SwePub
Sök i SwePub databas

  form:Ext_t

Träfflista för sökning "swepub ;lar1:(kau);pers:(Lindskog Stefan)"

form:Search_simp_t: swepub > swepub_uni:Kau_t > Lindskog Stefan

  • navigation:Result_t 1-10 navigation:of_t 130
hitlist:Modify_result_t
   
hitlist:Enumeration_thitlist:Reference_thitlist:Reference_picture_thitlist:Find_Mark_t
1.
  • Afzal, Zeeshan, 1991-, et al. (creator_code:aut_t)
  • Using Features of Encrypted Network Traffic to Detect Malware
  • 2021
  • record:In_t: 25th Nordic Conference on Secure IT Systems, NordSec 2020. - Cham : Springer Science and Business Media Deutschland GmbH. ; , s. 37-53
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • Encryption on the Internet is as pervasive as ever. This has protected communications and enhanced the privacy of users. Unfortunately, at the same time malware is also increasingly using encryption to hide its operation. The detection of such encrypted malware is crucial, but the traditional detection solutions assume access to payload data. To overcome this limitation, such solutions employ traffic decryption strategies that have severe drawbacks. This paper studies the usage of encryption for malicious and benign purposes using large datasets and proposes a machine learning based solution to detect malware using connection and TLS metadata without any decryption. The classification is shown to be highly accurate with high precision and recall rates by using a small number of features. Furthermore, we consider the deployment aspects of the solution and discuss different strategies to reduce the false positive rate.
  •  
2.
  • Faigl, Zoltán, et al. (creator_code:aut_t)
  • Providing Tunable Security in IEEE 802.11i Enabled Networks
  • 2006
  • swepub:Mat_report_t (swepub:level_scientificother_t)abstract
    • The basic idea of QoS is to provide mechanisms that can offer different service levels, which are expressed through well-defined parameters that are specified at run-time on the basis of need. Bit rate, throughput, delay, jitter, and packet loss rate are all examples of common QoS parameters suggested for packet networks. These parameters are all aimed to express(and guarantee) a certain service level with respect to reliability and/or performance. In this report, we investigate how security can be treated as yet another QoS parameter through the use of tunable security services. The main idea with this work is to let users specify a trade-off between security and performance through the choice of available security configuratio (s). The performance metric used is latency. The concept is illustrated using the IEEE 802.11i wireless local area networking standard.
  •  
3.
  • Larson, Ulf, 1975, et al. (creator_code:aut_t)
  • Operator-Centric and Adaptive Intrusion Detection
  • 2008
  • record:In_t: Proceedings of the Fourth International Conference on Information Assurance and Security (IAS 2008), September 8-10, 2008, Naples, Italy. - Naples, Italy : IEEE. - 9780769533247 ; , s. 161-166
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • An intrusion detection system should support the operator of the system. Thus, in addition to producing alerts, it should allow for easy insertion of new detection algorithms. It should also support dynamic selection and de-selection of detection algorithms, and it should adjust its resource consumption to the current need. Such a system would allow the operator to easily extend the system when new detection algorithms become available. It would also allow the operator to maintain a low-cost monitoring baseline and perform more extensive monitoring when it is required. In this paper we propose an architecture for intrusion detection which aims at providing the operator with this support. The architecture uses a modular design to promote a high degree of flexibility. This supports creation of an environment in which state-of-the-art intrusion detection algorithms easily can be inserted. The modular design also allows for detection algorithms to be enabled and disabled when required. Additionally, the architecture uses a sensor reconfiguration mechanism to affect the amount of data collected. When a detection algorithm is enabled or disabled, the sensor providing the input data to the algorithm is correspondingly reconfigured. This implies a minimum of excess collected data. To illustrate the feasibility of the architecture, we provide a proof - of-concept supporting monitoring of users for insider detection and webserver monitoring for intrusion attempts
  •  
4.
  • Lindskog, Stefan, et al. (creator_code:aut_t)
  • Different Aspects of Security Problems in Network Operating Systems
  • 2002
  • record:In_t: Proceedings of the Third Annual International Systems Security Engineering Association Conference (2002 ISSEA Conference), Orlando, 13-15 Mars 2002. - Orlando, FL, USA.
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • This paper presents research on computer security vulnerabilities in general-purpose network operating systems. The objective of this study is to investigate real intrusions in order to find and model the underlying generic weaknesses, i.e., weaknesses that would be applicable to many different systems. The paper is based on empirical data collected from three different systems, UNIX with NFS and NIS, Novell NetWare, and Windows NT. Five common security problems, improper input validation; improper use of cryptography; weak authentication; insecure bootstrapping; improper configuration, are identified, exemplified, and discussed from different perspectives. The work presented represents a further step towards a full understanding of the generic weaknesses that impair commercially available operating systems
  •  
5.
  • Lindskog, Stefan, et al. (creator_code:aut_t)
  • Dynamic Data Protection Services for Network Transfers: Concepts and Taxonomy
  • 2004
  • record:In_t: Proceedings of the 4th Annual Information Security South Africa Conference. - Johannesburg, South Africa.
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • Security should be thought of as a tunable system attribute that allows users to request a specific protection level as a service from the system. This approach will be suitable in future networking environments with heterogeneous devices that have varying computing resources. The approach is also appropriate for multimedia applications that require tuning of the protection level to maintain performance at levels that are acceptable to users. In this paper, we investigate data protection services for network transfers that are designed to offer variable protection levels and propose a taxonomy for such services. The taxonomy provides a unified terminology for dynamic data protection services and a framework in which they can systematically be inspected, evaluated, and compared. The taxonomy is also intended to provide a basis for the development and identification of current and future user and/or application needs. It comprises four dimensions: type of protection service, protection level, protection level specification, and adaptiveness. On the basis of the taxonomy, a survey and categorization of existing dynamic data protection services for network transfers are made
  •  
6.
  • Lindskog, Stefan (creator_code:aut_t)
  • Modeling and Tuning Security from a Quality of Service Perspective
  • 2005
  • swepub:Mat_doctoralthesis_t (swepub:level_scientificother_t)abstract
    • Security has traditionally been thought of as a system or network attribute that was the result of the joint endeavors of the designer, maintainer and user, among others. Even though security can never reach a level of 100%, the aim has been to provide as much security as possible, given the boundary conditions in question. With the advent of, e.g., many low-power computing and communication devices it has become desirable to trade security against other system parameters, such as performance and power consumption. Thus, in many situations, tunable or selectable security, rather than maximal security, is desirable. The overall focus of this thesis is therefore how security with a tunable level could be achieved and traded against other parameters. To this end, basic security primitives, such as the intrusion process, flaws, and impairments, are studied. This contributes to a deeper understanding of fundamental problems and paves the way for security modeling. This part of the work provides a great deal of experimental data that are also used for modeling purposes. Attempts to model and systemize security are made based on the knowledge thus achieved. The relation between security and dependability is touched upon, and the use of physical separation to achieve certain desirable security properties is pointed out. However, most of the modeling research is devoted to suggesting methods for achieving different security levels, i.e., tuning security, in particular for networked applications. Here, the widespread Quality of Service (QoS) concept turns out to be a proper means to embed this novel concept, and a taxonomy for tunable data protection services is suggested. Two data protection services are developed in order to test and verify the concept of tunable security. The evaluations are limited to networked applications and confidentiality through selective encryption schemes. The tests show good agreement between experimental and theoretical results.It is clear that future applications will require security that can be set to a desired level in order to optimize total system performance. This thesis shows that this is possible and gives some ideas as to how selectable security can be generally attainable.
  •  
7.
  • Lindskog, Stefan, et al. (creator_code:aut_t)
  • Using System Call Information to Reveal Hidden Attack Manifestations
  • 2010
  • record:In_t: Proceedings of the 1st International Workshop on Security and Communication Networks, IWSCN 2009. - Piscataway, NJ, USA : IEEE. - 9788299710510
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • We investigate how system call-based intrusion detectors can be made more resistant against mimicry attacks. We show that by including extra information such as system call arguments, return values, and identity of the user responsible for the calls, the attackers options of constructing successful attacks are significantly reduced, in particular with respect to the use of no-op system calls. For our investigation, we add extra information to two system call-based detection algorithms one distance-based and one sequence-based that normally operate on system call names only. We then create two mimicry attacks which avoid detection by the original detectors but are revealed when the extra information is used. Our investigation shows that by providing the extra information to the detector the attackers options of constructing successful and undetected attacks decreases drastically
  •  
8.
  • Larson, Ulf, 1975, et al. (creator_code:aut_t)
  • A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection
  • 2008
  • record:In_t: Proceedings of the Third IEEE International Conference on Availability, Reliability and Security (ARES 2008). - Barcelona, Spain : IEEE. - 9780769531021 ; , s. 624-629
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • Surprisingly few data collection mechanisms have been used for intrusion detection, and most systems rely on network and system call data as input to the detection engine. Even though the quality of log data is vital to the detection process and heavily dependent on the collection mechanism, no extensive survey or taxonomy has been conducted within the detection field. In this paper, we propose a revised taxonomy which provides a unified terminology and a framework in which data collection mechanisms can be systematically inspected, evaluated, and compared. Since the taxonomy is derived from existing mechanisms, it also provides a useful overview of different types of mechanisms. The paper also suggests areas within data collection where additional work is required.
  •  
9.
  • Larson, Ulf, 1975, et al. (creator_code:aut_t)
  • Decision Support for Intrusion Detection Data Collection
  • 2008
  • record:In_t: Proceedings of the 13th Nordic Workshop on Secure IT-systems (NordSec 2008), October 9-10, 2008, Copenhagen, Denmark. - Copenhagen, Denmark.
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • Data collection is a critical but difficult activity forintrusion detection. The amount of resources that must be monitored and the rate at which events are generated makes it impossible to use an exhaustive collection strategy. Furthermore, selection and configuration of data collection mechanisms is a tedious and elaborate task for both designers and operators. Therefore, we propose a decision support system (DSS) for selecting and configuring datacollection mechanisms. We suggest a generic system model for selecting data collection mechanisms based on the amount of excess data produced. We also provide an implementation of the system. The DSS reduces effort, time, and expertise required in the selection process, and allows both designers and operators to focus on intrusion detection rather than selection and configuration of data collection mechanisms.
  •  
10.
  • Afzal, Zeeshan, 1991-, et al. (creator_code:aut_t)
  • A Multipath TCP Proxy
  • 2015
  • swepub:Mat_conferencepaper_t (swepub:level_refereed_t)abstract
    • Multipath TCP (MPTCP) is an extension to traditionalTCP that enables a number of performance advantages,which were not offered before. While the protocol specificationis close to being finalized, there still remain some concernsregarding deployability and security. This paper describes theon going work to develop a solution that will facilitate thedeployment of MPTCP. The solution will not only allow non-MPTCP capable end-hosts to benefit from MPTCP performancegains, but also help ease the network security concerns that manymiddleboxes face due to the possibility of data stream beingfragmented across multiple subflows.
  •  
Skapa referenser, mejla, bekava och länka
  • navigation:Result_t 1-10 navigation:of_t 130
swepub:Mat_t
swepub:mat_conferencepaper_t (62)
swepub:mat_report_t (25)
swepub:mat_article_t (10)
swepub:mat_chapter_t (9)
swepub:mat_licentiatethesis_t (8)
swepub:mat_doctoralthesis_t (7)
deldatabas:search_more_t
swepub:mat_book_t (4)
swepub:mat_publicationother_t (2)
swepub:mat_collectioneditorial_t (1)
swepub:mat_proceedings_t (1)
swepub:mat_researchreview_t (1)
deldatabas:search_less_t
swepub:Level_t
swepub:level_refereed_t (99)
swepub:level_scientificother_t (25)
swepub:level_popularscientific_t (6)
swepub:Hitlist_author_t
Lindskog, Stefan, 19 ... (46)
Brunström, Anna (29)
Lundin, Reine, 1974- (19)
Afzal, Zeeshan, 1991 ... (11)
Fischer-Hübner, Simo ... (9)
deldatabas:search_more_t
Brunstrom, Anna, 196 ... (9)
Brunström, Anna, 196 ... (6)
Martucci, Leonardo, ... (6)
Jonsson, Erland, 194 ... (6)
Garcia, Johan (6)
Fazekas, Péter (5)
Winter, Philipp (5)
Martucci, Leonardo (4)
Fischer-Hübner, Simo ... (4)
Garcia, Johan, 1970- (3)
Brunstrom, Anna (3)
Axelsson, Stefan (3)
Agustí, Ramón (3)
Oliver, Miquel (3)
Pérez-Romero, Jordi (3)
Tralli, Velio (3)
Pulls, Tobias, 1985- (3)
Grinnemo, Karl-Johan ... (2)
Rajiullah, Mohammad, ... (2)
Lidén, Anders (2)
Debbah, Merouane (2)
Lindskog, Stefan, pr ... (2)
Dahlberg, Rasmus (2)
Yngström, Louise (1)
Alfredsson, Stefan, ... (1)
Andersson, Carin (1)
Olovsson, Tomas, Ass ... (1)
Gómez Barquero, Davi ... (1)
Studer Ferreira, Luc ... (1)
Fischer-Hübner, Simo ... (1)
Alfredsson, Stefan (1)
Lundin, Reine (1)
Martucci, Leonardo A ... (1)
Nilsson, Anders G. (1)
Berthold, Stefan, 19 ... (1)
Bartnes, Maria (1)
Berthold, Stefan (1)
Pulls, Tobias (1)
Fischer-Hübner, Simo ... (1)
Lindskog, Stefan, Pr ... (1)
Fritsch, Lothar, Dr. (1)
Fåk, Viiveke, profes ... (1)
Fåk, Viiveke (1)
Momen, Nurul (1)
deldatabas:search_less_t
swepub:Hitlist_uni_t
swepub_uni:cth_t (7)
swepub_uni:kth_t (1)
hitlist:Language_t
language:Eng_t (126)
language:Swe_t (2)
language:Nor_t (2)
hitlist:HSV_t
hsv:Cat_1_t (116)
hsv:Cat_2_t (15)

hitlist:Year_t

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt tools:Close_t

tools:Permalink_label_t