834 resultados para INTRUSION
Resumo:
La vérification de la résistance aux attaques des implémentations embarquées des vérifieurs de code intermédiaire Java Card est une tâche complexe. Les méthodes actuelles n'étant pas suffisamment efficaces, seule la génération de tests manuelle est possible. Pour automatiser ce processus, nous proposons une méthode appelée VTG (Vulnerability Test Generation, génération de tests de vulnérabilité). En se basant sur une représentation formelle des comportements fonctionnels du système sous test, un ensemble de tests d'intrusions est généré. Cette méthode s'inspire des techniques de mutation et de test à base de modèle. Dans un premier temps, le modèle est muté selon des règles que nous avons définies afin de représenter les potentielles attaques. Les tests sont ensuite extraits à partir des modèles mutants. Deux modèles Event-B ont été proposés. Le premier représente les contraintes structurelles des fichiers d'application Java Card. Le VTG permet en quelques secondes de générer des centaines de tests abstraits. Le second modèle est composé de 66 événements permettant de représenter 61 instructions Java Card. La mutation est effectuée en quelques secondes. L'extraction des tests permet de générer 223 tests en 45 min. Chaque test permet de vérifier une précondition ou une combinaison de préconditions d'une instruction. Cette méthode nous a permis de tester différents mécanismes d'implémentations de vérifieur de code intermédiaire Java Card. Bien que développée pour notre cas d'étude, la méthode proposée est générique et a été appliquée à d'autres cas d'études.
Resumo:
Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, behaviour which has been abstracted to form the Dendritic Cell Algorithm (DCA). In algorithmic terms, individual DCs perform multi-sensor data fusion, asynchronously correlating the fused data signals with a secondary data stream. Aggregate output of a population of cells is analysed and forms the basis of an anomaly detection system. In this paper the DCA is applied to the detection of outgoing port scans using TCP SYN packets. Results show that detection can be achieved with the DCA, yet some false positives can be encountered when simultaneously scanning and using other network services. Suggestions are made for using adaptive signals to alleviate this uncovered problem.
Resumo:
Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human immune system. DCs perform the vital role of combining signals from the host tissue and correlate these signals with proteins known as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.
Resumo:
libtissue is a software system for implementing and testing AIS algorithms on real-world computer security problems. AIS algorithms are implemented as a collection of cells, antigen and signals interacting within a tissue compartment. Input data to the tissue comes in the form of realtime events generated by sensors monitoring a system under surveillance, and cells are actively able to affect the monitored system through response mechanisms. libtissue is being used by researchers on a project at the University of Nottingham to explore the application of a range of immune-inspired algorithms to problems in intrusion detection. This talk describes the architecture and design of libtissue, along with the implementation of a simple algorithm and its application to a computer security problem.
Resumo:
The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. We propose the incorporation of this concept into a responsive intrusion detection system, where behavioural information of the system and running processes is combined with information regarding individual system calls.
Resumo:
The function of fish sounds in territorial defence, in particular its influence on the intruder's behaviour during territorial invasions, is poorly known. Breeding Lusitanian toadfish males (Halobatrachus didactylus) use sounds (boatwhistles) to defend nests from intruders. Results from a previous study suggest that boatwhistles function as a 'keep-out signal' during territorial defence. To test this hypothesis we performed territorial intrusion experiments with muted Lusitanian toadfish. Males were muted by making a cut and deflating the swimbladder (the sound-producing apparatus) under anaesthesia. Toadfish nest-holder males reacted to intruders mainly by emitting sounds (sham-operated and control groups) and less frequently with escalated bouts of fighting. When the nest-holder produced a boatwhistle, the intruder fled more frequently than expected by chance alone. Muted males experienced a higher number of intrusions than the other groups, probably because of their inability to vocalise. Together, our results show that fish acoustic signals are effective deterrents in nest/territorial intrusions, similar to bird song.
Resumo:
Abstract We present ideas about creating a next generation Intrusion Detection System (IDS) based on the latest immunological theories. The central challenge with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems by coding rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of Artificial Immune Systems (AIS): The Human Immune System (HIS) can detect and defend against harmful and previously unseen invaders, so can we not build a similar Intrusion Detection System (IDS) for our computers? Presumably, those systems would then have the same beneficial properties as HIS like error tolerance, adaptation and self-monitoring. Current AIS have been successful on test systems, but the algorithms rely on self-nonself discrimination, as stipulated in classical immunology. However, immunologist are increasingly finding fault with traditional self-nonself thinking and a new 'Danger Theory' (DT) is emerging. This new theory suggests that the immune system reacts to threats based on the correlation of various (danger) signals and it provides a method of 'grounding' the immune response, i.e. linking it directly to the attacker. Little is currently understood of the precise nature and correlation of these signals and the theory is a topic of hot debate. It is the aim of this research to investigate this correlation and to translate the DT into the realms of computer security, thereby creating AIS that are no longer limited by self-nonself discrimination. It should be noted that we do not intend to defend this controversial theory per se, although as a deliverable this project will add to the body of knowledge in this area. Rather we are interested in its merits for scaling up AIS applications by overcoming self-nonself discrimination problems.
Resumo:
Salinity gradient power (SGP) is the energy that can be obtained from the mixing entropy of two solutions with a different salt concentration. River estuary, as a place for mixing salt water and fresh water, has a huge potential of this renewable energy. In this study, this potential in the estuaries of rivers leading to the Persian Gulf and the factors affecting it are analysis and assessment. Since most of the full water rivers are in the Asia, this continent with the potential power of 338GW is a second major source of energy from the salinity gradient power in the world (Wetsus institute, 2009). Persian Gulf, with the proper salinity gradient in its river estuaries, has Particular importance for extraction of this energy. Considering the total river flow into the Persian Gulf, which is approximately equal to 3486 m3/s, the amount of theoretical extractable power from salinity gradient in this region is 5.2GW. Iran, with its numerous rivers along the coast of the Persian Gulf, has a great share of this energy source. For example, with study calculations done on data from three hydrometery stations located on the Arvand River, Khorramshahr Station with releasing 1.91M/ energy which is obtained by combining 1.26m3 river water with 0.74 m3 sea water, is devoted to itself extracting the maximum amount of extractable energy. Considering the average of annual discharge of Arvand River in Khorramshahr hydrometery station, the amount of theoretical extractable power is 955 MW. Another part of parameters that are studied in this research, are the intrusion length of salt water and its flushing time in the estuary that have a significant influence on the salinity gradient power. According to the calculation done in conditions HWS and the average discharge of rivers, the maximum of salinity intrusion length in to the estuary of the river by 41km is related to Arvand River and the lowest with 8km is for Helle River. Also the highest rate of salt water flushing time in the estuary with 9.8 days is related to the Arvand River and the lowest with 3.3 days is for Helle River. Influence of these two parameters on reduces the amount of extractable energy from salinity gradient power as well as can be seen in the estuaries of the rivers studied. For example, at the estuary of the Arvand River in the interval 8.9 days, salinity gradient power decreases 9.2%. But another part of this research focuses on the design of a suitable system for extracting electrical energy from the salinity gradient. So far, five methods have been proposed to convert this energy to electricity that among them, reverse electro-dialysis (RED) method and pressure-retarded osmosis (PRO) method have special importance in practical terms. In theory both techniques generate the same amount of energy from given volumes of sea and river water with specified salinity; in practice the RED technique seems to be more attractive for power generation using sea water and river water. Because it is less necessity of salinity gradient to PRO method. In addition to this, in RED method, it does not need to use turbine to change energy and the electricity generation is started when two solutions are mixed. In this research, the power density and the efficiency of generated energy was assessment by designing a physical method. The physical designed model is an unicellular reverse electro-dialysis battery with nano heterogenic membrane has 20cmx20cm dimension, which produced power density 0.58 W/m2 by using river water (1 g NaCl/lit) and sea water (30 g NaCl/lit) in laboratorial condition. This value was obtained because of nano method used on the membrane of this system and suitable design of the cell which led to increase the yield of the system efficiency 11% more than non nano ones.
Resumo:
Los sistemas de respuesta activa tienen por objetivo ejecutar una respuesta en contra de una intrusión de forma automática. Sin embargo, ejecutar una respuesta automáticamente no es una tarea trivial ya que el costo de ejecutar una respuesta podría ser más grande que el efecto que cause la intrusión propiamente dicha. También, el sistema debe contar con un amplio conjunto de acciones de respuesta y un algoritmo que seleccione la respuesta óptima. Este artículo propone un toolkit de respuestas que será integrado a un IRS basado en Ontologías para permitir la ejecución automática de la mejor respuesta cuando una intrusión es detectada. Se presenta un conjunto de respuestas basadas en host y basadas en red que pueden ser ejecutadas por el IRS, dicha ejecución es llevada a cabo mediante agentes basados en plugins que han sido distribuidos en la red. Finalmente, se realiza la verificación del sistema propuesto, tomando como caso de uso un ataque de defacement obteniéndose resultados satisfactorios.
Resumo:
Tese (doutorado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Civil e Ambiental, 2016.
Resumo:
We present ideas about creating a next generation Intrusion Detection System (IDS) based on the latest immunological theories. The central challenge with computer security is determining the difference between normal and potentially harmful activity. For half a century, developers have protected their systems by coding rules that identify and block specific events. However, the nature of current and future threats in conjunction with ever larger IT systems urgently requires the development of automated and adaptive defensive tools. A promising solution is emerging in the form of Artificial Immune Systems (AIS): The Human Immune System (HIS) can detect and defend against harmful and previously unseen invaders, so can we not build a similar Intrusion Detection System (IDS) for our computers? Presumably, those systems would then have the same beneficial properties as HIS like error tolerance, adaptation and self-monitoring. Current AIS have been successful on test systems, but the algorithms rely on self-nonself discrimination, as stipulated in classical immunology. However, immunologist are increasingly finding fault with traditional self-nonself thinking and a new ‘Danger Theory’ (DT) is emerging. This new theory suggests that the immune system reacts to threats based on the correlation of various (danger) signals and it provides a method of ‘grounding’ the immune response, i.e. linking it directly to the attacker. Little is currently understood of the precise nature and correlation of these signals and the theory is a topic of hot debate. It is the aim of this research to investigate this correlation and to translate the DT into the realms of computer security, thereby creating AIS that are no longer limited by self-nonself discrimination. It should be noted that we do not intend to defend this controversial theory per se, although as a deliverable this project will add to the body of knowledge in this area. Rather we are interested in its merits for scaling up AIS applications by overcoming self-nonself discrimination problems.
Resumo:
A new emerging paradigm of Uncertain Risk of Suspicion, Threat and Danger, observed across the field of information security, is described. Based on this paradigm a novel approach to anomaly detection is presented. Our approach is based on a simple yet powerful analogy from the innate part of the human immune system, the Toll-Like Receptors. We argue that such receptors incorporated as part of an anomaly detector enhance the detector’s ability to distinguish normal and anomalous behaviour. In addition we propose that Toll-Like Receptors enable the classification of detected anomalies based on the types of attacks that perpetrate the anomalous behaviour. Classification of such type is either missing in existing literature or is not fit for the purpose of reducing the burden of an administrator of an intrusion detection system. For our model to work, we propose the creation of a taxonomy of the digital Acytota, based on which our receptors are created.
Resumo:
This dissertation present an analysis of the interethnic conflict between Makuxi and Wapixana at the current moment in the Maloca of the Adobe, Aboriginal Land Fox-Mountain range of the Sun, in the State of Roraima. The theoretical field was boarded in the Ethnology, pursuing situations in local history, with edges in ethno-history. The research elapsed of the deepening necessity on the social relations and aboriginal politics, for the intercultural professional exercise of educator, appealing the bibliographical survey and participant comment as method; not directive interviews, photographs, filmings and daily register in of field, as techniques carried through in the period of 2006 to 2007. Although to inhabit in the same area and to establish marriages between itself, individuals and groups express tensions, aggravated with the landmark and legal recognition of the area, which generated inter dispute and intraetnias, mainly with the intrusion of farmers, rizicultores and the form of governmental influence. A relation of rivalry, individual and collective was evidenced, suggesting the strengthenig and not it fractionly, of the fights external politics, interns and in way to the cultural diversity and social adversity
Resumo:
Biologically-inspired methods such as evolutionary algorithms and neural networks are proving useful in the field of information fusion. Artificial immune systems (AISs) are a biologically-inspired approach which take inspiration from the biological immune system. Interestingly, recent research has shown how AISs which use multi-level information sources as input data can be used to build effective algorithms for realtime computer intrusion detection. This research is based on biological information fusion mechanisms used by the human immune system and as such might be of interest to the information fusion community. The aim of this paper is to present a summary of some of the biological information fusion mechanisms seen in the human immune system, and of how these mechanisms have been implemented as AISs.
Resumo:
The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in an understandable way. Several algorithms exist for this purpose which use attack graphs to model the ways in which attacks can be combined. These algorithms can be classified in to two broad categories namely scenario-graph approaches, which create an attack model starting from a vulnerability assessment and type-graph approaches which rely on an abstract model of the relations between attack types. Some research in to improving the efficiency of type-graph correlation has been carried out but this research has ignored the hypothesizing of missing alerts. Our work is to present a novel type-graph algorithm which unifies correlation and hypothesizing in to a single operation. Our experimental results indicate that the approach is extremely efficient in the face of intensive alerts and produces compact output graphs comparable to other techniques.
