OWA trees and their role in security modeling using attack trees

We introduce the idea of an OWA node as an extension of the “and/or” node and use them to generalize “and/or” trees to OWA trees. We provide a semantics for an OWA node. Specifically while an “or” node requires only one of the children to be satisfied and an “and” node requires “all” the children be satisfied the OWA node allows us to model situations in which there is some probabilistic uncertainty in the number of children that need be satisfied. We then use these OWA nodes in the security related problem of constructing attack trees. Techniques for the evaluation of an OWA attack tree for the overall probability of success and cost of an attack are provided. A method is provided for describing different types of attackers.     

ADTLang: a programming language approach to attack defense trees

International Journal on Software Tools for Technology Transfer - The Attack Defense Tree framework was developed to facilitate abstract reasoning about security issues of complex systems. As such,...     

Data-mining based SQL injection attack detection using internal query trees

Detecting SQL injection attacks (SQLIAs) is becoming increasingly important in database-driven web sites. Until now, most of the studies on SQLIA detection have focused on the structured query language (SQL) structure at the application level. Unfortunately, this approach inevitably fails to detect those attacks that use already stored procedure and data within the database system. In this paper, we propose a framework to detect SQLIAs at database level by using SVM classification and various kernel functions. The key issue of SQLIA detection framework is how to represent the internal query tree collected from database log suitable for SVM classification algorithm in order to acquire good performance in detecting SQLIAs. To solve the issue, we first propose a novel method to convert the query tree into an n-dimensional feature vector by using a multi-dimensional sequence as an intermediate representation. The reason that it is difficult to directly convert the query tree into an n-dimensional feature vector is the complexity and variability of the query tree structure. Second, we propose a method to extract the syntactic features, as well as the semantic features when generating feature vector. Third, we propose a method to transform string feature values into numeric feature values, combining multiple statistical models. The combined model maps one string value to one numeric value by containing the multiple characteristic of each string value. In order to demonstrate the feasibility of our proposals in practical environments, we implement the SQLIA detection system based on PostgreSQL, a popular open source database system, and we perform experiments. The experimental results using the internal query trees of PostgreSQL validate that our proposal is effective in detecting SQLIAs, with at least 99.6% of the probability that the probability for malicious queries to be correctly predicted as SQLIA is greater than the probability for normal queries to be incorrectly predicted as SQLIA. Finally, we perform additional experiments to compare our proposal with syntax-focused feature extraction and single statistical model based on feature transformation. The experimental results show that our proposal significantly increases the probability of correctly detecting SQLIAs for various SQL statements, when compared to the previous methods.     

Comparing attack trees and misuse cases in an industrial setting

The last decade has seen an increasing focus on addressing security already during the earliest stages of system development, such as requirements determination. Attack trees and misuse cases are established techniques for representing security threats along with their potential mitigations. Previous work has compared attack trees and misuse cases in two experiments with students. The present paper instead presents an experiment where industrial practitioners perform the experimental tasks in their workplace. The industrial experiment confirms a central finding from the student experiments: that attack trees tend to help identifying more threats than misuse cases. It also presents a new result: that misuse cases tend to encourage identification of threats associated with earlier development stages than attack trees. The two techniques should therefore be considered complementary and should be used together in practical requirements work.     

Experimental comparison of attack trees and misuse cases for security threat identification

A number of methods have been proposed or adapted to include security in the requirements analysis stage, but the industrial take-up has been limited and there are few empirical and comparative evaluations. This paper reports on a pair of controlled experiments that compared two methods for early elicitation of security threats, namely attack trees and misuse cases. The 28 and 35 participants in the two experiments solved two threat identification tasks individually by means of the two techniques, using a Latin-Squares design to control for technique and task order. The dependent variables were effectiveness of the techniques measured as the number of threats found, coverage of the techniques measured in terms of the types of threats found and perceptions of the techniques measured through a post-task questionnaire based on the Technology Acceptance Model. The only difference was that, in the second experiment, the participants were given a pre-drawn use-case diagram to use as a starting point for solving the tasks. In the first experiment, no pre-drawn use-case diagram was provided. The main finding was that attack trees were more effective for finding threats, in particular when there was no pre-drawn use-case diagram. However, the participants had similar opinions of the two techniques, and perception of a technique was not correlated with performance with that technique. The study underlines the need for further comparisons in a broader range of settings involving additional techniques, and it suggests several concrete experiments and other paths for further work.     

Authorship Attribution and Pastiche

This paper considers the question of authorship attribution techniques whenfaced with a pastiche. We ask whether the techniques can distinguish the real thing from the fake, or can the author fool the computer? If the latter, is this because the pastiche is good, or because the technique is faulty? Using a number of mainly vocabulary-based techniques, Gilbert Adair's pastiche of Lewis Carroll, Alice Through the Needle's Eye, is compared with the original `Alice' books. Standard measures of lexical richness, Yule's K andOrlov's Z both distinguish Adair from Carroll, though Z also distinguishesthe two originals. A principal component analysis based on word frequenciesfinds that the main differences are not due to authorship. A discriminantanalysis based on word usage and lexical richness successfully distinguishes thepastiche from the originals. Weighted cusum tests were also unable to distinguish the two authors in a majority of cases. As a cross-validation, wemade similar comparisons with control texts: another children's story from thesame era, and other work by Carroll and Adair. The implications of thesefindings are discussed.     

察打型无人机攻击航迹控制算法研究

固定翼无人机自身携带激光制导导弹进行对地攻击,需要自身携带的光电转台稳定跟踪目标并进行激光照射,指引导弹命中目标。为满足光电转台稳定跟踪目标的角速度限制及导弹可发射的限制条件,设计一种新型的航迹控制算法。利用基于李雅普诺夫向量场的导航算法,实现无人机从盘旋搜索到发现目标后转入导弹可攻击区并实施攻击的自动航迹控制,并保证无人机在调整姿态的同时光电转台稳定跟踪目标。利用某察打型无人机进行飞行验证,结果证明设计的算法能够较好完成无人机的攻击航迹控制,保证导弹发射。     

一种改进的属性约简算法

提出一种改进的属性约简算法,从规则集R→{d}的不确定性角度,结合信息熵理论,重新定义属性重要性的评价标准,并通过实验对比说明算法的有效性.     

Planar packing of trees and spider trees

In [A. García, C. Hernando, F. Hurtado, M. Noy, J. Tejel, Packing trees into planar graphs, J. Graph Theory (2002) 172-181] García et al. conjectured that for every two non-star trees there exists a planar graph containing them as edge-disjoint subgraphs. In this paper we prove the conjecture in the case in which one of the trees is a spider tree.     

Computer-Based Authorship Attribution Without Lexical Measures

The most important approaches to computer-assistedauthorship attribution are exclusively based onlexical measures that either represent the vocabularyrichness of the author or simply comprise frequenciesof occurrence of common words. In this paper wepresent a fully-automated approach to theidentification of the authorship of unrestricted textthat excludes any lexical measure. Instead we adapt aset of style markers to the analysis of the textperformed by an already existing natural languageprocessing tool using three stylometric levels, i.e.,token-level, phrase-level, and analysis-levelmeasures. The latter represent the way in which thetext has been analyzed. The presented experiments ona Modern Greek newspaper corpus show that the proposedset of style markers is able to distinguish reliablythe authors of a randomly-chosen group and performsbetter than a lexically-based approach. However, thecombination of these two approaches provides the mostaccurate solution (i.e., 87% accuracy). Moreover, wedescribe experiments on various sizes of the trainingdata as well as tests dealing with the significance ofthe proposed set of style markers.     

关联规则在汉语词属性中的研究

在语音识别和合成中文本分析是很重要的,文本分词是文本分析正确与否的基础。目前语音合成系统中的分词一般是基于词典分析建立的,对于多音字易产生错误。文章基于数据挖掘中的关联规则的发现方法对文本分词中词语的关联关系进行研究,通过文本数据的文本特征及语音特征描述的有机结合,获取词语自身属性的关联关系,最后进行了实例测评。     

基于贝叶斯粗糙集模型的属性约简

在分析贝叶斯粗糙集模型的基础上,将只含有两个决策类的贝叶斯粗糙集的情况推广至含有多个决策类的情况,给出了相关定义和简单性质。从全局相对增益的角度分析了属性重要度,给出以此为启发式信息贝叶斯粗糙集属性约简的启发式算法,且用相应的Matlab程序进行实现。对贝叶斯粗糙集与变精度粗糙属性约简进行了比较,结果证明了算法的有效性。     

倒向P-推理与属性剩余发现-应用

利用P-推理(P=Packet),提出倒向P-推理;倒向P-推理简称p-1-推理.P-1推理由内p-1推理(internal P-1 - reasoning)与外p-1推理(outer p-l-reasoning)共同构成;或者,if((x)Fk+1,(x)Fk)(=>)((x)Fk,(x)Fk+1),then(aFk...     

Authorship Attribution with Support Vector Machines

In this paper we explore the use of text-mining methods for the identification of the author of a text. We apply the support vector machine (SVM) to this problem, as it is able to cope with half a million of inputs it requires no feature selection and can process the frequency vector of all words of a text. We performed a number of experiments with texts from a German newspaper. With nearly perfect reliability the SVM was able to reject other authors and detected the target author in 60–80% of the cases. In a second experiment, we ignored nouns, verbs and adjectives and replaced them by grammatical tags and bigrams. This resulted in slightly reduced performance. Author detection with SVMs on full word forms was remarkably robust even if the author wrote about different topics.     

改进的快速属性约简算法

属性约简是决策表信息系统中一个重要操作.目前最高效的算法是徐章艳给出的RedueBaseSig算法,其时间复杂度为max{O(|C||U|),D(|C|2|U|)},但在某些情况下,该算法求得的并不是约简.文中分析了徐章艳算法的局限性.并提出改进的快速属性约简算法.该算法优化了等价类划分和正区域求解,以核属性为初始约简集,不断将重要性大的属性加入约简集中.在最坏情况下改进后算法的时间复杂度为O(|C|2|U|);而且实验结果表明,该算法是正确的、高效的.     

倒向P-推理与属性剩余发现-应用

利用P-推理(P=Packet),提出倒向P-推理;倒向P-推理简称P-1-推理.P-1推理由内p-1推理(internal P-1-reasoning)与外p-1推理(outer P-1-reasoning)共同构成;或者,if((x)Fk+1,(x)Fk)→((x)Fk,(x)Fx+1),then(Fak,Fak+...     

Function Words in Authorship Attribution Studies

The search for a reliable expression to measure an author'slexical richness has constituted many statisticians' holy grailover the last decades in their attempt to solve some controversialauthorship attributions. The greatest effort has been devotedto find a formula grounded on the computation of tokens, word-types,most-frequent-word(s), hapax legomena, hapax dislegomena, etc.,such that it would characterize a text successfully, independentof its length. In this line, Yule's K and Zipf 's Z seem tobe generally accepted by scholars as reliable measures of lexicalrepetition and lexical richness by computing content and functionwords altogether.¹ Given the latter's higher frequency, theyprove to be more reliable identifiers when isolatedly computedin p.c.a. and Delta-based attribution studies, and their rateto the former also measures the functional density of a text.In this paper, we aim to show that each constant serves to measurea specific feature and, as such, they are thought to complementone another since a supposedly rich text (in terms of its lemmas)does necessarily have to characterize by its low functionaldensity, and vice versa. For this purpose, an annotated corpusof the West Saxon Gospels (WSG) and Apollonius of Tyre (AoT)has been used along with a huge raw corpus.     

A Prototype for Authorship Attribution Studies

Despite a century of research, statistical and computationalmethods for authorship attribution are neither reliable, well-regarded,widely used, or well-understood. This article presents a surveyof the current state of the art as well as a framework for uniformand unified development of a tool to apply the state of theart, despite the wide variety of methods and techniques used.The usefulness of the framework is confirmed by the developmentof a tool using that framework that can be applied to authorshipanalysis by researchers without a computing specialization.Using this tool, it may be possible both to expand the poolof available researchers as well as to enhance the quality ofthe overall solutions [for example, by incorporating improvedalgorithms as discovered through empirical analysis (Juola,P. (2004a). Ad-hoc Authorship Attribution Competition. In Proceedings2004 Joint International Conference of the Association for Literaryand Linguistic Computing and the Association for Computers andthe Humanities (ALLC/ACH 2004), Göteborg, Sweden)].     

Balancing minimum spanning trees and shortest-path trees

We give a simple algorithm to find a spanning tree that simultaneously approximates a shortest-path tree and a minimum spanning tree. The algorithm provides a continuous tradeoff: given the two trees and a>0, the algorithm returns a spanning tree in which the distance between any vertex and the root of the shortest-path tree is at most 1+2 times the shortest-path distance, and yet the total weight of the tree is at most 1+2/ times the weight of a minimum spanning tree. Our algorithm runs in linear time and obtains the best-possible tradeoff. It can be implemented on a CREW PRAM to run a logarithmic time using one processor per vertex.Current research supported by NSF Research Initiation Award CCR-9307462. This work was done while this author was supported by NSF Grants CCR-8906949, CCR-9103135, and CCR-9111348.Part of this work was done while this, author was at the University of Maryland Institute for Advanced Computer Studies (UMIACS) and supported by NSF Grants CCR-8906949 and CCR-9111348.