Computer Security Problems Research Articles

Assessing Centroid-Based Classification Models for Intrusion Detection System Using Composite Indicators

Detecting intrusion in network traffic is one of the computer security problems that has received a lot of attention for years. Various intrusion detection models were developed by machine learning and data mining. Commonly, confusion matrix-based performance measures are used to compare the performance of several models. But sometimes we need to combine those measure or combine it with performance measures outside the confusion matrix. In this study, we propose two composite indicator indexes (CPI) which built based on composite indicators and weighted linear aggregation methods to evaluate the model’s performance. The first CPI is a combination of accuracy, robustness, completeness, and speed. We use it to rank the performance of the three centroid-based classifications models (CANN, L-SCANN, CASMN) on NSL-KDD dataset. While the second is a combination of overall class accuracy and accuracy of each class, we use to compare the models with the other IDS models.

Side-Channel Analysis via Symbolic Execution and Model Counting

An important problem in computer security is the detection of side-channel vulnerabilities. Information gained by observing nonfunctional properties of program executions (i.e., sidechannels such as execution time or memory usage) can enable attackers to infer secrets that the program accesses (such as a password). In this talk, I will discuss how symbolic execution, combined with a model counting constraint solver, can be used for quantifying side- channel leakage in Java programs. I will also discuss automata-based model counting techniques. We have implemented these techniques by integrating our modelcounting constraint solver, called Automata-Based model Counter (ABC), with the symbolic execution tool Symbolic Path Finder (SPF).

Applications of artificial immune systems to computer security: A survey

For the last two decades, artificial immune systems have been studied in various fields of knowledge. They were shown to be particularly effective tools at detecting anomalous behavior in the security domain of computer systems. This article introduces the principles of artificial immune systems and surveys several works applying such systems to computer security problems. The works herein discussed are summarized and open issues are pointed out afterwards, elaborating on a novel applicability of these systems to cloud computing environments.

The 5th International Conference on Science & Engineering in Mathematics, Chemistry and Physics 2017 (ScieTech 2017), The Ramada Bintang Hotel, Kuta, Bali, Indonesia 21 - 22 January 2017

The 5th International Conference on Science & Engineering in Mathematics, Chemistry and Physics 2017 (ScieTech 2017), The Ramada Bintang Hotel, Kuta, Bali, Indonesia 21 - 22 January 2017

Steganography Training: a Case Study from University of Shumen in Bulgaria

Abstract This paper summarizes the experience and the learning outcomes of students of the “Informatics” specialty at the Episkop Konstantin Preslavsky University of Shumen (Bulgaria) on the problems of computer and network security as a component of their professional training. It is a continuous process starting from the “Computer steganography” course and turning into diploma papers, masters programs, specializations and PhDs in computer and network steganography. The outcome of this training would be bachelors and masters theses, practical activities of experimentation of stego software and steganology in a parallel computing environment, joint scientific publications of lecturers and students.

Computer security is broken

Computer security problems have far exceeded the limits of the human brain. What can we do about it?

FEATURE SELECTION AND MACHINE LEARNING CLASSIFICATION FOR MALWARE DETECTION

Malware is a computer security problem that can morph to evade traditional detection methods based on known signature matching. Since new malware variants contain patterns that are similar to those in observed malware, machine learning techniques can be used to identify new malware. This work presents a comparative study of several feature selection methods with four different machine learning classifiers in the context of static malware detection based on n-grams analysis. The result shows that the use of Principal Component Analysis (PCA) feature selection and Support Vector Machines (SVM) classification gives the best classification accuracy using a minimum number of features.

Malware detection using bilayer behavior abstraction and improved one-class support vector machines

Malware detection is one of the most challenging problems in computer security. Recently, methods based on machine learning are very popular in unknown and variant malware detection. In order to achieve a successful learning, extracting discriminant and stable features is the most important prerequisite. In this paper, we propose a bilayer behavior abstraction method based on semantic analysis of dynamic API sequences. Operations on sensitive system resources and complex behaviors are abstracted in an interpretable way at different semantic layers. At the lower layer, raw API calls are combined to abstract low-layer behaviors via data dependency analysis. At the higher layer, low-layer behaviors are further combined to construct more complex high-layer behaviors with good interpretability. The extracted low-layer and high-layer behaviors are finally embedded into a high-dimensional vector space. Hence, the abstracted behaviors can be directly used by many popular machine learning algorithms. Besides, to tackle the problem that benign programs are not adequately sampled or malware and benign programs are severely imbalanced, an improved one-class support vector machine (OC-SVM) named OC-SVM-Neg is proposed which makes use of the available negative samples. Experimental results show that the proposed feature extraction method with OC-SVM-Neg outperforms binary classifiers on the false alarm rate and the generalization ability.

OOAP: A Novel Authorization Protocol for Access to Sensitive Data in Trusted Cloud Computing Platforms

Cloud computing platforms are usually constructed as trusted virtual platforms based on trusted computing technologies. This is one of the most effective approaches to resolve cloud computing security problems. However, the protection of sensitive data in trusted virtual platforms is an important problem needed to be resolved. In this paper, we proposed a novel authorization protocol. The protocol assembled the functions of OIAP, OSAP and AACP protocols, and prevented all known attacks in existing authorization protocols. Moreover, it satisfied the property of exclusivity and was compatible with TCG TPM command formats. The protocol effectively protects the sensitive data from unauthorized accesses in trusted cloud computing platforms.

Development and Design of Intelligent Intrusion Detection System Based on Data Mining

With the popularization and development of Internet, the network has penetrated into every corner of social life. Network brings people convenient but at the same time it also brings a series of safety problems. Intrusion detection system is an important part of network security system. Computer security problem is increasingly prominent, which puts forward higher requirements on intrusion detection system. In this paper, the application of data mining and intelligent Agent detection in the intrusion detection system is researched.

The IEEE Symposium on Security and Privacy, in Retrospect

nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull

Cloud Security System Construction and its Concrete Realization

As a new cloud computing services and computing model itself does not break away from traditional concepts of information security coverage, still faces a variety of traditional security threats, including physical physical security, network security, host security. Because of their characteristics of cloud computing will lead to generate some new security issues, such as internal virtual machine to attack each other, the super administrator rights and other issues. In this paper, cloud computing security problems faced by specific solutions.

Automata-based symbolic string analysis for vulnerability detection

Verifying string manipulating programs is a crucial problem in computer security. String operations are used extensively within web applications to manipulate user input, and their erroneous use is...

Research on Cloud Computing Security Based on the Remote Attestation

Cloud computing security has become a key problem of restricting the development of cloud computing, solving the cloud computing security problem has been extremely urgent. At present, it has become a new favorite in the cloud computing security research field that trusted computing is used to solve the cloud computing security, this paper uses remote attestation in trusted computing to solve the cloud computing security problems. In a cloud computing environment, the service provider not only needs to provide reliable components, but also needs to ensure that the computing platform system is reliable. In this paper, in view of the characteristics of the cloud computing platform, these two approaches are consolidated and improved, and a proof method based on the component properties and the system behavior (CPTBA) is put forward.

An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems

Quantitative security analysis of networked computer systems is one of the decades-long open problems in computer security. Recently, a promising approach was proposed in \cite{XuTDSC11}, which however made some strong assumptions including the exponential distribution of, and the independence between, the relevant random variables. In this paper, we substantially weaken these assumptions while offering, in addition to the same types of analytical results as in \cite{XuTDSC11}, methods for obtaining the desired security quantities in practice. Moreover, we investigate the problem from a higher-level abstraction, which also leads to both analytical results and practical methods for obtaining the desired security quantities. These would represent a significant step toward ultimately solving the problem of quantitative security analysis of networked computer systems.

RELATIONAL STRING VERIFICATION USING MULTI-TRACK AUTOMATA

Verification of string manipulation operations is a crucial problem in computer security. In this paper, we present a new relational string verification technique based on multi-track automata. Our approach is capable of verifying properties that depend on relations among string variables. This enables us to prove that vulnerabilities that result from improper string manipulation do not exist in a given program. Our main contributions in this paper can be summarized as follows: (1) We formally characterize the string verification problem as the reachability analysis of string systems and show decidability/undecidability results for several string analysis problems. (2) We develop a sound symbolic analysis technique for string verification that over-approximates the reachable states of a given string system using multi-track automata and summarization. (3) We evaluate the presented techniques with respect to several string analysis benchmarks extracted from real web applications.

An N-Gram and STF-IDF model for masquerade detection in a UNIX environment

A masquerader is someone who impersonates another user and operates a computer system with privileged access. Computer security problems caused by masqueraders are serious. Although anomaly detecti...

Identity and Security

A strong identification system presupposes a strong notion of identity. The Internet, though, is multilayered; identity is different at each layer. My computer has three different MAC addresses and several IP addresses, including many IP addresses and logins for different instant message systems. If I switch computers, locations, or employers, several of these would change. Am I no longer myself? Sophistry, some would say; those could all be temporarily bound to my "real" identity. In that case, we already have pretty strong identification, in the combination of time stamp, IP address, and log files. Most online misbehavior comes from hacked machines; in turns, these machines have been hacked because of buggy code. Strong authentication is useful in many circumstances, but the bad guys don't have to go through the authentication system-they simply go around it. A strongly encrypted, strongly authenticated connection between a hacked machine and another target still lets the bad guys in, whereas identification does nothing but mislead the good guys. In other words, identification will be useful only when we don't need it because we've solved the computer security problem.

Feature subset selection in keystroke dynamics using ant colony optimization

The need to secure sensitive data and computer systems from intruders, while allowing ease of access for authenticated users is one of the main problems in computer security. Traditionally, passwords have been the usual method for controlling access to computer systems but this approach has many inherent flaws. Keystroke Dynamics is a relatively new method of biometric identification and provides a comparatively inexpensive and low profile method of hardening the normal login and password process. This paper presents the feature subset selection in Keystroke Dynamics for identity verification, and it reports the results of experimenting Ant Colony Optimization technique on keystroke duration, latency and digraph for feature subset selection. Here, the Ant Colony Optimization is used to reduce the redundant feature values and minimize the search space. Optimum feature subset is obtained using keystroke duration values when compared with the other two feature values. Key words: Feature extraction, feature subset selection, mean and standarddeviation, ant colony optimization algorithm, keystroke dynamics.

Algebra and logic for access control

Abstract The access control problem in computer security is fundamentally concerned with the ability of system entities to see, make use of, or alter various system resources. We provide a mathematical framework for modelling and reasoning about (distributed) systems with access control. This is based on a calculus of resources and processes together with a Hennessy–Milner-style modal logic, based on the connectives of bunched logic, for which an appropriate correspondence theorem obtains. As a consequence we get a consistent account of both operational behaviour and logical reasoning for systems with access control features. In particular, we are able to introduce a process combinator that describes, as a form of concurrent composition, the action of one agent in the role of another, and provide a logical characterization of this operator via a modality ‘says’. We give a range of examples, including analyses of co-signing, roles, and chains of trust, which illustrates the utility of our mathematical framework.