97 resultados para MAFIC INTRUSION
Resumo:
The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.
Resumo:
In urban environments road traffic volumes are increasing and the density of living is becoming higher. As a consequence the urban community is being exposed to increasing levels of road traffic noise. It is also evident that the noise reduction potential of within-the-road-reserve treatments such as noise barriers, mounding and pavement surfacing has been exhausted. This paper presents a strategy that involves the comparison of noise ameliorative treatments both within and outside the road reserve. The noise reduction resulting from the within-the-road-reserve component of treatments has been evaluated using a leading application of the CoRTN Model, developed by the UK Department of Transport 1988 [1], and the outside road reserve treatment has been evaluated in accordance with the Australian Standard 3671, Acoustics – Road traffic noise intrusion – Building sitting and construction [5]. The evaluation of noise treatments has been undertaken using a decision support tool (DST) currently being developed under the research program conducted at RMIT University and Department of Main Roads, Queensland. The case study has been based on data from a real project in Queensland, Australia. The research described here was carried out by the Australian Cooperative Research Centre for Construction Innovation [9], in collaboration with Department of Main Roads, Queensland, Department of Public Works, Queensland, Arup Pty. Ltd., Queensland University of technology and RMIT University.
Resumo:
Monitoring unused or dark IP addresses offers opportunities to extract useful information about both on-going and new attack patterns. In recent years, different techniques have been used to analyze such traffic including sequential analysis where a change in traffic behavior, for example change in mean, is used as an indication of malicious activity. Change points themselves say little about detected change; further data processing is necessary for the extraction of useful information and to identify the exact cause of the detected change which is limited due to the size and nature of observed traffic. In this paper, we address the problem of analyzing a large volume of such traffic by correlating change points identified in different traffic parameters. The significance of the proposed technique is two-fold. Firstly, automatic extraction of information related to change points by correlating change points detected across multiple traffic parameters. Secondly, validation of the detected change point by the simultaneous presence of another change point in a different parameter. Using a real network trace collected from unused IP addresses, we demonstrate that the proposed technique enables us to not only validate the change point but also extract useful information about the causes of change points.
Resumo:
Elaborated Intrusion theory (Kavanagh, Andrade & May 2005) distinguishes between unconscious, associative processes as the precursors of desire, and controlled processes of cognitive elaboration that lead to conscious sensory images of the target of desire and associated affect. We argue that these mental images play a key role in motivating human behavior. Consciousness is functional in that it allows competing goals to be compared and evaluated. The role of effortful cognitive processes in desire helps to explain the different time courses of craving and physiological withdrawal.
Resumo:
Cognitive modelling of phenomena in clinical practice allows the operationalisation of otherwise diffuse descriptive terms such as craving or flashbacks. This supports the empirical investigation of the clinical phenomena and the development of targeted treatment interventions. This paper focuses on the cognitive processes underpinning craving, which is recognised as a motivating experience in substance dependence. We use a high-level cognitive architecture, Interacting Cognitive Subsystems (ICS), to compare two theories of craving: Tiffany's theory, centred on the control of automated action schemata, and our own Elaborated Intrusion theory of craving. Data from a questionnaire study of the subjective aspects of everyday desires experienced by a large non-clinical population are presented. Both the data and the high-level modelling support the central claim of the Elaborated Intrusion theory that imagery is a key element of craving, providing the subjective experience and mediating much of the associated disruption of concurrent cognition.
Resumo:
The elaborated intrusion (EI) theory of desire (Kavanagh, Andrade, & May, 2005) attributes the motivational force of cravings to cognitive elaboration, including imagery, of apparently spontaneous thoughts that intrude into awareness. We report a questionnaire study in which respondents rated a craving for food or drink. Questionnaire items derived from EI theory formed a single factor alongside factors for anticipated reward/relief, resistance, and opportunity. In a multiple regression predicting strength of craving, the first three factors accounted for 36% of the variance. Opportunity did not enter the model. In a second study, the difference between individuals' strong and weak cravings to take part in a sporting activity was shown to be related to visual, auditory, and general imagery, and to anticipated reward or relief from engaging in the activity. Implications for treatment of craving-related disorders are discussed in the light of these results and of other research indicating that interference with imagery can reduce the strength of craving.
Resumo:
Texture based techniques for visualisation of unsteady vector fields have been applied for the visualisation of a Finite volume model for variably saturated groundwater flow through porous media. This model has been developed by staff in the School of Mathematical Sciences QUT for the study of salt water intrusion into coastal aquifers. This presentation discusses the implementation and effectiveness of the IBFV algorithm in the context of visualisation of the groundwater simulation outputs.
Resumo:
Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.
Resumo:
This paper reports on students’ perceptions, experiences and beliefs about the voluntary use of Facebook in Advertising, Law, Nursing and Creative Industries’ subjects at an Australian University. The researchers conducted in-depth interviews with students and the transcriptions were analysed using the constant comparison method. This resulted in a number of emergent themes, of which six are explored in this paper. The findings suggest that students are quite divergent in their responses to academics using Facebook in their subjects. They do not always see its relevance to the subject and are somewhat ambivalent about how it facilitates peer-to-peer relationships or a better relationship with the lecturer. The study also identifies themes relating to cynicism and intrusion into social spaces.
Resumo:
Distributed Denial of Services DDoS, attacks has become one of the biggest threats for resources over Internet. Purpose of these attacks is to make servers deny from providing services to legitimate users. These attacks are also used for occupying media bandwidth. Currently intrusion detection systems can just detect the attacks but cannot prevent / track the location of intruders. Some schemes also prevent the attacks by simply discarding attack packets, which saves victim from attack, but still network bandwidth is wasted. In our opinion, DDoS requires a distributed solution to save wastage of resources. The paper, presents a system that helps us not only in detecting such attacks but also helps in tracing and blocking (to save the bandwidth as well) the multiple intruders using Intelligent Software Agents. The system gives dynamic response and can be integrated with the existing network defense systems without disturbing existing Internet model. We have implemented an agent based networking monitoring system in this regard.
Resumo:
Whistleblowing has often been regarded as an intrusion into the commercial functioning of organisations, and whistle-blowers have frequently found their career prospects to go into steep decline. Recent evidence, however, suggests that individuals in organisations are increasingly being encouraged to report wrongdoings, with whistle-blowing being highlighted as an effective method of reducing the costs of fraudulent activities. This single organisation case study finds that many employees are still reluctant to report wrongdoings in their workplace. This is particularly the case in respect of male employees. It is also found that those employees who do whistle-blow are motivated by feelings of loyalty towards their organisation, rather than by self-interest.
Resumo:
Extensive groundwater withdrawal has resulted in a severe seawater intrusion problem in the Gooburrum aquifers at Bundaberg, Queensland, Australia. Better management strategies can be implemented by understanding the seawater intrusion processes in those aquifers. To study the seawater intrusion process in the region, a two-dimensional density-dependent, saturated and unsaturated flow and transport computational model is used. The model consists of a coupled system of two non-linear partial differential equations. The first equation describes the flow of a variable-density fluid, and the second equation describes the transport of dissolved salt. A two-dimensional control volume finite element model is developed for simulating the seawater intrusion into the heterogeneous aquifer system at Gooburrum. The simulation results provide a realistic mechanism by which to study the convoluted transport phenomena evolving in this complex heterogeneous coastal aquifer.
Resumo:
Secret-sharing schemes describe methods to securely share a secret among a group of participants. A properly constructed secret-sharing scheme guarantees that the share belonging to one participant does not reveal anything about the shares of others or even the secret itself. Besides being used to distribute a secret, secret-sharing schemes have also been used in secure multi-party computations and redundant residue number systems for error correction codes. In this paper, we propose that the secret-sharing scheme be used as a primitive in a Network-based Intrusion Detection System (NIDS) to detect attacks in encrypted Networks. Encrypted networks such as Virtual Private Networks (VPNs) fully encrypt network traffic which can include both malicious and non-malicious traffic. Traditional NIDS cannot monitor such encrypted traffic. We therefore describe how our work uses a combination of Shamir's secret-sharing scheme and randomised network proxies to enable a traditional NIDS to function normally in a VPN environment.
