Computational Intelligence in Security for Information Systems (CISIS 2011)

Abstract Spam has become a major issue in computer security because it is a channel for threats such as computer viruses, worms and phishing. Many solutions feature machine-learning algorithms trained using statistical representations of the terms that usually appear in the e-mails. Still, these methods require a training step with labelled data. Dealing with the […]

Detecting Bad-Mouthing Attacks on Reputation Systems Using Self-Organizing Maps (Machine Learning and Intelligence)

Abstract It has been demonstrated that rating trust and reputation of individual nodes is an effective approach in distributed environments in order to improve security, support decision-making and promote node collaboration. Nevertheless, these systems are vulnerable to deliberate false or unfair testimonies. In one scenario the attackers collude to give negative feedback on the victim […]

Approach Based Ensemble Methods for Better and Faster Intrusion Detection (Machine Learning and Intelligence)

Abstract This study introduces a new method based on Greedy-Boost, a multiple classifier system, for better and faster intrusion detection. Detection of the anomalies in the data-processing networks is regarded as a problem of data classification allowing to use data mining and machine learning techniques to perform intrusion detection. With such automatic processing procedures, human […]

Application of the Generic Feature Selection Measure in Detection of Web Attacks (Machine Learning and Intelligence)

Abstract Feature selection for filtering HTTP-traffic in Web application firewalls (WAFs) is an important task. We focus on the Generic-Feature-Selection (GeFS) measure [4], which was successfully tested on low-level package filters, i.e., the KDD CUP’99 dataset. However, the performance of the GeFS measure in analyzing high-level HTTP-traffic is still unknown. In this paper we study […]

Data Aggregation Based on Fuzzy Logic for VANETs (Machine Learning and Intelligence)

Abstract Data aggregation is mainly used to combine similar or equal information sent by different nodes of a network before forwarding it with the aim of reducing the number of messages. This is particularly important in Vehicular Ad-hoc NETworks (VANETs) where vehicles broadcast information about the road traffic situation, what can lead to overload the […]

Digging into IP Flow Records with a Visual Kernel Method (Network Security)

Abstract This paper presents a network monitoring framework with an intuitive visualization engine. The framework leverages a kernel method with spatial and temporal aggregated IP flows for the off/online processing of Netflow records and full packet captures from ISP and hon-eypot input data and is operating on aggregated Netflow records and is supporting network management […]

Opcode-Sequence-Based Semi-supervised Unknown Malware Detection (Network Security)

Abstract Malware is any computer software potentially harmful to both computers and networks. The amount of malware is growing every year and poses a serious global security threat. Signature-based detection is the most extended method in commercial antivirus software, however, it consistently fails to detect new malware. Supervised machine learning has been adopted to solve […]

A New Alert Correlation Algorithm Based on Attack Graph (Network Security)

Abstract Intrusion Detection Systems (IDS) are widely deployed in computer networks. As modern attacks are getting more sophisticated and the number of sensors and network nodes grows, the problem of false positives and alert analysis becomes more difficult to solve. Alert correlation was proposed to analyze alerts and to decrease false positives. Knowledge about the […]

A Qualitative Survey of Active TCP/IP Fingerprinting Tools and Techniques for Operating Systems Identification (Network Security)

Abstract TCP/IP fingerprinting is the process of identifying the Operating System (OS) of a remote machine through a TCP/IP based computer network. This process has applications close related to network security and both intrusion and defense procedures may use this process to achieve their objectives. There are a large set of methods that performs this […]

Security Alert Correlation Using Growing Neural Gas (Network Security)

Abstract The use of alert correlation methods in Distributed Intrusion Detection Systems (DIDS) has become an important process to address some of the current problems in this area. However, the efficiency obtained is far from optimal results. This paper presents a novel approach based on the integration of multiple correlation methods by using the neural […]