This paper focuses on techniques to detect anomalous behavior in system call sequences. Since profiling complex sequential data is still an open problem in anomaly detection, there is a need to explore new approaches. While previous research has used Hidden Markov Models (HMMs) for anomaly-based intrusion detection, the proposed models tend to increase rapidly in complexity in order to increase the detection rate while reducing the false detections. In this paper, we propose a multi-HMMapproach applied for anomaly detection in clustered system call sequences. We run our experiments using the well-known system call data set provided by the University of New Mexico (UNM). Our process trace clustering approach using HMMs for system call anomaly detection provides accurate results and reduces the complexity required to detect anomalies. In this paper, we show how system call traces processed with our HMM method can provide a path forward to improved intrusion detection techniques.
{"title":"System Call Anomaly Detection Using Multi-HMMs","authors":"E. Yolacan, Jennifer G. Dy, D. Kaeli","doi":"10.1109/SERE-C.2014.19","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.19","url":null,"abstract":"This paper focuses on techniques to detect anomalous behavior in system call sequences. Since profiling complex sequential data is still an open problem in anomaly detection, there is a need to explore new approaches. While previous research has used Hidden Markov Models (HMMs) for anomaly-based intrusion detection, the proposed models tend to increase rapidly in complexity in order to increase the detection rate while reducing the false detections. In this paper, we propose a multi-HMMapproach applied for anomaly detection in clustered system call sequences. We run our experiments using the well-known system call data set provided by the University of New Mexico (UNM). Our process trace clustering approach using HMMs for system call anomaly detection provides accurate results and reduces the complexity required to detect anomalies. In this paper, we show how system call traces processed with our HMM method can provide a path forward to improved intrusion detection techniques.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124966388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rapid progress in technology have also increased the demand of networked systems. Due to the significance of information that travels through these systems, security issues in wired and wireless networks have become a prime concern. Mobile Ad hoc Networks (MANET) is a promising technology that provides robust and convenient networking options in a number of situations. However, MANETs are more vulnerable to security threats due to their dynamic and undefined organization structure. This paper presents a detailed review analysis of the security requirements of MANETs. The focus of this research is the network layer security problems in MANETs. The study was carried out for network layer attacks and Ad-hoc On Demand Distance Vector (AODV) routing protocol and some of its variants that provide security solutions to network layer attacks in MANETs.
{"title":"A Survey on Network Layer Attacks and AODV Defense in Mobile Ad Hoc Networks","authors":"Amna Saeed, Asad Raza, Haider Abbas","doi":"10.1109/SERE-C.2014.37","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.37","url":null,"abstract":"Rapid progress in technology have also increased the demand of networked systems. Due to the significance of information that travels through these systems, security issues in wired and wireless networks have become a prime concern. Mobile Ad hoc Networks (MANET) is a promising technology that provides robust and convenient networking options in a number of situations. However, MANETs are more vulnerable to security threats due to their dynamic and undefined organization structure. This paper presents a detailed review analysis of the security requirements of MANETs. The focus of this research is the network layer security problems in MANETs. The study was carried out for network layer attacks and Ad-hoc On Demand Distance Vector (AODV) routing protocol and some of its variants that provide security solutions to network layer attacks in MANETs.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122826515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Benbin Chen, Lin Li, Yiyang Li, Hongyin Luo, Donghui Guo
Because the spatial and temporal locality of program codes, compiler could use heuristics and profile guided prediction to relocate the output of program codes to reduce the cache confliction. In this paper, for improving the average accessing time of memory subsystem by raising the cache hit rate, hybrid compiler assisted prediction and relocation techniques are proposed. Different with the traditional scheme that provide the fixed heuristics predication for various kinds of programs, the more elaborate scheme with command line direction and the markov based heuristics algorithm with different parameters is adopted for program prediction in this paper. As a result, the sequential instructions layout based on the executing probability and frequency ensures the benefit to cache hit rate and the fetch unit of processor, meanwhile in favour of the system reliability.
{"title":"Compiler Assisted Instruction Relocation for Performance Improvement of Cache Hit Rate and System Reliability","authors":"Benbin Chen, Lin Li, Yiyang Li, Hongyin Luo, Donghui Guo","doi":"10.1109/SERE-C.2014.46","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.46","url":null,"abstract":"Because the spatial and temporal locality of program codes, compiler could use heuristics and profile guided prediction to relocate the output of program codes to reduce the cache confliction. In this paper, for improving the average accessing time of memory subsystem by raising the cache hit rate, hybrid compiler assisted prediction and relocation techniques are proposed. Different with the traditional scheme that provide the fixed heuristics predication for various kinds of programs, the more elaborate scheme with command line direction and the markov based heuristics algorithm with different parameters is adopted for program prediction in this paper. As a result, the sequential instructions layout based on the executing probability and frequency ensures the benefit to cache hit rate and the fetch unit of processor, meanwhile in favour of the system reliability.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128887001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pair programming is a programming technique in which pair of people doing programming on a single machine. The programming pair consists of a driver and a navigator or observer. The driver addresses the operational issues; i.e., responsible for implementing the current module in hand. The navigator addresses the strategic issues; i.e., keeps in mind the strategic direction the code must take. Pair programming is a dynamic process and pairing aids the rapid dispersal of system knowledge through the team while developing it. Since most of the pair programming experiments were not conducted as described in extreme programming and the empirical evidence of pair programming is mixed we were not got the true picture about the impact created by pair programming on software development. In this paper, we evaluated the dynamic pair programming methodology with static pair programming and traditional individual programming. The empirical evidence shows that static pair programming is the most expensive and slower technology than dynamic pair programming and individual programming technologies. It also indicates that dynamic pair programming is the fastest software development methodology than static pair programming and traditional individual programming methodologies.
{"title":"The Impact of Static and Dynamic Pairs on Pair Programming","authors":"Rajendran Swamidurai, D. Umphress","doi":"10.1109/SERE-C.2014.52","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.52","url":null,"abstract":"Pair programming is a programming technique in which pair of people doing programming on a single machine. The programming pair consists of a driver and a navigator or observer. The driver addresses the operational issues; i.e., responsible for implementing the current module in hand. The navigator addresses the strategic issues; i.e., keeps in mind the strategic direction the code must take. Pair programming is a dynamic process and pairing aids the rapid dispersal of system knowledge through the team while developing it. Since most of the pair programming experiments were not conducted as described in extreme programming and the empirical evidence of pair programming is mixed we were not got the true picture about the impact created by pair programming on software development. In this paper, we evaluated the dynamic pair programming methodology with static pair programming and traditional individual programming. The empirical evidence shows that static pair programming is the most expensive and slower technology than dynamic pair programming and individual programming technologies. It also indicates that dynamic pair programming is the fastest software development methodology than static pair programming and traditional individual programming methodologies.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131476432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
FMECA (Failure Modes, Effects and Criticality Analysis) is an effective systematic process to evaluate software safety. In this paper, the safety model of embedded systems is built by integrating the AADL (Architecture Analysis and Design Language) model with extension of Error Model Annex, and the FMECA is adopted as a qualitative safety analysis for AADL (Architecture Analysis and Design Language) model of embedded system based on AADL safety model. The traditional FMECA method is improved to be suitable for AADL model evaluation, and some safety properties are added into AADL error model annex in order to fill in FMECA check list automatically at AADL modeling design phase. On using the OVP (Over Voltage Protection) system, a case study is demonstrated the feasibility of modified FMECA for AADL model.
FMECA (Failure Modes, Effects and Criticality Analysis)是一种有效的评价软件安全性的系统方法。本文将AADL (Architecture Analysis and Design Language)模型与误差模型附件的扩展相结合,建立嵌入式系统的安全模型,并在AADL安全模型的基础上,采用FMECA对嵌入式系统的AADL (Architecture Analysis and Design Language)模型进行定性安全分析。对传统的FMECA方法进行了改进,使其更适合AADL模型的评估,并在AADL误差模型附件中加入了一些安全特性,以便在AADL建模设计阶段自动填写FMECA检查表。以过电压保护(OVP)系统为例,验证了修正FMECA对AADL模型的可行性。
{"title":"A Qualitative Safety Analysis Method for AADL Model","authors":"Bin Gu, Yunwei Dong, Xiaomin Wei","doi":"10.1109/SERE-C.2014.41","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.41","url":null,"abstract":"FMECA (Failure Modes, Effects and Criticality Analysis) is an effective systematic process to evaluate software safety. In this paper, the safety model of embedded systems is built by integrating the AADL (Architecture Analysis and Design Language) model with extension of Error Model Annex, and the FMECA is adopted as a qualitative safety analysis for AADL (Architecture Analysis and Design Language) model of embedded system based on AADL safety model. The traditional FMECA method is improved to be suitable for AADL model evaluation, and some safety properties are added into AADL error model annex in order to fill in FMECA check list automatically at AADL modeling design phase. On using the OVP (Over Voltage Protection) system, a case study is demonstrated the feasibility of modified FMECA for AADL model.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130548420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intelligent charging system for electric vehicles is a new application of power grid cyber-physical system which requires higher safety and reliability. During the execution of the system, it will bring a range of safety issues because of the heavy load of charging grid in some disturbance conditions. This paper analyzes the load safety issues and presents a load scheduling strategy based on one prediction that improves the safety of the system by dispatching charging piles based on the predictive load. In addition, the authors designed the architecture of the charging pile management system to achieve scheduling and management. Meanwhile, simulation experiment about prediction and scheduling strategy is done on the basis of the above and its feasibility has been proved.
{"title":"A Load Scheduling Strategy for Electric Vehicles Charging System","authors":"Zheng Wang, Xiao Wu, Hongbin Zhao","doi":"10.1109/SERE-C.2014.42","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.42","url":null,"abstract":"Intelligent charging system for electric vehicles is a new application of power grid cyber-physical system which requires higher safety and reliability. During the execution of the system, it will bring a range of safety issues because of the heavy load of charging grid in some disturbance conditions. This paper analyzes the load safety issues and presents a load scheduling strategy based on one prediction that improves the safety of the system by dispatching charging piles based on the predictive load. In addition, the authors designed the architecture of the charging pile management system to achieve scheduling and management. Meanwhile, simulation experiment about prediction and scheduling strategy is done on the basis of the above and its feasibility has been proved.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122345096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To fully embrace the challenge of securing software, security concerns must be considered at the earliest stages of software development. Studies have shown that this reduces the time, cost and effort required to integrate security features into software during development. In this paper we describe a technique for uncovering potential vulnerabilities through an analysis of software requirements and describe its use using a small, motivating example.
{"title":"Analysing Requirements to Detect Latent Security Vulnerabilities","authors":"Curtis C. R. Busby Earle, R. France, I. Ray","doi":"10.1109/SERE-C.2014.35","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.35","url":null,"abstract":"To fully embrace the challenge of securing software, security concerns must be considered at the earliest stages of software development. Studies have shown that this reduces the time, cost and effort required to integrate security features into software during development. In this paper we describe a technique for uncovering potential vulnerabilities through an analysis of software requirements and describe its use using a small, motivating example.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128816227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the paper, we have proposed a local-world synchronization-preferential growth topology model. The synchronizability of a class of continuous-time local-world dynamical networks is investigated. Then it has been found that the synchronizability of the dynamical network with the local-world synchronization-preferential mechanism is robust against not only the random removal of vertices but also the specific removal of those most connected vertices.
{"title":"Robustness and Fragility of a New Local-World Dynamical Network Model","authors":"Peizhong Liu, Minghang Wang, Ping Li","doi":"10.1109/SERE-C.2014.53","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.53","url":null,"abstract":"In the paper, we have proposed a local-world synchronization-preferential growth topology model. The synchronizability of a class of continuous-time local-world dynamical networks is investigated. Then it has been found that the synchronizability of the dynamical network with the local-world synchronization-preferential mechanism is robust against not only the random removal of vertices but also the specific removal of those most connected vertices.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"222 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122528776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The original goal of regression test refinement is to accommodate program changes to insure that new features are property implemented while existing features are not impacted. We found that regression test refinement was also essential for diagnosis of failed tests. This paper proposed and tried out an incremental diagnosis approach to refine regression tests of monotone systems where we use test output patterns to select the most effective test cases from the regression suite for diagnosis. That is, after detection of failed tests, more test data are generated into the regression suite to pinpoint the exact causes of failures. This refinement of the regression test suite is a training process from failed tests, so that the new regression suite is more likely to detect failures and diagnose the causes.
{"title":"Diagnosis-Guided Regression Test Refinement","authors":"J. J. Li, Patricia Morreale, J. Palframan","doi":"10.1109/SERE-C.2014.23","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.23","url":null,"abstract":"The original goal of regression test refinement is to accommodate program changes to insure that new features are property implemented while existing features are not impacted. We found that regression test refinement was also essential for diagnosis of failed tests. This paper proposed and tried out an incremental diagnosis approach to refine regression tests of monotone systems where we use test output patterns to select the most effective test cases from the regression suite for diagnosis. That is, after detection of failed tests, more test data are generated into the regression suite to pinpoint the exact causes of failures. This refinement of the regression test suite is a training process from failed tests, so that the new regression suite is more likely to detect failures and diagnose the causes.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114095412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Most of the attacks on computer systems are due to the presence of vulnerabilities in software. Recent trends show that number of newly discovered vulnerabilities still continue to be significant. Studies have also shown that the time gap between the vulnerability public disclosure and the release of an automated exploit is getting smaller. Therefore, assessing vulnerabilities exploitability risk is critical as it aids decision-makers prioritize among vulnerabilities, allocate resources, and choose between alternatives. Several methods have recently been proposed in the literature to deal with this challenge. However, these methods are either subjective, requires human involvement in assessing exploitability, or do not scale. In this research, our aim is to first identify vulnerability exploitation risk problem. Then, we introduce a novel vulnerability exploitability metric based on software structure properties viz.: attack entry points, vulnerability location, presence of dangerous system calls, and reachability. Based on our preliminary results, reachability and the presence of dangerous system calls appear to be a good indicator of exploitability. Next, we propose using the suggested metric as feature to construct a model using machine learning techniques for automatically predicting the risk of vulnerability exploitation. To build a vulnerability exploitation model, we propose using Support Vector Machines (SVMs). Once the predictor is built, given unseen vulnerable function and their exploitability features the model can predict whether the given function is exploitable or not.
{"title":"Using Software Structure to Predict Vulnerability Exploitation Potential","authors":"Awad A. Younis, Y. Malaiya","doi":"10.1109/SERE-C.2014.17","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.17","url":null,"abstract":"Most of the attacks on computer systems are due to the presence of vulnerabilities in software. Recent trends show that number of newly discovered vulnerabilities still continue to be significant. Studies have also shown that the time gap between the vulnerability public disclosure and the release of an automated exploit is getting smaller. Therefore, assessing vulnerabilities exploitability risk is critical as it aids decision-makers prioritize among vulnerabilities, allocate resources, and choose between alternatives. Several methods have recently been proposed in the literature to deal with this challenge. However, these methods are either subjective, requires human involvement in assessing exploitability, or do not scale. In this research, our aim is to first identify vulnerability exploitation risk problem. Then, we introduce a novel vulnerability exploitability metric based on software structure properties viz.: attack entry points, vulnerability location, presence of dangerous system calls, and reachability. Based on our preliminary results, reachability and the presence of dangerous system calls appear to be a good indicator of exploitability. Next, we propose using the suggested metric as feature to construct a model using machine learning techniques for automatically predicting the risk of vulnerability exploitation. To build a vulnerability exploitation model, we propose using Support Vector Machines (SVMs). Once the predictor is built, given unseen vulnerable function and their exploitability features the model can predict whether the given function is exploitable or not.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133681937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: