Small-to-medium sized businesses lack resources to deploy and manage high-end advanced solutions to deter sophisticated threats from well-funded adversaries, but evidence shows that these types of businesses are becoming key targets. As malicious code and network attacks become more sophisticated, classic signature-based virus and malware detection methods are less effective. To augment the current malware methods of detection, we developed a proactive approach to detect emerging malware threats using open source tools and intelligence to discover patterns and behaviors of malicious attacks and adversaries. Technical and analytical skills are combined to track adversarial behavior, methods and techniques.
We established a controlled (separated domain) network to identify, monitor, and track malware behavior to increase understanding of the methods and techniques used by cyber adversaries. We created a suite of tools that observe the network and system performance looking for anomalies that may be caused by malware. The toolset collects information from open-source tools and provides meaningful indicators that the system was under or has been attacked. When malware is discovered, we analyzed and reverse engineered it to determine how it could be detected and prevented. Results have shown that with minimum resources, cost effective capabilities can be developed to detect abnormal behavior that may indicate malicious software.
KEYWORDS: Clouds, Data modeling, Computer security, Information security, Network security, Data storage, Performance modeling, Information technology, Information assurance, Analytical research
As more enterprises are enticed to move data to a cloud environment to enhance data sharing and reduce
operating costs by exploiting shared resources, concerns have risen over the ability to secure information
within the cloud. This paper examines how a traditional Identity and Access Control (IDAM) architecture can
be adapted to address security concerns of a cloud environment. We propose changing the paradigm of
IDAM form a pure trust model to a risk based model will enable information to be protected securely in a cloud
environment without impacting efficiencies of cloud environments.
KEYWORDS: Information security, Control systems, Mathematical modeling, Optimization (mathematics), Network security, Composites, Computer programming, Computer security, Systems modeling, Binary data
A new mathematical model for the prediction of the security figure of merit of an assured
information system is proposed. The security effectiveness figure of merit is defined as a
multi-variate composite function of the strength of security mechanism, usability,
performance, and cost. The problem of determining the optimal set of security controls for a
given system is then formulated as mathematical optimization problem and the potential
methods of approach are addressed. The concept is illustrated with a simple example and the
conclusions bring out the benefits of the model.
KEYWORDS: Performance modeling, Systems modeling, Computer security, Solid state lighting, Information assurance, Network security, Information security, Symmetric-key encryption, Optical filters, Computing systems
An analytical performance model for a generic secure messaging system is formulated as a multi-class
queuing network. The model includes assessment of the impact of security features such as secret key
encryption/ decryption, signature generation/verification, and certificate validation, on overall performance.
Findings of sensitivity analysis with respect to message rate, WAN transmission link, SSL encryption,
message size, and distance between servers is also presented. Finally, the description of how the model can
be adopted for making performance based architectural design options is outlined.
Conference Committee Involvement (2)
Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009
15 April 2009 | Orlando, Florida, United States
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.