Network Security - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

A Game Theoretic Analysis of Intrusion Detection in Access Control Systems 2008-01-01 University of Illinois

This paper presents a game-theoretic analysis of intrusion detection in access control systems. A security game between the attacker and the intrusion detection system is investigated both in finite and continuous-kernel versions, where in the latter case players are associated with specific cost functions. The distributed virtual sensor network based on software agents with imperfect detection capabilities is also captured within the model introduced. This model is then extended to take the dynamic characteristics of the sensor network into account. Properties of the resulting dynamic system and repeated games between the players are discussed both analytically and numerically.

Tags: Security Tools, Intrusion Detection Systems

Bayesian Event Classification for Intrusion Detection 2008-01-01 University of California

Intrusion Detection Systems (IDSs) attempt to identify attacks by comparing collected data to predefined signatures known to be malicious (misuse-based IDSs) or to a model of legal behavior (anomaly-based IDSs). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behavior which may result in a large number of false alarms. Almost all current anomaly-based intrusion detection systems classify an input event as normal or anomalous by analyzing its features, utilizing a number of different models. A decision for an input event is made by aggregating the results of all employed models.

Tags: Security Tools, Intrusion Detection Systems

Toward Cost-Sensitive Modeling for Intrusion Detection and Response 2008-01-01 Columbia University

Intrusion Detection Systems (IDSs) must maximize the realization of security goals while minimizing costs. This paper studies the problem of building cost-sensitive intrusion detection models. The paper examines the major cost factors associated with an IDS, which include development cost, operational cost, damage cost due to successful intrusions, and the cost of manual and automated response to intrusions. These cost factors can be qualified according to a defined attack taxonomy and site-specific security policies and priorities. Cost models to formulate the total expected cost of an IDS is defined, and present cost-sensitive machine learning techniques that can produce detection models that are optimized for user-defined cost metrics.

Tags: Security Tools, Intrusion Detection Systems

A Stateful Intrusion Detection System for World-Wide Web Servers 2008-01-01 University of California

Web servers are ubiquitous, remotely accessible, and often misconfigured. In addition, custom web-based applications may introduce vulnerabilities that are overlooked even by the most security-conscious server administrators. Consequently, web servers are a popular target for hackers. To mitigate the security exposure associated with web servers, intrusion detection systems are deployed to analyze and screen incoming requests. The goal is to perform early detection of malicious activity and possibly prevent more serious damage to the protected site. Even though intrusion detection is critical for the security of web servers, the intrusion detection systems available today only perform very simple analyses and are often vulnerable to simple evasion techniques.

Tags: Security Tools, Intrusion Detection Systems

Anti-DDoS Virtualized Operating System 2007-12-31 Indian Institute of Technology Delhi

It is easier to detect a DDoS attack near the victim but it is of little use to do so. Many researchers believe that it would be best to handle DDoS attacks closer to the computers which host these attacks and have propounded various strategies for packet filtering at edge-routers. This paper makes three contributions over earlier work. First, it proposes that it is best to track illegitimate packets suspected to cause a DDoS at the source computer itself. Secondly, one comes up with a secure and efficient implementation (ADVOS: Anti-DDoS Virtualized Operating System) for packet filtering at the source computer itself. Security dependency on the integrity of the source operating system is removed by using virtualization to isolate the modules providing the protection capabilities.

Tags: Virtualization

Endpoint Security Simplified 2007-12-31 Symantec

Securing endpoints is essential to protect assets and maintain a solid business reputation. Traditional security solutions are proving inadequate against the latest threats. However, proactively and effectively securing endpoints is easily managed. While they are a necessity for small and mid-size businesses, endpoints can also be a huge liability if not properly secured. Today's SMBs face a threat landscape that involves stealthy, targeted, and financially motivated attacks aimed at exploiting vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving businesses vulnerable to data theft and manipulation, disruption of mission-critical services, and a damaged reputation.

