GeNeura at European Project MUSES Final Review

GeNeura’s members have been working in the three-year long, FP7 European project MUSES, which faced its last review last week at the European Commision Beaulieu Quarter Buildings in Brussels.

UGR was one of the partners participating in this project. More concretely, GeNeura’s members have contributed by leading WP2 – MUSES framework definition and integration during the completion of tasks to define the MUSES System Architecture. In addition, GeNeura’s research has been applied to the project in WP5 – Self-adaptive event correlation, lead by a Spanish security company S2 Grupo. The main purpose of this WP was to develop a system which, on the one side, uses event correlation to detect Security Policy violations and, on the other side, performs an analysis of all the data in the system and creates new Security Policies or enhances the existing ones. Different types of classification, rule association, and clustering algorithms, as well as Data Mining techniques, have been applied with satisfactory results. These results were specially welcomed by the comission, ponting that such a system will be very helpful to enhance security. Also, MUSES is an Open Software project, and you can contribute at https://github.com/MusesProject

The results were presented by S2 Grupo and GeNeura together. The slides are now published on Slideshare:

It has been a pleasure for GeNeura to work in MUSES

CTjLUuFWcAAhTqw.jpg:large

Advertisements

[Paper] Going a Step Beyond the Black and White Lists for URL Accesses in the Enterprise by means of Categorical Classifiers

Our work titled Going a Step Beyond the Black and White Lists for URL Accesses in the Enterprise by means of Categorical Classifiers, as part of the researh under the MUSES project, has been presented today at the ECTA 2014 conference.

Abstract:

Corporate systems can be secured using an enormous quantity of methods, and the implementation of Black or White lists is among them.
With these lists it is possible to restrict (or to allow) the users the execution of applications or the access to certain URLs, among others. This paper is focused on the latter option. It describes the whole processing of a set of data composed by URL sessions performed by the employees of a company; from the preprocessing stage, including labelling and data balancing processes, to the application of several classification algorithms. The aim is to define a method for automatically make a decision of allowing or denying future URL requests, considering a set of corporate security policies.
Thus, this work goes a step beyond the usual black and white lists, since they can only control those URLs that are specifically included in them, but not by making decisions based in similarity (through classification techniques), or even in other variables of the session, as it is proposed here.
The results show a set of classification methods which get very good classification percentages (95-97%), and which infer some useful rules based in additional features (rather that just the URL string) related to the user’s access. This led us to consider that this kind of tool would be very useful tool for an enterprise.

You can check the presentation at: .