Emmanouil Vasilomanolakis, Shankar Karuppayah, Panayotis Kikiras, M. Mühlhäuser
In recent years, the amount and the sophistication of cyber attacks has increased significantly. This creates a plethora of challenges from a security perspective. First, for the efficient monitoring of a network, the generated alerts need to be presented and summarized in a meaningful manner. Second, additional analytics are required to identify sophisticated and correlated attacks. In particular, the detection of correlated attacks requires collaboration between different monitoring points. Cyber incident monitors are platforms utilized for supporting the tasks of network administrators and provide an initial step towards coping with the aforementioned challenges. In this paper, we present our cyber incident monitor TraCINg. TraCINg obtains alert data from honeypot sensors distributed across all over the world. The main contribution of this paper is a thoughtful discussion of the lessons learned, both from a design rational perspective as well as from the analysis of data gathered during a five month deployment period. Furthermore, we show that even with a relatively small number of deployed sensors, it is possible to detect correlated attacks that target multiple sensors.
{"title":"A honeypot-driven cyber incident monitor: lessons learned and steps ahead","authors":"Emmanouil Vasilomanolakis, Shankar Karuppayah, Panayotis Kikiras, M. Mühlhäuser","doi":"10.1145/2799979.2799999","DOIUrl":"https://doi.org/10.1145/2799979.2799999","url":null,"abstract":"In recent years, the amount and the sophistication of cyber attacks has increased significantly. This creates a plethora of challenges from a security perspective. First, for the efficient monitoring of a network, the generated alerts need to be presented and summarized in a meaningful manner. Second, additional analytics are required to identify sophisticated and correlated attacks. In particular, the detection of correlated attacks requires collaboration between different monitoring points. Cyber incident monitors are platforms utilized for supporting the tasks of network administrators and provide an initial step towards coping with the aforementioned challenges. In this paper, we present our cyber incident monitor TraCINg. TraCINg obtains alert data from honeypot sensors distributed across all over the world. The main contribution of this paper is a thoughtful discussion of the lessons learned, both from a design rational perspective as well as from the analysis of data gathered during a five month deployment period. Furthermore, we show that even with a relatively small number of deployed sensors, it is possible to detect correlated attacks that target multiple sensors.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129627568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with the prototype for secure voice communication with hardware encryption of data. The main elements are hands-free headset, on which microcontroller with in-flow symmetrical algorithm of block encryption is supported as well as switching server, mobile application and encrypting center.
{"title":"Secure voice communication system with hardware encryption of data on hands-free headset","authors":"A. Boruchinkin","doi":"10.1145/2799979.2800030","DOIUrl":"https://doi.org/10.1145/2799979.2800030","url":null,"abstract":"This paper deals with the prototype for secure voice communication with hardware encryption of data. The main elements are hands-free headset, on which microcontroller with in-flow symmetrical algorithm of block encryption is supported as well as switching server, mobile application and encrypting center.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125997418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In today's world of informatics, penetration tests becoming one of the most important factors in ensuring corporate information security. Penetration test methodologies provided to this day for ensuring information security have mostly concentrated on network components such as servers and firewalls. The fact that there has not been sufficient focus on router security in the penetration tests that have been conducted leads to major problems in ensuring corporate information security. This study presents a router penetration test methodology consisting of three steps to ensure full range router security. The effectiveness of the methodology presented was analyzed in a virtual penetration test laboratory, for which the design is provided in this study. Following the test trials, it was observed that the presented test methodology enables the common security vulnerabilities occurring on routers to be controlled in order.
{"title":"Developing a penetration test methodology in ensuring router security and testing it in a virtual laboratory","authors":"E. Küçüksille, Mehmet Ali Yalçinkaya, Samet Ganal","doi":"10.1145/2799979.2799989","DOIUrl":"https://doi.org/10.1145/2799979.2799989","url":null,"abstract":"In today's world of informatics, penetration tests becoming one of the most important factors in ensuring corporate information security. Penetration test methodologies provided to this day for ensuring information security have mostly concentrated on network components such as servers and firewalls. The fact that there has not been sufficient focus on router security in the penetration tests that have been conducted leads to major problems in ensuring corporate information security. This study presents a router penetration test methodology consisting of three steps to ensure full range router security. The effectiveness of the methodology presented was analyzed in a virtual penetration test laboratory, for which the design is provided in this study. Following the test trials, it was observed that the presented test methodology enables the common security vulnerabilities occurring on routers to be controlled in order.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122237392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Knyazeva, Alexander Tselykh, A. Tselykh, E. Popkova
In this paper, we present a graph-based approach to a data mining problem of exploring and revealing domain groups of users prone to committing financial fraud. Data mining in financial applications refers to extracting and organizing knowledge from large amount of legal and financial data according to certain criteria. In order to solve this problem, information about the companies should be well-defined and arranged according to a data mining process model. Here, we introduced a graph-based model to formalize large amounts of data as well as a methodology of graph centers of interest to solve classification and prediction data mining tasks that are vital to handle fraud detection. A graph-based model consists of a set of real objects, such as shareholders, vendors, and directors, with some object attributes and relations between the objects. IBM i2 software is used to visualize data and graph model representation.
{"title":"A graph-based data mining approach to preventing financial fraud: a case study","authors":"M. Knyazeva, Alexander Tselykh, A. Tselykh, E. Popkova","doi":"10.1145/2799979.2800002","DOIUrl":"https://doi.org/10.1145/2799979.2800002","url":null,"abstract":"In this paper, we present a graph-based approach to a data mining problem of exploring and revealing domain groups of users prone to committing financial fraud. Data mining in financial applications refers to extracting and organizing knowledge from large amount of legal and financial data according to certain criteria. In order to solve this problem, information about the companies should be well-defined and arranged according to a data mining process model. Here, we introduced a graph-based model to formalize large amounts of data as well as a methodology of graph centers of interest to solve classification and prediction data mining tasks that are vital to handle fraud detection. A graph-based model consists of a set of real objects, such as shareholders, vendors, and directors, with some object attributes and relations between the objects. IBM i2 software is used to visualize data and graph model representation.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127023687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis
Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.
{"title":"An analytical processing approach to supporting cyber security compliance assessment","authors":"F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis","doi":"10.1145/2799979.2800007","DOIUrl":"https://doi.org/10.1145/2799979.2800007","url":null,"abstract":"Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131051002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Goswami, Subhasish Banerjee, M. P. Dutta, C. Bhunia
Rapid development of computer networks laid a trend to share the information worldwide. However, one of the important criterions is to provide the confidentiality to the shared data over the insecure communication channel. Due to the growth of computer technology; assuring the security of such shared information becomes challenging and complicated task among the researchers. In this consequence, the dynamic key approach is most desirable as compared to static key. In this respect, the AVK is one of the best techniques to achieve the perfect security as per the literature. In this paper, we have proposed a dynamic mechanism of AVK to enhance the security by increasing the randomness among the successive keys.
{"title":"Absolute key variation technique of automatic variable key in cryptography","authors":"R. Goswami, Subhasish Banerjee, M. P. Dutta, C. Bhunia","doi":"10.1145/2799979.2800021","DOIUrl":"https://doi.org/10.1145/2799979.2800021","url":null,"abstract":"Rapid development of computer networks laid a trend to share the information worldwide. However, one of the important criterions is to provide the confidentiality to the shared data over the insecure communication channel. Due to the growth of computer technology; assuring the security of such shared information becomes challenging and complicated task among the researchers. In this consequence, the dynamic key approach is most desirable as compared to static key. In this respect, the AVK is one of the best techniques to achieve the perfect security as per the literature. In this paper, we have proposed a dynamic mechanism of AVK to enhance the security by increasing the randomness among the successive keys.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131912349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There are many problems of network security. Formalization of these problems can be the key to solving some of them. This paper focuses on two specific network security problems. We propose an approach based on Boolean-valued networks to solve these and possibly other network problems. Two models to solve the addressed problems are offered. A definition of a maximum flow in Boolean-valued networks and algorithms to find this flow were proposed. Two examples to demonstrate the described problems, models and algorithms are also presented in the paper.
{"title":"Two formal problems of network security and a theory of boolean-valued flow networks","authors":"E. Shcherba","doi":"10.1145/2799979.2800040","DOIUrl":"https://doi.org/10.1145/2799979.2800040","url":null,"abstract":"There are many problems of network security. Formalization of these problems can be the key to solving some of them. This paper focuses on two specific network security problems. We propose an approach based on Boolean-valued networks to solve these and possibly other network problems. Two models to solve the addressed problems are offered. A definition of a maximum flow in Boolean-valued networks and algorithms to find this flow were proposed. Two examples to demonstrate the described problems, models and algorithms are also presented in the paper.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131761375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
DDoS attacks have become fatal attacks in recent times. There are large number of incidents which have been reported recently and caused heavy downtime and economic losses. Evolution of utility computing models like cloud computing and its adoption across enterprises is visible due to many promising features. Effects of DDoS attacks in cloud are no more similar to what they were in traditional fixed or on premise infrastructure. In addition to effects on the service, economic or sustainability effects are significant in the form of Economic Denial of Sustainability (EDoS) attacks. We argue that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server. Some of these important stakeholders are co-hosted virtual servers, physical server(s), network and, cloud service providers. We have shown through system analysis, experiments and simulations that these stakeholders are indeed affected though they are not the actual targets. Effects to other stakeholders include performance interference, web service performance, resource race, indirect EDoS, downtime and, business losses. Cloud scale simulations have revealed that overall energy consumption and no. of VM migrations are adversely affected due to DDoS/EDoS attacks. Losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.
