An Immune Network Intrusion Detection System Utilising Correlation Context

Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

Formalizing operator task analysis

Human operators are unique in their decision making capability, judgment and nondeterminism. Their sense of judgment, unpredictable decision procedures, susceptibility to environmental elements can cause them to erroneously execute a given task description to operate a computer system. Usually, a computer system is protected against some erroneous human behaviors by having necessary safeguard mechanisms in place. But some erroneous human operator behaviors can lead to severe or even fatal consequences especially in safety critical systems. A generalized methodology that can allow modeling and analyzing the interactions between computer systems and human operators where the operators are allowed to deviate from their prescribed behaviors will provide a formal understanding of the robustness of a computer system against possible aberrant behaviors by its human operators. We provide several methodology for assisting in modeling and analyzing human behaviors exhibited while operating computer systems. Every human operator is usually given a specific recommended set of guidelines for operating a system. We first present process algebraic methodology for modeling and verifying recommended human task execution behavior. We present how one can perform runtime monitoring of a computer system being operated by a human operator for checking violation of temporal safety properties. We consider the concept of a protection envelope giving a wider class of behaviors than those strictly prescribed by a human task that can be tolerated by a system. We then provide a framework for determining whether a computer system can maintain its guarantees if the human operators operate within their protection envelopes. This framework also helps to determine the robustness of the computer system under weakening of the protection envelopes. In this regard, we present a tool called Tutela that assists in implementing the framework. We then examine the ability of a system to remain safe under broad classes of variations of the prescribed human task. We develop a framework for addressing two issues. The first issue is: given a human task specification and a protection envelope, will the protection envelope properties still hold under standard erroneous executions of that task by the human operators? In other words how robust is the protection envelope? The second issue is: in the absence of a protection envelope, can we approximate a protection envelope encompassing those standard erroneous human behaviors that can be safely endured by the system? We present an extension of Tutela that implements this framework. The two frameworks mentioned above use Concurrent Game Structures (CGS) as models for both computer systems and their human operators. However, there are some shortcomings of this formalism for our uses. We add incomplete information concepts in CGSs to achieve better modularity for the players. We introduce nondeterminism in both the transition system and strategies of players and in the modeling of human operators and computer systems. Nondeterministic action strategies for players in \emph{i}ncomplete information \emph{N}ondeterministic CGS (iNCGS) is a more precise formalism for modeling human behaviors exhibited while operating a computer system. We show how we can reason about a human behavior satisfying a guarantee by providing a semantics of Alternating Time Temporal Logic based on iNCGS player strategies. In a nutshell this dissertation provides formal methodology for modeling and analyzing system robustness against both expected and erroneous human operator behaviors.

'Immune System Approaches to Intrusion Detection - A Review'

Abstract. The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we collate the algorithms used, the development of the systems and the outcome of their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestions for future research.

Immune System Approaches to Intrusion Detection - A Review

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

Analizar y comparar el lenguaje de alto nivel SystemC frente a los de HDL. aplicación al diseño de sistemas de computo

La complejidad de los sistemas actuales de computación ha obligado a los diseñadores de herramientas CAD/CAE a acondicionar lenguajes de alto nivel, tipo C++, para la descripción y automatización de estructuras algorítmicas a sus correspondientes diseños a nivel físico. Los proyectos a realizar se encuadran dentro de una línea de trabajo consistente en estudiar la programación, funcionamiento de los lenguajes SystemC y SystemVerilog, sus herramientas asociadas y analizar cómo se adecuan a las restricciones temporales y físicas de los componentes (librerías, IP's, macro-celdas, etc) para su directa implementación. En una primera fase, y para este TFG, se estudiarán los componentes que conforman el framework elegido que es SystemC y su inclusión en herramientas de diseño arquitectural. Este conocimiento nos ayudará a entender el funcionamiento y capacidad de dicha herramienta y proceder a su correcto manejo. Analizaremos y estudiaremos unos de los lenguajes de alto nivel de los que hace uso dicha herramienta. Una vez entendido el contexto de aplicación, sus restricciones y sus elementos, diseñaremos una estructura hardware. Una vez que se tenga el diseño, se procederá a su implementación haciendo uso, si es necesario, de simuladores. El proyecto finalizará con una definición de un conjunto de pruebas con el fin de verificar y validar la usabilidad y viabilidad de nuestra estructura hardware propuesta.

An immune inspired Network Intrusion Detection System utilising correlation

Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

Algorithmique et complexité des systèmes à compteurs

Réalisé en cotutelle avec l'École normale supérieure de Cachan – Université Paris-Saclay

Del videojuego a la realidad : sistema interactivo para la seguridad vial

El vertiginoso crecimiento de los centros urbanos, las tecnologías emergentes y la demanda de nuevos servicios por parte de la población plantea encaminar esfuerzos hacia el desarrollo de las ciudades inteligentes. Éste concepto ha tomado fuerza entre los sectores político, económico, social, académico, ambiental y civil; de forma paralela, se han generado iniciativas que conducen hacia la integración de la infraestructura, la tecnología y los servicios para los ciudadanos. En éste contexto, una de las problemáticas con mayor impacto en la sociedad es la seguridad vial. Es necesario contar con mecanismos que disminuyan la accidentalidad, mejoren la atención a incidentes, optimicen la movilidad urbana y planeación municipal, ayuden a reducir el consumo de combustible y la emisión de gases de efecto de invernadero, así como ofrecer información dinámica y efectiva a los viajeros. En este artículo se describen dos (2) enfoques que contribuyen de manera eficiente dicho problema: los videojuegos como juegos serios y los sistemas de transporte inteligente. Ambos enfoques están encaminados a evitar colisiones y su diseño e implementación requieren componentes altamente tecnológicos (e.g. sistemas telemáticos e informáticos, inteligencia artificial, procesamiento de imágenes y modelado 3D).

Auditoría de sistemas al cumplimiento de los requerimientos 7, 8, 9 de la norma PCIDSS aplicada a Coral Hipermercado, Racar plaza con corte a Junio de 2015

Coral Hipermercado GO es una empresa dedicada a la comercialización de diversos productos de consumo masivo. Debido a la demanda que mantienen y el nivel de transacciones que realizan en ventas diariamente,

Falcon herramientas de software para el procesamiento aerofotogramétrico

En el área de Aerofotogrametría Digital, el software comercial prevalente para postproceso presenta limitaciones debido a dos factores: (i) las legislaciones de cada país o región requieren diferentes convenciones, y (ii) las necesidades de las empresas son tan cambiantes que no justifican la compra de software de alto rendimiento, que puede quedar sin utilizar debido a un viraje del mercado -- El presente proyecto se ha desarrollado para atender necesidades de procesamiento automático de planos (partición, detección y corrección de errores, etc.), así como módulos de importación – exportación paquete a paquete, trazado de rutas e interacción con GPS -- Este artículo informa de los dos últimos aspectos -- Debido a necesidades de los clientes, los archivos entregados deben llevar un formato comercial (DWG, DXF), pero el procesamiento de los archivos debe ser hecho en paquetes y formatos diversos (DGN) -- Por lo tanto, fue necesario diseñar e implementar un formato acompañante que permitió llevar la información que se pierde al usar filtros comerciales (DGN a DXF/DWG) -- Asimismo se crearon módulos de importación y exportación redundantes, que hicieron efectivos dichos atributos -- En el aspecto de generación de rutas de vuelo, se reportan en este artículo la aplicación de algoritmos tradicionales de barrido (peinado) de áreas 2D, a los cuales se agregaron restricciones geométricas (puntos fijos, offsets, orden de los barridos de acuerdo a coordenadas del sitio de partida, etc.) -- Debido a los altos costos de equipos equivalentes, se decidió desarrollar software para traducción de rutas entre formatos GPS y formatos geográficos locales al país -- Ello permite la eliminación de fuentes de error y además facilita la carga del plan de vuelo, a costos mucho menores a los del hardware / software comercial

Semantics, knowledge and grids on big data

Semantics, knowledge and Grids represent three spaces where people interact, understand, learn and create. Grids represent the advanced cyber-infrastructures and evolution. Big data influence the evolution of semantics, knowledge and Grids. Exploring semantics, knowledge and Grids on big data helps accelerate the shift of scientific paradigm, the fourth industrial revolution, and the transformational innovation of technologies.

Impact of single parameter changes on Ceph cloud storage performance

In a general purpose cloud system efficiencies are yet to be had from supporting diverse applications and their requirements within a storage system used for a private cloud. Supporting such diverse requirements poses a significant challenge in a storage system that supports fine grained configuration on a variety of parameters. This paper uses the Ceph distributed file system, and in particular its global parameters, to show how a single changed parameter can effect the performance for a range of access patterns when tested with an OpenStack cloud system.

Criação de uma ontologia e respectiva povoação a partir do processamento de relatórios médicos

A evolução tecnológica tem provocado uma evolução na medicina, através de sistemas computacionais voltados para o armazenamento, captura e disponibilização de informações médicas. Os relatórios médicos são, na maior parte das vezes, guardados num texto livre não estruturado e escritos com vocabulário proprietário, podendo ocasionar falhas de interpretação. Através das linguagens da Web Semântica, é possível utilizar antologias como modo de estruturar e padronizar a informação dos relatórios médicos, adicionando¬ lhe anotações semânticas. A informação contida nos relatórios pode desta forma ser publicada na Web, permitindo às máquinas o processamento automático da informação. No entanto, o processo de criação de antologias é bastante complexo, pois existe o problema de criar uma ontologia que não cubra todo o domínio pretendido. Este trabalho incide na criação de uma ontologia e respectiva povoação, através de técnicas de PLN e Aprendizagem Automática que permitem extrair a informação dos relatórios médicos. Foi desenvolvida uma aplicação, que permite ao utilizador converter relatórios do formato digital para o formato OWL. ABSTRACT: Technological evolution has caused a medicine evolution through computer systems which allow storage, gathering and availability of medical information. Medical reports are, most of the times, stored in a non-structured free text and written in a personal way so that misunderstandings may occur. Through Semantic Web languages, it’s possible to use ontology as a way to structure and standardize medical reports information by adding semantic notes. The information in those reports can, by these means, be displayed on the web, allowing machines automatic information processing. However, the process of creating ontology is very complex, as there is a risk creating of an ontology that not covering the whole desired domain. This work is about creation of an ontology and its population through NLP and Machine Learning techniques to extract information from medical reports. An application was developed which allows the user to convert reports from digital for¬ mat to OWL format.

Distributed computer-controlled systems: the DEAR-COTS approach

This paper proposes a new architecture targeting real-time and reliable Distributed Computer-Controlled Systems (DCCS). This architecture provides a structured approach for the integration of soft and/or hard real-time applications with Commercial O -The-Shelf (COTS) components. The Timely Computing Base model is used as the reference model to deal with the heterogeneity of system components with respect to guaranteeing the timeliness of applications. The reliability and availability requirements of hard real-time applications are guaranteed by a software-based fault-tolerance approach.