Tags: Security Management

IBM Tivoli Identity Manager 2007-12-20 IBM

To effectively compete in today's business environment, companies are increasing the number of users - customers, employees, partners and suppliers - allowed to access information across applications, mainframes, service oriented architectures, the Web and other environments. As a result, CIOs today continually face two major challenges: meeting internal and regulatory compliance requirements while simultaneously striving for measurable return on investment. IBM Tivoli Identity Manager addresses these challenges by providing an easy-to-deploy, user-friendly tool that delivers security-rich, automated and policy-based user management across both existing systems and on demand business environments.

Tags: Security Management

How Cisco IT Upgraded Intrusion Prevention Software to Improve Endpoint Security 2007-12-17 Cisco Systems

Even with the successful deployment of Cisco Security Agent Version 4.0 in February 2004, threats to the network continued to grow. Each new worm, virus, or attack made it more important to secure the network from malicious behavior. New features and capabilities were needed beyond those found in Cisco Security Agent Version 4.0. Cisco IT worked to identify areas where improvements could be made and develop and test new features and capabilities. Cisco Security Agent Version 4.5 goes beyond conventional endpoint security solutions by identifying and preventing malicious behavior before it can occur, removing potential known and unknown security risks that threaten enterprise networks and applications.

Tags: Security Management, Intrusion Detection Systems

IT Manager Webcast: How Microsoft Does IT: Creating a Single-Sign on Payroll Experience Using Active Directory Federation Services (Level 100) 2007-12-12 Microsoft

To replace a solution that required separate authentication and did not meet Microsoft security password retrieval policies, Microsoft IT implemented a single-sign on experience for employees to access corporate payroll using Active Directory Federations Service and a third party solution, PingIdentity.

Tags: Directory Services

ProofMark Technical Overview 2007-12-12 ProofSpace

The ProofSpace technology is designed to verify to a high degree of trustworthiness the "time existence of data." To accomplish this, it employs a patented transient key technology to irrefutably link a given set of data (a digital file, for example) to a given interval of time. The linkage is embodied in a ProofMark, which is a certificate containing multiple cryptographic mechanisms that attest to the existence of the original data within the stated time interval.

Tags: Digital Signatures, Security Tools

Jump to 1 2 3 4 5 6 7 8 [9] 10

Title	Date Added	Company
A Game Theoretic Analysis of Intrusion Detection in Access Control Systems	2008-01-01	University of Illinois
This paper presents a game-theoretic analysis of intrusion detection in access control systems. A security game between the attacker and the intrusion detection system is investigated both in finite and continuous-kernel versions, where in the latter case players are associated with specific cost functions. The distributed virtual sensor network based on software agents with imperfect detection capabilities is also captured within the model introduced. This model is then extended to take the dynamic characteristics of the sensor network into account. Properties of the resulting dynamic system and repeated games between the players are discussed both analytically and numerically. Tags: Security Tools, Intrusion Detection Systems
Bayesian Event Classification for Intrusion Detection	2008-01-01	University of California
Intrusion Detection Systems (IDSs) attempt to identify attacks by comparing collected data to predefined signatures known to be malicious (misuse-based IDSs) or to a model of legal behavior (anomaly-based IDSs). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behavior which may result in a large number of false alarms. Almost all current anomaly-based intrusion detection systems classify an input event as normal or anomalous by analyzing its features, utilizing a number of different models. A decision for an input event is made by aggregating the results of all employed models. Tags: Security Tools, Intrusion Detection Systems
Toward Cost-Sensitive Modeling for Intrusion Detection and Response	2008-01-01	Columbia University
Intrusion Detection Systems (IDSs) must maximize the realization of security goals while minimizing costs. This paper studies the problem of building cost-sensitive intrusion detection models. The paper examines the major cost factors associated with an IDS, which include development cost, operational cost, damage cost due to successful intrusions, and the cost of manual and automated response to intrusions. These cost factors can be qualified according to a defined attack taxonomy and site-specific security policies and priorities. Cost models to formulate the total expected cost of an IDS is defined, and present cost-sensitive machine learning techniques that can produce detection models that are optimized for user-defined cost metrics. Tags: Security Tools, Intrusion Detection Systems
A Stateful Intrusion Detection System for World-Wide Web Servers	2008-01-01	University of California
Web servers are ubiquitous, remotely accessible, and often misconfigured. In addition, custom web-based applications may introduce vulnerabilities that are overlooked even by the most security-conscious server administrators. Consequently, web servers are a popular target for hackers. To mitigate the security exposure associated with web servers, intrusion detection systems are deployed to analyze and screen incoming requests. The goal is to perform early detection of malicious activity and possibly prevent more serious damage to the protected site. Even though intrusion detection is critical for the security of web servers, the intrusion detection systems available today only perform very simple analyses and are often vulnerable to simple evasion techniques. Tags: Security Tools, Intrusion Detection Systems
Anti-DDoS Virtualized Operating System	2007-12-31	Indian Institute of Technology Delhi
It is easier to detect a DDoS attack near the victim but it is of little use to do so. Many researchers believe that it would be best to handle DDoS attacks closer to the computers which host these attacks and have propounded various strategies for packet filtering at edge-routers. This paper makes three contributions over earlier work. First, it proposes that it is best to track illegitimate packets suspected to cause a DDoS at the source computer itself. Secondly, one comes up with a secure and efficient implementation (ADVOS: Anti-DDoS Virtualized Operating System) for packet filtering at the source computer itself. Security dependency on the integrity of the source operating system is removed by using virtualization to isolate the modules providing the protection capabilities. Tags: Virtualization
Endpoint Security Simplified	2007-12-31	Symantec
Securing endpoints is essential to protect assets and maintain a solid business reputation. Traditional security solutions are proving inadequate against the latest threats. However, proactively and effectively securing endpoints is easily managed. While they are a necessity for small and mid-size businesses, endpoints can also be a huge liability if not properly secured. Today's SMBs face a threat landscape that involves stealthy, targeted, and financially motivated attacks aimed at exploiting vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving businesses vulnerable to data theft and manipulation, disruption of mission-critical services, and a damaged reputation. Tags: Security Management
IBM Tivoli Identity Manager	2007-12-20	IBM
To effectively compete in today's business environment, companies are increasing the number of users - customers, employees, partners and suppliers - allowed to access information across applications, mainframes, service oriented architectures, the Web and other environments. As a result, CIOs today continually face two major challenges: meeting internal and regulatory compliance requirements while simultaneously striving for measurable return on investment. IBM Tivoli Identity Manager addresses these challenges by providing an easy-to-deploy, user-friendly tool that delivers security-rich, automated and policy-based user management across both existing systems and on demand business environments. Tags: Security Management
How Cisco IT Upgraded Intrusion Prevention Software to Improve Endpoint Security	2007-12-17	Cisco Systems
Even with the successful deployment of Cisco Security Agent Version 4.0 in February 2004, threats to the network continued to grow. Each new worm, virus, or attack made it more important to secure the network from malicious behavior. New features and capabilities were needed beyond those found in Cisco Security Agent Version 4.0. Cisco IT worked to identify areas where improvements could be made and develop and test new features and capabilities. Cisco Security Agent Version 4.5 goes beyond conventional endpoint security solutions by identifying and preventing malicious behavior before it can occur, removing potential known and unknown security risks that threaten enterprise networks and applications. Tags: Security Management, Intrusion Detection Systems
IT Manager Webcast: How Microsoft Does IT: Creating a Single-Sign on Payroll Experience Using Active Directory Federation Services (Level 100)	2007-12-12	Microsoft
To replace a solution that required separate authentication and did not meet Microsoft security password retrieval policies, Microsoft IT implemented a single-sign on experience for employees to access corporate payroll using Active Directory Federations Service and a third party solution, PingIdentity. Tags: Directory Services
ProofMark Technical Overview	2007-12-12	ProofSpace
The ProofSpace technology is designed to verify to a high degree of trustworthiness the "time existence of data." To accomplish this, it employs a patented transient key technology to irrefutably link a given set of data (a digital file, for example) to a given interval of time. The linkage is embodied in a ProofMark, which is a certificate containing multiple cryptographic mechanisms that attest to the existence of the original data within the stated time interval. Tags: Digital Signatures, Security Tools

Security

Featured Whitepapers

Member Login

Webcast: Maximizing Data Protection with Disk-Based Backup

HP Simply StorageWorks D2D Backup System

Industry Watch: Healthcare