Visualization Technique for Intrusion Detection

Intrusion detection system (IDS) plays a vital and crucial role in a computer security. However, they suffer from a number of problems such as low detection of DoS (denial-of-service)/DDoS (distributed denial-of-service) attacks with a high rate of false alarms. In this chapter, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets), which are automatically represented by simple geometric graphs in order to highlight relevant elements. Two implementations for this technique are performed. The first is based on the Euclidian distance while the second is based on KNN algorithm. The effectiveness of the proposed technique has been proven through a simulation of network traffic drawn from the 10% KDD and a comparison with other classification techniques for intrusion detection.

A Lightweight Authentication and Encryption Protocol for Secure Communications Between Resource-Limited Devices Without Hardware Modification

In this chapter, the authors examine the theoretical context for the security of wireless communication between ubiquitous computing devices and present an implementation that addresses this need. The number of resource-limited wireless devices utilized in many areas of the IT industry is growing rapidly. Some of the applications of these devices pose real security threats that can be addressed using authentication and cryptography. Many of the available authentication and encryption software solutions are predicated on the availability of ample processing power and memory. These demands cannot be met by most ubiquitous computing devices; thus, there is a need to apply lightweight cryptography primitives and lightweight authentication protocols that meet these demands in any application of security to devices with limited resources. The analysis of the lightweight solutions is divided into lightweight authentication protocols and lightweight encryption algorithms. The authors present a prototype running on the nRF9E5 microcontroller that provides necessary authentication and encryption on resource-limited devices.

Metamorphic Malware Detection Using Minimal Opcode Statistical Patterns

High-speed and accurate malware detection for metamorphic malware are two goals in antiviruses. To reach beyond this issue, this chapter presents a new malware detection method that can be summarized as follows: (1) Input file is disassembled and classified to obtain the minimal opcode pattern as feature vectors; (2) a forward feature selection method (i.e., maximum relevancy and minimum redundancy) is applied to remove the redundant as well as irrelevant features; and (3) the process ends by classification through using decision tree. The results indicate the proposed method can effectively detect metamorphic malware in terms of speed, efficiency, and accuracy.

Intrusion Detection Systems Alerts Reduction

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Trust-Based Analytical Models for Secure Wireless Sensor Networks

In this chapter, the authors hypothesize that in the design of a trust-based routing protocol, the exploration of the peers' routing attributes could significantly improve trust evaluation accuracy. In this regard, they study the properties of complex networks and their impact on trust and reputation propagation and evaluation. They start by illustrating the structural transitivity in the network and its approximation. They then proceed to present the theoretical and analytical relationship between trust and reputation model accuracy, average structural transitivity between peers, average shortest path between peers, and energy consumed by peers for trust and reputation propagation and evaluations. The experimental studies using simulation have further supported the results of the analytical study. In this chapter, the authors are paving a new angle of research on exploring the complex network properties impact on trust and reputation evaluation between wireless peers.

Classification of Web-Service-Based Attacks and Mitigation Techniques

Web services are being widely used for business integration. Understanding what these web services are and how they work is important. Attacks on these web services are a major concern and can expose an organizations' valuable resources. This chapter performs a survey describing web service attacks. The authors provide a taxonomy of web service vulnerabilities and explain how they can be exploited. This chapter discusses some of the approaches that make up best practices and some that are in the development phase. They also discuss some common approaches to address the vulnerabilities. This chapter discusses some of the approaches to be using in planning and securing web services. Securing web services is a very important part of a cybersecurity plan.

A Semiotic Examination of the Security Policy Lifecycle

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

Compliance of Electronic Health Record Applications With HIPAA Security and Privacy Requirements

Electronic health record (EHR) applications are digital versions of paper-based patients health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process by doctors. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of protected health identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in disclosure of patient's protected health information. The goal of this chapter is to (1) provide an overview of HIPAA security and privacy requirements; (2) summarize recent literature works related to complying with HIPAA security and privacy requirements; (3) map some of the existing vulnerabilities with HIPAA security rules.

Building a Maturity Framework for Information Security Governance Through an Empirical Study in Organizations

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance via a statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries. Based on the results of the survey regarding practices of information security management and governance, a practical maturity framework for the information security governance and management in organizations is presented.

Semantically Secure Classifiers for Privacy Preserving Data Mining

Essential predictions are to be made by the parties distributed at multiple locations. However, in the process of building a model, perceptive data is not to be revealed. Maintaining the privacy of such data is a foremost concern. Earlier approaches developed for classification and prediction are proven not to be secure enough and the performance is affected. This chapter focuses on the secure construction of commonly used classifiers. The computations performed during model building are proved to be semantically secure. The homomorphism and probabilistic property of Paillier is used to perform secure product, mean, and variance calculations. The secure computations are performed without any intermediate data or the sensitive data at multiple sites being revealed. It is observed that the accuracy of the classifiers modeled is almost equivalent to the non-privacy preserving classifiers. Secure protocols require reduced computation time and communication cost. It is also proved that proposed privacy preserving classifiers perform significantly better than the base classifiers.