Detección de intrusiones basada en análisis de eventos del DNS

En este proyecto se hace un análisis en profundidad de las técnicas de ataque a las redes de ordenadores conocidas como APTs (Advanced Persistent Threats), viendo cuál es el impacto que pueden llegar a tener en los equipos de una empresa y el posible robo de información y pérdida monetaria que puede llevar asociada. Para hacer esta introspección veremos qué técnicas utilizan los atacantes para introducir el malware en la red y también cómo dicho malware escala privilegios, obtiene información privilegiada y se mantiene oculto. Además, y cómo parte experimental de este proyecto se ha desarrollado una plataforma para la detección de malware de una red en base a las webs, URLs e IPs que visitan los nodos que la componen. Obtendremos esta visión gracias a la extracción de los logs y registros de DNS de consulta de la compañía, sobre los que realizaremos un análisis exhaustivo. Para poder inferir correctamente qué equipos están infectados o no se ha utilizado un algoritmo de desarrollo propio inspirado en la técnica Belief Propagation (“Propagación basada en creencia”) que ya ha sido usada antes por desarrolladores cómo los de los Álamos en Nuevo México (Estados Unidos) para fines similares a los que aquí se muestran. Además, para mejorar la velocidad de inferencia y el rendimiento del sistema se propone un algoritmo adaptado a la plataforma Hadoop de Apache, por lo que se modifica el paradigma de programación habitual y se busca un nuevo paradigma conocido como MapReduce que consiste en la división de la información en conceptos clave-valor. Por una parte, los algoritmos que existen basados en Belief Propagation para el descubrimiento de malware son propietarios y no han sido publicados completamente hasta la fecha, por otra parte, estos algoritmos aún no han sido adaptados a Hadoop ni a ningún modelo de programación distribuida aspecto que se abordará en este proyecto. No es propósito de este proyecto desarrollar una plataforma comercial o funcionalmente completa, sino estudiar el problema de las APTs y una implementación que demuestre que la plataforma mencionada es factible de implementar. Este proyecto abre, a su vez, un horizonte nuevo de investigación en el campo de la adaptación al modelo MapReduce de algoritmos del tipo Belief Propagation basados en la detección del malware mediante registros DNS. ABSTRACT. This project makes an in-depth investigation about problems related to APT in computer networks nowadays, seeing how much damage could they inflict on the hosts of a Company and how much monetary and information loss may they cause. In our investigation we will find what techniques are generally applied by attackers to inject malware into networks and how this malware escalates its privileges, extracts privileged information and stays hidden. As the main part of this Project, this paper shows how to develop and configure a platform that could detect malware from URLs and IPs visited by the hosts of the network. This information can be extracted from the logs and DNS query records of the Company, on which we will make an analysis in depth. A self-developed algorithm inspired on Belief Propagation technique has been used to infer which hosts are infected and which are not. This technique has been used before by developers of Los Alamos Lab (New Mexico, USA) for similar purposes. Moreover, this project proposes an algorithm adapted to Apache Hadoop Platform in order to improve the inference speed and system performance. This platform replaces the traditional coding paradigm by a new paradigm called MapReduce which splits and shares information among hosts and uses key-value tokens. On the one hand, existing algorithms based on Belief Propagation are part of owner software and they have not been published yet because they have been patented due to the huge economic benefits they could give. On the other hand these algorithms have neither been adapted to Hadoop nor to other distributed coding paradigms. This situation turn the challenge into a complicated problem and could lead to a dramatic increase of its installation difficulty on a client corporation. The purpose of this Project is to develop a complete and 100% functional brand platform. Herein, show a short summary of the APT problem will be presented and make an effort will be made to demonstrate the viability of an APT discovering platform. At the same time, this project opens up new horizons of investigation about adapting Belief Propagation algorithms to the MapReduce model and about malware detection with DNS records.

Composition of sedimentary rocks from the Shapkina River valley, Bolshezemelskaya Tundra

A facies-genetic and stratigraphic subdivision of the Quaternary sequence in the Shapkina River valley has been accomplished. The riverbank shows outcrops of three glacial complexes with different mineralogical-petrographic compositions and structural characteristics, which can be correlated and stratificated. Datings of intermoraine horizons (alluvial, marine, lacustrine, and lacustrine-boggy sediments) have been based on palynological and paleomicrotheriological data. The Middle Neopleistocene section can be divided into two till horizons corresponding to two autonomous glaciations (Pechora and Vychegda). They are separated by a member of subaqueous Rodionov sediments. The Pechora till formed in the course of glacier motions from the northeast. Glacial horizons are mainly composed of the Vychegda till transported from the Northwest terrigenous provenance. Lithology of the Upper Neopleistocene Polyarnyi till testifies to its formation in the upper course of the river from material transported from the Northeast terrigenous-mineralogical provenance in the upper course of the river and from the Fennoscandian glaciation center in the lower course of the river. The paper presents the first lithological investigation and substantiation of genesis of various facies of Neopleistocene intermoraine marine sediments (sediments of the beach and fore-beach zones and shallow-water shelf).

Sensitivity of soil regions to acid precipitation /

Mode of access: Internet.

Lake and reservoir classification systems /

Mode of access: Internet.

Effects of sulfuric acid rain on two model hardwood forests : throughfall, litter leachate, and soil solution /

"January 1980."

Effects of acid precipitation on soil leachate quality : computer calculations /

Mode of access: Internet.

Characteristics of nonpoint source urban runoff and its effects on stream ecosystems /

Mode of access: Internet.

The soil core microcosm : a potential screening tool /

Mode of access: Internet.

A gas-exchange system for assessing plant performance in response to environmental stress /

Mode of access: Internet.

REDEQL.EPAK : aqueous chemical equilibrium computer program /

"Marine Division, Corvallis Environmental Research Laboratory."

Precipitation and inactivation of phosphorus as a lake restoration technique /

Mode of access: Internet.

Sediment removal as a lake restoration technique /

Mode of access: Internet.

The slowing down distribution from a point source of fission neutrons in light water /

Work performed at the Physics Division, Oak Ridge National Laboratory, Oak Ridge, Tennessee.

Neutron physics : a course of lectures by E. Fermi /

Mode of access: Internet.