The Experts below are selected from a list of 219 Experts worldwide ranked by ideXlab platform
Chia-tien Dan Lo - One of the best experts on this subject based on the ideXlab platform.
-
ARC - Highly Space Efficient Counters for Perl Compatible Regular Expressions in FPGAs
Lecture Notes in Computer Science, 2008Co-Authors: Chia-tien Dan LoAbstract:Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent Sophisticated Attack signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an Attack signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious signatures are discovered, it becomes harder to map a complete set of malicious signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper.
-
ARC - Highly Space Efficient Counters for Perl Compatible Regular Expressions in FPGAs
Lecture Notes in Computer Science, 2008Co-Authors: Chia-tien Dan LoAbstract:Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent Sophisticated Attack signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an Attack signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious signatures are discovered, it becomes harder to map a complete set of malicious signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper.
Haojin Zhu - One of the best experts on this subject based on the ideXlab platform.
-
Securing smart grid: Cyber Attacks, countermeasures, and challenges
IEEE Communications Magazine, 2012Co-Authors: Xu Li, Xue Min Shen, Rongxing Lu, Xiaohui Liang, Xiaodong Lin, Haojin ZhuAbstract:Smart grid has emerged as the next-generation power grid via the convergence of power system engineering and information and communication technology. In this article, we describe smart grid goals and tactics, and present a threelayer smart grid network architecture. Following a brief discussion about major challenges in smart grid development, we elaborate on smart grid cyber security issues. We define a taxonomy of basic cyber Attacks, upon which Sophisticated Attack behaviors may be built. We then introduce fundamental security techniques, whose integration is essential for achieving full protection against existing and future Sophisticated security Attacks. By discussing some interesting open problems, we finally expect to trigger more research efforts in this emerging area.
Yong Ho Song - One of the best experts on this subject based on the ideXlab platform.
-
An adaptive approach to handle DoS Attack for web services
Lecture Notes in Computer Science, 2005Co-Authors: Yong Ho SongAbstract:Recently web services become an important business tool in e-commerce. The emergence of intelligent, Sophisticated Attack techniques makes web services more vulnerable than ever. One of the most common Attacks against web services is a denial of service Attack.
-
Adaptation Policies for Web Server Intrusion-Tolerant System
IEICE Transactions on Communications, 2005Co-Authors: Dae Sik Choi, Yong Ho SongAbstract:The emergence of intelligent and Sophisticated Attack techniques makes web services more vulnerable than ever which are becoming an important business tool in e-commerce. Many techniques have been proposed to remove the security vulnerabilities, yet have limitations. This paper proposes an adaptive mechanism for a web-server intrusion-tolerant system (WITS) to prevent unknown patterns of Attacks by adapting known Attack patterns. SYN flooding Attacks and their adaptive defense mechanisms are simulated as a case study to evaluate the performance of the proposed adaptation mechanism.
-
ISI - An adaptive approach to handle dos Attack for web services
Intelligence and Security Informatics, 2005Co-Authors: Yong Ho SongAbstract:Recently web services become an important business tool in e-commerce. The emergence of intelligent, Sophisticated Attack techniques makes web services more vulnerable than ever. One of the most common Attacks against web services is a denial of service Attack.
Young-jai Park - One of the best experts on this subject based on the ideXlab platform.
-
Attack with Hong–Ou–Mandel interferometer to quantum key distribution
Current Applied Physics, 2011Co-Authors: Chil-min Kim, Yong-wan Kim, Young-jai ParkAbstract:Abstract We suggest a Sophisticated Attack protocol, which can be applied to the two-way deterministic quantum key distribution protocol. When more than two photons are used for a qubit, Eve picks out a photon each from the forward and the backward channel and measures whether the states of the two picked-out photons are orthogonal or the same by using the fourth order quantum interference. We describe the Attack protocol, which uses an active arrangement of two Hong–Ou–Mandel interferometers combined with further quantum nondemolition measurements, beam splitters, and polarization rotator.
-
Eavesdropping Attack with a Hong-Ou-Mandel interferometer
Optics and Spectroscopy, 2007Co-Authors: Chang-su Kim, Yong-wan Kim, Inbo Kim, Young-jai ParkAbstract:We introduce a new Sophisticated Attack with a Hong-Ou-Mandel interferometer against quantum key distribution (QKD) and apply the Attack to the QKD protocol with blind polarization. We also discuss how efficient our Attack protocol is to ping-pong type protocols.
Richard A. Kemmerer - One of the best experts on this subject based on the ideXlab platform.
-
A stateful intrusion detection system for World-Wide Web servers
Proceedings - Annual Computer Security Applications Conference ACSAC, 2003Co-Authors: Giovanni Vigna, Vishal Kher, William Van B. Robertson, Richard A. KemmererAbstract:Web servers are ubiquitous, remotely accessible, and often misconfigured. In addition, custom web-based applications may introduce vulnerabilities that are overlooked even by the most security-conscious server administrators. Consequently, web servers are a popular target for hackers. To mitigate the security exposure associated with web servers, intrusion detection systems are deployed to analyze and screen incoming requests. The goal is to perform early detection of malicious activity and possibly prevent more serious damage to the protected site. Even though intrusion detection is critical for the security of web servers, the intrusion detection systems available today only perform very simple analyses and are often vulnerable to simple evasion techniques. In addition, most systems do not provide Sophisticated Attack languages that allow a system administrator to specify custom, complex Attack scenarios to be detected. This paper presents WebSTAT, an intrusion detection system that analyzes web requests looking for evidence of malicious behavior. The system is novel in several ways. First of all, it provides a Sophisticated language to describe multi-step Attacks in terms of states and transitions. In addition, the modular nature of the system supports the integrated analysis of network traffic sent to the server host, operating system-level audit data produced by the server host, and the access logs produced by the web server. By correlating different streams of events, it is possible to achieve more effective detection of web-based Attacks.
