Signature-based and protocol-based intrusion detection systems (IDS) are employed as means to reveal content-based network attacks. Such systems have proven to be effective in identifying known intrusion attempts and exploits but they fail to recognize new types of attacks or carefully crafted variants of well known ones. This paper presents the design and the development of an anomaly-based IDS technique which is able to detect content-based attacks carried out over application level protocols, like HTTP and FTP. In order to identify anomalous packets, the payload is split up in chunks of equal length and the n-gram technique is used to learn which byte sequences usually appear in each chunk. The devised technique builds a different model for each pair protocol of interest, packet length and uses them to classify the incoming traffic. Models are build by means of a semi-supervised approach. Experimental results witness that the technique achieves an excellent accuracy with a very low false positive rate.
Accountability refers to the need of individuals or organizations to account for their activities, accept responsibility, and disclose results in a transparent manner. Nowadays, the pervasivity of digital systems is making increasingly critical security, reliability, and trustworthiness of such services. When a service is delivered by involving different (eventually conflicting) parties, accountability could be achieved by including in digital transactions a trusted third party (TTP). Blockchain decentralizes trust, thus avoiding to rely on a single TTP. However, to deal with accountability in concrete solutions, the issue of securely integrating digital identity and Blockchain should be solved. The paper describes the results of a three-year research project merging academic and industrial expertise, to design and implement a Blockchain-based platform for service accountability integrating eIDAS-compliant Public Digital Identity. The platform has been used in several real-life contexts made available by industrial project partners, which demonstrated the effectiveness and novelty of the solution.
Access control systems are nowadays the first line of defence of modern IT systems. However, their effectiveness is often compromised by policy miscofigurations that can be exploited by insider threats. In this paper, we present an approach based on machine learning to refine attribute-based access control policies in order to reduce the risks of users abusing their privileges. Our approach exploits behavioral patterns representing how users typically access resources to narrow the permissions granted to users when anomalous behaviors are detected. The proposed solution has been implemented and its effectiveness has been experimentally evaluated using a synthetic dataset.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.