CPN Presentation New

download CPN Presentation New

of 56

Transcript of CPN Presentation New

  • 8/16/2019 CPN Presentation New


    Information SecurityManagement and Forensic

    Computing By

    Dr. A. S. Sodiya, MCPN, FNCSDr. A. S. Sodiya, MCPN, FNCS

    Senior Lecturer / Information Security Consultant 

    Department of Computer Science

    Federal University of Agriculture

     Abeokuta, gun State, !igeria.

    Chairman - Publication, Standards, Research and Development,igeria Computer Society

    !ditor-in-Chief, "ournal of Computer Science and Its #pplications

    +2348034551851, [email protected]

  • 8/16/2019 CPN Presentation New


    Content♦ !n"rodu#"ion "o !n$or%a"ion Se#uri"y

    ♦ &e'ie( o$ So%e Curren" Se#uri"y Me#)anis%s – Au")en"i#a"ion

     – Au")orisa"ion * A#ess Con"ro Sys"e%s

     – Fire(as – !n"rusion De"e#"ion Sys"e% !DS-

     – n#ry/"ion

    ♦ Cyberse#uri"y

    ♦ S"e/s in !n$or%a"ion Se#uri"y Manae%en"

    ♦ Forensi# Co%/u"in

    ♦ Con#usion2

  • 8/16/2019 CPN Presentation New


    Introduction to Information security

    !n$or%a"ion se#uri"y♦Simply means protecting information

    systems from unauthorised access.

    ♦ It means protecting information andinformation systems from unauthorized

    access, use, disclosure, disruption,

    modification, perusal, inspection, recordingor destruction.


  • 8/16/2019 CPN Presentation New


    Introduction to Information securitycontd...

    Other related terms :♦ Co%/u"er sys"e% se#uri"y means the collective

     processes and mechanisms y !hich sensitive and

    valuale information and services are protected from

     pulication, tampering or collapse y unauthorizedactivities or untrust!orthy individuals and unplanned

    events respectively

    ♦ Da"a Se#uri"y means protecting a dataase from

    destructive forces and the un!anted actions ofunauthorised users

    ♦ Ne"(or se#uri"y protecting net!or" resources from

    unauthorised access


  • 8/16/2019 CPN Presentation New


    Introduction to Information securitycontd...

    $ccording to Sodiya and Onashoga %2&'&(, the valueof computer and net!or" resources can e

    compromised in three !ays commonly

    referred to as the CI$s of computer security: – Confidentiality: prevention of unauthorizeddisclosure of information)

     –  Integrity: prevention of unauthorized

    modification of information) and

     –  Availability: prevention of unauthorized

    !ithholding of information


  • 8/16/2019 CPN Presentation New


    Introduction to Information securitycontd...

    ")ers in#ude♦ Au")en"i#i"y it is necessary to ensure that the data,

    transactions, communications or documents %electronic

    or physical( are genuine. It is also important for

    authenticity to validate that oth parties involved are!ho they claim they are.

    ♦ Non*re/udia"ion In la!, it implies one+s intention to

    fulfill their oligations to a contract. It also implies that

    one party of a transaction cannot deny having receiveda transaction nor can the other party deny having sent a


  • 8/16/2019 CPN Presentation New


    $uthentication Authentication is the process of verifying the

    identity of a user, process, or device, often as a prere-uisite to allo!ing access to resources in a

    system /IS0, 2&''1.

     0he identity of a certain user or process is

    challenged y the system and proper steps must

     e ta"en to prove the claimed identity.

    $uthentication involves t!o stages:

    a. Identification, !here the user supply valididentities

    b. Verification, !here the supply identity is


  • 8/16/2019 CPN Presentation New


    $uthentication contd....Can e done in three !ays:

    ♦Something you "no! %the pass!ord(♦  Something you have %card, seal(

    ♦  Something you are %iometric such as

    your face, your voice, your fingerprints, or

    your 4/$(


  • 8/16/2019 CPN Presentation New


    $uthentication contd....6ass!ord7ased authentication is usually

    done in t!o !ays:7a. 0e8t7ased pass!ord: $ pass!ord is a secret that

    consist of symols or characters %usually

    memorised y users( used for authentication. Itusually consist of alphaets, numers and some

    allo!ed special characters.

     . 9raphical7ased pass!ord: sers enter the

     pass!ord y clic"ing on a set of images,specific pi8els of an image, or y dra!ing a

     pattern in a pre7defined and secret order.


  • 8/16/2019 CPN Presentation New


    $uthentication contd....

  • 8/16/2019 CPN Presentation New


    $uthentication contd....


    4ra! a secret %4$S( 6ass 4oodle

    Some e8amples of graphical7ased


  • 8/16/2019 CPN Presentation New


    $uthentication contd....


    6asspoints ac"ground 4$S

    Other e8amples of graphical7ased


  • 8/16/2019 CPN Presentation New


    $uthentication contd....oens

    ♦Some authentication systems commonlyuse to"ens, !hich is any device or o>ect

    that can authenticate

    ♦Common modern e8amples include physical "eys, 6I/ generating device,

     pro8imity cards, credit cards, or $0?



  • 8/16/2019 CPN Presentation New


    $uthentication contd....io%e"ri# au")en"i#a"ion

    0his is the use of iological characteristics of users forauthentication.

    Common iometric systems include the follo!ing:

    ♦  @acial recognitionA?easures distances et!een specific points on the face.

    ♦  @ingerprintsA?easures distances et!een specific points on a fingerprint.

    ♦  Band geometryA?easures the length of fingers and the length and !idth of the hand.

    ♦  eystro"e dynamicsA?easures specific "eystro"es in typing a predetermined phrase) this is

    commonly used !ith e8isting pass!ord systems.

    ♦  Band veinA=eads the venal and arterial patterns !ithin a human hand.

    ♦  IrisA?easures the color and pattern of the iris in the eye.

    ♦ =etinaA=eads the venal and arterial pattern on the retina of the eye.

    ♦ SignatureA=ecognizes the signature as !ell as the speed and style of the actual performance of 

    ♦ !riting the signature.

    ♦ DoiceA?easures and recognizes specific audio patterns in human speech for predetermined

    ♦  phrases.

    ♦ @acial thermogramA=ecognizes heat patterns in the face using a thermal camera.

    ♦ 4/$A?easures the specific patterns of genes in human 4/$.


  • 8/16/2019 CPN Presentation New


    $uthentication contd....


    Common attac"s on authentication systemsa. 0he attac"s .

  • 8/16/2019 CPN Presentation New


    $uthentication contd....♦ Sniffing attacks %also "no!n as the man7in7the7

    middle attac"s( capture information as it flo!s et!een a client and a server.

    ♦ ID spoofing attacks occur !hen a malicious user

    or process claims to e a different user or

     process. 0his attac" 

    allo!s an intruder on the Internet to effectively

    impersonate a local system+s I6 address.

    ♦ A Brute-force attack is any form of attac"against a credential information file that

    attempts to find a valid username and pass!ord

    in succession.'

  • 8/16/2019 CPN Presentation New


    $uthentication contd....♦ $ dictionary attack is the EsmartF version of rute7force

    attac"s and is also e8ecuted using automated attac"

    tools to capture usersG crediential information.

    ♦ $ replay attack means that the malicious user 

    trapped the authentication se-uence that !as

    transmitted y an authorized user through thenet!or", and then replayed the same se-uence to the

    server to get himself authenticated.

    ♦ Credential decryption is a basic supplementary

    attac" for sniffing attac"s, rute7force attac"s, and

    dictionary attac"s. $ tool, !hose aim is to rea" the

    encryption algorithm that !as used to encrypt

    credential information, usually performs these attac"s.'

  • 8/16/2019 CPN Presentation New


    $uthentication contd....ther forms of attacks are

    ♦ eylogging attac", !here "eystro"es %ey se-uences(of users are captured y automated tools or devices

    ♦ Shoulder surffing is a security attac" !here the

    attac"er uses oservation techni-ues, such as loo"ing

    over someone+s shoulder, to get crediential information.


  • 8/16/2019 CPN Presentation New


    $ccess Control

    ♦ $ccess control is concerned !ith determining theallo!ed activities of legitimate users

    ♦ Bongchao et al %2&'&( defined access control as a

    security mechanism to protect certain resources or

    services from illegal access,♦ It is the aility to permit or deny the use of a particular

    resource y a particular entity.


    $ C l S

  • 8/16/2019 CPN Presentation New


    $ccess Control Sytem contd....

    ♦ 0here are three asic components in an access controlsystem:

     – the sube#"s: the entity that re-uests access to

    a resource is called the sube#" of the access)

    it is an active entity ecause it initiates theaccess re-uest

     – the "are"s: the resource a su>ect attempts to

    access is called the "are"6obe#" of theaccess and

     – the rues !hich specify the !ays in !hich the

    su>ects can access the targets.2&

    $ C l S

  • 8/16/2019 CPN Presentation New


    $ccess Control Sytem contd....$ccess control systems are generally classified as

    %Sodiya et al., 2&&;(:♦ Discretionary Access Control (DAC) : the

    o>ect o!ner or anyone else !ho is authorized

    to control the o>ectGs access specifies !ho have

    access to the o>ect or specifies the policies

    ♦ Non-Discretionary Access Control (NDAC): It

    commonly uses a su>ectGs role or a tas"

    assigned to the su>ect to grant or deny o>ectaccess. It specifies that access control policy

    decision are made y a central authority and not

     y individual o!ner of the o>ect2'

    $ C l S

  • 8/16/2019 CPN Presentation New


    $ccess Control Sytem contd....♦ Some e8amples of 4$C are:7

    i.  Lattice-based access control is a variation of the non7

    discretionary access control design. Instead of associating accessrules !ith specific roles or tas"s, each relationship et!een a

    su>ect and an o>ect has a set of access oundaries. 0hese access

     oundaries define the rules and conditions that allo! o>ect


    ii.  Identity-based Access Control :7 0he techni-ue ma"es o>ect

    access decision ased on a user I4 or a userGs group memership.

    Hhen a su>ect re-uests access to the o>ect, the su>ectGs

    credentials are presented and evaluated to deny or grant the


    iii. Access Control Lists (ACLs), !hich is a techni-ue that allo!

    groups of o>ects, or su>ects, to e controlled to ma"e

    administration a little easier. It can grant a su>ect access to a

    group of o>ects or grant a group of su>ects access to a specific

    o>ect 22

    $ C t l S t

  • 8/16/2019 CPN Presentation New


    $ccess Control Sytem contd....♦ Some e8amples of /4$C are:7i.  Role-based Access Control (RBAC): 0his descries the

    techni-ue in !hich categories and duties of users are considered

     efore permissions are granted to invo"e an

    ii. &ue*based A##ess Con"ro &uAC-* 0his descries the

    techni-ue that allo!s su>ects or users to access o>ects ased on

     pre7determined and configured rules.iii. !r"ose-based Access Control (BAC): 0his allo!s access to

     e granted ased on the intentions of the su>ects.

    iv.  #istory-based Access Control (#BAC (:7 0his descries an

    access control techni-ue in !hich access is granted ased on the

     previous records.

    v. $e%"oral Constraints Access Control ($CAC):7 0his involves

    access control policies in time restrictions are attached resource

    access. @or e8ample, some activities must e

    performed !ithin a reasonale period 23

  • 8/16/2019 CPN Presentation New


    @i ll

  • 8/16/2019 CPN Presentation New



    ♦  7PS F!&A99

    ♦  ac&et filter : 6ac"et filtering inspects each pac"et passingthrough the net!or" and accepts or re>ects it ased on user7

    defined rules

    ♦ Cir#ui"*e'e $ire(a: $pplies security mechanisms !hen a

    0C6 or 46 connection is estalished. Once the connection

    has een made, pac"ets can flo! et!een the hosts !ithout

    further chec"ing

    ♦  A""lication gate'ay: $pplies security mechanisms to specific

    applications, such as @06 and 0elnet servers

    ♦  roy server : Intercepts all messages entering and leaving thenet!or" acting as an intermediary et!een clients and

    servers. 0he pro8y server hides the true net!or" addresses

    @i ll

  • 8/16/2019 CPN Presentation New



    )a" #an a $ire(a do:

    ♦ It provides a single point of defense, allo!ing acontrolled and audited access to services provided

    ♦  It reinforces the o!n systemGs security

    ♦  It implements a security policy to access the secure


    ♦  It can monitor incoming outcoming traffic

    ♦  It can limit the e8posure to an insecure net!or"

    ♦  It may ecome the point to ta"e security decisionssince all traffic goes across

    I t i 4 t ti S t %I4S(

  • 8/16/2019 CPN Presentation New


    Intrusion 4etection System %I4S(

    ♦ $n intrusion is defined as any set of actions that

    attempt to compromise the integrity,confidentiality or availaility of a resource.

    ♦ Intrusion detection is simply an act of detecting

    intrusions.♦ Intrusion 4etection System %I4S( is an

    authorized !ay of identifying illegitimate users,

    attac"s and vulnerailities that could affect the

     proper functioning of computer systems.

    ♦ I4S detects e8ternal and internal attac"s on

    computer systems and net!or"s %Hang et al.

    2&&;( 2

    I t i 4 t ti S t %I4S(

  • 8/16/2019 CPN Presentation New


    Intrusion 4etection System %I4S(

    ♦ Classification and Structure of I4S


    I t i 4 t ti S t %I4S(

  • 8/16/2019 CPN Presentation New


    Intrusion 4etection System %I4S(

    ♦ Some of the prolems !ith e8isting I4S are:

     –  @alse positive

     –  @alse negative

     –  Security of I4S

     –  Jo! detection efficiency especially for coordinatedand distriuted attac"s


    < ti

  • 8/16/2019 CPN Presentation New


  • 8/16/2019 CPN Presentation New


  • 8/16/2019 CPN Presentation New


    as)in 7 Some common hashing algorithms are

    ?essage 4igest * %?4*( and Secure Bashing

    $lgorithm %SB$(


  • 8/16/2019 CPN Presentation New




    Cyber s/a#e

    0his is communication path!ay.

    Cyerspace is a name for the environment that onlinecommunication ta"es place in. It is also "no!n as anelectronic medium for computer net!or"s. Cyerspacerefers to the !hole !orld of the Internet  and is noto!ned y anyody

    Fea"ures o$ Cybers/a#e

    orderless$vailale gloally

    Capacity and and!idth not -uantifiale

  • 8/16/2019 CPN Presentation New


    Cyersecurity %Contd...(


    Cyber Se#uri"y

    Cyber se#uri"y is concerned !ith protectingresources of net!or"s connected to internetfrom malicious or unauthorised access.

    International 0elecommunication nion %I0(defined Cyber se#uri"y as the collection ofapproaches, actions, training, est practices,

    assurance and technologies that can e used to protect the cyer environment and organizationand userGs assets

  • 8/16/2019 CPN Presentation New


    C C it 0h t $ d

  • 8/16/2019 CPN Presentation New


    Common Cyersecurity 0hreats $nd



     Insider threats

    ♦ $n insider attac" involves someone from the inside, such as a disgruntled employee, attac"ing the net!or"Insider attac"s can e malicious or no malicious. ?alicious insiders intentionally eavesdrop, steal, or damage

    information) use information in a fraudulent manner) or deny access to other authorized users. 0his controlled

    using efficient authentication and authorisation systems and I4S


    ♦ ?al!are are malicious codes that can cause distortion on your ro!ser and eventually cripple your system. 0hey

    can hi>ac" your ro!ser, redirect your search attempts, serve up nasty pop7up ads, trac" !hat !e sites you visit,

    and prevent you from performing certain functions. an horse, spy!are, ad!are,

    dialers, hi>ac"ers, etc. 0hey are controlled using fre-uently updated and highly rated antivirus, antispy!are, etc.

  • 8/16/2019 CPN Presentation New


    Cyberse#uri"y * )e Payers


    ♦$ac%ers♦Security e&perts'researchers

    ♦(overnment, organisations,Individuals

    M "i F C b A""

  • 8/16/2019 CPN Presentation New


    Mo"i'es For Cyber A""a#s


    ♦ Some of the motives for cyer attac"s include: 

     – Dendetta=evenge

     – Lo"e6ran"

     – 0he Bac"er+s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#s


    a. >ear"and Pay%en" Sys"e%s♦ Da"e ?arch 2&&5

    ♦ !%/a#" '3# million credit cards e8posed through SMJ

    in>ection to install spy!are on Beartland+s data systems.

    ♦ $ federal grand >ury indicted $lert 9onzalez and t!ounnamed =ussian accomplices in 2&&;. 9onzalez, a

    Cuan7$merican, !as alleged to have masterminded

    the international operation that stole the credit and deit

    cards. In ?arch 2&'& he !as sentenced to 2& years infederal prison

    &e#en" >is"ory $ Cyber A""a#s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#scontd...


     . Sony?s PayS"a"ion Ne"(or  – Da"e $pril 2&, 2&''

     – !%/a#" million 6layStation /et!or"

    accounts hac"ed) Sony is said to have lost

    millions !hile the site !as do!n for a month.

    ♦ 0his is vie!ed as the !orst gaming community data

     reach of all7time. Of more than million

    accounts affected, '2 million had unencryptedcredit card numers. $ccording to Sony it still has

    not found the source of the hac" 

    &e#en" >is"ory $ Cyber A""a#s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#scontd...


    ♦ c. ooe6o")er Sii#on =aey #o%/anies – Da"e ?id72&&;

     – !%/a#" Stolen intellectual property

    In an act of industrial espionage, the Chinesegovernment launched a massive and unprecedented

    attac" on 9oogle, Nahoo, and dozens of other

    Silicon Dalley companies. 0he Chinese hac"ers

    e8ploited a !ea"ness in an old version of Internetis"ory $ Cyber A""a#s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#scontd...


    d. CardSys"e%s Sou"ions – Da"e Lune 2&&*

     – !%/a#" #& million credit card accounts e8posed.

    CSS, one of the top payment processors for Disa,

    ?asterCard, $merican an attac", !hich inserted code into the

    dataase via the ro!ser page every four days, placingdata into a zip file and sending it ac" through an @06.

    &e#en" >is"ory $ Cyber A""a#s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#scontd...


    e. &SA Se#uri"y – Da"e ?arch 2&''

     – !%/a#" 6ossily #& million employee records


    ♦ 0he impact of the cyer attac" that stole

    information on the company+s SecurI4

    authentication to"ens is still eing deated

    &e#en" >is"ory $ Cyber A""a#s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#scontd...


    $ . Ci"yban in SA – Da"e 2&''

     – !%/a#" 2'&,&&& customers affected. $out 2.

    million stolen.

    ♦ 0he impact of the cyer attac" targeted the social

    Security numers, irth dates, card e8piration

    dates and card security code %CDD( !ere not


    &e#en" >is"ory $ Cyber A""a#s

  • 8/16/2019 CPN Presentation New


    &e#en" >is"ory $ Cyber A""a#scontd...



    ♦  E@lameF the !ashington "ost  reported in 2&'', even

    though itGs li"ely that @lame %as !ell as Stu8net( is the

    result of .S. and Israeli cyer!arfare cooperation.

    ♦  Israel admitted pulicly for the first time to engaging in

    Ecyer activity consistently and relentlesslyF for the purposes of Kth!arting and disrupting enemy pro>ects,F

    ♦ .S. government long ago decided that launching cyer7

    attac"s against countries it vie!s as a threat is a

    legitimate foreign policy tool. .S. has against others,especially China, for conducting cyer operations against

    .S. usinesses or government organizations.

    &e#ord o$ /as" #yber a""a#s

  • 8/16/2019 CPN Presentation New


    &e#ord o$ /as" #yber a""a#s


    ♦ 0he cyer !arfare continues !ith reno!ned Computer Security e8perts

    fighting daily to cur the increasing numer of attac"s.

    ♦ $ccording to /IS0, 2&'2

    P Fiure 1 &e#ords o$ /as" a""a#s

    ) ) i ") i :

  • 8/16/2019 CPN Presentation New


    )e (ar B )o is ")e (inner:


    ♦ 0he attac"ers are clearly the !inners in the game at the present, and they lead

     y a very !ide margin, and it is even more complicated ecause some of the

    governments of countries fighting cyer threats are also attac"ers themselves

    to other nation.

    ♦ 0his !as also the position of &SA Se#uri"y #)air%an $rthur Coviello, the

    reno!ned system security company of the S$ !hose company is still

    counting its loss from a recent attac".

    Sra"eies $or !n$or%a"ion Se#uri"y

  • 8/16/2019 CPN Presentation New




    '& "ey strategies for information security management in organisations:7

    Create security training and a!areness programme !ithin the organization♦ Identify and document all resources on the net!or" 

    ♦ $ll connections to the net!or" must e "no!n, documented and


    ♦ Bave an efficient access control system

    ♦ Implement trusted and efficient intrusion prevention and detectionsystems

    ♦ Bave an effective programme for ac"up and recovery, ris" analysis and

    incident handling

    ♦ 6revent all un"no!n applications

    ♦ se security applications from reliale vendors

  • 8/16/2019 CPN Presentation New


  • 8/16/2019 CPN Presentation New


  • 8/16/2019 CPN Presentation New


    Forensi# Co%/u"in

  • 8/16/2019 CPN Presentation New




    $ digital forensic investigation commonly consists

    of 3 stages: ac-uisition or imaging of e8hiits,

    analysis, and reporting.♦ $c-uisition involves creating an e8act sector level duplicate %or

    Kforensic duplicateK( of the media, often using a !rite loc"ing

    device to prevent modification of the original.

    ♦ 4uring the analysis phase an investigator recovers evidence

    material using a numer of different methodologies and tools. 0he

    evidence recovered is analysed to reconstruct events or actions

    and to reach conclusions, !or" that can often e performed y lessspecialised staff.

    ♦ Hhen an investigation is complete the data is presented, usually in

    the form of a !ritten report.

    Forensi# Co%/u"in

  • 8/16/2019 CPN Presentation New



    Some tools used for digital forensic investigation


    a. F< !%aer

    b. De#;" 

    #. De#ode B Forensi# Da"e6i%e De#oder 

    d. Dii"a !%ae &e#o'ery

    And %any %ore 


  • 8/16/2019 CPN Presentation New




    $ ma>or concern is !hether the attac"ers !ill e!inners forever.

    ♦ Systems and /et!or" !ill continue to e penetrated

    ♦ Security e8perts and researchers are fighting hard. /e!

     proactive and roust approaches need to e employed♦ Intelligence of the hac"ers must e anne8ed and utilised

     y government

    ♦ Bo! prepared are !e as individuals, organisations and

    governmentQ♦ usiness of everyody


  • 8/16/2019 CPN Presentation New




     –  6eterson, 9ilert R Shenoi, Su>eet %2&&;(. K4igital @orensic =esearch: 0he 9ood, the

    ad and the naddressedK. Advances in Digital $orensics V  %Springer oston( 30:'–3. doi:'&.'&&;5737#27'**72.

    ♦ $li ?ohamed < %2&&5(. Study and 4evelop a /e! 9raphical 6ass!ord SystemF,

    niversity 0echnology ?alaysia, ?aster 4issertation.

    ♦ $rash BJ, =osli S, Samaneh @, Omar T %2&&;(. $ !ide7range survey on =ecall7ased

    9raphical ser $uthentications algorithms ased on ISO and $ttac" 6atterns, ILCSIS, : 3.

    ♦ $li ?ohamed < %2&&5(. Study and 4evelop a /e! 9raphical 6ass!ord SystemF,niversity 0echnology ?alaysia, ?aster 4issertation.

    ♦ $rash BJ, =osli S, Samaneh @, Omar T %2&&;(. $ !ide7range survey on =ecall7ased

    9raphical ser $uthentications algorithms ased on ISO and $ttac" 6atterns, ILCSIS, : 3.

    ♦ Sodiya, A. S. and Onashoga, S. $. %2&&;(. EComponents7ased $ccess Control

    $rchitectureF, o!rnal of Iss!es in Infor%ing *cience and Infor%ation

    $ec+nology % S$, Dol. , 2&&; % pp *37', ISS/: '*#75#, pulished yInforming Science Institute. $vailale online at http:IIS0.

    ♦ '

    &e$eren#es contd...


  • 8/16/2019 CPN Presentation New



    ♦ Onashoga, S. $., Sodiya, A. S., $nd Omotoso, . 9. %2&&;(. E$ 0au Search $lgorithm

    for Consumer @inancial Optimization SystemF, o!rnal of Co%"!ter *cience and Its

     A""lication % Vol. &'% (o. &% Lune, 2&&;, ISS/: 2&&7**23, pulished y /igeria Computer

    Society.♦ Sodiya, A. S., Onashoga, S. $. $nd $depo>u, . 0. %2&&;(. E