Transcriptional profiling of the oesophageal gland region of male worms of Schistosoma mansoni

The intestinal tract of schistosomes opens at the mouth and leads into the foregut or oesophageal region that is lined with syncytium continuous with the apical cytoplasm of the tegument. The oesophagus is surrounded by a specialised gland, the oesophageal gland. This gland releases materials into the lumen of the oesophagus and the region is thought to initiate the lysis of erythrocytes and neutralisation of immune effectors of the host. The oesophageal region is present in the early invasive schistosomulum, a stage potentially targetable by anti-schistosome vaccines. We used a 44k oligonucleotide microarray to identify highly up-regulated genes in microdissected frozen sections of the oesophageal gland of male worms of S. mansoni. We show that 122 genes were up-regulated 2-fold or higher in the oesophageal gland compared with a whole male worm tissue control. The enriched genes included several associated with lipid metabolism and transmembrane transport as well as some micro-exon genes. Since the oesophageal gland is important in the initiation of digestion and the fact that it develops early after invasion of the mammalian host, further study of selected highly up-regulated functionally important genes in this tissue may reveal new anti-schistosome intervention targets for schistosomiasis control.

Hs. Rothschild 4° 108 - Testament der Jeanette Worms geborene Rothschild mit Nachtrag und Codicillen aus den Jahren 1829 - 1859 (Abschriften)

Vorbesitzer: Freiherrlich Carl von Rothschild'sche Bibliothek Frankfurt am Main; alte Signatur: Hs. in Quart 108

Hs. Rothschild 4° 109 - Testament der Jeanette Worms geborene Rothschild mit Nachtrag und Codicillen aus den Jahren 1829 - 1859 (Abschriften)

Vorbesitzer: Freiherrlich Carl von Rothschild'sche Bibliothek Frankfurt am Main; alte Signatur: Hs. in Quart 109

On the race of worms and patches: modeling the spread of information in wireless sensor networks

Sensor networks are a branch of distributed ad hoc networks with a broad range of applications in surveillance and environment monitoring. In these networks, message exchanges are carried out in a multi-hop manner. Due to resource constraints, security professionals often use lightweight protocols, which do not provide adequate security. Even in the absence of constraints, designing a foolproof set of protocols and codes is almost impossible. This leaves the door open to the worms that take advantage of the vulnerabilities to propagate via exploiting the multi-hop message exchange mechanism. This issue has drawn the attention of security researchers recently. In this paper, we investigate the propagation pattern of information in wireless sensor networks based on an extended theory of epidemiology. We develop a geographical susceptible-infective model for this purpose and analytically derive the dynamics of information propagation. Compared with the previous models, ours is more realistic and is distinguished by two key factors that had been neglected before: 1) the proposed model does not purely rely on epidemic theory but rather binds it with geometrical and spatial constraints of real-world sensor networks and 2) it extends to also model the spread dynamics of conflicting information (e.g., a worm and its patch). We do extensive simulations to show the accuracy of our model and compare it with the previous ones. The findings show the common intuition that the infection source is the best location to start patching from, which is not necessarily right. We show that this depends on many factors, including the time it takes for the patch to be developed, worm/patch characteristics as well as the shape of the network.

Using honeypots to analyse anomalous Internet activities

Monitoring Internet traffic is critical in order to acquire a good understanding of threats to computer and network security and in designing efficient computer security systems. Researchers and network administrators have applied several approaches to monitoring traffic for malicious content. These techniques include monitoring network components, aggregating IDS alerts, and monitoring unused IP address spaces. Another method for monitoring and analyzing malicious traffic, which has been widely tried and accepted, is the use of honeypots. Honeypots are very valuable security resources for gathering artefacts associated with a variety of Internet attack activities. As honeypots run no production services, any contact with them is considered potentially malicious or suspicious by definition. This unique characteristic of the honeypot reduces the amount of collected traffic and makes it a more valuable source of information than other existing techniques. Currently, there is insufficient research in the honeypot data analysis field. To date, most of the work on honeypots has been devoted to the design of new honeypots or optimizing the current ones. Approaches for analyzing data collected from honeypots, especially low-interaction honeypots, are presently immature, while analysis techniques are manual and focus mainly on identifying existing attacks. This research addresses the need for developing more advanced techniques for analyzing Internet traffic data collected from low-interaction honeypots. We believe that characterizing honeypot traffic will improve the security of networks and, if the honeypot data is handled in time, give early signs of new vulnerabilities or breakouts of new automated malicious codes, such as worms. The outcomes of this research include: • Identification of repeated use of attack tools and attack processes through grouping activities that exhibit similar packet inter-arrival time distributions using the cliquing algorithm; • Application of principal component analysis to detect the structure of attackers’ activities present in low-interaction honeypots and to visualize attackers’ behaviors; • Detection of new attacks in low-interaction honeypot traffic through the use of the principal component’s residual space and the square prediction error statistic; • Real-time detection of new attacks using recursive principal component analysis; • A proof of concept implementation for honeypot traffic analysis and real time monitoring.

Monitoring and analysis of internet traffic targeting unused address spaces

Today’s evolving networks are experiencing a large number of different attacks ranging from system break-ins, infection from automatic attack tools such as worms, viruses, trojan horses and denial of service (DoS). One important aspect of such attacks is that they are often indiscriminate and target Internet addresses without regard to whether they are bona fide allocated or not. Due to the absence of any advertised host services the traffic observed on unused IP addresses is by definition unsolicited and likely to be either opportunistic or malicious. The analysis of large repositories of such traffic can be used to extract useful information about both ongoing and new attack patterns and unearth unusual attack behaviors. However, such an analysis is difficult due to the size and nature of the collected traffic on unused address spaces. In this dissertation, we present a network traffic analysis technique which uses traffic collected from unused address spaces and relies on the statistical properties of the collected traffic, in order to accurately and quickly detect new and ongoing network anomalies. Detection of network anomalies is based on the concept that an anomalous activity usually transforms the network parameters in such a way that their statistical properties no longer remain constant, resulting in abrupt changes. In this dissertation, we use sequential analysis techniques to identify changes in the behavior of network traffic targeting unused address spaces to unveil both ongoing and new attack patterns. Specifically, we have developed a dynamic sliding window based non-parametric cumulative sum change detection techniques for identification of changes in network traffic. Furthermore we have introduced dynamic thresholds to detect changes in network traffic behavior and also detect when a particular change has ended. Experimental results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach, using both synthetically generated datasets and real network traces collected from a dedicated block of unused IP addresses.