The configuration and detection strategies for information security systems

Intrusion Detection Systems (IDSs) have become an important element of the Information Technology (IT) security architecture by identifying intrusions from both insiders and outsiders. However, security experts questioned the effectiveness of IDSs recently. The criticism known as Base Rate fallacy states that when IDS raises an alarm, the event is more likely to be benign rather than intrusive since the proportion of benign activity is significantly larger than that of intrusive activity in the user population. In response to too many false alarms, system security officers (SSO) either ignore alarm signals or turn off the IDS as the information provided by IDS is very skeptical. To alleviate this problem of IDSs, Ogut et al. (2008) [6] suggest that the firm may choose to wait to get additional signal and to make better decision about user type. One of the limitations of their model is that configuration point at which IDSs operate (the false negative and false positive rates) is exogenously given. However, the firm trying to minimize expected cost should also make a decision regarding the configuration level of IDSs since these probabilities are one of the determinants of future cost. Therefore, we extend Ogut et al. (2008) [6] by considering configuration and waiting time decisions jointly in this paper. We formulate the problem as dynamic programming model and illustrate the solution procedure for waiting time and configuration decision under optimal policy when cost of undetected hacker activity follows step wise function. As it is difficult to obtain waiting time and configuration decision under optimal policy, we illustrate the solution procedures for under myopic policy and focus on the characteristics of configuration decision under myopic policy. Our numerical analysis suggested that configuration decision is as important as waiting time decision to decrease the cost of operating IDS.     

The influence of self-esteem and locus of control on perceived email-related stress

Electronic mail has become an indispensable tool in business and academia, and personal use is increasing every day. However, there is also evidence that Email, unlike more traditional communication media, can exert a powerful hold over its users and that many computer users experience stress as a direct result of email-related pressure. This paper develops a three-fold typology of orientations to email: ‘relaxed’, ‘driven’ and ‘stressed’. It further investigates whether the personality traits of self-esteem and locus of control are associated with email-related stress. It finds that low self-esteem is associated with the ‘driven’ orientation. It further suggests that the ‘stressed’ orientation may be related to how distractive email is perceived to be, compared with other forms of communication.     

一个快速的关联模式并行挖掘算法

由于目前大多数入侵侦测系统均基于专家知识的手工译码而构建,其更新十分缓慢和昂贵。显然从审计数据挖掘得出的频繁模式可以作为可靠的入侵侦测模型。因此,针对这一问题,文章提出一个快速有效的并行算法,该算法提取用来描述每一网络连接特征的扩充集合,并获知准确捕获入侵行为和正常活动的频繁模式,从而使得模型构建和不断更新简单易行。     

一个快速的关联模式并行挖掘算法

由于目前大多数入侵侦测系统均基于专家知识的手工译码而构建,其更新十分缓慢和昂贵。显然从审计数据挖掘得出的频繁模式可以作为可靠的入侵侦测模型。因此,针对这一问题,提出一个快速有效的并行算法,该算法提取用来描述每一网络连接特征的扩充集合,并获知准确捕获入侵行为和正常活动的频繁模式,从而使得模型构建和不断更新简单易行。     

First connections: teachers and the National Grid for Learning

The swift introduction of Information and Communications Technology (ICT) into schools is the aim of initiatives involving the teaching profession, parents and pupils, government and commercial interests. Teachers’ attempts to integrate ICT into their classroom practice may be affected by such factors as access to updated technology, appropriate training, and realistic time management. Nevertheless the British governments aim is that all teachers acquire network literacy by the year 2002. Using a linked group of schools, teachers’ opinions and ideas about ICT were gathered as the National Grid for Learning was introduced. Theories of learning as ‘community joining’ were applied in an analysis of the data to create an emerging model of teachers as users of ICT. This model was then used to help formulate the ICT Development Policy of a case study school. On the basis of this empirical evidence, some key factors enabling teachers to work towards network literacy and ‘Adept User’ status are discussed. In conclusion this paper suggests that successful implementation of ICT initiatives generating educationally effective practice is ultimately dependent on the professional development of teachers.     

Using artificial anomalies to detect unknown and known network intrusions

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both known and unknown intrusions). We show the necessity of artificial anomalies by discussing the failure to use conventional inductive learning methods to detect anomalies. We propose an algorithm to generate artificial anomalies to coerce the inductive learner into discovering an accurate boundary between known classes (normal connections and known intrusions) and anomalies. Empirical studies show that our pure anomaly-detection model trained using normal and artificial anomalies is capable of detecting more than 77% of all unknown intrusion classes with more than 50% accuracy per intrusion class. The combined misuse and anomaly-detection models are as accurate as a pure misuse detection model in detecting known intrusions and are capable of detecting at least 50% of unknown intrusion classes with accuracy measurements between 75 and 100% per class.     

入侵响应中基于事件相关性的攻击预测算法

目前的入侵检测系统(IDS)中的响应单元只对检测出的当前安全事件做出响应,而忽略了攻击事件间隐藏的关系及攻击的最终目的。本文针对上述问题在IDS的响应单元中提出了一个利用攻击事件间的相关性对攻击的最终目的进行预测的算法。实验证明该算法提高了网络的预警能力,减少了对误报的响应,并能发现分析引擎的漏报情况。     

增量式健壮主成分分类器的无监督异常检测方法研究

传统的入侵检测算法对数据集的研究都是针对静态训练数据的,对于动态数据却显得无能为力。但在实际应用中,入侵行为层出不穷,入侵检测系统应能对新的入侵行为进行增量学习。为了解决该问题,在前期工作的基础上,提出一种基于增量式分类器的无监督异常检测方法;实验表明：该方法在训练数据为动态情况下,能够有效检测未知入侵,在检测率、误警率方面都达到较满意的结果,并在效率上有较大提高。     

A hybrid intrusion detection system design for computer network security

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project.The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system.     

An ethnographic, action-based approach to human experience in virtual environments

This paper addresses a sensitive issue, of presence experienced by people interacting with a virtual environment (VE). Understanding ‘presence’, both theoretically and empirically, is important for designers interested in building effective computer-mediated environments for learning and work activities. The concept of presence has been treated mostly as a state of mind, to be investigated through ‘objective’ and ‘subjective’ measurement devices. The authors propose to add a different approach, which can address presence as an action-based process. This approach considers presence as the ongoing result of the actions performed in an environment and the local and cultural resources deployed by actors. In this sense, ‘presence’ can be captured by monitoring the sequence of participants’ actions and the aspects of the environment that are involved in this process; discourse/interaction analysis represents a fitting method for this goal. Sequences of interaction with a virtual library are used to illustrate some core aspects of an ethnographic, action-based approach to presence, such as the action possibilities envisaged by participants, the configuration of the virtual objects, the norms that regulate the interaction, the resources that are imported in the VE. These aspects are a necessary step to understand users’ presence in the VE and to plan consequent interventions to ameliorate the design of the interface.     

A new trust-based mechanism for detecting intrusions in MANET

Providing security to Mobile Ad-hoc Networks (MANET) is a challenging and demanding task. It is important to secure the network against intrusions in MANET for assuring the development of services. For this purpose, some intrusion-detection systems (IDSs) have been developed in traditional works. However, these have some drawbacks, such as that there is no assurance for public key authentication, certificate validation between two nodes is not possible, and they require a large amount of time for processing. To overcome all these issues, a Trust-Based Authentication Routing with Bio-Inspired Intrusion Detection System (TRAB-IDS) is developed in this article. The main aim of this article is to provide security to the network against harmful intrusions. Here, the trust and deep packet inspection (DPI) concepts are integrated for improving the security. Moreover, the certificate authority generates a public and private key pair for initiating the route agent and authenticating the neighboring nodes. Based on the trust of the node, the packet is forwarded to the intermediate node by calculating a bogus key. Then, the DPI is initiated for extracting the packet features and the similarity between the features is estimated. If the packet is matched with the attacker, an error report will be forwarded to the certificate authority; otherwise, the packet will be forwarded to the other node. The experimental results evaluate the performance of the proposed TRAB-IDS in terms of delivery ratio, delay, security cost, and misdetection ratio.     

A software platform for testing intrusion detection systems

Intrusion detection systems monitor system activities to identify unauthorized use, misuse, or abuse. IDSs offer a defense when your system's vulnerabilities are exploited and do so without requiring you to replace expensive equipment. The steady growth in research on intrusion detection systems has created a demand for tools and methods to test their effectiveness. The authors have developed a software platform that both simulates intrusions and supports their systematic methodology for IDS testing     

Controller synthesis via the 4-polynomial approach

In some recent work it was shown that to stabilize systems with real parameter uncertainty it suffices to find a controller that simultaneously stabilizes a finite number of polynomials. These polynomials include those generated from the ‘vertex’ plants as well as some generated by some ‘fictitious’ vertex plants that involve the controller. This paper deals with the issues of existence of such a controller, controller synthesis, and conservativeness of the design. It is shown how this approach can ‘enhance’ the stability robustness of an H_∞ design.     

Implementation of Biometric Systems — Security and Privacy Considerations

As biometric systems are deployed within security systems, or as part of identification programs, implementation issues relating to security and privacy need to be considered. The role of a biometric system is to recognize (or not) an individual through specific physiological or behavioral traits. The use of the word ‘recognize’ is significant — defined in the Oxford Dictionary as “identify as already known”. In other words, a biometric system does not establish the identity of an individual in any way, it merely recognizes that they are who they say they are (in a verification or a ‘positive identification’ system), or that they were not previously known to the system (in a ‘negative identification’ system, for example, to avoid double enrollment in a welfare system). This tie between the actual identity of an individual and the use of biometrics is subtle and provokes much debate, particularly relating to privacy and other societal issues. This paper seeks to clarify come of these issues by providing a framework, and by distinguishing between technology and societal issues.     

Interpreting SWRL Rules in RDF Graphs

An unresolved issue in SWRL (the Semantic Web Rule Language) is whether the intended semantics of its RDF representation can be described as an extension of the W3C RDF semantics. In this paper we propose to make the model-theoretic semantics of SWRL compatible with RDF by interpreting SWRL rules in RDF graphs. For dealing with SWRL/RDF rules, we regard ‘Implies’ as an OWL class, and extract all ‘Implies’ rules from an RDF database that represents a SWRL knowledge base. Each ‘Implies’ rule is grounded through mappings built into the semantic conditions of the model theory. Based on the fixpoint semantics, a bottom-up strategy is employed to compute the least Herbrand models.     

Efference copies in neural control of dynamic biped walking

In the early 1950s, von Holst and Mittelstaedt proposed that motor commands copied within the central nervous system (efference copy) help to distinguish ‘reafference’ activity (afference activity due to self-generated motion) from ‘exafference’ activity (afference activity due to external stimulus). In addition, an efference copy can be also used to compare it with the actual sensory feedback in order to suppress self-generated sensations. Based on these biological findings, we conduct here two experimental studies on our biped “RunBot” where such principles together with neural forward models are applied to RunBot’s dynamic locomotion control. The main purpose of this article is to present the modular design of RunBot’s control architecture and discuss how the inherent dynamic properties of the different modules lead to the required signal processing. We believe that the experimental studies pursued here will sharpen our understanding of how the efference copies influence dynamic locomotion control to the benefit of modern neural control strategies in robots.     

Control and design problems in material processing—how can process systems engineers contribute to material processing?

‘Process control and systems engineering’ is not just a subject of study for controlling and designing ‘a plant’ and/or ‘a unit operation’. It also deals with any control and design problems related to physical and chemical phenomena occurring in short time-scale and at nano, meso as well as micro-scale levels. In materials processing, controlling the material structure is of primary importance for realizing high material performance and functions. The phenomena determining the material structure often involve phase separation and/or occur on the surface of the materials, at small level and in short time-scale. To control these phenomena, the current feedback design schemes, where controlled variables are measured by ‘externally equipped sensors’ and fed back to a ‘externally designed controller’, are no longer effective due to the shortness of time and smallness of spatial scales of the objects. Making reference to two novel polymer-processing processes, a micro-cellular polymeric foaming process and surface coating injection-molding process, we discuss how process control and process systems engineers can contribute to controlling the structure of materials.     

Assessing the ‘insider–outsider threat’ duality in the context of the development of public–private partnerships delivering ‘choice’ in healthcare services: A sociomaterial critique

Containing the ‘outsider’ threat to the information systems of organisations as well as recognising the disruptive potential of ‘insiders’ are fundamentals of security management. However, the recent development of public–private partnerships in the UK requires a reassessment of the continuing utility of such dualities. This paper draws upon a sociological understanding of the complexities of organisational practices as well as a grounded case study of the implementation of the NHS ‘Choose and book’ service across both public and private healthcare organisations in order to challenge these essentialist forms of sociotechnical analysis. The paper proposes a sociomaterial understanding of information systems and organisational dynamics that does not seek to separate out distinct ‘human’ and ‘technical’ information security risks. Rather, it asserts that the organisational outcomes of the introduction of new information systems are necessarily emergent and contingent, and it is with these indeterminate realities that security analysts have to engage.     

The role of student learning styles, gender, attitudes and perceptions on information and communication technology assisted learning

The present study adopts an illuminative approach to evaluate students’ initial attitudes towards the use of information and communication technology (ICT). Ninety-nine undergraduate science students participated in this study and their learning styles were classified according to Honey and Mumford (1986) (Honey, P., Mumford, A., 1986. The Manual of Learning styles. Peter Honey, 10 Linden Avenue, Maidenhead) learning style questionnaire. Student learning styles were classified as activist, reflector, theorist, or pragmatist. No significant difference in learning styles was observed between genders and between student cohorts. Six dimensions to student attitudes toward ICT were identified as follows; ‘comfort’, ‘interactivity’, ‘self-satisfaction’, ‘value new technology’, ‘experience’ and ‘context’. Students exhibited low scores in the attitude dimensions of ‘value new technology’, ‘interactivity’ and ‘context’ indicating that they were uncomfortable with computers, were unhappy about the lack of personal contact and would prefer to learn in a more traditional mode. A significant, though weak, negative correlation between the ‘theorist’ and the ‘interactivity’ and ‘context’ attitude dimensions was also observed. In addition, based on the results of this study it appears that first year students exhibit a more positive perception of ICT supported learning than second and third year students. Though the use of ICT in higher education is becoming more widespread based on the results of this study student use of the technology may be limited by a negative attitude toward a style of teaching which is not consistent with their past learning experiences.