By Topic

Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.

10-11 June 2004

Filter Results

Displaying Results 1 - 25 of 79
  • GSWLAN: a new architecture model for a generic and secure wireless LAN system

    Publication Year: 2004, Page(s):434 - 435
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (840 KB) | HTML iconHTML

    Existing WLAN security schemes are few and product specific. While there exist some schemes for dealing with problems relating to information integrity, there are hardly any standard solutions for security problems relating to quality of service and network health maintenance in wireless networks. In the absence of strong standards, the existing approach to general WLAN security is vendor specific... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fuzzy dependency and its applications in damage assessment and recovery

    Publication Year: 2004, Page(s):350 - 357
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1141 KB) | HTML iconHTML

    Fuzzy dependency in a database delineates a loose dependency relationship between two sets of attributes. It describes logical relationships among attributes in a database relation and those relationships can't be fully specified by functional dependencies, which focus on database schema and data organization. This characteristic of the database schema can be used to perform damage assessment and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Markov chains in network intrusion detection

    Publication Year: 2004, Page(s):432 - 433
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (837 KB) | HTML iconHTML

    Connectivity of computers around the world has escalated the importance of computer security. Intrusion detection adds another dimension to computer security. When prevention methods fail, intrusion detection systems recognize attacks as they occur. This research concentrates on network packets and examines the data in the TCP and IP headers. Markov chains are used to describe the normal transitio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Honeyfiles: deceptive files for intrusion detection

    Publication Year: 2004, Page(s):116 - 122
    Cited by:  Papers (13)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1037 KB) | HTML iconHTML

    This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honey file is accessed. For example, a honeyfile named "passwords.txt" would be enticing to most hackers. The file server's end-users create honeyfiles, and the end-users receive the honeyfile's alarm... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Recursive data mining for masquerade detection and author identification

    Publication Year: 2004, Page(s):424 - 431
    Cited by:  Papers (17)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1173 KB) | HTML iconHTML

    In this paper, a novel recursive data mining method based on the simple but powerful model of cognition called a conceptor is introduced and applied to computer security. The method recursively mines a string of symbols by finding frequent patterns, encoding them with unique symbols and rewriting the string using this new coding. We apply this technique to two related but important problems in com... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enhanced secure dynamic DNS update with indirect route

    Publication Year: 2004, Page(s):335 - 341
    Cited by:  Papers (2)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1062 KB) | HTML iconHTML

    In this paper, we present the design and implementation of the enhanced secure dynamic DNS update with indirect route (the IR DNS update). The existing DNS update may experience serious performance problem when the normal Internet route is unstable or unavailable due to DDoS attacks. By setting up indirect route via a set of proxy servers from the target side DNS server to the client side DNS serv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the security of random key pre-distribution schemes

    Publication Year: 2004, Page(s):153 - 160
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1209 KB) | HTML iconHTML

    Key pre-distribution (KPD) schemes, which are inherently trade-offs between security and complexity, are perhaps well suited for securing large-scale deployments of resource constrained nodes without persistent access to a trusted authority (TA). However, the need to offset their inherent security limitations, calls for some degree of tamper-resistance of nodes. Obviously, if absolute tamper-resis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Trusted Computing Exemplar project

    Publication Year: 2004, Page(s):109 - 115
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1155 KB) | HTML iconHTML

    We describe the Trusted Computing Exemplar project, which is producing an openly distributed worked example of how high assurance trusted computing components can be built. The TCX project encompasses four related activities: creation of a prototype framework for rapid high assurance system development; development of a reference-implementation trusted computing component; evaluation of the compon... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Investigation of pushback based detection and prevention of network bandwidth attacks

    Publication Year: 2004, Page(s):416 - 423
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1144 KB) | HTML iconHTML

    Pushback approach has been applied for the detection and prevention against DDoS attacks by identifying the destination IP addresses in the dropped packets when congestion happens. The identified destination IP addresses are used to guide the subsequent packet dropping at both local router and upstream routers so that the total bandwidth can be controlled within a desired range. This paper investi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Agent based multiple level dynamic multimedia security system

    Publication Year: 2004, Page(s):291 - 297
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1048 KB) | HTML iconHTML

    We propose a new security system called agent based multiple level dynamic multimedia security system (AB-MLDMSS) based on software agent technology and multiple security level technology to support various security services for user's data and secure distribution to the requested security group. It incorporates technologies of software agent, multiple security level, and secret splitting, data re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protocol anomaly detection and verification

    Publication Year: 2004, Page(s):74 - 81
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1139 KB) | HTML iconHTML

    'How to distinguish protocol anomalies from network traffic?' 'How to normalize protocol usage against misuse problem based on the same protocol specification?' and 'How to detect and verify protocol anomalies in realtime?', we seek to answer these questions. In order to solve these questions, we have normalized layer-3 and layer-4 protocol usage, and we have designed a packet verifier with a pack... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defending against traffic analysis attacks with link padding for bursty traffics

    Publication Year: 2004, Page(s):46 - 51
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (999 KB) | HTML iconHTML

    Preventing networks from being attacked has become a critical issue for network administrators and researchers. Even for systems where encryption is used they are still vulnerable to traffic analysis attacks. Attackers can launch catastrophic distributed denial of services attacks based on the critical link information derived from traffic analysis. Link padding can be used to defend against such ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application of a methodology to characterize rootkits retrieved from honeynets

    Publication Year: 2004, Page(s):15 - 21
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1171 KB) | HTML iconHTML

    Techniques and methods currently exist to detect if a certain type of rootkit has exploited a computer systems. However, these current techniques and methods can only indicate that a system has been exploited by a rootkit. We are currently developing a methodology to indicate if a rootkit is previously known or if it is a modified or entirely new rootkit. We present in this paper an application of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Simulation for training computer network operations

    Publication Year: 2004, Page(s):329 - 334
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1039 KB) | HTML iconHTML

    Attacks on Department of Defense computer systems are a serious and growing threat. The cornerstone to the protection of these highly valuable networks is education and training. The U. S. Strategic Command is examining a new tool to train and exercise computer security to determine if the complex concepts relating to computer security can be more effectively taught by including simulations in the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security feature comparison for fibre channel storage area networks switches

    Publication Year: 2004, Page(s):203 - 209
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1130 KB) | HTML iconHTML

    This paper presents the results of an independent comparison of security and intrusion detection features implemented in fibre channel fabric switches. These switches are a key element in optical storage area networks. Using an enterprise testbed with mainframe servers and multiterabyte storage, we evaluate four major switch platforms and compare the results. We also consider security concerns for... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Classification of computer attacks using a self-organizing map

    Publication Year: 2004, Page(s):365 - 369
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB) | HTML iconHTML

    As computer technology evolves and the threat of computer crimes increases, the apprehension and preemption of such violations become more and more difficult and challenging. To date, it appears that completely preventing breaches of security is unrealistic. Therefore, we must try to detect and classify these intrusions as they occur so that immediate actions may be taken to repair the damage and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • UML extensions for honeypots in the ISTS Distributed Honeypot Project

    Publication Year: 2004, Page(s):130 - 137
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1142 KB) | HTML iconHTML

    A distributed honeypot system is a collection of honeypots distributed throughout the Internet that send their data to a central analysis point. In such a system, the need for automation, flexibility, and transparency in data control, data capture, and honeypot cleanup is more readily satisfied with virtual machine technology than with native installations. The Distributed Honeypot Project at Dart... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Context-based adaptive control in autonomous systems

    Publication Year: 2004, Page(s):88 - 94
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1093 KB) | HTML iconHTML

    In this paper we introduce the concept of a context as a tool for adaptive control in autonomous systems. We provide a mechanism to represent the context information, and apply it to devise a practical methodology to prioritize the operations in an autonomous system. We illustrate the methodology using an intrusion management system and an autonomous battlefield theater. The context specification ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic document reclassification for preventing insider abuse

    Publication Year: 2004, Page(s):218 - 225
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1120 KB) | HTML iconHTML

    Digital documents in an organization are usually classified into static secrecy levels such as top-secret, secret, confidential and unclassified. Factors such as changes in the user hierarchy and addition of new projects generally require a change in a document's importance. Enforcing such changes in relative importance (RI) of documents protect the privileged documents from insider abuse. In this... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Forensics for advanced UNIX file systems

    Publication Year: 2004, Page(s):377 - 385
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1198 KB) | HTML iconHTML

    Advanced UNIX file systems differ substantially from traditional UNIX file systems with respect to their internal layout and data structures. This paper analyzes these differences and their effects on the methods and results of digital forensic media analysis. In addition, it provides results from a prototype implementation of a forensic toolkit for an advanced UNIX file system, IBM's Journaling F... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Public key cryptography with matrices

    Publication Year: 2004, Page(s):146 - 152
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1042 KB) | HTML iconHTML

    We discuss how public key cryptography can be achieved using simple multiplication of matrices over a given commutative ring. We propose a trapdoor function, which is one of the fastest one in the cryptographic literature known to the author. Using this trapdoor function we describe algorithms for key agreement and public key encryption whose security is based on solving a system of multivariate q... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling critical infrastructure requirements

    Publication Year: 2004, Page(s):101 - 108
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1249 KB) | HTML iconHTML

    Critical infrastructures in industrialized nations form a highly interdependent network that must be protected against both intrinsic defects and active attacks. This requires local as well as joint situational awareness based on current, accurate, and semantically unambiguous data as well as simulations, particularly of attack scenarios, necessitating in turn automated information sharing measure... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing forensic computing tools and techniques within a holistic framework: an Australian approach

    Publication Year: 2004, Page(s):394 - 400
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1119 KB) | HTML iconHTML

    This paper details work-in-progress in the development of conceptual framework within which to position diverse approaches to forensic computing investigations. From this framework a suite of forensic computing tools and investigative procedures to aid police and intelligence investigators in the cyber-policing of e-crime and cyber-terrorism are being produced. These tools aid in the detection of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Who has the keys to the vault? Protecting secrets on Laptops

    Publication Year: 2004, Page(s):410 - 415
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1034 KB) | HTML iconHTML

    This paper discusses the security of data on laptops and produces a model for the partitioning and encryption of sensitive data. An overview of a solution based upon this model encompassing encryption, user authentication and access control is also presented. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network abuse detection via flow content characterization

    Publication Year: 2004, Page(s):285 - 290
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1047 KB) | HTML iconHTML

    One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and the availability of proxies for tunneling makes it difficult to detect such abuse and easy to circumvent security polici... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.