Any organisation connected to the Internet that is serious about security cannot be without an intrusion detection system (IDS) these days. Is one IDS sufficient to cover all possible vulnerabilities in a network? In a sea of security products available today, which IDS tool(s) will be sufficient for your organisation’s needs? The only way to find out is to compare various IDS tools with each o...

Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused detection technologies provide the solution to this problem with broader threat detection, fewer signatures, and day-zero detection capabilities. This paper describes the difference between exploitfocused and vulnerability-focused detection and...

Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused detection technologies provide the solution to this problem with broader threat detection, fewer signatures, and day-zero detection capabilities. This paper describes the difference between exploitfocused and vulnerability-focused detection and...

The rapid growth in their use is largely based on the premise that any operational IT system is likely to be the subject of some form of attack, or reconnaissancetype activity, during its lifetime. Certainly, in the case of Internet-facing systems, many are likely to be probed, scanned and interrogated within the first few hours of being connected to a network. It’s important, also, to consider...

A network device is considered compromised when one of its security mechanisms is defeated by an attacker. For many networks, an attacker can compromise many devices before being discovered. However, investigating devices for compromise is costly and time-consuming, making it dicult to investigate all, or even most, of a network's devices. Further, investigation can yield false-negative result...

Context. Passive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system. Objective. In this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vulnerability detection. Method. Our method u...

This paper traces the development of a Common Enumeration of Vulnerabilities and Exposures (CVE) that standardizes and lists vulnerabilities and security exposures to facilitate data sharing and comparison across computer vulnerability databases, such as those produced by security tools and academic research. The MITRE Corporation is building a syste m that can integrate and manage vulnerabilit...

Intrusion detection and vulnerability analysis play the same important roles in wireless infrastructure as in wired infrastructure. In this chapter we briefly present the methods and technologies of intrusion detection and vulnerability analysis. Then we give the security issues in various wireless networking technologies, analyze the vulnerability of the enabling technologies for the mobile co...

In [1] we presented a Vulnerability Detection System (VDS) that can detect emergent vulnerabilities in complex Cyber Physical Systems (CPSs). It used the attacker’s point of view by collecting a target system’s vulnerability information from varied sources and populating an Attack Point (AP) database. From these APs, a Hierarchical Task Network (HTN) generated the set of composite device-level ...

The automatic detection of software vulnerabilities is an important research problem. However, existing solutions to this problem rely on human experts to define features and often miss many vulnerabilities (i.e., incurring high false negative rate). In this paper, we initiate the study of using deep learning-based vulnerability detection to relieve human experts from the tedious and subjective...