Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Recent Advances in Intrusion Detection [[electronic resource] ] : 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings / / edited by Robin Sommer, Davide Balzarotti, Gregor Maier
| Recent Advances in Intrusion Detection [[electronic resource] ] : 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings / / edited by Robin Sommer, Davide Balzarotti, Gregor Maier |
| Edizione | [1st ed. 2011.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2011 |
| Descrizione fisica | 1 online resource (X, 399 p.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer communication systems
Data encryption (Computer science) Management information systems Computer science Computers and civilization Algorithms Data structures (Computer science) Computer Communication Networks Cryptology Management of Computing and Information Systems Computers and Society Algorithm Analysis and Problem Complexity Data Structures and Information Theory |
| ISBN | 3-642-23644-8 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Title Page -- Preface -- Organization -- Table of Contents -- Application Security -- Minemu: The World's Fastest Taint Tracker -- Introduction -- A New Emulator Design for Fast Taint Tracking -- Memory Layout -- Data Sandboxing -- Code Sandboxing -- System Calls -- Signal Handling -- Usage -- Register Tagging in Minemu -- SSE Registers Used by Minemu -- Taint Tracking -- Is It Safe to Use SSE Registers? -- Evaluation -- Test Environment -- Effectiveness -- Minemu Performance -- How Does Minemu Compare to Related Work? -- Limitations and Future Work -- Related Work -- Conclusions -- References -- Dymo: Tracking Dynamic Code Identity -- Introduction -- System Overview -- System Requirements -- System Design -- System Implementation -- System Initialization -- Identity Label Generation -- Establishing Identity -- Applications for Dymo -- Application-Based Access Control -- Dymo Network Extension -- Evaluation -- Label Precision -- Effect of Process Tampering -- Performance Impact -- Security Analysis -- Related Work -- Conclusions -- References -- Automated Identification of Cryptographic Primitives in Binary Programs -- Introduction -- Related Work -- Static Approaches -- Dynamic Approaches -- Finding Cryptographic Primitives -- System Overview -- Fine-Grained Dynamic Binary Instrumentation -- Heuristics for Detecting Cryptographic Primitives -- Experimental Evaluation -- Evaluation Environment -- Results -- Off-the-Shelf Application -- Distortion with Executable Packers -- Real-World Malware Sample: GpCode -- Limitations -- Conclusion -- References -- Malware -- Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode -- Introduction -- Issues to Be Addressed -- Additional Resources Have to Be Available -- A Specific Execution Context Is Required -- Dealing with Malicious Behavior -- Performance Issues -- Evasion Techniques.
Overview of the System -- Architecture -- Analysis Process -- API Calls Detection and Tracing -- API Handling -- Performance Improvements -- Evasion Possibilities -- Evaluation -- Tool Evaluation -- Shellcode's Database Analysis -- Related Work -- Conclusion and Future Work -- References -- KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware -- Introduction -- Background -- Our Approach -- Detector -- Injector -- Shadower -- Classifier -- Optimizing Detection Accuracy -- Evaluation -- Synthetic Evaluation -- Malware Detection -- False Positive Analysis -- Discussion -- Related Work -- Conclusions -- References -- Packed, Printable, and Polymorphic Return-Oriented Programming -- Introduction -- Related Work -- Overview -- One-Layer Printable Packer for ROP -- Two-Layer Printable Packer for ROP -- Two-Layer Encoding and Degree of Polymorphism -- Decoders in Packed Shellcode -- Implementation of dec^1 -- Implementation of dec^2 -- Gadgets Used in Our Implementation -- Experiments and Discussions -- Experiments -- Discussions and Limitations -- Implications -- Extensions of Our Two-Layer Packer -- AV-Immune ROP Packer -- Packing shell Using ROP without Returns -- Conclusion -- Packed ROP for Winamp Exploit on Window 7 -- Packed ROP That is Av-Ammune -- Packed ROP without Returns -- On the Expressiveness of Return-into-libc Attacks -- Introduction -- Traditional View of RILC Attacks (on x86) -- Turing-Complete RILC -- Arithmetic and Logic -- Memory Accesses -- Branching -- System Calls -- Implementation and Evaluation -- Universal Turing Machine Simulator -- Selection Sort -- Discussion -- Related Work -- Conclusion -- References -- Anomaly Detection -- Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close -- Introduction -- Related Work -- System Evaluation -- Data Sets -- Normalized Content. Content Anomaly Detector and Models -- Alert Exchange -- Scaling to Multiple Sites -- Model Comparison -- Correlation Results -- Conclusions -- References -- Revisiting Traffic Anomaly Detection Using Software Defined Networking -- Introduction -- Background and Related Work -- Background: Software Defined Networking -- Related Work -- Anomaly Detection in Software Defined Networks -- Threshold Random Walk with Credit Based Rate Limiting -- Rate-Limiting -- Maximum Entropy Detector -- NETAD -- Dataset Description -- Benign Network Traffic -- Attack Traffic -- Evaluation -- Experimental Setup -- Ease of Implementation -- Accuracy Evaluation -- Efficiency Evaluation -- CPU Usage -- Conclusions and Future Work -- References -- Modeling User Search Behavior for Masquerade Detection -- Introduction -- Related Work -- Objective and Approach -- Data Gathering and ``Capture the Flag'' Exercise -- Host Sensor -- RUU Dataset -- User Study Experiment -- RUU Experiment -- Modeling -- Experimental Methodology -- Detection Accuracy Evaluation -- Performance Evaluation -- Future Research -- Concluding Remarks -- References -- Network Security -- Securing Application-Level Topology Estimation Networks: Facing the Frog-Boiling Attack -- Introduction -- System Model -- Virtual Coordinate Systems -- Vivaldi Overview -- Attack Model and Strategies -- Single Attack Strategies -- Complex Attack Strategies -- Mitigation Framework -- Background -- Feature Set -- Experimental Results -- Simulation Results -- PlanetLab Results -- Related Work -- Conclusion -- References -- Detecting Traffic Snooping in Tor Using Decoys -- Introduction -- Background -- Tor Anonymity Network -- Threat Model -- System Architecture -- Approach -- Implementation -- Deployment Results -- Discussion and Future work -- Detection Confidence -- Decoy Traffic Credibility. Detection of HTTP Session Hijacking -- Traffic Eavesdropping and Anonymity Degradation -- Eavesdropping Detection as a Network Service -- Related Work -- Conclusion -- References -- Cross-Analysis of Botnet Victims: New Insights and Implications -- Introduction -- Data Collection and Term Definition -- Cross-Analysis of Botnet Victims -- Point of Departure -- Geographical Distribution of Infected Networks -- IP Address Population -- Remote Accessibility -- Dynamism of IP Address -- Neighborhood Correlation of Botnet Victims -- Watch Your Neighbors -- Cross-Bonet Prediction -- Limitations and Discussions -- Related Work -- Conclusion and Future Work -- References -- Web Security and Social Networks -- Banksafe Information Stealer Detection Inside the Web Browser -- Introduction -- Related Work -- Overview of Banking Trojans -- Detection of Browser Manipulations -- Inline Hooks -- IAT Hooks -- EAT Hooks -- Other Methods -- False Positive Evasion -- Experimental Evaluation -- Classification of Zeus and SpyEye -- AV Signature Detection -- Comparison to Behavior Blockers -- Other Information Stealers -- Legitimate Browser Hooking -- Discussion -- Summary -- Future Work -- References -- IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM -- Introduction -- Design Overview -- Motivation and Basic Idea -- Dynamic Detection and Protection Framework -- System Implementation -- Heuristics to Identify Suspicious Sites -- Dynamic Instrumentation and Detection -- Scoring Metric -- User Protection -- Implementation as Browser Extension -- Fingerprinting -- Evaluation -- Evaluation Environment -- Classification Results -- Detecting Unknown Exploits -- Performance Results -- Limitations -- Related Work -- Conclusion -- References -- Spam Filtering in Twitter Using Sender-Receiver Relationship -- Introduction -- Background. Twitter Features -- How Twitter Deals with Spam -- Overview -- Graph -- Features -- Experiments and Evaluation -- Data Collection -- Spam Classification -- Spam Account Detection with Including a User Relation Feature -- Discussion -- Combination of Account Features and Relation Features -- Live Detection -- Limitations -- Conclusion -- References -- Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers -- Introduction -- Related Work -- Data Collection -- Analyzing Evasion Tactics -- Description of Evasion Tactics -- Validation of Evasion Tactics -- Designing New Features -- Graph-Based Features -- Neighbor-Based Features -- Automation-Based Features -- Timing-Based Features -- Formalizing Feature Robustness -- Formalizing the Robustness -- Evaluation -- Evaluation on Data Set I -- Evaluation on Dataset II -- Limitation and Future Work -- Conclusion -- References -- Sandboxing and Embedded Environments -- Detecting Environment-Sensitive Malware -- Introduction -- Motivation and Approach -- System Architecture -- Execution Monitoring -- In-the-Box Monitoring -- Behavior Representation -- Behavior Comparison -- Behavior Normalization -- Distance Measure and Scoring -- Evaluation -- Training Dataset -- Large Scale Test -- Qualitative Results -- Limitations -- Related Work -- Conclusion -- References -- Defending Embedded Systems with Software Symbiotes -- Introduction -- Related Work -- Threat Model -- Solving the Embedded Problem with Symbiotes -- Symbiotic Embedded Machines -- The Symbiote-Host Relationship -- Doppelgänger: A Symbiote Protecting Cisco IOS -- Live Code Interception with Inline Hooks -- Automatically Locating Control-Flow Intercept Points -- Rootkit Detection Payload -- Computational Lower Bound of Successful Software-Only Symbiote Bypass -- Symbiote Performance and Computational Overhead. Experimental Results: Doppelgänger, IOS 12.2 and 12.3, Cisco 7121. |
| Record Nr. | UNISA-996465893403316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2011 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Recent Advances in Intrusion Detection [[electronic resource] ] : 12th International Symposium, RAID 2009, Saint-Malo, France, September 23-25, 2009, Proceedings / / edited by Engin Kirda, Somesh Jha, Davide Balzarotti
| Recent Advances in Intrusion Detection [[electronic resource] ] : 12th International Symposium, RAID 2009, Saint-Malo, France, September 23-25, 2009, Proceedings / / edited by Engin Kirda, Somesh Jha, Davide Balzarotti |
| Edizione | [1st ed. 2009.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2009 |
| Descrizione fisica | 1 online resource (XIII, 384 p.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Management information systems
Computer science User interfaces (Computer systems) Computers and civilization Biometrics (Biology) Data encryption (Computer science) Computer communication systems Management of Computing and Information Systems User Interfaces and Human Computer Interaction Computers and Society Biometrics Cryptology Computer Communication Networks |
| Soggetto genere / forma |
Kongress.
Saint-Malo (2009) |
| ISBN | 3-642-04342-9 |
| Classificazione |
DAT 055f
DAT 460f SS 4800 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Recent Advances in Intrusion Detection Anomaly and Specification-Based Approaches -- Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems -- Protecting a Moving Target: Addressing Web Application Concept Drift -- Adaptive Anomaly Detection via Self-calibration and Dynamic Updating -- Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems -- Malware Detection and Prevention (I) -- Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language -- Automatic Generation of String Signatures for Malware Detection -- PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime -- Network and Host Intrusion Detection and Prevention -- Automatically Adapting a Trained Anomaly Detector to Software Patches -- Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration -- Automated Behavioral Fingerprinting -- Intrusion Detection for Mobile Devices -- SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection -- Keystroke-Based User Identification on Smart Phones -- VirusMeter: Preventing Your Cellphone from Spies -- High-Performance Intrusion Detection -- Regular Expression Matching on Graphics Hardware for Intrusion Detection -- Multi-byte Regular Expression Matching with Speculation -- Malware Detection and Prevention (II) -- Toward Revealing Kernel Malware Behavior in Virtual Execution Environments -- Exploiting Temporal Persistence to Detect Covert Botnet Channels -- Posters -- An Experimental Study on Instance Selection Schemes for Efficient Network Anomaly Detection -- Automatic Software Instrumentation for the Detection of Non-control-data Attacks -- BLADE: Slashing the Invisible Channel of Drive-by Download Malware -- CERN Investigation of Network Behaviour and Anomaly Detection -- Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy -- Detection, Alert and Response to Malicious Behavior in Mobile Devices: Knowledge-Based Approach -- Autonomic Intrusion Detection System -- ALICE@home: Distributed Framework for Detecting Malicious Sites -- Packet Space Analysis of Intrusion Detection Signatures -- Traffic Behaviour Characterization Using NetMate -- On the Inefficient Use of Entropy for Anomaly Detection -- Browser-Based Intrusion Prevention System -- Using Formal Grammar and Genetic Operators to Evolve Malware -- Method for Detecting Unknown Malicious Executables -- Brave New World: Pervasive Insecurity of Embedded Network Devices -- DAEDALUS: Novel Application of Large-Scale Darknet Monitoring for Practical Protection of Live Networks. |
| Record Nr. | UNISA-996465339403316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2009 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Recent advances in intrusion detection : 12th international symposium, RAID 2009, Saint-Malo, France, September 23-25, 2009 : proceedings / / Engin Kirda, Somesh Jha, Davide Balzarotti (eds.)
| Recent advances in intrusion detection : 12th international symposium, RAID 2009, Saint-Malo, France, September 23-25, 2009 : proceedings / / Engin Kirda, Somesh Jha, Davide Balzarotti (eds.) |
| Edizione | [1st ed. 2009.] |
| Pubbl/distr/stampa | Berlin ; ; New York, : Springer, c2009 |
| Descrizione fisica | 1 online resource (XIII, 384 p.) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
KirdaEngin
JhaSomesh BalzarottiDavide |
| Collana |
Lecture notes in computer science
LNCS sublibrary. SL 4, Security and cryptology |
| Soggetto topico |
Computer security
Computers - Access control |
| ISBN | 3-642-04342-9 |
| Classificazione |
DAT 055f
DAT 460f SS 4800 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Recent Advances in Intrusion Detection Anomaly and Specification-Based Approaches -- Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems -- Protecting a Moving Target: Addressing Web Application Concept Drift -- Adaptive Anomaly Detection via Self-calibration and Dynamic Updating -- Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems -- Malware Detection and Prevention (I) -- Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language -- Automatic Generation of String Signatures for Malware Detection -- PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime -- Network and Host Intrusion Detection and Prevention -- Automatically Adapting a Trained Anomaly Detector to Software Patches -- Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration -- Automated Behavioral Fingerprinting -- Intrusion Detection for Mobile Devices -- SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection -- Keystroke-Based User Identification on Smart Phones -- VirusMeter: Preventing Your Cellphone from Spies -- High-Performance Intrusion Detection -- Regular Expression Matching on Graphics Hardware for Intrusion Detection -- Multi-byte Regular Expression Matching with Speculation -- Malware Detection and Prevention (II) -- Toward Revealing Kernel Malware Behavior in Virtual Execution Environments -- Exploiting Temporal Persistence to Detect Covert Botnet Channels -- Posters -- An Experimental Study on Instance Selection Schemes for Efficient Network Anomaly Detection -- Automatic Software Instrumentation for the Detection of Non-control-data Attacks -- BLADE: Slashing the Invisible Channel of Drive-by Download Malware -- CERN Investigation of Network Behaviour and Anomaly Detection -- Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy -- Detection, Alert and Response to Malicious Behavior in Mobile Devices: Knowledge-Based Approach -- Autonomic Intrusion Detection System -- ALICE@home: Distributed Framework for Detecting Malicious Sites -- Packet Space Analysis of Intrusion Detection Signatures -- Traffic Behaviour Characterization Using NetMate -- On the Inefficient Use of Entropy for Anomaly Detection -- Browser-Based Intrusion Prevention System -- Using Formal Grammar and Genetic Operators to Evolve Malware -- Method for Detecting Unknown Malicious Executables -- Brave New World: Pervasive Insecurity of Embedded Network Devices -- DAEDALUS: Novel Application of Large-Scale Darknet Monitoring for Practical Protection of Live Networks. |
| Altri titoli varianti | RAID 2009 |
| Record Nr. | UNINA-9910484521703321 |
| Berlin ; ; New York, : Springer, c2009 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Research in Attacks, Intrusions and Defenses [[electronic resource] ] : 15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012, Proceedings / / edited by Davide Balzarotti, Salvatore J. Stolfo, Marco Cova
| Research in Attacks, Intrusions and Defenses [[electronic resource] ] : 15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012, Proceedings / / edited by Davide Balzarotti, Salvatore J. Stolfo, Marco Cova |
| Edizione | [1st ed. 2012.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2012 |
| Descrizione fisica | 1 online resource (XIV, 400 p. 119 illus.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Computer communication systems Operating systems (Computers) Programming languages (Electronic computers) E-commerce Application software Systems and Data Security Computer Communication Networks Operating Systems Programming Languages, Compilers, Interpreters e-Commerce/e-business Information Systems Applications (incl. Internet) |
| ISBN | 3-642-33338-9 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Virtualization -- Trusted VM Snapshots in Untrusted Cloud Infrastructures -- Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection -- Assessing the Trustworthiness of Drivers -- Attacks and Defenses -- Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat -- Memory Errors: The Past, the Present, and the Future -- A Memory Access Validation Scheme against Payload Injection Attacks -- Host and Network Security Dione:A Flexible Disk Monitoring and Analysis Framework -- AK-PPM: An Authenticated Packet Attribution Scheme for Mobile Ad Hoc Networks -- Fraud Detection and Underground Economy -- Paying for Piracy? An Analysis of One-Click Hosters’ Controversial Reward Scheme -- Proactive Discovery of Phishing Related Domain Names -- Evaluating Electricity Theft Detectors in Smart Grid Networks -- Web Security -- PoisonAmplifier:A Guided Approach of Discovering Compromised -- Websites through Reversing Search Poisoning Attacks -- DEMACRO:Defense against Malicious Cross-Domain Requests -- FlashDetect:ActionScript 3 Malware Detection -- Intrusion Detection -- ALERT-ID:Analyze Logs of the Network Element in Real Time for Intrusion Detection -- A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence -- GPP-Grep:High-Speed Regular Expression Processing Engine on General Purpose Processors -- N-Gram against the Machine:On the Feasibility of the N-Gram -- Network Analysis for Binary Protocols -- Poster Abstracts -- Online Social Networks, a Criminals Multipurpose Toolbox -- The Triple-Channel Model:Toward Robust and Efficient Advanced Botnets -- Network Security Analysis Method Taking into Account the Usage Information -- Automatic Covert Channel Detection in Asbestos System -- EFA for Efficient Regular Expression Matching in NIDS -- Distress Detection -- Trie Data Structure to Compare Traffic Payload in a Supervised Anomaly Detection System -- Towards Automated Forensic Event Reconstruction of Malicious Code -- Accurate Recovery of Functions in a Retargetable Decompiler -- Improvement of an Anagram Based NIDS by Reducing the Storage -- Space of Bloom Filters -- Concurrency Optimization for NIDS -- Malware Detection System by Payload Analysis of Network Traffic. |
| Record Nr. | UNISA-996465474903316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2012 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||