The ICoFCS Committee chose the paper "Greatest Eigenvalue Time Vector Approach for Blind Detection of Malicious Traffic" as the best paper of the this year conference.
The best paper of this year Conference was written by Danilo Fernandes Tenório, João Paulo C. L. da Costa, and Rafael Timóteo de Souza Júnior. This paper will open the ICoFCS 2013.
See the Best Paper abstract:
"Recently, blind techniques have been applied to detect malicious traffic and attacks in honeypots. The honeypot traffic can be divided into legitimate and malicious traffic, where the legitimate traffic corresponds to DHCP, broadcasting, and synchronization. In practice, other servers connected to the network may be also targets for attacks and malicious traffic. Therefore, it is crucial to develop detection techniques for malicious traffic for such computers. In this paper, we propose a solution that blindly detects malicious traffic for any computer connected to the network. We validate our proposed solution considering two types of malicious traffic: synflood and portscan."
The paper "Analyzing Targeted Attacks using Hadoop applied to Forensic Investigation", written by Parth Bhatt and Edgar Toshiro Yano is the runner-up paper of the conference.
See the Runner Up paper abstract:
"Conventional intrusion detection and prevention technologies are mostly based to work on traditional methodologies to detect malicious events while, mining on a midsized log data. In recent years, we have seen the evolution of sophisticated targeted attacks by well trained adversaries exhibiting multiyear intrusions; therefore existing security toolsets have become insufficient for analysing intrusions performed by these adversaries with necessary speeds and agility.
Dealing with such sophisticated attacks requires working with huge volume of multiyear security log data. Big Data technologies, such as Hadoop, enable the analysis of large and unstructured data sources, therefore , In this paper we propose our framework based on Hadoop for dealing with Intrusions performed by Targeted threat adversaries, using concept of Intrusion kill chains which will be helpful for forensics analysis."