Break-ins at the Electric Boat Shipyard, Groton, Conn. : report of the Investigations Subcommittee of the Committee on Armed Services, House of Representatives, Ninety-seventh Congress, second session.

"December 1982."

Detecting and characterising malicious executable payloads

Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.

The power of malicious gossip

This paper focuses on malicious workplace gossip from the perspective of those targeted by this dark form of organisational communication. Findings from a large exemplarian action research project are reported that suggest malicious gossip can be an influential form of power that strongly contributes to counterproductive organisational behaviour. The discussion draws upon the emergent themes from the research to highlight the negative consequences of malicious gossip for those targeted and their organisations, and in so doing, elaborates on the phenomenon of workplace mobbing. This research highlights the importance of recognising gossip as an effective, though dark, form of power and the value of rational discourse for improving organisational communication.

Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

A Perspective to Adopt Continuous Dynamic Cognition for Malicious Node Detection in Heterogeneous Networks

The current day networks use Proactive networks for adaption to the dynamic scenarios. The use of cognition technique based on the Observe, Orient, Decide and Act loop (OODA) is proposed to construct proactive networks. The network performance degradation in knowledge acquisition and malicious node presence is a problem that exists. The use of continuous time dynamic neural network is considered to achieve cognition. The variance in service rates of user nodes is used to detect malicious activity in heterogeneous networks. The improved malicious node detection rates are proved through the experimental results presented in this paper. (C) 2015 The Authors. Published by Elsevier B.V.

Cut down by some cowardly miscreants’: Plant maiming, or the Malicious Cutting of Plants as an Act of Protest in Eighteenth and Nineteenth Century Rural England

Since the publication of Hobsbawm and Rudé's Captain Swing our understanding of the role(s) of covert protests in Hanoverian rural England has advanced considerably. Whilst we now know much about the dramatic practices of incendiarism and animal maiming and the voices of resistance in seemingly straightforward acquisitive acts, one major gap remains. Despite the fact that almost thirty years have passed since E. P. Thompson brought to our attention that under the notorious ‘Black Act’ the malicious cutting of trees was a capital offence, no subsequent research has been published. This paper seeks to address this major lacuna by systematically analysing the practices and patterns of malicious attacks on plants (‘plant maiming’) in the context of late eighteenth- and early nineteenth-century southern England. It is shown that not only did plant maiming take many different forms, attacking every conceivable type of flora, but also that it was universally understood and practised. In some communities plant maiming was the protestors' weapon of choice. As a social practice it therefore embodied wider community beliefs regarding the defence of plebeian livelihoods and identities.

When zero doesn't mean it and other geomathematical mischief

There is almost not a case in exploration geology, where the studied data doesn’t includes below detection limits and/or zero values, and since most of the geological data responds to lognormal distributions, these “zero data” represent a mathematical challenge for the interpretation. We need to start by recognizing that there are zero values in geology. For example the amount of quartz in a foyaite (nepheline syenite) is zero, since quartz cannot co-exists with nepheline. Another common essential zero is a North azimuth, however we can always change that zero for the value of 360°. These are known as “Essential zeros”, but what can we do with “Rounded zeros” that are the result of below the detection limit of the equipment? Amalgamation, e.g. adding Na2O and K2O, as total alkalis is a solution, but sometimes we need to differentiate between a sodic and a potassic alteration. Pre-classification into groups requires a good knowledge of the distribution of the data and the geochemical characteristics of the groups which is not always available. Considering the zero values equal to the limit of detection of the used equipment will generate spurious distributions, especially in ternary diagrams. Same situation will occur if we replace the zero values by a small amount using non-parametric or parametric techniques (imputation). The method that we are proposing takes into consideration the well known relationships between some elements. For example, in copper porphyry deposits, there is always a good direct correlation between the copper values and the molybdenum ones, but while copper will always be above the limit of detection, many of the molybdenum values will be “rounded zeros”. So, we will take the lower quartile of the real molybdenum values and establish a regression equation with copper, and then we will estimate the “rounded” zero values of molybdenum by their corresponding copper values. The method could be applied to any type of data, provided we establish first their correlation dependency. One of the main advantages of this method is that we do not obtain a fixed value for the “rounded zeros”, but one that depends on the value of the other variable. Key words: compositional data analysis, treatment of zeros, essential zeros, rounded zeros, correlation dependency

Analysis of malicious and benign Android applications

Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications.

'Satan finds some mischief'?: Drinkers' responses to the six o'clock closing of pubs in Australia, 1910s-1930s

Historians have typically focused on the ‘six o'clock swill’ as the pub drinker's principal response to the introduction of the early closing of pubs in most Australian states during World War I. While this focus has enhanced our understanding of gendered pub drinking practices during trading hours it has circumscribed our knowledge of the range of responses to six o'clock closing. Less frequently analysed is what the pub drinker did after the hour of six o'clock. In this article I explore how ‘habit memory’, especially people's everyday drinking habits persisted despite the best efforts to regulate them. I consider how factors such as class, leisure and gender were implicated in drinking habits, and why there was an increase in what were defined as illegal drinking practices such as sly-grogging and after-hours trading. This article suggests that the pub drinker resented the violation of familiar customs and was prepared to engage in illegal activities in order to obtain alcohol.

Contrasting permission patterns between clean and malicious android applications

The Android platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed. Contrary to existing work, both required and used permissions were considered when discovering the patterns. We evaluated our methodology on a clean and a malware dataset, each comprising of 1227 applications. Our empirical results suggest that our permission patterns can capture key differences between clean and malicious applications, which can assist in characterizing these two types of applications.