1,720,972 research outputs found
Intrusion detection using signatures extracted from execution profiles
No full textAn application based intrusion detection system is a security mechanism designed to detect malicious behavior that could compromise the security of a software application. Our aim is to develop such a system that operates on signatures extracted from execution profiles. These signatures are not descriptions of exploits, but instead are descriptions of the program conditions that lead to the exploitation of software vulnerabilities, i.e., they depend on the structure of the vulnerabilities themselves. A program vulnerability is generally induced by the execution of a combination of program statements. In this work we first analyze the execution profiles of a subject application in order to identify such suspicious combinations and consequently extract and define their corresponding signatures. Then, we insert probes in select locations in the application to enable online signature matching. To evaluate our technique, we implemented it for Java programs and applied it on Tomcat 3.0 in order to detect well-known attacks. Our results were promising, as no false negatives and a maximum of 4.5percent false positives were observed, and the runtime overhead was less than 5percent. © 2009 IEEE.BCEL, 2003, AP JAK PROJ; BRUMLEY D, 2007, PRACTICAL AUTOMATIC; BRUMLEY D, 2007, P 20 IEEE COMP SEC F; Brumley D, 2006, P IEEE S SECUR PRIV, P2, DOI 10.1109-SP.2006.41; Butenko S, 2006, EUR J OPER RES, V173, P1, DOI 10.1016-j.ejor.2005.05.026; Ernst M. D., 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002), DOI 10.1109-ICSE.1999.841011; Feng HHP, 2003, P IEEE S SECUR PRIV, P62, DOI 10.1109-SECPRI.2003.1199328; Forrest S, 1996, P IEEE S SECUR PRIV, P120, DOI 10.1109-SECPRI.1996.502675; GIFFIN JT, 2006, P 9 INT S REC ADV IN, P41; GUO Q, 2003, P 3 INT WORKSH FORM, P1098; Hifi M, 1997, J OPER RES SOC, V48, P612; Jones J. A., 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002, DOI 10.1109-ICSE.2002.1007991; Kim H.-A., 2004, Proceedings of the 13th USENIX Security Symposium; Kruegel C., 2003, P 8 EUR S RES COMP S, P326; Lam MS, 2008, PEPM'08: PROCEEDINGS OF THE 2008 ACM SIGPLAN SYMPOSIUM ON PARTIAL EVALUATION AND SEMANTICS-BASED PROGRAM MANIPULATION, P3, DOI 10.1145-1328408.1328410; Li Z, 2007, IEEE T SOFTWARE ENG, V33, P225, DOI 10.1109-TSE.2007.38; LIVSHITS B, 2005, P US SEC S AUG, P271; Lorenzoli D., 2007, P 18 IEEE INT S SOFT; LORIMER RJ, INSTRUMENTATION MODI; Martin M., 2005, P 20 ANN ACM SIGPLAN, P365, DOI 10.1145-1094811.1094840; Masri W, 2007, IEEE T SOFTWARE ENG, V33, P454, DOI 10.1109-TSE.2007.1020; Masri W, 2008, COMPUT SECUR, V27, P176, DOI 10.1016-j.cose.2008.06.002; Singh A, 2006, J HEURISTICS, V12, P5, DOI 10.1007-s10732-006-3750-x; Wagner D., 2002, P 9 ACM C COMP COMM, P255; Wagner D, 2001, P IEEE S SECUR PRIV, P156, DOI 10.1109-SECPRI.2001.9242960
Generating profile-based signatures for online intrusion and failure detection
No full textContext Program execution profiles have been extensively and successfully used in several dynamic analysis fields such as software testing and fault localization. Objective This paper presents a pattern-matching approach implemented as an application-based intrusion (and failure) detection system that operates on signatures generated from execution profiles. Such signatures are not descriptions of exploits, i.e. they do not depend on the syntax or semantics of the exploits, but instead are descriptions of program events that correlate with the exploitation of program vulnerabilities. Method A vulnerability exploit is generally correlated with the execution of a combination of program elements, such as statements, branches, and definition-use pairs. In this work we first analyze the execution profiles of a vulnerable application in order to identify such suspicious combinations, define signatures that describe them, and consequently deploy these signatures within an intrusion detection system that performs online signature matching. Results To evaluate our approach, which is also applicable to online failure detection, we implemented it for the Java platform and applied it onto seven open-source applications containing 30 vulnerabilities-defects for the purpose of the online detection of attacks- failures. Our results showed that our approach worked very well for 26 vulnerabilities-defects (86.67percent) and the overhead imposed by the system is somewhat acceptable as it varied from 46percent to 102percent. The exhibited average rates of false negatives and false positives were 0.43percent and 1.03percent, respectively. Conclusion Using profile-based signatures for online intrusion and failure detection was shown to be effective. © 2013 Elsevier B.V. All rights reserved.Abou-Assi R., 2011, 1 INT WORKSH TEST DE; Agrawal R., 1993, ACM SIGMOD RECORD, V22, P207, DOI DOI 10.1145-170035.170072; Apiwattanapong T, 2005, PROC INT CONF SOFTW, P432; Bodik P., 2005, Proceedings. Second International Conference on Autonomic Computing; Brumley D., 2007, P 20 IEEE COMP SECUR; Brumley D, 2006, P IEEE S SECUR PRIV, P2, DOI 10.1109-SP.2006.41; Chaturvedi A., 2005, P IEEE S SEC PRIV; Chen HF, 2007, IEEE T SYST MAN CY C, V37, P644, DOI 10.1109-TSMCC.2007.897496; Cohen W.W., 1995, MACH LEARN 12 INT C; DENNING DE, 1976, COMMUN ACM, V19, P236, DOI 10.1145-360051.360056; Do HS, 2005, EMPIR SOFTW ENG, V10, P405, DOI 10.1007-s10664-005-3861-2; El-Ghali M., 2009, 5 INT WORKSH SOFTW E; Ernst MD, 2001, IEEE T SOFTWARE ENG, V27, P99, DOI 10.1109-32.908957; Feng HHP, 2003, P IEEE S SECUR PRIV, P62, DOI 10.1109-SECPRI.2003.1199328; Forrest S, 1996, P IEEE S SECUR PRIV, P120, DOI 10.1109-SECPRI.1996.502675; Giffin JT, 2006, LECT NOTES COMPUT SC, V4219, P41; Graves TL, 2001, ACM T SOFTW ENG METH, V10, P184, DOI 10.1145-367008.367020; Jackson D., 1994, P 2 ACM SIGSOFT S FD; Jones J. A., 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002, DOI 10.1109-ICSE.2002.1007991; Kang D.-K., 2005, P 6 IEEE SYST MAN CY; Kim H.-A., 2004, Proceedings of the 13th USENIX Security Symposium; Kruegel C, 2003, LECT NOTES COMPUT SC, V2808, P326; Lee W, 1998, P 7 USENIX SEC S SAN; Lee W, 1999, IEEE S SECUR PRIV, V7, P120; Leon D., 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium, DOI 10.1109-ICSE.2000.870403; Li Z, 2007, IEEE T SOFTWARE ENG, V33, P225, DOI 10.1109-TSE.2007.38; Liepins G., 1989, 12 NAT COMP SEC C BA, P495; Lippmann R, 2000, LECT NOTES COMPUT SC, V1907, P162; Lorenzoli D., 2007, P 18 IEEE INT S SOFT; Mannila H., 1995, P 1 INT C KNOWL DISC; Martin M, 2005, ACM SIGPLAN NOTICES, V40, P365, DOI 10.1145-1103845.1094840; Masri W., 2009, 7 INT WORKSH DYN AN; Masri W., 2012, ENHANCING FAULT LOCA; Masri W, 2008, EMPIR SOFTW ENG, V13, P369, DOI 10.1007-s10664-008-9071-y; Masri W, 2009, INFORM SOFTWARE TECH, V51, P385, DOI 10.1016-j.infsof.2008.05.008; Masri W., 2009, ACM T SOFTWARE ENG M, V19; Masri W, 2007, IEEE T SOFTWARE ENG, V33, P454, DOI 10.1109-TSE.2007.1020; Masri W, 2010, SOFTW TEST VERIF REL, V20, P121, DOI 10.1002-stvr.409; Masri W., 2009, INT WORKSH DEF LARG; Masri W., 2010, 3 INT C SOFTW TEST V; Masri W., 2006, 4 INT WORKSH DYN AN; Masri W, 2008, COMPUT SECUR, V27, P176, DOI 10.1016-j.cose.2008.06.002; Masri W, 2011, J SYST SOFTWARE, V84, P1171, DOI 10.1016-j.jss.2011.02.007; McConnell S., 2004, CODE COMPLETE; Miller Frederic P., 2009, ABANDONWARE COMPUTER; Mutz D., 2006, ACM Transactions on Information and Systems Security, V9, DOI 10.1145-1127345.1127348; Newsome J., 2005, P 12 ANN NETW DISTR; Newsome James, 2006, P 13 S NETW DISTR SY; Nusayr Amjad, 2009, USING AOP DET RUNT M, P8; Parnin C., ISSTA 2011, P199; Portnoy L., 2001, ACM CSS WORKSH DAT M; Sabelfeld A., 2003, IEEE J SEL AREA COMM, V21, P1; Sen K., 2005, 10 EUR SOFTW ENG C; Shull Forrest, 2002, P 8 INT S SOFTW METR; Singh A, 2006, J HEURISTICS, V12, P5, DOI 10.1007-s10732-006-3750-x; Steven S., 2000, 2000 INT S SOFTW TES, P158; Wagner D., 2002, P 9 ACM C COMP COMM, P255; Wagner D, 2001, P IEEE S SECUR PRIV, P156, DOI 10.1109-SECPRI.2001.924296; Xu HZ, 2004, LECT NOTES COMPUT SC, V3224, P21; Yin H, 2007, CCS'07: PROCEEDINGS OF THE 14TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P11620
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
A hybrid security protocol for sensor networks
No full textSensor nodes used to transmit sensitive data, especially in military applications, require securing the data transmitted through the WSNs to maintain the confidentiality of the data and authenticate the participating sensor nodes. Since sensor nodes suffer from limited resources, in memory storage, computing power, energy capabilities and transmission rates, available network security protocols are inadequate. Symmetric algorithms cannot provide the same degree of security as public key algorithms, leading us to devise a new algorithm SHESP that uses public keys within the limitations of sensor nodes. This paper presents a way to utilise existing public key algorithms such as RSA, Diffie-Hellmann and elliptic curve in the field of WSN security by dividing the network into clusters. Our algorithm supplies data confidentiality, node authentication and data integrity while remaining within acceptable memory, time and energy constraints. We provide theoretical and experimental evidence to validate our algorithms. Results reveal significant improvement in data availability, data confidentiality and authenticity while reducing the communication and computation overhead. Copyright © 2009 Inderscience Enterprises Ltd.
Dispelling the Myths Behind First-author Citation Counts
Full text linkWe conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued
use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation
counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more
sophisticated methods
koamabayili/VECTRON-author-checklist: VECTRON author checklist
No full textWe have done our best to complete the author checklist relating to the use of animals in the hut study. Note that the objective for the hut study was to evaluate the IRS treatment applications for residual efficacy against Anopheles mosquitoes, including the local An. coluzzii mosquito population. Cows were only used to attract mosquitoes into the huts and no tests were carried out directly on the cows. The author checklist is intended for use with studies where experiments are carried out on animals, which is why we have had such difficulty in completing this for the hut study, as many of the questions do not relate to how the cows were used
- …
