Computers & Security 

About: Computers & Security is an academic journal published by Elsevier BV. The journal publishes majorly in the area(s): Computer science & Information security. It has an ISSN identifier of 0167-4048. Over the lifetime, 4221 publications have been published receiving 115239 citations. The journal is also known as: Computers and security.

Anomaly-based network intrusion detection: Techniques, systems and challenges

Abstract: The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However, despite the variety of such methods described in the literature in recent years, security tools incorporating anomaly detection functionalities are just starting to appear, and several important problems remain to be solved. This paper begins with a review of the most well-known anomaly-based intrusion detection techniques. Then, available platforms, systems under development and research projects in the area are presented. Finally, we outline the main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.

Toward developing a systematic approach to generate benchmark datasets for intrusion detection

Abstract: In network intrusion detection, anomaly-based approaches in particular suffer from accurate evaluation, comparison, and deployment which originates from the scarcity of adequate datasets. Many such datasets are internal and cannot be shared due to privacy issues, others are heavily anonymized and do not reflect current trends, or they lack certain statistical characteristics. These deficiencies are primarily the reasons why a perfect dataset is yet to exist. Thus, researchers must resort to datasets that are often suboptimal. As network behaviors and patterns change and intrusions evolve, it has very much become necessary to move away from static and one-time datasets toward more dynamically generated datasets which not only reflect the traffic compositions and intrusions of that time, but are also modifiable, extensible, and reproducible. In this paper, a systematic approach to generate the required datasets is introduced to address this need. The underlying notion is based on the concept of profiles which contain detailed descriptions of intrusions and abstract distribution models for applications, protocols, or lower level network entities. Real traces are analyzed to create profiles for agents that generate real traffic for HTTP, SMTP, SSH, IMAP, POP3, and FTP. In this regard, a set of guidelines is established to outline valid datasets, which set the basis for generating profiles. These guidelines are vital for the effectiveness of the dataset in terms of realism, evaluation capabilities, total capture, completeness, and malicious activity. The profiles are then employed in an experiment to generate the desirable dataset in a testbed environment. Various multi-stage attacks scenarios were subsequently carried out to supply the anomalous portion of the dataset. The intent for this dataset is to assist various researchers in acquiring datasets of this kind for testing, evaluation, and comparison purposes, through sharing the generated datasets and profiles.

Computer viruses

Abstract: This paper introduces ''computer viruses'' and examines their potential for causing widespread damage to computer systems. Basic theoretical results are presented, and the infeasibility of viral defense in large classes of systems is shown. Defensive schemes are presented and several experiments are described.

Privacy attitudes and privacy behaviour

Abstract: Do people really care about their privacy? Surveys show that privacy is a primary concern for citizens in the digital age. On the other hand, individuals reveal personal information for relatively small rewards, often just for drawing the attention of peers in an online social network. This inconsistency of privacy attitudes and privacy behaviour is often referred to as the "privacy paradox". In this paper, we present the results of a review of research literature on the privacy paradox. We analyse studies that provide evidence of a paradoxical dichotomy between attitudes and behaviour and studies that challenge the existence of such a phenomenon. The diverse research results are explained by the diversity in research methods, the different contexts and the different conceptualisations of the privacy paradox. We also present several interpretations of the privacy paradox, stemming from social theory, psychology, behavioural economics and, in one case, from quantum theory. We conclude that current research has improved our understanding of the privacy paradox phenomenon. It is, however, a complex phenomenon that requires extensive further research. Thus, we call for synthetic studies to be based on comprehensive theoretical models that take into account the diversity of personal information and the diversity of privacy concerns. We suggest that future studies should use evidence of actual behaviour rather than self-reported behaviour.

Analysis of end user security behaviors

Abstract: Many information security specialists believe that promoting good end user behaviors and constraining bad end user behaviors provide one important method for making information security effective within organizations. Because of the important of end user security-related behaviors, having a systematic viewpoint on the different kinds of behavior that end users enact could provide helpful benefits for managers, auditors, information technologists, and others with an interest in assessing and/or influencing end user behavior. In the present article, we describe our efforts to work with subject matter experts to develop a taxonomy of end user security-related behaviors, test the consistency of that taxonomy, and use behaviors from that taxonomy to conduct a U.S. survey of an important set of end user behaviors. We interviewed 110 individuals who possessed knowledge of end user security-related behaviors, conducted a behavior rating exercise with 49 information technology subject matter experts, and ran a U.S. survey of 1167 end users to obtain self-reports of their password-related behaviors. Results suggested that six categories of end user security-related behaviors appeared to fit well on a two-dimensional map where one dimension captured the level of technical knowledge needed to enact the behavior and another dimension captured the intentionality of the behavior (including malicious, neutral, and benevolent intentions). Our U.S. survey of non-malicious, low technical knowledge behaviors related to password creation and sharing showed that password ''hygiene'' was generally poor but varied substantially across different organization types (e.g., military organizations versus telecommunications companies). Further, we documented evidence that good password hygiene was related to training, awareness, monitoring, and motivation.