By Topic

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop

Date 15-17 June 2005

Filter Results

Displaying Results 1 - 25 of 89
  • Real-time and forensic network data analysis using animated and coordinated visualization

    Publication Year: 2005, Page(s):42 - 49
    Cited by:  Papers (13)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (488 KB) | HTML iconHTML

    Rapidly detecting and classifying malicious activity contained within network traffic is a challenging problem exacerbated by large datasets and functionally limited manual analysis tools. Even on a small network, manual analysis of network traffic is inefficient and extremely time consuming. Current machine processing techniques, while fast, suffer from an unacceptable percentage of false positiv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluation of image compression algorithms for fingerprint and face recognition systems

    Publication Year: 2005, Page(s):72 - 78
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (404 KB) | HTML iconHTML

    A variety of widely accepted and efficient compression methods do exist for still images. To name a few, there are standardised schemes like JPEG and JPEG2000 which are well suited for photorealistic true colour and grey scale images and usually operated in lossy mode to achieve high compression ratios. These schemes are well suited for images that are processed within face recognition systems. In... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a third generation data capture architecture for honeynets

    Publication Year: 2005, Page(s):21 - 28
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (491 KB) | HTML iconHTML

    Honeynets have become an important tool for researchers and network operators. However, their effectiveness has been impeded by a lack of a standard unified honeynet data model which results from having multiple unrelated data sources, each with its own access method and format. In this paper we propose a new data collection architecture that addresses the need for both rapid comprehension and det... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Molehunt: near-line semantic activity tracing

    Publication Year: 2005, Page(s):410 - 418
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (573 KB) | HTML iconHTML

    This paper discusses threats posed by low granularity in access to confidential (classified) data typically found at lower protection levels, namely direct access beyond need to know and the correlation of materials yielding more sensitive aggregate data by both insider threats and malware, an area of particular concern for intelligence analysis. It is argued that while active security controls at... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An e-mail honeypot addressing spammers' behavior in collecting and applying addresses

    Publication Year: 2005, Page(s):37 - 41
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (257 KB) | HTML iconHTML

    Spam has become one of the most annoying and costly phenomenon in the Internet. Valid e-mail addresses belong to the most valuable resources of spammers, but little is known about spammers' behavior when collecting and harvesting addresses and spammers' capabilities and interest in carefully directed, consumer-oriented marketing have not been explored yet. Gaining insight into spammers' ways to ob... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Wireless provisioning in hostile RF environments

    Publication Year: 2005, Page(s):348 - 355
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (458 KB) | HTML iconHTML

    In this document we propose a new wireless access point (WAP) design, the SmartAP, which provides a high quality and quantity of client access in a wireless local area network (WLAN) but which also assures a heretofore unparalleled level of security and uptime because of novel emplacement and management of multiple transceivers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Investigating performance and impacts on fingerprint recognition systems

    Publication Year: 2005, Page(s):1 - 7
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (379 KB) | HTML iconHTML

    This paper presents a comparative study on fingerprint recognition systems. The goal of this study was to investigate the capability characteristics of biometric systems regarding integration of biometric features in personnel documents such as ID cards and Visa application documents. Thus the designed test has the focus on performance testing of selected algorithms and systems with dedicated inve... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distribution of patches within vulnerable systems: a distributed model

    Publication Year: 2005, Page(s):458 - 460
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (150 KB) | HTML iconHTML

    This paper proposes an architecture for automated patch distribution on the network through a peer-to-peer (P2P) architecture. The authors contend that use of P2P systems to distribute software patches on networked computers will reduce average time of patch installation after release and improve compliance with patch installation due to ease of deployment. To facilitate such a patch distribution ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Malware examiner using disassembled code (MEDiC)

    Publication Year: 2005, Page(s):428 - 429
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (112 KB) | HTML iconHTML

    Current static malware detection techniques have serious limitations, and sandbox testing also fails to provide a complete solution due to time constraints. In this paper, we present a robust assembly language signature-based malware detection technique, with emphasis on detecting obfuscated (or polymorphic) malware and mutated (or metamorphic) malware. The hypothesis is that all versions of the s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The response continuum

    Publication Year: 2005, Page(s):258 - 265
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (482 KB) | HTML iconHTML

    Active response is a sequence of actions performed specifically to mitigate a detected threat. Response decisions always follow detection: a decision to take 'no action' remains a response decision. However, active response is a complex subject that has received insufficient formal attention. To facilitate discussion, this paper provides a framework that proposes a common definition, describes the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IA risk assessment process

    Publication Year: 2005, Page(s):440 - 441
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB) | HTML iconHTML

    When considering the information assurance (IA) requirement against a particular program, one must consider the actual risk that needs to be mitigated by any proposed solution. Understanding the actual risk and applying only those solutions deemed necessary will provide a best value approach to the customer. This paper defines one method to gain an understanding of IA risk by exploring the threats... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Incorporating vendor-based training into security courses

    Publication Year: 2005, Page(s):172 - 175
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (224 KB) | HTML iconHTML

    This paper discusses the call for more relevant knowledge and skills by industry and details of the incorporation of the Cisco Fundamentals of Network Security (FNS) into undergraduate degree programs at Curtin University. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inline network encryptors - enabling Internet protocol tunneling for securing data

    Publication Year: 2005
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (41 KB) | HTML iconHTML

    This paper presents an analysis of the different TNEs available to DoD, their capabilities and usability. Also, this paper examines the technical support provided by the Battle Command Battle Laboratory-Gordon (BCBL-G) and the results of the test and evaluation conducted on the general dynamics KG-235 Sectera FNE by the Army Test and Evaluation Command (ATEC). This evaluation includes examining th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting honeypots and other suspicious environments

    Publication Year: 2005, Page(s):29 - 36
    Cited by:  Papers (25)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (508 KB) | HTML iconHTML

    To learn more about attack patterns and attacker behavior, the concept of electronic decoys, i.e. network resources (computers, routers, switches, etc.) deployed to be probed, attacked, and compromised, is used in the area of IT security under the name honeypots. These electronic baits lure in attackers and help in assessment of vulnerabilities. Because honeypots are more and more deployed within ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safe renewal of a random key pre-distribution scheme for trusted devices

    Publication Year: 2005, Page(s):142 - 149
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (546 KB) | HTML iconHTML

    Evolving application scenarios involving ubiquitous, heterogeneous devices (some of which may be severely resource constrained) forming cooperative ad hoc networks, calls for a different model for "trust". It is the devices that are trusted - not the operators or the "owners" of the devices. Any security solution based on trusted devices demands mechanisms for read-proofing the secrets stored in t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ad hoc network security: peer identification and authentication using signal properties

    Publication Year: 2005, Page(s):432 - 433
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (120 KB) | HTML iconHTML

    As networking architectures grow and develop, the pace of security in these networks must keep pace. This paper is interested in identification and authentication in ad hoc networks, which are particularly susceptible to identity attacks, such as masquerading and malicious alias attacks. To mitigate these identity attacks, we propose to associate the message transmitter with a location and use thi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MAC layer anomaly detection in ad hoc networks

    Publication Year: 2005, Page(s):402 - 409
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (506 KB) | HTML iconHTML

    It is evident that traditional end-to-end intrusion detection mechanisms developed on wireless local area networks (WLANs) and wired networks are no longer sufficient for breach investigation in ad hoc networks. Most existing intrusion detection techniques for ad hoc networks are proposed on the network layer. In general, these techniques have difficulty to localize attack source, and can not resp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • FABS: file and block surveillance system for determining anomalous disk accesses

    Publication Year: 2005, Page(s):207 - 214
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (491 KB) | HTML iconHTML

    Despite increasingly sophisticated security measures, attackers have continued to find ways to gain access to stored data with impacts including data disclosure, modification, or deletion. There currently exist no tools independent of the operating system to monitor storage status. The authors introduced FABS as a comprehensive tool to monitor storage for anomalous accesses. A scalable GUI prototy... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Closing-the-loop: discovery and search in security visualizations

    Publication Year: 2005, Page(s):58 - 63
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (385 KB) | HTML iconHTML

    The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. How... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reverse code engineering: an in-depth analysis of the Bagle virus

    Publication Year: 2005, Page(s):380 - 387
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (431 KB) | HTML iconHTML

    This paper is the result of work done in the field of reverse code engineering and how it could be applied to better detecting viruses and worms. The goal of this paper is to try to answer the following two questions: How do you reverse engineer a virus and can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? In addition... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in biometric authentication

    Publication Year: 2005, Page(s):8 - 13
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (381 KB) | HTML iconHTML

    User authentication is fundamental to the protection of information systems. It is the first and most critical link in the security chain that restricts access to system and data resources to legitimate users only. The advantages of using biometrics to verify a person's identity over using passwords or tokens have been broadly presented. However, recent research has revealed that biometric technol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enterprise network security and extensions to Galois/counter mode encryption

    Publication Year: 2005, Page(s):166 - 171
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (354 KB) | HTML iconHTML

    The need for improved security has been widely recognized in the information technology industry. However, the increased overhead associated with most data encryption schemes has not been fully quantified for either current generation enterprise servers or future systems. In this paper, the author reported on an enterprise storage area network test bed used to evaluate the performance impact of st... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Making garbage collection dependable through a run-time monitor

    Publication Year: 2005, Page(s):424 - 425
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (136 KB) | HTML iconHTML

    This paper examines Java security models and describes security issues in garbage collection, memory metrics used to predict program behaviors, and their relations. These metrics are collected and analyzed at run-time to assure dependability. Undependable factors come from heap memory attacks which are introduced and classified into "slow death" and "fast death" categories. "Slow death" is to chro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application of zeta function to quantum cryptography

    Publication Year: 2005, Page(s):430 - 431
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (114 KB) | HTML iconHTML

    A central problem in cryptography is to establish the existence of one-way function. We introduce a new class of one-way functions based on the arithmetic theory of zeta functions and recent research on quantum algorithms on zeta function computation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A visualization paradigm for network intrusion detection

    Publication Year: 2005, Page(s):92 - 99
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (506 KB) | HTML iconHTML

    We present a novel paradigm for visual correlation of network alerts from disparate logs. This paradigm facilitates and promotes situational awareness in complex network environments. Our approach is based on the notion that, by definition, an alert must possess three attributes, namely: what, when, and where. This fundamental premise, which we term w3, provides a vehicle for comparing ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.