Ferramentas de gestão de redes e classificação de tráfego: estudo de um caso

A gestão de redes informáticas converteu-se num fator vital para uma rede operar de forma eficiente, produtiva e lucrativa. A gestão envolve a monitorização e o controlo dos sistemas para que estes funcionam como o pretendido, ações de configuração, monitorização, reconfiguração dos componentes, são essenciais para o objetivo de melhorar o desempenho, diminuir o tempo de inatividade, melhor a segurança e efetuar contabilização. Paralelamente, a classificação de tráfego é um tema de bastante relevância em várias atividades relacionadas com as redes, tais como a previsão de QoS, segurança, monitorização, contabilização, planeamento de capacidade de backbones e deteção de invasão. A variação de determinados tipos de tráfego pode influenciar, decisões técnicas na área da gestão de redes, assim como decisões políticas e sociais. Neste trabalho pretende-se desenvolver um estudo dos vários protocolos, ferramentas de gestão e de classificação de tráfego disponíveis para apoiar a atividade de gestão. O estudo efetuado terminou com a proposta e implementação de uma solução de gestão adequado a um cenário real, bastante rico na diversidade de tecnologias e sistemas.

Determination of testosterone misuse in sport, an international comparative study

Introduction: Urinary steroid profiling is used in doping controls to detect testosterone abuse. A testosterone over epitestosterone (T/E) ratio exceeding 4.0 is considered as suspicious of testosterone administration, irrespectively of individual heterogeneous factors such as the athlete's ethnicity. A deletion polymorphism in the UGT2B17 gene was demonstrated to account for a significant part of the inter-individual variability in the T/E between Caucasians and Asians. However, the anti-doping strategy includes the determination of carbon isotope ratio on androgen metabolites which has been demonstrated to be reliable for the direct detection of testosterone misuse. Herein, we examined the profiles and the variability in the 13C/12Cratios of urinary steroids in a widely heterogeneous cohort of professional soccer players residing in different world countries (Argentina, Italy, Japan, South-Africa, Switzerland and Uganda). Aim: The determination of threshold values based on genotype information and diet specific of the ethnicity is expected to enhance significantly the detection of testosterone misuse. Methods: The steroid profile of 57 Africans, 32 Asians, 50 Caucasians and 32 Hispanics was determined by gas chromatography-mass spectrometry. The carbon isotope ratio of selected androgens in urine specimens were determined by means of gas chromatography/combustion/isotope ratio mass spectrometry (GC-C-IRMS). Results: Significant differences have been observed between all ethnic groups. After estimation of the prevalence of the UGT2B17 deletion/deletion genotype (African:22%; Asian:81%; Caucasian:10%; Hispanic:7%), ethnicspecific thresholds were developed for a specificity of 99% for the T/E (African:5.6; Asian:3.8; Caucasian:5.7; Hispanic:5.8). Italian and Swiss populations recorded an enrichment in 13C of the urinary steroids with respect to the other groups, thereby supporting consumption of a relatively larger proportion of C3 plants in their diet. Noteworthy, detection criteria based on the difference in the carbon isotope ratio of androsterone and pregnanediol for each population were well below the established threshold value for positive cases. Conclusion: These profiling results demonstrate that a unique and nonspecific threshold to evidence testosterone misuse is not fit for purpose. In addition, the carbon isotopic ratio from these different diet groups highlight the importance to adapt the criteria for increasing the sensitivity in the detection of exogenous testosterone. In conclusion, it may be emphasized that combining the use of isotope ratio mass spectrometry including refined interpretation criteria for positivity and the subject-based profiling of steroids will most probably improve the efficiency of the confirmatory test.

A pilot study on subject-based comprehensive steroid profiling: novel biomarkers to detect testosterone misuse in sports.

Context:  Until now, the testosterone/epitestosterone (T/E) ratio is the main marker for detection of testosterone (T) misuse in athletes. As this marker can be influenced by a number of confounding factors, additional steroid profile parameters indicating T misuse can provide substantiating evidence of doping with endogenous steroids. The evaluation of a steroid profile is currently based upon population statistics. Since large inter-individual variations exist, a paradigm shift towards subject-based references is ongoing in doping analysis. Objective:  Proposition of new biomarkers for the detection of testosterone in sports using extensive steroid profiling and an adaptive model based upon Bayesian inference. Subjects:  6 healthy male volunteers were administered with testosterone undecanoate. Population statistics were performed upon steroid profiles from 2014 male Caucasian athletes participating in official sport competition. Design:  An extended search for new biomarkers in a comprehensive steroid profile combined with Bayesian inference techniques as used in the Athlete Biological Passport resulted in a selection of additional biomarkers that may improve detection of testosterone misuse in sports. Results:  Apart from T/E, 4 other steroid ratios (6α-OH-androstenedione/16α-OH-dehydroepiandrostenedione, 4-OH-androstenedione/16α-OH-androstenedione, 7α-OH-testosterone/7β-OH-dehydroepiandrostenedione and dihydrotestosterone/5β-androstane-3α,17β-diol) were identified as sensitive urinary biomarkers for T misuse. These new biomarkers were rated according to relative response, parameter stability, detection time and discriminative power. Conclusion:  Newly selected biomarkers were found suitable for individual referencing within the concept of the Athlete's Biological Passport. The parameters showed improved detection time and discriminative power compared to the T/E ratio. Such biomarkers can support the evidence of doping with small oral doses of testosterone.

Haitallisen liikenteen havaitseminen ja suodattaminen operaattoriverkoissa

Suomen Viestintävirasto Ficora on antanut määräyksen 13/2005M, jonka mukaan internet-palveluntarjoajalla tulee olla ennalta määritellyt prosessit ja toimintamallit sen omista asiakasliittymistä internetiin lähtevän haitallisen liikenteen havaitsemiseksi ja suodattamiseksi. Määräys ei sinällään aseta ehtoja, kuinka asetetut vaatimukset kukin internet-palveluntarjoaja täyttää. Tässä diplomityössä annetaan määritelmät haitalliselle liikenteelle ja tutkitaan menetelmiä, joilla sitä voidaan havainnoida ja suodattaa paikallisen internet-palveluntarjoajan operaattoriverkoissa. Suhteutettunapaikallisen internet-palveluntarjoajan asiakasliittymien määrään, uhkien vakavuuteen ja tällaisen systeemin kustannuksiin, tullaan tämän työn pohjalta ehdottamaan avoimen lähdekoodin tunkeutumisenhavaitsemistyökalua nopeaa reagointia vaativiin tietoturvaloukkauksiin ja automatisoitua uudelleenreitititystä suodatukseen. Lisäksi normaalin työajan puitteissa tapahtuvaan liikenteen seurantaan suositetaan laajennettua valvontapöytää, jossa tarkemmat tutkimukset voidaan laittaa alulle visualisoitujen reaaliaikaisten tietoliikenneverkon tietovoiden kautta.

Tietoturvainformaation ja -tapahtumien hallinta PCI DSS -standardissa

Työn keskeisimpänä tavoitteena on tutkia SIEM-järjestelmien (Security Information and Event Management) käyttömahdollisuuksia PCI DSS -standardissa (Payment Card IndustryData Security Standard) lähtökohtaisesti ratkaisutoimittajan näkökulmasta. Työ on tehty Cygate Oy:ssä. SIEM on uusi tietoturvan ratkaisualue, jonka käyttöönottoa vauhdittavat erilaiset viralliset sääntelyt kuten luottokorttiyhtiöiden asettama PCI DSS -standardi. SIEM-järjestelmien avulla organisaatiot pystyvät keräämään valmistajariippumattomasti verkon systeemikomponenteista tapahtumatietoja, joiden avulla pystytään näkemään keskitetysti, mitä verkossa on tapahtunut. SIEM:ssa käsitellään sekä historiapohjaisia että reaaliaikaisia tapahtumia ja se toimii organisaatioiden keskitettynä tietoturvaprosessia tukevana hallintatyökaluna. PCI DSS -standardi on hyvin yksityiskohtainen ja sen vaatimusten täyttäminen ei ole yksinkertaista. Vaatimuksenmukaisuutta ei saavuteta hetkessä, vaan siihen liittyvä projekti voi kestää viikoista kuukausiin. Standardin yksi haasteellisimmista asioista on keskitetty lokien hallinta. Maksukorttitietoja käsittelevien ja välittävien organisaatioiden on kerättävä kaikki audit-lokit eri järjestelmistä, jotta maksukorttitietojen käyttöä pystytään luottamuksellisesti seuraamaan. Standardin mukaan organisaatioiden tulee käyttää myös tunkeutumisen ja haavoittuvuuksien havainnointijärjestelmiä mahdollisten tietomurtojen havaitsemiseksi ja estämiseksi. SIEM-järjestelmän avulla saadaan täytettyä PCI DSS -standardin vaativimpia lokien hallintaan liittyviä vaatimuksia ja se tuo samallamonia yksityiskohtaisia parannuksia tukemaan muita standardin vaatimuskohtia. Siitä voi olla hyötyä mm. tunkeutumisen ja haavoittuvuuksien havainnoinnissa. SIEM-järjestelmän hyödyntäminen standardin apuna on kuitenkin erittäin haasteellista. Käyttöönotto vaatii tarkkaa etukäteissuunnittelua ja kokonaisuuksien ymmärtämistä niin ratkaisutoimittajan kuin ratkaisun käyttöönottajan puolelta.

Supervised localimage feature detection

This thesis is about detection of local image features. The research topic belongs to the wider area of object detection, which is a machine vision and pattern recognition problem where an object must be detected (located) in an image. State-of-the-art object detection methods often divide the problem into separate interest point detection and local image description steps, but in this thesis a different technique is used, leading to higher quality image features which enable more precise localization. Instead of using interest point detection the landmark positions are marked manually. Therefore, the quality of the image features is not limited by the interest point detection phase and the learning of image features is simplified. The approach combines both interest point detection and local description into one phase for detection. Computational efficiency of the descriptor is therefore important, leaving out many of the commonly used descriptors as unsuitably heavy. Multiresolution Gabor features has been the main descriptor in this thesis and improving their efficiency is a significant part. Actual image features are formed from descriptors by using a classifierwhich can then recognize similar looking patches in new images. The main classifier is based on Gaussian mixture models. Classifiers are used in one-class classifier configuration where there are only positive training samples without explicit background class. The local image feature detection method has been tested with two freely available face detection databases and a proprietary license plate database. The localization performance was very good in these experiments. Other applications applying the same under-lying techniques are also presented, including object categorization and fault detection.

Security Authentication using Phase-Encoded Nanoparticle Structures and Polarized Light

Phase encoded nano structures such as Quick Response (QR) codes made of metallic nanoparticles are suggested to be used in security and authentication applications. We present a polarimetric optical method able to authenticate random phase encoded QR codes. The system is illuminated using polarized light and the QR code is encoded using a phase-only random mask. Using classification algorithms it is possible to validate the QR code from the examination of the polarimetric signature of the speckle pattern. We used Kolmogorov-Smirnov statistical test and Support Vector Machine algorithms to authenticate the phase encoded QR codes using polarimetric signatures.

Behaviour-based authentication in the built enviromnent

This paper proposes a novel method of authentication of users in secure buildings. The main objective is to investigate whether user actions in the built environment can produce consistent behavioural signatures upon which a building intrusion detection system could be based. In the process three behavioural expressions were discovered: time-invariant, co-dependent and idiosyncratic.

Efficient FPGA-based regular expression pattern matching

An approach to the automatic generation of efficient Field Programmable Gate Arrays (FPGAs) circuits for the Regular Expression-based (RegEx) Pattern Matching problems is presented. Using a novel design strategy, as proposed, circuits that are highly area-and-time-efficient can be automatically generated for arbitrary sets of regular expressions. This makes the technique suitable for applications that must handle very large sets of patterns at high speed, such as in the network security and intrusion detection application domains. We have combined several existing techniques to optimise our solution for such domains and proposed the way the whole process of dynamic generation of FPGAs for RegEX pattern matching could be automated efficiently.

Sistema de coleta, análise e detecção de código malicioso baseado no sistema imunológico humano

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

Firewall Dinâmico: uma implementação cliente/servidor

Pós-graduação em Ciência da Computação - IBILCE