The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function...
Fixing some security failures are difficult because they cannot be easily reproduced. To address Hardly Reproducible Vulnerabilities (HRVs), security experts spend a significant amount of time, effort, and budget. Sometimes they do not succeed in the reproduction step and ignore some security failures. The exploitation of a vulnerability due to its irreproducibility may cause severe consequences....
Current Security Information and Event Management systems (SIEMs) constitute the central platform of modern security operations centers. They gather events from multiple sensors (intrusion detection systems, anti-virus, firewalls, etc.), correlate these events, and deliver synthetic views of the alerts for threat handling and security reporting. However, as the number of security incidents, and thus...
Applications are generally written assuming a predictable and well-behaved OS. In practice, they experience unpredictable misbehavior at the OS level and across OSes: different OSes can handle network events differently, APIs can behave differently across OSes, and OSes may be compromised or buggy. This unpredictability is challenging because its sources typically manifest during deployment and are...
With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In...
As developers face ever-increasing pressure to engineer secure software, researchers are building an understanding of security-sensitive bugs (i.e. Vulnerabilities). Research into mining software repositories has greatly increased our understanding of software quality via empirical study of bugs. However, conceptually vulnerabilities are different from bugs: they represent abusive functionality as...
A common algorithm-level effective countermea-sure against side-channel attacks is random masking. However, second-order attack can break first-order masked devices by utilizing power values at two time points. Normally 2nd-order attacks require the exact temporal locations of the two leakage points. Without profiling, the attacker may only have an educated guessing window of size nw for each potential...
The photo response non-uniformity (PRNU) of a sensor can be used for various forensic tasks, such as source device identification, source device linking, classification of images taken by unknown cameras, integrity verification, authentication. To ensure good results a high quality PRNU fingerprint of the sensor is needed. This can be achieved by acquiring images with uncorrelated content and high...
Network attack path analysis is an important method for analyzing the security status of computer network, which can automatically analyze the correlation between network vulnerabilities and potential threats resulting from vulnerabilities. It plays a guiding role in establishing network security policy. This paper chooses NVD and Bugtraq as vulnerability data sources, and extracts key properties...
With the large-scale distributed system plays an increasingly important role in such fields as national security, critical infrastructure and social life, its vulnerability analysis problem has become a growing focus nowadays. As a vulnerability analysis object, a multi-layer model is put forward firstly, and then a multi-dimension vulnerability analysis framework of large-scale distributed system...
With the widespread use of information, variety of security logs have increased greatly, which due need for security log management. Organizations requirements have imposed to collect, store, and analyze tremendous volumes of log data across entire infrastructure for extended durations and at increasingly granular levels. It is the process of generating, transmitting, storing, analyzing, and disposing...
Various governmental or academic institutes survey current security trends, and report vulnerabilities, security breaches, and their costs. However, it is unclear whether (and how) practitioners analyze these vulnerabilities and attacks to arrive at security requirements and decide on security solutions. What modeling methods are used for eliciting, analyzing, and documenting security requirements...
This work presents a generic Intrusion Detection and Diagnosis System, which implements a comprehensive alert correlation workflow for detection and diagnosis of complex intrusion scenarios in Large scale Complex Critical Infrastructures. The on-line detection and diagnosis process is based on an hybrid and hierarchical approach, which allows to detect intrusion scenarios by collecting diverse information...
Computers, mobile phones, embedded devices and other components of IT systems can often be easily manipulated. Therefore, in forensic use of digital evidence it is necessary to carefully check that the probative force of the evidence is sufficient. For applications where critical processes can lead to disputes and resolving disputed relies on digital evidence one open question is how to build the...
Correlation power analysis is the well-known attack against cryptographic modules. An attacker exploits the correlation between the power consumed by a device and the data being processed. In the present paper, we present the experimental procedure of correlation power analysis using three different devices: FPGA, ASIC and a microcontroller. Results show that the power model used to calculate hypothetical...
Security people are constantly presented with circumstances in which causation is rather unclear, and our desire to discover it is irresistible. Code-complexity measures do seem to be highest in applications that have rather a lot to do. Having massive numbers of code paths does make security hard because massive numbers of code paths means a large attack surface, but massive numbers of code paths...
Previous distributed anomaly detection efforts have operated on summary statistics gathered from each node. This has the advantage that the audit trail is limited in size since event sets can be succinctly represented. While this minimizes the bandwidth consumed and helps scale the detection to a large number of nodes, it limits the infrastructure's ability to identify the source of anomalies. We...
Intrusion Detection Systems (IDS) have been used widely to detect malicious behavior in network communication and hosts. IDS management is an important capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in the distributed environment. Sophisticated attacks are difficult...
In the open distributed environment, the knowledge of belief is absent for the entity with which we will contact, so the recommendation trust is very important for the distributed system. In this paper a recommendation trust model is proposed based on encouragement and punishment. In the model, the trust value of any entity consists of trading reputation value and recommendation reputation value,...
Although event recording on a computer system (also known as logging) is of utmost importance for reconstructing and detecting security relevant events, currently no adequate and sophisticated solution for complex environments, such as Grid and Cloud Computing, exist. Current LOG file formats lack of several important factors, hindering automatic evaluation needed for distributed systems to comply...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.