97 resultados para MAFIC INTRUSION
Resumo:
Data preprocessing is widely recognized as an important stage in anomaly detection. This paper reviews the data preprocessing techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of the network traffic are analyzed, and what feature construction and selection methods have been used. Motivation for the paper comes from the large impact data preprocessing has on the accuracy and capability of anomaly-based NIDS. The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers. Time-based statistics can be derived from these headers to detect network scans, network worm behavior, and denial of service attacks. A number of other NIDS perform deeper inspection of request packets to detect attacks against network services and network applications. More recent approaches analyze full service responses to detect attacks targeting clients. The review covers a wide range of NIDS, highlighting which classes of attack are detectable by each of these approaches. Data preprocessing is found to predominantly rely on expert domain knowledge for identifying the most relevant parts of network traffic and for constructing the initial candidate set of traffic features. On the other hand, automated methods have been widely used for feature extraction to reduce data dimensionality, and feature selection to find the most relevant subset of features from this candidate set. The review shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing. These context sensitive features are required to detect current attacks.
Resumo:
A clear understanding of the cognitive-emotional processes underpinning desires to overconsume foods and adopt sedentary lifestyles can inform the development of more effective interventions to promote healthy eating and physical activity. The Elaborated Intrusion Theory of Desires offers a framework that can help in this endeavor through its emphases on the roles of intrusive thoughts and elaboration of multisensory imagery. There is now substantial evidence that tasks that compete for limited working memory resources with food-related imagery can reduce desires to eat that food, and that positive imagery can promote functional behavior. Meditation mindfulness can also short-circuit elaboration of dysfunctional cognition. Functional Decision Making is an approach that applies laboratory-based research on desire, to provide a motivational intervention to establish and entrench behavior changes, so healthy eating and physical activity become everyday habits.
Resumo:
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.
Resumo:
Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for the network security simulation platform ( NeSSi 2 ). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware-based attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.
Resumo:
We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.
Resumo:
We propose CIMD (Collaborative Intrusion and Malware Detection), a scheme for the realization of collaborative intrusion detection approaches. We argue that teams, respectively detection groups with a common purpose for intrusion detection and response, improve the measures against malware. CIMD provides a collaboration model, a decentralized group formation and an anonymous communication scheme. Participating agents can convey intrusion detection related objectives and associated interests for collaboration partners. These interests are based on intrusion objectives and associated interests for collaboration partners. These interests are based on intrusion detection related ontology, incorporating network and hardware configurations and detection capabilities. Anonymous Communication provided by CIMD allows communication beyond suspicion, i.e. the adversary can not perform better than guessing an IDS to be the source of a message at random. The evaluation takes place with the help of NeSSi² (www.nessi2.de), the Network Security Simulator, a dedicated environment for analysis of attacks and countermeasures in mid-scale and large-scale networks. A CIMD prototype is being built based on the JIAC agent framework(www.jiac.de).
Resumo:
Small-angle and ultra-small-angle neutron scattering (SANS and USANS), low-pressure adsorption (N2 and CO2), and high-pressure mercury intrusion measurements were performed on a suite of North American shale reservoir samples providing the first ever comparison of all these techniques for characterizing the complex pore structure of shales. The techniques were used to gain insight into the nature of the pore structure including pore geometry, pore size distribution and accessible versus inaccessible porosity. Reservoir samples for analysis were taken from currently-active shale gas plays including the Barnett, Marcellus, Haynesville, Eagle Ford, Woodford, Muskwa, and Duvernay shales. Low-pressure adsorption revealed strong differences in BET surface area and pore volumes for the sample suite, consistent with variability in composition of the samples. The combination of CO2 and N2 adsorption data allowed pore size distributions to be created for micro–meso–macroporosity up to a limit of �1000 Å. Pore size distributions are either uni- or multi-modal. The adsorption-derived pore size distributions for some samples are inconsistent with mercury intrusion data, likely owing to a combination of grain compression during high-pressure intrusion, and the fact that mercury intrusion yields information about pore throat rather than pore body distributions. SANS/USANS scattering data indicate a fractal geometry (power-law scattering) for a wide range of pore sizes and provide evidence that nanometer-scale spatial ordering occurs in lower mesopore–micropore range for some samples, which may be associated with inter-layer spacing in clay minerals. SANS/USANS pore radius distributions were converted to pore volume distributions for direct comparison with adsorption data. For the overlap region between the two methods, the agreement is quite good. Accessible porosity in the pore size (radius) range 5 nm–10 lm was determined for a Barnett shale sample using the contrast matching method with pressurized deuterated methane fluid. The results demonstrate that accessible porosity is pore-size dependent.
