Sarandis Mitropoulos

On Incident Handling and Response: A state-of-the-art approach

Incident Response has always been an important aspect of Information Security but it is often overlooked by security administrators. Responding to an incident is not solely a technical issue but has many management, legal, technical and social aspects that are presented in this paper. We propose a detailed management framework along with a complete structured methodology that contains best practices and recommendations for appropriately handling a security incident. We also present the state-of-the art technology in computer, network and software forensics as well as automated trace-back artifacts, schemas and protocols. Finally, we propose a generic Incident Response process within a corporate environment.

Degree-Based Clustering Algorithms for Wireless Ad Hoc Networks Under Attack

In this paper we investigate the behavior of degree-based clustering algorithms with respect to their stability and attack-resistance. Our attack scenario tries to bias the clustering head selection procedure by sending faulty degree claims. We propose a randomized variant of the highest degree algorithm which is proved, through experimental results, attack-resistant without imposing significant overhead to the clustering performance. In addition, we extend our proposal with a cooperative consistent clustering algorithm which integrates security into the clustering decision achieving attacker identification and classification.

A distributed platform for personalized advertising in digital interactive TV environments

Advertising plays an important role in modern free markets. Furthermore, advertising is moving towards the establishment of one-to-one marketing relationships. Thus, personalized advertisement is currently considered as a hot topic in product promotion as it can be proved beneficial for all the key players, such as the advertisers, the advertised companies, as well as the consumers. Interactive TV and WWW can provide the means for personalized advertising. But of course, special systems and platforms for personalization must be first developed. This paper proposes a prototype system which efficiently achieves the personalization of the advertisements in the environment of digital interactive TV. Thus, the environment for the exploitation of the proposed system are examined, the details in design and implementation are given, while extensive operation testing and evaluation are provided proving its high applicability in real business environments.

Network forensics: towards a classification of traceback mechanisms

The traceback problem is one of the hardest in information security and has always been the utmost solution to holding attackers accountable for their actions. This paper presents a brief overview of the traceback problem, while discussing the features of software, network and computer forensics. In the rest of this paper, various traceback mechanisms are examined while categorized according to their features and modes of operation. Finally, we propose a classification schema for all traceback methods in order to assess and combine their benefits so as to provide enough information for digital forensics analyses, thus getting -the right way- one step closer to the actual attacker.

AN ADVANCED WEB ATTACK DETECTION AND PREVENTION TOOL

Purpose – The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross‐platform application, namely, it is not OS‐dependent or web server dependent. It offers a flexible attacks search engine, which scans http requests and responses during a webpage serving without affecting the web server performance.Design/methodology/approach – The paper starts with a study of the most known web vulnerabilities and the way they can be exploited. Then, it focuses on those web attacks based on input validation, which are the ones the new tool detects through pattern recognition. This tool acts as a proxy server having a simple GUI for administration purposes. Patterns can be detected in both http requests and responses in an extensible and manageable way.Findings – The new tool was compared to dotDefender, a commercial web application firewall, and ModSecurity, a widely used o...

A simulation-based approach for IT and business strategy alignment and evaluation

The use of IT solutions and services has drastically changed the effectiveness of business strategies. Although IT seems to create competitive advantage, modern enterprises often fail to gain the expected business value from it. This paper aims to cope with this problem. It first discusses the two key factors in creating IT-enabled business value, the strategic alignment of business and IT strategies and the mapping and evaluation of them by using the balanced scorecard method. It then proposes a simulation-based approach for an effective formulation, alignment and evaluation of business and IT strategies in conjunction. An extended simulation model for a computer manufacturer supply chain depicts the high applicability of the proposed integrated approach.

Incident response requirements for distributed security information management systems

Purpose – Security information management systems (SIMs) have been providing a unified distributed platform for the efficient management of security information produced by corresponding mechanisms within an organization. However, these systems currently lack the capability of producing and enforcing response policies, mainly due to their limited incident response (IR) functionality. This paper explores the nature of SIMs while proposing a set of requirements that could be satisfied by SIMs for the efficient and effective handling of security incidents.Design/methodology/approach – These requirements are presented in a high‐level architectural concept and include policy visualization, system intelligence to enable automated policy management, as well as, data mining elements for inspection, evaluation and enhancements of IR policies.Findings – A primitive mechanism that could guarantee the freshness and accuracy of state information that SIMs provide in order to launch solid response alarms and actions fo...

Policy-based QoS management for SLA-driven adaptive routing

This paper proposes a policy-based quality of service (QoS) management framework for adaptive routing decisions. We present an approach considering interior gateway protocol (IGP) for path discovery mechanisms and QoS-aware policies for configuring the network elements. The integration of the aforementioned modules into this policy-based network management (PBNM) system is demonstrated by conducting experiments in a real environment, the hellenic public administration network SYZEFXIS. These experiments combine different traffic conditioning mechanisms through event detectors, consider IP service level agreement mechanisms that interoperate with the PBNM system and analyze the enforcement of IGP and QoS policies. Finally, validation and measurement tools are used to prove the efficiency of this framework. It is shown that this architecture offers significantly increased performance and learning capabilities, while the PBNM system achieves adaptive QoS routing through automated configuration considering the avoidance of suboptimal routing issues or under-performance conditions of the network entities.

SociaLib: a collaborative digital library model platform using Web 2.0

Purpose – The purpose of this paper is to present the SociaLib system, which is a collaborative digital library system. The system uses Drupal content management system to implement Web 2.0 functionalities and facilitate collaboration and cooperation between its users. It offers a variety of functions, like wikis, forums and it is also accessible from microbrowsers. Design/methodology/approach – The paper starts with a reference to collaboration in Digital Libraries and states related work. Then, it introduces the SociaLib system, including implementation and functionalities. There is also an example of how such a system can be used in a real-world situation. Ideas for future work are also included. Findings – The system was evaluated using a usability questionnaire on a subject of 50 people. The results were promising, showing user acceptance and satisfaction. Originality/value – This paper offer collaborative solutions to Digital Library users, helping them communicate and cooperate with colleagues on t...

Consistent Re-Clustering in Mobile Ad Hoc Networks

In this paper we revisit some considerations relative to the performance of re-clustering algorithms in MANET. We recommend that for a secure MANET the design of re-clustering algorithms should not only provide for clustering stability, but also for network robustness in terms of network connectivity, of message reliability, of tolerance against the attacks that target the cluster head nodes and of tolerance to random node failures due to energy drains. We also take into account the possibility of malicious users that might thwart the network protocol by advertising false topology information. We propose a distributed mechanism that for unbiased cluster head election first demands certain levels of consistency to be reached among the nodes.