Catálogo de publicaciones - libros

Compartir en
redes sociales


Computer Network Security: Fourth International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2007, St. Petersburg, Russia, September 13-15, 2007. Proceedings

Vladimir Gorodetsky ; Igor Kotenko ; Victor A. Skormin (eds.)

En conferencia: 4º International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS) . St. Petersburg, Russia . September 13, 2007 - September 15, 2007

Resumen/Descripción – provisto por la editorial

No disponible.

Palabras clave – provistas por la editorial

Computer Communication Networks; Systems and Data Security; Data Mining and Knowledge Discovery; Information Systems Applications (incl. Internet); Computer Systems Organization and Communication Networks

Disponibilidad
Institución detectada Año de publicación Navegá Descargá Solicitá
No detectada 2007 SpringerLink

Información

Tipo de recurso:

libros

ISBN impreso

978-3-540-73985-2

ISBN electrónico

978-3-540-73986-9

Editor responsable

Springer Nature

País de edición

Reino Unido

Fecha de publicación

Información sobre derechos de publicación

© Springer-Verlag Berlin Heidelberg 2007

Tabla de contenidos

Event Calcululus Based Checking of Filtering Policies

Artem Tishkov; Ekaterina Sidelnikova; Igor Kotenko

The paper considers the approach to filtering policy verification. We model potential network traffic with Event Calculus and use abductive proof procedure to detect firewall filtering anomalies in dynamical way. Generally, our appraoch allows separating network behavior description from security inconsistency definition and thus building flexible and scalable framework for filtering policy verification.

Palabras clave: Security policy; policy verification; filtering; Event Calculus.

Pp. 248-253

A New Approach to Security Evaluation of Operating Systems

Peter D. Zegzhda; Dmitry P. Zegzhda; Maxim O. Kalinin

This paper addresses to the technique of security evaluation based on security attributes analysis in discretionary access control. A multi-level framework is built to calculate a set of effective user’s permissions automatically. Information about the effective access rights is necessary during security verification procedure. In this paper we also propose a schema of Security Evaluation System.

Palabras clave: access control; effective access permissions; evaluation; multi-level framework of security attribute; security.

Pp. 254-259

Multi-agent Peer-to-Peer Intrusion Detection

Vladimir Gorodetsky; Oleg Karsaev; Vladimir Samoylov; Sergey Serebryakov

Ever increasing use of heterogeneous networks including mobile devices and ad-hoc sensor networks signifies the role of such information systems’ properties as openness, autonomy, cooperation, coordination, etc. Agent-based service-oriented Peer-to-Peer (P2P) architecture provides attractive (if not unique) design and implementation paradigm for such systems. This trend implies coherent evolution of security systems, that put in use the notions of distributed security policy, distributed intrusion detection systems, etc.^1, requiring novel ideas. The paper proposes new architecture for such security systems. This architecture provides cooperative performance of distributed security means (agents) supported by distributed meta-knowledge base implemented as an overlay network of instances of P2P agent platform set up on top of P2P networking provider. The paper also analyzes new issues of P2P security systems with the main emphasis on P2P training of security agents to correlation of alerts produced by other relevant agents. An artificially built case study is used to highlight the essence of P2P security agent training to P2P decision combining and to exhibit new problems.

Palabras clave: Intrusion Detection; Intrusion Detection System; Overlay Network; Agent Platform; Yellow Page.

Pp. 260-271

An Interval Temporal Logic-Based Matching Framework for Finding Occurrences of Multi-event Attack Signatures

Elzbieta Nowicka; Marcin Zawada

Temporal logic has the potential to become a powerful mechanism for both modeling and detection of attack signatures. But, although recently some very expressive attack representations and on-line monitoring tools have been proposed, such tools still suffer from a lack of sufficiently precise detection mechanisms. In particular, they can report only the existence of an attack instance and cannot locate precisely its occurrence in a monitored event stream. Precise location is a key to enabling proper verification and identification of an attack. In this paper, we propose a formal framework for multi-event attack signature detection, based on Interval Temporal Logic. Our framework formalizes the problem of finding the localizations of a number types of attack signature occurrences: the first, all, k -insertion and the shortest one. In our approach, we use the existing run-time monitoring mechanism developed for the EAGLE specification, and extend it by special rules to enable such localization tasks. Our approach works on-line, and our initial results demonstrate the effectiveness and efficiency of the proposed approach.

Palabras clave: Intrusion detection; attack signatures; interval temporal logic; approximate pattern matching.

Pp. 272-285

Towards Fully Automatic Defense Mechanism for a Computer Network Emulating Active Immune Response

V. Skormin; O. Shiryayeva; A. Tokhtabayev; J. Moronski

Modern information attacks are perpetrated by the deployment of computer worms that propagate extremely fast leaving little or no time for human intervention. This paper presents the concept of a fully automatic computer network security system capable of timely detection and mitigation of information attacks perpetrated by self-replicating malicious software. The system will detect an attack and synthesize and deploy specialized self-replicating anti-worm software for attack mitigation with a capability to alter the network topology to quarantine infected portions of the network. Special technologies allowing for the observability and controllability of the overall process will be implemented thus facilitating the deployment of advanced control schemes to prevent an overload of the network bandwidth. Particular components of this system have been developed by the authors or suggested in literature thus suggesting its feasibility. The implementation aspects of the described system are addressed. The technology described herein emulates immune defenses honed to perfection by million-year evolution to assure the safety and dependability of future computer networks. It presents a new paradigm in computer network security.

