Sumit More, Mary Matthews, A. Joshi, Timothy W. Finin
Current state of the art intrusion detection and prevention systems (IDPS) are signature-based systems that detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These systems are incapable of taking advantage of heterogeneous data sources for analysis of system activities for threat detection. This work presents a situation-aware intrusion detection model that integrates these heterogeneous data sources and build a semantically rich knowledge-base to detect cyber threats/vulnerabilities.
{"title":"A Knowledge-Based Approach to Intrusion Detection Modeling","authors":"Sumit More, Mary Matthews, A. Joshi, Timothy W. Finin","doi":"10.1109/SPW.2012.26","DOIUrl":"https://doi.org/10.1109/SPW.2012.26","url":null,"abstract":"Current state of the art intrusion detection and prevention systems (IDPS) are signature-based systems that detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These systems are incapable of taking advantage of heterogeneous data sources for analysis of system activities for threat detection. This work presents a situation-aware intrusion detection model that integrates these heterogeneous data sources and build a semantically rich knowledge-base to detect cyber threats/vulnerabilities.","PeriodicalId":201519,"journal":{"name":"2012 IEEE Symposium on Security and Privacy Workshops","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127318939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hao Zhang, William Banick, D. Yao, Naren Ramakrishnan
This paper describes an approach to enforce dependencies between network traffic and user activities for anomaly detection. We present a framework and algorithms that analyze user actions and network events on a host according to their dependencies. Discovering these relations is useful in identifying anomalous events on a host that are caused by software flaws or malicious code. To demonstrate the feasibility of user intention-based traffic dependence analysis, we implement a prototype called CR-Miner and perform extensive experimental evaluation of the accuracy, security, and efficiency of our algorithm. The results show that our algorithm can identify user intention-based traffic dependence with high accuracy (average 99:6% for 20 users) and low false alarms. Our prototype can successfully detect several pieces of HTTP-based real-world spy ware. Our dependence analysis is fast with a minimal storage requirement. We give a thorough analysis on the security and robustness of the user intention-based traffic dependence approach.
{"title":"User Intention-Based Traffic Dependence Analysis for Anomaly Detection","authors":"Hao Zhang, William Banick, D. Yao, Naren Ramakrishnan","doi":"10.1109/SPW.2012.15","DOIUrl":"https://doi.org/10.1109/SPW.2012.15","url":null,"abstract":"This paper describes an approach to enforce dependencies between network traffic and user activities for anomaly detection. We present a framework and algorithms that analyze user actions and network events on a host according to their dependencies. Discovering these relations is useful in identifying anomalous events on a host that are caused by software flaws or malicious code. To demonstrate the feasibility of user intention-based traffic dependence analysis, we implement a prototype called CR-Miner and perform extensive experimental evaluation of the accuracy, security, and efficiency of our algorithm. The results show that our algorithm can identify user intention-based traffic dependence with high accuracy (average 99:6% for 20 users) and low false alarms. Our prototype can successfully detect several pieces of HTTP-based real-world spy ware. Our dependence analysis is fast with a minimal storage requirement. We give a thorough analysis on the security and robustness of the user intention-based traffic dependence approach.","PeriodicalId":201519,"journal":{"name":"2012 IEEE Symposium on Security and Privacy Workshops","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125598435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Ghosh, A. Joshi, Timothy W. Finin, Pramod Jagtap
We present our ongoing work on user data and contextual privacy preservation in mobile devices through semantic reasoning. Recent advances in context modeling, tracking and collaborative localization have led to the emergence of a new class of smart phone applications that can access and share embedded sensor data. Unfortunately, this also means significant amount of user context information is now accessible to applications and potentially others, creating serious privacy and security concerns. Mobile OS frameworks like Android lack mechanisms for dynamic privacy control. We show how data flow among applications can be successfully filtered at a much more granular level using semantic web driven technologies that model device location, surroundings, application roles as well as context-dependent information sharing policies.
{"title":"Privacy Control in Smart Phones Using Semantically Rich Reasoning and Context Modeling","authors":"D. Ghosh, A. Joshi, Timothy W. Finin, Pramod Jagtap","doi":"10.1109/SPW.2012.27","DOIUrl":"https://doi.org/10.1109/SPW.2012.27","url":null,"abstract":"We present our ongoing work on user data and contextual privacy preservation in mobile devices through semantic reasoning. Recent advances in context modeling, tracking and collaborative localization have led to the emergence of a new class of smart phone applications that can access and share embedded sensor data. Unfortunately, this also means significant amount of user context information is now accessible to applications and potentially others, creating serious privacy and security concerns. Mobile OS frameworks like Android lack mechanisms for dynamic privacy control. We show how data flow among applications can be successfully filtered at a much more granular level using semantic web driven technologies that model device location, surroundings, application roles as well as context-dependent information sharing policies.","PeriodicalId":201519,"journal":{"name":"2012 IEEE Symposium on Security and Privacy Workshops","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132014039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: