- Full text PDF available (17)
Web-based applications rely on the HTTPS protocol to guarantee privacy and security in transactions ranging from home banking, e-commerce, and e-procurement to those that deal with sensitive data such as career and identity information. Users trust this protocol to prevent unauthorized viewing of their personal, financial, and confidential information over… (More)
Attackers able to compromise the memory of a target machine can change its behavior and usually gain complete control over it. Despite the ingenious prevention and protection mechanisms that have been implemented in modern operating systems, memory corruption attacks still account for a big share of the security breaches afflicting software systems. This… (More)
Malware signature detectors use patterns of bytes, or variations of patterns of bytes, to detect malware attempting to enter a systems. This approach assumes the signatures are both or sufficient length to identify the malware, and to distinguish it from non-malware objects entering the system. We describe a technique that can increase the difficulty of… (More)
—Social networks heavily rely on the concept of reputation. Some platforms implement formalized systems to express reputation, for example as a rating, but the concept is broader and very often the reputation of a user, the perceived quality of a product, the popularity of a TV show or any other subject of published information stems from a more informal… (More)
Secure transactions over the World Wide Web are required for implementing services of economic value or dealing with sensitive data. The HTTPS protocol lets a browser verify a Web server's authenticity and establish an encrypted channel for protecting exchanged data.
Network intrusion detection is a key security issue that can be tackled by means of different approaches. This paper describes a novel methodology for network attack detection based on the use of data mining techniques to process traffic information collected by a monitoring station from a set of hosts using the Simple Network Management Protocol (SNMP).… (More)
This article describes a recent attack trend called clickjacking, which exploits hyperlinks as the attack vehicle. This article introduces the reader to the attack concept and to the possible ways to implement it, by means of some practical example. Then it discusses the detectability of such an attack and some possible countermeasures.
Malware behavior detectors observe the behavior of suspected malware by emulating its execution or executing it in a sandbox or other restrictive, instrumented environment. This assumes that the process, or process family, being monitored will exhibit the targeted behavior if it contains malware. We describe a technique for evading such detection by… (More)
In this paper, existing sophisticated techniques can provide a deep and effective analysis to discover whether files hide a computer virus or other malware. Examples of the most effective approaches are heuristic or exhaustive static code analysis and behavior alanalysis in a sandbox environment. However, given the huge number of circulating malware and the… (More)