Global corporations and government organizations are nowadays represented in cyberspace in the form of numerous large-scale heterogeneous information systems, which implement corresponding business, technological and other types of processes. This extends the set of security analysis tasks, stated for these infrastructures, and tangles already existing tasks. This paper addresses the challenge of increasing penetration testing automation level through the adoption of semi-automatic knowledge extraction from the huge amounts of heterogeneous regularly updated data. The proposed solution is based on the novel penetration testing ontology, which gives a holistic view on the results of security analysis. Designed ontology is evaluated within the penetration testing framework prototype and binds together the conceptual (process) abstraction level, addressed by security experts, and technical abstraction level, employed in modern security analysis tools and methods.
{"title":"Ontology-based big data approach to automated penetration testing of large-scale heterogeneous systems","authors":"T. Stepanova, A. Pechenkin, D. Lavrova","doi":"10.1145/2799979.2799995","DOIUrl":"https://doi.org/10.1145/2799979.2799995","url":null,"abstract":"Global corporations and government organizations are nowadays represented in cyberspace in the form of numerous large-scale heterogeneous information systems, which implement corresponding business, technological and other types of processes. This extends the set of security analysis tasks, stated for these infrastructures, and tangles already existing tasks. This paper addresses the challenge of increasing penetration testing automation level through the adoption of semi-automatic knowledge extraction from the huge amounts of heterogeneous regularly updated data. The proposed solution is based on the novel penetration testing ontology, which gives a holistic view on the results of security analysis. Designed ontology is evaluated within the penetration testing framework prototype and binds together the conceptual (process) abstraction level, addressed by security experts, and technical abstraction level, employed in modern security analysis tools and methods.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124391270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mikhaylov Dmitry, Starikovskiy Andrey, Lebedev Grigoriy, R. Dmitry, E. Alexey, Uleykin Eugeniy, Boruchinkin Alexander, Tolstaya Anastasia
This article addresses the issue of SMS-messages protection from unauthorized access and malicious software. The intruder model's structure and main security threats are presented. The authors tell about the requirements for protective systems of this kind, examine the main threats to the security of information and describe the system development tools such as protecting messages using the RSA algorithm, using ELGamal algorithm and using an algorithm based on elliptic curves. The performance results and effectiveness of the proposed ideas are provided. The implementation can be performed directly on mobile subscribers in the form of a software product, or as additional functional software of a virtual operator.
{"title":"Developing a system for text-messages protection","authors":"Mikhaylov Dmitry, Starikovskiy Andrey, Lebedev Grigoriy, R. Dmitry, E. Alexey, Uleykin Eugeniy, Boruchinkin Alexander, Tolstaya Anastasia","doi":"10.1145/2799979.2800041","DOIUrl":"https://doi.org/10.1145/2799979.2800041","url":null,"abstract":"This article addresses the issue of SMS-messages protection from unauthorized access and malicious software. The intruder model's structure and main security threats are presented. The authors tell about the requirements for protective systems of this kind, examine the main threats to the security of information and describe the system development tools such as protecting messages using the RSA algorithm, using ELGamal algorithm and using an algorithm based on elliptic curves. The performance results and effectiveness of the proposed ideas are provided. The implementation can be performed directly on mobile subscribers in the form of a software product, or as additional functional software of a virtual operator.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125517465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, I describe data in motion DLP system built using free and opensource software components. The developed project effectiveness was checked within classic format "Capture The Flag" competitions.
{"title":"Building data in motion DLP system from scratch using opensource software and confirming its effectiveness within \"capture the flag\" competitions","authors":"A. Garkusha","doi":"10.1145/2799979.2800044","DOIUrl":"https://doi.org/10.1145/2799979.2800044","url":null,"abstract":"In this paper, I describe data in motion DLP system built using free and opensource software components. The developed project effectiveness was checked within classic format \"Capture The Flag\" competitions.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125819019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The popularity and openness of Android platform encourage malware authors to penetrate various market places with malicious applications. As a result, malware detection has become a critical topic in security. Currently signature-based system is able to detect malware only if it is properly documented. This reveals the need to find new malware detection techniques. In our framework, a statistical technique for Android malware detection using opcodes extracted from various applications is proposed. This technique is evaluated against malware apk samples from contagio dataset and benign apk samples from various markets. The prominent features that result in reduced misclassification rates are determined using Hartley's test.
{"title":"Hartley's test ranked opcodes for Android malware analysis","authors":"Meenu Mary John, P. Vinod, K. Dhanya","doi":"10.1145/2799979.2801037","DOIUrl":"https://doi.org/10.1145/2799979.2801037","url":null,"abstract":"The popularity and openness of Android platform encourage malware authors to penetrate various market places with malicious applications. As a result, malware detection has become a critical topic in security. Currently signature-based system is able to detect malware only if it is properly documented. This reveals the need to find new malware detection techniques. In our framework, a statistical technique for Android malware detection using opcodes extracted from various applications is proposed. This technique is evaluated against malware apk samples from contagio dataset and benign apk samples from various markets. The prominent features that result in reduced misclassification rates are determined using Hartley's test.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131559605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Structured Query Language injection (SQLi) attack is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. Injected SQL commands can alter the database and thus compromise the security of a web application. In our previous work, we proposed an effective pattern recognition Neural Network (NN) model for detection and classification of the SQLi attacks. Our proposed model was built from: a Uniform Resource Locator (URL) generator, a URL classifier, and a NN model. The URL generator was implemented in order to generate thousands of malicious and benign URLs. The URL classifier was employed in order to identify each URL, which was generated by the URL generator, as either a benign URL or a malicious URL. The URL classifier also pigeonholed the malicious URLs into seven popular SQLi attack categories. The NN model includes n hidden layers with x input and y output nodes where the benign and malicious URLs were employed for training, validating, and testing phases. Addressing our previous captured results, our proposed pattern recognition NN model for the detection and classification of the SQLi attacks demonstrated a good performance in terms of accuracy, true-positive rate, and false-positive rate. In this paper, we stress test our previous proposal in order to prove the effectiveness of our proposed approach.
{"title":"SQL-IDS: evaluation of SQLi attack detection and classification based on machine learning techniques","authors":"Naghmeh Moradpoor Sheykhkanloo","doi":"10.1145/2799979.2800011","DOIUrl":"https://doi.org/10.1145/2799979.2800011","url":null,"abstract":"Structured Query Language injection (SQLi) attack is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. Injected SQL commands can alter the database and thus compromise the security of a web application. In our previous work, we proposed an effective pattern recognition Neural Network (NN) model for detection and classification of the SQLi attacks. Our proposed model was built from: a Uniform Resource Locator (URL) generator, a URL classifier, and a NN model. The URL generator was implemented in order to generate thousands of malicious and benign URLs. The URL classifier was employed in order to identify each URL, which was generated by the URL generator, as either a benign URL or a malicious URL. The URL classifier also pigeonholed the malicious URLs into seven popular SQLi attack categories. The NN model includes n hidden layers with x input and y output nodes where the benign and malicious URLs were employed for training, validating, and testing phases. Addressing our previous captured results, our proposed pattern recognition NN model for the detection and classification of the SQLi attacks demonstrated a good performance in terms of accuracy, true-positive rate, and false-positive rate. In this paper, we stress test our previous proposal in order to prove the effectiveness of our proposed approach.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115376456","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article focuses on the ongoing challenge of countering the use of the Internet by terrorist and extremist organizations. The article considers, in particular, the methodology of the Web content monitoring that aims to address the above issue as well as the first results obtained during its approbation at the Chair of Financial Monitoring of the NRNU MEPHI. The prospects for the utilization of the results are also provided.
{"title":"Approbation of the methodology for web monitoring of terrorism- and extremism-related content","authors":"E. N. Alexandrovna, Evstifeeva Olga Urievna","doi":"10.1145/2799979.2800031","DOIUrl":"https://doi.org/10.1145/2799979.2800031","url":null,"abstract":"This article focuses on the ongoing challenge of countering the use of the Internet by terrorist and extremist organizations. The article considers, in particular, the methodology of the Web content monitoring that aims to address the above issue as well as the first results obtained during its approbation at the Chair of Financial Monitoring of the NRNU MEPHI. The prospects for the utilization of the results are also provided.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115586799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fully homomorphic encryption (FHE) is a tool of key importance to organize computations over encrypted data. But its misuse leads to privacy violation in spite of the encryption security. To use FHE correctly in applications one needs to solve a number of rather sophisticated problems. This paper considers delegation of programs evaluation over encrypted data to the untrusted server in the case when algorithms for evaluation are public. The main question in this case is how to organize computations in such a way that their structures don't reveal any information about the encrypted data. This information is called data-dependence. The aim of the study is to construct such protocols for interaction with untrusted server that don't allow it accurately determine the relationship between the amount of computations and the encrypted data. The known solutions to the problem are briefly reviewed, analyzed and their disadvantages are shown. Then we present our three protocols for secure computations. The first protocol solves the problem by hiding the exact number of steps from untrusted server. This is achieved by intentional delay of feedback from the client and without any transformation of the evaluated program. The second protocol simplifies client actions, allowing computation to be fully self-contained. It requires only two communications between the client and server while ensuring the final result achievement and keeping the perfect secrecy. But it significantly increases the amount of computations that server must perform, namely for any input data server carries out the greatest possible number of steps. And third protocol involves the functional encryption. It allows getting final result of computations surely in two interactions between client and server, while not overloading the server too much. Such a protocol is well suited even for computations with worst-case exponential complexity.
{"title":"Execution of data-dependent programs over encrypted data","authors":"Philipp Burtyka, O. Makarevich","doi":"10.1145/2799979.2800010","DOIUrl":"https://doi.org/10.1145/2799979.2800010","url":null,"abstract":"Fully homomorphic encryption (FHE) is a tool of key importance to organize computations over encrypted data. But its misuse leads to privacy violation in spite of the encryption security. To use FHE correctly in applications one needs to solve a number of rather sophisticated problems. This paper considers delegation of programs evaluation over encrypted data to the untrusted server in the case when algorithms for evaluation are public. The main question in this case is how to organize computations in such a way that their structures don't reveal any information about the encrypted data. This information is called data-dependence. The aim of the study is to construct such protocols for interaction with untrusted server that don't allow it accurately determine the relationship between the amount of computations and the encrypted data. The known solutions to the problem are briefly reviewed, analyzed and their disadvantages are shown. Then we present our three protocols for secure computations. The first protocol solves the problem by hiding the exact number of steps from untrusted server. This is achieved by intentional delay of feedback from the client and without any transformation of the evaluated program. The second protocol simplifies client actions, allowing computation to be fully self-contained. It requires only two communications between the client and server while ensuring the final result achievement and keeping the perfect secrecy. But it significantly increases the amount of computations that server must perform, namely for any input data server carries out the greatest possible number of steps. And third protocol involves the functional encryption. It allows getting final result of computations surely in two interactions between client and server, while not overloading the server too much. Such a protocol is well suited even for computations with worst-case exponential complexity.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121464131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Andrei V. Petrovski, Prapa Rattadilok, Sergey Petrovski
An adaptive multi-tiered framework, which can be utilised for designing a context-aware cyber physical system is proposed in the paper and is applied within the context of providing data availability by monitoring electromagnetic interference. The adaptability is achieved through the combined use of statistical analysis and computational intelligence techniques. The proposed framework has the generality to be applied across a wide range of problem domains requiring processing, analysis and interpretation of data obtained from heterogeneous resources.
{"title":"Designing a context-aware cyber physical system for detecting security threats in motor vehicles","authors":"Andrei V. Petrovski, Prapa Rattadilok, Sergey Petrovski","doi":"10.1145/2799979.2800029","DOIUrl":"https://doi.org/10.1145/2799979.2800029","url":null,"abstract":"An adaptive multi-tiered framework, which can be utilised for designing a context-aware cyber physical system is proposed in the paper and is applied within the context of providing data availability by monitoring electromagnetic interference. The adaptability is achieved through the combined use of statistical analysis and computational intelligence techniques. The proposed framework has the generality to be applied across a wide range of problem domains requiring processing, analysis and interpretation of data obtained from heterogeneous resources.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121122519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The mathematical model of cryptosystem based on the method of gamma superposition, in which the algorithm of the inverse transformation of the closed text is reduced to the impossibility of problem solution is developed. The multiplicative knapsack task is generalized and the problem of working out of alphabetic cryptosystems mathematical models is considered. The mathematical models of such cryptosystems are offered in the article. The investigation is based on the C. Shannon, who considered, that cryptosystems containing Diophantine difficulties, possesses the greatest uncertainty of key selection process. Necessary and suffitient conditions at which generalized multiplicative knapsack is injective on Zp, p . 2, are established. The problem of building the isomorphic additive and multiplicative knapsacks is also considered.
{"title":"Mathematical modelling of cryptosystems based on Diophantine problem with gamma superposition method","authors":"V. Osipyan","doi":"10.1145/2799979.2800026","DOIUrl":"https://doi.org/10.1145/2799979.2800026","url":null,"abstract":"The mathematical model of cryptosystem based on the method of gamma superposition, in which the algorithm of the inverse transformation of the closed text is reduced to the impossibility of problem solution is developed. The multiplicative knapsack task is generalized and the problem of working out of alphabetic cryptosystems mathematical models is considered. The mathematical models of such cryptosystems are offered in the article. The investigation is based on the C. Shannon, who considered, that cryptosystems containing Diophantine difficulties, possesses the greatest uncertainty of key selection process. Necessary and suffitient conditions at which generalized multiplicative knapsack is injective on Zp, p . 2, are established. The problem of building the isomorphic additive and multiplicative knapsacks is also considered.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114900208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A problem of anomaly behavior detection for network communicating computer is discussed. A novel approach based on dynamic response of computer is introduced. The computer is suggested as a multiple-input multiple-output (MIMO) plant. To characterize dynamic response of the computer on incoming requests a correlation between input data rate and observed output response (outgoing data rate and performance metrics) is used. To distinguish normal and anomaly behavior of the computer a one-class classifier based on feedforward neural network is constructed. In the paper a method of anomaly detection is described and results of model experiments with Web-server are provided.
{"title":"Dynamic response recognition by neural network to detect network host anomaly activity","authors":"V. Eliseev, Y. Shabalin","doi":"10.1145/2799979.2799991","DOIUrl":"https://doi.org/10.1145/2799979.2799991","url":null,"abstract":"A problem of anomaly behavior detection for network communicating computer is discussed. A novel approach based on dynamic response of computer is introduced. The computer is suggested as a multiple-input multiple-output (MIMO) plant. To characterize dynamic response of the computer on incoming requests a correlation between input data rate and observed output response (outgoing data rate and performance metrics) is used. To distinguish normal and anomaly behavior of the computer a one-class classifier based on feedforward neural network is constructed. In the paper a method of anomaly detection is described and results of model experiments with Web-server are provided.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124221005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: