Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137316
Sayed Omid Azarkasb, S.S. Ghidary
Network administrators are able to correlate log file entries manually. Large volume and low quality of log files justify the need for further log processing. The manual log processing is lack of flexibility. It is time consuming, and one doesn't get the general view of the log files in the network. Without this general view it is hard to correlate information between the network components. Events seemingly unessential by themselves can in reality be a piece of a larger threat. In this regard, different log correlation methods are proposed to improve alert quality and to give a comprehensive view of system security. In this paper, we show how different attacks categorized in three categories with different behavior: Denial of Service (DoS) attacks, User-to-Root (U2R) & Remote-to-Local (R2L) attacks and Probing, are reflected in different logs and argue that some attacks are not evident when a single log is analyzed.
{"title":"New approaches for intrusion detection based on logs correlation","authors":"Sayed Omid Azarkasb, S.S. Ghidary","doi":"10.1109/ISI.2009.5137316","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137316","url":null,"abstract":"Network administrators are able to correlate log file entries manually. Large volume and low quality of log files justify the need for further log processing. The manual log processing is lack of flexibility. It is time consuming, and one doesn't get the general view of the log files in the network. Without this general view it is hard to correlate information between the network components. Events seemingly unessential by themselves can in reality be a piece of a larger threat. In this regard, different log correlation methods are proposed to improve alert quality and to give a comprehensive view of system security. In this paper, we show how different attacks categorized in three categories with different behavior: Denial of Service (DoS) attacks, User-to-Root (U2R) & Remote-to-Local (R2L) attacks and Probing, are reflected in different logs and argue that some attacks are not evident when a single log is analyzed.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132520475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137321
Youzhong Wang, D. Zeng, Xiaolong Zheng, Fei-Yue Wang
A large portion of online news articles and postings are not originally created but reprinted or re-posted from other online news sources or portals. In this paper, we analyze the dynamics of online news propagation, using a large collection of Chinese online news activity data. We characterize prominent features of online news diffusion and compare them against the spreading patterns of the epidemic. Several critical factors influencing the news propagation process are identified, including the centrality and selectivity of source portals, and event variability.
{"title":"Propagation of online news: Dynamic patterns","authors":"Youzhong Wang, D. Zeng, Xiaolong Zheng, Fei-Yue Wang","doi":"10.1109/ISI.2009.5137321","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137321","url":null,"abstract":"A large portion of online news articles and postings are not originally created but reprinted or re-posted from other online news sources or portals. In this paper, we analyze the dynamics of online news propagation, using a large collection of Chinese online news activity data. We characterize prominent features of online news diffusion and compare them against the spreading patterns of the epidemic. Several critical factors influencing the news propagation process are identified, including the centrality and selectivity of source portals, and event variability.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126438268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137310
Min-rui Zhang, Yangmei Zhang
A color image watermarking algorithm based on 2-D cepstrum transform is proposed. The proposed method inserts a gray scale image into a color host image. Experimental results show that the proposed algorithm can survive affine transformation, JPEG compression, median filtering, rescaling, rotation, cropping and noise attacks.
{"title":"Color image watermarking algorithm in cepstrum domain","authors":"Min-rui Zhang, Yangmei Zhang","doi":"10.1109/ISI.2009.5137310","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137310","url":null,"abstract":"A color image watermarking algorithm based on 2-D cepstrum transform is proposed. The proposed method inserts a gray scale image into a color host image. Experimental results show that the proposed algorithm can survive affine transformation, JPEG compression, median filtering, rescaling, rotation, cropping and noise attacks.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123068356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137323
Hengmin Zhou, D. Zeng, Changli Zhang
This paper is motivated to utilize results from opinion mining to facilitate social network analysis. We introduce the concept of Opinion Networks and propose a PageRank-like algorithm, named OpinionRank, to rank the nodes in an opinion network. This proposed approach has been applied to real-world datasets and initial experiments indicate that the sentiment information is helpful for finding leaders of online communities and that the OpinionRank method outperforms benchmark methods that ignore sentiment information.
{"title":"Finding leaders from opinion networks","authors":"Hengmin Zhou, D. Zeng, Changli Zhang","doi":"10.1109/ISI.2009.5137323","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137323","url":null,"abstract":"This paper is motivated to utilize results from opinion mining to facilitate social network analysis. We introduce the concept of Opinion Networks and propose a PageRank-like algorithm, named OpinionRank, to rank the nodes in an opinion network. This proposed approach has been applied to real-world datasets and initial experiments indicate that the sentiment information is helpful for finding leaders of online communities and that the OpinionRank method outperforms benchmark methods that ignore sentiment information.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120980132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137279
Xiaoran Wang, Coskun Bayrak
Web-based workflow systems have emerged in almost every business because they can support dynamic business processes over heterogeneous computing systems which is the requirement of a modern business. At the same time security and flexibility have become the two most important aspects in those systems. Role-based Access Control has been injected to Web-based workflow systems to control access (without hindering the process), which has greatly facilitated the access control management. However, a high-level user may want to delegate one of his permissions to a member. In this case, a flexible delegation would be required to achieve this functionality. In this research, we investigated the idea of delegation and developed a framework for injecting Permission-based Delegation Model (PBDM(WEB)) to secure Web-based workflow systems. PBDM(WEB) supports Role-based Access Control, flexible permission-based delegation and ability-based delegation, interoperation among multi-domain systems and consistency of authorization.
{"title":"Injecting a permission-based delegation model to secure web-based workflow systems","authors":"Xiaoran Wang, Coskun Bayrak","doi":"10.1109/ISI.2009.5137279","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137279","url":null,"abstract":"Web-based workflow systems have emerged in almost every business because they can support dynamic business processes over heterogeneous computing systems which is the requirement of a modern business. At the same time security and flexibility have become the two most important aspects in those systems. Role-based Access Control has been injected to Web-based workflow systems to control access (without hindering the process), which has greatly facilitated the access control management. However, a high-level user may want to delegate one of his permissions to a member. In this case, a flexible delegation would be required to achieve this functionality. In this research, we investigated the idea of delegation and developed a framework for injecting Permission-based Delegation Model (PBDM(WEB)) to secure Web-based workflow systems. PBDM(WEB) supports Role-based Access Control, flexible permission-based delegation and ability-based delegation, interoperation among multi-domain systems and consistency of authorization.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116653704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137301
F. Kerschbaum, A. Schaad, Debmalya Biswas
Social Network Analysis (SNA) is now a commonly used tool in criminal investigations, but evidence gathering and analysis is often restricted by data privacy laws. We consider the case where multiple investigators want to collaborate but do not yet have sufficient evidence that justifies a plaintext data exchange. We propose a practical solution that allows an investigator to expand his current view without actually exchanging sensitive private information. The investigator gets a partially anonymized view of the entire social network, while preserving his known view.
{"title":"Practical privacy-preserving protocols for criminal investigations","authors":"F. Kerschbaum, A. Schaad, Debmalya Biswas","doi":"10.1109/ISI.2009.5137301","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137301","url":null,"abstract":"Social Network Analysis (SNA) is now a commonly used tool in criminal investigations, but evidence gathering and analysis is often restricted by data privacy laws. We consider the case where multiple investigators want to collaborate but do not yet have sufficient evidence that justifies a plaintext data exchange. We propose a practical solution that allows an investigator to expand his current view without actually exchanging sensitive private information. The investigator gets a partially anonymized view of the entire social network, while preserving his known view.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133566556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137309
A. M. Roshandeh, O. C. Puan
Variable message signs (VMS), also known as changeable message signs (CMS) or dynamic message signs (DMS), are traffic control devices to communicate with motorists. A VMS is generally used to inform motorists the roadway, traffic, or weather conditions. It is also used to display travel times and public service announcements. This study attempts to utilize archived traffic data from the MRR1 freeway area in Kuala Lumpur to assess the accuracy with which VMS display travel time estimates, and driver response to display messages of varying lengths and formatting. Results show that usage of Variable Message Signs reduces the average travel times during the duration of the incident until the clearing of the resulting congestion by a significant amount. Under the presence of VMS, there is a significant shift of people from higher travel times in case of incident to lower travel times. The results demonstrate that VMS has no significant impact on gap but occupancy comes down.
{"title":"Assessment of impact of variable message signs on traffic surveillance in Kuala Lumpur","authors":"A. M. Roshandeh, O. C. Puan","doi":"10.1109/ISI.2009.5137309","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137309","url":null,"abstract":"Variable message signs (VMS), also known as changeable message signs (CMS) or dynamic message signs (DMS), are traffic control devices to communicate with motorists. A VMS is generally used to inform motorists the roadway, traffic, or weather conditions. It is also used to display travel times and public service announcements. This study attempts to utilize archived traffic data from the MRR1 freeway area in Kuala Lumpur to assess the accuracy with which VMS display travel time estimates, and driver response to display messages of varying lengths and formatting. Results show that usage of Variable Message Signs reduces the average travel times during the duration of the incident until the clearing of the resulting congestion by a significant amount. Under the presence of VMS, there is a significant shift of people from higher travel times in case of incident to lower travel times. The results demonstrate that VMS has no significant impact on gap but occupancy comes down.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121779826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137294
Moshe Koppel, Navot Akiva, Eli Alshech, Kfir Bar
We show how an Arabic language religious-political document can be automatically classified according to the ideological stream and organizational affiliation that it represents. Tests show that our methods achieve near-perfect accuracy.
{"title":"Automatically Classifying Documents by Ideological and Organizational Affiliation","authors":"Moshe Koppel, Navot Akiva, Eli Alshech, Kfir Bar","doi":"10.1109/ISI.2009.5137294","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137294","url":null,"abstract":"We show how an Arabic language religious-political document can be automatically classified according to the ideological stream and organizational affiliation that it represents. Tests show that our methods achieve near-perfect accuracy.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123133985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137329
Noah Guilbault, R. Guha
In order to test the proposed distributed intrusion detection system there is a need for sufficient hardware and software in place as to provide a reasonable approximation of the actual conditions that such a system would expect to encounter if deployed in a live environment. These hardware and software requirements are compounded when attempting to test a distributed grid computing system because such systems typically can often scale to the hundreds or even thousands of computers. Even if sufficient hardware is obtainable, the generation of accurate test data accurately depicting normal patterns of network or Internet traffic can provide additional challenges, especially when the data is time sensitive. This paper demonstrates a method by which a distributed grid based IDS can be designed and implemented using virtual servers deployed on Amazon.com's Elastic Compute Cloud service.
{"title":"Experiment setup for temporal distributed intrusion detection system on Amazon's elastic compute cloud","authors":"Noah Guilbault, R. Guha","doi":"10.1109/ISI.2009.5137329","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137329","url":null,"abstract":"In order to test the proposed distributed intrusion detection system there is a need for sufficient hardware and software in place as to provide a reasonable approximation of the actual conditions that such a system would expect to encounter if deployed in a live environment. These hardware and software requirements are compounded when attempting to test a distributed grid computing system because such systems typically can often scale to the hundreds or even thousands of computers. Even if sufficient hardware is obtainable, the generation of accurate test data accurately depicting normal patterns of network or Internet traffic can provide additional challenges, especially when the data is time sensitive. This paper demonstrates a method by which a distributed grid based IDS can be designed and implemented using virtual servers deployed on Amazon.com's Elastic Compute Cloud service.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121250511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137306
Micah Jones, Kevin W. Hamlen
SPoX (Security Policy XML) is a declarative language for specifying application security policies for enforcement by In-lined Reference Monitors. Two case studies are presented that demonstrate how this language can be used to effectively enforce application-specific security policies for untrusted Java applications in the absence of source code.
{"title":"Enforcing IRM security policies: Two case studies","authors":"Micah Jones, Kevin W. Hamlen","doi":"10.1109/ISI.2009.5137306","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137306","url":null,"abstract":"SPoX (Security Policy XML) is a declarative language for specifying application security policies for enforcement by In-lined Reference Monitors. Two case studies are presented that demonstrate how this language can be used to effectively enforce application-specific security policies for untrusted Java applications in the absence of source code.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116401864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: