Akira Kanaoka, M. Katoh, Nobukatsu Toudou, E. Okamoto
Designing a networked system (NS), which consists of various network equipments and uses LAN technology, has become increasingly important. However, there have been few studies on NS design. Our previous study suggests that a well managed NS from an access control viewpoint has a fixed degree distribution, regardless of connection restriction. In this paper, we find an approximation function of its distribution using Genetic Algorithm. Found parameters show a well approximation result in all type of networked system. Furthermore, we propose a new measurement method for a well managed NS in access control using found parameters.
{"title":"Extraction of Parameters from Well Managed Networked System in Access Control","authors":"Akira Kanaoka, M. Katoh, Nobukatsu Toudou, E. Okamoto","doi":"10.1109/ICIMP.2009.17","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.17","url":null,"abstract":"Designing a networked system (NS), which consists of various network equipments and uses LAN technology, has become increasingly important. However, there have been few studies on NS design. Our previous study suggests that a well managed NS from an access control viewpoint has a fixed degree distribution, regardless of connection restriction. In this paper, we find an approximation function of its distribution using Genetic Algorithm. Found parameters show a well approximation result in all type of networked system. Furthermore, we propose a new measurement method for a well managed NS in access control using found parameters.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116101829","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jianguo Ding, Jian Jin, P. Bouvry, Yongtao Hu, Haibing Guan
With the rising popularity of the Internet, the resulting increase in the number of available vulnerable machines, and the elevated sophistication of the malicious code itself, the detection and prevention of unknown malicious codes meet great challenges. Traditional anti-virus scanner employs static features to detect malicious executable codes and is hard to detect the unknown malicious codes effectively. We propose behavior-based dynamic heuristic analysis approach for proactive detection of unknown malicious codes. The behavior of malicious codes is identified by system calling through virtual emulation and the changes in system resources. A statistical detection model and mixture of expert (MoE) model are designed to analyze the behavior of malicious codes. The experiment results demonstrate the behavior-based proactive detection is efficient in detecting unknown malicious executable codes.
{"title":"Behavior-Based Proactive Detection of Unknown Malicious Codes","authors":"Jianguo Ding, Jian Jin, P. Bouvry, Yongtao Hu, Haibing Guan","doi":"10.1109/ICIMP.2009.20","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.20","url":null,"abstract":"With the rising popularity of the Internet, the resulting increase in the number of available vulnerable machines, and the elevated sophistication of the malicious code itself, the detection and prevention of unknown malicious codes meet great challenges. Traditional anti-virus scanner employs static features to detect malicious executable codes and is hard to detect the unknown malicious codes effectively. We propose behavior-based dynamic heuristic analysis approach for proactive detection of unknown malicious codes. The behavior of malicious codes is identified by system calling through virtual emulation and the changes in system resources. A statistical detection model and mixture of expert (MoE) model are designed to analyze the behavior of malicious codes. The experiment results demonstrate the behavior-based proactive detection is efficient in detecting unknown malicious executable codes.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121721272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
DRM(Digital Rights Management) and CAS (Conditional Access System) techniques have been used to cut off the illegal use of contents. These techniques, however, brought about much inconvenience as restricting the move or play of the contents of even legal users. In this paper, we propose a new technique for sharing DRM contents based on domain according to the increment of the demand about the pliant use and share of the contents in digital home. The proposed scheme can prevent contents being flowed out and cut off the illegal use as describing domain license in the extent of DRM license.
{"title":"Domain Based Content Sharing in Digital Home","authors":"Jungsoo Lee, Junghyun Kim, Jihyun Park, K. Yoon","doi":"10.1109/ICIMP.2009.18","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.18","url":null,"abstract":"DRM(Digital Rights Management) and CAS (Conditional Access System) techniques have been used to cut off the illegal use of contents. These techniques, however, brought about much inconvenience as restricting the move or play of the contents of even legal users. In this paper, we propose a new technique for sharing DRM contents based on domain according to the increment of the demand about the pliant use and share of the contents in digital home. The proposed scheme can prevent contents being flowed out and cut off the illegal use as describing domain license in the extent of DRM license.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"12 1-3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131491775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this work we analyze propagation of files in the BitTorrent network. The paper covers security problems in peer-to-peer networks and establishes a malware propagation model. We give overview of existing models and their weaknesses and introduce a propagation or epidemiological model based on model based on real data and real user behavior in the peer-to-peer network BitTorrent. We describe our empirical epidemiological model in detail and propose some advanced strategies which can help in fight against malware. Further we present our empiric, as its application.
{"title":"Security in Peer-to-Peer Networks: Empiric Model of File Diffusion in BitTorrent","authors":"J. Schäfer, K. Malinka","doi":"10.1109/ICIMP.2009.14","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.14","url":null,"abstract":"In this work we analyze propagation of files in the BitTorrent network. The paper covers security problems in peer-to-peer networks and establishes a malware propagation model. We give overview of existing models and their weaknesses and introduce a propagation or epidemiological model based on model based on real data and real user behavior in the peer-to-peer network BitTorrent. We describe our empirical epidemiological model in detail and propose some advanced strategies which can help in fight against malware. Further we present our empiric, as its application.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121551023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Biometric authentication methods are one of three approaches currently used. They offer a lot of benefits as well as they have few disadvantages. One of these disadvantages is low level of flexibility. It’s not possible to change your biometric characteristic or even to increase number of your characteristics. This could be problem if we consider many systems with different level of security. Corruption of system with low level of security could help attacker to gain access to system with higher level of security. Solution of this problem could lie in use of behavioral biometric. The article introduces challenge-response approach in this area. We discuss possibilities of challenge-response biometric authentication and show new behavioral biometric suitable for this approach – visual evoked potentials. We give description of physiological features of this characteristic, discuss this properties and usability. We try to answer the question if it’s suitable only for liveness testing or it’s possible to use it for full authentication. Further we present design of prototype challenge-response biometric authentication system which takes advantage of visual evoked potentials.
{"title":"Usability of Visual Evoked Potentials as Behavioral Characteristics for Biometric Authentication","authors":"K. Malinka","doi":"10.1109/ICIMP.2009.22","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.22","url":null,"abstract":"Biometric authentication methods are one of three approaches currently used. They offer a lot of benefits as well as they have few disadvantages. One of these disadvantages is low level of flexibility. It’s not possible to change your biometric characteristic or even to increase number of your characteristics. This could be problem if we consider many systems with different level of security. Corruption of system with low level of security could help attacker to gain access to system with higher level of security. Solution of this problem could lie in use of behavioral biometric. The article introduces challenge-response approach in this area. We discuss possibilities of challenge-response biometric authentication and show new behavioral biometric suitable for this approach – visual evoked potentials. We give description of physiological features of this characteristic, discuss this properties and usability. We try to answer the question if it’s suitable only for liveness testing or it’s possible to use it for full authentication. Further we present design of prototype challenge-response biometric authentication system which takes advantage of visual evoked potentials.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114644148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Salvador, A. Nogueira, Ulisses França, R. Valadas
One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by "licit" and "illicit" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.
{"title":"Framework for Zombie Detection Using Neural Networks","authors":"P. Salvador, A. Nogueira, Ulisses França, R. Valadas","doi":"10.1109/ICIMP.2009.10","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.10","url":null,"abstract":"One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by \"licit\" and \"illicit\" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128020887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper is intended to give an overview about the aspects of information security that are of importance in real life and should be taken into consideration during a regular IT project. Not only in the financial sector it is very popular these days to outsource certain parts of IT like application development and IT operation. From the perspective of a threat analysis team the authors experienced that it comes mostly back to the identical challenges i.e. the neglect of really fundamental issues. The following chapters do not claim to cover that topic completely neither from an academic nor a practical point of view. It is a selection of aspects that should help the reader to compile a shortlist for safeguarding information security and establishing the intended level.
{"title":"IT Security in Banking - Processes, Practical Experiences and Lessons Learned","authors":"Igor Podebrad, Martin Drotleff","doi":"10.1109/ICIMP.2009.21","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.21","url":null,"abstract":"This paper is intended to give an overview about the aspects of information security that are of importance in real life and should be taken into consideration during a regular IT project. Not only in the financial sector it is very popular these days to outsource certain parts of IT like application development and IT operation. From the perspective of a threat analysis team the authors experienced that it comes mostly back to the identical challenges i.e. the neglect of really fundamental issues. The following chapters do not claim to cover that topic completely neither from an academic nor a practical point of view. It is a selection of aspects that should help the reader to compile a shortlist for safeguarding information security and establishing the intended level.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130769366","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A framework of three attributes for video surveillance systems is underlined: availability, accessibility and authenticity. Under this framework, a scenario in which surveillance cameras can be accessed by remote devices, such as mobile phones, PDAs, over IP is addressed. Some security drawbacks of an off-the-shelf product are depicted and a new solution is proposed which uses cryptographic authentication for the broadcasted images. The proposed application is implemented in Java and can run on any device from standard computers to mobile phones. Also, some experimental results are presented for the case when a mobile phone is used as a receiver, this case being relevant as the device is the potential receiver with the most constrained computational resources.
{"title":"Towards Developing Secure Video Surveillance Systems over IP","authors":"B. Groza, I. Silea, D. Pop, V. Patriciu","doi":"10.1109/ICIMP.2009.12","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.12","url":null,"abstract":"A framework of three attributes for video surveillance systems is underlined: availability, accessibility and authenticity. Under this framework, a scenario in which surveillance cameras can be accessed by remote devices, such as mobile phones, PDAs, over IP is addressed. Some security drawbacks of an off-the-shelf product are depicted and a new solution is proposed which uses cryptographic authentication for the broadcasted images. The proposed application is implemented in Java and can run on any device from standard computers to mobile phones. Also, some experimental results are presented for the case when a mobile phone is used as a receiver, this case being relevant as the device is the potential receiver with the most constrained computational resources.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"180 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129063327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Privacy is an issue of increasing concern to the Internet user. To ensure the continued success of distributed information systems, a reliable information flow must be established in certified but immediately evident ways. We begin with basic consideration of the privacy problem in the general setting of database enquiries. From there, we develop a simple solution, which we illustrate with a simple implementation in the programming language Erlang, and conclude by providing an informal security analysis.
{"title":"Enhancing Privacy Implementations of Database Enquiries","authors":"F. Kammüller, R. Kammüller","doi":"10.1109/ICIMP.2009.15","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.15","url":null,"abstract":"Privacy is an issue of increasing concern to the Internet user. To ensure the continued success of distributed information systems, a reliable information flow must be established in certified but immediately evident ways. We begin with basic consideration of the privacy problem in the general setting of database enquiries. From there, we develop a simple solution, which we illustrate with a simple implementation in the programming language Erlang, and conclude by providing an informal security analysis.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121668838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Havard Vegge, Finn Michael Halvorsen, Rune Walso Nergard, M. Jaatun, Jostein Jensen
Zero-day malware is malware that is based on zero-day exploits and/or malware that is otherwise so new that it is not detected by any anti-virus or anti-malware scanners. This paper presents an empirical study that exposed updated Micsosoft Windows XP PCs with updated anti-virus software to a number of unsavoury Internet software repositories. A total of 124 zero-day malware instances were detected in our experiment. Our conclusion is that if a user is sufficiently adventurous (or foolish), no anti-virus protection can prevent a zero-day malware infection.
{"title":"Where Only Fools Dare to Tread: An Empirical Study on the Prevalence of Zero-Day Malware","authors":"Havard Vegge, Finn Michael Halvorsen, Rune Walso Nergard, M. Jaatun, Jostein Jensen","doi":"10.1109/ICIMP.2009.19","DOIUrl":"https://doi.org/10.1109/ICIMP.2009.19","url":null,"abstract":"Zero-day malware is malware that is based on zero-day exploits and/or malware that is otherwise so new that it is not detected by any anti-virus or anti-malware scanners. This paper presents an empirical study that exposed updated Micsosoft Windows XP PCs with updated anti-virus software to a number of unsavoury Internet software repositories. A total of 124 zero-day malware instances were detected in our experiment. Our conclusion is that if a user is sufficiently adventurous (or foolish), no anti-virus protection can prevent a zero-day malware infection.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133253082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: