Udo W. Pooch

A review of web searching studies and a framework for future research

Research on Web searching is at an incipient stage. This aspect provides a unique opportunity to review the current state of research in the field, identify common trends, develop a methodological framework, and define terminology for future Web searching studies. In this article, the results from published studies of Web searching are reviewed to present the current state of research. The analysis of the limited Web searching studies available indicates that research methods and terminology are already diverging. A framework is proposed for future studies that will facilitate comparison of results. The advantages of such a framework are presented, and the implications for the design of Web information retrieval systems studies are discussed. Additionally, the searching characteristics of Web users are compared and contrasted with users of traditional information retrieval and online public access systems to discover if there is a need for more studies that focus predominantly or exclusively on Web searching. The comparison indicates that Web searching differs from searching in other environments.

Cooperating security managers: a peer-based intrusion detection system

The need for increased security measures in computer systems and networks is apparent through the frequent media accounts of computer system and network intrusions. One attempt at increasing security measures is in the area of intrusion detection packages. These packages use a variety of means to detect intrusive activities and have been applied to both individual computer systems and networks. Cooperating security managers (CSM) is one such package. Applied to a network, CSM is designed to perform intrusion detection and reporting functions in a distributed environment without requiring a designated central site or server to perform the analysis of network audit data. In addition, it is designed to handle intrusions as opposed to simply detecting and reporting on them, resulting in a comprehensive approach to individual system and network intrusions. Tests of the initial prototype have shown the cooperative methodology to perform favourably.

Using an isolated network laboratory to teach advanced networks and security

This paper discusses the use of an isolated network laboratory to teach computer security using persistent cooperative groups and an active learning approach. Computer security and computer security education are areas of increasing importance as computer systems become more interconnected. When offered, undergraduate and graduate computer security courses are routinely taught using a traditional lecture format. If the course includes a class project, the class project is limited in scope and constitutes a relatively small portion of the students grade. This paper examines a different approach in which the class project is the dominant factor in the students grade. The students work in persistent cooperative teams as either a black or gold team. Black teams attempt to break into other black team computers or attack the gold team. The gold team operates Windows NT, LINUX, and Solaris-based servers and attempts to defend their servers and role-play system administrators. The entire exercise takes place in an isolated lab so as to separate student class activities from the rest of the departmental intranet. Four years of experience running the class with this format suggests that the use of persistent cooperative groups and active learning are effective approaches for teaching network security and are preferred over a lecture-based course.

Adaptation techniques for intrusion detection and intrusion response systems

The paper examines techniques for providing adaptation in intrusion detection and intrusion response systems. As attacks on computer systems are becoming increasingly numerous and sophisticated, there is a growing need for intrusion detection and response systems to dynamically adapt to better detect and respond to attacks. The Adaptive Hierarchical Agent-based Intrusion Detection System (AHA! IDS) provides detection adaptation by adjusting the amount of system resources devoted to the task of detecting intrusive activities. This is accomplished by dynamically invoking new combinations of lower level detection agents in response to changing circumstances and by adjusting the confidence associated with these lower-level agents. The Adaptive Agent-based Intrusion Response System (AAIRS) provides response adaptation by weighting those responses that have been successful in the past over those techniques that have not been as successful. As a result, the more successful responses are used more often than the less successful techniques. It also adapts responses based on the systems belief that intrusion detection reports are valid. Intuitively, adaptive detection and response systems will provide more robust protection than static, non-adaptive systems.

Alert aggregation in mobile ad hoc networks

In Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs), IDS agents using local detection engines alone may lead to undesirable performance due to the dynamic feature of MANETs. In this paper, we present a nonoverlapping Zone-based Intrusion Detection System (ZBIDS) for MANETs. Focusing on the protection of MANET routing protocols, we propose the collaboration mechanism of ZBIDS agents and an aggregation algorithm used by ZBIDS gateway nodes. The aggregation algorithm mainly utilizes the probability distribution of the

Translation of Decision Tables

Source

A Survey of Indexing Techniques for Sparse Matrices

attribute in order to make the final decisions to generate alarms. We demonstrate that, by integrating the security related information from a wider area, the aggregation algorithm can reduce the false alarm ratio and improve the detection ratio. Also, the gateway nodes in ZBIDS can provide more diagnostic information by presenting a global view of attacks. We also present an alert data model conformed to Intrusion Detection Message Exchange Format (IDMEF) to facilitate the interoperability of IDS agents. Based on the routing disruption attack aimed at the Dynamic Source Routing protocol (DSR), we study the performance of ZBIDS at different mobility levels. Simulation results show that our system can achieve lower false positive ratio and higher detection ratio, compared to systems with local detection only.

Routing anomaly detection in mobile ad hoc networks

Decomposition and conversion algorithms for translating decision tables are surveyed and contrasted under two broad categories: the mask rule technique and the network technique. Also, decision table structure is briefly covered, including checks for redundancy, contradiction, and completeness; decision table notation and terminology; and decision table types and apphcations. Extensive hterature citations are provided.

Allocate fair payoff for cooperation in wireless ad hoc networks using Shapley Value

Indexing schemes of main interest are the bit map, address map, row-column, and the threaded list Major variations of the indexing techniques above mentioned are noted, as well as the particular indexing scheme inherent in diagonal or band matrices. The concluding section of the paper compares the types of methods, discusses their suitabihty for different types of processing, and makes suggestions eoneernlng the adaptability and flexibility of the maj or exmting methods of indexing algorithms for application to user problems

A Unix network protocol security study: network information service

Intrusion detection systems (IDSs) for mobile ad hoc networks (MANETs) are necessary when we deploy MANETs in reality. In this paper, focusing on the protection of MANET routing protocols, we present a new intrusion detection agent model and utilize a Markov chain based anomaly detection algorithm to construct the local detection engine. The details of feature selection, data collection, data preprocess, Markov chain construction, classifier construction and parameter tuning are provided. Based on the routing disruption attack aimed at the dynamic source routing protocol (DSR), we study the performance of the algorithm at different mobility levels. Simulation results show that our algorithm can achieve low false positive ratio, high detection ratio, and small MTFA (mean time to the first alarm), especially when the mobility is low. Detailed analysis of simulation results is also presented.