848 resultados para Forensic Entomology


Relevância:

20.00% 20.00%

Publicador:

Resumo:

The call to access and preserve the state records that document crimes committed by the state during Guatemala’s civil war has become an archival imperative entangled with neoliberal human rights discourses of “truth, justice, and memory.” 200,000 people were killed and disappeared in Guatemala’s civil war including acts of genocide in which 85% of massacres involved sexual violence committed against Mayan women. This dissertation argues that in an attempt to tell the official story of the civil war, American Human Rights organizations and academic institutions have constructed a normative identity whose humanity is attached to a scientific and evidentiary value as well as an archival status representing the materiality and institutionality of the record. Consequently, Human Rights discourses grounded in Western knowledges, in particular archival science and law, which prioritize the appearance of truth erase the material and epistemological experience of indigenous women during wartimes. As a result, the subjectivity that has surfaced on the record as most legible has mostly pertained to non-indigenous, middle class, urban, leftist men who were victims of enforced disappearance not genocide. This dissertation investigates this conflicting narrative that remembers a non-indigenous revolutionary masculine hero and grants him justice in human rights courtrooms simply because of a document attesting to his death. A main research question addressed in this project is why the promise of "truth and justice" under the name of human rights becomes a contentious site for gendered indigenous bodies? I conduct a discursive and rhetorical analysis of documentary film, declassified Guatemalan police and military records such as Operation Sofia, a military log known for “documenting the genocide” during rural counterinsurgencies executed by the military. I interrogate the ways in which racialized feminicides or the hyper-sexualized racial violence that has historically dehumanized indigenous women falls outside of discourses of vision constructed by Western positivist knowledges to reinscribe the ideal human right subject. I argue for alternative epistemological frames that recognize genocide as sexualized and gendered structures that have simultaneously produced racialized feminicides in order to disrupt the colonial structures of capitalism, patriarchy and heterosexuality. Ironically, these structures of power remain untouched by the dominant human rights discourse and its academic, NGO, and state collaborators that seek "truth and justice" in post-conflict Guatemala.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Poster presented at the First International Congress of CIIEM: From Basic Sciences to Clinical Research. Egas Moniz, Monte de Caparica, 27 e 28 de Novembro 2015

Relevância:

20.00% 20.00%

Publicador:

Resumo:

This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Human scent, or the volatile organic compounds (VOCs) produced by an individual, has been recognized as a biometric measurement because of the distinct variations in both the presence and abundance of these VOCs between individuals. In forensic science, human scent has been used as a form of associative evidence by linking a suspect to a scene/object through the use of human scent discriminating canines. The scent most often collected and used with these specially trained canines is from the hands because a majority of the evidence collected is likely to have been handled by the suspect. However, the scents from other biological specimens, especially those that are likely to be present at scenes of violent crimes, have yet to be explored. Hair, fingernails and saliva are examples of these types of specimens. In this work, a headspace solid phase microextraction gas chromatography-mass spectrometry (HS-SPME-GC-MS) technique was used for the identification of VOCs from hand odor, hair, fingernails and saliva. Sixty individuals were sampled and the profiles of the extracted VOCs were evaluated to assess whether they could be used for distinguishing individuals. Preliminary analysis of the biological specimens collected from an individual (intra-subject) showed that, though these materials have some VOCs in common, their overall chemical profile is different for each specimen type. Pair-wise comparisons, using Spearman Rank correlations, were made between the chemical profiles obtained from each subject, per a specimen type. Greater than 98.8% of the collected samples were distinguished from the subjects for all of the specimen types, demonstrating that these specimens can be used for distinguishing individuals. Additionally, field trials were performed to determine the utility of these specimens as scent sources for human scent discriminating canines. Three trials were conducted to evaluate hair, fingernails and saliva in comparison to hand odor, which was considered the standard source of human odor. It was revealed that canines perform similarly to these alternative human scent sources as they do to hand odor implying that, though there are differences in the chemical profiles released by these specimens, they can still be used for the discrimination of individuals by trained canines.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

The presence of inhibitory substances in biological forensic samples has, and continues to affect the quality of the data generated following DNA typing processes. Although the chemistries used during the procedures have been enhanced to mitigate the effects of these deleterious compounds, some challenges remain. Inhibitors can be components of the samples, the substrate where samples were deposited or chemical(s) associated to the DNA purification step. Therefore, a thorough understanding of the extraction processes and their ability to handle the various types of inhibitory substances can help define the best analytical processing for any given sample. A series of experiments were conducted to establish the inhibition tolerance of quantification and amplification kits using common inhibitory substances in order to determine if current laboratory practices are optimal for identifying potential problems associated with inhibition. DART mass spectrometry was used to determine the amount of inhibitor carryover after sample purification, its correlation to the initial inhibitor input in the sample and the overall effect in the results. Finally, a novel alternative at gathering investigative leads from samples that would otherwise be ineffective for DNA typing due to the large amounts of inhibitory substances and/or environmental degradation was tested. This included generating data associated with microbial peak signatures to identify locations of clandestine human graves. Results demonstrate that the current methods for assessing inhibition are not necessarily accurate, as samples that appear inhibited in the quantification process can yield full DNA profiles, while those that do not indicate inhibition may suffer from lowered amplification efficiency or PCR artifacts. The extraction methods tested were able to remove >90% of the inhibitors from all samples with the exception of phenol, which was present in variable amounts whenever the organic extraction approach was utilized. Although the results attained suggested that most inhibitors produce minimal effect on downstream applications, analysts should practice caution when selecting the best extraction method for particular samples, as casework DNA samples are often present in small quantities and can contain an overwhelming amount of inhibitory substances.^

Relevância:

20.00% 20.00%

Publicador:

Resumo:

The elemental analysis of soil is useful in forensic and environmental sciences. Methods were developed and optimized for two laser-based multi-element analysis techniques: laser ablation inductively coupled plasma mass spectrometry (LA-ICP-MS) and laser-induced breakdown spectroscopy (LIBS). This work represents the first use of a 266 nm laser for forensic soil analysis by LIBS. Sample preparation methods were developed and optimized for a variety of sample types, including pellets for large bulk soil specimens (470 mg) and sediment-laden filters (47 mg), and tape-mounting for small transfer evidence specimens (10 mg). Analytical performance for sediment filter pellets and tape-mounted soils was similar to that achieved with bulk pellets. An inter-laboratory comparison exercise was designed to evaluate the performance of the LA-ICP-MS and LIBS methods, as well as for micro X-ray fluorescence (μXRF), across multiple laboratories. Limits of detection (LODs) were 0.01-23 ppm for LA-ICP-MS, 0.25-574 ppm for LIBS, 16-4400 ppm for µXRF, and well below the levels normally seen in soils. Good intra-laboratory precision (≤ 6 % relative standard deviation (RSD) for LA-ICP-MS; ≤ 8 % for µXRF; ≤ 17 % for LIBS) and inter-laboratory precision (≤ 19 % for LA-ICP-MS; ≤ 25 % for µXRF) were achieved for most elements, which is encouraging for a first inter-laboratory exercise. While LIBS generally has higher LODs and RSDs than LA-ICP-MS, both were capable of generating good quality multi-element data sufficient for discrimination purposes. Multivariate methods using principal components analysis (PCA) and linear discriminant analysis (LDA) were developed for discriminations of soils from different sources. Specimens from different sites that were indistinguishable by color alone were discriminated by elemental analysis. Correct classification rates of 94.5 % or better were achieved in a simulated forensic discrimination of three similar sites for both LIBS and LA-ICP-MS. Results for tape-mounted specimens were nearly identical to those achieved with pellets. Methods were tested on soils from USA, Canada and Tanzania. Within-site heterogeneity was site-specific. Elemental differences were greatest for specimens separated by large distances, even within the same lithology. Elemental profiles can be used to discriminate soils from different locations and narrow down locations even when mineralogy is similar.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

String searching within a large corpus of data is an important component of digital forensic (DF) analysis techniques such as file carving. The continuing increase in capacity of consumer storage devices requires corresponding im-provements to the performance of string searching techniques. As string search-ing is a trivially-parallelisable problem, GPGPU approaches are a natural fit – but previous studies have found that local storage presents an insurmountable performance bottleneck. We show that this need not be the case with modern hardware, and demonstrate substantial performance improvements from the use of single and multiple GPUs when searching for strings within a typical forensic disk image.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

One of the most important events which characterizes the process of transitioning to the European Union is the ratification of the Convention for the Protection of Human Rights and Fundamental Freedoms by the European Council in 1950. Since then, the topic of human rights has become the inspiring principle in the construction of the European Community and afterwards the institutional apparatus which constitutes the Union. The primary objective of the European Union States currently is to promote a harmonization of the national legislations on mental health, favoring a central health policy which reduces inequalities amongst the member States. For this reason Europe is a region of the world in which is more abundant the normative one about mental health, especially in form of Recommendations directed to the States by the Council of Europe, although norms of direct application also exist. Special interest has the sentences dictated by the European Court of Human Rights and the conclusions of the European Committee for the Prevention of Torture and Inhuman or Degrading Treatment or Punishment. It should be mentioned the work of European Union equally and of the Office for Europe of the World Organization of the Health. This group of juridical instruments configures the most complete regulation on the mental patient's rights.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Liquid chromatography coupled with mass spectrometry is one of the most powerful tools in the toxicologist’s arsenal to detect a wide variety of compounds from many different matrices. However, the huge number of potentially abused substances and new substances especially designed as intoxicants poses a problem in a forensic toxicology setting. Most methods are targeted and designed to cover a very specific drug or group of drugs while many other substances remain undetected. High resolution mass spectrometry, more specifically time-of-flight mass spectrometry, represents an extremely powerful tool in analysing a multitude of compounds not only simultaneously but also retroactively. The data obtained through the time-of-flight instrument contains all compounds made available from sample extraction and chromatography, which can be processed at a later time with an improved library to detect previously unrecognised compounds without having to analyse the respective sample again. The aim of this project was to determine the utility and limitations of time-of-flight mass spectrometry as a general and easily expandable screening method. The resolution of time-of-flight mass spectrometry allows for the separation of compounds with the same nominal mass but distinct exact masses without the need to separate them chromatographically. To simulate the wide variety of potentially encountered drugs in such a general screening method, seven drugs (morphine, cocaine, zolpidem, diazepam, amphetamine, MDEA and THC) were chosen to represent this variety in terms of mass, properties and functional groups. Consequently, several liquid-liquid and solid phase extractions were applied to urine samples to determine the most general suitable and unspecific extraction. Chromatography was optimised by investigating the parameters pH, concentration, organic solvent and gradient of the mobile phase to improve data obtained by the time-of-flight instrument. The resulting method was validated as a qualitative confirmation/identification method. Data processing was automated using the software TargetAnalysis, which provides excellent analyte recognition according to retention time, exact mass and isotope pattern. The recognition of isotope patterns allows excellent recognition of analytes even in interference rich mass spectra and proved to be a good positive indicator. Finally, the validated method was applied to samples received from the A& E Department of Glasgow Royal Infirmary in suspected drug abuse cases and samples received from the Scottish Prison Service, which we received from their own prevalence study targeting drugs of abuse in the prison population. The obtained data was processed with a library established in the course of this work.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This work is concerned with the genetic basis of normal human pigmentation variation. Specifically, the role of polymorphisms within the solute carrier family 45 member 2 (SLC45A2 or membrane associated transporter protein; MATP) gene were investigated with respect to variation in hair, skin and eye colour ― both between and within populations. SLC45A2 is an important regulator of melanin production and mutations in the gene underly the most recently identified form of oculocutaneous albinism. There is evidence to suggest that non-synonymous polymorphisms in SLC45A2 are associated with normal pigmentation variation between populations. Therefore, the underlying hypothesis of this thesis is that polymorphisms in SLC45A2 will alter the function or regulation of the protein, thereby altering the important role it plays in melanogenesis and providing a mechanism for normal pigmentation variation. In order to investigate the role that SLC45A2 polymorphisms play in human pigmentation variation, a DNA database was established which collected pigmentation phenotypic information and blood samples of more than 700 individuals. This database was used as the foundation for two association studies outlined in this thesis, the first of which involved genotyping two previously-described non-synonymous polymorphisms, p.Glu272Lys and p.Phe374Leu, in four different population groups. For both polymorphisms, allele frequencies were significantly different between population groups and the 272Lys and 374Leu alleles were strongly associated with black hair, brown eyes and olive skin colour in Caucasians. This was the first report to show that SLC45A2 polymorphisms were associated with normal human intra-population pigmentation variation. The second association study involved genotyping several SLC45A2 promoter polymorphisms to determine if they also played a role in pigmentation variation. Firstly, the transcription start site (TSS), and hence putative proximal promoter region, was identified using 5' RNA ligase mediated rapid amplification of cDNA ends (RLM-RACE). Two alternate TSSs were identified and the putative promoter region was screened for novel polymorphisms using denaturing high performance liquid chromatography (dHPLC). A novel duplication (c.–1176_–1174dupAAT) was identified along with other previously described single nucleotide polymorphisms (c.–1721C>G and c.–1169G>A). Strong linkage disequilibrium ensured that all three polymorphisms were associated with skin colour such that the –1721G, +dup and –1169A alleles were associated with olive skin in Caucasians. No linkage disequilibrium was observed between the promoter and coding region polymorphisms, suggesting independent effects. The association analyses were complemented with functional data, showing that the –1721G, +dup and –1169A alleles significantly decreased SLC45A2 transcriptional activity. Based on in silico bioinformatic analysis that showed these alleles remove a microphthalmia-associated transcription factor (MITF) binding site, and that MITF is a known regulator of SLC45A2 (Baxter and Pavan, 2002; Du and Fisher, 2002), it was postulated that SLC45A2 promoter polymorphisms could contribute to the regulation of pigmentation by altering MITF binding affinity. Further characterisation of the SLC45A2 promoter was carried out using luciferase reporter assays to determine the transcriptional activity of different regions of the promoter. Five constructs were designed of increasing length and their promoter activity evaluated. Constitutive promoter activity was observed within the first ~200 bp and promoter activity increased as the construct size increased. The functional impact of the –1721G, +dup and –1169A alleles, which removed a MITF consensus binding site, were assessed using electrophoretic mobility shift assays (EMSA) and expression analysis of genotyped melanoblast and melanocyte cell lines. EMSA results confirmed that the promoter polymorphisms affected DNA-protein binding. Interestingly, however, the protein/s involved were not MITF, or at least MITF was not the protein directly binding to the DNA. In an effort to more thoroughly characterise the functional consequences of SLC45A2 promoter polymorphisms, the mRNA expression levels of SLC45A2 and MITF were determined in melanocyte/melanoblast cell lines. Based on SLC45A2’s role in processing and trafficking TYRP1 from the trans-Golgi network to stage 2 melanosmes, the mRNA expression of TYRP1 was also investigated. Expression results suggested a coordinated expression of pigmentation genes. This thesis has substantially contributed to the field of pigmentation by showing that SLC45A2 polymorphisms not only show allele frequency differences between population groups, but also contribute to normal pigmentation variation within a Caucasian population. In addition, promoter polymorphisms have been shown to have functional consequences for SLC45A2 transcription and the expression of other pigmentation genes. Combined, the data presented in this work supports the notion that SLC45A2 is an important contributor to normal pigmentation variation and should be the target of further research to elucidate its role in determining pigmentation phenotypes. Understanding SLC45A2’s function may lead to the development of therapeutic interventions for oculocutaneous albinism and other disorders of pigmentation. It may also help in our understanding of skin cancer susceptibility and evolutionary adaptation to different UV environments, and contribute to the forensic application of pigmentation phenotype prediction.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

• Introduction: Concern and action for rural road safety is relatively new in Australia in comparison to the field of traffic safety as a whole. In 2003, a program of research was begun by the Centre for Accident Research and Road Safety - Queensland (CARRS-Q) and the Rural Health Research Unit (RHRU) at James Cook University to investigate factors contributing to serious rural road crashes in the North Queensland region. This project was funded by the Premier’s Department, Main Roads Department, Queensland Transport, QFleet, Queensland Rail, Queensland Ambulance Service, Department of Natural Resources and Queensland Police Service. Additional funding was provided by NRMA Insurance for a PhD scholarship. In-kind support was provided through the four hospitals used for data collection, namely Cairns Base Hospital, The Townsville Hospital, Mount Isa Hospital and Atherton Hospital.----- The primary aim of the project was to: Identify human factors related to the occurrence of serious traffic incidents in rural and remote areas of Australia, and to the trauma suffered by persons as a result of these incidents, using a sample drawn from a rural and remote area in North Queensland.----- The data and analyses presented in this report are the core findings from two broad studies: a general examination of fatalities and casualties from rural and remote crashes for the period 1 March 2004 until 30 June 2007, and a further linked case-comparison study of hospitalised patients compared with a sample of non-crash-involved drivers.----- • Method: The study was undertaken in rural North Queensland, as defined by the Australian Bureau of Statistics (ABS) statistical divisions of North Queensland, Far North Queensland and North-West Queensland. Urban areas surrounding Townsville, Thuringowa and Cairns were not included. The study methodology was centred on serious crashes, as defined by a resulting hospitalisation for 24 hours or more and/or a fatality. Crashes meeting this criteria within the North Queensland region between 1 March 2004 and 30 June 2007 were identified through hospital records and interviewed where possible. Additional data was sourced from coroner’s reports, the Queensland Transport road crash database, the Queensland Ambulance Service and the study hospitals in the region.----- This report is divided into chapters corresponding to analyses conducted on the collected crash and casualty data.----- Chapter 3 presents an overview of all crashes and casualties identified during the study period. Details are presented in regard to the demographics and road user types of casualties; the locations, times, types, and circumstances of crashes; along with the contributing circumstances of crashes.----- Chapter 4 presents the results of summary statistics for all casualties for which an interview was able to be conducted. Statistics are presented separately for drivers and riders, passengers, pedestrians and cyclists. Details are also presented separately for drivers and riders crashing in off-road and on-road settings. Results from questionnaire data are presented in relation to demographics; the experience of the crash in narrative form; vehicle characteristics and maintenance; trip characteristics (e.g. purpose and length of journey; periods of fatigue and monotony; distractions from driving task); driving history; alcohol and drug use; medical history; driving attitudes, intentions and behaviour; attitudes to enforcement; and experience of road safety advertising.----- Chapter 5 compares the above-listed questionnaire results between on-road crash-involved casualties and interviews conducted in the region with non-crash-involved persons. Direct comparisons as well as age and sex adjusted comparisons are presented.----- Chapter 6 presents information on those casualties who were admitted to one of the study hospitals during the study period. Brief information is given regarding the demographic characteristics of these casualties. Emergency services’ data is used to highlight the characteristics of patient retrieval and transport to and between hospitals. The major injuries resulting from the crashes are presented for each region of the body and analysed by vehicle type, occupant type, seatbelt status, helmet status, alcohol involvement and nature of crash. Estimates are provided of the costs associated with in-hospital treatment and retrieval.----- Chapter 7 describes the characteristics of the fatal casualties and the nature and circumstances of the crashes. Demographics, road user types, licence status, crash type and contributing factors for crashes are presented. Coronial data is provided in regard to contributing circumstances (including alcohol, drugs and medical conditions), cause of death, resulting injuries, and restraint and helmet use.----- Chapter 8 presents the results of a comparison between casualties’ crash descriptions and police-attributed crash circumstances. The relative frequency of contributing circumstances are compared both broadly within the categories of behavioural, environmental, vehicle related, medical and other groupings and specifically for circumstances within these groups.----- Chapter 9 reports on the associated research projects which have been undertaken on specific topics related to rural road safety.----- Finally, Chapter 10 reports on the conclusions and recommendations made from the program of research.---- • Major Recommendations : From the findings of these analyses, a number of major recommendations were made: + Male drivers and riders - Male drivers and riders should continue to be the focus of interventions, given their very high representation among rural and remote road crash fatalities and serious injuries.----- - The group of males aged between 30 and 50 years comprised the largest number of casualties and must also be targeted for change if there is to be a meaningful improvement in rural and remote road safety.----- + Motorcyclists - Single vehicle motorcycle crashes constitute over 80% of serious, on-road rural motorcycle crashes and need particular attention in development of policy and infrastructure.----- - The motorcycle safety consultation process currently being undertaken by Queensland Transport (via the "Motorbike Safety in Queensland - Consultation Paper") is strongly endorsed. As part of this process, particular attention needs to be given to initiatives designed to reduce rural and single vehicle motorcycle crashes.----- - The safety of off-road riders is a serious problem that falls outside the direct responsibility of either Transport or Health departments. Responsibility for this issue needs to be attributed to develop appropriate policy, regulations and countermeasures.----- + Road safety for Indigenous people - Continued resourcing and expansion of The Queensland Aboriginal Peoples and Torres Strait Islander Peoples Driver Licensing Program to meet the needs of remote and Indigenous communities with significantly lower licence ownership levels.----- - Increased attention needs to focus on the contribution of geographic disadvantage (remoteness) factors to remote and Indigenous road trauma.----- + Road environment - Speed is the ‘final common pathway’ in determining the severity of rural and remote crashes and rural speed limits should be reduced to 90km/hr for sealed off-highway roads and 80km/hr for all unsealed roads as recommended in the Austroads review and in line with the current Tasmanian government trial.----- - The Department of Main Roads should monitor rural crash clusters and where appropriate work with local authorities to conduct relevant audits and take mitigating action. - The international experts at the workshop reviewed the data and identified the need to focus particular attention on road design management for dangerous curves. They also indicated the need to maximise the use of audio-tactile linemarking (audible lines) and rumble strips to alert drivers to dangerous conditions and behaviours.----- + Trauma costs - In accordance with Queensland Health priorities, recognition should be given to the substantial financial costs associated with acute management of trauma resulting from serious rural and remote crashes.----- - Efforts should be made to develop a comprehensive, regionally specific costing formula for road trauma that incorporates the pre-hospital, hospital and post-hospital phases of care. This would inform health resource allocation and facilitate the evaluation of interventions.----- - The commitment of funds to the development of preventive strategies to reduce rural and remote crashes should take into account the potential cost savings associated with trauma.----- - A dedicated study of the rehabilitation needs and associated personal and healthcare costs arising from rural and remote road crashes should be undertaken.----- + Emergency services - While the study has demonstrated considerable efficiency in the response and retrieval systems of rural and remote North Queensland, relevant Intelligent Transport Systems technologies (such as vehicle alarm systems) to improve crash notification should be both developed and evaluated.----- + Enforcement - Alcohol and speed enforcement programs should target the period between 2 and 6pm because of the high numbers of crashes in the afternoon period throughout the rural region.----- + Drink driving - Courtesy buses should be advocated and schemes such as the Skipper project promoted as local drink driving countermeasures in line with the very high levels of community support for these measures identified in the hospital study.------ - Programs should be developed to target the high levels of alcohol consumption identified in rural and remote areas and related involvement in crashes.----- - Referrals to drink driving rehabilitation programs should be mandated for recidivist offenders.----- + Data requirements - Rural and remote road crashes should receive the same quality of attention as urban crashes. As such, it is strongly recommended that increased resources be committed to enable dedicated Forensic Crash Units to investigate rural and remote fatal and serious injury crashes.----- - Transport department records of rural and remote crashes should record the crash location using the national ARIA area classifications used by health departments as a means to better identifying rural crashes.----- - Rural and remote crashes tend to be unnoticed except in relatively infrequent rural reviews. They should receive the same level of attention and this could be achieved if fatalities and fatal crashes were coded by the ARIA classification system and included in regular crash reporting.----- - Health, Transport and Police agencies should collect a common, minimal set of data relating to road crashes and injuries, including presentations to small rural and remote health facilities.----- + Media and community education programmes - Interventions seeking to highlight the human contribution to crashes should be prioritised. Driver distraction, alcohol and inappropriate speed for the road conditions are key examples of such behaviours.----- - Promotion of basic safety behaviours such as the use of seatbelts and helmets should be given a renewed focus.----- - Knowledge, attitude and behavioural factors that have been identified for the hospital Brief Intervention Trial should be considered in developing safety campaigns for rural and remote people. For example challenging the myth of the dangerous ‘other’ or ‘non-local’ driver.----- - Special educational initiatives on the issues involved in rural and remote driving should be undertaken. For example the material used by Main Roads, the Australian Defence Force and local initiatives.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.