An attack signature model to computer security intrusion detection

Internal and external computer network attacks or security threats occur according to standards and follow a set of subsequent steps, allowing to establish profiles or patterns. This well-known behavior is the basis of signature analysis intrusion detection systems. This work presents a new attack signature model to be applied on network-based intrusion detection systems engines. The AISF (ACME! Intrusion Signature Format) model is built upon XML technology and works on intrusion signatures handling and analysis, from storage to manipulation. Using this new model, the process of storing and analyzing information about intrusion signatures for further use by an IDS become a less difficult and standardized process.

The application of distributed virtual machines for enterprise computer management: A two-tier network file system for image provisioning and management

In order to simplify computer management, several system administrators are adopting advanced techniques to manage software configuration of enterprise computer networks, but the tight coupling between hardware and software makes every PC an individual managed entity, lowering the scalability and increasing the costs to manage hundreds or thousands of PCs. Virtualization is an established technology, however its use is been more focused on server consolidation and virtual desktop infrastructure, not for managing distributed computers over a network. This paper discusses the feasibility of the Distributed Virtual Machine Environment, a new approach for enterprise computer management that combines virtualization and distributed system architecture as the basis of the management architecture. © 2008 IEEE.

Statistical model applied to NetFlow for network intrusion detection

The computers and network services became presence guaranteed in several places. These characteristics resulted in the growth of illicit events and therefore the computers and networks security has become an essential point in any computing environment. Many methodologies were created to identify these events; however, with increasing of users and services on the Internet, many difficulties are found in trying to monitor a large network environment. This paper proposes a methodology for events detection in large-scale networks. The proposal approaches the anomaly detection using the NetFlow protocol, statistical methods and monitoring the environment in a best time for the application. © 2010 Springer-Verlag Berlin Heidelberg.

Market-driven security-constrained transmission network expansion planning

This paper presents a Bi-level Programming (BP) approach to solve the Transmission Network Expansion Planning (TNEP) problem. The proposed model is envisaged under a market environment and considers security constraints. The upper-level of the BP problem corresponds to the transmission planner which procures the minimization of the total investment and load shedding cost. This upper-level problem is constrained by a single lower-level optimization problem which models a market clearing mechanism that includes security constraints. Results on the Garver's 6-bus and IEEE 24-bus RTS test systems are presented and discussed. Finally, some conclusions are drawn. © 2011 IEEE.

Performance evaluation of the fuzzy ARTMAP for network intrusion detection

Recently, considerable research work have been conducted towards finding fast and accurate pattern classifiers for training Intrusion Detection Systems (IDSs). This paper proposes using the so called Fuzzy ARTMAT classifier to detect intrusions in computer network. Our investigation shows, through simulations, how efficient such a classifier can be when used as the learning mechanism of a typical IDS. The promising evaluation results in terms of both detection accuracy and training duration indicate that the Fuzzy ARTMAP is indeed viable for this sort of application.

A malware detection system inspired on the human immune system

Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.

Análise de eventos de segurança em redes de computadores utilizando detecção de novidade

Pós-graduação em Ciência da Computação - IBILCE

Detecção de eventos de segurança de redes por intermédio de técnicas estatísticas e associativas aplicadas a fluxos de dados

Pós-graduação em Ciência da Computação - IBILCE

Proposta e modelagem de comunicação segura para redes veiculares (VANETS)

Pós-graduação em Ciência da Computação - IBILCE

XSOFT: estudo de reconhecimento, exploração e prevenção de vulnerabilidades de software através de uma distribuição LINUX

This work aims to give greater visibility to the issue of software security, due to people talk a lot in security conferences, that much of both IT (Information Technology) staff and, more specifically, IS (Information Security) staff does not know this, and, thanks to the spread of the mobile computing and of the cloud computing, this lack of deeper knowledge on this subject is increasingly becoming worrisome. It aims too, make applications to be developed in a security manner, priorizing the security of the information processed. It attempts to demonstrate the secure coding techniques, the principles of software security, the means to identify software vulnerabilities, the cutting-edge software exploitation techniques and the mechanisms of mitigation. Nowadays, the security guys are in charge of the most of the security tests in applications, audits and pentests, and it is undeniable that the so-called security experts, most often come from computer network field, having few experience in software development and programming. Therefore, the development process does not consider the security issue, thanks to the lack of knowledge on the subject by the developer, and the security tests could be improved whether security experts had a greater know-how on application development. Given this problem, the goal here is to integrate information security with software development, spreading out the process of secure software development. To achieve this, a Linux distribution with proof of concept applicati... (Complete abstract click electronic access below)

An approach to mitigate denial of service attacks in ieee 802.11 networks

Wireless networks are widely deployed and have many uses, for example in critical embedded systems. The applications of this kind of network meets the common needs of most embedded systems and addressing the particularities of each scenario, such as limitations of computing resources and energy supply. Problems such as denial of service attacks are common place and cause great inconvenience. Thus, this study presents simulations of denial of service attacks on 802.11 wireless networks using the network simulator OMNeT++. Furthermore, we present an approach to mitigate such attack, obtaining significant results for improving wireless networks.

Segurança em redes sem fio: estudo sobre o desenvolvimento de conjuntos de dados para comparação de IDS

Pós-graduação em Engenharia Elétrica - FEIS

Sistema de ensino à distância sobre toxinologia: implantando um novo paradigma

The author suggests a long-distance teaching on toxinology using the following media: conventional printed book, scientific electronic journal, video library and the Internet. These new media are discussed as new alternatives for long-distance learning without the teacher.

Modelo AC para el despacho combinado de contratos bilaterales y bolsa de energía considerando restricciones de seguridad

Reliability is a key aspect in power system design and planning. Maintaining a reliable power system is a very important issue for their design and operation. Under the new competitive framework of the electricity sector, power systems find ever more and more strained to operate near their limits. Under this new scenario, it is crucial for the system operator to use tools that facilitate an energy dispatch that minimizes possible power cuts. This paper presents a mathematical model to calculate an energy dispatch that considers security constraints (single contingencies in transmission lines and transformers). The model involves pool markets and fixed bilateral contracts. Traditional methodologies that include security constraints are usually based in multistage dispatch processes. In this case, we propose a single-stage model that avoids the economic inefficiencies which result when conventional multi-stage dispatch approaches are applied. The proposed model includes an AC representation of the transport system and allows calculating the cost overruns incurred in due to reliability restrictions. We found that complying with fixed bilateral contracts, when they go above certain levels, might lead to congestion problems in transmission lines.

Environment for teaching and development of mobile robot systems

Using robots for teaching is one approach that has gathered good results on Middle-School, High-School and Universities. Robotics gives chance to experiment concepts of a broad range of disciplines, principally those from Engineering courses and Computer Science. However, there are not many kits that enables the use of robotics in classroom. This article describes the methodologies to implement tools which serves as test beds for the use of robotics to teach Computer Science and Engineering. Therefore, it proposes the development of a flexible, low cost hardware to integrate sensors and control actuators commonly found on mobile robots, the development of a mobile robot device whose sensors and actuators allows the experimentation of different concepts, and an environment for the implementation of control algorithms through a computer network. This paper describes each one of these tools and discusses the implementation issues and future works. © 2010 IEEE.