Computer Aided Threat Identification

2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), 2011

This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.

Proceedings of the 2014 conference companion on Genetic and evolutionary computation companion - GECCO Comp '14, 2014

This paper presents an approach, based in a project in development, which combines Data Mining, Machine Learning and Computational Intelligence techniques, in order to create a user-centric and adaptable corporate security system. Thus, the system, named MUSES, will be able to analyse the user's behaviour (modelled as events) when interacting with the company's server, accessing to corporate assets, for instance. As a result of this analysis, and after the application of the aforementioned techniques, the Corporate Security Policies, and specifically, the Corporate Security Rules will be adapted to deal with new anomalous situations, or to better manage user's behaviour. The work reviews the current state of the art in security issues resolution by means of these kind of methods. Then it describes the MUSES features in this respect and compares them with the existing approaches.

Abstract Access control is an important security activity that prevents undesired persons from entering secure buildings or perimeters. The advanced risk analysis presented in this paper enables distinguishing between acceptable and undesired entries based on several entry sensors, such as fingerprint readers, and intelligent methods that learn behavior from previous entries.

2021

An organization that works with any information must have a security system capable of protecting the information. However, the costs to be made to ensure a high level of security may not justify itself. The cost of securing a security system, the choice of the level of protection acceptable to the organization, is an important condition for putting the issue of Information Security. To solve this issue, it is necessary to conduct analytical experiments that will allow to assess the degree of protection of the resources of the organization. There are different methods and algorithms for assessing risks. Most of them differ in their probability and methods of assessing damage. The amount of risk analysis and management by experts has made the issue of developing methods and algorithms that rely on valid indicators assessed by experts up to date. This case allows you to determine the odds in a certain correlation, calculate using mathematical formulas and make the same interpretation of the results.

2012

Deployed software, now-a-days, are continuously under attack. Attackers have been exploiting vulnerabilities for decades and seem to be on rise everyday. Firewalls, intrusion detection and antivirus systems cannot simply solve this problem to the desirable extent. The major reason may be the in-built vulnerabilities, which are not curable at these stages. Only a concerted effort, by the software development community for building more secure software can foil attacks and allow users to feel protected from the exploitation. It is observed that each phase of the SDLC should include the appropriate security assurance mechanisms and countermeasures. From requirements through design and implementation, to testing and deployment, security measures must be embedded throughout the SDLC phases. „Access Control and Rights‟ is one of the measure protective mechanisms, which is broadly accepted. Appropriate level of access control may well enforce security features and hence assure security. In...

In electronic business environment, it is critical for an enterprise to assess information systems security risks. In this paper, an intelligent system for information systems security risk assessment is proposed. In order to identify the security risks in an enterprise, the proposed system utilizes genetic algorithm to search the rules of risk identification based on historical data. According to the results of risk identification, a BN is developed to predict security risks, identify sources of risks, and take proper measure to reduce risk occurrence probability in the information systems. Finally, the system is further demonstrated and validated via a case study.

2011

ABSTRACT Among various attacks that may potentially target information systems, insider threat is recognized as an important factor of serious damage. In this paper, we investigate this problem from the view of authorizations in the context of access control. The objectives are to assess the sensitive authorizations in a system and to make appropriate arrangement for reducing the convenience of insider fraud.

Journal of Cyber Security and Risk Auditing (JCSRA), 2025

The main purpose of this research is to perform a comprehensive analysis of cyber risks in workstation domain, including classifying threats, vulnerabilities, impacts, and countermeasures. This classification helps to identify suitable security controls to mitigate cyber risks for each type of attack. Additionally, this study aims to explore the main vulnerabilities based on the type of attack in workstation domain. This study employs the content analysis technique to collect, analyze, and classify data in terms of types of threats, vulnerabilities, and countermeasures. The methodology comprises four primary steps: (1) identifying key components, (2) threat identification, (3) vulnerability identification, and (4) countermeasure identification. The findings indicate that malware attacks and man in middle attacks were the most prevalent attacks in workstation domain, each accounting for 27% and 25% of incidents. The results found that unpatched software and weak access controls were classified as the most critical threats in the workstation domain, comprising 21% and 20% of incidents, respectively. The results also indicated that encryption methods, access controls mechanisms and firewall malware protection are the most significant and effective countermeasures for protecting the workstation domain environment. The findings of this study provides valuable recommendations for academic research in classifying the different types of cyber threats and understanding the significant security controls against cyber-attacks in workstation domain.

2010

The aim of this study is threefold. First, a qualitative information security risk survey is implemented in human resources department of a logistics company. Second, a machine learning risk classification and prediction model with proper data set is established from the results obtained in this survey. Third, several classifier algorithms are tested where their training and test performances are compared

International Journal of Communication Systems, 2005

The need to secure information systems and networked infrastructures is now commonplace in most enterprises. The use of novel communication technologies has became a crucial factor that can considerably improve or affect productivity. This is essentially due to the importance of the information transmitted across communication networks and stored in servers. As a consequence, strong ties are being built between security and the enterprise business activity. Risk management, which is the discipline that deals with this aspect, integrates a litany of architectures, techniques, and models that are described in this paper. A global view is proposed to the reader through a presentation of the research activity that has been directed towards this field. sophisticated malicious acts. Such assertion is obviously wrong as the real weakness resides at the security planning level. Henceforth, structured methodologies that identify, analyse, and mitigate computer security risks have been evolved to help enterprises integrate security in their strategic plans. In fact, experience has shown that the appropriate application of a risk management (RM) approach would considerably limit the aforementioned losses.