Mixed methods feasibility study for a trial of blood pressure telemonitoring for people who have had stroke/transient ischaemic attack (TIA).

Background Good blood pressure (BP) control reduces the risk of recurrence of stroke/transient ischaemic attack (TIA). Although there is strong evidence that BP telemonitoring helps achieve good control, none of the major trials have considered the effectiveness in stroke/TIA survivors. We therefore conducted a feasibility study for a trial of BP telemonitoring for stroke/ TIA survivors with uncontrolled BP in primary care. Method Phase 1 was a pilot trial involving 55 patients stratified by stroke/TIA randomised 3:1 to BP telemonitoring for 6 months or usual care. Phase 2 was a qualitative evaluation and comprised semi-structured interviews with 16 trial participants who received telemonitoring and 3 focus groups with 23 members of stroke support groups and 7 carers. Results Overall, 125 patients (60 stroke patients, 65 TIA patients) were approached and 55 (44%) patients were randomised including 27 stroke patients and 28 TIA patients. Fifty-two participants (95%) attended the 6-month follow-up appointment, but one declined the second daytime ambulatory blood pressure monitoring (ABPM) measurement resulting in a 93% completion rate for ABPM − the proposed primary outcome measure for a full trial. Adherence to telemonitoring was good; of the 40 participants who were telemonitoring, 38 continued to provide readings throughout the 6 months. There was a mean reduction of 10.1 mmHg in systolic ABPM in the telemonitoring group compared with 3.8 mmHg in the control group, which suggested the potential for a substantial effect from telemonitoring. Our qualitative analysis found that many stroke patients were concerned about their BP and telemonitoring increased their engagement, was easy, convenient and reassuring Conclusions A full-scale trial is feasible, likely to recruit well and have good rates of compliance and follow-up.

Evaluation of TFTP DDoS Amplification Attack.

Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Dis-tributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traf-fic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Proto-col (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599,600 publicly open TFTP servers. Mitigation methods to this threat have also been consid-ered and a variety of countermeasures are proposed. Effects of this attack on both amplifier and target were analysed based on the proposed metrics. While it has been reported that the breaching of TFTP would be possible (Schultz, 2013), this paper provides a complete methodology for the setup of the attack, and its verification.

Applied web traffic analysis for numerical encoding of SQL Injection attack features.

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.