Laser Beam Engineer at White Sands Missile Range, New Mexico

General note: Title and date provided by Bettye Lane.

Sensor Intelligence for Tackling Energy-Drain Attacks on Wireless Sensor Networks

In this paper we propose a model for intelligent agents (sensors) on a Wireless Sensor Network to guard against energy-drain attacks in an energy-efficient and autonomous manner. This is intended to be achieved via an energy-harvested Wireless Sensor Network using a novel architecture to propagate knowledge to other sensors based on automated reasoning from an attacked sensor.

Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

Data Mining for Network Intrusion Detection : A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks

Data mining can be defined as the extraction of implicit, previously un-known, and potentially useful information from data. Numerous re-searchers have been developing security technology and exploring new methods to detect cyber-attacks with the DARPA 1998 dataset for Intrusion Detection and the modified versions of this dataset KDDCup99 and NSL-KDD, but until now no one have examined the performance of the Top 10 data mining algorithms selected by experts in data mining. The compared classification learning algorithms in this thesis are: C4.5, CART, k-NN and Naïve Bayes. The performance of these algorithms are compared with accuracy, error rate and average cost on modified versions of NSL-KDD train and test dataset where the instances are classified into normal and four cyber-attack categories: DoS, Probing, R2L and U2R. Additionally the most important features to detect cyber-attacks in all categories and in each category are evaluated with Weka’s Attribute Evaluator and ranked according to Information Gain. The results show that the classification algorithm with best performance on the dataset is the k-NN algorithm. The most important features to detect cyber-attacks are basic features such as the number of seconds of a network connection, the protocol used for the connection, the network service used, normal or error status of the connection and the number of data bytes sent. The most important features to detect DoS, Probing and R2L attacks are basic features and the least important features are content features. Unlike U2R attacks, where the content features are the most important features to detect attacks.

Passivity Framework for Modeling, Composing and Mitigating Cyber Attacks

Thesis (Ph.D.)--University of Washington, 2016-08

Numerical encoding to tame SQL injection attacks.

Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations’ databases. Intruders becoming smarter in obfuscating web requests to evade detection combined with increasing volumes of web traffic from the Internet of Things (IoT), cloud-hosted and on-premise business applications have made it evident that the existing approaches of mostly static signature lack the ability to cope with novel signatures. A SQLIA detection and prevention solution can be achieved through exploring an alternative bio-inspired supervised learning approach that uses input of labelled dataset of numerical attributes in classifying true positives and negatives. We present in this paper a Numerical Encoding to Tame SQLIA (NETSQLIA) that implements a proof of concept for scalable numerical encoding of features to a dataset attributes with labelled class obtained from deep web traffic analysis. In the numerical attributes encoding: the model leverages proxy in the interception and decryption of web traffic. The intercepted web requests are then assembled for front-end SQL parsing and pattern matching by applying traditional Non-Deterministic Finite Automaton (NFA). This paper is intended for a technique of numerical attributes extraction of any size primed as an input dataset to an Artificial Neural Network (ANN) and statistical Machine Learning (ML) algorithms implemented using Two-Class Averaged Perceptron (TCAP) and Two-Class Logistic Regression (TCLR) respectively. This methodology then forms the subject of the empirical evaluation of the suitability of this model in the accurate classification of both legitimate web requests and SQLIA payloads.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

The war of attrition in cyber-space or "cyber-attacks", "cyber-war" and "cyber-terrorism"

Nos últimos anos tornou-se óbvio que o mundo virtual das bases de dados e do software – popularmente denominado como ciberespaço – tem um lado negro. Este lado negro tem várias dimensões, nomeadamente perda de produtividade, crime financeiro, furto de propriedade intelectual, de identidade, bullying e outros. Empresas, governos e outras entidades são cada vez mais alvo de ataques de terceiros com o fim de penetrarem as suas redes de dados e sistemas de informação. Estes vão desde os adolescentes a grupos organizados e extremamente competentes, sendo existem indicações de que alguns Estados têm vindo a desenvolver “cyber armies” com capacidades defensivas e ofensivas. Legisladores, políticos e diplomatas têm procurado estabelecer conceitos e definições, mas apesar da assinatura da Convenção do Conselho da Europa sobre Cibercrime em 2001 por vários Estados, não existiram novos desenvolvimentos desde então. Este artigo explora as várias dimensões deste domínio e enfatiza os desafios que se colocam a todos aqueles que são responsáveis pela proteção diária da informação das respetivas organizações contra ataques de origem e objetivos muitas vezes desconhecidos.

Risk of Wheezing Attacks in Infants With Transient Tachypnea Newborns

Background: The most common reason of respiratory distress in the newborn is transient tachypnea of the newborn (TTN). There are some reports saying that TTN is associated with increased frequencies of wheezing attacks. Objectives: The aims of this study were to determine the risk factors associated with TTN and to determine the association between TTN and the development of wheezing syndromes in early life. Materials and Methods: In a historical cohort study, we recorded the characteristics of 70 infants born at the Shohadaye Kargar Hospital in Yazd between March 2005 and March 2009 and who were hospitalized because of TTN in the neonatal intensive-care unit. We called their parents at least four years after the infants were discharged from the hospital and asked about any wheezing attacks. Seventy other infants with no health problems during the newborn period were included in the study as the control group. Results: The rate of wheezing attacks in newborns with TTN was more than patients with no TTN diagnosis (P = 0.014). TTN was found to be an independent risk factor for later wheezing attacks (relative risk [RR] = 2.8). Conclusions: The most obvious finding of this study was that TTN was an independent risk factor for wheezing attacks. So long-term medical care is suggested for these patients who may be at risk, because TTN may not be as transient as has been previously thought.

Investigation of un-American propaganda activities in the United States : Hearings before a Special Committee on Un-American Activities, House of Representatives, Seventy-fifth Congress, third session-Seventy-eighth Congress, second session, on H. Res. 282, to investigate (1) the extent, character, and objects of un-American propaganda activities in the United States, (2) the diffusion within the United States of subversive and un-American propaganda that is instigated from foreign countries or of a domestic origin and attacks the principle of the form of government as guaranteed by our Constitution, and (3) all other questions in relation thereto that would aid Congress in any necessary remedial legislation.

Martin Dies, chairman.

Contagion in cybersecurity attacks

Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

A multiagent based strategy for detecting attacks in databases in a distributed mode

This paper presents a distributed hierarchical multiagent architecture for detecting SQL injection attacks against databases. It uses a novel strategy, which is supported by a Case-Based Reasoning mechanism, which provides to the classifier agents with a great capacity of learning and adaptation to face this type of attack. The architecture combines strategies of intrusion detection systems such as misuse detection and anomaly detection. It has been tested and the results are presented in this paper.

Development of a health parameters tracking wearable device for detection of stress episodes and principles of panic attacks

A proof of concept for a wearable device is presented to help patients who suffer from panic attacks due to panic disorder. The aim of this device is to enable such patients manage these stressful episodes by guiding them to regulate their breathing and by informing the care taker. Panic attack prediction is deployed that can enable the healthcare providers to not only monitor and manage the panic attacks of a patient but also carry out an early intervention to reduce the symptom severity of the approaching panic attack. The patient can acquire the help they need, ultimately regaining control. The concept of panic attack prediction can lead to a personalized treatment of the patient. The study is conducted using a small real-world dataset, and only two primary symptoms of panic attack are used. These symptoms include pacing heart rate and hyperventilation or abnormal breathing rate. This thesis project is developed in collaboration with ALTEN italia and all the required hardware is provided by them.