Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137328
Scott Treadwell, Mian Zhou
Obfuscated malware has become popular because of pure benefits brought by obfuscation: low cost and readily availability of obfuscation tools accompanied with good result of evading signature based anti-virus detection as well as prevention of reverse engineer from understanding malwares' true nature. Regardless obfuscation methods, a malware must deobfuscate its core code back to clear executable machine code so that malicious portion will be executed. Thus, to analyze the obfuscation pattern before unpacking provide a chance for us to prevent malware from further execution. In this paper, we propose a heuristic detection approach that targets obfuscated windows binary files being loaded into memory - prior to execution. We perform a series of static check on binary file's PE structure for common traces of a packer or obfuscation, and gauge a binary's maliciousness with a simple risk rating mechanism. As a result, a newly created process, if flagged as possibly malicious by the static screening, will be prevented from further execution. This paper explores the foundation of this research, as well as the testing methodology and current results.
{"title":"A heuristic approach for detection of obfuscated malware","authors":"Scott Treadwell, Mian Zhou","doi":"10.1109/ISI.2009.5137328","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137328","url":null,"abstract":"Obfuscated malware has become popular because of pure benefits brought by obfuscation: low cost and readily availability of obfuscation tools accompanied with good result of evading signature based anti-virus detection as well as prevention of reverse engineer from understanding malwares' true nature. Regardless obfuscation methods, a malware must deobfuscate its core code back to clear executable machine code so that malicious portion will be executed. Thus, to analyze the obfuscation pattern before unpacking provide a chance for us to prevent malware from further execution. In this paper, we propose a heuristic detection approach that targets obfuscated windows binary files being loaded into memory - prior to execution. We perform a series of static check on binary file's PE structure for common traces of a packer or obfuscation, and gauge a binary's maliciousness with a simple risk rating mechanism. As a result, a newly created process, if flagged as possibly malicious by the static screening, will be prevented from further execution. This paper explores the foundation of this research, as well as the testing methodology and current results.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124986376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137265
R. Heatherly, Murat Kantarcioglu, B. Thuraisingham
Classification of nodes in a social network and its applications to security informatics have been extensively studied in the past. However, previous work generally does not consider the types of links (e.g., whether a person is friend or a close friend) that connect social networks members for classification purposes. Here, we propose modified Naive Bayes Classification schemes to make use of the link type information in classification tasks. Basically, we suggest two new Bayesian classification methods that extend a traditional relational Naive Bayes Classifier, namely, the Link Type relational Bayes Classifier and the Weighted Link Type Bayes Classifier. We then show the efficacy of our proposed techniques by conducting experiments on data obtained from the Internet Movie Database.
{"title":"Social network classification incorporating link type values","authors":"R. Heatherly, Murat Kantarcioglu, B. Thuraisingham","doi":"10.1109/ISI.2009.5137265","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137265","url":null,"abstract":"Classification of nodes in a social network and its applications to security informatics have been extensively studied in the past. However, previous work generally does not consider the types of links (e.g., whether a person is friend or a close friend) that connect social networks members for classification purposes. Here, we propose modified Naive Bayes Classification schemes to make use of the link type information in classification tasks. Basically, we suggest two new Bayesian classification methods that extend a traditional relational Naive Bayes Classifier, namely, the Link Type relational Bayes Classifier and the Weighted Link Type Bayes Classifier. We then show the efficacy of our proposed techniques by conducting experiments on data obtained from the Internet Movie Database.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114045052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137278
Claus Atzenbeck, D. Hicks, N. Memon
This paper focuses on police investigations conducted by small teams of officers as they usually work on solving violent crimes. Collaboration and communication are important aspects as well as connecting pieces of information that become known to the officers over time. This is an important application domain of knowledge management, and in particular hypertext. We present a prototypic application, Socs, that permits the intuitive connecting of information on a space. It supports emergent and dynamic knowledge structures, fosters communication, awareness and notification services, enables multiple trails of thought in parallel (i. e., thought experiments), as well as versioning with easy access to previous states. As a complement to the database and network analysis driven applications available today, we propose a tool for criminal profiling or crime scene analysis supporting small teams of officers in knowledge structuring and collaboration.
{"title":"Supporting emergent knowledge and team communication in police investigations","authors":"Claus Atzenbeck, D. Hicks, N. Memon","doi":"10.1109/ISI.2009.5137278","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137278","url":null,"abstract":"This paper focuses on police investigations conducted by small teams of officers as they usually work on solving violent crimes. Collaboration and communication are important aspects as well as connecting pieces of information that become known to the officers over time. This is an important application domain of knowledge management, and in particular hypertext. We present a prototypic application, Socs, that permits the intuitive connecting of information on a space. It supports emergent and dynamic knowledge structures, fosters communication, awareness and notification services, enables multiple trails of thought in parallel (i. e., thought experiments), as well as versioning with easy access to previous states. As a complement to the database and network analysis driven applications available today, we propose a tool for criminal profiling or crime scene analysis supporting small teams of officers in knowledge structuring and collaboration.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128540115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137332
Shouhuai Xu, Qun Ni, E. Bertino, R. Sandhu
Data (or information) provenance has many important applications. However, prior work on data provenance management almost exclusively focused on the collection, representation, query, and storage of provenance data. In contrast, the security aspect of provenance management has not been understood nor adequately addressed. A natural question then is: What would a secure provenance management system - perhaps as an analogy to secure database management systems - look like? In this paper, we explore the problem space of secure provenance management systems with an emphasis on the security requirements for such systems, and characterize desired solutions for tackling the problem. We believe that this paper makes a significant step towards a comprehensive solution to the problem of secure provenance management.
{"title":"A Characterization of the problem of secure provenance management","authors":"Shouhuai Xu, Qun Ni, E. Bertino, R. Sandhu","doi":"10.1109/ISI.2009.5137332","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137332","url":null,"abstract":"Data (or information) provenance has many important applications. However, prior work on data provenance management almost exclusively focused on the collection, representation, query, and storage of provenance data. In contrast, the security aspect of provenance management has not been understood nor adequately addressed. A natural question then is: What would a secure provenance management system - perhaps as an analogy to secure database management systems - look like? In this paper, we explore the problem space of secure provenance management systems with an emphasis on the security requirements for such systems, and characterize desired solutions for tackling the problem. We believe that this paper makes a significant step towards a comprehensive solution to the problem of secure provenance management.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123984433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137308
S. Chen, Y. Huang
This paper describes a method of detecting and monitoring human activities which are extremely useful for understanding human behaviors and recognizing human interactions in a social network. By taking advantage of current wireless sensor network technologies, physical activities can be recognized through classifying multi-modal sensors data. The result shows that high recognition accuracy on a dataset of 6 daily activities of one carrier can be achieved by using suitable classifiers.
{"title":"Recognizing human activities from multi-modal sensors","authors":"S. Chen, Y. Huang","doi":"10.1109/ISI.2009.5137308","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137308","url":null,"abstract":"This paper describes a method of detecting and monitoring human activities which are extremely useful for understanding human behaviors and recognizing human interactions in a social network. By taking advantage of current wireless sensor network technologies, physical activities can be recognized through classifying multi-modal sensors data. The result shows that high recognition accuracy on a dataset of 6 daily activities of one carrier can be achieved by using suitable classifiers.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124184018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137319
Xiaochen Li, W. Mao, D. Zeng, Peng Su, Fei-Yue Wang
Cultural modeling is an emergent and promising research area in social computing. It aims to develop behavioral models of groups and analyze the impact of culture factors on group behavior using computational methods. Classification methods play a critical role in cultural modeling domain. As various cultural-related datasets possess different properties, for group behavior prediction, it is important to gain a computational understanding of the performance of various classification methods. In this paper, we investigate the performance of seven representative classification algorithms using a benchmark cultural modeling dataset and analyze the experimental results.
{"title":"Performance evaluation of classification methods in cultural modeling","authors":"Xiaochen Li, W. Mao, D. Zeng, Peng Su, Fei-Yue Wang","doi":"10.1109/ISI.2009.5137319","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137319","url":null,"abstract":"Cultural modeling is an emergent and promising research area in social computing. It aims to develop behavioral models of groups and analyze the impact of culture factors on group behavior using computational methods. Classification methods play a critical role in cultural modeling domain. As various cultural-related datasets possess different properties, for group behavior prediction, it is important to gain a computational understanding of the performance of various classification methods. In this paper, we investigate the performance of seven representative classification algorithms using a benchmark cultural modeling dataset and analyze the experimental results.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117013087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137288
Robert Moskovitch, Clint Feher, Arik Messerman, Niklas Kirschnick, Tarik Mustafic, S. Çamtepe, Bernhard Löhlein, U. Heister, S. Möller, L. Rokach, Y. Elovici
The increase of online services, such as eBanks, WebMails, in which users are verified by a username and password, is increasingly exploited by Identity Theft procedures. Identity Theft is a fraud, in which someone pretends to be someone else is order to steal money or get other benefits. To overcome the problem of Identity Theft an additional security layer is required. Within the last decades the option of verifying users based on their keystroke dynamics was proposed during login verification. Thus, the imposter has to be able to type in a similar way to the real user in addition to having the username and password. However, verifying users upon login is not enough, since a logged station/mobile is vulnerable for imposters when the user leaves her machine. Thus, verifying users continuously based on their activities is required. Within the last decade there is a growing interest and use of biometrics tools, however, these are often costly and require additional hardware. Behavioral biometrics, in which users are verified, based on their keyboard and mouse activities, present potentially a good solution. In this paper we discuss the problem of Identity Theft and propose behavioral biometrics as a solution. We survey existing studies and list the challenges and propose solutions.
{"title":"Identity theft, computers and behavioral biometrics","authors":"Robert Moskovitch, Clint Feher, Arik Messerman, Niklas Kirschnick, Tarik Mustafic, S. Çamtepe, Bernhard Löhlein, U. Heister, S. Möller, L. Rokach, Y. Elovici","doi":"10.1109/ISI.2009.5137288","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137288","url":null,"abstract":"The increase of online services, such as eBanks, WebMails, in which users are verified by a username and password, is increasingly exploited by Identity Theft procedures. Identity Theft is a fraud, in which someone pretends to be someone else is order to steal money or get other benefits. To overcome the problem of Identity Theft an additional security layer is required. Within the last decades the option of verifying users based on their keystroke dynamics was proposed during login verification. Thus, the imposter has to be able to type in a similar way to the real user in addition to having the username and password. However, verifying users upon login is not enough, since a logged station/mobile is vulnerable for imposters when the user leaves her machine. Thus, verifying users continuously based on their activities is required. Within the last decade there is a growing interest and use of biometrics tools, however, these are often costly and require additional hardware. Behavioral biometrics, in which users are verified, based on their keyboard and mouse activities, present potentially a good solution. In this paper we discuss the problem of Identity Theft and propose behavioral biometrics as a solution. We survey existing studies and list the challenges and propose solutions.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123220511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137300
Enkh-Amgalan Baatarjav, R. Dantu, Yan Tang, João W. Cangussu
Online social networking sites (SNSs) has changed our lifestyle and become a main medium of communication among young adults to stay in touch with their friends, to organize events, to make friends, to promote themselves, to date, etc. To create content rich environment, SNSs make their platform available for third-party developers. The developers can build their applications based on users' social graph containing their personal and social information. Unfortunately, any information users posted on their profile can be harvested and used for unethical purposes due to Facebook's lack of application privacy configuration. In this paper we propose a privacy-management system for Facebook applications. The system can take advantage of the correlation between some profile features and network privacy settings, in this way it can automatically configure a users privacy settings. Our preliminary result show promising result.
{"title":"BBN-based privacy management sytem for facebook","authors":"Enkh-Amgalan Baatarjav, R. Dantu, Yan Tang, João W. Cangussu","doi":"10.1109/ISI.2009.5137300","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137300","url":null,"abstract":"Online social networking sites (SNSs) has changed our lifestyle and become a main medium of communication among young adults to stay in touch with their friends, to organize events, to make friends, to promote themselves, to date, etc. To create content rich environment, SNSs make their platform available for third-party developers. The developers can build their applications based on users' social graph containing their personal and social information. Unfortunately, any information users posted on their profile can be harvested and used for unethical purposes due to Facebook's lack of application privacy configuration. In this paper we propose a privacy-management system for Facebook applications. The system can take advantage of the correlation between some profile features and network privacy settings, in this way it can automatically configure a users privacy settings. Our preliminary result show promising result.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116821498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137317
Sahand KhakAbi
In 2006, 100,000 servers were broken down just within 10 minutes [1]. Those were the victims of some Denial-of-Service attacks. This news and knowing that some of those victims were so well-known companies like Hotmail and Amazon, indicate the significance of this kind of threats and attacks. “In a DoS attack, a malicious client (called the attacker) performs operations designed to partially or completely prevent legitimate clients from gaining service form a server (called the victim)” [2]. DoS attacks can be categorized in two main classes: logic attacks and flooding attacks. In flooding attacks, which are discussed in this paper, the resources of the victim server are consumed by sending a big number of requests to it in order to make it unable to provide appropriate services to legitimate clients.
{"title":"Preventing SYN flood DoS attacks (Abstract) An improvement to SYN cookies","authors":"Sahand KhakAbi","doi":"10.1109/ISI.2009.5137317","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137317","url":null,"abstract":"In 2006, 100,000 servers were broken down just within 10 minutes [1]. Those were the victims of some Denial-of-Service attacks. This news and knowing that some of those victims were so well-known companies like Hotmail and Amazon, indicate the significance of this kind of threats and attacks. “In a DoS attack, a malicious client (called the attacker) performs operations designed to partially or completely prevent legitimate clients from gaining service form a server (called the victim)” [2]. DoS attacks can be categorized in two main classes: logic attacks and flooding attacks. In flooding attacks, which are discussed in this paper, the resources of the victim server are consumed by sending a big number of requests to it in order to make it unable to provide appropriate services to legitimate clients.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127121476","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137313
Youngkun Min, B. Lee, Chansu Yu
MyMemex server consists of a web server, a data collection agent, a file handler, and a database. The data collection agent makes connections to the company web services and stores the collected “web data” (phone logs, credit card usage logs, emails, and so on) to the memex database. The web server enables the users to view the collected data and get the results for the queries. The users can also upload the “file data” such as image, video, and audio files locally stored in user's personal computer. Before saving the memex data, the web server converts the various types of data into the standard 4W1H form. The “memex event ontology” is used in the conversion.
{"title":"MyMemex: A web service-based personal memex system","authors":"Youngkun Min, B. Lee, Chansu Yu","doi":"10.1109/ISI.2009.5137313","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137313","url":null,"abstract":"MyMemex server consists of a web server, a data collection agent, a file handler, and a database. The data collection agent makes connections to the company web services and stores the collected “web data” (phone logs, credit card usage logs, emails, and so on) to the memex database. The web server enables the users to view the collected data and get the results for the queries. The users can also upload the “file data” such as image, video, and audio files locally stored in user's personal computer. Before saving the memex data, the web server converts the various types of data into the standard 4W1H form. The “memex event ontology” is used in the conversion.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130085679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: