VENESEG provides security services including social network security analysis. They identify threats like private information exposure and information warfare manipulation. Their approach uses supervised neural networks trained on human risk patterns and heuristic functions with fuzzy logic to detect electronic risks. This predictive system is trained to minimize false positives. Heuristics assess risks like SQL injection based on suspicious factors. Fuzzy rules then determine the most likely risk type. Connecting the heuristics to a neural network provides an effective solution for limiting errors. While still being tested, this approach offers a promising direction for software security research.
9. SOCIAL NETWORK SECURITY CONTENT IN 3 POINTS ThreatsIdentification By Default: Private and Professional life violation risks Cross Correlation of open (Public) information Confidential and Sensitive information revealed by advanced analysis Informationwarfare (INFOWAR): Manipulation and DestabilizationConcepts The Security Aspect The Common Sense and Training Aspect How to Respond and Protect The heuristic based security solution, a proactive protection How to build a strong predictive information’s protection
11. THREATS IDENTIFICATION (2/3) Justanexemple… Attackercollectsuserinformationson social networksites Sendfabricatedmessage / Constructapplicationswith personal details Thefabricatedmessage / Constructedapplicationtake place overthe social network
13. THE SECURITY ASPECT (1/2) Thebig and fundamental questionis: CAN I TRUST THE INFORMATIONS I RECEIVED FROM THIS SOCIAL NETWORK ? And theanswermust be ever: NO, NEVER !!! Ifyouransweris yes, call me, i can helpyou Why ? Theanswerisyours, youhaveyourownreasons, well…i hope foryou ! Ok, so…howtoprotectusagainstthe social networksdangers ? EASY, USE YOUR COMMON SENSE AND AN ADAPTED TRAINING ! A simple exemple of myownlife
14. THE SECURITY ASPECT (2/2) Are youreadytoriskyourownlife in this cave ? No ??? Well, whywouldyouliketoriskyour image (Lifestyle) in a cybernetic cave without a good and adapted training as well as cave divers ? Itisthesame no ? Remenber:Thecommonsense and anadapted training will do thedifferencebetweenlife and dead ! Well, at leastunderwater! Unfortunatly, the real lifeisnotworst !!! Youcouldlostyourjob, yourimage, yourfriends and family ! You can alsoput in real dangeryourcompany ! Do youreallywantthis ?
20. The proposed heuristics methods are based on certain factors and expected behaviors. The factors will be incorporated in the formulas and therefore values will be obtained.
21. Based on a fuzzy criteria, we shall decide about the situation. In all the heuristic formulas, we try to use the most effective factors that might lead to a certain type of risk or threatExemple:SQL Injection Risk Detection (based on the research of Pr. N. Hewahi)
22. HEURISTIC FUNCTIONS AND FUZZY LOGIC (2/4) H1 = Norm ( np + pd + it) np : is the number of used prohibited characters. pd : number of input parameters that do not match the input data type. it : number of trails for inputs (how many times try to give a correct input). The value of H1 will be 0<= H1 <= 1. Standard SQL Injection H2 = Norm (np + U + O ) U : is UNION exist in the input. The value is 1 if yes and 0 if no. O : Does ORDER BY in the input. The value is 1 for yes and 0 for no. The value of H2 will be 0 <= H2 <= 1 Union SQL Injection H3 = Norm (np + nl ) Where np is as defined Before and nl : number of times a trial have been done to get a link (the page might appear or not) Blind SQL Injection
23. HEURISTIC FUNCTIONS AND FUZZY LOGIC (3/4) After obtaining the three values, we try to take a decision about the type of injection we are mostly suspicious of. This is done by specifying a fuzzy logic membership function such as: Where (FUN) could be thevalue of H1, H2 or H3
24. HEURISTIC FUNCTIONS AND FUZZY LOGIC (4/4) We then construct fuzzy rules (SECURE POLICY) to decide which kind of injection we are mostly suspicious of. A sample of such rules are presented below: IF H1 is High and H2 is LOW then o1 is MORE IF H1 is High and H3 is LOW then o1 is MORE IF H1 is LOW and H2 is HIGH then o2 is MORE IF H3 is LOW and H1 is low and H2 is HIGH then o2 is MORE IF H1 is MED and H2 is MED then o1 is MED and o2 is MED. IF H1 is MED and H2 is HIGH THEN o2 is MED. IF H1 is LOW then o1 is LESS. And so on… MORE, MED and LESS are measures to scale the fuzzy values of the outputs through another membership function.
25.
26. Based on the above rules, we shall have three values for o1, o2 and o3. Those values can be computed by defuzzifications using center of gravity.
27. The obtained values of o1, o2 and o3 will have values between 0 and 100. The one with the highest value will be the most suspicious SQL injection.
28.
29. THANKS THANK YOU FOR YOUR TIME Christophe HERAULT CEO – VENESEG christophe@veneseg.com http://www.veneseg.com