Behavior based analysis of software executed in a sandbox environment has become an established part of malware and APT detection. In this paper, we explore a unique approach to conduct such an analysis based on data generated by live corporate workstations. We specifically collect high-level Windows events via a real-time kernel monitoring agent and build event propagation trees on top of it. Those trees are representative for the behavior exhibited by the programs running on the monitored machine. After a necessary discretization phase we use a moderately modified version of the Markov chain algorithm to create a distance matrix based on the discretized behavioral profiles. Distance based clustering is then applied to classify the processes in question. We evaluated our approach on a goodware dataset collected on actively used workstations. Initial results show that the Markov approach can be used to reliably classify arbitrary processes and helps identify potentially harmful outliers.
{"title":"Endpoint Data Classification Using Markov Chains","authors":"Stefan Marschalek, R. Luh, S. Schrittwieser","doi":"10.1109/ICSSA.2017.17","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.17","url":null,"abstract":"Behavior based analysis of software executed in a sandbox environment has become an established part of malware and APT detection. In this paper, we explore a unique approach to conduct such an analysis based on data generated by live corporate workstations. We specifically collect high-level Windows events via a real-time kernel monitoring agent and build event propagation trees on top of it. Those trees are representative for the behavior exhibited by the programs running on the monitored machine. After a necessary discretization phase we use a moderately modified version of the Markov chain algorithm to create a distance matrix based on the discretized behavioral profiles. Distance based clustering is then applied to classify the processes in question. We evaluated our approach on a goodware dataset collected on actively used workstations. Initial results show that the Markov approach can be used to reliably classify arbitrary processes and helps identify potentially harmful outliers.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126633891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents 3 common requirements for web application vulnerability scanners for the Internet of things devices, including browser's rendering engine support, false positive minimization, and device setting change minimization. These requirements have been drawn from the experience of the previous project, security vulnerabilities in residential gateways.
{"title":"Common Requirements for Web Application Vulnerability Scanners for the Internet of Things","authors":"H. Lee, Young Sun Park","doi":"10.1109/ICSSA.2017.31","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.31","url":null,"abstract":"This paper presents 3 common requirements for web application vulnerability scanners for the Internet of things devices, including browser's rendering engine support, false positive minimization, and device setting change minimization. These requirements have been drawn from the experience of the previous project, security vulnerabilities in residential gateways.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129325549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wendy Ayala, Walter Fuertes, Fernando Galarraga, Hernán Aules, T. Toulkeridis
In the current study, we performed a quantitative evaluation of digital signature algorithms between the asymmetric cryptographic scheme RSA (Rivest, Shamir, and Adleman) and ECDSA (Elliptic Curve Digital Signature Algorithm) with the purpose to limit or block illegal digital interferences. Mathematical foundations of asymmetric digital signature algorithms have been analyzed, giving a special focus to the mentioned algorithms. RSA and ECDSA have been coded in Java Development Environment, with their respective libraries. In addition, a Java software application has been designed and implemented with the respective algorithms of key generation and verification. We have used Scrum by articulating each of its phases with the architecture and extensible security elements of the Java platform. Thus, all of these processes have been applied, in order to establish the RSA or ECDSA with the most suitable characteristics for the performance and confidentiality of transmitted information. The own standards of asymmetric digital signature algorithms and elliptic curves have been taken into account, so that the comparison appears adequate and produces data that, besides of being measurable, are also sustainable. The results obtained have been visualized through a statistical process as products of the determination of the response times obtained during this process. To verify these results, we have used a mathematical validation, based on the Least Squares method.
{"title":"Software Application to Evaluate the Complexity Theory of the RSA and Elliptic Curves Asymmetric Algorithms","authors":"Wendy Ayala, Walter Fuertes, Fernando Galarraga, Hernán Aules, T. Toulkeridis","doi":"10.1109/ICSSA.2017.20","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.20","url":null,"abstract":"In the current study, we performed a quantitative evaluation of digital signature algorithms between the asymmetric cryptographic scheme RSA (Rivest, Shamir, and Adleman) and ECDSA (Elliptic Curve Digital Signature Algorithm) with the purpose to limit or block illegal digital interferences. Mathematical foundations of asymmetric digital signature algorithms have been analyzed, giving a special focus to the mentioned algorithms. RSA and ECDSA have been coded in Java Development Environment, with their respective libraries. In addition, a Java software application has been designed and implemented with the respective algorithms of key generation and verification. We have used Scrum by articulating each of its phases with the architecture and extensible security elements of the Java platform. Thus, all of these processes have been applied, in order to establish the RSA or ECDSA with the most suitable characteristics for the performance and confidentiality of transmitted information. The own standards of asymmetric digital signature algorithms and elliptic curves have been taken into account, so that the comparison appears adequate and produces data that, besides of being measurable, are also sustainable. The results obtained have been visualized through a statistical process as products of the determination of the response times obtained during this process. To verify these results, we have used a mathematical validation, based on the Least Squares method.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121579646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To set a password for MS-Office documents would be the most common method that users can think first for their document protection. People also consider the easiest and cheapest way to preserve the confidentiality of documents even though the strength of this security measure merely depends on the complexity of passphrase chosen by document authors. The human factor dependency in documents' password security has been an obstacle of choosing it as a major security countermeasure. In this work, we suggest a new password management scheme for SOHO companies with a limited budget for information security. We have named this scheme as the SPT (Secure Password Translation) which separates users' chosen passphrases and companies' chosen ones for document security. This separation brings about differentiating the security level of documents in accordance with the physical location of documents. The contribution of this work is in suggesting and implementing of security management scheme, which SOHO companies can deploy with a limited budget.
{"title":"Secure Password Translation for Document Protection of SOHO Companies","authors":"Hyung-Jong Kim, Soyeon Park","doi":"10.1109/ICSSA.2017.33","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.33","url":null,"abstract":"To set a password for MS-Office documents would be the most common method that users can think first for their document protection. People also consider the easiest and cheapest way to preserve the confidentiality of documents even though the strength of this security measure merely depends on the complexity of passphrase chosen by document authors. The human factor dependency in documents' password security has been an obstacle of choosing it as a major security countermeasure. In this work, we suggest a new password management scheme for SOHO companies with a limited budget for information security. We have named this scheme as the SPT (Secure Password Translation) which separates users' chosen passphrases and companies' chosen ones for document security. This separation brings about differentiating the security level of documents in accordance with the physical location of documents. The contribution of this work is in suggesting and implementing of security management scheme, which SOHO companies can deploy with a limited budget.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127771279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: