Numerical encoding to tame SQL injection attacks.

Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations’ databases. Intruders becoming smarter in obfuscating web requests to evade detection combined with increasing volumes of web traffic from the Internet of Things (IoT), cloud-hosted and on-premise business applications have made it evident that the existing approaches of mostly static signature lack the ability to cope with novel signatures. A SQLIA detection and prevention solution can be achieved through exploring an alternative bio-inspired supervised learning approach that uses input of labelled dataset of numerical attributes in classifying true positives and negatives. We present in this paper a Numerical Encoding to Tame SQLIA (NETSQLIA) that implements a proof of concept for scalable numerical encoding of features to a dataset attributes with labelled class obtained from deep web traffic analysis. In the numerical attributes encoding: the model leverages proxy in the interception and decryption of web traffic. The intercepted web requests are then assembled for front-end SQL parsing and pattern matching by applying traditional Non-Deterministic Finite Automaton (NFA). This paper is intended for a technique of numerical attributes extraction of any size primed as an input dataset to an Artificial Neural Network (ANN) and statistical Machine Learning (ML) algorithms implemented using Two-Class Averaged Perceptron (TCAP) and Two-Class Logistic Regression (TCLR) respectively. This methodology then forms the subject of the empirical evaluation of the suitability of this model in the accurate classification of both legitimate web requests and SQLIA payloads.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

The war of attrition in cyber-space or "cyber-attacks", "cyber-war" and "cyber-terrorism"

Nos últimos anos tornou-se óbvio que o mundo virtual das bases de dados e do software – popularmente denominado como ciberespaço – tem um lado negro. Este lado negro tem várias dimensões, nomeadamente perda de produtividade, crime financeiro, furto de propriedade intelectual, de identidade, bullying e outros. Empresas, governos e outras entidades são cada vez mais alvo de ataques de terceiros com o fim de penetrarem as suas redes de dados e sistemas de informação. Estes vão desde os adolescentes a grupos organizados e extremamente competentes, sendo existem indicações de que alguns Estados têm vindo a desenvolver “cyber armies” com capacidades defensivas e ofensivas. Legisladores, políticos e diplomatas têm procurado estabelecer conceitos e definições, mas apesar da assinatura da Convenção do Conselho da Europa sobre Cibercrime em 2001 por vários Estados, não existiram novos desenvolvimentos desde então. Este artigo explora as várias dimensões deste domínio e enfatiza os desafios que se colocam a todos aqueles que são responsáveis pela proteção diária da informação das respetivas organizações contra ataques de origem e objetivos muitas vezes desconhecidos.

Risk of Wheezing Attacks in Infants With Transient Tachypnea Newborns

Background: The most common reason of respiratory distress in the newborn is transient tachypnea of the newborn (TTN). There are some reports saying that TTN is associated with increased frequencies of wheezing attacks. Objectives: The aims of this study were to determine the risk factors associated with TTN and to determine the association between TTN and the development of wheezing syndromes in early life. Materials and Methods: In a historical cohort study, we recorded the characteristics of 70 infants born at the Shohadaye Kargar Hospital in Yazd between March 2005 and March 2009 and who were hospitalized because of TTN in the neonatal intensive-care unit. We called their parents at least four years after the infants were discharged from the hospital and asked about any wheezing attacks. Seventy other infants with no health problems during the newborn period were included in the study as the control group. Results: The rate of wheezing attacks in newborns with TTN was more than patients with no TTN diagnosis (P = 0.014). TTN was found to be an independent risk factor for later wheezing attacks (relative risk [RR] = 2.8). Conclusions: The most obvious finding of this study was that TTN was an independent risk factor for wheezing attacks. So long-term medical care is suggested for these patients who may be at risk, because TTN may not be as transient as has been previously thought.

Investigation of un-American propaganda activities in the United States : Hearings before a Special Committee on Un-American Activities, House of Representatives, Seventy-fifth Congress, third session-Seventy-eighth Congress, second session, on H. Res. 282, to investigate (1) the extent, character, and objects of un-American propaganda activities in the United States, (2) the diffusion within the United States of subversive and un-American propaganda that is instigated from foreign countries or of a domestic origin and attacks the principle of the form of government as guaranteed by our Constitution, and (3) all other questions in relation thereto that would aid Congress in any necessary remedial legislation.

Martin Dies, chairman.

Development of mental health first aid guidelines for panic attacks: a Delphi study

BACKGROUND: Panic attacks are common, and while they are not life-threatening events, they can lead to the development of panic disorder and agoraphobia. Appropriate help at the time that a panic attack occurs may decrease the fear associated with the attack and reduce the risk of developing an anxiety disorder. However, few people have the knowledge and skills required to assist. Simple first aid guidelines may help members of the public to offer help to people who experience panic attacks.

METHODS: The Delphi method was used to reach consensus in a panel of experts. Experts included 50 professionals and 6 people who had experience of panic attacks and were active in mental health advocacy. Statements about how to assist someone who is having a panic attack were sourced through a systematic search of both professional and lay literature. These statements were rated for importance as first aid guidelines by the expert and consumer panels and guidelines were written using the items most consistently endorsed.

RESULTS: Of 144 statements presented to the panels, 27 were accepted. These statements were used to develop the guidelines appended to this paper.

CONCLUSION: There are a number of actions which are considered to be useful for members of the public to do if they encounter someone who is having a panic attack. These guidelines will be useful in revision of curricula of mental health first aid programs. They can also be used by members of the public who want immediate information about how to assist someone who is experiencing panic attacks.

Mitigating malicious feedback attacks in trust management systems

In electronic commerce (e-commerce) environment, trust management has been identified as vital component for establishing and maintaining successful relational exchanges between the trading partners. As trust management systems depend on the feedbacks provided by the trading partners, they are fallible to strategic manipulation of the rating attacks. Therefore, in order to improve the reliability of the trust management systems, an approach that addresses feedback-related vulnerabilities is paramount. This paper proposes an approach for identifying and actioning of falsified feedbacks to make trust management systems robust against rating manipulation attacks. The viability of the proposed approach is studied experimentally and the results of various simulation experiments show that the proposed approach can be highly effective in identifying falsified feedbacks.

Contagion in cybersecurity attacks

Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.

A multiagent based strategy for detecting attacks in databases in a distributed mode

This paper presents a distributed hierarchical multiagent architecture for detecting SQL injection attacks against databases. It uses a novel strategy, which is supported by a Case-Based Reasoning mechanism, which provides to the classifier agents with a great capacity of learning and adaptation to face this type of attack. The architecture combines strategies of intrusion detection systems such as misuse detection and anomaly detection. It has been tested and the results are presented in this paper.

Safeguarding Australia from cyber-terrorism: a SCADA risk framework

Terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional attacks. More recently, terrorists have been developing a new form of capability within the cyber-arena to coordinate cyber-based attacks. This chapter identifies that cyber-terrorism capabilities are an integral, imperative, yet under-researched component in establishing, and enhancing cyber-terrorism risk assessment models for SCADA systems. This chapter examines a cyber-terrorism SCADA risk framework that has been adopted and validated by SCADA industry practitioners. The chapter proposes a high level managerial framework, which is designed to measure and protect SCADA systems from the threat of cyber-terrorism within Australia. The findings and results of an industry focus group are presented in support of the developed framework for SCADA industry acceptance.

Combating cyber attacks in cloud computing using machine learning techniques.

An extensive investigative survey on Cloud Computing with the main focus on gaps that is slowing down Cloud adoption as well as reviewing the threat remediation challenges. Some experimentally supported thoughts on novel approaches to address some of the widely discussed cyber-attack types using machine learning techniques. The thoughts have been constructed in such a way so that Cloud customers can detect the cyber-attacks in their VM without much help from Cloud service provider

Análisis de mujeres cachemires como sujetos subalternos en la representación institucional de India y Paquistán a partir del fenómeno de desaparición forzada (1989-2008)

El interés de esta monografía es analizar las consecuencias de la representación institucional de India y Paquistán en la disputa territorial por Cachemira durante el periodo de 1989 a 2008. Puntualmente, se analiza y explica cómo la representación institucional prestada individualmente por India y Paquistán validó sus intereses como agentes de poder en la región, pasó por alto las necesidades de la población cachemir y fomentó la práctica de la desaparición forzada, lo que en consecuencia convirtió a las mujeres cachemires en un grupo subalterno. Para tal objetivo, se hará uso de la teoría postcolonialista, específicamente el enfoque subalternista de la autora Gayatri Chakravorty Spivak ya que permite explicar adecuadamente el proceso mediante el cual las mujeres cachemires se convirtieron en un grupo subalterno.

Análisis del cambio de las relaciones políticas entre India y Pakistán, a la luz de la cultura de anarquía hobbesiana, como consecuencia de los atentados de Mumbai 2008

Esta investigación busca analizar como se modificaron las relaciones entre India y Pakistán luego de los atentados de Mumbai 2008, a la luz de la cultura de anarquía hobbesiana. Para ello, se explicará como la estructura de anarquía ha sido un catalizador en la modificación de la toma de decisiones de los Estados, sobretodo teniendo en cuenta la característica de Pakistán como un Estado predador. Se demostrará si gracias a estos atentados la actuación de India en el conflicto ha cambiado y percibe a su par como un ente violento y predispuesto a la agresión. Para ello se entrará a explicar el devenir histórico de la relación, la intensidad del grupo perpetrador (Lashkar-e-Taiba) y las posiciones de ambos Estados frente a los atentados.