2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)

5-5 Nov. 2015

Filter Results

Displaying Results 1 - 20 of 20
  • [Front cover]

    Publication Year: 2015, Page(s): c1
    Request permission for reuse | PDF file iconPDF (1575 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2015, Page(s): i
    Request permission for reuse | PDF file iconPDF (13 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2015, Page(s): iii
    Request permission for reuse | PDF file iconPDF (49 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2015, Page(s): iv
    Request permission for reuse | PDF file iconPDF (119 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2015, Page(s):v - vi
    Request permission for reuse | PDF file iconPDF (126 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2015, Page(s): vii
    Request permission for reuse | PDF file iconPDF (110 KB)
    Freely Available from IEEE
  • Conference Organization

    Publication Year: 2015, Page(s): viii
    Request permission for reuse | PDF file iconPDF (93 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2015, Page(s): ix
    Request permission for reuse | PDF file iconPDF (94 KB)
    Freely Available from IEEE
  • Sponsors

    Publication Year: 2015, Page(s): x
    Request permission for reuse | PDF file iconPDF (70 KB)
    Freely Available from IEEE
  • Tracking Network Events with Write Optimized Data Structures

    Publication Year: 2015, Page(s):1 - 7
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (233 KB) | HTML iconHTML

    Access to network traffic records is an integral part of recognizing and addressing network security breaches. Even with the increasing sophistication of network attacks, basic network events such as connections between two IP addresses play an important role in any network defense. Given the duration of current attacks, long-term data archival is critical but typically very little of the data is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MAD: A Middleware Framework for Multi-step Attack Detection

    Publication Year: 2015, Page(s):8 - 15
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (199 KB) | HTML iconHTML

    Signature-based network intrusion detection systems (NIDS) are one of the most popular tools used to detect and stop malicious attacks or unwanted actions. However, as network attacks become more sophisticated and diversified, the accuracy of signature-based NIDS that rely only on live network traffic decreases significantly. Recent research efforts have proposed to archive the raw contents of the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • INTERCEPT+: SDN Support for Live Migration-Based Honeypots

    Publication Year: 2015, Page(s):16 - 24
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (312 KB) | HTML iconHTML

    This paper introduces a novel honeypot for web application. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, there remains difficulty for developing a lure-able, protect-able, and deception-able honeypot for web applications. In this paper, we present an ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems

    Publication Year: 2015, Page(s):25 - 31
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (183 KB) | HTML iconHTML

    Because of the increase flow of network traffic and its significance to the provision of ubiquitous services, cyberattacks attempt to compromise the security principles of confidentiality, integrity and availability. A Network Intrusion Detection System (NIDS) monitors and detects cyber-attack patterns over networking environments. Network packets consist of a wide variety of features which negati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Bayesian Decision Making to Detect Slow Scans

    Publication Year: 2015, Page(s):32 - 41
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (698 KB) | HTML iconHTML

    In a targeted cyberattack, attackers perform a search for vulnerable hosts in the internal network of targeting organization. Then, they try to increase the number of hosts that can be used as stepping stone for further attacks. Attackers would like to perform these activities in hidden from networkbased security appliances such as firewalls and network intrusion detection systems (NIDSs). One of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • DGA Bot Detection with Time Series Decision Trees

    Publication Year: 2015, Page(s):42 - 53
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1111 KB) | HTML iconHTML

    This paper introduces a behavioral model for botnet detection that leverages the Domain Name System (DNS) traffic in large Internet Service Provider (ISP) networks. More particularly, we are interested in botnets that locate and connect to their command and control servers thanks to Domain Generation Algorithms (DGAs). We demonstrate that the DNS traffic generated by hosts belonging to a DGA botne... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Social Forensics: Searching for Needles in Digital Haystacks

    Publication Year: 2015, Page(s):54 - 66
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1219 KB) | HTML iconHTML

    The use of online social networks and other digital communication services has become a prevalent activity of everyday life. As such, users' social footprints contain a massive amount of data, including exchanged messages, location information and photographic coverage of events. While digital forensics has been evolving for several years with a focus on recovering and investigating data from digi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Text-Mining Approach for Estimating Vulnerability Score

    Publication Year: 2015, Page(s):67 - 73
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (576 KB) | HTML iconHTML

    This paper develops a method that can automatically estimate the security metrics of documents written in natural language. Currently, security metrics play an important role in assessing the impact and risks of cyberthreats. Security metrics also enable operators to recognize emerging cyberthreats and to prioritize operations in order to mitigate such threats. In this paper, we focus on estimatin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AJNA: Anti-phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS

    Publication Year: 2015, Page(s):74 - 84
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (250 KB) | HTML iconHTML

    HTTPS websites are often considered safe by the users, due to the use of the SSL/TLS protocol. As a consequence phishing web pages delivered via this protocol benefit from that higher level of trust as well. In this paper, we assessed the relevance of heuristics such as the certificate information, the SSL/TLS protocol version and cipher-suite chosen by the servers, in the identification of phishi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2015, Page(s): 85
    Request permission for reuse | PDF file iconPDF (56 KB)
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2015, Page(s): 86
    Request permission for reuse | PDF file iconPDF (129 KB)
    Freely Available from IEEE