watermarking. The array construction is algebraic, based on finite fields. The arrays have good auto and cross-correlation with other family members. The family size is large enough to be used in watermarking at the point of origin, providing a unique watermark for every video and image. Such watermarks have applications in surveillance, sub-image object tracking and as fingerprints for proof of tampering, audit trail monitoring and traitor tracing.
{"title":"New Families of 2D & 3D Arrays for Sub-image Watermarking","authors":"O. Moreno, A. Tirkel, R. V. Schyndel, P. Udaya","doi":"10.1109/NSS.2010.64","DOIUrl":"https://doi.org/10.1109/NSS.2010.64","url":null,"abstract":"This paper presents new families of two and three-dimensional arrays designed for watermarking. The array construction is algebraic, based on finite fields. The arrays have good auto and cross-correlation with other family members. The family size is large enough to be used in watermarking at the point of origin, providing a unique watermark for every video and image. Such watermarks have applications in surveillance, sub-image object tracking and as fingerprints for proof of tampering, audit trail monitoring and traitor tracing.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123812535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Marks, Elias Ioup, J. Sample, M. Abdelguerfi, Fady Qaddoura
A system allowing for the efficient processing and viewing of dense METOC data sets stored in Network Common Data Format (netted) files is developed using advanced bitmap indexing. A method for netted data extraction and bitmap index creation is presented. Efficient geospatial range and pseudo-KNN queries are implemented. A two step filtering algorithm is shown to greatly enhance the speed of these geospatial queries, allowing for extremely efficient processing of the netted data.
{"title":"Spatio-temporal Knowledge Discovery in Very Large METOC Data Sets","authors":"D. Marks, Elias Ioup, J. Sample, M. Abdelguerfi, Fady Qaddoura","doi":"10.1109/NSS.2010.61","DOIUrl":"https://doi.org/10.1109/NSS.2010.61","url":null,"abstract":"A system allowing for the efficient processing and viewing of dense METOC data sets stored in Network Common Data Format (netted) files is developed using advanced bitmap indexing. A method for netted data extraction and bitmap index creation is presented. Efficient geospatial range and pseudo-KNN queries are implemented. A two step filtering algorithm is shown to greatly enhance the speed of these geospatial queries, allowing for extremely efficient processing of the netted data.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128244638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rong-Jian Chen, Yu-Cheng Peng, J. Lin, Jui-Lin Lai, S. Horng
This paper presents the novel multi-bit bitwise adaptive embedding algorithms for data hiding. These embedding algorithms can embed multi-bit (k-bit, k>=1 ) secret data into cover data only introduce minimum embedding error smaller than (2^(k-1)-1)*2^(i-k) according to the embedding location i. To achieve such a goal, the proposed embedding algorithm adaptively evaluates the most similar value to replace the original one and which can be divided into three steps: (1) embed logo data into cover data, (2) adaptively adjust the least-significant bits (LSBs) of cover data, and (3) adaptively adjust the maximum-significant bits (MSBs) of cover data. The proposed embedding algorithms are not only achieving minimum error but also suitable to hardware implementation due to it is based on logic, algebraic, and bit operations. Many simulations show that the proposed embedding algorithms perform good embedding quality for watermarking and steganography applications.
{"title":"Novel Multi-bit Bitwise Adaptive Embedding Algorithms with Minimum Error for Data Hiding","authors":"Rong-Jian Chen, Yu-Cheng Peng, J. Lin, Jui-Lin Lai, S. Horng","doi":"10.1109/NSS.2010.57","DOIUrl":"https://doi.org/10.1109/NSS.2010.57","url":null,"abstract":"This paper presents the novel multi-bit bitwise adaptive embedding algorithms for data hiding. These embedding algorithms can embed multi-bit (k-bit, k>=1 ) secret data into cover data only introduce minimum embedding error smaller than (2^(k-1)-1)*2^(i-k) according to the embedding location i. To achieve such a goal, the proposed embedding algorithm adaptively evaluates the most similar value to replace the original one and which can be divided into three steps: (1) embed logo data into cover data, (2) adaptively adjust the least-significant bits (LSBs) of cover data, and (3) adaptively adjust the maximum-significant bits (MSBs) of cover data. The proposed embedding algorithms are not only achieving minimum error but also suitable to hardware implementation due to it is based on logic, algebraic, and bit operations. Many simulations show that the proposed embedding algorithms perform good embedding quality for watermarking and steganography applications.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132357663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network security design has seen significant advances in recent years. This has been demonstrated by a growing number of new encryption algorithms, more intelligent firewall and intrusion detection techniques, new developments in multifactor authentication, advances in malware protection and many more. During a similar period of time the industry has seen the need for network infrastructure which provides a greater degree of trust which has resulted in the development of forensic analysis tools which meet the requirements of law enforcement agencies. Such tools must provide for commercial intelligence and national security. This paper proposes that application of the common ground between security and forensics has great potential to provide for improvements in the effort to achieve real-time adaptive security. This implies an architecture which can detect security breaches and in real-time record and analyse traffic logs in a forensically sound manner, provide corrective feedback to security devices and attempt to trace back to the source of the attack. In addressing computer security and forensic analysis from a real-time perspective, this paper recognises that some of these processes already exist, but proposes methods whereby the ongoing damage and potential risk to critical infrastructure can be reduced. This requires the implementation of a highly integrated approach to security and forensics such that they can inter-work in real-time in order to address the significant security issues which currently face the industry.
{"title":"The Design of Real-Time Adaptive Forensically Sound Secure Critical Infrastructure","authors":"R. Hunt, J. Slay","doi":"10.1109/NSS.2010.38","DOIUrl":"https://doi.org/10.1109/NSS.2010.38","url":null,"abstract":"Network security design has seen significant advances in recent years. This has been demonstrated by a growing number of new encryption algorithms, more intelligent firewall and intrusion detection techniques, new developments in multifactor authentication, advances in malware protection and many more. During a similar period of time the industry has seen the need for network infrastructure which provides a greater degree of trust which has resulted in the development of forensic analysis tools which meet the requirements of law enforcement agencies. Such tools must provide for commercial intelligence and national security. This paper proposes that application of the common ground between security and forensics has great potential to provide for improvements in the effort to achieve real-time adaptive security. This implies an architecture which can detect security breaches and in real-time record and analyse traffic logs in a forensically sound manner, provide corrective feedback to security devices and attempt to trace back to the source of the attack. In addressing computer security and forensic analysis from a real-time perspective, this paper recognises that some of these processes already exist, but proposes methods whereby the ongoing damage and potential risk to critical infrastructure can be reduced. This requires the implementation of a highly integrated approach to security and forensics such that they can inter-work in real-time in order to address the significant security issues which currently face the industry.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134024700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As Google claims on its webpage, PageRank$^{{rm TM}}$ is the heart of software and continues to provide the basis for all of web search tools. In this algorithm, one page's PageRank value is divided evenly among all its outlinks. This paper discusses the value not-even distributed question, and puts forward an improved PageRank algorithm. By illustrating examples, we verify the effectiveness of our new algorithm and especially immunity to electronic spam.
{"title":"An Improved PageRank Algorithm: Immune to Spam","authors":"B. Pu, Tingzhu Huang, Chun Wen","doi":"10.1109/NSS.2010.12","DOIUrl":"https://doi.org/10.1109/NSS.2010.12","url":null,"abstract":"As Google claims on its webpage, PageRank$^{{rm TM}}$ is the heart of software and continues to provide the basis for all of web search tools. In this algorithm, one page's PageRank value is divided evenly among all its outlinks. This paper discusses the value not-even distributed question, and puts forward an improved PageRank algorithm. By illustrating examples, we verify the effectiveness of our new algorithm and especially immunity to electronic spam.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123482779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper proposes a trust involved management framework for supporting privacy preserving access control policies and mechanisms. The mechanism enforces access policy to data containing personally identifiable information. The key component of the framework is an access control model that provides full support for expressing highly complex privacy related policies, taking into account features like purposes and obligations. A policy refers to an access right that a subject can have on an object, based on relationship, trust, purpose and obligations. The structure of purpose involved access control policy is studied. Finally a discussion of our work in comparison with other access control and frameworks such as EPAL is discussed.
