Search results for: returning-oriented programming attacks

Authors: Zhang Xingnan, Huang Jingjia, Feng Yue, Burra Venkata Durga Kumar

Abstract:

This paper proposes a comprehensive approach to mitigate ROP (Return-Oriented Programming) attacks by combining internal operating system protection mechanisms and hardware-assisted techniques. Through extensive literature review, we identify the effectiveness of ASLR (Address Space Layout Randomization) and LBR (Last Branch Record) in preventing ROP attacks. We present a process involving buffer overflow detection, hardware-assisted ROP attack detection, and the use of Turing detection technology to monitor control flow behavior. We envision a specialized tool that views and analyzes the last branch record, compares control flow with a baseline, and outputs differences in natural language. This tool offers a graphical interface, facilitating the prevention and detection of ROP attacks. The proposed approach and tool provide practical solutions for enhancing software security.

Keywords: operating system, ROP attacks, returning-oriented programming attacks, ASLR, LBR, CFI, DEP, code randomization, hardware-assisted CFI

Procedia PDF Downloads 54

Authors: Amin Hamrahi, Niloofar Moghaddam

Abstract:

Denial of Service is for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Denial of Service (DoS) attacks have become a major threat to current computer networks. Many recent DoS attacks were launched via a large number of distributed attacking hosts in the Internet. These attacks are called distributed denial of service (DDoS) attacks. To have a better understanding on DoS attacks, this article provides an overview on existing DoS and DDoS attacks and major defense technologies in the Internet.

Keywords: denial of service, distributed denial of service, traffic, flooding

Procedia PDF Downloads 360

Authors: Lawrence Williams

Abstract:

As the mechanism which converts domains to internet protocol (IP) addresses, Domain Name System (DNS) is an essential part of internet usage. It was not designed securely and can be subject to attacks. DNS attacks have become more frequent and sophisticated and the need for detecting and preventing them becomes more important for the modern network. DNS tunnelling attacks are one type of attack that are primarily used for distributed denial-of-service (DDoS) attacks and data exfiltration. Discussion of different techniques to detect and prevent DNS tunneling attacks is done. The methods, models, experiments, and data for each technique are discussed. A proposal about feasibility is made. Future research on these topics is proposed.

Keywords: DNS, tunneling, exfiltration, botnet

Procedia PDF Downloads 37

Authors: Haydar Teymourlouei

Abstract:

It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such technologies would help. Knowledge of how cyber-attacks operate and protective steps that can be taken to reduce chances of its occurrence are key to increasing these security measures. The purpose of this paper is to inform home users on the importance of identifying and taking preventive steps to avoid cyberattacks. Throughout this paper, many aspects of cyber-attacks will be discuss: what a cyber-attack is, the affects of cyber-attack for home users, different types of cyber-attacks, methodology to prevent such attacks; home users can take to fortify security of their computer.

Keywords: cyber-attacks, home user, prevention, security, technology

Procedia PDF Downloads 362

Authors: Ivan Stanev, Maria Koleva

Abstract:

A common platform for automated programming (CPAP) is defined in details. Two versions of CPAP are described: Cloud-based (including the set of components for classic programming, and the set of components for combined programming) and KBASE based (including the set of components for automated programming, and the set of components for ontology programming). Four KBASE products (module for automated programming of robots, intelligent product manual, intelligent document display, and intelligent form generator) are analyzed and CPAP contributions to automated programming are presented.

Keywords: automated programming, cloud computing, knowledge based software engineering, service oriented architecture

Procedia PDF Downloads 310

Authors: Matthew T. Wilson

Abstract:

This paper covers a selection of research utilizing grammar-based genetic programming, and illustrates how context-free grammar can be used to constrain genetic programming. It focuses heavily on grammatical evolution, one of the most popular variants of grammar-based genetic programming, and the way its operators and terminals are specialized and modified from those in genetic programming. A variety of implementations of grammatical evolution for general use are covered, as well as research each focused on using grammatical evolution or grammar-based genetic programming on a single application, or to solve a specific problem, including some of the classically considered genetic programming problems, such as the Santa Fe Trail.

Keywords: context-free grammar, genetic algorithms, genetic programming, grammatical evolution

Procedia PDF Downloads 153

Authors: A. Bari

Abstract:

Integer programming is a branch of mathematical programming techniques in operations research in which some or all of the variables are required to be integer valued. Various cuts have been used to solve these problems. We have also developed cuts known as NAZ cut & A-T cut to solve the integer programming problems. These cuts are used to reduce the feasible region and then reaching the optimal solution in minimum number of steps.

Keywords: Integer Programming, NAZ cut, A-T cut, Cutting plane method

Procedia PDF Downloads 335

Authors: Mustafa Ekici, Sacide Güzin Mazman

Abstract:

Programming is the one of ability in computer science fields which is generally perceived difficult by students and various individual differences have been implicated in that ability success. Although several factors that affect programming ability have been identified over the years, there is not still a full understanding of why some students learn to program easily and quickly while others find it complex and difficult. Programming self-efficacy and mathematic success are two of those essential individual differences which are handled as having important effect on the programming success. This study aimed to identify the relationship between programming performance, programming self efficacy and mathematics success. The study group is consisted of 96 undergraduates from Department of Econometrics of Uşak University. 38 (39,58%) of the participants are female while 58 (60,41%) of them are male. Study was conducted in the programming-I course during 2014-2015 fall term. Data collection tools are comprised of programming course final grades, programming self efficacy scale and a mathematics achievement test. Data was analyzed through correlation analysis. The result of study will be reported in the full text of the study.

Keywords: programming performance, self efficacy, mathematic success, computer science

Procedia PDF Downloads 472

Authors: Z. Babic, I. Veza, A. Balic, M. Crnjac

Abstract:

The linear programming model is sometimes difficult to apply in real business situations due to its assumption of proportionality. This paper shows an example of how to use De Novo programming approach instead of linear programming. In the De Novo programming, resources are not fixed like in linear programming but resource quantities depend only on available budget. Budget is a new, important element of the De Novo approach. Two different production situations are presented: increasing costs and quantity discounts of raw materials. The focus of this paper is on advantages of the De Novo approach in the optimization of production plan for production company which produces souvenirs made from famous stone from the island of Brac, one of the greatest islands from Croatia.

Keywords: business process, De Novo programming, optimizing, production

Procedia PDF Downloads 183

Authors: Sujeet Kumar Singh, Shiv Prasad Yadav

Abstract:

This paper develops an approach for solving intuitionistic fuzzy linear fractional programming (IFLFP) problem where the cost of the objective function, the resources, and the technological coefficients are triangular intuitionistic fuzzy numbers. Here, the IFLFP problem is transformed into an equivalent crisp multi-objective linear fractional programming (MOLFP) problem. By using fuzzy mathematical programming approach the transformed MOLFP problem is reduced into a single objective linear programming (LP) problem. The proposed procedure is illustrated through a numerical example.

Keywords: triangular intuitionistic fuzzy number, linear programming problem, multi objective linear programming problem, fuzzy mathematical programming, membership function

Procedia PDF Downloads 530

Authors: Bruno Vilić Belina, Jadranko Matuško

Abstract:

The rapid development of cyber-physical systems significantly influences modern control systems introducing a whole new range of applications of control systems but also putting them under new challenges to ensure their resiliency to possible cyber attacks, either in the form of data integrity attacks or deception attacks. This paper presents a model predictive approach to the control of cyber-physical systems robust to cyber attacks. We assume that a cyber attack can be modelled as an additive disturbance that acts in the measuring channel. For such a system, we designed a tube-based predictive controller based. The performance of the designed controller has been verified in Matlab/Simulink environment.

Keywords: control systems, cyber attacks, resiliency, robustness, tube based model predictive control

Procedia PDF Downloads 39

Authors: S. H. Nasseri, A. Ebrahimnejad

Abstract:

Fuzzy set theory has been applied to many fields, such as operations research, control theory, and management sciences. In this paper, we consider two classes of fuzzy linear programming (FLP) problems: Fuzzy number linear programming and linear programming with trapezoidal fuzzy variables problems. We state our recently established results and develop fuzzy primal simplex algorithms for solving these problems. Finally, we give illustrative examples.

Keywords: fuzzy linear programming, fuzzy numbers, duality, sensitivity analysis

Procedia PDF Downloads 525

Authors: Habib Gorine, Rabia Saleh

Abstract:

Mobile Ad-Hoc Networks are the special type of wireless networks which share common security requirements with other networks such as confidentiality, integrity, authentication, and availability, which need to be addressed in order to secure data transfer through the network. Their routing protocols are vulnerable to various malicious attacks which could have a devastating consequence on data security. In this paper, three types of attacks such as selfish, gray hole, and black hole attacks have been applied to the two most important routing protocols in MANET named dynamic source routing and ad-hoc on demand distance vector in order to analyse and compare the impact of these attacks on the Network performance in terms of throughput, average delay, packet loss, and consumption of energy using NS2 simulator.

Keywords: MANET, wireless networks, routing protocols, malicious attacks, wireless networks simulation

Procedia PDF Downloads 282

Authors: Urva Maryam

Abstract:

The information has become an important asset to the current cosmos. Globally, various tactics are being observed to confine the spread of information as it makes people vulnerable to security attacks. Open Source Intelligence (OSINT) is a publicly available source that has disseminated information about users or websites, companies, and various organizations. This paper focuses on the quantitative method of exploring various OSINT tools that reveal public information of personals. This information could further facilitate phishing attacks. Phishing attacks can be launched on email addresses, open ports, and unsecure web-surfing. This study allows to analyze the information retrieved from OSINT tools, i.e. theHarvester, and Maltego that can be used to send phishing attacks to individuals.

Keywords: e-mail spoofing, Maltego, OSINT, phishing, spear phishing, theHarvester

Procedia PDF Downloads 107

Authors: Urva Maryam

Abstract:

Information has become an important asset to the current cosmos. Globally, various tactics are being observed to confine the spread of information as it makes people vulnerable to security attacks. Open Source Intelligence (OSINT) is a publicly available source that has disseminated information about users or website, companies, and various organizations. This paper focuses on the quantitative method of exploring various OSINT tools that reveal public information of personals. This information could further facilitate the phishing attacks. Phishing attacks can be launched on email addresses, open ports, and unsecured web-surfing. This study allows to analyze information retrieved from OSINT tools i.e., the Harvester, and Maltego, that can be used to send phishing attacks to individuals.

Keywords: OSINT, phishing, spear phishing, email spoofing, the harvester, maltego

Procedia PDF Downloads 43

Authors: Hazem Munawer Al-Otum

Abstract:

In this work, an efficient watermarking technique is proposed and can be used for detecting intentional attacks in RGB color images. The proposed technique can be implemented for image authentication and exhibits high robustness against unintentional common image processing attacks. It deploys two measures to discern between intentional and unintentional attacks based on using a quantization-based technique in a modified 2D multi-pyramidal DWT transform. Simulations have shown high accuracy in detecting intentionally attacked regions while exhibiting high robustness under moderate to severe common image processing attacks.

Keywords: image authentication, copyright protection, semi-fragile watermarking, tamper detection

Procedia PDF Downloads 224

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 417

Authors: Mohammad Shokoohi-Yekta, Hamid Mirebrahim

Abstract:

A body of research has been devoted to investigating the preferences of computer programmers. These researches used various questionnaires to find out what programming language is most popular among programmers. The problem with such research is that the programmers are usually familiar with only a few languages; therefore, disregarding a number of other languages which might have characteristics that match their preferences more closely. To overcome such a problem, we decided to investigate the preferences of programmers in regards to the characteristics of languages, which help us to discover the languages that include the most characteristics preferred by the users. We conducted a user study to measure the preferences of programmers on different characteristics of programming languages and then tried to compare existing languages in the areas of application, Web and system programming. Overall, the results of our study indicated that the Ruby programming language has the highest preference score in the two areas of application and Web, and C++ has the highest score in the system area. The results of our study can also help programming language designers know the characteristics they should consider when developing new programming languages in order to attract more programmers.

Keywords: object orientation, programming language design, programmers' preferences, characteristic

Procedia PDF Downloads 457

Authors: Yatin Wadhawan, Clifford Neuman, Anas Al Majali

Abstract:

In this paper, we evaluate the resilience of the smart grid system in the presence of multiple cyber-physical attacks on its distinct functional components. We discuss attack-defense scenarios and their effect on smart grid resilience. Through contingency simulations in the Network and PowerWorld Simulator, we analyze multiple cyber-physical attacks that propagate from the cyber domain to power systems and discuss how such attacks destabilize the underlying power grid. The analysis of such simulations helps system administrators develop more resilient systems and improves the response of the system in the presence of cyber-physical attacks.

Keywords: smart grid, gas pipeline, cyber- physical attack, security, resilience

Procedia PDF Downloads 282

Authors: Bing Li

Abstract:

The primitive code-level design patterns (PDP) are the rudimentary programming elements to develop any distributed systems in the generic distributed programming environment, GreatFree. The PDP works with the primitive distributed application programming interfaces (PDA), the distributed modeling, and the distributed concurrency for scaling-up. They not only hide developers from underlying technical details but also support sufficient adaptability to a variety of distributed computing environments. Programming with them, the simplest distributed system, the lightweight messaging two-node client/server (TNCS) system, is constructed rapidly with straightforward and repeatable behaviors, copy-paste-replace (CPR). As any distributed systems are made up of the simplest ones, those PDAs, as well as the PDP, are generic for distributed programming.

Keywords: primitive APIs, primitive code-level design patterns, generic distributed programming, distributed systems, highly patterned development environment, messaging

Procedia PDF Downloads 148

Authors: Tun Myat Aung, Ni Ni Hla

Abstract:

This paper begins by describing basic properties of finite field and elliptic curve cryptography over prime field and binary field. Then we discuss the discrete logarithm problem for elliptic curves and its properties. We study the general common attacks on elliptic curve discrete logarithm problem such as the Baby Step, Giant Step method, Pollard’s rho method and Pohlig-Hellman method, and describe in detail experiments of these attacks over prime field and binary field. The paper finishes by describing expected running time of the attacks and suggesting strong elliptic curves that are not susceptible to these attacks.c

Keywords: discrete logarithm problem, general attacks, elliptic curve, prime field, binary field

Procedia PDF Downloads 197

Authors: Mazura Mokhtar, Adibah Shuib, Daud Mohamad

Abstract:

Portfolio optimization problem has received a lot of attention from both researchers and practitioners over the last six decades. This paper provides an overview of the current state of research in portfolio optimization with the support of mathematical programming techniques. On top of that, this paper also surveys the solution algorithms for solving portfolio optimization models classifying them according to their nature in heuristic and exact methods. To serve these purposes, 40 related articles appearing in the international journal from 2003 to 2013 have been gathered and analyzed. Based on the literature review, it has been observed that stochastic programming and goal programming constitute the highest number of mathematical programming techniques employed to tackle the portfolio optimization problem. It is hoped that the paper can meet the needs of researchers and practitioners for easy references of portfolio optimization.

Keywords: portfolio optimization, mathematical programming, multi-objective programming, solution approaches

Procedia PDF Downloads 312

Authors: Adam Gorine, Faten Spondon

Abstract:

Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the python package index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the national vulnerability database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners bandit, snyk and dlint, which provide a clear report of the code vulnerability, is also described.

Keywords: Python vulnerabilities, bandit, Snyk, Dlint, Python package index, ecosystem, static analysis, malicious attacks

Procedia PDF Downloads 96

Authors: M. Al-Jepoori, D. Bennett

Abstract:

Teaching Object-Oriented Programming (OOP) as part of a Computing-related university degree is a very difficult task; the road to ensuring that students are actually learning object oriented concepts is unclear, as students often find it difficult to understand the concept of objects and their behavior. This problem is especially obvious in advanced programming modules where Design Pattern and advanced programming features such as Multi-threading and animated GUI are introduced. Looking at the students’ performance at their final year on a university course, it was obvious that the level of students’ understanding of OOP varies to a high degree from one student to another. Students who aim at the production of Games do very well in the advanced programming module. However, the students’ assessment results of the last few years were relatively low; for example, in 2016-2017, the first quartile of marks were as low as 24.5 and the third quartile was 63.5. It is obvious that many students were not confident or competent enough in their programming skills. In this paper, the reasons behind poor performance in Advanced OOP modules are investigated, and a suggested practice for teaching OOP based on a complex case study is described and evaluated.

Keywords: complex programming case study, design pattern, learning advanced programming, object oriented programming

Procedia PDF Downloads 188

Authors: Byung-Ik Kim, Hong-Koo Kang, Tae-Jin Lee, Hae-Ryong Park

Abstract:

Cyber terrors against specific enterprises or countries have been increasing recently. Such attacks against specific targets are called advanced persistent threat (APT), and they are giving rise to serious social problems. The malicious behaviors of APT attacks mostly affect websites and penetrate enterprise networks to perform malevolent acts. Although many enterprises invest heavily in security to defend against such APT threats, they recognize the APT attacks only after the latter are already in action. This paper discusses the characteristics of APT attacks at each step as well as the strengths and weaknesses of existing malicious code detection technologies to check their suitability for detecting APT attacks. It then proposes a network-based malicious behavior detection algorithm to protect the enterprise or national networks.

Keywords: Advanced Persistent Threat (APT), malware, network security, network packet, exploit kits

Procedia PDF Downloads 335

Authors: Nadia Selene Molina-Moreno, Maria Susana Avila-Garcia, Marco Bianchetti, Marcelina Pantoja-Flores

Abstract:

Visual Programming Tools available are a great tool for introducing children to programming and to develop a skill set for algorithmic thinking. On the other hand, collaborative learning and pair programming within the context of programming activities, has demonstrated to have social and learning benefits. However, some of the online tools available for programming for children are not designed to allow simultaneous and equitable participation of the team members since they allow only for a single control point. In this paper, a report the work conducted with children playing a user role is presented. A preliminary study to cull ideas, insights, and design considerations for a formal programming course for children aged 8-10 using collaborative learning as a pedagogical approach was conducted. Three setups were provided: 1) lo-fi prototype, 2) PC, 3) a 46' multi-touch single display groupware limited by the application to a single touch entry. Children were interviewed at the end of the sessions in order to know their opinions about teamwork and the different setups defined. Results are mixed regarding the setup, but they agree to like teamwork.

Keywords: children, collaborative programming, visual programming, multi-touch tabletop, lo-fi prototype

Procedia PDF Downloads 277

Authors: Debjani Chakraborty, Abhijit Chatterjee, Aishwaryaprajna

Abstract:

Posynomials, a special type of polynomials, having singularities, pose difficulties while solving geometric programming problems. In this paper, a methodology has been proposed and used to obtain extreme values for geometric programming problems by nth degree polynomial interpolation technique. Here the main idea to optimise the posynomial is to fit a best polynomial which has continuous gradient values throughout the range of the function. The approximating polynomial is smoothened to remove the discontinuities present in the feasible region and the objective function. This spatial interpolation method is capable to optimise univariate and multivariate geometric programming problems. An example is solved to explain the robustness of the methodology by considering a bivariate nonlinear geometric programming problem. This method is also applicable for signomial programming problem.

Keywords: geometric programming problem, multivariate optimisation technique, posynomial, spatial interpolation

Procedia PDF Downloads 328

Authors: B. Güney, Ç. Teke

Abstract:

In recent years, rapid and correct decision making is crucial for both people and enterprises. However, uncertainty makes decision-making difficult. Fuzzy logic is used for coping with this situation. Thus, fuzzy linear programming models are developed in order to handle uncertainty in objective function and the constraints. In this study, a problem of a factory in food industry is investigated, required data is obtained and the problem is figured out as a fuzzy linear programming model. The model is solved using Zimmerman approach which is one of the approaches for fuzzy linear programming. As a result, the solution gives the amount of production for each product type in order to gain maximum profit.

Keywords: food industry, fuzzy linear programming, fuzzy logic, linear programming

Procedia PDF Downloads 600

Authors: Jiaqi Yin, Baofeng Liang

Abstract:

The rapid development in the fields of computer science and information technology presents new challenges and opportunities for foundational programming education. Traditional programming courses often focus heavily on theoretical knowledge while neglecting students’ practical programming and problem-solving abilities. This paper delves into the significance of programming education based on application abilities and provides a detailed explanation of a reform approach that incorporates project-driven teaching to nurture students with more comprehensive computer science skills.

Keywords: fundamentals of programming, application abilities, pedagogical reform, program design

Procedia PDF Downloads 27

Authors: Ahmed Abdulla Ashlam, Atta Badii, Frederic Stahl

Abstract:

In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method Web-App auto-generated twin data structure replication. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi" has been developed. A special login form has been developed with a special instance of data validation; this verification process secures the web application from its early stages. The system has been tested and validated, up to 99% of SQLi attacks have been prevented.

Keywords: SQL injection, attacks, web application, accuracy, database

Procedia PDF Downloads 117