Applied web traffic analysis for numerical encoding of SQL Injection attack features.

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.

Strategic Alert Throttling for Intrusion Detection Systems

Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling.

Integrating Innate and Adaptive Immunity for Intrusion Detection

Network Intrusion Detection Systems (NIDS) monitor a net- work with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS’s rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

An Immune Network Intrusion Detection System Utilising Correlation Context

Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

Strategic Alert Throttling for Intrusion Detection Systems

Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling.

An immune inspired Network Intrusion Detection System utilising correlation

Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

Development of a health parameters tracking wearable device for detection of stress episodes and principles of panic attacks

A proof of concept for a wearable device is presented to help patients who suffer from panic attacks due to panic disorder. The aim of this device is to enable such patients manage these stressful episodes by guiding them to regulate their breathing and by informing the care taker. Panic attack prediction is deployed that can enable the healthcare providers to not only monitor and manage the panic attacks of a patient but also carry out an early intervention to reduce the symptom severity of the approaching panic attack. The patient can acquire the help they need, ultimately regaining control. The concept of panic attack prediction can lead to a personalized treatment of the patient. The study is conducted using a small real-world dataset, and only two primary symptoms of panic attack are used. These symptoms include pacing heart rate and hyperventilation or abnormal breathing rate. This thesis project is developed in collaboration with ALTEN italia and all the required hardware is provided by them.

The Lea Grating Test In Assessing Detection Grating Acuity In Normal Infants Less Than 4 Months Of Age.

To assess binocular detection grating acuity using the LEA GRATINGS test to establish age-related norms in healthy infants during their first 3 months of life. In this prospective, longitudinal study of healthy infants with clear red reflex at birth, responses to gratings were measured at 1, 2, and 3 months of age using LEA gratings at a distance of 28 cm. The results were recorded as detection grating acuity values, which were arranged in frequency tables and converted to a one-octave scale for statistical analysis. For the repeated measurements, analysis of variance (ANOVA) was used to compare the detection grating acuity results between ages. A total of 133 infants were included. The binocular responses to gratings showed development toward higher mean values and spatial frequencies, ranging from 0.55 ± 0.70 cycles per degree (cpd), or 1.74 ± 0.21 logMAR, in month 1 to 3.11 ± 0.54 cpd, or 0.98 ± 0.16 logMAR, in month 3. Repeated ANOVA indicated differences among grating acuity values in the three age groups. The LEA GRATINGS test allowed assessment of detection grating acuity and its development in a cohort of healthy infants during their first 3 months of life.

Determination Of Tetrakis(hydroxymethyl)phosphonium Sulfate In Commercial Formulations And Cooling Water By Capillary Electrophoresis With Contactless Conductivity Detection.

A novel capillary electrophoresis method using capacitively coupled contactless conductivity detection is proposed for the determination of the biocide tetrakis(hydroxymethyl)phosphonium sulfate. The feasibility of the electrophoretic separation of this biocide was attributed to the formation of an anionic complex between the biocide and borate ions in the background electrolyte. Evidence of this complex formation was provided by (11) B NMR spectroscopy. A linear relationship (R(2) = 0.9990) between the peak area of the complex and the biocide concentration (50-900 μmol/L) was found. The limit of detection and limit of quantification were 15.0 and 50.1 μmol/L, respectively. The proposed method was applied to the determination of tetrakis(hydroxymethyl)phosphonium sulfate in commercial formulations, and the results were in good agreement with those obtained by the standard iodometric titration method. The method was also evaluated for the analysis of tap water and cooling water samples treated with the biocide. The results of the recovery tests at three concentration levels (300, 400, and 600 μmol/L) varied from 75 to 99%, with a relative standard deviation no higher than 9%.

Human Herpesvirus Infections Of The Central Nervous System: Laboratory Diagnosis Based On Dna Detection By Nested Pcr In Plasma And Cerebrospinal Fluid Samples.

Infections of the central nervous systems (CNS) present a diagnostic problem for which an accurate laboratory diagnosis is essential. Invasive practices, such as cerebral biopsy, have been replaced by obtaining a polymerase chain reaction (PCR) diagnosis using cerebral spinal fluid (CSF) as a reference method. Tests on DNA extracted from plasma are noninvasive, thus avoiding all of the collateral effects and patient risks associated with CSF collection. This study aimed to determine whether plasma can replace CSF in nested PCR analysis for the detection of CNS human herpesvirus (HHV) diseases by analysing the proportion of patients whose CSF nested PCR results were positive for CNS HHV who also had the same organism identified by plasma nested PCR. In this study, CSF DNA was used as the gold standard, and nested PCR was performed on both types of samples. Fifty-two patients with symptoms of nervous system infection were submitted to CSF and blood collection. For the eight HHV, one positive DNA result-in plasma and/or CSF nested PCR-was considered an active HHV infection, whereas the occurrence of two or more HHVs in the same sample was considered a coinfection. HHV infections were positively detected in 27/52 (51.9%) of the CSF and in 32/52 (61.5%) of the plasma, difference not significant, thus nested PCR can be performed on plasma instead of CSF. In conclusion, this findings suggest that plasma as a useful material for the diagnosis of cases where there is any difficulty to perform a CSF puncture.

Detection Of Explosives On The Surface Of Banknotes By Raman Hyperspectral Imaging And Independent Component Analysis.

The aim of this study was to develop a methodology using Raman hyperspectral imaging and chemometric methods for identification of pre- and post-blast explosive residues on banknote surfaces. The explosives studied were of military, commercial and propellant uses. After the acquisition of the hyperspectral imaging, independent component analysis (ICA) was applied to extract the pure spectra and the distribution of the corresponding image constituents. The performance of the methodology was evaluated by the explained variance and the lack of fit of the models, by comparing the ICA recovered spectra with the reference spectra using correlation coefficients and by the presence of rotational ambiguity in the ICA solutions. The methodology was applied to forensic samples to solve an automated teller machine explosion case. Independent component analysis proved to be a suitable method of resolving curves, achieving equivalent performance with the multivariate curve resolution with alternating least squares (MCR-ALS) method. At low concentrations, MCR-ALS presents some limitations, as it did not provide the correct solution. The detection limit of the methodology presented in this study was 50μgcm(-2).

A screening method for detection of hexavalent chromium levels in soils

A rapid and low cost method to determine Cr(VI) in soils based upon alkaline metal extraction at room temperature is proposed as a semi-quantitative procedure to be performed in the field. A color comparison with standards with contents of Cr(VI) in the range of 10 to 150 mg kg-1 was used throughout. For the different types of soils studied, more than 75% of the fortified soluble Cr(VI) were recovered for all levels of spike tested for both the proposed and standard methods. Recoveries of 83 and 99% were obtained for the proposed and the standard methods, respectively, taking into account the analysis of a heavily contaminated soil sample.

Histopathological events and detection of Metarhizium anisopliae using specific primers in infected immature stages of the fruit fly Anastrepha fraterculus (Wiedemann, 1830) (Diptera: Tephritidae)

The fungus Metarhizium anisopliae is used on a large scale in Brazil as a microbial control agent against the sugar cane spittlebugs, Mahanarva posticata and M. fimbriolata (Hemiptera., Cercopidae). We applied strain E9 of M. anisopliae in a bioassay on soil, with field doses of conidia to determine if it can cause infection, disease and mortality in immature stages of Anastrepha fraterculus, the South American fruit fly. All the events were studied histologically and at the molecular level during the disease cycle, using a novel histological technique, light green staining, associated with light microscopy, and by PCR, using a specific DNA primer developed for M. anisopliae capable to identify Brazilian strains like E9. The entire infection cycle, which starts by conidial adhesion to the cuticle of the host, followed by germination with or without the formation of an appressorium, penetration through the cuticle and colonisation, with development of a dimorphic phase, hyphal bodies in the hemocoel, and death of the host, lasted 96 hours under the bioassay conditions, similar to what occurs under field conditions. During the disease cycle, the propagules of the entomopathogenic fungus were detected by identifying DNA with the specific primer ITSMet: 5' TCTGAATTTTTTATAAGTAT 3' with ITS4 (5' TCCTCCGCTTATTGATATGC 3') as a reverse primer. This simple methodology permits in situ studies of the infective process, contributing to our understanding of the host-pathogen relationship and allowing monitoring of the efficacy and survival of this entomopathogenic fungus in large-scale applications in the field. It also facilitates monitoring the environmental impact of M. anisopliae on non-target insects.

Detection of human cytomegalovirus and Epstein-Barr virus in coronary atherosclerotic tissue

Previous studies indicated that patients with atherosclerosis are predominantly infected by human cytomegalovirus (HCMV), but rarely infected by type 1 Epstein-Barr virus (EBV-1). In this study, atheromas of 30 patients who underwent aortocoronary bypass surgery with coronary endartherectomy were tested for the presence of these two viruses. HCMV occurred in 93.3% of the samples and EBV-1 was present in 50% of them. Concurrent presence of both pathogens was detected in 43.3% of the samples.

Validity and reliability of methods for the detection of secondary caries around amalgam restorations in primary teeth

Secondary caries has been reported as the main reason for restoration replacement. The aim of this in vitro study was to evaluate the performance of different methods - visual inspection, laser fluorescence (DIAGNOdent), radiography and tactile examination - for secondary caries detection in primary molars restored with amalgam. Fifty-four primary molars were photographed and 73 suspect sites adjacent to amalgam restorations were selected. Two examiners evaluated independently these sites using all methods. Agreement between examiners was assessed by the Kappa test. To validate the methods, a caries-detector dye was used after restoration removal. The best cut-off points for the sample were found by a Receiver Operator Characteristic (ROC) analysis, and the area under the ROC curve (Az), and the sensitivity, specificity and accuracy of the methods were calculated for enamel (D2) and dentine (D3) thresholds. These parameters were found for each method and then compared by the McNemar test. The tactile examination and visual inspection presented the highest inter-examiner agreement for the D2 and D3 thresholds, respectively. The visual inspection also showed better performance than the other methods for both thresholds (Az = 0.861 and Az = 0.841, respectively). In conclusion, the visual inspection presented the best performance for detecting enamel and dentin secondary caries in primary teeth restored with amalgam.