Visible to the public Biblio

Filters: Keyword is false positives  [Clear All Filters]
2020-12-28
Hynek, K., Čejka, T., Žádník, M., Kubátová, H..  2020.  Evaluating Bad Hosts Using Adaptive Blacklist Filter. 2020 9th Mediterranean Conference on Embedded Computing (MECO). :1—5.

Publicly available blacklists are popular tools to capture and spread information about misbehaving entities on the Internet. In some cases, their straight-forward utilization leads to many false positives. In this work, we propose a system that combines blacklists with network flow data while introducing automated evaluation techniques to avoid reporting unreliable alerts. The core of the system is formed by an Adaptive Filter together with an Evaluator module. The assessment of the system was performed on data obtained from a national backbone network. The results show the contribution of such a system to the reduction of unreliable alerts.

2020-01-27
Syed, Shafaque Fatma, Ahmed, Aamir, D'mello, Gavin, Ansari, Zeeshan.  2019.  Removal of Web Application Vulnerabilities using Taint Analyzer and Code Corrector. 2019 International Conference on Nascent Technologies in Engineering (ICNTE). :1–7.
Security has been a challenging aspect recently in the field of Web Development. A failure to obtain security in web applications may lead to complete destruction of the web application or may cause some loss to the user or the owner. To tackle this, a huge research on how to secure a web app has been going on for quite some time, yet to achieve security in today's modern era is a very difficult and no less than a challenge for web applications. All these things lead only to a vulnerable/faulty source code, formulated in coding such as PHP. Static Source Code analysis (SCSA) tools tend to give a solution to detect vulnerabilities, but they tend to detect vulnerabilities which actually are false positives, which leads to excess code reexamination. The proposed system will tackle the current situation of SCSA. This will be achieved by two additional modules to SCSA i.e. Taint analysis with False Positive Predictor which will detect and segregate the true vulnerable code from false positives respectively. The proposed system will be used by the Web Application programmers during testing of web application.
2017-02-14
M. Grottke, A. Avritzer, D. S. Menasché, J. Alonso, L. Aguiar, S. G. Alvarez.  2015.  "WAP: Models and metrics for the assessment of critical-infrastructure-targeted malware campaigns". 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE). :330-335.

Ensuring system survivability in the wake of advanced persistent threats is a big challenge that the security community is facing to ensure critical infrastructure protection. In this paper, we define metrics and models for the assessment of coordinated massive malware campaigns targeting critical infrastructure sectors. First, we develop an analytical model that allows us to capture the effect of neighborhood on different metrics (infection probability and contagion probability). Then, we assess the impact of putting operational but possibly infected nodes into quarantine. Finally, we study the implications of scanning nodes for early detection of malware (e.g., worms), accounting for false positives and false negatives. Evaluating our methodology using a small four-node topology, we find that malware infections can be effectively contained by using quarantine and appropriate rates of scanning for soft impacts.