{"title":"Trust-Involved Access Control in Collaborative Open Social Networks","authors":"Hua Wang, Lili Sun","doi":"10.1109/NSS.2010.13","DOIUrl":"https://doi.org/10.1109/NSS.2010.13","url":null,"abstract":"This paper proposes a trust involved management framework for supporting privacy preserving access control policies and mechanisms. The mechanism enforces access policy to data containing personally identifiable information. The key component of the framework is an access control model that provides full support for expressing highly complex privacy related policies, taking into account features like purposes and obligations. A policy refers to an access right that a subject can have on an object, based on relationship, trust, purpose and obligations. The structure of purpose involved access control policy is studied. Finally a discussion of our work in comparison with other access control and frameworks such as EPAL is discussed.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121162878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mobile Ad hoc Network (MANET ) is a collection of independent wireless mobile nodes, which is deployable on the fly. This work addresses the critical problem of key distribution in MANET by mining the traffic in network layer to extract the meta-data patterns and utilize them as tokens in application layer. A simple, fault-tolerant, and scalable approach with no prerequisite is introduced. It explains how to set up secure sessions among nodes with low communication overhead and simple re-keying.
{"title":"An Efficient and High Scalable Key Distribution Scheme for Mobile Ad Hoc Network through Mining Traffic Meta-data Patterns","authors":"Ahmad Jabas, Wael Abdulal, Ramachandram Sirandas","doi":"10.1109/NSS.2010.83","DOIUrl":"https://doi.org/10.1109/NSS.2010.83","url":null,"abstract":"Mobile Ad hoc Network (MANET ) is a collection of independent wireless mobile nodes, which is deployable on the fly. This work addresses the critical problem of key distribution in MANET by mining the traffic in network layer to extract the meta-data patterns and utilize them as tokens in application layer. A simple, fault-tolerant, and scalable approach with no prerequisite is introduced. It explains how to set up secure sessions among nodes with low communication overhead and simple re-keying.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122578611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Halvorsen, Dag Johansen, B. Olstad, T. Kupka, Sverre Tennøe
In this paper, we present how to provide a novel and potentially disruptive multimedia service by modifying a widely deployed commercial enterprise search engine. The idea is to transparently integrate rich multimedia data with traditional textual-oriented query results. This includes that the search engine automatically discovers and extracts relevant scenes from a large knowledge repository of existing videos and produces a new, customized video of events matching the user query. To evaluate our prototype, we have performed experiments using a data set from a knowledge repository in Microsoft consisting of PowerPoint presentations with corresponding videos. Our initial results demonstrate that such integration can be implemented efficiently, and that potential users prefer to have the opportunity to enrich the search results with corresponding video.
{"title":"vESP: A Video-Enabled Enterprise Search Platform","authors":"P. Halvorsen, Dag Johansen, B. Olstad, T. Kupka, Sverre Tennøe","doi":"10.1109/NSS.2010.9","DOIUrl":"https://doi.org/10.1109/NSS.2010.9","url":null,"abstract":"In this paper, we present how to provide a novel and potentially disruptive multimedia service by modifying a widely deployed commercial enterprise search engine. The idea is to transparently integrate rich multimedia data with traditional textual-oriented query results. This includes that the search engine automatically discovers and extracts relevant scenes from a large knowledge repository of existing videos and produces a new, customized video of events matching the user query. To evaluate our prototype, we have performed experiments using a data set from a knowledge repository in Microsoft consisting of PowerPoint presentations with corresponding videos. Our initial results demonstrate that such integration can be implemented efficiently, and that potential users prefer to have the opportunity to enrich the search results with corresponding video.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124498812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: