Intelligence Techniques for e-government applications

Size: px
Start display at page:

Download "Intelligence Techniques for e-government applications"

Transcription

1 Intelligence Techniques for e-government applications HANAA. M. SAID 1, MOHAMED HAMDY 2, RANIA El GOHARY 3 and ABDEL-BADEEH M. SALEM 4 1 Faculty of Computing & Information Science Ain Shams University, Abbassia, Cairo, EGYPTE 2 Faculty of Computing & Information Science Ain Shams University, Abbassia, Cairo, EGYPTE 3 Faculty of Computing & Information Science Ain Shams University, Abbassia, Cairo, EGYPTE Abstract This paper introduces intelligence security strategy approaches. The successful implementation of the e- government depends on the viable security. E-government security is considered one of the crucial factors for achieving an advanced stage of e-government. In this research we focused on several techniques, algorithms, approaches and different areas of data mining technique models in Cyber Security from different perspectives, to establish a classification and comparison of various types of Intrusion Detection and Countermeasures in E-government of this researches, Intelligent Technique Approaches categorization that reflect the important criteria of the data mining models. It summarizes various Intelligent Data analyses and presents an Intelligent Data Analysis of Cairo Cleaning and Beautification Agency ; establishing such a classification impacts deeply guiding data mining applications towards better operations and performance. Moreover how data mining can help in detection and prevention of these attacks. Information security violations such as access control violations as well as a discussion of various threats are presented. Finally we present a comparative analysis between selected models to improve security. Keywords: E-government, Cyber Security models, Intrusion detection (ID), Penetration testing, Neural Networks, Fuzzy Logic, Genetic algorithm 1. INTRODUCTION 4 Faculty of Computing & Information Science Ain Shams University, Abbassia, Cairo, EGYPTE The field of Artificial Intelligence has found many applications in the operation of power systems. These applications range from Expert Systems to assist with network fault diagnosis and rectification to Artificial Neural Networks and Fuzzy Logic to provide models for complex non-linear control problems. Intrusion detection (ID) has become a critical Component of network administration due to the vast number of attacks persistently threaten our computers. Traditional intrusion detection systems are limited and do not provide a complete solution for the problem. Security is an important issue for the future of the cyberspace; due to access of malicious data in internet and in system security that controls real time data and leads to huge dimensional problems, so a data pre-processing is necessary. Attacks against the computer infrastructures are becoming an increasingly serious problem. Hacking is the act of breaking into another system with or without the owner s knowledge. Intruders have promoted themselves and invented innovative tools that support various types of network attacks. Hence, effective methods for intrusion detection (ID) have become an insisting need to protect our computers from intruders. In general, there are two types of Intrusion Detection Systems (IDS); misuse detection systems and anomaly detection systems [1, 2, and 3]. Over the past few years, there has been tremendous increase in the cyber threats due to penetration of new technologies within the global economy as it involves heavy usage/dependency of the Internet to carry out businesses for personal/business/governmental sectors. E-government- can be defined as the use of information and communication technologies, and particularly the internet, as a tool to achieve better government (OECD, 2003), Electronic Government constitutes the Public Administration that uses Information technology in order to convert its Internal and External relations (United Nations, 2008). Applying Data Mining (DM) techniques on network traffic data is a promising solution that helps in developing better intrusion detection systems. Data mining is defined as the identification of interesting structure in data, where structure designates Patterns, statistical or predictive models of the data, and relationships among parts of the data (Fayyad & Uthurusamy, 2002) [4,5]. We used different algorithms to extract the valuable data. Data mining is important tool to transform the data from large quantities of data through using pattern matching. Data mining has many applications in security including national security, terrorist activities and cyber security. However, the usefulness of this data is negligible if meaningful information or Knowledge cannot be extracted from it. Data mining, otherwise known as knowledge discovery, attempts to answer this need. In contrast to standard Statistical methods, data mining techniques search for interesting information without demanding a priori hypotheses. Finding links between data fields, Use regression to predict future values of data and Model Volume 4, Issue 2, March April 2015 Page 6

2 sequential patterns in the data that may indicate revealing trends (Tam and Kiang, 1992; Chu & Widjaja, 1994) [6]. Cyber security involves protecting information by preventing, detecting, and responding to attacks. Cyber security also referred to as information technology security, whose main focus is protection of computers, networks, programs and data from unauthorized access, change or destruction. The real cyberspace that is available on the internet. It is very difficult, to conduct on them the assessment of quality. That can be accepted for the extent of securing it. It can be expressed for this real cyberspace as if the series of the minor cyberspaces. The importance of inferring process of the reference measure in the form of procedural assessment is to improve the knowledge and helping in the decision making for the e- government services. A series of the standards are built on the application of data mining methods specifically represented as "Frequencies", "decision tress model", "Logistic regression", "association rules model", " Neural Networks Model", "Hierarchical Clustering" and 'Bayesian network' for making reference measurements, to measure the extent of securing the data, and the provided services. A penetration test is an in-depth information risk analysis practiced to assess the security of the systems from a hacker s perspective. Penetration Testing and Web Application testing service simulate a hacker or an attacker like environment to conduct the exercise so as to match the hacker s thought process. Penetration testing can be done by both the Internet and local area network depending on the placement and operational usage of the system such as: Web Application Penetration Test (Application discovery, Data Mining, Cryptography, Database Listener and Business Logic Testing) [13]. For the above mentioned reasons, we formed intelligent approach for securing the data that consists of penetration test that includes (DM-ID), the results of intelligent approach and penetration testing are used to find out security defects and to patch them before it will be too late. This brings testers to adopt automatic tools widely, as it is demonstrated by the continuous release of platforms finalized to automate this process, discovering gaps in compliance, finding defects now before somebody else does, verifying secure configurations, testing new technology and reporting problems to management. Collaborative processes oriented on large data sets are presented [14]. Also, we will compare the effectiveness of various types of techniques and algorithms of different technologies researches. These help in choosing between several alternatives take of decision making. This paper imparts numbers of applications for the data mining methodologies in cyber security. It have been developed and deployed to protect computer systems against network attacks, we discuss various types of variety of techniques, approaches and different areas of data mining technique models in cyber security from "different perspectives E- government", describing how data mining helps in detection and prevention of these attacks. Finally Results applied on the site of "Cairo Cleaning and Beautification Agency" governorate in Egypt it is one of the important cyberspaces in the frame of the mechanism for the e-government services, and its effect on both the citizens, the investors and on the government, this cyberspace is related with several electronic sites. Combinations of different intelligent system approaches to form hybrid intelligent systems continue to find new applications. Security must be addressed in the phase of planning and designing of E- government System, Management process is needed to assess security control, where management allows departments and agencies to maintain and measure the extent of data security depending on the mechanism of revealing the security weak points.revealing the weak points is done by using a series of standards built on the application of machine learning methods specifically Using the Neural Networks Model, and intelligent data analysis. All these techniques are useful in monitoring and measuring the extent of the secured data and the provided services. The fuzzy set theory was introduced by Zadeh [25]. Fuzzy logic is a multi-value logic which permits intermediate values to be defined between conventional ones like true/false, low/high, good/bad etc. In a classical set theory, an element may either belong to set or not. In fuzzy set theory, an element has a degree of membership. A degree of membership function can be described as an interval [0, 1]. This paper introduces Intelligent Approaches for Securing the Data, these approaches are based on intrusion detection, analysis and monitoring, in order to form penetration test that helps decision makers to take the right decision for facing the threats and control system operations. The strategies of " Frequencies", "decision tress model", "Logistic regression", "association rules model", " Neural Networks Model", "Hierarchical Clustering" and 'Bayesian network" will be utilized in forming data mining intrusion detector (DM-ID), this in turn will be used in forming penetration test that will monitor, measure and test of the audit data and events. Taking into account that, each module will work independently to detect intrusions in the network traffic data. This paper may be useful tool that enables the governorate to find the major points for managing the effective government services, type of the data to be used, type of data that has been moved in a proper way, what are the terms or the requirements that are used in the data organizing, arranging the knowledge from the view of the priority and importance performance for discovering them, compiling the processes based on the followed standards. This paper consists of 4 sections; the first section is the introduction as we are able to get huge information about the literature survey. For assessing the security of the cyberspace, the second section Comparative Intelligent Technique Approaches for E-government Security of securing the data when introducing the strategic information for the different rendered services through the Volume 4, Issue 2, March April 2015 Page 7

3 minor cyber service. Moreover the concentrates on the means of research and measurements that are used and suggested and how to use them are presented in the section 3.Also presenting the discussions about the different results, finally in section 4 we summarized and concluded the future work. 2. RELATED WORK Data mining techniques have been successfully applied to various private sector industries in marketing, financial services, and health care. Governments are using data mining for improving service delivery, analyzing scientific information, managing human resources, detecting fraud, and detecting criminal and terrorist activities. However, literature is scarce regarding the application of data mining to a project oriented environment. Generally, the purpose of this paper is to show how data mining concepts may be applied in a project oriented environment. It will examine the so called project success framework and show how data mining may be utilized at particular stages to increase the chances of delivering successful projects that will have the intended impact on the corporate business strategies of private and public sector organizations. data mining has evolved in a wide variety of directions, ranging from complexity control of algorithms to the development of applications for many domains, such as counter terrorism, medical diagnosing, marketing and so on (Antonie, Zaïane & Coman, 2001; Bach, 2003; Bank, Min Tjoa & Stolba, 2006; Bhattacharyya, 1999; Choenni, 2000; Wang & Han, 2000). The extraction of econometric models, however, has received relatively little attention in the field of data mining. An econometric model is a model that specifies the statistical relationship that is believed to hold between its variables. These models play a central role in many fields of research and become increasingly important in forecasting tools. For example, in finance, stock prices may be expressed in terms of other stock prices and macro-economic variables, such as industrial production and interest rates (Cheung & Ng, 1998; Nasseh & Strauss, 2000; Pesaran & Timmermann, 2000). Another example, within government forecasting, is the modelling of recorded crime, which may be expressed in terms of demographic and macro-economic variables, such as the number of young males and unemployment (Deadman, 2003; Greenberg, 2001; Hale & Sabbagh, 1991). Two common econometric models are the linear regression model and the cointegrated model. Cyber security is not a single problem in e-government, but rather it is a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system that consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to develop a fuzzy rule based technical indicator for cyber security with the use of an expert system which is named FRBCES (Fuzzy Rule Based Cyber Expert System). Rule based systems employ fuzzy rule to automate complex processes. Common cyber threats assumed for cyber experts are used as linguistic variables in this paper. We persistent computer security vulnerabilities may expose the government s critical infrastructure and government s network systems to cyber attack by terrorists, possibly affecting the economy or other areas of the national security at large [12]. Furnel and Warren [13] discussed the problems posed by cyber terrorists. They considered the nature of the responses necessary to protect the future security of society. By the rising threat of cyber attacks, some researchers tried to describe cyber threat and made attempts for finding a solution to their studies [14]- [17] this show in figer1. So far, many studies have been done on cyber security, but these are mostly focused on prevention of cyber intrusion, [18]-[21], effects of cyber attacks or on different machine learning applications [5],[6],[8]-[10]. Although there are some studies using fuzzy rules [22]-[24], fuzzy expert systems effectiveness are totally different analysis. In this paper, apart existing literature, a new approach has been developed to prevent cyber attacks using a fuzzy expert system. The proposed fuzzy expert system in this study gives valuable information to system administrators to improve the achievement of the cyber security. This work contributes to the system in a general manner and it can be adapted to different cyber security scenarios. Figer1: E -government application Table 1 Distribution of articles according to data mining and its applications of e-government Volume 4, Issue 2, March April 2015 Page 8

4 Volume 4, Issue 2, March April 2015 Page 9

5 Volume 4, Issue 2, March April 2015 Page 10

6 Volume 4, Issue 2, March April 2015 Page 11

7 Hong Yu et al. [17] performed comparative study on data mining for individual credit risk evaluation. The researcher found that credit risk is referred to as the risk of loss when a debtor does not fulfil his debt contract and it is of natural interest with respect to practitioners in banks as well as to organizers. Ji Dan et al. [18] performed synthesized data mining algorithm based on clustering and decision tree. At present, they have accumulated abundant agriculture information data for the vast territory and diversity of crop resources. However, we just can visit a small quantity of data for lack of useful tools. Mohamed El far et al. [19] compared between data mining algorithms: "Close+, Apriori and CHARM" and K-means classification algorithm and applying them on 3D object indexing. Three-dimensional models are more and more used in applications in which the necessity to visualize realistic objects is felt (CAD/CAO, medical simulations, games, virtual reality etc.). Wangjie Sun et al. [20] implemented an advanced design of data mining algorithms. In order to save the computer data effectively, we should not only check the integrity for the data, but also we have to check storage system to recover data in a timely manner to reduce losses to a minimum, to prevent the recover fails when the fault occurred. S.P.Latha [20] presents algorithm for efficient data mining. Over the years, a variety of algorithms for finding frequent item sets in very large transaction databases have been developed. Data mining algorithms are used extensively to analyze business, commerce, scientific, engineering, and security data and dramatically improve the effectiveness of applications in areas such as marketing, predictive modeling, life sciences, information retrieval, and engineering. In April 2007, Estonia suffered a major cyber-attack, after which Estonia contributed in securing cyber space worldwide. According to Joak AAVIKSOO, Minister of education and Research of Estonia, they analyzed weak points in their infrastructure [58]. As per their conclusions their law enforcements, border line do not hold in cyberspace [58], most of the infrastructure is not under single body and 80% of web infrastructure is in private hands [58]. In 2008, Estonia formulated a National Cyber Security Strategy. The objective of National Cyber Security Strategy is to ensure cyber security and help private sectors to develop highly secured standards [21]. In Malaysian primary schools, cyber bullying and hacking are the major occurring crimes [66]. There is an Adaptive Information Security Model that was developed to lessen the gap between what we can do and control ICT [36]. There are five critical systems that ensure the highly secured and prospered network [36]. Forty-one41 internet crimes have been analyzed [36]. The analyses show that victims were missing in these five security tests [36]. A penetration test on internet service provider was conducted in Sweden [37]. In Burma just before country s first national elections in twenty years, the internet was shutdown [31]. Offenders usually use public places to commit crimes which hides their identity and where there is no effective legislation. Internet gave birth to terrorist propaganda. Radicalization can be done using internet. MIS configuration of websites causes search engines to penetrate into website and causes illegal access to data [66]. Search engines need to obey some rules to disallow, some folders, files and images [66]. Halfond et al [23], [24] presented a technique for penetration testing, which involves static and dynamic analysis to increase the efficiency of the information gathering and response analysis phase. The author implemented static and dynamic analysis to improve penetration testing. To discover the input vector, the static analysis technique of automatic response that analyzes the dynamic analysis technique is used. The main objective of dynamic analysis is to find error while running the program. To test the effectiveness of these techniques, an experiment was conducted for static and dynamic analysis based penetration testing on nine web applications [23]. Halfond et al [24], developed Amnesia (Analysis for Monitoring and Neutralizing SQL Injection Attack). The authors proposed a model based technique that combines the static and dynamic analyses. In this paper the tool first identifies hotspot, where SQL queries are issued to database engines. Non-deterministic finite automata are used at each hot spot to develop query model (2009). Xiong et al [9], [10] presented an approach of model driven framework that integrates the software development life cycle phases with penetration testing process, so vulnerability can be easily detected and testing can be done repeatedly by the expert personnel, to test the cost effectiveness, systematic and fully integrated into systematic and fully integrated into a security oriented software development life cycle, security experts are still required to maintain knowledge. The test cases are derived from models. Stepien et al [6] presented an approach to penetration testing inherent to penetration testing of web application, the approach consists of TTCN-3 languages inherent features. Also, it derives the functional test cases and has taken an example of a malicious bank website. This paper described a message sequence diagram of a malicious bank website to show the XSS attacks. It generates the functional test cases. Pietraszek et al [26],[27] presented an approach of Taint based technique in which the authors modified PHP interpreter to track taint information at the character level, context sensitive analysis is used in this technique to reject SQL queries if an entrusted input has been used to create certain types of SQL tokens. The advantages of this approach are that they require modifications to the run time environment, which decreases the portability. Arkin, Stender and McGraw (Arkin, B. et al 2005) [28] investigated the importance of the subject from the software pen-testers perspective, concentrating on where the role of the tester lies when flaws are assessed during software development. Within the software development life cycle, Arkin et al. suggest without proper and timely Assessment, organizations...often find that their Volume 4, Issue 2, March April 2015 Page 12

8 software suffers from systemic faults both at the design and implementation levels (Arkin, B. et al, 2005). The same can be said for the network security of organization; without proper and rigorous assessment, the network design of an organization will lead to unknown flaws inherent in the network implementation. The same can be said for the network security of organization. Pierce, Jones and Warren (Pierce, J. et al, 2007) [29] in their paper provided a conceptual model and taxonomy for penetration testing and professional ethics. They described how integrity of the professional pen tester may be achieved by...avoiding conflicts of interest, the provision of false positives and false negatives and finally do the legally binding testers of their ethical obligations in [their] contract This is certainly noteworthy and should be expected of an individual working with potentially sensitive information; however, this appears more of a personal ethical code of conduct than something that can be enforced and assessed. Pierce et al (Pierce, J. et al, 2007) also discussed the provision by universities...toward offering security testing courses. McRue ( McRue, A., 2006), [30] Commented on the "first U.K. University to offer a dedicated degree course in hacking "This has certainly shown an emerging trend in the educational sector for penetration testing courses; however these tend to be degree classifications and not necessarily an industry recognized Certification standard. The literature review shows that data mining is key ingredient in the solution to information security problems. The author in [31] discusses the development of data mining and its application areas. Soft computing framework data mining is presented in paper [32] where soft computing approaches like fuzzy logic, neural network are discussed. Data mining provides a number of algorithms that can help detect and avoid security attacks [33].The author in [34] presents a survey on various data mining techniques for intrusion detection wherein the types of intrusion attacks like network and host based are also summarized. One of the intrusion detection techniques known as anomaly detection has been discussed in details [35]. Paper [36] specifies the measurement criteria for intrusion detection. Fraud detection is another area of focus as the number of online transactions is rising exponentially. Various types of frauds like computer fraud are given in [37] with the respective techniques to overcome the situation. A number of methods are proposed for privacy preserving through data mining in [38], for example K-Anonymity. In paper [39], author talks about the sensitivity of data which may risk an individual s privacy. This data can be general data, user specific or authentication data. Peter in [40] specifies aspects of cloud computing and the top cloud computing companies with their respective key features. The cloud security issues have been addressed via a trusted third party in [41]. Data mining techniques can also be used for the analysis of various firewall policy rules [42]. Security framework for mobile cloud computing is proposed in [43]. In [44], the authors have identified the following types of attacks which are major threats to cloud implementation denial of service attack, Cross virtual machine side-channel attack, malicious insiders attack, Attacks targeting shared memory, and Phishing attack. Table 1 briefs the review of variety of work done in the area of cloud computing security with the help of data mining techniques. Paper [15] details the need of mobile cloud computing. As the mobiles are getting cheaper with the availability of internet facility, a mobile can also be considered as an entity in a cloud. Malicious insiders attack, Attacks targeting shared memory, and Phishing attack. Table 1 briefs the review of variety of work done in the area cloud computing security with the help of data mining techniques. Paper [15] details the need of E-governments cloud computing. The E- governments are getting with the availability of internet facility, the E-governments can also be considered as an entity in a cloud. Currently, many data mining and knowledge discovery frameworks and data classification for everyone and different usage such as the Real-time (On line) Environment for Knowledge Analysis RTDMM [1], other Xiong Deng et al, AKDT [9], other Olivier Thonnard et al, DMCS [10], other Bhavani M.Thuraisingham, APSO [11], other Sandeep Rana et al, SCDI [12], other Chandola DI et al,itics [13]], other Kutoma Wakunuma ET AL, GPLCA [14], Other Ap Jian Zhang1 ET etc[55]. These Frameworks provide a set of methods and algorithms that help in better utilization of available data and information to users; including methods and algorithms for data analysis, cluster analysis, genetic algorithms, nearest neighbor, data visualization, regression analysis, Decision trees, Predictive analysis, text mining, cyber security, world wide web, semantic web Data mining argent, and amplification approach etc. Intrusion detection (ID) is the process of monitoring and analyzing the data and events occurring in a computer and/or network system in order to detect attacks, vulnerabilities and other security problems, Figure 2 below shows a traditional framework in government decision making, for improving the efficiency of service delivery. [15]. Figure 2: traditional framework for ID 3. Proposals From above mentioned studies and according to the several advantages of (DM approaches and "Penetration testing") for E-government intrusion detection, we suggest that a combination of both approaches can help in developing a new generation of high performance IDS. In comparison to traditional IDS (Fig.3), IDS based on DM Volume 4, Issue 2, March April 2015 Page 13

9 and "Penetration testing" is generally more precise and requires far less manual processing and input from human experts. In this paper we used the application of Minor cyber Cairo Cleaning and Beautification Agency (www.ccba.gove.eg) in Egypt. The following describes our applications of different techniques in the minor cyber space's which is the cyberspace for the authority of cleaning and beautifying Cairo, in the Arab Republic of Egypt (www.ccba.gov.eg) to Analysis the extent of the sufficiency for the suggested reasoning to measure the extent of securing data for the cyberspace. We formed "intelligent approach" for securing the data that consists of penetration test that includes ("Mining Audit Data for Automated Models for Intrusion Detection" (MADAM ID); for evaluating the security state of a system or network by simulating an attack from a malicious source. This process involves identification and exploitation of vulnerabilities in real world scenario which may exist in the systems due to improper configuration, known or unknown weaknesses in hardware or software systems, operational weaknesses or loopholes in deployed safeguards. We will use strategy of inferring and analyzing the data, searching for them in the cyberspace by one of the technology tools (data mining), through the cyberspace, enabling fighting terrorism to limit the harms in advance by making the relief arrangements from the view of comprehensive security and through the analysis of the results for the data survey as it depends on using the models of test to assess the extent of the correctness and safety of the data identifying the standards of test that can exceed the limitations of the available data, such as using the proposed model in the Figure 3" To test the extent of the data correctness for the cyberspace, and that the infrastructure of the propped model of cyberspace for "the Cairo Cleaning and Beautification Agency", a model will be built in steps represented in 2 states as follows: The first stage ("Frequencies", "Association rules", "decision trees" and "hybrid of auto regression") [20], [72], [73]. The second (" Neural Networks Model"," Hierarchical Clustering" and 'Bayesian network") to enable the decision maker to know interact with the features of the value traits. And the data extraction tools will be adapted with data mining [74], [75], and [76]. Penetration testing was among the first activities performed when security concerns were raised many years ago [3]. The basic process used in penetration testing is simple: attempt to compromise the security of the mechanism undergoing the test. In earlier years, computer networked operating systems, with their access control mechanism, were the most suitable components for penetration testing, because O.S. is the core component of the machine, so it is more exposed to security threats [3]. The earliest penetration testing processes were highly and manually intensive, while later automatic processes started to be clearly utilized for cost reduction [3].We need to determine how the attacker is most likely to go about attacking a network or an application. Locating areas of weakness in network or application defenses, determines how an attacker could exploit weaknesses, Locating resources that could be accessed, altered, or destroyed, determine whether the attack was detected, determine what the attack footprint looks like and making recommendations. Other benefits of feature selection are: improving the prediction of ID models, providing faster and costeffective ID models, providing better understanding and virtualization of the generated intrusions. Figure 3: The proposed IDS model based on DM and penetration testing Figure 3 shows the proposed "IDS "model based on "DM" and "penetration test ". The system is composed of the following units: Computer network sensors: collect audit data and network traffic events and transmit these data to ID units. DM-ID unit: contains different modules that employ various DM algorithms and techniques (e.g., Frequencies, decision tree model, logistic regression algorithms, neural networks model, Bayesian network model etc.). Each module works independently to detect intrusions in the network traffic data. Penetration test unit: deploys penetration test to detect intrusions in the network audit data. Collect detected intrusions unit: collects detected intrusions from DM and penetration testing units. Virtualization unit: help monitor and visualize the results of penetration test units. Managerial decision maker: analyzes intrusion results, evaluates system performance, takes decisions on detected intrusions, checks for negatives and positive results, controls system operation, generates a performance report and decides if any changes/updates are needed. Volume 4, Issue 2, March April 2015 Page 14

AN INTEGRATED APPROACH TOWARDS A PENETRATION TESTING FOR CYBERSPACES. Hanaa. M. Said, Mohamed Hamdy, Rania El Gohary and Abdel-Badeeh M.

AN INTEGRATED APPROACH TOWARDS A PENETRATION TESTING FOR CYBERSPACES. Hanaa. M. Said, Mohamed Hamdy, Rania El Gohary and Abdel-Badeeh M. AN INTEGRATED APPROACH TOWARDS A PENETRATION TESTING FOR CYBERSPACES Hanaa. M. Said, Mohamed Hamdy, Rania El Gohary and Abdel-Badeeh M. Salem Ain Shams University Faculty of Computing, Information Science

More information

Data Mining Solutions for the Business Environment

Data Mining Solutions for the Business Environment Database Systems Journal vol. IV, no. 4/2013 21 Data Mining Solutions for the Business Environment Ruxandra PETRE University of Economic Studies, Bucharest, Romania ruxandra_stefania.petre@yahoo.com Over

More information

Application of Data Mining Techniques in Intrusion Detection

Application of Data Mining Techniques in Intrusion Detection Application of Data Mining Techniques in Intrusion Detection LI Min An Yang Institute of Technology leiminxuan@sohu.com Abstract: The article introduced the importance of intrusion detection, as well as

More information

Res. J. Appl. Sci. Eng. Technol., 8(5): 658-663, 2014

Res. J. Appl. Sci. Eng. Technol., 8(5): 658-663, 2014 Research Journal of Applied Sciences, Engineering and Technology 8(5): 658-663, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: May 09, 2014 Accepted: June 16,

More information

Framework for Live Digital Forensics using Data Mining

Framework for Live Digital Forensics using Data Mining Framework for Live Digital Forensics using Data Mining Prof Sonal Honale #1, Jayshree Borkar *2 Computer Science and Engineering Department, Aabha Gaikwad College of Engineering, Nagpur, India Abstract

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Dynamic Data in terms of Data Mining Streams

Dynamic Data in terms of Data Mining Streams International Journal of Computer Science and Software Engineering Volume 2, Number 1 (2015), pp. 1-6 International Research Publication House http://www.irphouse.com Dynamic Data in terms of Data Mining

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

International Journal of Computer Science Trends and Technology (IJCST) Volume 2 Issue 3, May-Jun 2014

International Journal of Computer Science Trends and Technology (IJCST) Volume 2 Issue 3, May-Jun 2014 RESEARCH ARTICLE OPEN ACCESS A Survey of Data Mining: Concepts with Applications and its Future Scope Dr. Zubair Khan 1, Ashish Kumar 2, Sunny Kumar 3 M.Tech Research Scholar 2. Department of Computer

More information

Data Mining for Digital Forensics

Data Mining for Digital Forensics Digital Forensics - CS489 Sep 15, 2006 Topical Paper Mayuri Shakamuri Data Mining for Digital Forensics Introduction "Data mining is the analysis of (often large) observational data sets to find unsuspected

More information

DATA MINING TECHNIQUES AND APPLICATIONS

DATA MINING TECHNIQUES AND APPLICATIONS DATA MINING TECHNIQUES AND APPLICATIONS Mrs. Bharati M. Ramageri, Lecturer Modern Institute of Information Technology and Research, Department of Computer Application, Yamunanagar, Nigdi Pune, Maharashtra,

More information

A STUDY ON DATA MINING INVESTIGATING ITS METHODS, APPROACHES AND APPLICATIONS

A STUDY ON DATA MINING INVESTIGATING ITS METHODS, APPROACHES AND APPLICATIONS A STUDY ON DATA MINING INVESTIGATING ITS METHODS, APPROACHES AND APPLICATIONS Mrs. Jyoti Nawade 1, Dr. Balaji D 2, Mr. Pravin Nawade 3 1 Lecturer, JSPM S Bhivrabai Sawant Polytechnic, Pune (India) 2 Assistant

More information

A Proposed Data Mining Model to Enhance Counter- Criminal Systems with Application on National Security Crimes

A Proposed Data Mining Model to Enhance Counter- Criminal Systems with Application on National Security Crimes A Proposed Data Mining Model to Enhance Counter- Criminal Systems with Application on National Security Crimes Dr. Nevine Makram Labib Department of Computer and Information Systems Faculty of Management

More information

Mobile Cloud Computing In Business

Mobile Cloud Computing In Business Mobile Cloud Computing In Business Nilam S. Desai Smt. Chandaben Mohanbhai Patel Institute of Computer Applications, Charotar University of Science and Technology, Changa, Gujarat, India ABSTRACT Cloud

More information

CHAPTER 1 PROJECT OVERVIEW

CHAPTER 1 PROJECT OVERVIEW CHAPTER 1 PROJECT OVERVIEW 1.1 Introduction Database security is the degree to which all data is fully protected from tampering or unauthorized acts. Security vulnerability, security threat and security

More information

131-1. Adding New Level in KDD to Make the Web Usage Mining More Efficient. Abstract. 1. Introduction [1]. 1/10

131-1. Adding New Level in KDD to Make the Web Usage Mining More Efficient. Abstract. 1. Introduction [1]. 1/10 1/10 131-1 Adding New Level in KDD to Make the Web Usage Mining More Efficient Mohammad Ala a AL_Hamami PHD Student, Lecturer m_ah_1@yahoocom Soukaena Hassan Hashem PHD Student, Lecturer soukaena_hassan@yahoocom

More information

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY Asst.Prof. S.N.Wandre Computer Engg. Dept. SIT,Lonavala University of Pune, snw.sit@sinhgad.edu Gitanjali Dabhade Monika Ghodake Gayatri

More information

Healthcare Measurement Analysis Using Data mining Techniques

Healthcare Measurement Analysis Using Data mining Techniques www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 03 Issue 07 July, 2014 Page No. 7058-7064 Healthcare Measurement Analysis Using Data mining Techniques 1 Dr.A.Shaik

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Mobile Phone APP Software Browsing Behavior using Clustering Analysis

Mobile Phone APP Software Browsing Behavior using Clustering Analysis Proceedings of the 2014 International Conference on Industrial Engineering and Operations Management Bali, Indonesia, January 7 9, 2014 Mobile Phone APP Software Browsing Behavior using Clustering Analysis

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

DATA MINING TECHNOLOGY. Keywords: data mining, data warehouse, knowledge discovery, OLAP, OLAM.

DATA MINING TECHNOLOGY. Keywords: data mining, data warehouse, knowledge discovery, OLAP, OLAM. DATA MINING TECHNOLOGY Georgiana Marin 1 Abstract In terms of data processing, classical statistical models are restrictive; it requires hypotheses, the knowledge and experience of specialists, equations,

More information

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION 18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK

More information

A Classification of SQL Injection Attack Techniques and Countermeasures

A Classification of SQL Injection Attack Techniques and Countermeasures A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond, Jeremy Viegas & Alessandro Orso Georgia Institute of Technology This work was partially supported by DHS contract

More information

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process

More information

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS

More information

Towards applying Data Mining Techniques for Talent Mangement

Towards applying Data Mining Techniques for Talent Mangement 2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Towards applying Data Mining Techniques for Talent Mangement Hamidah Jantan 1,

More information

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME: The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations

More information

Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.

Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B. www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume1 Issue 3 Dec 2012 Page No. 151-155 Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.

More information

Effective Software Security Management

Effective Software Security Management Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1

More information

Intrusion Detection via Machine Learning for SCADA System Protection

Intrusion Detection via Machine Learning for SCADA System Protection Intrusion Detection via Machine Learning for SCADA System Protection S.L.P. Yasakethu Department of Computing, University of Surrey, Guildford, GU2 7XH, UK. s.l.yasakethu@surrey.ac.uk J. Jiang Department

More information

Introduction to Data Mining

Introduction to Data Mining Introduction to Data Mining Jay Urbain Credits: Nazli Goharian & David Grossman @ IIT Outline Introduction Data Pre-processing Data Mining Algorithms Naïve Bayes Decision Tree Neural Network Association

More information

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015 RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1 International Conference on Informatization in Education, Management and Business (IEMB 2015) Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology

More information

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518 International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 Software as a Model for Security in Cloud over Virtual Environments S.Vengadesan, B.Muthulakshmi PG Student,

More information

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance Principles of Information Security, Fourth Edition Chapter 12 Information Security Maintenance Learning Objectives Upon completion of this material, you should be able to: Discuss the need for ongoing

More information

A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS

A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS Journal homepage: www.mjret.in ISSN:2348-6953 A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS P.V.Sawant 1, M.P.Sable 2, P.V.Kore 3, S.R.Bhosale 4 Department

More information

A STUDY OF DATA MINING ACTIVITIES FOR MARKET RESEARCH

A STUDY OF DATA MINING ACTIVITIES FOR MARKET RESEARCH 205 A STUDY OF DATA MINING ACTIVITIES FOR MARKET RESEARCH ABSTRACT MR. HEMANT KUMAR*; DR. SARMISTHA SARMA** *Assistant Professor, Department of Information Technology (IT), Institute of Innovation in Technology

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Security Software Engineering: Do it the right way

Security Software Engineering: Do it the right way Proceedings of the 6th WSEAS Int. Conf. on Software Engineering, Parallel and Distributed Systems, Corfu Island, Greece, February 16-19, 2007 19 Security Software Engineering: Do it the right way Ahmad

More information

The University of Jordan

The University of Jordan The University of Jordan Master in Web Intelligence Non Thesis Department of Business Information Technology King Abdullah II School for Information Technology The University of Jordan 1 STUDY PLAN MASTER'S

More information

Chapter Managing Knowledge in the Digital Firm

Chapter Managing Knowledge in the Digital Firm Chapter Managing Knowledge in the Digital Firm Essay Questions: 1. What is knowledge management? Briefly outline the knowledge management chain. 2. Identify the three major types of knowledge management

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

Cloud Computing and Business Intelligence

Cloud Computing and Business Intelligence Database Systems Journal vol. V, no. 4/2014 49 Cloud Computing and Business Intelligence Alexandru Adrian TOLE Romanian American University, Bucharest, Romania adrian.tole@yahoo.com The complexity of data

More information

Method of Fault Detection in Cloud Computing Systems

Method of Fault Detection in Cloud Computing Systems , pp.205-212 http://dx.doi.org/10.14257/ijgdc.2014.7.3.21 Method of Fault Detection in Cloud Computing Systems Ying Jiang, Jie Huang, Jiaman Ding and Yingli Liu Yunnan Key Lab of Computer Technology Application,

More information

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor

More information

Static Data Mining Algorithm with Progressive Approach for Mining Knowledge

Static Data Mining Algorithm with Progressive Approach for Mining Knowledge Global Journal of Business Management and Information Technology. Volume 1, Number 2 (2011), pp. 85-93 Research India Publications http://www.ripublication.com Static Data Mining Algorithm with Progressive

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

Ensuring Security in Cloud with Multi-Level IDS and Log Management System Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,

More information

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity

More information

THREATS AND VULNERABILITY PREVENTIVE MECHANISM

THREATS AND VULNERABILITY PREVENTIVE MECHANISM International Journal of Science, Environment and Technology, Vol. 5, No 1, 2016, 95 101 ISSN 2278-3687 (O) 2277-663X (P) THREATS AND VULNERABILITY PREVENTIVE MECHANISM 1 A.S. Kalyana Kumar and 2 Dr. T.

More information

SURVEY OF INTRUSION DETECTION SYSTEM

SURVEY OF INTRUSION DETECTION SYSTEM SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com

More information

Data Mining System, Functionalities and Applications: A Radical Review

Data Mining System, Functionalities and Applications: A Radical Review Data Mining System, Functionalities and Applications: A Radical Review Dr. Poonam Chaudhary System Programmer, Kurukshetra University, Kurukshetra Abstract: Data Mining is the process of locating potentially

More information

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Security-as-a-Service (Sec-aaS) Framework. Service Introduction Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency

More information

A Review on Zero Day Attack Safety Using Different Scenarios

A Review on Zero Day Attack Safety Using Different Scenarios Available online www.ejaet.com European Journal of Advances in Engineering and Technology, 2015, 2(1): 30-34 Review Article ISSN: 2394-658X A Review on Zero Day Attack Safety Using Different Scenarios

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

DATA MINING TECHNIQUES SUPPORT TO KNOWLEGDE OF BUSINESS INTELLIGENT SYSTEM

DATA MINING TECHNIQUES SUPPORT TO KNOWLEGDE OF BUSINESS INTELLIGENT SYSTEM INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 DATA MINING TECHNIQUES SUPPORT TO KNOWLEGDE OF BUSINESS INTELLIGENT SYSTEM M. Mayilvaganan 1, S. Aparna 2 1 Associate

More information

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

A Proposed Architecture of Intrusion Detection Systems for Internet Banking A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com

More information

Research of Postal Data mining system based on big data

Research of Postal Data mining system based on big data 3rd International Conference on Mechatronics, Robotics and Automation (ICMRA 2015) Research of Postal Data mining system based on big data Xia Hu 1, Yanfeng Jin 1, Fan Wang 1 1 Shi Jiazhuang Post & Telecommunication

More information

Neural Networks in Data Mining

Neural Networks in Data Mining IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 03 (March. 2014), V6 PP 01-06 www.iosrjen.org Neural Networks in Data Mining Ripundeep Singh Gill, Ashima Department

More information

Applying Data Mining Techniques to Improve Information Security in the Cloud: A Single Cache System Approach.

Applying Data Mining Techniques to Improve Information Security in the Cloud: A Single Cache System Approach. TITLE PAGE Applying Data Mining Techniques to Improve Information Security in the Cloud: A Single Cache System Approach. Amany M. Al-Shawi* King Abdulaziz City for Science and Technology, P.O. Box 6086

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Comparison of K-means and Backpropagation Data Mining Algorithms

Comparison of K-means and Backpropagation Data Mining Algorithms Comparison of K-means and Backpropagation Data Mining Algorithms Nitu Mathuriya, Dr. Ashish Bansal Abstract Data mining has got more and more mature as a field of basic research in computer science and

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

A B S T R A C T. Index Terms: DoubleGuard; database server; intruder; web server I INTRODUCTION

A B S T R A C T. Index Terms: DoubleGuard; database server; intruder; web server I INTRODUCTION Intervention Detection System Using DoubleGuard Technique Web Application. Prof.P.M.Bhujbal, Prof.S.V.Gumaste, Mr.N.S.Jadhav, Mr.S.N.Dhage Department Of Computer Engineering Jaihind College Of Engineering,

More information

International Journal of Advanced Computer Technology (IJACT) ISSN:2319-7900 PRIVACY PRESERVING DATA MINING IN HEALTH CARE APPLICATIONS

International Journal of Advanced Computer Technology (IJACT) ISSN:2319-7900 PRIVACY PRESERVING DATA MINING IN HEALTH CARE APPLICATIONS PRIVACY PRESERVING DATA MINING IN HEALTH CARE APPLICATIONS First A. Dr. D. Aruna Kumari, Ph.d, ; Second B. Ch.Mounika, Student, Department Of ECM, K L University, chittiprolumounika@gmail.com; Third C.

More information

Honeypot as the Intruder Detection System

Honeypot as the Intruder Detection System Honeypot as the Intruder Detection System DAVID MALANIK, LUKAS KOURIL Department of Informatics and Artificial Intelligence Faculty of Applied Informatics, Tomas Bata University in Zlin nam. T. G. Masaryka

More information

CDM Vulnerability Management (VUL) Capability

CDM Vulnerability Management (VUL) Capability CDM Vulnerability Management (VUL) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Vulnerability Management Continuous Diagnostics and Mitigation

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Bhavik Doshi Privacy and Security Winter 2008-09 Instructor: Prof. Warren R. Carithers Due on: February 5, 2009 Table of Contents Sr. No. Topic Page No. 1. Introduction 3 2. An

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

White Paper. Information Security -- Network Assessment

White Paper. Information Security -- Network Assessment Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer

More information

A Proposed Prediction Model for Forecasting the Financial Market Value According to Diversity in Factor

A Proposed Prediction Model for Forecasting the Financial Market Value According to Diversity in Factor A Proposed Prediction Model for Forecasting the Financial Market Value According to Diversity in Factor Ms. Hiral R. Patel, Mr. Amit B. Suthar, Dr. Satyen M. Parikh Assistant Professor, DCS, Ganpat University,

More information

An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus

An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus Tadashi Ogino* Okinawa National College of Technology, Okinawa, Japan. * Corresponding author. Email: ogino@okinawa-ct.ac.jp

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks 2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh

More information

Random forest algorithm in big data environment

Random forest algorithm in big data environment Random forest algorithm in big data environment Yingchun Liu * School of Economics and Management, Beihang University, Beijing 100191, China Received 1 September 2014, www.cmnt.lv Abstract Random forest

More information

Database Marketing, Business Intelligence and Knowledge Discovery

Database Marketing, Business Intelligence and Knowledge Discovery Database Marketing, Business Intelligence and Knowledge Discovery Note: Using material from Tan / Steinbach / Kumar (2005) Introduction to Data Mining,, Addison Wesley; and Cios / Pedrycz / Swiniarski

More information

Keywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing

Keywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing Volume 5, Issue 1, January 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Survey on Load

More information

Web application security: automated scanning versus manual penetration testing.

Web application security: automated scanning versus manual penetration testing. Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents

More information

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS Sumanta Saha, Md. Safiqul Islam, Md. Sakhawat Hossen School of Information and Communication Technology The Royal Institute of Technology (KTH) Stockholm,

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

College information system research based on data mining

College information system research based on data mining 2009 International Conference on Machine Learning and Computing IPCSIT vol.3 (2011) (2011) IACSIT Press, Singapore College information system research based on data mining An-yi Lan 1, Jie Li 2 1 Hebei

More information

PENETRATION TESTING GUIDE. www.tbgsecurity.com 1

PENETRATION TESTING GUIDE. www.tbgsecurity.com 1 PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

Identification of File Integrity Requirement through Severity Analysis

Identification of File Integrity Requirement through Severity Analysis Identification of File Integrity Requirement through Severity Analysis Zul Hilmi Abdullah a, Shaharudin Ismail a, Nur Izura Udzir b a Fakulti Sains dan Teknologi, Universiti Sains Islam Malaysia, Bandar

More information

AUTO CLAIM FRAUD DETECTION USING MULTI CLASSIFIER SYSTEM

AUTO CLAIM FRAUD DETECTION USING MULTI CLASSIFIER SYSTEM AUTO CLAIM FRAUD DETECTION USING MULTI CLASSIFIER SYSTEM ABSTRACT Luis Alexandre Rodrigues and Nizam Omar Department of Electrical Engineering, Mackenzie Presbiterian University, Brazil, São Paulo 71251911@mackenzie.br,nizam.omar@mackenzie.br

More information

Feedback Ferret. Security Incident Response Plan

Feedback Ferret. Security Incident Response Plan Feedback Ferret Security Incident Response Plan Document Reference Feedback Ferret Security Incident Response Plan Version 3.0 Date Created June 2013 Effective From 20 June 2013 Issued By Feedback Ferret

More information

Trust areas: a security paradigm for the Future Internet

Trust areas: a security paradigm for the Future Internet Trust areas: a security paradigm for the Future Internet Carsten Rudolph Fraunhofer Institute for Secure Information Technology SIT Rheinstrasse 75, Darmstadt, Germany Carsten.Rudolph@sit.fraunhofer.de

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

SECURITY THREATS TO CLOUD COMPUTING

SECURITY THREATS TO CLOUD COMPUTING IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 2, Issue 3, Mar 2014, 101-106 Impact Journals SECURITY THREATS TO CLOUD

More information

HIDS and NIDS Hybrid Intrusion Detection System Model Design Zhenqi Wang 1, a, Dankai Zhang 1,b

HIDS and NIDS Hybrid Intrusion Detection System Model Design Zhenqi Wang 1, a, Dankai Zhang 1,b Advanced Engineering Forum Online: 2012-09-26 ISSN: 2234-991X, Vols. 6-7, pp 991-994 doi:10.4028/www.scientific.net/aef.6-7.991 2012 Trans Tech Publications, Switzerland HIDS and NIDS Hybrid Intrusion

More information

Business Intelligence and Decision Support Systems

Business Intelligence and Decision Support Systems Chapter 12 Business Intelligence and Decision Support Systems Information Technology For Management 7 th Edition Turban & Volonino Based on lecture slides by L. Beaubien, Providence College John Wiley

More information

Intelligent Log Analyzer. André Restivo

Intelligent Log Analyzer. André Restivo <andre.restivo@portugalmail.pt> Intelligent Log Analyzer André Restivo 9th January 2003 Abstract Server Administrators often have to analyze server logs to find if something is wrong with their machines.

More information