Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Detection of intrusions and malware, and vulnerability assessment : 4th International Conference, DIMVA 2007, Lucerne, Switzerland, July 12-13, 2007 ; proceedings / / Bernhard M. Hämmerli, Robin Sommer (editors)
| Detection of intrusions and malware, and vulnerability assessment : 4th International Conference, DIMVA 2007, Lucerne, Switzerland, July 12-13, 2007 ; proceedings / / Bernhard M. Hämmerli, Robin Sommer (editors) |
| Edizione | [1st ed. 2007.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer-Verlag, , [2007] |
| Descrizione fisica | 1 online resource (X, 254 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computers - Access control
Computers - Access control - Evaluation Computer networks - Security measures |
| ISBN | 3-540-73614-X |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Web Security -- Extensible Web Browser Security -- On the Effectiveness of Techniques to Detect Phishing Sites -- Protecting the Intranet Against “JavaScript Malware” and Related Attacks -- Intrusion Detection -- On the Effects of Learning Set Corruption in Anomaly-Based Detection of Web Defacements -- Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract) -- Characterizing Bots’ Remote Control Behavior -- Traffic Analysis -- Measurement and Analysis of Autonomous Spreading Malware in a University Environment -- Passive Monitoring of DNS Anomalies -- Characterizing Dark DNS Behavior -- Network Security -- Distributed Evasive Scan Techniques and Countermeasures -- On the Adaptive Real-Time Detection of Fast-Propagating Network Worms -- Host Security -- Targeting Physically Addressable Memory -- Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks -- A Study of Malcode-Bearing Documents. |
| Record Nr. | UNINA-9910484973703321 |
| Berlin, Heidelberg : , : Springer-Verlag, , [2007] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Detection of intrusions and malware, and vulnerability assessment : 4th International Conference, DIMVA 2007, Lucerne, Switzerland, July 12-13, 2007 ; proceedings / / Bernhard M. Hämmerli, Robin Sommer (editors)
| Detection of intrusions and malware, and vulnerability assessment : 4th International Conference, DIMVA 2007, Lucerne, Switzerland, July 12-13, 2007 ; proceedings / / Bernhard M. Hämmerli, Robin Sommer (editors) |
| Edizione | [1st ed. 2007.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer-Verlag, , [2007] |
| Descrizione fisica | 1 online resource (X, 254 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computers - Access control
Computers - Access control - Evaluation Computer networks - Security measures |
| ISBN | 3-540-73614-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Web Security -- Extensible Web Browser Security -- On the Effectiveness of Techniques to Detect Phishing Sites -- Protecting the Intranet Against “JavaScript Malware” and Related Attacks -- Intrusion Detection -- On the Effects of Learning Set Corruption in Anomaly-Based Detection of Web Defacements -- Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract) -- Characterizing Bots’ Remote Control Behavior -- Traffic Analysis -- Measurement and Analysis of Autonomous Spreading Malware in a University Environment -- Passive Monitoring of DNS Anomalies -- Characterizing Dark DNS Behavior -- Network Security -- Distributed Evasive Scan Techniques and Countermeasures -- On the Adaptive Real-Time Detection of Fast-Propagating Network Worms -- Host Security -- Targeting Physically Addressable Memory -- Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks -- A Study of Malcode-Bearing Documents. |
| Record Nr. | UNISA-996466117903316 |
| Berlin, Heidelberg : , : Springer-Verlag, , [2007] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Recent Advances in Intrusion Detection [[electronic resource] ] : 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings / / edited by Robin Sommer, Davide Balzarotti, Gregor Maier
| Recent Advances in Intrusion Detection [[electronic resource] ] : 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings / / edited by Robin Sommer, Davide Balzarotti, Gregor Maier |
| Edizione | [1st ed. 2011.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2011 |
| Descrizione fisica | 1 online resource (X, 399 p.) |
| Disciplina | 005.8 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer communication systems
Data encryption (Computer science) Management information systems Computer science Computers and civilization Algorithms Data structures (Computer science) Computer Communication Networks Cryptology Management of Computing and Information Systems Computers and Society Algorithm Analysis and Problem Complexity Data Structures and Information Theory |
| ISBN | 3-642-23644-8 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Title Page -- Preface -- Organization -- Table of Contents -- Application Security -- Minemu: The World's Fastest Taint Tracker -- Introduction -- A New Emulator Design for Fast Taint Tracking -- Memory Layout -- Data Sandboxing -- Code Sandboxing -- System Calls -- Signal Handling -- Usage -- Register Tagging in Minemu -- SSE Registers Used by Minemu -- Taint Tracking -- Is It Safe to Use SSE Registers? -- Evaluation -- Test Environment -- Effectiveness -- Minemu Performance -- How Does Minemu Compare to Related Work? -- Limitations and Future Work -- Related Work -- Conclusions -- References -- Dymo: Tracking Dynamic Code Identity -- Introduction -- System Overview -- System Requirements -- System Design -- System Implementation -- System Initialization -- Identity Label Generation -- Establishing Identity -- Applications for Dymo -- Application-Based Access Control -- Dymo Network Extension -- Evaluation -- Label Precision -- Effect of Process Tampering -- Performance Impact -- Security Analysis -- Related Work -- Conclusions -- References -- Automated Identification of Cryptographic Primitives in Binary Programs -- Introduction -- Related Work -- Static Approaches -- Dynamic Approaches -- Finding Cryptographic Primitives -- System Overview -- Fine-Grained Dynamic Binary Instrumentation -- Heuristics for Detecting Cryptographic Primitives -- Experimental Evaluation -- Evaluation Environment -- Results -- Off-the-Shelf Application -- Distortion with Executable Packers -- Real-World Malware Sample: GpCode -- Limitations -- Conclusion -- References -- Malware -- Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode -- Introduction -- Issues to Be Addressed -- Additional Resources Have to Be Available -- A Specific Execution Context Is Required -- Dealing with Malicious Behavior -- Performance Issues -- Evasion Techniques.
Overview of the System -- Architecture -- Analysis Process -- API Calls Detection and Tracing -- API Handling -- Performance Improvements -- Evasion Possibilities -- Evaluation -- Tool Evaluation -- Shellcode's Database Analysis -- Related Work -- Conclusion and Future Work -- References -- KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware -- Introduction -- Background -- Our Approach -- Detector -- Injector -- Shadower -- Classifier -- Optimizing Detection Accuracy -- Evaluation -- Synthetic Evaluation -- Malware Detection -- False Positive Analysis -- Discussion -- Related Work -- Conclusions -- References -- Packed, Printable, and Polymorphic Return-Oriented Programming -- Introduction -- Related Work -- Overview -- One-Layer Printable Packer for ROP -- Two-Layer Printable Packer for ROP -- Two-Layer Encoding and Degree of Polymorphism -- Decoders in Packed Shellcode -- Implementation of dec^1 -- Implementation of dec^2 -- Gadgets Used in Our Implementation -- Experiments and Discussions -- Experiments -- Discussions and Limitations -- Implications -- Extensions of Our Two-Layer Packer -- AV-Immune ROP Packer -- Packing shell Using ROP without Returns -- Conclusion -- Packed ROP for Winamp Exploit on Window 7 -- Packed ROP That is Av-Ammune -- Packed ROP without Returns -- On the Expressiveness of Return-into-libc Attacks -- Introduction -- Traditional View of RILC Attacks (on x86) -- Turing-Complete RILC -- Arithmetic and Logic -- Memory Accesses -- Branching -- System Calls -- Implementation and Evaluation -- Universal Turing Machine Simulator -- Selection Sort -- Discussion -- Related Work -- Conclusion -- References -- Anomaly Detection -- Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close -- Introduction -- Related Work -- System Evaluation -- Data Sets -- Normalized Content. Content Anomaly Detector and Models -- Alert Exchange -- Scaling to Multiple Sites -- Model Comparison -- Correlation Results -- Conclusions -- References -- Revisiting Traffic Anomaly Detection Using Software Defined Networking -- Introduction -- Background and Related Work -- Background: Software Defined Networking -- Related Work -- Anomaly Detection in Software Defined Networks -- Threshold Random Walk with Credit Based Rate Limiting -- Rate-Limiting -- Maximum Entropy Detector -- NETAD -- Dataset Description -- Benign Network Traffic -- Attack Traffic -- Evaluation -- Experimental Setup -- Ease of Implementation -- Accuracy Evaluation -- Efficiency Evaluation -- CPU Usage -- Conclusions and Future Work -- References -- Modeling User Search Behavior for Masquerade Detection -- Introduction -- Related Work -- Objective and Approach -- Data Gathering and ``Capture the Flag'' Exercise -- Host Sensor -- RUU Dataset -- User Study Experiment -- RUU Experiment -- Modeling -- Experimental Methodology -- Detection Accuracy Evaluation -- Performance Evaluation -- Future Research -- Concluding Remarks -- References -- Network Security -- Securing Application-Level Topology Estimation Networks: Facing the Frog-Boiling Attack -- Introduction -- System Model -- Virtual Coordinate Systems -- Vivaldi Overview -- Attack Model and Strategies -- Single Attack Strategies -- Complex Attack Strategies -- Mitigation Framework -- Background -- Feature Set -- Experimental Results -- Simulation Results -- PlanetLab Results -- Related Work -- Conclusion -- References -- Detecting Traffic Snooping in Tor Using Decoys -- Introduction -- Background -- Tor Anonymity Network -- Threat Model -- System Architecture -- Approach -- Implementation -- Deployment Results -- Discussion and Future work -- Detection Confidence -- Decoy Traffic Credibility. Detection of HTTP Session Hijacking -- Traffic Eavesdropping and Anonymity Degradation -- Eavesdropping Detection as a Network Service -- Related Work -- Conclusion -- References -- Cross-Analysis of Botnet Victims: New Insights and Implications -- Introduction -- Data Collection and Term Definition -- Cross-Analysis of Botnet Victims -- Point of Departure -- Geographical Distribution of Infected Networks -- IP Address Population -- Remote Accessibility -- Dynamism of IP Address -- Neighborhood Correlation of Botnet Victims -- Watch Your Neighbors -- Cross-Bonet Prediction -- Limitations and Discussions -- Related Work -- Conclusion and Future Work -- References -- Web Security and Social Networks -- Banksafe Information Stealer Detection Inside the Web Browser -- Introduction -- Related Work -- Overview of Banking Trojans -- Detection of Browser Manipulations -- Inline Hooks -- IAT Hooks -- EAT Hooks -- Other Methods -- False Positive Evasion -- Experimental Evaluation -- Classification of Zeus and SpyEye -- AV Signature Detection -- Comparison to Behavior Blockers -- Other Information Stealers -- Legitimate Browser Hooking -- Discussion -- Summary -- Future Work -- References -- IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM -- Introduction -- Design Overview -- Motivation and Basic Idea -- Dynamic Detection and Protection Framework -- System Implementation -- Heuristics to Identify Suspicious Sites -- Dynamic Instrumentation and Detection -- Scoring Metric -- User Protection -- Implementation as Browser Extension -- Fingerprinting -- Evaluation -- Evaluation Environment -- Classification Results -- Detecting Unknown Exploits -- Performance Results -- Limitations -- Related Work -- Conclusion -- References -- Spam Filtering in Twitter Using Sender-Receiver Relationship -- Introduction -- Background. Twitter Features -- How Twitter Deals with Spam -- Overview -- Graph -- Features -- Experiments and Evaluation -- Data Collection -- Spam Classification -- Spam Account Detection with Including a User Relation Feature -- Discussion -- Combination of Account Features and Relation Features -- Live Detection -- Limitations -- Conclusion -- References -- Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers -- Introduction -- Related Work -- Data Collection -- Analyzing Evasion Tactics -- Description of Evasion Tactics -- Validation of Evasion Tactics -- Designing New Features -- Graph-Based Features -- Neighbor-Based Features -- Automation-Based Features -- Timing-Based Features -- Formalizing Feature Robustness -- Formalizing the Robustness -- Evaluation -- Evaluation on Data Set I -- Evaluation on Dataset II -- Limitation and Future Work -- Conclusion -- References -- Sandboxing and Embedded Environments -- Detecting Environment-Sensitive Malware -- Introduction -- Motivation and Approach -- System Architecture -- Execution Monitoring -- In-the-Box Monitoring -- Behavior Representation -- Behavior Comparison -- Behavior Normalization -- Distance Measure and Scoring -- Evaluation -- Training Dataset -- Large Scale Test -- Qualitative Results -- Limitations -- Related Work -- Conclusion -- References -- Defending Embedded Systems with Software Symbiotes -- Introduction -- Related Work -- Threat Model -- Solving the Embedded Problem with Symbiotes -- Symbiotic Embedded Machines -- The Symbiote-Host Relationship -- Doppelgänger: A Symbiote Protecting Cisco IOS -- Live Code Interception with Inline Hooks -- Automatically Locating Control-Flow Intercept Points -- Rootkit Detection Payload -- Computational Lower Bound of Successful Software-Only Symbiote Bypass -- Symbiote Performance and Computational Overhead. Experimental Results: Doppelgänger, IOS 12.2 and 12.3, Cisco 7121. |
| Record Nr. | UNISA-996465893403316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2011 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Recent Advances in Intrusion Detection [[electronic resource] ] : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, Proceedings / / edited by Somesh Jha, Robin Sommer, Christian Kreibich
| Recent Advances in Intrusion Detection [[electronic resource] ] : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, Proceedings / / edited by Somesh Jha, Robin Sommer, Christian Kreibich |
| Edizione | [1st ed. 2010.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2010 |
| Descrizione fisica | 1 online resource (524 p. 160 illus.) |
| Disciplina | 004.6 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer communication systems
Computer programming Data encryption (Computer science) Computers and civilization Algorithms Data structures (Computer science) Computer Communication Networks Programming Techniques Cryptology Computers and Society Algorithm Analysis and Problem Complexity Data Structures and Information Theory |
| ISBN |
1-280-38871-4
9786613566638 3-642-15512-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Network Protection -- What Is the Impact of P2P Traffic on Anomaly Detection? -- A Centralized Monitoring Infrastructure for Improving DNS Security -- Behavior-Based Worm Detectors Compared -- High Performance -- Improving NFA-Based Signature Matching Using Ordered Binary Decision Diagrams -- GrAVity: A Massively Parallel Antivirus Engine -- Malware Detection and Defence -- Automatic Discovery of Parasitic Malware -- BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection -- CANVuS: Context-Aware Network Vulnerability Scanning -- HyperCheck: A Hardware-Assisted Integrity Monitor -- Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory -- Bait Your Hook: A Novel Detection Technique for Keyloggers -- Evaluation -- Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security -- On Challenges in Evaluating Malware Clustering -- Why Did My Detector Do That?! -- Forensics -- NetStore: An Efficient Storage Infrastructure for Network Forensics and Monitoring -- Live and Trustworthy Forensic Analysis of Commodity Production Systems -- Hybrid Analysis and Control of Malware -- Anomaly Detection -- Anomaly Detection and Mitigation for Disaster Area Networks -- Community Epidemic Detection Using Time-Correlated Anomalies -- A Data-Centric Approach to Insider Attack Detection in Database Systems -- Privilege States Based Access Control for Fine-Grained Intrusion Response -- Web Security -- Abusing Social Networks for Automated User Profiling -- An Analysis of Rogue AV Campaigns -- Fast-Flux Bot Detection in Real Time -- Posters -- A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery -- A Distributed Honeynet at KFUPM: A Case Study -- Aspect-Based Attack Detection in Large-Scale Networks -- Detecting Network Anomalies in Backbone Networks -- Detecting the Onset of Infection for Secure Hosts -- Eliminating Human Specification in Static Analysis -- Evaluation of the Common Dataset Used in Anti-Malware Engineering Workshop 2009 -- Inferring Protocol State Machine from Real-World Trace -- MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA -- On Estimating Cyber Adversaries’ Capabilities: A Bayesian Model Approach -- Security System for Encrypted Environments (S2E2) -- Towards Automatic Deduction and Event Reconstruction Using Forensic Lucid and Probabilities to Encode the IDS Evidence -- Toward Specification-Based Intrusion Detection for Web Applications -- Toward Whole-System Dynamic Analysis for ARM-Based Mobile Devices -- Using IRP for Malware Detection. |
| Record Nr. | UNISA-996465705403316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2010 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Recent advances in intrusion detection : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010 ; proceedings / / Somesh Jha, Robin Sommer, Christian Kreibich (eds.)
| Recent advances in intrusion detection : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010 ; proceedings / / Somesh Jha, Robin Sommer, Christian Kreibich (eds.) |
| Edizione | [1st ed. 2010.] |
| Pubbl/distr/stampa | Berlin ; ; New York, : Springer, c2010 |
| Descrizione fisica | 1 online resource (524 p. 160 illus.) |
| Disciplina | 004.6 |
| Altri autori (Persone) |
JhaSomesh
SommerRobin KreibichChristian |
| Collana | Lecture notes in computer science |
| Soggetto topico |
Computer security
Computers - Access control |
| ISBN |
1-280-38871-4
9786613566638 3-642-15512-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Network Protection -- What Is the Impact of P2P Traffic on Anomaly Detection? -- A Centralized Monitoring Infrastructure for Improving DNS Security -- Behavior-Based Worm Detectors Compared -- High Performance -- Improving NFA-Based Signature Matching Using Ordered Binary Decision Diagrams -- GrAVity: A Massively Parallel Antivirus Engine -- Malware Detection and Defence -- Automatic Discovery of Parasitic Malware -- BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection -- CANVuS: Context-Aware Network Vulnerability Scanning -- HyperCheck: A Hardware-Assisted Integrity Monitor -- Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory -- Bait Your Hook: A Novel Detection Technique for Keyloggers -- Evaluation -- Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security -- On Challenges in Evaluating Malware Clustering -- Why Did My Detector Do That?! -- Forensics -- NetStore: An Efficient Storage Infrastructure for Network Forensics and Monitoring -- Live and Trustworthy Forensic Analysis of Commodity Production Systems -- Hybrid Analysis and Control of Malware -- Anomaly Detection -- Anomaly Detection and Mitigation for Disaster Area Networks -- Community Epidemic Detection Using Time-Correlated Anomalies -- A Data-Centric Approach to Insider Attack Detection in Database Systems -- Privilege States Based Access Control for Fine-Grained Intrusion Response -- Web Security -- Abusing Social Networks for Automated User Profiling -- An Analysis of Rogue AV Campaigns -- Fast-Flux Bot Detection in Real Time -- Posters -- A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery -- A Distributed Honeynet at KFUPM: A Case Study -- Aspect-Based Attack Detection in Large-Scale Networks -- Detecting Network Anomalies in Backbone Networks -- Detecting the Onset of Infection for Secure Hosts -- Eliminating Human Specification in Static Analysis -- Evaluation of the Common Dataset Used in Anti-Malware Engineering Workshop 2009 -- Inferring Protocol State Machine from Real-World Trace -- MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA -- On Estimating Cyber Adversaries’ Capabilities: A Bayesian Model Approach -- Security System for Encrypted Environments (S2E2) -- Towards Automatic Deduction and Event Reconstruction Using Forensic Lucid and Probabilities to Encode the IDS Evidence -- Toward Specification-Based Intrusion Detection for Web Applications -- Toward Whole-System Dynamic Analysis for ARM-Based Mobile Devices -- Using IRP for Malware Detection. |
| Record Nr. | UNINA-9910484226403321 |
| Berlin ; ; New York, : Springer, c2010 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||