Resumo:
The objective of this PhD research program is to investigate numerical methods for simulating variably-saturated flow and sea water intrusion in coastal aquifers in a high-performance computing environment. The work is divided into three overlapping tasks: to develop an accurate and stable finite volume discretisation and numerical solution strategy for the variably-saturated flow and salt transport equations; to implement the chosen approach in a high performance computing environment that may have multiple GPUs or CPU cores; and to verify and test the implementation. The geological description of aquifers is often complex, with porous materials possessing highly variable properties, that are best described using unstructured meshes. The finite volume method is a popular method for the solution of the conservation laws that describe sea water intrusion, and is well-suited to unstructured meshes. In this work we apply a control volume-finite element (CV-FE) method to an extension of a recently proposed formulation (Kees and Miller, 2002) for variably saturated groundwater flow. The CV-FE method evaluates fluxes at points where material properties and gradients in pressure and concentration are consistently defined, making it both suitable for heterogeneous media and mass conservative. Using the method of lines, the CV-FE discretisation gives a set of differential algebraic equations (DAEs) amenable to solution using higher-order implicit solvers. Heterogeneous computer systems that use a combination of computational hardware such as CPUs and GPUs, are attractive for scientific computing due to the potential advantages offered by GPUs for accelerating data-parallel operations. We present a C++ library that implements data-parallel methods on both CPU and GPUs. The finite volume discretisation is expressed in terms of these data-parallel operations, which gives an efficient implementation of the nonlinear residual function. This makes the implicit solution of the DAE system possible on the GPU, because the inexact Newton-Krylov method used by the implicit time stepping scheme can approximate the action of a matrix on a vector using residual evaluations. We also propose preconditioning strategies that are amenable to GPU implementation, so that all computationally-intensive aspects of the implicit time stepping scheme are implemented on the GPU. Results are presented that demonstrate the efficiency and accuracy of the proposed numeric methods and formulation. The formulation offers excellent conservation of mass, and higher-order temporal integration increases both numeric efficiency and accuracy of the solutions. Flux limiting produces accurate, oscillation-free solutions on coarse meshes, where much finer meshes are required to obtain solutions with equivalent accuracy using upstream weighting. The computational efficiency of the software is investigated using CPUs and GPUs on a high-performance workstation. The GPU version offers considerable speedup over the CPU version, with one GPU giving speedup factor of 3 over the eight-core CPU implementation.
Resumo:
This paper presents a new framework for distributed intrusion detection based on taint marking. Our system tracks information flows between applications of multiple hosts gathered in groups (i.e., sets of hosts sharing the same distributed information flow policy) by attaching taint labels to system objects such as files, sockets, Inter Process Communication (IPC) abstractions, and memory mappings. Labels are carried over the network by tainting network packets. A distributed information flow policy is defined for each group at the host level by labeling information and defining how users and applications can legally access, alter or transfer information towards other trusted or untrusted hosts. As opposed to existing approaches, where information is most often represented by two security levels (low/high, public/private, etc.), our model identifies each piece of information within a distributed system, and defines their legal interaction in a fine-grained manner. Hosts store and exchange security labels in a peer to peer fashion, and there is no central monitor. Our IDS is implemented in the Linux kernel as a Linux Security Module (LSM) and runs standard software on commodity hardware with no required modification. The only trusted code is our modified operating system kernel. We finally present a scenario of intrusion in a web service running on multiple hosts, and show how our distributed IDS is able to report security violations at each host level.
Resumo:
Introduction: Ten years after the publication of Elaborated Intrusion (EI) Theory, there is now substantial research into its key predictions. The distinction between intrusive thoughts, which are driven by automatic processes, and their elaboration, involving controlled processing, is well established. Desires for both addictive substances and other desired targets are typically marked by imagery, especially when they are intense. Attention training strategies such as body scanning reduce intrusive thoughts, while concurrent tasks that introduce competing sensory information interfere with elaboration, especially if they compete for the same limited-capacity working memory resources. Conclusion: EI Theory has spawned new assessment instruments that are performing strongly and offer the ability to more clearly delineate craving from correlated processes. It has also inspired new approaches to treatment. In particular, training people to use vivid sensory imagery for functional goals holds promise as an intervention for substance misuse, since it is likely to both sustain motivation and moderate craving.
Resumo:
Intrusion (unauthorized stepping-into/staying-in a hazardous area), as a common type of near-miss, is the prime cause of the majority of incidents on construction sites including fall from heights, and striking against or being struck by moving objects. Accidents often occur because workers take shortcuts moving about the site without fully perceiving the potential dangers. A number of researches have been devoted to developing methods to prevent such behaviors mainly based on the theory of Behavior-Based Safety (BBS), which aims to cultivate safety behaviors among workers in accordance with safety regulations. In current BBS practice, trained observers and safety supervisors are responsible for safety behavior inspections following safety plans and operation regulations. The observation process is time-consuming and its effectiveness depends largely on the observer’s safety knowledge and experience, which often results in omissions or bias. This paper presents a reformed safety behavior modification approach by integrating a location-based technology with BBS. Firstly, a detailed background is provided, covering current intrusion problems on site, existing use of BBS for behavior improvement, difficulties in achieving widespread adoption and potential technologies for location tracking and in-time feedback. Then, a conceptual framework of positioning technology-enhanced BBS is developed, followed by details of the corresponding on-line supporting system, Real Time Location System (RTLS) and Virtual Construction System (VCS). The application of the system is then demonstrated and tested in a construction site in Hong Kong. Final comments are made concerning further research direction and prospects for wider adoption.
Resumo:
Functional Imagery Training (FIT) is a new theory-based, manualized intervention that trains positive goal imagery. Multisensory episodic imagery of proximal personal goals is elicited and practised, to sustain motivation and compete with less functional cravings. This study tested the impact of a single session of FIT plus a booster phone call on snacking. In a stepped-wedge design, 45 participants who wanted to lose weight or reduce snacking were randomly assigned to receive a session of FIT immediately or after a 2-week delay. High-sugar and high-fat snacks were recorded using timeline follow back for the previous 3 days, at baseline, 2 and 4 weeks. At 2 weeks, snacking was lower in the immediate group than in the delayed group, and the reduction after FIT was replicated in the delayed group between 2 and 4 weeks. Frequencies of motivational thoughts about snack reduction rose following FIT for both groups, and this change correlated with reductions in snacking and weight loss. By showing that FIT can support change in eating behaviours, these findings show its potential as a motivational intervention for weight management.
Resumo:
Current IEEE 802.11 wireless networks are vulnerable to session hijacking attacks as the existing standards fail to address the lack of authentication of management frames and network card addresses, and rely on loosely coupled state machines. Even the new WLAN security standard - IEEE 802.11i does not address these issues. In our previous work, we proposed two new techniques for improving detection of session hijacking attacks that are passive, computationally inexpensive, reliable, and have minimal impact on network performance. These techniques utilise unspoofable characteristics from the MAC protocol and the physical layer to enhance confidence in the intrusion detection process. This paper extends our earlier work and explores usability, robustness and accuracy of these intrusion detection techniques by applying them to eight distinct test scenarios. A correlation engine has also been introduced to maintain the false positives and false negatives at a manageable level. We also explore the process of selecting optimum thresholds for both detection techniques. For the purposes of our experiments, Snort-Wireless open source wireless intrusion detection system was extended to implement these new techniques and the correlation engine. Absence of any false negatives and low number of false positives in all eight test scenarios successfully demonstrated the effectiveness of the correlation engine and the accuracy of the detection techniques.
Resumo:
More than a century ago in their definitive work “The Right to Privacy” Samuel D. Warren and Louis D. Brandeis highlighted the challenges posed to individual privacy by advancing technology. Today’s workplace is characterised by its reliance on computer technology, particularly the use of email and the Internet to perform critical business functions. Increasingly these and other workplace activities are the focus of monitoring by employers. There is little formal regulation of electronic monitoring in Australian or United States workplaces. Without reasonable limits or controls, this has the potential to adversely affect employees’ privacy rights. Australia has a history of legislating to protect privacy rights, whereas the United States has relied on a combination of constitutional guarantees, federal and state statutes, and the common law. This thesis examines a number of existing and proposed statutory and other workplace privacy laws in Australia and the United States. The analysis demonstrates that existing measures fail to adequately regulate monitoring or provide employees with suitable remedies where unjustifiable intrusions occur. The thesis ultimately supports the view that enacting uniform legislation at the national level provides a more effective and comprehensive solution for both employers and employees. Chapter One provides a general introduction and briefly discusses issues relevant to electronic monitoring in the workplace. Chapter Two contains an overview of privacy law as it relates to electronic monitoring in Australian and United States workplaces. In Chapter Three there is an examination of the complaint process and remedies available to a hypothetical employee (Mary) who is concerned about protecting her privacy rights at work. Chapter Four provides an analysis of the major themes emerging from the research, and also discusses the draft national uniform legislation. Chapter Five details the proposed legislation in the form of the Workplace Surveillance and Monitoring Act, and Chapter Six contains the conclusion.
