Browsing behavior mimicking attacks on popular web sites for large botnets

With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper.

Defending against large-scale and coordinated attacks in the ubiquitous environments

Ubiquitous computing is an exciting paradigm shift where technology becomes virtually invisible in our lives. In the increasingly interconnected world, threats to our daily lives can come from unexpected sources and universal directions. Criminals and terrorists have recognized the value of leveraging the ubiquitous computing environments to facilitate the commission of crimes. The cyber criminals typically launch different forms of large-scale and coordinated attacks, causing huge financial loss and potential life hazard. In this talk, we report two innovative approaches to defend against large-scale and coordinated attacks in the ubiquitous environments: 1) Inferring the cyber crime's intent through network traffic classification to enable the early warning of potential attacks, and 2) Profiling the large-scale and coordinated cyber attacks through both microscopic and macroscopic modeling to provide better control of such attacks. These approaches are effective in finding weak symptoms caused by the attacks thus can successfully defend against the large-scale and coordinated attacks at their early stages.

A context-sensitive device to help people with autism cope with anxiety

We describe a smartphone application that helps people with Autism Spectrum Disorder (ASD) cope with anxiety attacks. Our prototype provides a one-touch interface for indicating a panic level. The device's response-to instruct, soothe, and/or contact carers-is sensitive to the user's context, consisting of time, location, ambient noise, and nearby friends. Formative evaluation unearths a critical challenge to building assistive technologies for ASD sufferers: can regimented interfaces foster flexible behaviour? Our observations suggest that a delicate balance of design goals is required for a viable assistive technology.

Discriminating DDoS attacks from flash crowds using flow correlation coefficient

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet, and botnets are usually the engines behind them. Sophisticated botmasters attempt to disable detectors by mimicking the traffic patterns of flash crowds. This poses a critical challenge to those who defend against DDoS attacks. In our deep study of the size and organization of current botnets, we found that the current attack flows are usually more similar to each other compared to the flows of flash crowds. Based on this, we proposed a discrimination algorithm using the flow correlation coefficient as a similarity metric among suspicious flows. We formulated the problem, and presented theoretical proofs for the feasibility of the proposed discrimination method in theory. Our extensive experiments confirmed the theoretical analysis and demonstrated the effectiveness of the proposed method in practice.

Predicted packet padding for anonymous web browsing against traffic analysis attacks

Anonymous communication has become a hot research topic in order to meet the increasing demand for web privacy protection. However, there are few such systems which can provide high level anonymity for web browsing. The reason is the current dominant dummy packet padding method for anonymization against traffic analysis attacks. This method inherits huge delay and bandwidth waste, which inhibits its use for web browsing. In this paper, we propose a predicted packet padding strategy to replace the dummy packet padding method for anonymous web browsing systems. The proposed strategy mitigates delay and bandwidth waste significantly on average. We formulated the traffic analysis attack and defense problem, and defined a metric, cost coefficient of anonymization (CCA), to measure the performance of anonymization. We thoroughly analyzed the problem with the characteristics of web browsing and concluded that the proposed strategy is better than the current dummy packet padding strategy in theory. We have conducted extensive experiments on two real world data sets, and the results confirmed the advantage of the proposed method.

Content validity of visual analog scales to assess symptom severity of acute angioedema attacks in adults with hereditary angioedema : an interview study

Background: Hereditary angioedema (HAE) is a rare, debilitating, potentially life-threatening condition characterized by recurrent acute attacks of edema of the skin, face/upper airway, and gastrointestinal and urogenital tracts. During a laryngeal attack, people with HAE may be at risk of suffocation, while other attacks are often associated with intense pain, disfigurement, disability, and/or vomiting. The intensity of some symptoms is known only to the person experiencing them. Thus, interview studies are needed to explore such experience and patient-reported outcome measures (PROMs) are required for systematic assessment of symptoms in the clinical setting and in clinical trials of treatments for acute HAE attacks.

Objective: The aim of this interview study was to assess the content validity and suitability of four visual analog scale (VAS) instruments for use in clinical studies. The VAS instruments were designed to assess symptoms at abdominal, oro-facial-pharyngeal-laryngeal, peripheral, and urogenital attack locations. This is the first known study to report qualitative data about the patient's experience of the rare disorder, HAE.

Methods: Semi-structured exploratory and cognitive debriefing interviews were conducted with 27 adults with a confirmed clinical/laboratory diagnosis of HAE (baseline plasma level of functional plasma protein C1 esterase inhibitor [C1INH] <50% of normal without evidence for acquired angioedema). There were 17 participants from the US and 10 from Italy, with mean age 42.5 (SD 14.5) years, range 18–72 years, mean HAE duration 21.3 (SD 14.1) years, range 1–45 years, 67% female, and 44% VAS-naïve. Experience of acute angioedema attacks was first explored, noting spontaneous mentions by participants of HAE symptomatology. Cognitive debriefing of the VAS instruments was undertaken to assess the suitability, comprehensibility, and relevance of the VAS items. Asymptomatic participants completed the VAS instruments relevant to their angioedema experience, reporting as if they were experiencing an acute angioedema attack at the time. Interviews were conducted in the clinic setting in the US and Italy over an 8-month period.

Results: Participants mentioned spontaneously almost all aspects of acute angioedema attacks covered by the four VAS instruments, thus providing strong support for inclusion of nearly all VAS items, with no important symptoms missing. Predominant symptoms found to be associated with acute angioedema attacks were edema and pain, and there was evidence of varying degrees of disruption to everyday activities supporting the inclusion of an overall severity item reflecting the disabling effects of HAE symptoms. VAS item wording was understood by participants.

Conclusion: This interview study explored and reported the patient experience of HAE attacks. It demonstrated the content validity of the four anatomical location HAE VAS instruments and their suitability for use in clinical trials of recombinant human C1INH (rhC1INH) treatment for ascertaining trial participants' assessments of the severity of acute angioedema symptoms.

Detecting and mitigating HX-DoS attacks against cloud web services

Cyber-Physical Systems allow for the interaction of the cyber world and physical worlds using as a central service called Cloud Web Services. Cloud Web Services can sit well within three models of Cyber- Physical Systems, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a- Service (IaaS). With any Cyber-Physical system use Cloud Web Services it inherits a security problem, the HX-DoS attack. HX-DoS attack is a combination of HTTP and XML messages that are intentionally sent to flood and destroy the communication channel of the cloud service provider. The relevance of this research is that TCP/IP flood attacks are a common problem and a lot of research to mitigate them has previously been discussed. But HTTP denial of service and XML denial of service problem has only been addressed in a few papers. In this paper, we get closer to closing this gap on this problem with our new defence system called Pre- Decision, Advance Decision, Learning System (ENDER). In our previous experiments using our Cloud Protector, we were successful at detecting and mitigate 91% with a 9% false positive of HX-DoS attack traffic. In this paper, ENDER was able to improve upon this result by being trained and tested on the same data, but with a greater result of 99% detection and 1% false positive.

Keynote : Detection of and defense against distributed denial-of-service (DDoS) attacks

Distributed denial-of-service (DDoS) attacks typically exhaust bandwidth, processing capacity, or memory of a targeted machine, service or network. Despite enormous efforts in combating DDoS attacks in the past decade, DDoS attacks are still a serious threat to the security of cyberspace. In this talk I shall outline the recent efforts of my research group in detection of and defence against DDoS attacks. In particular, this talk will concentrate on the following three critical issues related to DDoS attacks: (1) Traceback of DDoS attacks; (2) Detection of low-rate DDoS attacks; and (3) Discriminating DDoS attacks from flash crowds.

Zero permission android applications - attacks and defenses

Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties.