Network hardening answers the following critical question in defending against multi-step intrusions: Which vulnerabilities must be removed in order to prevent any attacker from reaching the given goal conditions. Existing approaches usually derive a logic proposition to represent the negation of the goal conditions in terms of initially satisfied conditions. In the disjunctive normal form (DNF) of the logic proposition, each disjunction then provides a viable solution to network hardening. However, such solutions suffer from an exponential time complexity. In this work, we study heuristic methods for solving this important problem with a reasonable complexity. We evaluate our proposed solution through comprehensive experiments. The results show that our solution can achieve comparable costs of network hardening in much less time than the optimal solution.
{"title":"A Heuristic Approach to Minimum-Cost Network Hardening Using Attack Graph","authors":"T. Islam, Lingyu Wang","doi":"10.1109/NTMS.2008.ECP.9","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.9","url":null,"abstract":"Network hardening answers the following critical question in defending against multi-step intrusions: Which vulnerabilities must be removed in order to prevent any attacker from reaching the given goal conditions. Existing approaches usually derive a logic proposition to represent the negation of the goal conditions in terms of initially satisfied conditions. In the disjunctive normal form (DNF) of the logic proposition, each disjunction then provides a viable solution to network hardening. However, such solutions suffer from an exponential time complexity. In this work, we study heuristic methods for solving this important problem with a reasonable complexity. We evaluate our proposed solution through comprehensive experiments. The results show that our solution can achieve comparable costs of network hardening in much less time than the optimal solution.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116440590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.79
Mahmoud Hussein, A. El-Sisi, N. Ismail
Privacy and security issues in data mining become an important property in any data mining system. A considerable research has focused on developing new data mining algorithms that incorporate privacy constraints. In this paper, we focus on privately mining association rules in vertically partitioned data where the problem has been reduced to privately computing Boolean scalar products. We propose a modification of steganography-based multiparty protocols for this problem. The proposed modification fine tune the performance to be faster in case of very large database, with acceptable level of reduction in privacy.
{"title":"Performance Tuning of Steganography Algorithm for Privacy Preserving Association Rule Mining in Heterogeneous Data Base","authors":"Mahmoud Hussein, A. El-Sisi, N. Ismail","doi":"10.1109/NTMS.2008.ECP.79","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.79","url":null,"abstract":"Privacy and security issues in data mining become an important property in any data mining system. A considerable research has focused on developing new data mining algorithms that incorporate privacy constraints. In this paper, we focus on privately mining association rules in vertically partitioned data where the problem has been reduced to privately computing Boolean scalar products. We propose a modification of steganography-based multiparty protocols for this problem. The proposed modification fine tune the performance to be faster in case of very large database, with acceptable level of reduction in privacy.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130146599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.63
C. Joumaa, A. Caminada, S. Lamrous
Mobility is a major feature in mobile networks. The aim of this study is to analyze its impact on the power control procedure in UMTS network through several power control mechanisms. Mobiles motion is simulated using the Mask Based Mobility Model, an emerging mobility model based on Markov chains. After presenting the power control procedure and algorithms in UMTS, a description of the simulation environment, scenarios and results will be given.
移动性是移动网络的一个主要特征。本研究的目的是通过几种功率控制机制来分析其对UMTS网络中功率控制过程的影响。利用基于马尔可夫链的新兴移动模型Mask Based Mobility Model来模拟移动设备的运动。在介绍了UMTS中的功率控制程序和算法之后,将给出仿真环境、场景和结果的描述。
{"title":"Mobility Simulation for the Evaluation of UMTS Power Control Algorithms","authors":"C. Joumaa, A. Caminada, S. Lamrous","doi":"10.1109/NTMS.2008.ECP.63","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.63","url":null,"abstract":"Mobility is a major feature in mobile networks. The aim of this study is to analyze its impact on the power control procedure in UMTS network through several power control mechanisms. Mobiles motion is simulated using the Mask Based Mobility Model, an emerging mobility model based on Markov chains. After presenting the power control procedure and algorithms in UMTS, a description of the simulation environment, scenarios and results will be given.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131039285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.10
Aurélien Jacquot, J. Chanet, K. Hou, Xunming Diao, Jianjin Li
The Wireless Sensor Networks (WSN), with their constant evolution, need more and more practical and effective WSN Management Tools (WMT) for large-scale deployment. Due to the resource constraints of wireless sensor node, it is impossible to implement the full classical SNMP standard in WSN applications. Therefore, it is important to develop new WMT providing a subset of functionalities of SNMP standard dedicated to WSN by taking into account the resource constraints of wireless sensor node. In this paper, we propose a new WMT named LiveNCM: LiveNode Non-invasive Context-aware, and modular Management. LiveNCM is based on a configurable modular architecture enables to fit to an application and to provide traditional administration functionalities similar to the SNMP ones. In addition, LiveNCM introduces the concept of noninvasive context-aware to diagnose the wireless sensor node state to reduce the network traffic then the energy consumption. This reduction is obtained by estimating some data with linear models like polygonal ones or interpreting data message exchanges. To validate the proposed concept, the LiveNode platform is used to implement and test energy consumption with LiveNCM protocol.
{"title":"A New Approach for Wireless Sensor Network Management: LiveNCM","authors":"Aurélien Jacquot, J. Chanet, K. Hou, Xunming Diao, Jianjin Li","doi":"10.1109/NTMS.2008.ECP.10","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.10","url":null,"abstract":"The Wireless Sensor Networks (WSN), with their constant evolution, need more and more practical and effective WSN Management Tools (WMT) for large-scale deployment. Due to the resource constraints of wireless sensor node, it is impossible to implement the full classical SNMP standard in WSN applications. Therefore, it is important to develop new WMT providing a subset of functionalities of SNMP standard dedicated to WSN by taking into account the resource constraints of wireless sensor node. In this paper, we propose a new WMT named LiveNCM: LiveNode Non-invasive Context-aware, and modular Management. LiveNCM is based on a configurable modular architecture enables to fit to an application and to provide traditional administration functionalities similar to the SNMP ones. In addition, LiveNCM introduces the concept of noninvasive context-aware to diagnose the wireless sensor node state to reduce the network traffic then the energy consumption. This reduction is obtained by estimating some data with linear models like polygonal ones or interpreting data message exchanges. To validate the proposed concept, the LiveNode platform is used to implement and test energy consumption with LiveNCM protocol.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115142693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.98
Clara Bertolissi, M. Fernández
We propose an access control model that extends RBAC (role-based access control) to take time and location into account, and use term rewriting systems to specify access control policies in this model. We discuss implementation techniques for rewrite-based policy specifications, and the integration of these policies in Web applications. The declarative nature of the model facilitates the analysis of policies and the evaluation of access requests: we present two case-studies.
{"title":"Time and Location Based Services with Access Control","authors":"Clara Bertolissi, M. Fernández","doi":"10.1109/NTMS.2008.ECP.98","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.98","url":null,"abstract":"We propose an access control model that extends RBAC (role-based access control) to take time and location into account, and use term rewriting systems to specify access control policies in this model. We discuss implementation techniques for rewrite-based policy specifications, and the integration of these policies in Web applications. The declarative nature of the model facilitates the analysis of policies and the evaluation of access requests: we present two case-studies.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114362531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.54
Alexandre Schulter, Kleber Vieira, Carlos Becker Westphall, C. Westphall, A. Sekkaki
Current intrusion detection technology is limited in providing protection against the intrusions that may violate the security of computational grids. We present the problem of grid intrusion detection, describe the requirements of a system to detect them, propose a grid intrusion detection method, and show how it overcomes the limitations by integrating the detection of the typical host computer and network attacks with the detection of grid-specific attacks and user behavior anomalies. This integration is evaluated with a case study that makes use of simulations and a prototype implementation.
{"title":"Intrusion Detection for Computational Grids","authors":"Alexandre Schulter, Kleber Vieira, Carlos Becker Westphall, C. Westphall, A. Sekkaki","doi":"10.1109/NTMS.2008.ECP.54","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.54","url":null,"abstract":"Current intrusion detection technology is limited in providing protection against the intrusions that may violate the security of computational grids. We present the problem of grid intrusion detection, describe the requirements of a system to detect them, propose a grid intrusion detection method, and show how it overcomes the limitations by integrating the detection of the typical host computer and network attacks with the detection of grid-specific attacks and user behavior anomalies. This integration is evaluated with a case study that makes use of simulations and a prototype implementation.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126562356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.43
S. Yerima, K. Al-Begain
High speed downlink packet access (HSDPA) was introduced to UMTS radio access segment to provide higher capacity for new packet switched services. As a result, packet switched sessions with multiple diverse traffic flows such as concurrent voice and data, or video and data being transmitted to the same user are a likely commonplace cellular packet data scenario. In HSDPA, radio access network (RAN) buffer management schemes are essential to support the end-to-end QoS of such sessions. Hence in this paper we present the end-to-end performance study of a proposed RAN buffer management scheme for multi-flow sessions via dynamic system-level HSDPA simulations. The scheme is an enhancement of a time-space priority (TSP) queuing strategy applied to the node B MAC-hs buffer allocated to an end user with concurrent real-time (RT) and non-real-time (NRT) flows during a multi-flow session. The experimental multi- flow scenario is a packet voice call with concurrent TCP-based file download to the same user. Results show that with the proposed enhancements to the TSP-based RAN buffer management, end-to-end QoS performance gains accrue to the NRT flow without compromising RT flow QoS of the same end user session.
{"title":"End-to-End QoS Improvement of HSDPA End-User Multi-Flow Traffic Using RAN Buffer Management","authors":"S. Yerima, K. Al-Begain","doi":"10.1109/NTMS.2008.ECP.43","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.43","url":null,"abstract":"High speed downlink packet access (HSDPA) was introduced to UMTS radio access segment to provide higher capacity for new packet switched services. As a result, packet switched sessions with multiple diverse traffic flows such as concurrent voice and data, or video and data being transmitted to the same user are a likely commonplace cellular packet data scenario. In HSDPA, radio access network (RAN) buffer management schemes are essential to support the end-to-end QoS of such sessions. Hence in this paper we present the end-to-end performance study of a proposed RAN buffer management scheme for multi-flow sessions via dynamic system-level HSDPA simulations. The scheme is an enhancement of a time-space priority (TSP) queuing strategy applied to the node B MAC-hs buffer allocated to an end user with concurrent real-time (RT) and non-real-time (NRT) flows during a multi-flow session. The experimental multi- flow scenario is a packet voice call with concurrent TCP-based file download to the same user. Results show that with the proposed enhancements to the TSP-based RAN buffer management, end-to-end QoS performance gains accrue to the NRT flow without compromising RT flow QoS of the same end user session.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132718817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.39
A. Grzech, M. Kazmierski
The aim of the contribution is to present an attempt to utilize some data about network topology and performance to increase capabilities of intrusion detection system. Some simple example presents an approach to design topology (location and the needed number of intrusion detection devices) which allows efficiently detecting intrusions and limiting the overall overhead caused by intrusion detection devices performance.
{"title":"Distributed Intrusion Detection Systems of Computer Communication Networks","authors":"A. Grzech, M. Kazmierski","doi":"10.1109/NTMS.2008.ECP.39","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.39","url":null,"abstract":"The aim of the contribution is to present an attempt to utilize some data about network topology and performance to increase capabilities of intrusion detection system. Some simple example presents an approach to design topology (location and the needed number of intrusion detection devices) which allows efficiently detecting intrusions and limiting the overall overhead caused by intrusion detection devices performance.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134523677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.84
Amir M. Jafari, A. Sklorz, W. Lang
Implementation of wireless sensors for process automation applications is a progressing step in wireless sensor network applications. Establishing autonomous network is considered as an achievement of such implementation. Autonomous wireless sensor/actuator networks require target- oriented routing algorithm. In the first section the perception of autonomous network is explained and expected features from routing algorithm are clarified. In the second section, development, functionality and properties of Sequential Coordinate Routing Algorithm (SCAR) are explained. Besides the target-oriented property as a main feature of the SCAR, based on the mathematical claim and its proof, it is shown how the minimum energy consumption is taken into consideration. By realizing the core of the routing algorithm, it is presented that the void problem does not exist and it is easy to compute. Therefore, it is not a complex algorithm.
{"title":"SCAR: Sequential Coordinate Routing Algorithm for Autonomous Wireless Sensor Network","authors":"Amir M. Jafari, A. Sklorz, W. Lang","doi":"10.1109/NTMS.2008.ECP.84","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.84","url":null,"abstract":"Implementation of wireless sensors for process automation applications is a progressing step in wireless sensor network applications. Establishing autonomous network is considered as an achievement of such implementation. Autonomous wireless sensor/actuator networks require target- oriented routing algorithm. In the first section the perception of autonomous network is explained and expected features from routing algorithm are clarified. In the second section, development, functionality and properties of Sequential Coordinate Routing Algorithm (SCAR) are explained. Besides the target-oriented property as a main feature of the SCAR, based on the mathematical claim and its proof, it is shown how the minimum energy consumption is taken into consideration. By realizing the core of the routing algorithm, it is presented that the void problem does not exist and it is easy to compute. Therefore, it is not a complex algorithm.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134296168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-25DOI: 10.1109/NTMS.2008.ECP.91
H. Oumina, D. Ranc
Determine the right price for one application usage is a core function of Rating Module in real time charging. Telecom operators base their tariff plans and promotions for services on this function to implement. Hence, rating plays a very important role to implement flexibility in operators billing and charging platform and to maintain their investments without penalizing customer according to service delivery. In the context of all-IP paradigm with the IP Multimedia System introduction, and the consequent revolution in terms of applications more perceived as multimedia sessions evolving many types of media and many stakeholders at the same time, the concept of rating evolved as well to tackle the challenge of multimedia complex applications and quality of service in packet switched networks. Consequently, the function of rating these applications depends on many service, network and commercial parameters which make an accurate real time charging a complex task. In order to handle this complexity, the present contribution suggests an enhancement of rating parameters in the online charging system of IMS. Also, it defines a modeling of rating function of the online charging system. This modeling aims to define the main blocks of this function and the interaction with network, business information and user information.
{"title":"Specification of Rating Function of Online Charging System in 3GPP IP Multimedia System (IMS) Environment","authors":"H. Oumina, D. Ranc","doi":"10.1109/NTMS.2008.ECP.91","DOIUrl":"https://doi.org/10.1109/NTMS.2008.ECP.91","url":null,"abstract":"Determine the right price for one application usage is a core function of Rating Module in real time charging. Telecom operators base their tariff plans and promotions for services on this function to implement. Hence, rating plays a very important role to implement flexibility in operators billing and charging platform and to maintain their investments without penalizing customer according to service delivery. In the context of all-IP paradigm with the IP Multimedia System introduction, and the consequent revolution in terms of applications more perceived as multimedia sessions evolving many types of media and many stakeholders at the same time, the concept of rating evolved as well to tackle the challenge of multimedia complex applications and quality of service in packet switched networks. Consequently, the function of rating these applications depends on many service, network and commercial parameters which make an accurate real time charging a complex task. In order to handle this complexity, the present contribution suggests an enhancement of rating parameters in the online charging system of IMS. Also, it defines a modeling of rating function of the online charging system. This modeling aims to define the main blocks of this function and the interaction with network, business information and user information.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131434399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: