Internet security

About: Internet security is a research topic. Over the lifetime, 5375 publications have been published within this topic receiving 112993 citations. The topic is also known as: operation security.

Lightweight DDoS flooding attack detection using NOX/OpenFlow

Abstract: Distributed denial-of-service (DDoS) attacks became one of the main Internet security problems over the last decade, threatening public web servers in particular. Although the DDoS mechanism is widely understood, its detection is a very hard task because of the similarities between normal traffic and useless packets, sent by compromised hosts to their victims. This work presents a lightweight method for DDoS attack detection based on traffic flow features, in which the extraction of such information is made with a very low overhead compared to traditional approaches. This is possible due to the use of the NOX platform which provides a programmatic interface to facilitate the handling of switch information. Other major contributions include the high rate of detection and very low rate of false alarms obtained by flow analysis using Self Organizing Maps.

Multilayer firewall system

Abstract: A system provides for establishing security in a network (10) that includes nodes having security functions operating in multiple protocol layers. Multiple network devices, such as remote access equipment (13), routers (14), switches (12), repeaters (16) and network cards (15) having security functions are configured to contribute to implementation of distributed firewall functions in the network. By distributing firewall functionality throughout many layers of the network in a variety of network devices, a pervasive firewall is implemented. The pervasive, multilayer firewall includes a policy definition component (11) that accepts policy data that define how the firewall should behave. The multilayer firewall also includes a collection of network devices that are used to enforce the defined policy. The security functions operating in this collection of network devices across multiple protocol layers are coordinated by the policy definition component so that particular devices enforce that part of the policy pertinent to their part of the network.

The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers

Abstract: Assessing the value of information technology (IT) security is challenging because of the difficulty of measuring the cost of security breaches. An event-study analysis, using market valuations, was used to assess the impact of security breaches on the market value of breached firms. The information-transfer effect of security breaches (i.e., their effect on the market value of firms that develop security technology) was also studied. The results show that announcing an Internet security breach is negatively associated with the market value of the announcing firm. The breached firms in the sample lost, on average, 2.1 percent of their market value within two days of the announcement--an average loss in market capitalization of $1.65 billion per breach. Firm type, firm size, and the year the breach occurred help explain the cross-sectional variations in abnormal returns produced by security breaches. The effects of security breaches are not restricted to the breached firms. The market value of security developers is positively associated with the disclosure of security breaches by other firms. The security developers in the sample realized an average abnormal return of 1.36 percent during the two-day period after the announcement--an average gain of $1.06 billion in two days. The study suggests that the cost of poor security is very high for investors. rity, information technology security management, Internet security, security breach an-

Security Patterns: Integrating Security and Systems Engineering

Abstract: Chapter 1: The Pattern Approach. Patterns at a Glance. No Pattern is an Island. Patterns Everywhere. Humans are the Target. Patterns Resolve Problems and Shape Environments. Towards Pattern Languages. Documenting Patterns. A Brief Note on The History of Patterns. The Pattern Community and its Culture. Chapter 2: Security Foundations. Overview. Security Taxonomy. General Security Resources. Chapter 3: Security Patterns. The History of Security Patterns. Characteristics of Security Patterns. Why Security Patterns? Sources for Security Pattern Mining. Chapter 4: Patterns Scope and Enterprise Security. The Scope of Patterns in the Book. Organization Factors. Resulting Organization. Mapping to the Taxonomy. Organization in the Context of an Enterprise Framework. Chapter 5: The Security Pattern Landscape. Enterprise Security and Risk Management Patterns. Identification & Authentication (I&A) Patterns. Access Control Model Patterns. System Access Control Architecture Patterns. Operating System Access Control Patterns. Accounting Patterns. Firewall Architecture Patterns. Secure Internet Applications Patterns. Cryptographic Key Management Patterns. Related Security Pattern Repositories Patterns. Chapter 6: Enterprise Security and Risk Management. Security Needs Identification for Enterprise Assets. Asset Valuation. Threat Assessment. Vulnerability Assessment. Risk Determination. Enterprise Security Approaches. Enterprise Security Services. Enterprise Partner Communication. Chapter 7: Identification and Authentication (I&A). I&A Requirements. Automated I&A Design Alternatives. Password Design and Use. Biometrics Design Alternatives. Chapter 8: Access Control Models. Authorization. Role-Based Access Control. Multilevel Security. Reference Monitor. Role Rights Definition. Chapter 9: System Access Control Architecture. Access Control Requirements. Single Access Point. Check Point. Security Session. Full Access with Errors. Limited Access. Chapter 10: Operating System Access Control. Authenticator. Controlled Process Creator. Controlled Object Factory. Controlled Object Monitor. Controlled Virtual Address Space. Execution Domain. Controlled Execution Environment. File Authorization. Chapter 11: Accounting. Security Accounting Requirements. Audit Requirements. Audit Trails and Logging Requirements. Intrusion Detection Requirements. Non-Repudiation Requirements. Chapter 12: Firewall Architectures. Packet Filter Firewall. Proxy-Based Firewall. Stateful Firewall. Chapter 13: Secure Internet Applications. Information Obscurity. Secure Channels. Known Partners. Demilitarized Zone. Protection Reverse Proxy. Integration Reverse Proxy. Front Door. Chapter 14: Case Study: IP Telephony. IP Telephony at a Glance. The Fundamentals of IP Telephony. Vulnerabilities of IP Telephony Components. IP Telephony Use Cases. Securing IP telephony with patterns. Applying Individual Security Patterns. Conclusion. Chapter 15: Supplementary Concepts. Security Principles and Security Patterns. Enhancing Security Patterns with Misuse Cases. Chapter 16: Closing Remarks. References. Index.

A Survey on the Internet of Things Security

Abstract: The security issues of the Internet of Things (IoT) are directly related to the wide application of its system. Beginning with introducing the architecture and features of IoT security, this paper expounds several security issues of IoT that exist in the three-layer system structure, and comes up with solutions to the issues above coupled with key technologies involved. Among these safety measures concerned, the ones about perception layer are particularly elaborated, including key management and algorithm, security routing protocol, data fusion technology, as well as authentication and access control, etc.