{"title":"DDoS/EDoS attack in cloud: affecting everyone out there!","authors":"G. Somani, M. Gaur, D. Sanghi","doi":"10.1145/2799979.2800005","DOIUrl":"https://doi.org/10.1145/2799979.2800005","url":null,"abstract":"DDoS attacks have become fatal attacks in recent times. There are large number of incidents which have been reported recently and caused heavy downtime and economic losses. Evolution of utility computing models like cloud computing and its adoption across enterprises is visible due to many promising features. Effects of DDoS attacks in cloud are no more similar to what they were in traditional fixed or on premise infrastructure. In addition to effects on the service, economic or sustainability effects are significant in the form of Economic Denial of Sustainability (EDoS) attacks. We argue that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server. Some of these important stakeholders are co-hosted virtual servers, physical server(s), network and, cloud service providers. We have shown through system analysis, experiments and simulations that these stakeholders are indeed affected though they are not the actual targets. Effects to other stakeholders include performance interference, web service performance, resource race, indirect EDoS, downtime and, business losses. Cloud scale simulations have revealed that overall energy consumption and no. of VM migrations are adversely affected due to DDoS/EDoS attacks. Losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"361 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115900336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper reviews the problem of a secure data transfer in distributed computing networks. It analysis the most popular covert channels (the steganographic methods of communications) and introduces their classification. The article also presents a class of the most effective steganographic methods, describes its formal model and performs a security analysis based on the proposed model.
{"title":"Steganographic methods of communications in distributed computing networks","authors":"A. S. Konoplev, A. Busygin","doi":"10.1145/2799979.2800024","DOIUrl":"https://doi.org/10.1145/2799979.2800024","url":null,"abstract":"This paper reviews the problem of a secure data transfer in distributed computing networks. It analysis the most popular covert channels (the steganographic methods of communications) and introduces their classification. The article also presents a class of the most effective steganographic methods, describes its formal model and performs a security analysis based on the proposed model.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125017307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Different sectors of the economy have recently witnessed increased focus on innovative technologies in evaluating human capacity of an enterprise. The Principal Component Analysis exemplifies modern knowledge-based techniques used to assess quality of specialist training. The current challenge facing by the higher education institutions of the Russian Federation is preparing qualified and competitive in the global labor market personnel, through multi-disciplinary education. This paper addresses the issue of occupational guidance at the Institute of Financial and Economic Security of the NRNU MEPhI with regard to relevant divisions of the Federal Financial Monitoring Service, by means of mathematical models. The object of the research is the system of specialist training in the area of financial monitoring. The research subject comprises methods, algorithms identifying contribution of educational disciplines to profile-based preparation of students in the sphere of financial monitoring. The goal of this study is to improve the quality of education in the field of financial monitoring by developing methods and algorithms that determine theoretical and practical contribution of subjects to specialist training.
{"title":"Profile-based students assignment to core financial intelligence unit departments","authors":"D. Chukova, A. Pakhomov","doi":"10.1145/2799979.2800018","DOIUrl":"https://doi.org/10.1145/2799979.2800018","url":null,"abstract":"Different sectors of the economy have recently witnessed increased focus on innovative technologies in evaluating human capacity of an enterprise. The Principal Component Analysis exemplifies modern knowledge-based techniques used to assess quality of specialist training. The current challenge facing by the higher education institutions of the Russian Federation is preparing qualified and competitive in the global labor market personnel, through multi-disciplinary education. This paper addresses the issue of occupational guidance at the Institute of Financial and Economic Security of the NRNU MEPhI with regard to relevant divisions of the Federal Financial Monitoring Service, by means of mathematical models. The object of the research is the system of specialist training in the area of financial monitoring. The research subject comprises methods, algorithms identifying contribution of educational disciplines to profile-based preparation of students in the sphere of financial monitoring. The goal of this study is to improve the quality of education in the field of financial monitoring by developing methods and algorithms that determine theoretical and practical contribution of subjects to specialist training.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125542169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: