By Topic

Computer Network Defense (EC2ND), 2011 Seventh European Conference on

Date 6-7 Sept. 2011

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2011, Page(s): C4
    Request permission for commercial reuse | PDF file iconPDF (3884 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2011, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (18 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2011, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (36 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2011, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (118 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):v - vi
    Request permission for commercial reuse | PDF file iconPDF (130 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2011, Page(s): vii
    Request permission for commercial reuse | PDF file iconPDF (68 KB)
    Freely Available from IEEE
  • Conference Committees

    Publication Year: 2011, Page(s):viii - ix
    Request permission for commercial reuse | PDF file iconPDF (75 KB)
    Freely Available from IEEE
  • External Reviewers

    Publication Year: 2011, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (61 KB)
    Freely Available from IEEE
  • Sponsors

    Publication Year: 2011, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (208 KB)
    Freely Available from IEEE
  • A Rose by Any Other Name or an Insane Root? Adventures in Name Resolution

    Publication Year: 2011, Page(s):1 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (223 KB)

    Namespaces are fundamental to computing systems. Each namespace maps the names that clients use to retrieve resources to the actual resources themselves. However, the indirection that namespaces provide introduces avenues of attack through the name resolution process. Adversaries can trick programs into accessing unintended resources by changing the binding between names and resources and by using... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Botnets That Use DNS for Command and Control

    Publication Year: 2011, Page(s):9 - 16
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (220 KB)

    We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • dead.drop: URL-Based Stealthy Messaging

    Publication Year: 2011, Page(s):17 - 24
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (438 KB)

    In this paper we propose the use of URLs as a covert channel to relay information between two or more parties. We render our technique practical, in terms of bandwidth, by employing URL-shortening services to form URL chains of hidden information. We discuss the security aspects of this technique and present proof-of-concept implementation details along with measurements that prove the feasibility... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adaptive Detection of Covert Communication in HTTP Requests

    Publication Year: 2011, Page(s):25 - 32
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (245 KB)

    The infection of computer systems with malicious software is an enduring problem of computer security. Avoiding an infection in the first place is a hard task, as computer systems are often vulnerable to a multitude of attacks. However, to explore and control an infected system, an attacker needs to establish a communication channel with the victim. While such a channel can be easily established t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IRILD: An Information Retrieval Based Method for Information Leak Detection

    Publication Year: 2011, Page(s):33 - 40
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (185 KB)

    The traditional approach for detecting information leaks is to generate fingerprints of sensitive data, by partitioning and hashing it, and then comparing these fingerprints against outgoing documents. Unfortunately, this approach incurs a high computation cost as every part of document needs to be checked. As a result, it is not applicable to systems with a large number of documents that need to ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures

    Publication Year: 2011, Page(s):41 - 48
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (539 KB)

    We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Remote Control of Smart Meters: Friend or Foe?

    Publication Year: 2011, Page(s):49 - 56
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (286 KB)

    The traditional electrical grid is transitioning into the smart grid. New equipment is being installed to simplify the process of monitoring and managing the grid, making the system more transparent to use but also introducing new security problems. Smart meters are replacing the traditional electrical utility meters, offering new functionalities such as remote reading, automatic error reporting, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Anti-Social Behavior of Spam

    Publication Year: 2011, Page(s): 57
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (95 KB)

    Spam mitigation strategies that aim at detecting spam on the network level, should classify email senders based on their sending behavior rather than the content of what they send. To achieve this goal, we have performed a social network analysis on a network of email communications. Such a network captures the social communication patterns of email senders and receivers. Our social network analys... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Location Privacy: User-Centric Threat Analysis

    Publication Year: 2011, Page(s): 58
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (77 KB)

    Information that describes the geographic locations of a person over time is a fairly new class of potentially privacy-harming data. In pace with certain technological advances of the recent years, more and more location data is generated and processed by various systems. Its usage for different location-based services (including the integration into social network services) encounters a steep and... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mitigating Distributed Denial-of-Service Attacks: Application-Defense and Network-Defense Methods

    Publication Year: 2011, Page(s): 59
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (81 KB)

    Summary form only given. Distributed Denial of Service (DDoS) attacks can be so powerful that they can easily deplete the computing resources or bandwidth of the potential targets. Based on the types of the targets, DDoS attacks can be addressed in two levels: application-level and network-level. Taking the network-based applications into consideration, a weak point is that they commonly open some... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CAPTCHuring Automated (Smart)Phone Attacks

    Publication Year: 2011, Page(s): 60
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (117 KB)

    In this work we expand the notion of Phone CAPTCHAs as a countermeasure against DIAL attacks. We explore several axes upon which they can be improved. We also propose their use as defense mechanisms against several recent attacks that target smartphones. Our key contributions are summarized as follows: As shown in our previous work, end telephone devices have little means to defend themselves from... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security in Wireless Sensor Networks

    Publication Year: 2011, Page(s): 61
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (80 KB)

    A wireless sensor network is a network of small computers, sensor nodes, that can gather information via its sensors, do computations and communicate wirelessly with other sensor nodes. In general a wireless sensor network is an ad hoc network in which the nodes organize themselves without any preexisting infrastructure. Once in the area, the nodes that survived the deployment procedure communicat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Discussion Panel in conjunction with the 7th European Conference on Computer Network Defense (EC2ND 2011): Security Issues in the Smart Grid

    Publication Year: 2011, Page(s):62 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (87 KB)

    For EC2ND 2011, a special emphasis was given to the protection against attacks in "special environments," such as the ICT component of the smart grid, or the protection against attacks that could cause a large societal impact. To complement the research papers, also a panel was organized to discuss security issues in the smart grid. The members of the panel represent several of the a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2011, Page(s): 64
    Request permission for commercial reuse | PDF file iconPDF (60 KB)
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2011, Page(s): 66
    Request permission for commercial reuse | PDF file iconPDF (125 KB)
    Freely Available from IEEE