Protecting web applications from DDoS attacks by an active distributed defense system

In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high-profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resources. This paper introduces the vulnerability of web applications to DDoS attacks, and presents an active distributed defense system that has a deployment mixture of sub-systems to protect web applications from DDoS attacks. According to the simulation experiments, this system is effective in that it is able to defend web applications against attacks. It can avoid overall network congestion and provide more resources to legitimate web users.

Information security, cyber crime, and infrastructure protection : information security management within Australian healthcare organisations

Information security is now recognised as critical factor within the healthcare industry. With the gradual move from paper -based to electronic information there is an even greater need for protection. However, financial and operational constraints often exist which influence the practicality of developing a secure system. A new baseline security standard, the Health Information Security Management Implementation Guide, has been drafted which applies specifically to the unique information security requirements of the healthcare industry. The aim of this paper is to look at the effectiveness of the health information security standard and the development of information security within the Australian healthcare industry.

A defense system against DDoS attacks by large-scale IP traceback

In this paper, we present a new approach, called Flexible Deterministic Packet Marking (FDPM), to perform a large-scale IP traceback to defend against Distributed Denial of Service (DDoS) attacks. In a DDoS attack the victim host or network is usually attacked by a large number of spoofed IP packets coming from multiple sources. IP traceback is the ability to trace the IP packets to their sources without relying on the source address field of the IP header. FDPM provides many flexible features to trace the IP packets and can obtain better tracing capability than current IP traceback mechanisms, such as Probabilistic Packet Marking (PPM), and Deterministic Packet Marking (DPM). The flexibilities of FDPM are in two ways, one is that it can adjust the length of marking field according to the network protocols deployed; the other is that it can adjust the marking rate according to the load of participating routers. The implementation and evaluation demonstrates that the FDPM needs moderately only a small number of packets to complete the traceback process; and can successfully perform a large-scale IP traceback, for example, trace up to 110,000 sources in a single incident response. It has a built-in overload prevention mechanism, therefore this scheme can perform a good traceback process even it is heavily loaded.

Mark-aided distributed filtering by using neural network for DDoS defense

Currently Distributed Denial of Service (DDoS) attacks have been identified as one of the most serious problems on the Internet. The aim of DDoS attacks is to prevent legitimate users from accessing desired resources, such as network bandwidth. Hence the immediate task of DDoS defense is to provide as much resources as possible to legitimate users when there is an attack. Unfortunately most current defense approaches can not efficiently detect and filter out attack traffic. Our approach is to find the network anomalies by using neural network, deploy the system at distributed routers, identify the attack packets, and then filter them. The marks in the IP header that are generated by a group of IP traceback schemes, Deterministic Packet Marking (DPM)/Flexible Deterministic Packet Marking (FDPM), assist this process of identifying attack packets. The experimental results show that this approach can be used to defend against both intensive and subtle DDoS attacks, and can catch DDoS attacks’ characteristic of starting from multiple sources to a single victim. According to results, we find the marks in IP headers can enhance the sensitivity and accuracy of detection, thus improve the legitimate traffic throughput and reduce attack traffic throughput. Therefore, it can perform well in filtering DDoS attack traffic precisely and effectively.

Shaming, shame and recidivism : a test of reintegrative shaming theory in the white-collar crime context

Despite the popularity of reintegrative shaming theory in the field of criminology, only a small number of studies purporting to test it have been published to date. The aim of the present study, therefore, is to provide an empirical test of Braithwaite's (1989; Braithwaite and Braithwaite 2001) theory of reintegrative shaming in the white-collar crime context. The data on which the study is based came from survey data collected from a group of 652 tax offenders. Consistent with predictions, it was found that feelings of reintegration/stigmatization experienced during an enforcement event were related to reoffending behaviour. Those taxpayers who felt that their enforcement experience had been reintegrative in nature were less likely to report having evaded their taxes two years later. Consistent with Braithwaite and Braithwaite's (2001) hypotheses, shame-related emotions were also found to partially mediate the effect of reintegration on subsequent offending behaviour. Implications for the effective regulation of white-collar offenders are discussed.

Mental health promotion and socio-economic disadvantage: lessons from substance abuse, violence and crime prevention and child health

Issue addressed: Mental health promotion aimed at populations with low socio-economic status (SES) may benefit by investigating prevention strategies that effectively address related child and adolescent problems.
Methods: Evidence from a number of literature reviews and program evaluations was synthesised. First, the impact of SES on development from childhood to adulthood is considered in light of research on substance
abuse, violence, crime, and child development problems. Second, evaluations of interventions are reviewed to identify those that have shown outcomes in research studies (efficacy) or in real-world settings (effectiveness) in reducing developmental problems associated with low SES. Low SES is measured in different ways including low levels of education and/or income or definitions that combine several variables into a new indicator of low SES.
Results: Factors associated with low SES are also associated to varying extent with the development of violence and crime, substance abuse and child health problems. Interventions that address underlying determinants of low SES show strong efficacy in decreasing adolescent crime and violence and effectiveness in improving child health outcomes. Although there is limited efficacy evidence that substance abuse prevention can be effectively addressed by targeting low SES, programs designed to improve educational pathways show some efficacy in reducing aspects of adolescent substance use.
Conclusion: Mental health promotion strategies can draw on the approaches outlined here that are associated with the prevention of child and adolescent problems within low SES communities. Alternatively, such interventions could be supported in mental health promotion policy as they may assist in preventing related problems that undermine mental health.

Adaptive communal detection in search of adversarial identity crime

This paper is on adaptive real-time searching of credit application data streams for identity crime with many search parameters. Specifically, we concentrated on handling our domain-specific adversarial activity problem with the adaptive Communal Analysis Suspicion Scoring (CASS) algorithm. CASS's main novel theoretical contribution is in the formulation of State-of- Alert (SoA) which sets the condition of reduced, same, or heightened watchfulness; and Parameter-of-Change (PoC) which improves detection ability with pre-defined parameter values for each SoA. With pre-configured SoA policy and PoC strategy, CASS determines when, what, and how much to adapt its search parameters to ongoing adversarial activity. The above approach is validated with three sets of experiments, where each experiment is conducted on several million real credit applications and measured with three appropriate performance metrics. Significant improvements are achieved over previous work, with the discovery of some practical insights of adaptivity into our domain.

Cyber crime influencing businesses in South Africa

This study shows that cyber crime is a recent addition to the list of crimes that can adversely affec tbusinesses directly or indirectly. This phenomenon was not directly prosecutable in South Africa until the enactment of the ECT Act in July 2002. However this Act also prevents businesses to fully prosecute a hacker due to incompleteness. Any kind of commercially related crime can be duplicated as cyber crime. Therefore very little research appears or has been documented about cyber crime in South African companies before 2003. The motivation to do this study was
that businesses often loose millions in cyber attacks, not necessarily through direct theft but by the loss of service and damage to the image of the company. Most of the companies that were approached for interviews on cyber crime were reluctant to share the fact that they were hacked
or that cyber crime occurred at their company as it violates their security policies and may expose their fragile security platforms.
The purpose of this study was to attempt to get an overall view on how South African businesses are affected by cyber crime in the banking and short term insurance sector of the South African industry and also to determine what legislation exist in this country to protect them.
The case study approach was used to determine the affect of cyber crime on businesses like banks and insurance companies and higher education institutions. Each case was interviewed, monitored and was observed over a period of a year. This study discloses the evaluation of the results of how cyber crime affected the cases, which were part of this study. The banks and higher education institutions felt that they were at an increased risk both externally and internally, which is likely to increase as the migration towards electronic commerce occurs. The insurance industry felt that they are not yet affected by external cyber crime attacks in this country.

The development of a Defense System against Coxsackievirus B5 Infection in Suckling Mice

There are many viruses that are able to infect the alimentary tract of man. Little is known, however, about the mechanism of infection itself or the pathophysiology of the gut during infection. 'The research reported here is concerned with the differences in susceptibility among suckling mice of various ages inoculated by the intraperitoneal and intragastric routes. Since the normal mode of entry of many viruses to the gut is via the oral route, Coxsackievirus B5, a human enterovirus which does attack this way, was utilized. It is a non-tumor producing RNA virus that has been shown to act similarly in the mouse and human. The virus was pooled in HeLa cell cultures and titered by a plaquing assay in the same cell cultures. CD-l mice, 10, 14, 18, and 22 days old , were infected either orally or intraperitoneally with 5.0 x 10^10 (10 day old animals) and 1.0 x10^9 plaque forming units per animal. Dissections were done at 1 and 3 days post infection with samples of the blood, heart, liver, and gut being taken from each animal. Each sample was titered individually and the data presented as an average of six samples. As a result of previous work, it is known that the gut of a newborn mouse isn't able to decrease the concentration of the infecting dose and therefore provides no defense against an enteric infection with Coxsackievirus B5. In contrat, mature mice are able to reduce the amount of viral dissemination across the gut as well as inhibit replication after absorption has occurred. The results of this study indicate that there is a double barrier system developing in suckling mice that is involved with and directly related to the gastrointestinal tract The first part of this defense is the inhibition of penetration of virus across the gut when the primary site of' infection is the intestinal mucosa. This mechanism develops sometime around 20 to 22 days after birth. At about 16-18 days of age, suckling mice that were challenged intragastrically are able to stop active replication and initiate clearance of virus from the systemic circulation. There are many factors that might contribute to the marked decrease in susceptibility with age of suckling mice. Some of these or possibly a combination of these factors might explain the defense mechanisms described above, but to date, the chemistry or mechanical functioning of the gastrointestinal barrier to enteric viral infection is unknown.

Some clues about story in crime fiction

I want to begin my talk at this colloquium by saying from the start that I am outclassed here. I have published one crime novel, and while I have used some aspects of the crime genre in my current novel - notably a kind of mystery and a movement towards resolution - I would not classify myself as an expert. What I do know about is the teaching of writing, the value of plot and the ever-important idea of story. Story and aspects of plot are vital ingredients in crime fiction and so I come to the task of writing this paper searching for more clues about how to write story in crime fiction.

Surfing the crime net : policing, crime prevention and community safety in Australia

There can be no doubt that the Internet offers the possibility of increasing access to a range of sources of available information in a timely manner. This is particularly so as we increasingly seek to engage with information from outside our jurisdictional boundaries. While this hints at the effects of globalisation, it is also meant to be suggestive of the practical realities involved in researching (or simply following) developments occurring within emergent federal structures (for instance the European Union) or longer-standing federations such as the United States and Australia. Of course, a department or agency having a homepage and various links is only the start of the process of making information accessible. As will be indicated below, there remain significant limitations in the electronic material available from many agencies. Fortunately, there are also a number of organisations that enable the researcher to access original data and research publications.

Financial crime in South Africa

During the 1990s economic crime began to spiral in South Africa. This phenomenon coincided with the country's transition to a democratic state. The article outlines a number of steps that South Africa took to align its laws with international standards and to improve the legal tools of law enforcement to address the crime wave. A number of successes, for instance the improvement in tax morality, are pointed out but it is argued that co-ordination and co-operation between law enforcement agencies require more attention.