Detección de intrusiones basada en análisis de eventos del DNS

En este proyecto se hace un análisis en profundidad de las técnicas de ataque a las redes de ordenadores conocidas como APTs (Advanced Persistent Threats), viendo cuál es el impacto que pueden llegar a tener en los equipos de una empresa y el posible robo de información y pérdida monetaria que puede llevar asociada. Para hacer esta introspección veremos qué técnicas utilizan los atacantes para introducir el malware en la red y también cómo dicho malware escala privilegios, obtiene información privilegiada y se mantiene oculto. Además, y cómo parte experimental de este proyecto se ha desarrollado una plataforma para la detección de malware de una red en base a las webs, URLs e IPs que visitan los nodos que la componen. Obtendremos esta visión gracias a la extracción de los logs y registros de DNS de consulta de la compañía, sobre los que realizaremos un análisis exhaustivo. Para poder inferir correctamente qué equipos están infectados o no se ha utilizado un algoritmo de desarrollo propio inspirado en la técnica Belief Propagation (“Propagación basada en creencia”) que ya ha sido usada antes por desarrolladores cómo los de los Álamos en Nuevo México (Estados Unidos) para fines similares a los que aquí se muestran. Además, para mejorar la velocidad de inferencia y el rendimiento del sistema se propone un algoritmo adaptado a la plataforma Hadoop de Apache, por lo que se modifica el paradigma de programación habitual y se busca un nuevo paradigma conocido como MapReduce que consiste en la división de la información en conceptos clave-valor. Por una parte, los algoritmos que existen basados en Belief Propagation para el descubrimiento de malware son propietarios y no han sido publicados completamente hasta la fecha, por otra parte, estos algoritmos aún no han sido adaptados a Hadoop ni a ningún modelo de programación distribuida aspecto que se abordará en este proyecto. No es propósito de este proyecto desarrollar una plataforma comercial o funcionalmente completa, sino estudiar el problema de las APTs y una implementación que demuestre que la plataforma mencionada es factible de implementar. Este proyecto abre, a su vez, un horizonte nuevo de investigación en el campo de la adaptación al modelo MapReduce de algoritmos del tipo Belief Propagation basados en la detección del malware mediante registros DNS. ABSTRACT. This project makes an in-depth investigation about problems related to APT in computer networks nowadays, seeing how much damage could they inflict on the hosts of a Company and how much monetary and information loss may they cause. In our investigation we will find what techniques are generally applied by attackers to inject malware into networks and how this malware escalates its privileges, extracts privileged information and stays hidden. As the main part of this Project, this paper shows how to develop and configure a platform that could detect malware from URLs and IPs visited by the hosts of the network. This information can be extracted from the logs and DNS query records of the Company, on which we will make an analysis in depth. A self-developed algorithm inspired on Belief Propagation technique has been used to infer which hosts are infected and which are not. This technique has been used before by developers of Los Alamos Lab (New Mexico, USA) for similar purposes. Moreover, this project proposes an algorithm adapted to Apache Hadoop Platform in order to improve the inference speed and system performance. This platform replaces the traditional coding paradigm by a new paradigm called MapReduce which splits and shares information among hosts and uses key-value tokens. On the one hand, existing algorithms based on Belief Propagation are part of owner software and they have not been published yet because they have been patented due to the huge economic benefits they could give. On the other hand these algorithms have neither been adapted to Hadoop nor to other distributed coding paradigms. This situation turn the challenge into a complicated problem and could lead to a dramatic increase of its installation difficulty on a client corporation. The purpose of this Project is to develop a complete and 100% functional brand platform. Herein, show a short summary of the APT problem will be presented and make an effort will be made to demonstrate the viability of an APT discovering platform. At the same time, this project opens up new horizons of investigation about adapting Belief Propagation algorithms to the MapReduce model and about malware detection with DNS records.

DNS of a hot-wire anemometer in a turbulent channel flow

A body with a shape similar to a hot wire with its sheath, but no prongs, has been placed close to the wall of a turbulent channel at Re_tau = 600. The results of the channel flow, without the wire, agree with previous published ones, despite the modest resolution and domain size. A simplified, two-dimensional version of the wire at the same Reynolds number has been studied to compare the dynamic response of cold and hot wires, where a slightly bigger perturbation is seen in the hot case, but an almost identical dynamic response. The cold wire seems to be able to measure instantaneous velocity with total drag after proper calibration. Being a DNS, the complete description of the flow field around the wire is obtained.

Análisis de vulnerabilidades del DNS

El DNS (Domain Name System) es un sistema que permite localizar equipos y servicios de Internet a través de nombres descriptivos organizados de forma jerárquica gracias a un mecanismo de consulta/respuesta. Cuando un usuario escriba un nombre de dominio en una aplicación, los servidores DNS podrán traducirlo a otra información asociada con él mismo, como una dirección IP o un alias, por lo que el DNS puede entenderse como una base de datos globalmente jerarquizada que nació a causa de la necesidad de poder recordar fácilmente los nombres de todos los servidores conectados a Internet. La necesidad del uso del DNS y su carencia en sistemas de seguridad, han conformado un entorno propicio para multitud de ataques, entre los que se encuentran el MITM (Man In The Middle), caché poisoning, negación de servicios o fugas de información entre otros, generando situaciones comprometidas para multitud de usuarios. Para poder contrarrestarlos se han ido implementando un conjunto de modelos de seguridad, entre los que destacan algunos como el DNSSEC, con su uso de firmas criptográficas , el WSEC DNS con identificadores aleatorios o el DNS Curve que cifraba todo el contenido transmitido. Este proyecto consta de una breve introducción al DNS, donde se podrá conocer su estructura y entender su funcionamiento. Posteriormente se pasará a analizar conceptos de seguridad web, particularizándose en un examen exhaustivo de las vulnerabilidades en el DNS. Finalmente se estudiarán distintos modelos de seguridad que se han ido implementando a lo largo del tiempo para intentar solventar estos problemas junto con sus ventajas y desventajas.

Determinação a baixo custo de açúcares redutores totais em caldo-de-cana, empregando sistemas de análise por injeção em fluxo com o uso de DNS

Determinação a baixo custo de açúcares redutores totais em caldo-de-cana, empregando sistema de análise por injeção em fluxo com o uso de DNS Um sistema de análise por injeção em fluxo foi utilizado para a determinação de açúcares redutores totais em caldo-de-cana. O método é baseado na hidrólise da sacarose, seguido da oxidação dos açúcares redutores pelo ácido 3,5-dinitrosalicílico (DNS) em meio alcalino, e determinação espectrofotométrica em 510 nm. Visando obter melhor sensibilidade e seletividade, os parâmetros volume de amostra e comprimento dos reatores foram estudados para avaliar o comportamento das curvas analíticas. Foram utilizados mini-compressores de aquários no lugar de bomba peristálticas e cela espectrofotométrica em acrílico no lugar de cela de vidro importada, a fim de minimizar o consumo de reagentes e o custo do sistema FIA. O presente sistema foi comparado ao método Lane-Eynon recomendado pelo Ministério da Agricultura. Usando o teste-t, não foram constatadas diferenças significativas entre os resultados dos dois métodos, sendo que os desvios relativos foram ao redor de 1%. O método permite analisar cerca de 14 amostras h-1 com desvio padrão relativo inferior a 1,35%.

DNS alert /

Description based on: Jan./Feb. 1992; title from caption.

Vaness: DNS for nomadic users in vehicular networks

Vehicular networks, also known as VANETs, are an ad-hoc network formed by vehicles and road-side units. Nowadays they have been attracting big interest both from researchers as from the automotive industry. With the upcoming of automotive specific operating systems and self-driving cars, the use of applications on vehicles and the integration with common mobile devices is becoming a big part of VANETs. Although many advances have been made on this field, there is still a big discrepancy between the communication layer services provided by VANETs and the user level services, namely those accessible through mobile applications on other networks and technologies. Users and developers are accustomed to user-to-user or user-tobusiness communication without explicit concerns related with the available communication transport layer. Such is not possible in VANETs since people may use more than one vehicle. However, to send a message to a specific user in these networks, there is a need to know the ID of the vehicle where the user is, meaning that there is a lack of services that map each individual user to VANETs endpoint (vehicle identification). This dissertation work proposes VANESS, a naming service as a resource to support user-to-user communication within a heterogeneous scenario comprising typical ISP scenario and VANETs focused on mobile devices. The proposed system is able to map the user to an end point either locally (i.e. there is not internet connection at all), online (i.e. system is not in a vehicular network but has direct internet connection) and using a gateway (i.e. the system is in a vehicular network where some of the nodes have internet access and will act as a gateway). VANESS was fully implemented on android OS with results proving his viability, and partially on iOS showing its multiplatform capabilities.

Quality-of-life among head and neck cancer survivors at one year after treatment – A systematic review

Abstract Background: The importance of quality-of-life (QoL) research has been recognised over the past two decades in patients with head and neck (H&N) cancer. The aims of this systematic review are to evaluate the QoL status of H&N cancer survivors one year after treatment and to identify the determinants affecting their QoL. Methods: Pubmed, Medline, Scopus, Sciencedirect and CINAHL (2000–2011) were searched for relevant studies, and two of the present authors assessed their methodological quality. The characteristics and main findings of the studies were extracted and reported. Results: Thirty-seven studies met the inclusion criteria, and the methodological quality of the majority was moderate to high. While patients of the group in question recover their global QoL by 12 months after treatment, a number of outstanding issues persist – deterioration in physical functioning, fatigue, xerostomia and sticky saliva. Age, cancer site, stage of disease, social support, smoking, feeding tube placement and alcohol consumption are the significant determinants of QoL at 12 months, while gender has little or no influence. Conclusions: Regular assessments should be carried out to monitor physical functioning,degree of fatigue, xerostomia and sticky saliva. Further research is required to develop appropriate and effective interventions to deal with these issues, and thus to promote the patients’ QoL.

Statistically steady turbulence in thin films: direct numerical simulations with Ekman friction

We present a detailed direct numerical simulation (DNS) of the two-dimensional Navier-Stokes equation with the incompressibility constraint and air-drag-induced Ekman friction; our DNS has been designed to investigate the combined effects of walls and such a friction on turbulence in forced thin films. We concentrate on the forward-cascade regime and show how to extract the isotropic parts of velocity and vorticity structure functions and hence the ratios of multiscaling exponents. We find that velocity structure functions display simple scaling, whereas their vorticity counterparts show multiscaling, and the probability distribution function of the Weiss parameter 3, which distinguishes between regions with centers and saddles, is in quantitative agreement with experiments.

Thermodynamics of Monosaccharide and Disaccharide Binding to Erythrina corallodendron Lectin

Isothermal titration calorimetry measurements of the binding of 2′-fucosyllactose, lactose, N-acetyllactosamine, galactopyranose, 2-acetamido-2-deoxygalactopyranoside, methyl α-N-dansylgalactosaminide (Me-α-DNS-GalN), methyl α-D-galactopyranoside, methyl β-D-galactopyranoside, and fucose to Erythrina corallodendron lectin (ECorL), a dimer with one binding site per subunit, were performed at 283-286 and 297-299 K. The site binding enthalpies, ΔHb, with the exception of Me-α-DNS-GalN, are the same at both temperatures and range from −47.1 ± 1.0 kJ mol−1 for N-acetyllactosamine to −4.4 ± 0.3 kJ mol−1 for fucose, and the site binding constants range from 3.82 ± 0.9 × 105 M−1 for Me-α-DNS-GalN at 283.2 K to 0.46 ± 0.05 × 103 M−1 for fucose at 297.2 K. The binding reactions are mainly enthalpically driven except for fucose and exhibit enthalpy-entropy compensation. The binding enthalpies of the disaccharides are about twice the binding enthalpies of the monosaccharides in contrast to concanavalin A where the binding enthalpies do not double for the disaccharides. Differential scanning calorimetry measurements show that denaturation of the ECorL dimer results in dissociation into its monomer subunits. The binding constants from the increase in denaturation temperature of ECorL in the presence of saccharides are in agreement with values from isothermal titration calorimetry results. The thermal denaturation of ECorL occurs around 333 K, well below the 344-360 K denaturation temperature of other legume lectins of similar size and tertiary structure, undoubtedly due to the difference in its quaternary structure relative to other legume lectins. This is also apparent from the independent unfolding of its two domains.

Extending temporal simulations

Direct numerical simulations (DNS) of spatially growing turbulent shear layers may be performed as temporal simulations by solving the governing equations with some additional terms while imposing streamwise periodicity. These terms are functions of the means whose spatial growth is calculated easily and accurately from statistics of the temporal DNS. Equations for such simulations are derived.

Effects of compressibility and heat release on entrainment processes in mixing layers

Characteristics of the process of entrainment in plane mixing layers, and the changes with compressibility and heat release, were studied using temporal DNS with simultaneous fluid packet tracking. Convective Mach numbers of the simulations are 0.15, 0.7 and 1.1. The Reynolds number is quite high (between 11 000 and 37 000 based on layer width and velocity difference), and is above the mixing transition. The study agrees with recent findings in round jets: first, engulfed fluid volume and its growth rate are both very small compared with the volume of the turbulent region and its growth rate, respectively. Secondly, most often, the process occurs close to the turbulent-nonturbulent boundaries. A new finding is that both compressibility and heat release retard the entrainment process so that it takes an O(1) time for vorticity or scalar levels to grow even after growth has been initiated. This delay is manifested as the fall in mixing layer growth rates as compressibility and heat release levels increase.

Roskapostin torjunta- ja luokittelumenetelmät

Tässä tutkielmassa tutustutaan kirjallisuuden avulla yleisesti käytössä oleviin roskapostin torjuntamenetelmiin. Myös niitä soveltava järjestelmäkokonaisuus esitellään. Työssä käsitellään esimerkiksi mustat DNS-listat, kollaboratiivisia tekniikoita ja harmaalistaus. Sisältöpohjaisiin menetelmiin, erityisesti bayesiläiseen luokitteluun ja logistiseen regressioanalyysiin tutustutaan tarkemmin. Tutkielmassa perehdytään myös roskapostitusta rajoittavaan lainsäädäntöön ja pohditaan, minkälaisilla keinoilla päädyttäisiin kokonaisuuden kannalta parhaaseen lopputulokseen. Työn kokeellisessa osuudessa verrataan logistista regressioanalyysiä ja bayesiläistä luokittelua roskapostintunnistuksessa realistisella koeasetelmalla käyttäen aitoa sähköpostikorpusta aineistona. Tärkeimmät kokeisiin perustuvat johtopäätökset ovat, että logistiseen regressioanalyysiin pohjaava tunnistus täydentäisi luokittelutuloksen puolesta erinomaisesti roskapostintorjuntajärjestelmää bayesiläisen luokittelijan rinnalla, mutta menetelmänä se on liian hidas tietokantanoudoista johtuvan I/O-vaativuuden takia. Lisäksi todetaan, että jopa käytettyä luokittelumenetelmää tärkeämpi seikka oppivaa roskapostintunnistusta hyödyntävässä järjestelmässä saattaa olla luokittelijalle syötetty aineisto, jonka laadun varmistamiseen on syytä panostaa erityisesti monen käyttäjän roskapostintorjuntajärjestelmässä, jossa luokitellaan kaikkien käyttäjien viestit samaan aineistoon perustuen.