A distributed active defense system against DDoS attacks

This thesis proposes a novel architecture of Distributed Active Defense System (DADS) against Distibuted Denial of Service (DDoS) attacks. Three sub-systems of DADS were built. For each sub-system corresponding algorithms were developed, prototypes implemented, criteria for evaluation were set up and experiments in both simulation and real network laboratory environments were carried out.

Viral RNA silencing suppressors (RSS) : novel strategy of viruses to ablate the host RNA interference (RNAi) defense system

Pathogenic viruses have developed a molecular defense arsenal for their survival by counteracting the host anti-viral system known as RNA interference (RNAi). Cellular RNAi, in addition to regulating gene expression through microRNAs, also serves as a barrier against invasive foreign nucleic acids. RNAi is conserved across the biological species, including plants, animals and invertebrates. Viruses in turn, have evolved mechanisms that can counteract this anti-viral defense of the host. Recent studies of mammalian viruses exhibiting RNA silencing suppressor (RSS) activity have further advanced our understanding of RNAi in terms of host–virus interactions. Viral proteins and non-coding viral RNAs can inhibit the RNAi (miRNA/siRNA) pathway through different mechanisms. Mammalian viruses having dsRNA-binding regions and GW/WG motifs appear to have a high chance of conferring RSS activity. Although, RSSs of plant and invertebrate viruses have been well characterized, mammalian viral RSSs still need in-depth investigations to present the concrete evidences supporting their RNAi ablation characteristics. The information presented in this review together with any perspective research should help to predict and identify the RSS activity-endowed new viral proteins that could be the potential targets for designing novel anti-viral therapeutics.

A survey on latest botnet attack and defense

A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

Locating defense positions for thwarting the propagation of topological worms

A common view for the preferable positions of thwarting worm propagation is at the highly connected nodes. However, in certain conditions, such as when some popular users (highly connected nodes in the network) have more vigilance on the malicious codes, this may not always be the truth. In this letter, we propose a measure of betweenness and closeness to locate the most suitable positions for slowing down the worm propagation. This work provides practical values to the defense of topological worms.

CBF : A packet filtering method for DDoS attack defense in cloud environment

Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected at non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet at attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.

Modeling and defense against propagation of worms in networks

Worms are widely believed to be one of the most serious challenges in network security research. In order to prevent worms from propagating, we present a microcosmic model, which can benefit the security industry by allowing them to save significant money in the deployment of their security patching schemes.

Keynote : Detection of and defense against distributed denial-of-service (DDoS) attacks

Distributed denial-of-service (DDoS) attacks typically exhaust bandwidth, processing capacity, or memory of a targeted machine, service or network. Despite enormous efforts in combating DDoS attacks in the past decade, DDoS attacks are still a serious threat to the security of cyberspace. In this talk I shall outline the recent efforts of my research group in detection of and defence against DDoS attacks. In particular, this talk will concentrate on the following three critical issues related to DDoS attacks: (1) Traceback of DDoS attacks; (2) Detection of low-rate DDoS attacks; and (3) Discriminating DDoS attacks from flash crowds.

The contribution of job and partner satisfaction to the homeostatic defense of subjective wellbeing

Two studies investigate subjective wellbeing (SWB) homeostasis. The first investigates the contribution of job satisfaction (JS) and partner satisfaction (PS) to the homeostatic defense of SWB. The extant model of homeostasis does not include either variable. The second study investigates the relationship between Homeostatically Protected Mood (HPMood) and other factors involved in the homeostatic model. It has been proposed that HPMood is the basic, biologically determined, positive mood that saturates SWB and other related variables, and forms the basis of the SWB set-point. Thus, if HPMood is an individual difference and it perfuses other homeostatic variables, then HPMood should be responsible for much of the shared variance between such variables. Two comparative samples are involved. One is a group of 171 Hong Kong Chinese recruited through convenience sampling. The other is a group of 343 Australians recruited via a general population survey. Results indicate that both JS and PS predict significant variance in Global Life Satisfaction beyond the existing factors in the homeostatic model. It is also found that, after controlling for the effect of HPMood, the strength of correlations between SWB and other homeostatic variables is significantly diminished. The implications of these findings are discussed.

Host defense at the ocular surface

Microbial infections of the cornea frequently cause painful, blinding and debilitating disease that is often difficult to treat and may require corneal transplantation. In addition, sterile corneal infiltrates that are associated with contact lens wear cause pain, visual impairment and photophobia. In this article, we review the role of Toll-Like Receptors (TLR) in bacterial keratitis and sterile corneal infiltrates, and describe the role of MD-2 regulation in LPS responsiveness by corneal epithelial cells. We conclude that both live bacteria and bacterial products activate Toll-Like Receptors in the cornea, which leads to chemokine production and neutrophil recruitment to the corneal stroma. While neutrophils are essential for bacterial killing, they also cause tissue damage that results in loss of corneal clarity. These disparate outcomes, therefore, represent a spectrum of disease severity based on this pathway, and further indicate that targeting the TLR pathway is a feasible approach to treating inflammation caused by live bacteria and microbial products. Further, as the P. aeruginosa type III secretion system (T3SS) also plays a critical role in disease pathogenesis by inducing neutrophil apoptosis and facilitating bacterial growth in the cornea, T3SS exotoxins are additional targets for therapy for P. aeruginosa keratitis.

Intramuscular heat shock protein 72 and heme oxygenase-1 mRNA are reduced in patients with type 2 diabetes: evidence that insulin resistance is associated with a disturbed antioxidant defense mechanism

To examine whether genes associated with cellular defense against oxidative stress are associated with insulin sensitivity, patients with type 2 diabetes (n = 7) and age-matched (n = 5) and young (n = 9) control subjects underwent a euglycemic-hyperinsulinemic clamp for 120 min. Muscle samples were obtained before and after the clamp and analyzed for heat shock protein (HSP)72 and heme oxygenase (HO)-1 mRNA, intramuscular triglyceride content, and the maximal activities of β-hyroxyacyl-CoA dehydrogenase (β-HAD) and citrate synthase (CS). Basal expression of both HSP72 and HO-1 mRNA were lower (P < 0.05) by 33 and 55%, respectively, when comparing diabetic patients with age-matched and young control subjects, with no differences between the latter groups. Both basal HSP72 (r = 0.75, P < 0.001) and HO-1 (r = 0.50, P < 0.05) mRNA expression correlated with the glucose infusion rate during the clamp. Significant correlations were also observed between HSP72 mRNA and both β-HAD (r = 0.61, P < 0.01) and CS (r = 0.65, P < 0.01). HSP72 mRNA was induced (P < 0.05) by the clamp in all groups. Although HO-1 mRNA was unaffected by the clamp in both the young and age-matched control subjects, it was increased (P < 0.05) ∼70-fold in the diabetic patients after the clamp. These data demonstrate that genes involved in providing cellular protection against oxidative stress are defective in patients with type 2 diabetes and correlate with insulin-stimulated glucose disposal and markers of muscle oxidative capacity. The data provide new evidence that the pathogenesis of type 2 diabetes involves perturbations to the antioxidant defense mechanism within skeletal muscle.

Modeling the propagation and defense study of internet malicious information

 Dr. Wen's research includes modelling the propagation dynamics of malicious information, exposing the most influential people and source identification of epidemics in social networks. His research is beneficial to both academia and industry in the field of Internet social networks.

Defense against packet dropping attacks in opportunistic networks

Opportunistic networks (OppNets) are an interesting topic that are seen to have a promising future. Many protocols have been developed to accommodate the features of OppNets such as frequent partitions, long delays, and no end-to-end path between the source and destination nodes. Embedding security into these protocols is challenging and has taken a lot of attention in research. One of the attacks that OppNets are exposed to is the packet dropping attack, where the malicious node attempts to drop some packets and forwards an incomplete number of packets which results in the distortion of the message. To increase the security levels in OppNets, this paper presents an algorithm developed to detect packet dropping attacks, and finds the malicious node that attempted the attack. The algorithm detects the attack by using an indicative field in the header section of each packet; the indicative field has 3 sub fields - the identification field, the flag field, and the offset field. These 3 fields are used to find if a node receives the complete original number of packets from the previous node. The algorithm will have the advantage of detecting packets dropped by each intermediate node, this helps solve the difficulties of finding malicious nodes by the destination node only.

Detection and defense of application-layer DDoS attacks in backbone web traffic

Web servers are usually located in a well-organized data center where these servers connect with the outside Internet directly through backbones. Meanwhile, the application-layer distributed denials of service (AL-DDoS) attacks are critical threats to the Internet, particularly to those business web servers. Currently, there are some methods designed to handle the AL-DDoS attacks, but most of them cannot be used in heavy backbones. In this paper, we propose a new method to detect AL-DDoS attacks. Our work distinguishes itself from previous methods by considering AL-DDoS attack detection in heavy backbone traffic. Besides, the detection of AL-DDoS attacks is easily misled by flash crowd traffic. In order to overcome this problem, our proposed method constructs a Real-time Frequency Vector (RFV) and real-timely characterizes the traffic as a set of models. By examining the entropy of AL-DDoS attacks and flash crowds, these models can be used to recognize the real AL-DDoS attacks. We integrate the above detection principles into a modularized defense architecture, which consists of a head-end sensor, a detection module and a traffic filter. With a swift AL-DDoS detection speed, the filter is capable of letting the legitimate requests through but the attack traffic is stopped. In the experiment, we adopt certain episodes of real traffic from Sina and Taobao to evaluate our AL-DDoS detection method and architecture. Compared with previous methods, the results show that our approach is very effective in defending AL-DDoS attacks at backbones. © 2013 Elsevier B.V. All rights reserved.