Data Mining for Network Intrusion Detection : A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks

Data mining can be defined as the extraction of implicit, previously un-known, and potentially useful information from data. Numerous re-searchers have been developing security technology and exploring new methods to detect cyber-attacks with the DARPA 1998 dataset for Intrusion Detection and the modified versions of this dataset KDDCup99 and NSL-KDD, but until now no one have examined the performance of the Top 10 data mining algorithms selected by experts in data mining. The compared classification learning algorithms in this thesis are: C4.5, CART, k-NN and Naïve Bayes. The performance of these algorithms are compared with accuracy, error rate and average cost on modified versions of NSL-KDD train and test dataset where the instances are classified into normal and four cyber-attack categories: DoS, Probing, R2L and U2R. Additionally the most important features to detect cyber-attacks in all categories and in each category are evaluated with Weka’s Attribute Evaluator and ranked according to Information Gain. The results show that the classification algorithm with best performance on the dataset is the k-NN algorithm. The most important features to detect cyber-attacks are basic features such as the number of seconds of a network connection, the protocol used for the connection, the network service used, normal or error status of the connection and the number of data bytes sent. The most important features to detect DoS, Probing and R2L attacks are basic features and the least important features are content features. Unlike U2R attacks, where the content features are the most important features to detect attacks.

Passivity Framework for Modeling, Composing and Mitigating Cyber Attacks

Thesis (Ph.D.)--University of Washington, 2016-08

Numerical encoding to tame SQL injection attacks.

Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations’ databases. Intruders becoming smarter in obfuscating web requests to evade detection combined with increasing volumes of web traffic from the Internet of Things (IoT), cloud-hosted and on-premise business applications have made it evident that the existing approaches of mostly static signature lack the ability to cope with novel signatures. A SQLIA detection and prevention solution can be achieved through exploring an alternative bio-inspired supervised learning approach that uses input of labelled dataset of numerical attributes in classifying true positives and negatives. We present in this paper a Numerical Encoding to Tame SQLIA (NETSQLIA) that implements a proof of concept for scalable numerical encoding of features to a dataset attributes with labelled class obtained from deep web traffic analysis. In the numerical attributes encoding: the model leverages proxy in the interception and decryption of web traffic. The intercepted web requests are then assembled for front-end SQL parsing and pattern matching by applying traditional Non-Deterministic Finite Automaton (NFA). This paper is intended for a technique of numerical attributes extraction of any size primed as an input dataset to an Artificial Neural Network (ANN) and statistical Machine Learning (ML) algorithms implemented using Two-Class Averaged Perceptron (TCAP) and Two-Class Logistic Regression (TCLR) respectively. This methodology then forms the subject of the empirical evaluation of the suitability of this model in the accurate classification of both legitimate web requests and SQLIA payloads.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

The war of attrition in cyber-space or "cyber-attacks", "cyber-war" and "cyber-terrorism"

Nos últimos anos tornou-se óbvio que o mundo virtual das bases de dados e do software – popularmente denominado como ciberespaço – tem um lado negro. Este lado negro tem várias dimensões, nomeadamente perda de produtividade, crime financeiro, furto de propriedade intelectual, de identidade, bullying e outros. Empresas, governos e outras entidades são cada vez mais alvo de ataques de terceiros com o fim de penetrarem as suas redes de dados e sistemas de informação. Estes vão desde os adolescentes a grupos organizados e extremamente competentes, sendo existem indicações de que alguns Estados têm vindo a desenvolver “cyber armies” com capacidades defensivas e ofensivas. Legisladores, políticos e diplomatas têm procurado estabelecer conceitos e definições, mas apesar da assinatura da Convenção do Conselho da Europa sobre Cibercrime em 2001 por vários Estados, não existiram novos desenvolvimentos desde então. Este artigo explora as várias dimensões deste domínio e enfatiza os desafios que se colocam a todos aqueles que são responsáveis pela proteção diária da informação das respetivas organizações contra ataques de origem e objetivos muitas vezes desconhecidos.

Risk of Wheezing Attacks in Infants With Transient Tachypnea Newborns

Background: The most common reason of respiratory distress in the newborn is transient tachypnea of the newborn (TTN). There are some reports saying that TTN is associated with increased frequencies of wheezing attacks. Objectives: The aims of this study were to determine the risk factors associated with TTN and to determine the association between TTN and the development of wheezing syndromes in early life. Materials and Methods: In a historical cohort study, we recorded the characteristics of 70 infants born at the Shohadaye Kargar Hospital in Yazd between March 2005 and March 2009 and who were hospitalized because of TTN in the neonatal intensive-care unit. We called their parents at least four years after the infants were discharged from the hospital and asked about any wheezing attacks. Seventy other infants with no health problems during the newborn period were included in the study as the control group. Results: The rate of wheezing attacks in newborns with TTN was more than patients with no TTN diagnosis (P = 0.014). TTN was found to be an independent risk factor for later wheezing attacks (relative risk [RR] = 2.8). Conclusions: The most obvious finding of this study was that TTN was an independent risk factor for wheezing attacks. So long-term medical care is suggested for these patients who may be at risk, because TTN may not be as transient as has been previously thought.

Investigation of un-American propaganda activities in the United States : Hearings before a Special Committee on Un-American Activities, House of Representatives, Seventy-fifth Congress, third session-Seventy-eighth Congress, second session, on H. Res. 282, to investigate (1) the extent, character, and objects of un-American propaganda activities in the United States, (2) the diffusion within the United States of subversive and un-American propaganda that is instigated from foreign countries or of a domestic origin and attacks the principle of the form of government as guaranteed by our Constitution, and (3) all other questions in relation thereto that would aid Congress in any necessary remedial legislation.

Martin Dies, chairman.

Contagion in cybersecurity attacks

Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

A multiagent based strategy for detecting attacks in databases in a distributed mode

This paper presents a distributed hierarchical multiagent architecture for detecting SQL injection attacks against databases. It uses a novel strategy, which is supported by a Case-Based Reasoning mechanism, which provides to the classifier agents with a great capacity of learning and adaptation to face this type of attack. The architecture combines strategies of intrusion detection systems such as misuse detection and anomaly detection. It has been tested and the results are presented in this paper.

Análisis de mujeres cachemires como sujetos subalternos en la representación institucional de India y Paquistán a partir del fenómeno de desaparición forzada (1989-2008)

El interés de esta monografía es analizar las consecuencias de la representación institucional de India y Paquistán en la disputa territorial por Cachemira durante el periodo de 1989 a 2008. Puntualmente, se analiza y explica cómo la representación institucional prestada individualmente por India y Paquistán validó sus intereses como agentes de poder en la región, pasó por alto las necesidades de la población cachemir y fomentó la práctica de la desaparición forzada, lo que en consecuencia convirtió a las mujeres cachemires en un grupo subalterno. Para tal objetivo, se hará uso de la teoría postcolonialista, específicamente el enfoque subalternista de la autora Gayatri Chakravorty Spivak ya que permite explicar adecuadamente el proceso mediante el cual las mujeres cachemires se convirtieron en un grupo subalterno.

Análisis del cambio de las relaciones políticas entre India y Pakistán, a la luz de la cultura de anarquía hobbesiana, como consecuencia de los atentados de Mumbai 2008

Esta investigación busca analizar como se modificaron las relaciones entre India y Pakistán luego de los atentados de Mumbai 2008, a la luz de la cultura de anarquía hobbesiana. Para ello, se explicará como la estructura de anarquía ha sido un catalizador en la modificación de la toma de decisiones de los Estados, sobretodo teniendo en cuenta la característica de Pakistán como un Estado predador. Se demostrará si gracias a estos atentados la actuación de India en el conflicto ha cambiado y percibe a su par como un ente violento y predispuesto a la agresión. Para ello se entrará a explicar el devenir histórico de la relación, la intensidad del grupo perpetrador (Lashkar-e-Taiba) y las posiciones de ambos Estados frente a los atentados.

La institucionalización de la lucha contra el terrorismo transnacional a través del derecho internacional

Hasta hace casi una década, la guerra contra el terrorismo fue una lucha solitaria de los Estados. Actualmente y debido a las implicaciones globales de este fenómeno, las acciones contra este flagelo han adquirido connotación internacional. Gran parte de los países miembros de las Naciones Unidas han acogido esta guerra –contra un enemigo común, pero indefinido- como un compromiso político en favor de la paz y seguridad internacional. La producción constante de instrumentos internacionales que condenan el terrorismo y que exigen tomar medidas para combatirlo, demuestran que esa intención política originaria se ha decantado en el ordenamiento internacional como una obligación autónoma, de carácter consuetudinario; que hace que actualmente no haya país en el mundo que pueda excusarse de combatir al terrorismo (interno o transnacional) independientemente de las justificaciones que se puedan aludir para el no cumplimiento.

Entre el terrorismo y el terrorismo en red, un debate a propósito de los lobos solitarios en Estados Unidos (2001-2014)

El interés de esta disertación es otorgar una respuesta a la fenomenología del Lobo Solitario, que se alza como amenaza frente a los Estados, y es necesaria su correcta comprensión para poder contrarrestar sus efectos sobre la sociedad. De esta manera, se propone un debate entre los conceptos de terrorismo expuesto por un lado por Bruce Hoffman, y por el otro por Luis de la Corte Ibáñez, quienes aportarán herramientas de análisis para lograr entender la fenomenología. Para terminar proponiendo la teoría de redes, expuesta por Arquilla y Ronfeldt y Charles Perrow, como mecanismo de solución a la brecha conceptual existente, definiendo a los lobos solitarios a nivel operacional como nodos sin red, y a nivel de adoctrinamiento como redes de débil acople.

El fortalecimiento de organizacones terroristas en África a partir de la descentralización de Al Qaeda (2006-2013) a la luz de la teoría de guerra en red

El objetivo de esta monografía es analizar el proceso de descentralización de Al Qaeda a causa del debilitamiento de su centro en Afganistán por la intervención militar de la coalición occidental. Se estudia como Al Qaeda deja de ser una organización jerárquica, comenzando a organizarse en red. Estas trasformaciones se pueden explicar a la luz de los principales postulados de la teoría de Guerra en Red, que incluyen la falta de un liderazgo central, y la distribución en enjambre para atacar. Siguiendo la línea argumentativa, finalmente se demuestra que mediante la expansión de la red, Al Qaeda aún bajo su situación de debilidad ha mantenido vigente la yihad trasnacional a través de las organizaciones filiales en África.