Adam Kozakiewicz

Analysis of the Similarities in Malicious DNS Domain Names

This paper presents results of studies on similarities in the construction of malicious DNS domain names. Based on sets of malicious domain names (or URLs, where only mnemonic host names are taken into account) a prototype tool searches for formulated similarities in the construction of malicious domains. A key research task was to find features of similarity which could be useful in the detection of malicious behavior. Research results can be used as an additional characteristic of existing heuristic methods for determining the malicious character of domains or websites. They could also be used as a hint for specialists to take a closer look at domains which are similar to other malicious domains.

Time Validity in Role-Based Trust Management Inference System

The topic of this paper is RT T , a language from the family of Role-based Trust management (RT) languages, which is used for representing security policies and credentials in distributed large scale access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. RT languages combine trust management and Role Based Access Control features. RT T provides manifold roles to express threshold and separation of duties policies. A manifold role defines sets of entities whose cooperation satisfies the manifold role. The goal of this paper is introduction of time validity constraints to show how that can make RT T language more realistic. The core part of the paper describes a sound and complete inference system, in which credentials can be derived from an initial set of credentials using a set of inference rules.

Secure Workstation for Special Applications

The paper presents the recently started project which aims to develop a secure environment for processing of restricted information. The solution being developed by the consortium employs virtualization to allow data from different security domains to be processed on the same physical machine. The system can host Windows and Linux systems as secured guest operating systems. The proposed implementation offers advanced user authentication techniques and cryptographic protection. The project is expected to reach technology demonstrator phase in late 2012.

More practical application of Trust management credentials

Trust management is an approach to access control in distributed open systems, where access control decisions are based on policy statements made by multiple principals. The family of Role-based Trust management languages (RT) is an effective means for representing security policies and credentials in decentralized, distributed, large scale access control systems. It provides a set of role assignment credentials. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main purpose of this paper is to show how extensions can make the RT family languages more useful in practice. It shows how security policies can be made more realistic by including timing information, maintaining the procedure or parameterizing the validity of credentials.

FP-tree and SVM for Malicious Web Campaign Detection

The classification of the massive amount of malicious software variants into families is a challenging problem faced by the network community. In this paper (The work was supported by the EU FP7 grant No. 608533 (NECOMA) and “Information technologies: Research and their interdisciplinary applications”, POKL.04.01.01-00-051/10-00.) we introduce a hybrid technique combining a frequent pattern mining and a classification technique to detect malicious campaigns. A novel approach to prepare malicious datasets containing URLs for training the supervised learning classification method is provided. We have investigated the performance of our system employing frequent pattern tree and Support Vector Machine on the real database consisting of malicious data taken from numerous devices located in many organizations and serviced by CERT Polska. The results of extensive experiments show the effectiveness and efficiency of our approach in detecting malicious web campaigns.

Network traffic routing using effective bandwidth theory

Optimal routing in a packet network is a difficult task—the amount of connections makes per-connection routing impractical and even using aggregated connections global optimisation in the network is infeasible. The currently used algorithms are therefore suboptimal heuristics, using shortest path computation instead of e.g. throughput optimisation. The quality of obtained results depends on the selected link weights, but optimisation of those is again a difficult mixed integer-programming problem. In this paper we discuss some proposed heuristics using the results of large deviation analysis (effective bandwidths) for throughput optimisation. The more advanced approach to traffic modelling uses more of the available information and potentially allows for finding better solutions. The presented algorithms are tested through simulation and discussion of the results is included. Copyright

Botnet Fingerprinting: Anomaly Detection in SMTP Conversations

This article presents the results obtained during research on detection of unsolicited emails sent by botnets. The distinction from most existing solutions is that the presented approach is based on the analysis of network traffic, specifically the sequence and syntax of SMTP commands observed during email delivery. The authors present several improvements for detecting unsolicited email sources from different botnets (fingerprinting) that can be used during network forensic investigation.

Mobile platform for threat monitoring in Wireless Sensor Networks

The article touches aspects of security in Wireless Sensor Networks. It begins with a review and classification of existing types of threats and protection methods. The main part of the paper presents the results obtained during development of a threat detection system for WSN network. The described approach is based on a mobile platform which allows separation of security mechanisms and the software controlling the nodes of the protected network. The article describes the architecture of the system, chosen detection methods and details of the prototype implementation.

Secure DRM mechanism for offline applications

The paper discusses how digital rights management (DRM) approach can be adapted to work in local or offline mode, without access to global central servers. The focus of this adaptation is not on protection of copyright in a commercial content setting but on restricting access to non-public documents to legitimate users. Therefore we work under assumption that protection against illegal copying is out of scope - any copy of the content is legitimate and can be accessed as long as the user identity and access rights can be properly verified.

Cross-layer analysis of malware datasets for malicious campaigns identification

In this paper, we investigate the problem of detecting correlations among datasets containing malicious data concerned with various types of network attacks and related events of the infections taken from a numerous sources and organizations. We propose a graph based technique to depict relationships between malicious data based on values of attributes related both to attackers and victims, and referred to different layers of the OSI model. The presented model can be used to fast, automatic identification of malware campaigns. The case study described in the paper demonstrates the performance of our method.