Results 1 - 10
of
15
Trustworthiness Assessment of Wireless Sensor Networks Sensor Data for Business Applications
- Proceedings of the IEEE International Conference on Advanced Information Networking and Application
, 2009
"... Nowadays, Wireless Sensor Networks appear to be ma-ture enough to be used by Business Applications. These ap-plications rely on trustworthy sensor data to control busi-ness processes. In this paper, we propose an approach to assess trustworthiness of sensor data during its life-cycle from acquisitio ..."
Abstract
-
Cited by 5 (0 self)
- Add to MetaCart
(Show Context)
Nowadays, Wireless Sensor Networks appear to be ma-ture enough to be used by Business Applications. These ap-plications rely on trustworthy sensor data to control busi-ness processes. In this paper, we propose an approach to assess trustworthiness of sensor data during its life-cycle from acquisition at the nodes, through processing to deliv-ery to Business Applications. We rely on the subjective logic framework [12] to compute the probability that sensor data are trustworthy enough to be used by an application. With the definition of new operators for subjective logic, we de-velop a trust model, that allows to detect erroneous sensor data which are originated either unintentionally due defec-tive sensor nodes or intentionally by attackers. WSN, Trust Assessment, Subjective Logic 1
Prioritizing Intrusion Analysis Using Dempster-Shafer Theory
"... Intrusion analysis and incident management remains a difficult problem in practical network security defense. The root cause of this problem is the large rate of false positives in the sensors used by Intrusion Detection System (IDS) systems, reducing the value of the alerts to an administrator. Sta ..."
Abstract
-
Cited by 4 (3 self)
- Add to MetaCart
Intrusion analysis and incident management remains a difficult problem in practical network security defense. The root cause of this problem is the large rate of false positives in the sensors used by Intrusion Detection System (IDS) systems, reducing the value of the alerts to an administrator. Standard Bayesian theory has not been effective in this regard because of the lack of good prior knowledge. This paper presents an approach to handling such uncertainty without the need for prior information, through the Dempster-Shafer (DS) theory. We address a number of practical but fundamental issues in applying DS to intrusion analysis, including how to model sensors ’ trustworthiness, where to obtain such parameters, and how to address the lack of independence among alerts. We present an efficient algorithm for carrying out DS belief calculation on an IDS alert correlation graph, so that one can compute a belief score for a given hypothesis, e.g. a specific machine is compromised. The belief strength can be used to sort incident-related hypotheses and prioritize further analysis by a human analyst of the hypotheses and the associated evidence. We have implemented our approach for the open-source IDS system Snort and evaluated its effectiveness on a number of data sets as well as a production network. The resulting belief scores were verified through both anecdotal experience on the production system as well as by comparing the belief rankings of hypotheses with the ground truths provided by the data sets we used in evaluation, showing thereby that belief scores can be effective in mitigating the high false positive rate problem in intrusion analysis.
Application for Network Security Situation Awareness
- in International Conference in Recent Trends in Information Technology and Computer Science (ICRTITCS - 2012), IJCA, ISSN: 0975 – 8887
, 2012
"... This paper is based on the Network security situation awareness. It describes the framework designed to generate security graph. The proposed framework is easy to install and provides protection against denial of service and distributed denial of service attacks. It also displays security analysis o ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
This paper is based on the Network security situation awareness. It describes the framework designed to generate security graph. The proposed framework is easy to install and provides protection against denial of service and distributed denial of service attacks. It also displays security analysis of the sensors attached to the network General Terms Security, Network security situation awareness, Data fusion, D-S evidence theory.
A Correlation Approach to Intrusion Detection
"... All in-text references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately. Available from: M. Ficco ..."
Abstract
- Add to MetaCart
(Show Context)
All in-text references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately. Available from: M. Ficco
HANDLING UNCERTAINTY IN INTRUSION ANALYSIS by
, 2014
"... Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in I ..."
Abstract
- Add to MetaCart
Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in IDS system sensors used to detect malicious activity. This high false positive rate is attributed to an inability to differentiate nearly certain attacks from those that are merely possible. This inefficacy has created high uncertainty in intrusion analysis and consequently causing an overwhelming amount of work for security analysts. As a solution, practitioners typically resort to a specific IDS-rules set that precisely captures specific attacks. However, this results in failure to discern other forms of the targeted attack because an attack’s polymorphism reflects human intelligence. Alternatively, the addition of generic rules so that an activity with remote indication of an attack will trigger an alert, requires the security analyst to discern true alerts from a multitude of false alerts, thus perpetuating the original problem. The perpetuity of this trade-off issue is a dilemma that has puzzled the cyber-security community for years.
Contents lists available at ScienceDirect Computer Networks
"... journal homepage: www.elsevier.com/locate/comnet REFACING: An autonomic approach to network security based on ..."
Abstract
- Add to MetaCart
(Show Context)
journal homepage: www.elsevier.com/locate/comnet REFACING: An autonomic approach to network security based on
WIRELESS COMMUNICATIONS AND MOBILE COMPUTING Wirel. Commun. Mob. Comput. (2013) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/wcm.2341 RESEARCH ARTICLE
"... Anomaly-based intrusion detection of jamming attacks, local versus collaborative detection ..."
Abstract
- Add to MetaCart
Anomaly-based intrusion detection of jamming attacks, local versus collaborative detection
Poster: Prioritizing Intrusion Analysis Using Dempster-Shafer Theory
"... Abstract—Intrusion analysis, i.e. the process of combing through IDS alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The major root cause of this problem is the large rate of false positives in the sensors us ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Intrusion analysis, i.e. the process of combing through IDS alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The major root cause of this problem is the large rate of false positives in the sensors used by IDS systems to detect malicious activities. This work presents an approach to handling such uncertainty through the Dempster-Shafer (DS) theory that uses a generalization of probabilities called beliefs to characterize confidence in evidence in support of a given hypothesis. We address a number of practical but fundamental issues in applying DS to intrusion analysis, including how to model sensors ’ trustworthiness, where to obtain such parameters, and how to address the lack of independence among alerts. We present an efficient algorithm for computing a belief score for a given hypothesis, e.g. a specific machine is compromised. The belief strength can be used to prioritize further analysis by a human analyst of the hypotheses and the associated evidence. We have implemented our approach for the open-source IDS system Snort and evaluated its effectiveness on a number of data sets as well as a production network. The verification of belief scores showed that it can be effective in taming the high false positive rate problem in intrusion analysis. I.
unknown title
"... Abstract — Active response is a sequence of actions performed specifically to mitigate a detected threat. Response decisions always follow detection: a decision to take ‘no action ’ remains a response decision. However, active response is a complex subject that has received insufficient formal atten ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract — Active response is a sequence of actions performed specifically to mitigate a detected threat. Response decisions always follow detection: a decision to take ‘no action ’ remains a response decision. However, active response is a complex subject that has received insufficient formal attention. To facilitate discussion, this paper provides a framework that proposes a common definition, describes the role of response and the major issues surrounding response choices, and finally, provides a model for the process of response. This provides a common starting point for discussion of the full response continuum as an integral part of contemporary computer security. I.
