| 1. |
- Aaro Jonsson, Catherine
(författare)
-
Long-term cognitive outcome of childhood traumatic brain injury
- 2010
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- There is limited knowledge of cognitive outcome extending beyond 5 years after childhood traumatic brain injury, CTBI. The main objectives of this thesis were to investigate cognitive outcome at 6-14 years after CTBI, and to evaluate if advancements in the neurosurgical care, starting 1992, did influence long-term outcome and early epidemiology. An additional aim was to study the relationship between early brain injury parameters and early functional outcome. Study 1 evaluated cognitive progress during 14 years after CTBI, over three neuropsychological assessments in 8 patients with serious CTBI. Study 2 used patient records to investigate early epidemiology, received rehabilitation and medical follow up in two clinical cohorts, n=82 and n=46, treated neurosurgically for CTBI before and after 1992. An exploratory cluster analysis was applied to analyse the relation between early brain injury severity parameters and early functional outcome. In Study 3, participants in the two cohorts, n=18 and n=23, treated neurosurgically for CTBI before and after 1992, were subject to an extensive neuropsychological assessment, 13 and 6 years after injury, respectively. Assessment results of the two cohorts were compared with each other and with controls. Data were analysed with multivariate analyses of variance. Results and discussion. There were significant long-term cognitive deficits of similar magnitude and character in the two cohorts with CTBI, treated before and after the advancements in neurosurgical care. At 6-14 years after injury, long-term deficits in verbal intellectual and executive functions were found, and were discussed in terms of their late maturation and a decreased executive control over verbal memory-functions after CTBI. Visuospatial functions had a slightly better long-term recovery. The amount of rehabilitation received was equally low in both cohorts. The length of time spent in intensive care and the duration of care in the respirator may have a stronger relationship to early outcome than does a single measure of level of consciousness at admission. Main conclusions are that cognitive deficits are apparent at long-term follow up, 6-13 years after neurosurgically treated CTBI, even after advancements in the neurosurgical care in Sweden. Measures of verbal IQ, verbal memory and executive functions were especially low while visuospatial intellectual functions appear to have a better long-term recovery.
|
|
| 2. |
- Almgren, Magnus, 1972, et al.
(författare)
-
A Comparison of Alternative Audit Sources for Web Server Attack Detection
- 2007
-
Ingår i: The 12th Nordic Workshop on Secure IT-systems.
-
Konferensbidrag (refereegranskat)abstract
- Most intrusion detection systems available today are usinga single audit source for detecting all attacks, eventhough attacks have distinct manifestations in differentparts of the system. In this paper we carry out a theoretical investigation of the role of the audit source for the detection capability of the intrusion detection system (IDS). Concentrating on web server attacks, we examine the attack manifestations available to intrusiondetection systems at different abstraction layers, includinga network-based IDS, an application-based IDS, andfinally a host-based IDS.Our findings include that attacks indeed have differentmanifestations depending on the audit source used. Someaudit sources may lack any manifestation for certain attacks, and, in other cases contain only events that are indirectly connected to the attack in question. This, in turn, affects the reliability of the attack detection if the intrusion detection system uses only a single audit source for collecting security-relevant events. Hence, we conclude that using a multisource detection model increases the probability of detecting a range of attacks directed toward the web server. We also note that this model should account for the detection quality of each attack / audit stream to be able to rank alerts.Keywords: intrusion detection, attack manifestations
|
|
| 3. |
- Almgren, Magnus, 1972, et al.
(författare)
-
A Multi-Sensor Model to Improve Automated Attack Detection
- 2008
-
Ingår i: 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Lecture Notes in Computer Science. - 9783540874027 ; 5230/2008, s. 291-310
-
Konferensbidrag (refereegranskat)abstract
- Most intrusion detection systems available today are using a single audit source for detection, even though attacks have distinct manifestations in different parts of the system. In this paper we investigate how to use the alerts from several audit sources to improve the accuracy of the intrusion detection system (IDS). Concentrating on web server attacks, we design a theoretical model to automatically reason about alerts from different sensors, thereby also giving security operators a better understanding of possible attacks against their systems. Our model takes sensor status and capability into account, and therefore enables reasoning about the absence of expected alerts. We require an explicit model for each sensor in the system, which allows us to reason about the quality of information from each particular sensor and to resolve apparent contradictions in a set of alerts.Our model, which is built using Bayesian networks, needs some initial parameter values that can be provided by the IDS operator. We apply this model in two different scenarios for web server security. The scenarios show the importance of having a model that dynamically can adapt to local transitional traffic conditions, such as encrypted requests, when using conflicting evidence from sensors to reason about attacks.
|
|
| 4. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Implications of IDS Classification on Attack Detection
- 2003
-
Ingår i: Nordic Workshop on Secure IT Systems (NordSec). - 8299398045 ; , s. 57--70-
-
Konferensbidrag (refereegranskat)abstract
- Accurate taxonomies are critical for the advancement of research fields. Taxonomies for intrusion detection systems (IDSs) are not fully agreed upon, and further lack convincing motivation of their categories. We survey and summarize previously made taxonomies for intrusion detection. Focusing on categories relevant for detection methods, we extract commonly used concepts and define three new attributes: the reference model type, the reference model generation process, and the reference model updating strategy. Using our framework, the range of previously used terms can easily be explained. We study the usefulness of these attributes with two empirical evaluations. Firstly, we use the taxonomy to create a survey of existing research IDSs, with a successful result, i.e. the IDSs are well scattered in the defined space. Secondly, we investigate whether we can reason about the detection capability based on detection method classes, as defined by our framework. We establish that different detection methods vary in their capability to detect specific attack types. The reference model type seems better suited than reference model generation process for such reasoning. However, our results are tentative and based on a relatively small number of attacks.
|
|
| 5. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Investigating the Benefits of Using Multiple Intrusion-Detection Sensors
- 2008
-
Ingår i: The 13th Nordic Workshop on Secure IT-systems. Published by the Technical University of Denmark.. - 1601-2321. ; , s. 13-26
-
Konferensbidrag (refereegranskat)abstract
- Most intrusion detection systems (IDSs) available today are using a single audit source for detection,even though attacks have distinct manifestations in different parts of the system. Previously,we have explored the benefits of combining several sensors monitoring different audit sources toimprove the detection of attacks. In this paper we go one step further and investigate possible synergeticeffects by actively sharing information between distinct intrusion detection sensors takingevents from isolated audit sources. We present four scenarios where we show how the function ofone IDS, measured as false alarm rate, performance in terms of used resources, or attack response,can be improved by having access to information collected and analyzed by another IDS. Based onthese four scenarios, we then generalize our findings and outline necessary properties of a sensorcommunication framework for multiple IDSs. Our focus is on cooperation between IDSs, but wealso touch on response techniques.
|
|
| 6. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Mapping Systems Security Research at Chalmers
- 2011
-
Ingår i: First SysSec Workshop (SysSec 2011). - 9780769545301 ; , s. 67-70
-
Konferensbidrag (refereegranskat)abstract
- The department of Computer Science and Engineering at Chalmers University has a long tradition of research in systems security, including security metrics, attack detection, and mitigation. We focus on security issues arising in four specific environments: (1) backbone links, (2) sensor networks, (3) the connected car, and (4) the smart grid. In this short summary we describe recent results as well as open research questions we are exploring.
|
|
| 7. |
|
|
| 8. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Using Active Learning in Intrusion Detection
- 2004
-
Ingår i: Computer Security Foundations Workshop. - 076952169X ; , s. 88--98-
-
Konferensbidrag (refereegranskat)abstract
- Intrusion Detection Systems (IDSs) have become an important part of operational computer security. They are the last line of defense against malicious hackers and help detect ongoing attacks as well as mitigate their damage. However, intrusion detection systems are not turnkey solutions but are heavily dependent on expensive and scarce security experts for successful operation. By emphasizing self-learning algorithms, we can reduce dependence on the domain expert but instead require massive amounts of labeled training data, another scarce resource in intrusion detection. In this paper we investigate whether an active learning algorithm can perform on a par with a traditional self-learning algorithm in terms of detection accuracy but using significantly less labeled data. Our preliminary findings indicate that the active learning algorithm generally performs better than the traditional learning algorithm given the same amount of training data. Moreover, the reduction of labeled data needed can be as much as 80 times, shown by comparing an active learner with a traditional learner with similar detection accuracy. Thus, active learning algorithms seem promising in that they can reduce the dependence on security experts in the development of new detection rules by better leveraging the knowledge and time of the expert.
|
|
| 9. |
- ANGHOLT, JONAS, et al.
(författare)
-
A First Security Analysis of a Secure Intermodal Goods Transport System
- 2013
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The goods transport business involves a lot of money and is a big part of the infrastructure of any European country. There are often many different actors involved in each transport and the communication network is rather complex due to the point-topoint communication structure. It is easy to understand why there is a high demand for increased simplicity and effectiveness. With this in mind, the e-Freight project which is based on PEPPOL has moved towards a standardized solution by developing a communication system based on access points (APs). These APs act as the interface to the system and makes it easy to establish communication between any two connected actors.With PEPPOL and e-Freight as a foundation, VOLVO leads the SITS project in close cooperation with Stena Line and DSV. The goal is to develop a harmonized communication framework that promotes increased sharing of information between actors and enable new applications to increase effectiveness and security in the chain of transportation. This leads to simplified accessibility for actors to a set of services by being connected to an AP. At the same time service providers benefit from being able to easily set up cloud services available for all actors. In addition to the back-office communication between APs, external devices such as cellphones, in-vehicle computers and check-in terminals can communicate directly with each other over short distances. This type of communication is only partially specified and a mutual standard is yet to be decided upon.In this report we have analyzed the SITS project from an IT-security perspective. The back-end system derived from e-Freight is looked into and communication links, access points, protocols, certificate handling etc., are examined. Another concern in the SITS project is the short-range communication between trucks and terminals. Since RFID is a highly potential candidate for use in this area, we have studied the technology by categorizing a typical RFID system into three distinct layers and researched important security threats with the classic CIA approach. Based on the security issues found, countermeasures such as encryption, authentication and protection against man-in-themiddle attacks are reviewed.
|
|
| 10. |
- Bos, Herbert, et al.
(författare)
-
Anticipating Security Threats to a Future Internet
- 2009
-
Ingår i: EU/FP7 FORWARD.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- One of the most critical problems on today’s Internet is the lack of security. This gives rise to aplethora of different ways in which the confidentiality, integrity, and availability of data is compromised,and it provides a fertile breeding ground for a thriving underground economy. Thus, when designing afuture Internet, it is clear that security must be a first-class design consideration.To be able to design security for a future Internet, it is first necessary to obtain a thorough understandingof the threats and adversaries that the system must defend against. As a first step toward thisunderstanding, we introduce a number of emerging security threats that need to be considered. Thesethreats were identified by the three working groups that are active in the context of the EU FP7 projectFORWARD, and they illuminate different aspects of the threat landscape.
|
|
