The intrusion detection systems focus on low-level attacks, and only generate isolated alerts. They can’t find logical relations among alerts. In addition, IDS’s accuracy is low; a lot of alerts are false alerts. So it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. To solve this problem different intrusion scenario detection met...

Disruption of a terrorist attack depends on having information facilitating the identification and location of those involved in supporting, planning, and carrying out the attack. Such information arises from myriad sources, such as human or instrument surveillance by intelligence or law enforcement agencies, a variety of documents concerning transactions, and tips from a wide range of occasion...

This work shows that weighted majority voting games occur in cryptocurrencies. In particular, two such games are highlighted. The first game, which we call the Rule Game, pertains to the scenario where the entities in the system engage in a voting procedure to accept or reject a change of rules. The second game, which we call the Attack Game, refers to the scenario where a group of entities in ...

An information–theoretic approach is proposed to watermark embedding and detection under limited detector resources. First, we consider the attack-free scenario under which asymptotically optimal decision regions in the Neyman-Pearson sense are proposed, along with the optimal embedding rule. Later, we explore the case of zero-mean i.i.d. Gaussian covertext distribution with unknown variance un...

A fundamental virtue of social media is to build virtual communities between users. As such, it is no surprise that almost all social media sites provide web interfaces for the search and/or recommendation of other users who share similar attributes, interests, etc. with results being the top-k users selected according to a ranking function. Our studies of real-world websites unveil a novel yet...

This paper considers Quality-of-Information (QoI) aware resource allocation policies for multiuser networks. QoI is a recently introduced composite metric which is impacted by a number of attributes of information communicated from the source(s) to the destination(s), and as such differs from traditional qualityof-service metrics considered to date. The focus of this work is defining the Operat...

An algorithm for fusing the alerts produced by multiple heterogeneous intrusion detection systems is presented. The algorithm runs in realtime, combining the alerts into scenarios; each is composed of a sequence of alerts produced by a single actor or organization. The software is capable of discovering scenarios even if stealthy attack methods, such as forged IP addresses or long attack latenc...

Cyber attacks, the disruption of normal functioning of computers in a network due to malicious events (threats), are becoming widespread. The role of security analysts, who are tasked with protecting networks by accurately and timely detecting cyber attacks, is becoming important. However, currently little is known on how certain cognitive and environmental factors might influence the analyst’s...

The maximum likelihood side-channel distinguisher of a template attack scenario is expanded into lower degree attacks according to the increasing powers of the signal-to-noise ratio (SNR). By exploiting this decomposition we show that it is possible to build highly multivariate attacks which remain efficient when the likelihood cannot be computed in practice due to its computational complexity....