In recent years, networks have become an increasingly valuable target of malicious attacks due to the increased amount of user data they contain. In defense, Network Intrusion Detection Systems (NIDSs) have been developed to detect and report suspicious activity (i.e. an attack). In this project, we explore unsupervised learning techniques for building NIDs, which only analyze unencrypted packe...

This paper introduces a novel method of tracking user computer behavior to create highly granular profiles of usage patterns. These profiles, then, are used to detect deviations in a users' online behavior, detecting intrusions, malicious insiders, misallocation of resources, and out-of-band business processes. Successful detection of these behaviors significantly reduces the risk of leaking se...

Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...

This paper proposes a central anti-jamming algorithm (CAJA) based on improved Q-learning to further solve the communication challenges faced by multi-user wireless networks in terms of external complex malicious interference. will also reduce dual factors restricting quality, impact inter-user interference within network, and effect system improve transmission. Firstly, base station that coordi...

In 2010, Yeh et al. proposed two robust remote user authentication schemes using smart cards; their claims were such that their schemes defended against ID-theft attacks, reply attacks, undetectable on-line password guessing attacks, off-line password guessing attacks, user impersonation attack, server counterfeit attack and man-in-the-middle attack. In this paper, we show that Yeh et al.’s sch...

Malicious intermediaries are able to detect the availability of VoIP conversation flows in a network and observe the IP addresses used by the conversation partners. However, it is insufficient to infer the calling records of a particular user in this way since the linkability between a user and a IP address is uncertain: users may regularly change or share IP addresses. Unfortunately, VoIP flow...

One of the most critical problems facing the information security community is the threat of a malicious insider abusing his computer privileges to modify, remove, or prevent access to an organization’s data. An insider is considered trusted (at least implicitly) by his organization because he is granted access to its computing environment. Whether or not that insider is in fact trustworthy is ...

Today’s operating systems struggle with vulnerabilities from careless handling of user space pointers. User/kernel pointer bugs have serious consequences for security: a malicious user could exploit a user/kernel pointer bug to gain elevated privileges, read sensitive data, or crash the system. We show how to detect user/kernel pointer bugs using type-qualifier inference, and we apply this meth...

abstract— peer-to-peer ( p2p ) systems have been the center of attention in recent years due to their advantage . since each node in such networks can act both as a service provider and as a client , they are subject to different attacks . therefore it is vital to manage confidence for these vulnerable environments in order to eliminate unsafe peers . this paper investigates the use of genetic ...

Malware laden documents are a common exploit vector, especially in targeted attacks. Most current approaches seek to detect the malicious attributes of documents whether through signature matching, dynamic analysis, or machine learning. We take a different approach: we perform transformations on documents that render exploits inoperable while maintaining the visual interpretation of the documen...