Christian Payne scite author profile

With the rising popularity of so-called 'open source' software there has been increasing interest in both its various benefits and disadvantages. In particular, despite its prominent use in providing many aspects of the Internet's basic infrastructure, many still question the suitability of such software for the commerce-oriented Internet of the future. This paper evaluates the suitability of open source software with respect to one of the key attributes that tomorrow's Internet will require, namely security. It seeks to present a variety of arguments that have been made, both for and against open source security and analyses in relation to empirical evidence of system security from a previous study. The results represent preliminary quantitative evidence concerning the security issues surrounding the use and development of open source software, in particular relative to traditional proprietary software.

show abstract

A survey on forensic investigation of operating system logs

Studiawan¹,

Sohel²,

Payne³

2019

Digital Investigation

View full text Add to dashboard Cite

Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.

show abstract

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Schreuders

McGill

Payne

2013

Computers & Security

View full text Add to dashboard Cite

Under most widely-used security mechanisms the programs users run possess more authority than is strictly necessary, with each process typically capable of utilising all of the user's privileges. Consequently such security mechanisms often fail to protect against contemporary threats, such as previously unknown ('zero-day') malware and software vulnerabilities, as processes can misuse a user's privileges to behave maliciously. Application restrictions and sandboxes can mitigate threats that traditional approaches to access control fail to prevent by limiting the authority granted to each process. This developing field has become an active area of research, and a variety of solutions have been proposed. However, despite the seriousness of the problem and the security advantages these schemes provide, practical obstacles have restricted their adoption. This paper describes the motivation for application restrictions and sandboxes, presenting an indepth review of the literature covering existing systems. This is the most comprehensive review of the field to date. The paper outlines the broad categories of existing application-oriented access control schemes, such as isolation and rule-based schemes, and discusses their limitations. Adoption of these schemes has arguably been impeded by workflow, policy complexity, and usability issues. The paper concludes with a discussion on areas for future work, and points a way forward within this developing field of research with recommendations for usability and abstraction to be considered to a further extent when designing application-oriented access controls.

show abstract

Sentiment Analysis in a Forensic Timeline With Deep Learning

2020

View full text Add to dashboard Cite

A forensic investigator creates a timeline from a forensic disk image after an occurrence of a security incident. This procedure aims to acquire the time for all events identified from the investigated artifacts. An investigator usually looks for events of interest by manually searching the timeline. One of the sources from which to build a timeline is log files, and these events are often found in log messages. In this paper, we propose a sentiment analysis technique to automatically extract events of interest from log messages in the forensic timeline. We use a deep learning technique with a context and content attention model to identify aspect terms and the corresponding sentiments in the forensic timeline. Terms with negative sentiments indicate events of interest and are highlighted in the timeline. Therefore, the investigator can quickly examine the events and other activities recorded within the surrounding time frame. Experimental results on four public forensic case studies show that the proposed method achieves 98.43% and 99.64% for the F1 score and accuracy, respectively.

show abstract

Graph clustering and anomaly detection of access control log for forensic purposes

Studiawan

Payne

Sohel

2017

Digital Investigation

View full text Add to dashboard Cite

Attacks on operating system access control have become a significant and increasingly common problem. This type of security threat is recorded in a forensic artifact such as an authentication log. Forensic investigators will generally examine the log to analyze such incidents. An anomaly is highly correlated to an attacker's attempts to compromise the system. In this paper, we propose a novel method to automatically detect an anomaly in the access control log of an operating system. The logs will be first preprocessed and then clustered using an improved MajorClust algorithm to get a better cluster. This technique provides parameter-free clustering so that it automatically can produce an analysis report for the forensic investigators. The clustering results will be checked for anomalies based on a score that considers some factors such as the total members in a cluster, the frequency of the events in the log file, and the inter-arrival time of a specific activity. We also provide a graph-based visualization of logs to assist the investigators with easy analysis. Experimental results compiled on an open dataset of a Linux authentication log show that the proposed method achieved the accuracy of 83.14% in the authentication log dataset.

show abstract

Automatic log parser to support forensic analysis

Studiawan¹,

Sohel²,

Payne³

2018

View full text Add to dashboard Cite

The Role of the Development Process in Operating System Security

Payne

2000

View full text Add to dashboard Cite

Anomaly Detection in Operating System Logs with Deep Learning-Based Sentiment Analysis

Studiawan

Sohel

Payne

2021

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Christian Payne

On the security of open source software

A survey on forensic investigation of operating system logs

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Sentiment Analysis in a Forensic Timeline With Deep Learning

Graph clustering and anomaly detection of access control log for forensic purposes

Automatic log parser to support forensic analysis

The Role of the Development Process in Operating System Security

Anomaly Detection in Operating System Logs with Deep Learning-Based Sentiment Analysis

Contact Info

Product

Resources

About