Detection of Intrusions and Malware, and Vulnerability Assessment

Name: Detection of Intrusions and Malware, and Vulnerability Assessment | 8th International Conference, DIMVA 2011, Amsterdam, The Netherlands, July 7-8, 2011, Proceedings
Brand: Springer
Price: 53.49 EUR
Availability: OnlineOnly

8th International Conference, DIMVA 2011, Amsterdam, The Netherlands, July 7-8, 2011, Proceedings

Thorsten Holz Herbert Bos(Editor)

Springer (Publisher)

Published on 21. June 2011

X, 235 pages

E-Book

PDF with digital watermarking

System requirements

978-3-642-22424-9 (ISBN)

€53.49incl. 7% vat

System requirements

for PDF with digital watermarking

E-Book Single Licence

Available for download

Description

More details

Other editions

Content

Title Page
Preface
Organization
Table of Contents
Network Security I
Protecting against DNS ReflectionAttacks with Bloom Filters
Introduction
Security Concerns in the Domain Name System
DNS Reflection Attacks
Making it Stronger
Bloom Filters
Partitioned Bloom Filters
Protecting from the Attack: The Exact Approach
Protecting with Bloom Filters
Practical Implementation
Test Environment and Results
Conclusions
Effective Network Vulnerability Assessment through Model Abstraction
Introduction
Network Model Abstraction
Abstraction Criteria
Similarity among hosts.
Similarity among vulnerabilities.
Abstraction Steps
Reachability-based grouping.
Vulnerability grouping.
Configuration-based breakdown.
Experimentation Result
Attack Graph Generation
Quantitative Security Metrics
Related Work
Conclusion and Future Work
Decoy Document Deployment for Effective Masquerade Attack Detection
Introduction
Related Work
Trap-Based Masquerader Detection Approach
Threat Model
Trap-Based Decoys
Decoy Documents Access Sensor
User Study 1
Experiment Design
Experiment Findings
Interference Increases With More Decoy Files:
Distribution of False Positives:
Placement of Decoy Files:
Differentiability to the User is Not Enough:
User Study 2
Experiment Design
Experimental Set-Up
Experiment Findings
The Use of Decoys is Effective:
Recommended Number of Decoys:
High Number of Decoy Accesses is Indicative of Attacker's Malicious Intent:
The Use of Decoys is Efficient:
Decoy Placement is Important:
Conspicuousness Comes First:
Discussion and Recommendations
Recommendation 1
Recommendation 2
Conclusion
Attacks
Reverse Social Engineering Attacks in Online Social Networks
Introduction
Reverse Social Engineering in Social Networks
RSE Attacks in the Real-World
Ethical and Legal Considerations
Influencing Friend Recommendations
Measuring RSE Effects by Creating Attack Profiles
Automating the Measurement Process.
Experimental Results
Recommendation-Based RSE Attack
Demographic-Based Experiment
Visitor Tracking Experiment
Discussion and Lessons Learned
RSE Countermeasures in OSN
Related Work
Conclusion
Timing Attacks on PIN Input in VoIP Networks (Short Paper)
Introduction
Background in VoIP
Attacks
Recover Inter-Keystroke Delays
The Impact of Networking Conditions
Reducing the Search Space
Experiments
Priori-Knowledge Preparation
Results for PIN Inference
Related work
Conclusion and Future Work
Appendix: Inter-stroke delay of key pairs
Web Security
Biting the Hand That Serves You: A closer look at client-side Flash proxies for cross-domain requests
Introduction
Client-Side Cross-Domain HTTP Requests
Technical Background
Use Cases for Client-Side Cross-Domain HTTP Requests
The Current Move towards Native Browser Capabilities
Client-Side Cross-Domain Flash-Proxies for Legacy Browsers
Security Implications of Client-Side Cross-Domain HTTP Requests
Abusing Client-Site Cross-Domain Flash Proxies
Subtle Differences in the SOP
Attack Vectors
Survey of Published Flash Proxies
Analysis
Methods to Provide Secure Client-Side Flash Proxy Functionality
Secure Inclusion via CSRF Protection
Flexibly Restricting the Flash-to-JavaScript Interface
Securely Offering Public Flash Interfaces
Problem: An Untrustworthy Interface
Solution: Redirection to Fragment Identifier
Related Work
Conclusion
Mitigating Cross-Site Form History Spamming Attacks with Domain-Based Ranking
Introduction
Background
Attacks
The Permissiveness in Autocomplete
Basic Spamming Attacks
Advanced Spamming Attacks
Defenses
The Domain-Based Ranking Mechanism
Security and Usability Analysis
Deployment Analysis
Implementation and Evaluation
Related Work
Conclusion
Escape from Monkey Island: Evading High-Interaction Honeyclients
Introduction
Related Work
Honeyclients
Security Requirements for High-Interaction Honeyclients
Design Choices for High-Interaction Honeyclients
Honeyclients in Practice
Attacks against Honeyclients
Detection of the Monitoring Environment
Detection Evasion
Summary
Attacks in the Real World
Countermeasures
Transparency
Protecting the Monitoring System
Conclusions
Network Security II
An Assessment of Overt Malicious Activity Manifest in Residential Networks
Introduction
Methodology
Data Sets
Operating Systems
Manifestations of Compromised Systems
Security Hygiene and Risky Behavior
European ISP
University
AirJaldi
LBNL
Malicious Activity
European ISP
University
AirJaldi
LBNL
Related Work
Conclusion
What's Clicking What? Techniques and Innovations of Today's Clickbots
Introduction
Related Work
Methodology
The Fiesta Clickbot
C&C Structure
Fiesta Economic Model
Prevalence
The 7cy Clickbot
C&C Structure
Specific Fraud Example
7cy Economic Model
Timing and Location Specific Behaviors
Discussion and Conclusion
MISHIMA: Multilateration of Internet Hosts Hidden Using Malicious Fast-Flux Agents (Short Paper)
Introduction
Background and Related Work
Fast-Flux Service Networks
Network Coordinates
Approach
Calculation of Proxy Network Coordinates
Mothership Network Coordinate Calculation
IP Graph
Experimental Results
Attacks & Shortcomings
Conclusions
Host Security
Code Pointer Masking: Hardening Applications against Code Injection Attacks
Introduction
Background: Code Injection Countermeasures
Code Pointer Masking
General Overview
Assumptions
Masking the Return Address
Masking Function Pointers
Masking the Global Offset Table
Masking Other Code Pointers
Implementation
Function Epilogue Modifications
Procedure Linkage Table Entries
Protecting Other Code Pointers
Limitations of the Prototype
Evaluation
Compatibility, Performance and Memory Overhead
Security Evaluation
Discussion and Ongoing Work
Related work
Conclusion
Operating System Interface Obfuscation and the Revealing of Hidden Operations
Introduction
Related Work
System Call Obfuscation via Illusion Attacks
Motivation
Abilities of the Attacker
Attack Overview
The Illusion Kernel Module
Implementations
Foundation
Discussion
Sherlock
Threat Model
Exposing Kernel Execution Behavior
Modeling System Call Handler Execution
Adaptive Design
Evaluation
False Positive Analysis
Performance
Discussion
Conclusions
Author Index

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Detection of Intrusions and Malware, and Vulnerability Assessment

Description

More details

Other editions

Additional editions

Content

System requirements