Palabras clave: Computer network; computer worms; immune response; information attacks; automatic systems.

Pp. 286-307

Mathematical Models of Intrusion Detection by an Intelligent Immunochip

Alexander O. Tarakanov

Based on mathematical models of immunocomputing, this paper proposes an approach to intrusion detection that allows both low-level signal processing (feature extraction) and high-level (“intelligent”) pattern recognition. The key model is the formal immune network (FIN) including apoptosis (programmed cell death) and immunization both controlled by cytokines (messenger proteins). FIN can be formed from the raw signal using discrete tree transform, singular value decomposition, and the proposed index of inseparability in comparison with the Renyi entropy. The speed and the accuracy of the approach probably mean a further step toward placing more of the intelligent functions on the chip.

Palabras clave: formal immune network; immunochip; intrusion detection.

Pp. 308-319

A Novel Intrusion Detection System for a Local Computer Network

A. Tokhtabayev; A. Altaibek; V. Skormin; U. Tukeyev

Local computer networks at major universities are routinely plagued by self-replicating malicious software. Due to the intensive exchange of data and information within the network, when modern viruses, worms and malicious software are introduced they propagate very quickly, leaving little or no time for human intervention. Such environments are ideal for the implementation of the automatic IDS described hereins. It employs the Dynamic Code Analyzer (DCA) that detects malicious software during run time by monitoring system calls invoked by individual processes and detecting subsequences (patterns) of system calls indicative of attempted self-replication. A similar approach, also utilizing system calls, is developed for the detection of network worms. Both techniques have the potential for detecting previously unknown malicious software and significantly reducing computer resource utilization. Unfortunately, in comparison with traditional signature based antivirus software, both approaches have a much higher rate of false alarms. To address this short coming the authors propose a method to search for evidence of the alarm propagation within the network. This is achieved by aggregating alarms from individual hosts at a server where these alarms can be correlated, resulting in a highly accurate detection capability. Such a system, implementing the presented technology, and capable of significantly reducing the downtime of networked computers owned by students and faculty, is being implemented at the computer network at the Kazakh National University.

Palabras clave: decision-making under uncertainty; utility; possibility theory; inclusion index; comonotone fuzzy sets; Choquet integral.

Pp. 320-333

Investigation of the Effectiveness of Alert Correlation Methods in a Policy-Based Security Framework

Bartłomiej Balcerek; Piotr Dragan; Bogdan Trawinski; Marcin Wojtkicwicz

The investigation of the effectiveness of alert correlation methods implemented in the Alert Correlation Module was presented in the paper. The module was developed within the POSITIF project (Policy-based Security Tools and Framework) funded by the European Commission. Three effectiveness metrics were applied: reduction coefficient average ancestor count in alert trees and percentage of meta-alerts in outgoing alerts. Research was conducted using a test environment comprising 14 computers with IDS installed. Network traffic was monitored for 40 days, and during this time the IDSs generated 211 251 alerts. The module correlated and recognized as dangerous 6994 of them therefore achieving a level of reduction equal to 96.69 percent, which could be regarded as a good results.

Palabras clave: intrusion detection; alert correlation; alert merging.

Pp. 334-339

Host-Based Intrusion Detection System: Model and Design Features

Pyotr Zegzhda; Semyon Kort

This article reports on a model of a host-based intrusion detection system. Using a model of a state machine possible mechanisms of security violations in a computer system are analyzed. Thereafter principles are suggested for building an analysis module based on a model of dynamic monitoring of system statuses. The article concludes with a number of approaches for developing a data acquisition module for a host-based intrusion detection system.

Palabras clave: intrusion detection; host-based intrusion detection system; attack; API Intercept.

Pp. 340-345

Interval Approach to Preserving Privacy in Statistical Databases: Related Challenges and Algorithms of Computational Statistics

Luc Longpré; Gang Xiang; Vladik Kreinovich; Eric Freudenthal

In many practical situations, it is important to store large amounts of data and to be able to statistically process the data. A large part of the data is confidential, so while we welcome statistical data processing, we do not want to reveal sensitive individual data. If we allow researchers to ask all kinds of statistical queries, this can lead to violation of people’s privacy. A sure-proof way to avoid these privacy violations is to store ranges of values (e.g., between 40 and 50 for age) instead of the actual values. This idea solves the privacy problem, but it leads to a computational challenge: traditional statistical algorithms need exact data, but now we only know data with interval uncertainty. In this paper, we describe new algorithms designed for processing such interval data.

Palabras clave: privacy; statistical databases; interval uncertainty; computational statistics.

Pp. 346-361