The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability...
Countering network threats, particularly intrusions, is a challenging area of research in the field of information security. Intruders use sophisticated mechanisms to hide the attack payload and break the detection techniques. To overcome that, various unsupervised learning approaches from the field of machine learning and pattern recognition have been employed. The most popularly used method is Principal...
The reciprocity of the wireless and the randomness of channel characteristic is the basis of physical layer key generation technology based on the channel. The complete key generation technologies include five steps that channel probing, channel feature extraction, quantification, reconciliation and privacy application. There are many theories and simulation prove the feasibility of key extraction...
Version control systems (VCSs) have almost become the de facto standard for the management of open-source projects and the development of their source code. In VCSs, source code which can potentially be vulnerable is introduced to a system through what are so called commits. Vulnerable commits force the system into an insecure state. The farreaching impact of vulnerabilities attests to the importance...
Named Data Networking (NDN) is a clean state Internet paradigm that considers some security primitives in its original design, and one of the promising candidates for the future Internet architecture. However, it may suffer from the specific threats such as Interest Flooding Attacks (IFA). Most researches are focused on the defense against fake IFA, where the PIT resources in victim routers are exhausted...
Nowadays, touchscreen mobile devices make up a larger share in the market. Users often use these devices to store personal and sensitive data. This necessitate to find more effective and robust methods to continuously authenticate touch-based mobile device users. In this paper, we propose two levels of behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different...
The mitigation of insider threats against databases is a challenging problem as insiders often have legitimate access privileges to sensitive data. Therefore, conventional security mechanisms, such as authentication and access control, may be insufficient for the protection of databases against insider threats and need to be complemented with techniques that support real-time detection of access anomalies...
Smartphones are increasingly used in everyday life. They execute complex software and store sensitive and private data of users. At the same time, malware targeting mobile devices is growing. There are various Android malware detection methods in the literature, most of which are based on permissions. However, the permission-based methods are usually subverted by some bypass techniques such as over-claim...
Deep learning techniques have demonstrated the ability to perform a variety of object recognition tasks using visible imager data; however, deep learning has not been implemented as a means to autonomously detect and assess targets of interest in a physical security system. We demonstrate the use of transfer learning on a convolutional neural network (CNN) to significantly reduce training time while...
Increasing demand has led to wireless spectrum shortages, with many parts of the existing spectrum being heavily used. Dynamic spectrum access (DSA) has been proposed to allow cognitive radio networks to use existing spectrum more efficiently. It will allow secondary users to transmit on already allocated spectrum on a non-interference basis. Cognitive radios are able to change bandwidth and other...
Many of today's machine learning (ML) systems are composed by an array of primitive learning modules (PLMs). The heavy use of PLMs significantly simplifies and expedites the system development cycles. However, as most PLMs are contributed and maintained by third parties, their lack of standardization or regulation entails profound security implications. In this paper, for the first time, we demonstrate...
Lateral movement-based attacks are increasingly leading to compromises in large private and government networks, often resulting in information exfiltration or service disruption. Such attacks are often slow and stealthy and usually evade existing security products. To enable effective detection of such attacks, we present a new approach based on graph-based modeling of the security state of the target...
In this paper, we take up the second RE17 data challenge: the identification of requirements types using the "Quality attributes (NFR)" dataset provided. We studied how accurately we can automatically classify requirements as functional (FR) and non-functional (NFR) in the dataset with supervised machine learning. Furthermore, we assessed how accurately we can identify various types of NFRs,...
PHP is one of the most popular web development tools in use today. A major concern though is the improper and insecure uses of the language by application developers, motivating the development of various static analyses that detect security vulnerabilities in PHP programs. However, many of these approaches do not handle recent, important PHP features such as object orientation, which greatly limits...
Software vulnerabilities pose significant security risks to the host computing system. Faced with continuous disclosure of software vulnerabilities, system administrators must prioritize their efforts, triaging the most critical vulnerabilities to address first. Many vulnerability scoring systems have been proposed, but they all require expert knowledge to determine intricate vulnerability metrics...
Usually, most of the data generated in real-world such as images, speech signals, or fMRI scans has a high dimensionality. Therefore, dimensionality reduction techniques can be used to reduce the number of variables in that data and then the system performance can be improved. Because the processing of the high dimensional data leads the increase of complexity both in execution time and memory usage...
This paper is concerned with biometrie spoofing detection using the dynamics of natural facial movements as a feature. Facial muscle movement information can be extracted from video sequences and encoded using the Facial Action Coding System (FACS). The proposed feature constructs a Facial Action Units Histogram (FAUH) to encapsulate this information for the detection of biometric presentation attacks...
This paper investigates the suitability of employing various measurable features derived from multiple wearable devices (Apple Watch), for the generation of unique authentication and encryption keys related to the user. This technique is termed as ICMetrics. The ICMetrics technology requires identifying the suitable features in an environment for key generation most useful for online services. This...
We formulate a concept of a future smart environment for high quality of life (SEQUAL) that would empower humans to compensate for physical and cognitive disabilities associated with sickness and aging. In SEQUAL the assessment of the state of ‘well-being’ — from behaviors and biological signals — is holistic, meaning that the estimation of individual's health, emotional condition, activity and wishes,...
Radio frequency fingerprints (RF fingerprints) extraction is a technology that can identify the unique radio transmitter at the physical level by measuring external feature to match with feature library. RF fingerprints is the reflection of differences between hardwares of transmitters, and it contains rich detail characteristics of internal components within transmitter. RF fingerprints has been...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.