Icc2009

•Download as PPT, PDF•

0 likes•383 views

Presentation of the paper "HMM-Web: a framework for the detection off attacks against Web Applications" at the IEEE International Conference on Communications, Dresden, Germany, June 14-18 2009

HMM-Web: a framework for the detection off attacks against Web Applications I. Corona, D. Ariu, G. Giacinto June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu Pattern Recognition and Applications Group Department of Electrical and Electronic Engineering University of Cagliari, Italy PRA Pattern Recognition and Applications Group Presenter Davide Ariu R A P

Motivations ,[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Motivations June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu Source: X-Force® 2008 Trend & Risk Report – January 2009

Protection of Web Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

HMM-Web ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

An usage scenario June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Request URI Modelling ,[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Request URI Modelling ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Classifier Ensemble ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

IDS-Scheme June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Noise in the training set ,[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Noise in the training set ,[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Noise in the training set Countermeasure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Noise in the training set Countermeasure ,[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Attribute value codification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Experimental Setup ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Experimental Results Effectiveness of attributes’ codification June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu The curve on the right has been obtained using the codification proposed by Kruegel et al. In “A multimodel approach to the detection of web-based attacks”, Computer Networks, 2005.

Experimental Result Effectiveness of the MCS Approach June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Conclusions ,[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Questions? June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

Similar to Icc2009

A perspective on web testing.ppt

sivaprasanth rentala

Ibm business partner connect 2015 long fong yee v1 (read-only)

Fong Yee Long

2018 ibm agile engineering summit - spotlight presentation

M Kevin McHugh

Check out more info at https://hashmi.ca IBM Engineering Lifecycle Management (ELM) Benefits More effective requirements management establishing single-source of truth and traceability offering higher product quality Automatically create system specifications, interface design documents, test cases, and track progress of work items to drive constant process improvement Continuous risk-based testing with prioritization, assessment, and automation improving product quality Enhance productivity and product quality byinfusing AI throughout workflows Improved decision making through visualization, prototyping, simulation, and analysis Optimize engineering productivity through reuseand variant management

IBM elm alm overview-software engineerin-lifecycle-management

Imran Hashmi

Rational application-security-071411

Scott Althouse

Research challenges and issues in web security

IAEME Publication

Web Application Testing for Today’s Biggest and Emerging Threats

Alan Kan

REPORT1 new

sowmya seles

IRJET- Machine Learning based Network Security

IRJET Journal

Bank One App Sec Training

Mike Spaulding

Autonomic cloud emerge as a result of emerging four properties of autonomic computing in cloud that are self-healing, self-monitoring, self-repairing and self-optimization We have defined a methodology to improve the security in cloud computing and also defined a methodology that can ensure the autonomic management in autonomic cloud computing We have selected 1 of the 7 properties of the autonomic cloud computing that is autonomic management Our main focus is on the security enhancement and avoidance of cloud intrusion in autonomic cloud computing Bilal Hussain CH "Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18378.pdf

Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing

ijtsrd

A perspective on web testing

sivaprasanth rentala

A perspective on web testing

sivaprasanth rentala

Despite being on vulnerability “Top 10” lists for many years, application vulnerabilities such as SQL injection and Cross-Site scripting continue to be significant attack paradigms for organizational data breaches. In fact, the IBM X-Force 2013 Mid-Year Trend and Risk Report confirmed that SQL Injection (SQLi) remained the most common paradigm for attackers to breach organizational security controls. Meanwhile, Cross-Site Scripting continued to be the most common type of application vulnerability. In this session, we review the latest trends in application and mobile security vulnerabilities, and how to combat them with improved security awareness, organizational controls and application security testing technologies. We also address how to improve application security on your organization’s mobile devices.

What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec

IBM Security

Flipping the Script & Changing the Game in Cyber

scoopnewsgroup

Presentation from the Cyber Security Briefing held in Ottawa on June 12, 2013. -Keynote: Security Trends and Risk Mitigation for the Public Sector - Presented by: Sandy Bird, CTO - Security Division, IBM Canada Ltd. - Application Security for mobile and web applications - Presented by: Patrick Vandenberg, Program Director, IBM Security Segment Marketing - Detect Threat and Mitigate Risk Using Security Intelligence - Presented by: Sandy Bird, CTO - Security Division, IBM Canada Ltd.

Security Trends and Risk Mitigation for the Public Sector

IBMGovernmentCA

IBM Support for CIM and the Common Grid Model Exchange Standard

Nada Reinprecht

Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. In this session, we describe the opportunities and challenges of bringing FIPS 140 to the cloud. We review the current state and new, automated approaches that are under evaluation at the National Institute of Standards and Technology (NIST).

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

Amazon Web Services

Web Application Security

Colin English

IRJET - A Joint Optimization Approach to Security and Insurance Managemen...

IRJET Journal

Similar to Icc2009 (20)

A perspective on web testing.ppt

Ibm business partner connect 2015 long fong yee v1 (read-only)

2018 ibm agile engineering summit - spotlight presentation

IBM elm alm overview-software engineerin-lifecycle-management

Rational application-security-071411

Research challenges and issues in web security

Web Application Testing for Today’s Biggest and Emerging Threats

REPORT1 new

IRJET- Machine Learning based Network Security

Bank One App Sec Training

Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing

A perspective on web testing

What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec

Flipping the Script & Changing the Game in Cyber

Security Trends and Risk Mitigation for the Public Sector

IBM Support for CIM and the Common Grid Model Exchange Standard

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

Web Application Security

IRJET - A Joint Optimization Approach to Security and Insurance Managemen...

More from Pluribus One

Smart Textiles - Prospettive di mercato - Davide Ariu

Pluribus One

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...

Pluribus One

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...

Pluribus One

Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...

Pluribus One

WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019

Pluribus One

Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...

Pluribus One

On Security and Sparsity of Linear Classifiers for Adversarial Settings

Pluribus One

Secure Kernel Machines against Evasion Attacks

Pluribus One

Learning in adversarial settings is becoming an important task for application domains where attackers may inject malicious data into the training set to subvert normal operation of data-driven technologies. Feature selection has been widely used in machine learning for security applications to improve generalization and computational efficiency, although it is not clear whether its use may be beneficial or even counterproductive when training data are poisoned by intelligent attackers. In this work, we shed light on this issue by providing a framework to investigate the robustness of popular feature selection methods, including LASSO, ridge regression and the elastic net. Our results on malware detection show that feature selection methods can be significantly compromised under attack (we can reduce LASSO to almost random choices of feature sets by careful insertion of less than 5% poisoned training samples), highlighting the need for specific countermeasures.

Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...

Pluribus One

Clustering algorithms have become a popular tool in computer security to analyze the behavior of malware variants, identify novel malware families, and generate signatures for antivirus systems. However, the suitability of clustering algorithms for security-sensitive settings has been recently questioned by showing that they can be significantly compromised if an attacker can exercise some control over the input data. In this paper, we revisit this problem by focusing on behavioral malware clustering approaches, and investigate whether and to what extent an attacker may be able to subvert these approaches through a careful injection of samples with poisoning behavior. To this end, we present a case study on Malheur, an open-source tool for behavioral malware clustering. Our experiments not only demonstrate that this tool is vulnerable to poisoning attacks, but also that it can be significantly compromised even if the attacker can only inject a very small percentage of attacks into the input data. As a remedy, we discuss possible countermeasures and highlight the need for more secure clustering algorithms.

Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering

Pluribus One

Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...

Pluribus One

Clustering algorithms have been increasingly adopted in security applications to spot dangerous or illicit activities. However, they have not been originally devised to deal with deliberate attack attempts that may aim to subvert the clustering process itself. Whether clustering can be safely adopted in such settings remains thus questionable. In this work we propose a general framework that allows one to identify potential attacks against clustering algorithms, and to evaluate their impact, by making specific assumptions on the adversary's goal, knowledge of the attacked system, and capabilities of manipulating the input data. We show that an attacker may significantly poison the whole clustering process by adding a relatively small percentage of attack samples to the input data, and that some attack samples may be obfuscated to be hidden within some existing clusters. We present a case study on single-linkage hierarchical clustering, and report experiments on clustering of malware samples and handwritten digits.

Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...

Pluribus One

Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...

Pluribus One

Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"

Pluribus One

Zahid Akhtar - Ph.D. Defense Slides

Pluribus One

Design of robust classifiers for adversarial environments - Systems, Man, and...

Pluribus One

Robustness of multimodal biometric verification systems under realistic spoof...

Pluribus One

Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...

Pluribus One

Understanding the risk factors of learning in adversarial environments

Pluribus One

Amilab IJCB 2011 Poster

Pluribus One

More from Pluribus One (20)

Smart Textiles - Prospettive di mercato - Davide Ariu

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...

Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...

WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019

Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...

On Security and Sparsity of Linear Classifiers for Adversarial Settings

Secure Kernel Machines against Evasion Attacks

Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...

Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering

Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...

Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...

Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...

Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"

Zahid Akhtar - Ph.D. Defense Slides

Design of robust classifiers for adversarial environments - Systems, Man, and...

Robustness of multimodal biometric verification systems under realistic spoof...

Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...

Understanding the risk factors of learning in adversarial environments

Amilab IJCB 2011 Poster

Icc2009

1. HMM-Web: a framework for the detection off attacks against Web Applications I. Corona, D. Ariu, G. Giacinto June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu Pattern Recognition and Applications Group Department of Electrical and Electronic Engineering University of Cagliari, Italy PRA Pattern Recognition and Applications Group Presenter Davide Ariu R A P

3. Motivations June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu Source: X-Force® 2008 Trend & Risk Report – January 2009

6. An usage scenario June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

10. IDS-Scheme June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

11.

12.

13.

14.

15.

16.

17. Experimental Results Effectiveness of attributes’ codification June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu The curve on the right has been obtained using the codification proposed by Kruegel et al. In “A multimodel approach to the detection of web-based attacks”, Computer Networks, 2005.

18. Experimental Result Effectiveness of the MCS Approach June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

19.

20. Questions? June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu

21. Motivations June 17, 2009 ICC 2009 - HMMWeb - Davide Ariu Source: X-Force® 2008 Trend & Risk Report – January 2009

22.

Icc2009

Recommended

Recommended

More Related Content

Similar to Icc2009

Similar to Icc2009 (20)

More from Pluribus One

More from Pluribus One (20)

Icc2009