Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652080
I. Saleh, Alaa Mokhtar, Amin Shoukry, Mohamed Eltoweissy
The ability to mine large volumes of distributed datasets enables more precise decision making. However, privacy concerns should be carefully addressed when mining datasets distributed over autonomous sites. We propose a new privacy-preserving protocol for association rule mining (P3ARM) over horizontally partitioned data. P3ARM is based on a distributed implementation of the Apriori algorithm. The key idea is to arbitrary assign polling sites to collect itemsets' supports in encrypted forms using homomorphic encryption techniques. A pair of polling sites is assigned for each itemset. Polling sites are different for consecutive rounds of the protocol to reduce the potential for collusion. Our performance analysis shows that P3ARM significantly outperforms a leading existing protocol. Moreover, P3ARM is scalable in the number of sites and the volume of data
{"title":"P3ARM: Privacy-Preserving Protocol for Association Rule Mining","authors":"I. Saleh, Alaa Mokhtar, Amin Shoukry, Mohamed Eltoweissy","doi":"10.1109/IAW.2006.1652080","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652080","url":null,"abstract":"The ability to mine large volumes of distributed datasets enables more precise decision making. However, privacy concerns should be carefully addressed when mining datasets distributed over autonomous sites. We propose a new privacy-preserving protocol for association rule mining (P3ARM) over horizontally partitioned data. P3ARM is based on a distributed implementation of the Apriori algorithm. The key idea is to arbitrary assign polling sites to collect itemsets' supports in encrypted forms using homomorphic encryption techniques. A pair of polling sites is assigned for each itemset. Polling sites are different for consecutive rounds of the protocol to reduce the potential for collusion. Our performance analysis shows that P3ARM significantly outperforms a leading existing protocol. Moreover, P3ARM is scalable in the number of sites and the volume of data","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132211296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652093
T. Buennemeyer, G. A. Jacoby, W.G. Chiang, R. Marchany, J. Tront
This paper proposes an innovative battery-sensing intrusion protection system (B-SIPS) for mobile computers, which alerts on power changes detected on small wireless devices. These hosts are employed as sensors in a wireless network and form the basis of the "Canary-Net" intrusion detection system (IDS). This detection capability is scalable and complementary with existing commercial and open system network IDSs. B-SIPS implementation correlates device power consumption with IEEE 802.11 and Bluetooth communication activity. Irregular and attack activity is detected and reported to the intrusion detection engine for correlation with existing signatures in a database and for forensic investigation by a security manager
{"title":"Battery-Sensing Intrusion Protection System","authors":"T. Buennemeyer, G. A. Jacoby, W.G. Chiang, R. Marchany, J. Tront","doi":"10.1109/IAW.2006.1652093","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652093","url":null,"abstract":"This paper proposes an innovative battery-sensing intrusion protection system (B-SIPS) for mobile computers, which alerts on power changes detected on small wireless devices. These hosts are employed as sensors in a wireless network and form the basis of the \"Canary-Net\" intrusion detection system (IDS). This detection capability is scalable and complementary with existing commercial and open system network IDSs. B-SIPS implementation correlates device power consumption with IEEE 802.11 and Bluetooth communication activity. Irregular and attack activity is detected and reported to the intrusion detection engine for correlation with existing signatures in a database and for forensic investigation by a security manager","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133553555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652085
George C. Dalton, R. Mills, J. Colombi, R. Raines
In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break computer software and/or networks. Attack trees are a way of decomposing, visualizing, and determining the cost or likeliness of attacks. Similarly, Petri nets (PNs) are graphical representations of a system or process used for modeling, formal analysis, and design verification. PNs are easy to build and simulate using a myriad of available tools. There are a number of subclasses of PNs, including colored, timed, stochastic, etc. This paper focuses on the use of generalized stochastic PNs (GSPNs) to model and analyze attack trees with the ultimate goal of automating the analysis using simulation tools. The results of this simulation and analysis can be used to further refine the attack tree or to develop countermeasures
{"title":"Analyzing Attack Trees using Generalized Stochastic Petri Nets","authors":"George C. Dalton, R. Mills, J. Colombi, R. Raines","doi":"10.1109/IAW.2006.1652085","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652085","url":null,"abstract":"In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break computer software and/or networks. Attack trees are a way of decomposing, visualizing, and determining the cost or likeliness of attacks. Similarly, Petri nets (PNs) are graphical representations of a system or process used for modeling, formal analysis, and design verification. PNs are easy to build and simulate using a myriad of available tools. There are a number of subclasses of PNs, including colored, timed, stochastic, etc. This paper focuses on the use of generalized stochastic PNs (GSPNs) to model and analyze attack trees with the ultimate goal of automating the analysis using simulation tools. The results of this simulation and analysis can be used to further refine the attack tree or to develop countermeasures","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114676060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652118
N. Shelly, N. Jensen, L. Baird, J. Moore
Voice over Internet Protocol (VoIP) and other time critical communications require a level of availability much higher than the typical transport network supporting traditional data communications. These critical command and control channels must continue to operate and remain available in the presence of an attack or other network disruption. Even disruptions of short duration can severely damage, degrade, or drop a VoIP connection. Routing protocols in use today can dynamically adjust for a changing network topology. However, they generally cannot converge quickly enough to continue an existing voice connection. As packet switching technologies continue to erode traditional circuit switching applications, some methodology or protocol must be developed that can support these traditional requirements over a packet-based infrastructure. We propose the use of a modified overlay tunneling network and associated routing protocols called the fault tolerant overlay protocol (FTOP) network. This network is entirely logical; the supporting routing protocol may be greatly simplified due to the overlays's ability to appear fully connected. Therefore, ensuring confidentiality and availability are much simpler using traditional cryptographic isolation and VPN technologies. Empirical results show for substrate networks, convergence time may be as high as six to ten minutes. However, the FTOP overlay network has been shown to converge in a fraction of a second, yielding an observed two order of magnitude convergence time improvement. This unique ability enhances availability of critical network services allowing operation in the face of substrate network disruption caused by malicious attack or other failure
{"title":"Fault-Tolerant Overlay Protocol Network","authors":"N. Shelly, N. Jensen, L. Baird, J. Moore","doi":"10.1109/IAW.2006.1652118","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652118","url":null,"abstract":"Voice over Internet Protocol (VoIP) and other time critical communications require a level of availability much higher than the typical transport network supporting traditional data communications. These critical command and control channels must continue to operate and remain available in the presence of an attack or other network disruption. Even disruptions of short duration can severely damage, degrade, or drop a VoIP connection. Routing protocols in use today can dynamically adjust for a changing network topology. However, they generally cannot converge quickly enough to continue an existing voice connection. As packet switching technologies continue to erode traditional circuit switching applications, some methodology or protocol must be developed that can support these traditional requirements over a packet-based infrastructure. We propose the use of a modified overlay tunneling network and associated routing protocols called the fault tolerant overlay protocol (FTOP) network. This network is entirely logical; the supporting routing protocol may be greatly simplified due to the overlays's ability to appear fully connected. Therefore, ensuring confidentiality and availability are much simpler using traditional cryptographic isolation and VPN technologies. Empirical results show for substrate networks, convergence time may be as high as six to ten minutes. However, the FTOP overlay network has been shown to converge in a fraction of a second, yielding an observed two order of magnitude convergence time improvement. This unique ability enhances availability of critical network services allowing operation in the face of substrate network disruption caused by malicious attack or other failure","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117065043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652078
L. Rogers
Today's professional system and network administrators are increasingly challenged to make computer and network security a greater part of their overflowing set of daily activities. In response to this trend, the Software Engineering Institute (SEI1), specifically the CERTreg Program2, has designed a three-course curriculum in survivability and information assurance (SIA)
{"title":"The CERT Survivability and Information Assurance Curriculum: Building Enterprise Networks on a Firm Educational Foundation","authors":"L. Rogers","doi":"10.1109/IAW.2006.1652078","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652078","url":null,"abstract":"Today's professional system and network administrators are increasingly challenged to make computer and network security a greater part of their overflowing set of daily activities. In response to this trend, the Software Engineering Institute (SEI1), specifically the CERTreg Program2, has designed a three-course curriculum in survivability and information assurance (SIA)","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124284608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652086
J. Slay, B. Turnbull
Whilst 802.11a/b/g wireless security is well documented by academic literature, there is little work discussing the forensic issues associated with the technology. This paper aims to discuss how 802.11-based wireless technologies may be misused compared with current electronic evidence collection and analysis techniques. The lack of procedural guides in the identification of wireless networks is noted, and the need for a technological solution in the evidence collection process of potential electronic evidence
{"title":"The Need for a Technical Approach to Digital Forensic Evidence Collection for Wireless Technologies","authors":"J. Slay, B. Turnbull","doi":"10.1109/IAW.2006.1652086","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652086","url":null,"abstract":"Whilst 802.11a/b/g wireless security is well documented by academic literature, there is little work discussing the forensic issues associated with the technology. This paper aims to discuss how 802.11-based wireless technologies may be misused compared with current electronic evidence collection and analysis techniques. The lack of procedural guides in the identification of wireless networks is noted, and the need for a technological solution in the evidence collection process of potential electronic evidence","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124095224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652091
Anders Wiehe, Erik Hjelmås, S. Wolthusen
While dynamic content-based filtering mechanisms for the identification of unsolicited commercial email (UCE, or more commonly "spam") have proven to be effective, these techniques require considerable computational resources. It is therefore highly desirable to reduce the number of emails that must be subjected to a content-based analysis. In this paper, a number of efficient techniques based on lower protocol level properties are analyzed using a large real-world data set. We show that combinations of several network-based filters can provide a computationally efficient pre-filtering mechanism at acceptable false-positive rates
{"title":"Quantitative Analysis of Efficient Antispam Techniques","authors":"Anders Wiehe, Erik Hjelmås, S. Wolthusen","doi":"10.1109/IAW.2006.1652091","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652091","url":null,"abstract":"While dynamic content-based filtering mechanisms for the identification of unsolicited commercial email (UCE, or more commonly \"spam\") have proven to be effective, these techniques require considerable computational resources. It is therefore highly desirable to reduce the number of emails that must be subjected to a content-based analysis. In this paper, a number of efficient techniques based on lower protocol level properties are analyzed using a large real-world data set. We show that combinations of several network-based filters can provide a computationally efficient pre-filtering mechanism at acceptable false-positive rates","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132514195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652100
M. Dornseif, F. Freiling, N. Gedicke, Thorsten Holz
Honeynets are a valuable source of data about techniques, tactics and motives of attackers in the Internet, but up to now they have been notoriously difficult to set up and maintain. This work describes the development and implementation of an easy to use, freely distributable, bootable solution on DVD for deploying honeynets. The system is based on a live Linux distribution and can be set up without installing anything on a local hard drive. It sets up a group of virtually emulated honeypots and links them together in a virtual network. Moreover, a honeywall is added to protect the honeypots. The whole honeynet is configured and maintained via a centralised controller software on the DVD which allows an easy configuration and automates all necessary procedures in the virtual network
{"title":"Design and Implementation of the Honey-DVD","authors":"M. Dornseif, F. Freiling, N. Gedicke, Thorsten Holz","doi":"10.1109/IAW.2006.1652100","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652100","url":null,"abstract":"Honeynets are a valuable source of data about techniques, tactics and motives of attackers in the Internet, but up to now they have been notoriously difficult to set up and maintain. This work describes the development and implementation of an easy to use, freely distributable, bootable solution on DVD for deploying honeynets. The system is based on a live Linux distribution and can be set up without installing anything on a local hard drive. It sets up a group of virtually emulated honeypots and links them together in a virtual network. Moreover, a honeywall is added to protect the honeypots. The whole honeynet is configured and maintained via a centralised controller software on the DVD which allows an easy configuration and automates all necessary procedures in the virtual network","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128748307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652114
Zhiqiang Lin, Bing Mao, Li Xie
This paper presents a practical tool, LibsafeXP, to protect the software against the most common and severe attack, buffer overflows. As a dynamic shared library and an extension to Libsafe and LibsafePlus, LibsafeXP contains wrapper functions for all the buffer related functions in C standard library. These wrapper functions are enforced to check the source and target buffer's size using the following information: global buffer knowledge extracted from the program symbol information, heap buffer knowledge by intercepting memory allocation family functions, and stack buffer bound information by dynamically determined from the frame pointer. Compared with other approaches, LibsafeXP is more transparent to programs: it works on binary mode, and neither requires the source code nor any debugging information. The performance and effectiveness evaluation indicates LibsafeXP could be used to defend against buffer overflow attacks and impose about 10 percent overhead on the protected software
{"title":"LibsafeXP: A Practical and Transparent Tool for Run-time Buffer Overflow Preventions","authors":"Zhiqiang Lin, Bing Mao, Li Xie","doi":"10.1109/IAW.2006.1652114","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652114","url":null,"abstract":"This paper presents a practical tool, LibsafeXP, to protect the software against the most common and severe attack, buffer overflows. As a dynamic shared library and an extension to Libsafe and LibsafePlus, LibsafeXP contains wrapper functions for all the buffer related functions in C standard library. These wrapper functions are enforced to check the source and target buffer's size using the following information: global buffer knowledge extracted from the program symbol information, heap buffer knowledge by intercepting memory allocation family functions, and stack buffer bound information by dynamically determined from the frame pointer. Compared with other approaches, LibsafeXP is more transparent to programs: it works on binary mode, and neither requires the source code nor any debugging information. The performance and effectiveness evaluation indicates LibsafeXP could be used to defend against buffer overflow attacks and impose about 10 percent overhead on the protected software","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131515504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652104
E. Le Malécot, M. Kohara, Y. Hori, K. Sakurai
The security of computer networks has become a priority during the past few years. More and more organizations heavily depend on services that are provided by computer networks and this trend is certainly going to rise in the near future. At the same time, malicious attacks against such systems are also increasing in number and variety. System administrators can try to prevent these attacks with the use of firewalls for instance. However, these precautions are not always enough and so they also need to monitor the network traffic in order to detect anomalies and intrusions. Usually, system administrators use automated systems to process network traffic logs and to analyze them. This processing is based on learning techniques, signature databases or statistical analysis. Another approach is to use visualization techniques to display these logs and to favor user interaction with the data. This paper presents a visualization design based on interactive grids representing the network space. The network traffic is then displayed on these grids. We also introduce a prototype of this design that has been implemented to test its validity
{"title":"Grid Based Network Address Space Browsing for Network Traffic Visualization","authors":"E. Le Malécot, M. Kohara, Y. Hori, K. Sakurai","doi":"10.1109/IAW.2006.1652104","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652104","url":null,"abstract":"The security of computer networks has become a priority during the past few years. More and more organizations heavily depend on services that are provided by computer networks and this trend is certainly going to rise in the near future. At the same time, malicious attacks against such systems are also increasing in number and variety. System administrators can try to prevent these attacks with the use of firewalls for instance. However, these precautions are not always enough and so they also need to monitor the network traffic in order to detect anomalies and intrusions. Usually, system administrators use automated systems to process network traffic logs and to analyze them. This processing is based on learning techniques, signature databases or statistical analysis. Another approach is to use visualization techniques to display these logs and to favor user interaction with the data. This paper presents a visualization design based on interactive grids representing the network space. The network traffic is then displayed on these grids. We also introduce a prototype of this design that has been implemented to test its validity","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131780226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: