12,380 Hits in 5.4 sec

A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems [article]

Michael Hanspach, Jörg Keller
2014 arXiv   pre-print
We present a taxonomy and an algebra for attack patterns on component-based operating systems.  ...  In order to prevent undesired information flows, we provide a classification of information flow types in a component-based operating system and, by this, possible patterns to attack the system.  ...  Our contribution includes a taxonomy of attack patterns on information flows in component-based operating systems based on the performed analysis.  ... 
arXiv:1403.1165v1 fatcat:cx4f7ndgcbalfh6mrsxfnaf6ca

Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems

Faisal Nabi, Jianming Yong, Xiaohui Tao, Muhammad Farhan, Nauman Naseem
2021 Journal of Computer Science  
Having review of two different types of attack taxonomies, a logical vulnerability classification based taxonomy is proposed.  ...  This research paper addresses the topic of application logic attack taxonomy that is due to unclear and incorrect implementation in component-based applications.  ...  Acknowledgment This work is based on a Research in Australia cyber Banking e-commerce security Busniess logic issues.  ... 
doi:10.3844/jcssp.2021.1046.1058 fatcat:mvsyj3avezforbtnvmcsc6jshm

A Taxonomy of Logic Attack Vulnerabilities in Component-based e-Commerce System

Faisal Nabi, Jianming Yong, Xiaohui Tao
2019 International Journal for Information Security Research  
Technical Vulnerabilities based on Implementation level Faults and Bugs in the e-commerce web application (Application component based software that resides in the mid-tier of the system) from the security  ...  The most important point is to integrate the knowledge contained in the attack patterns with boundary knowledge related to vulnerability of the target CBS based web Application e-commerce system and the  ...  In short, an attack pattern is a blueprint for an exploit. An attack pattern should typically include the following information.  ... 
doi:10.20533/ijisr.2042.4639.2019.0103 fatcat:ryi5ij5qp5cn7mu4uukkcffiv4

On the design of more secure software-intensive systems by use of attack patterns

Michael Gegick, Laurie Williams
2007 Information and Software Technology  
We have created regular expression-based attack patterns that show the sequential events that occur during an attack.  ...  By performing a Security Analysis for Existing Threats (SAFE-T), software engineers can match the symbols of a regular expression to their system design.  ...  In particular, we thank Mattias Stallmann for his insight into regular expressions.  ... 
doi:10.1016/j.infsof.2006.06.002 fatcat:lfybohbehbcohfa5jrcau47bke

Threat Model for IoT Systems on the Example of OpenUNB Protocol

Aleksander Shelupanov, Tomsk State University of Control Systems and Radioelectronics, Russian Federation,
2019 International Journal of Emerging Trends in Engineering Research  
The construction of a cyberattack protection system begins with a simulation of security threats. Most approaches are based on listing possible attacks on the system.  ...  In this article a systematic list of threats aimed at the IoT system based on the developed methodology for constructing a threat model is proposed.  ...  A combination of threat library and taxonomy values was proposed in [13] in the form of an extended two-level taxonomy based on templates for distributed systems.  ... 
doi:10.30534/ijeter/2019/11792019 fatcat:i2flenntnfgdhgc74ciag4mk7e

Design of Generic Framework for Botnet Detection in Network Forensics [article]

Sukhdilpreet Kaur, Amandeep Verma
2013 arXiv   pre-print
Various methods based on this approach for botnet detection are in literature, but a generalized method is lacking.  ...  It is the technology, which detects and also suggests prevention of the various network attacks. Botnet is one of the most common attacks and is regarded as a network of hacked computers.  ...  ACKNOWLEDGMENT We are highly indebted to God for his blessings and love throughout my life and for not letting me down in difficult times. We are grateful to our family for their support.  ... 
arXiv:1310.0569v1 fatcat:gy6auwfqgjb2rhnyosllwklsvu

A Semantic Framework with Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems [chapter]

Yuning Jiang, Yacine Atif, Jianguo Ding, Wei Wang
2020 Lecture Notes in Computer Science  
In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulnerabilities, threats and attacks, in order to narrow further the risk-window  ...  We propose a semantic framework that supports the collaboration between di↵erent actors in the production process, to improve situation awareness for cyberthreats prevention.  ...  For instance, Quality Control (QC)-based taxonomies are setup by a taxonomy of attack types on CPPSs to improve quality control [10] .  ... 
doi:10.1007/978-3-030-41568-6_9 fatcat:k7fvxt7ferbrbiy2akg4luitli

Information Asset Registers

Mark Brett
Paper to look at using Information Asset Registers for Cyber Security.  ...  patterns in this context we propose that a pattern show the linkages between elements of an Information Asset Register and how the individual components form a coherent system or service.  ...  The overall information system, comprises all of the components (attributes) necessary for it's operation, the hub of the system is the server which hosts the application.  ... 
doi:10.6084/m9.figshare.14035703.v1 fatcat:fnqj4254nrbv5pn7b6a4p4fvue

A review of threat modelling approaches for APT-style attacks

Matt Tatam, Bharanidharan Shanmugam, Sami Azam, Krishnan Kannoorpatti
2021 Heliyon  
Threats are potential events, intentional or not, that compromise the confidentiality, integrity, and/or availability of information systems.  ...  It has also focused on identifying any possible enhancements that may improve TM performance and efficiency when modelling sophisticated attacks such as Advanced Persistent Threats (APT).  ...  Additional information No additional information is available for this paper.  ... 
doi:10.1016/j.heliyon.2021.e05969 pmid:33506133 pmcid:PMC7814160 fatcat:zif6ebwcqrhr7pkudsq2ynqpgm

Architecture and Its Vulnerabilities in Smart-Lighting Systems [article]

Florian Hofer, Barbara Russo
2021 arXiv   pre-print
With the example of a Smart-lighting system, we create a dedicated unified taxonomy for the use case and analyze its distributed Smart-* architecture by multiple layer-based models.  ...  However, such systems-of-systems undergo additional restrictions in an endeavor to maintain reliability and security when building and interconnecting components to a heterogeneous, multi-domain Smart-  ...  ACKNOWLEDGMENTS We thank Systems S.r.l for the funding and support of this project under the "Industry 4.0 for the Smart-* (I4S)" project.  ... 
arXiv:2109.09171v1 fatcat:cqdcmpd27bgcjiv5zbszyprwjy

An Overview of IP Flow-Based Intrusion Detection

A Sperotto, G Schaffrath, R Sadre, C Morariu, A Pras, B Stiller
2010 IEEE Communications Surveys and Tutorials  
The goal of this paper is to provide a survey of current research in the area of ow-based intrusion detection. The survey starts with a motivation why ow-based intrusion detection is needed.  ...  The paper provides a classication of attacks and defense techniques and shows how ow-based techniques can be used to detect scans, worms, Botnets and Denial of Service (DoS) attacks.  ...  Flow-based intrusion detection, since it relies only on header information, can address only a subset of the attacks presented above.  ... 
doi:10.1109/surv.2010.032210.00054 fatcat:jipkeihdfvcinbi34ahuk7j4q4

Cyber-attacks on the Oil & Gas sector: A survey on incident assessment and attack patterns

George Stergiopoulos, Dimitris Gritzalis, Evangelos Limnaios
2020 IEEE Access  
For each domain, we document and analyze verified attacks based on real-world reports and published demo attacks on systems.  ...  During the past two decades, oil and gas operational and information technology systems have experienced constant digital growth, closely followed by an increasing number of cyber-attacks on the newly  ...  We rely on the Common Attack Pattern Enumeration and Classification (CAPEC) and MITRE ATT&CK taxonomies to introduce basic attack types for O&G systems.  ... 
doi:10.1109/access.2020.3007960 fatcat:6xjtbwigvnaplfjijtq7x45eyq

Efficient Working of Signature Based Intrusion Detection Technique in Computer Networks

Abid Hussain, Praveen Kumar Sharma
2019 International Journal of Scientific Research in Computer Science Engineering and Information Technology  
In this paper, a signature based intrusion detection system approach has been proposed for computer network security.  ...  This concept has been around for the past several years but only recently, it has seen a dramatic rise in interest of researchers and system developers for incorporation into the overall information security  ...  For example, in the above example, instead of "I love you" if the subject is "love you", the system IV. COMPONENTS OF SIGNATURE BASED IDS This system works on the principle of matching.  ... 
doi:10.32628/cseit195215 fatcat:tb72wvotvvbttkvsw7ni2urocm

Data fusion algorithms for network anomaly detection: classification and evaluation

V. Chatzigiannakis, G. Androulidakis, K. Pelechrinis, S. Papavassiliou, V. Maglaris
2007 International Conference on Networking and Services (ICNS '07)  
, one based on the Demster-Shafer Theory of Evidence and one based on Principal Component Analysis, are described.  ...  In this paper, the problem of discovering anomalies in a large-scale network based on the data fusion of heterogeneous monitors is considered.  ...  Finally, entropy based methods use the concept of information entropy to describe the inherent randomness of a communication system.  ... 
doi:10.1109/icns.2007.49 dblp:conf/icns/ChatzigiannakisAPPM07 fatcat:mjbcscpevbgctoplkro3zzmgty

An Information Flow-Based Taxonomy to Understand the Nature of Software Vulnerabilities [chapter]

Daniela Oliveira, Jedidiah Crandall, Harry Kalodner, Nicole Morin, Megan Maher, Jesus Navarro, Felix Emiliano
2016 IFIP Advances in Information and Communication Technology  
This paper presents a taxonomy that views vulnerabilities as fractures in the interpretation of information as it flows in the system.  ...  Despite the emphasis on building secure software, the number of vulnerabilities found in our systems is increasing every year, and well-understood vulnerabilities continue to be exploited.  ...  The Taxonomy This paper introduces a new vulnerability taxonomy based on information flow.  ... 
doi:10.1007/978-3-319-33630-5_16 fatcat:7jw2tkptd5fzhe2q7s6n6taz7y
« Previous Showing results 1 — 15 out of 12,380 results