987 resultados para IDS
Resumo:
A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.
Resumo:
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.
Resumo:
Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for the network security simulation platform ( NeSSi 2 ). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware-based attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.
Resumo:
We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.
Resumo:
We propose CIMD (Collaborative Intrusion and Malware Detection), a scheme for the realization of collaborative intrusion detection approaches. We argue that teams, respectively detection groups with a common purpose for intrusion detection and response, improve the measures against malware. CIMD provides a collaboration model, a decentralized group formation and an anonymous communication scheme. Participating agents can convey intrusion detection related objectives and associated interests for collaboration partners. These interests are based on intrusion objectives and associated interests for collaboration partners. These interests are based on intrusion detection related ontology, incorporating network and hardware configurations and detection capabilities. Anonymous Communication provided by CIMD allows communication beyond suspicion, i.e. the adversary can not perform better than guessing an IDS to be the source of a message at random. The evaluation takes place with the help of NeSSi² (www.nessi2.de), the Network Security Simulator, a dedicated environment for analysis of attacks and countermeasures in mid-scale and large-scale networks. A CIMD prototype is being built based on the JIAC agent framework(www.jiac.de).
Resumo:
This paper presents a new framework for distributed intrusion detection based on taint marking. Our system tracks information flows between applications of multiple hosts gathered in groups (i.e., sets of hosts sharing the same distributed information flow policy) by attaching taint labels to system objects such as files, sockets, Inter Process Communication (IPC) abstractions, and memory mappings. Labels are carried over the network by tainting network packets. A distributed information flow policy is defined for each group at the host level by labeling information and defining how users and applications can legally access, alter or transfer information towards other trusted or untrusted hosts. As opposed to existing approaches, where information is most often represented by two security levels (low/high, public/private, etc.), our model identifies each piece of information within a distributed system, and defines their legal interaction in a fine-grained manner. Hosts store and exchange security labels in a peer to peer fashion, and there is no central monitor. Our IDS is implemented in the Linux kernel as a Linux Security Module (LSM) and runs standard software on commodity hardware with no required modification. The only trusted code is our modified operating system kernel. We finally present a scenario of intrusion in a web service running on multiple hosts, and show how our distributed IDS is able to report security violations at each host level.
Resumo:
This paper discusses the idea and demonstrates an early prototype of a novel method of interacting with security surveillance footage using natural user interfaces in place of traditional mouse and keyboard interaction. Current surveillance monitoring stations and systems provide the user with a vast array of video feeds from multiple locations on a video wall, relying on the user’s ability to distinguish locations of the live feeds from experience or list based key-value pair of location and camera IDs. During an incident, this current method of interaction may cause the user to spend increased amounts time obtaining situational and location awareness, which is counter-productive. The system proposed in this paper demonstrates how a multi-touch screen and natural interaction can enable the surveillance monitoring station users to quickly identify the location of a security camera and efficiently respond to an incident.
Resumo:
One of the concerns about the use of Bluetooth MAC Scanner (BMS) data, especially from urban arterial, is the bias in the travel time estimates from multiple Bluetooth devices being transported by a vehicle. For instance, if a bus is transporting 20 passengers with Bluetooth equipped mobile phones, then the discovery of these mobile phones by BMS will be considered as 20 different vehicles, and the average travel time along the corridor estimated from the BMS data will be biased with the travel time from the bus. This paper integrates Bus Vehicle Identification system with BMS network to empirically evaluate such bias, if any. The paper also reports an interesting finding on the uniqueness of MAC IDs.
Resumo:
This paper firstly presents the benefits and critical challenges on the use of Bluetooth and Wi-Fi for crowd data collection and monitoring. The major challenges include antenna characteristics, environment’s complexity and scanning features. Wi-Fi and Bluetooth are compared in this paper in terms of architecture, discovery time, popularity of use and signal strength. Type of antennas used and the environment’s complexity such as trees for outdoor and partitions for indoor spaces highly affect the scanning range. The aforementioned challenges are empirically evaluated by “real” experiments using Bluetooth and Wi-Fi Scanners. The issues related to the antenna characteristics are also highlighted by experimenting with different antenna types. Novel scanning approaches including Overlapped Zones and Single Point Multi-Range detection methods will be then presented and verified by real-world tests. These novel techniques will be applied for location identification of the MAC IDs captured that can extract more information about people movement dynamics.
Resumo:
Description of war years in France and Spain, including experiences in internment camps, life in hiding, etc.; emigration to USA.
Resumo:
Tutkielmassa käsitellään luottamuksenhallintaa web-palveluympäristössä. Dynaaminen toimintaympäristö asettaa vaatimuksia luottamuksenhallintajärjestelmälle, jota käytetään paitsi paikallisten pääsynhallintapäätösten tekemiseen, myös laajemman mittakaavan päätöksenteon tukena, useiden autonomisten toimijoiden muodostamien yhteisöjen hallinnassa. Tutkielma esittelee Trust Based on Evidence -projektissa kehitetyn luottamuksenhallintajärjestelmän tiedollisen ja toiminnallisen mallin, paikallisesta ja yhteisön näkökulmasta. Mallia selkeytetään web-palveluympäristöön sijoittuvan esimerkin avulla. Luottamuksen käsitteen rakentamiseksi esitellään myös eri osa-alueille sijoittuvia luottamuksen malleja ja luottamusta käyttäviä järjestelmiä. Avoimessa verkkoympäristössä palveluntarjoaja joutuu tasapainottelemaan kahden osin vastakkaisen tavoitteen välillä: toisaalta järjestelmän tulisi olla mahdollisimman avoin, jotta se houkuttelisi käyttäjiä, toisaalta liiallinen avoimuus kasvattaa tietomurron riskiä. Kompromissin löytäminen on hankaloitunut edelleen saavutettavien käyttäjien määrän kasvaessa ja tarjottavien palvelujen monimutkaistuessa. Tehtävä vaatii toisaalta erikoistapauksien käsittelyä, toisaalta yleistettävyyttä laajan käyttäjistön suhteen. Tietoturvan ylläpidon automatisointia ovat edistäneet muun muassa politiikkapäätösten erottaminen toteutuksesta ja mahdollisten tietomurron merkkien tarkkailun delegointi siihen erikoistuneille ohjelmille (IDS). Palvelujen käyttäjistön kasvaessa ja siirtyessä nimettömämmiksi kurinpito ja tarkkailu kuitenkin vaikeutuvat entisestään, eikä ylläpitäjiä riitä sidottavaksi jatkuvaan käyttäjien vahtimiseen. Monesti valvoja voikin vain poistaa käyttöoikeuden häiriköltä, jolloin esimerkiksi hieman lievemmälle sääntöjen ``venyttämiselle'' ei juuri voi tehdä mitään. Luottamuksenhallinta helpottaa rikkomuksiin ja toisaalta hyvään käytökseen reagoimista asteittain. Sen pohjalta käyttäjien valvontaan, pääsynhallintaan ja resurssien rajoitukseen liittyvä hienosäätö voidaan tuoda ymmärrettäväksi osaksi ylläpitoa ja pitkälti myös automatisoida. Avainsanat: luottamuksenhallinta, Web Services
Resumo:
Welcome to Volume 7 of Student Success. This editorial has two parts: The first part maintains the “doing things differently” tradition, making readers aware by chronicling the publishing of the journal in an open access (OA) forum. Future editorials will briefly discuss other aspects and issues pertaining to the new scholarly publishing landscape that this journal adheres to, such as: Creative Commons Licencing; ORCID IDs; considerations of new peer review models and importantly; measuring research impact in OA publishing. The second part presents the usual editorial summary of the content of this issue.
Resumo:
The MIT Lincoln Laboratory IDS evaluation methodology is a practical solution in terms of evaluating the performance of Intrusion Detection Systems, which has contributed tremendously to the research progress in that field. The DARPA IDS evaluation dataset has been criticized and considered by many as a very outdated dataset, unable to accommodate the latest trend in attacks. Then naturally the question arises as to whether the detection systems have improved beyond detecting these old level of attacks. If not, is it worth thinking of this dataset as obsolete? The paper presented here tries to provide supporting facts for the use of the DARPA IDS evaluation dataset. The two commonly used signature-based IDSs, Snort and Cisco IDS, and two anomaly detectors, the PHAD and the ALAD, are made use of for this evaluation purpose and the results support the usefulness of DARPA dataset for IDS evaluation.
Resumo:
Synergistic hypergolic ignition with nitrogen tetroxide ( N2O4) as oxidizer has been observed in hybrid systems comprising of a mixture of magnesium and Schiff bases as fuels. The ignition delays (IDs) measured using a modified device, have been compared with those of magnesium-Schiff base-WFNA systems under identical conditions. The ID has been found to vary with the nature of the substitution in both the benzene rings. A linear relationship emerges when the ignition delays are plotted against the Hammett substitution constants (σ). The preignition products of the reaction of N2O4 with magnesium and benzylidineaniline have been analysed to be Mg(NO3)2, benzenediazonium salt and benzaldehyde. Based on the preignition products isolated, a probable reaction mechanism has been proposed. The previously proposed preignition mechanism for the Schiff base-magnesium-WFNA system has been further supported from the present ignition delay data.
Resumo:
Iodothyronine deiodinases (IDs) are mammalian selenoenzymes that catalyze the conversion of thyroxine (T4) to 3,5,3'-triiodothyronine (T3) and 3,3',5'-triiodothyronine (rT3) by the outer- and inner-ring deiodination pathways, respectively. These enzymes also catalyze further deiodination of T3 and rT3 to produce a variety of di- and monoiodo derivatives. In this paper, the deiodinase activity of a series of pen-substituted naphthalenes having different amino groups is described. These compounds remove iodine selectively from the inner-ring of T4 and T3 to produce rT3 and 3,3'-diiodothyronine (3,3'-T2), respectively. The naphthyl-based compounds having two selenols in the pen-positions exhibit much higher deiodinase activity than those having two thiols or a thiol selenol pair. Mechanistic investigations reveal that the formation of a halogen bond between the iodine and chalcogen (S or Se) and the pen-interaction between two chalcogen atoms (chalcogen bond) are important for the deiodination reactions. Although the formation of a halogen bond leads to elongation of the C-I bond, the chalcogen bond facilitates the transfer of more electron density to the C-I sigma* orbitals, leading to a complete cleavage of the C-I bond. The higher activity of amino-substituted selenium compounds can be ascribed to the deprotonation of thiol/selenol moiety by the amino group, which not only increases the strength of halogen bond but also facilitates the chalcogen chalcogen interactions.
