Modeling, analysis and defense strategies against Internet attacks.

Third, we have analyzed the tradeoff between delay caused by filtering of worms at routers, and the delay due to worms' excessive amount of network traffic. We have used the optimal control problem, to determine the appropriate tradeoffs between these two delays for a given rate of a worm spreading. Using our technique we can minimize the overall network delay by finding the number of routers that should perform filtering and the time at which they should start the filtering process.Many early Internet protocols were designed without a fundamentally secure infrastructure and hence vulnerable to attacks such as denial of service (DoS) attacks and worms. DoS attacks attempt to consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Network forensics is an emerging area wherein the source or the cause of the attacker is determined using IDS tools. The problem of finding the source(s) of attack(s) is called the "trace back problem". Lately, Internet worms have become a major problem for the security of computer networks, causing considerable amount of resources and time to be spent recovering from the disruption of systems. In addition to breaking down victims, these worms create large amounts of unnecessary network data traffic that results in network congestion, thereby affecting the entire network.In this dissertation, first we solve the trace back problem more efficiently in terms of the number of routers needed to complete the track back. We provide an efficient algorithm to decompose a network into connected components and construct a terminal network. We show that for a terminal network with n routers, the trace back can be completed in O(log n) steps.Second, we apply two classical epidemic SIS and SIR models to study the spread of Internet Worm. The analytical models that we provide are useful in determining the rate of spread and time required to infect a majority of the nodes in the network. Our simulation results on large Internet like topologies show that in a fairly small amount of time, 80% of the network nodes is infected

Malgazer: An Automated Malware Classifier With Running Window Entropy and Machine Learning

This dissertation explores functional malware classification using running window entropy and machine learning classifiers. This topic was under researched in the prior literature, but the implications are important for malware defense. This dissertation will present six new design science artifacts. The first artifact was a generalized machine learning based malware classifier model. This model was used to categorize and explain the gaps in the prior literature. This artifact was also used to compare the prior literature to the classifiers created in this dissertation, herein referred to as “Malgazer” classifiers. Running window entropy data was required, but the algorithm was too slow to compute at scale. This dissertation presents an optimized version of the algorithm that requires less than 2% of the time of the original algorithm. Next, the classifications for the malware samples were required, but there was no one unified and consistent source for this information. One of the design science artifacts was the method to determine the classifications from publicly available resources. Once the running window entropy data was computed and the functional classifications were collected, the machine learning algorithms were trained at scale so that one individual could complete over 200 computationally intensive experiments for this dissertation. The method to scale the computations was an instantiation design science artifact. The trained classifiers were another design science artifact. Lastly, a web application was developed so that the classifiers could be utilized by those without a programming background. This was the last design science artifact created by this research. Once the classifiers were developed, they were compared to prior literature theoretically and empirically. A malware classification method from prior literature was chosen (referred to herein as “GIST”) for an empirical comparison to the Malgazer classifiers. The best Malgazer classifier produced an accuracy of approximately 95%, which was around 0.76% more accurate than the GIST method on the same data sets. Then, the Malgazer classifier was compared to the prior literature theoretically, based upon the empirical analysis with GIST, and Malgazer performed at least as well as the prior literature. While the data, methods, and source code are open sourced from this research, most prior literature did not provide enough information or data to replicate and verify each method. This prevented a full and true comparison to prior literature, but it did not prevent recommending the Malgazer classifier for some use cases

On Malfunction, Mechanisms and Malware Classification

Malware has been around since the 1980s and is a large and expensive security concern today, constantly growing over the past years. As our social, professional and financial lives become more digitalised, they present larger and more profitable targets for malware. The problem of classifying and preventing malware is therefore urgent, and it is complicated by the existence of several specific approaches. In this paper, we use an existing malware taxonomy to formulate a general, language independent functional description of malware as transformers between states of the host system and described by a trust relation with its components. This description is then further generalised in terms of mechanisms, thereby contributing to a general understanding of malware. The aim is to use the latter in order to present an improved classification method for malware

Design of secure and robust cognitive system for malware detection

Machine learning based malware detection techniques rely on grayscale images of malware and tends to classify malware based on the distribution of textures in graycale images. Albeit the advancement and promising results shown by machine learning techniques, attackers can exploit the vulnerabilities by generating adversarial samples. Adversarial samples are generated by intelligently crafting and adding perturbations to the input samples. There exists majority of the software based adversarial attacks and defenses. To defend against the adversaries, the existing malware detection based on machine learning and grayscale images needs a preprocessing for the adversarial data. This can cause an additional overhead and can prolong the real-time malware detection. So, as an alternative to this, we explore RRAM (Resistive Random Access Memory) based defense against adversaries. Therefore, the aim of this thesis is to address the above mentioned critical system security issues. The above mentioned challenges are addressed by demonstrating proposed techniques to design a secure and robust cognitive system. First, a novel technique to detect stealthy malware is proposed. The technique uses malware binary images and then extract different features from the same and then employ different ML-classifiers on the dataset thus obtained. Results demonstrate that this technique is successful in differentiating classes of malware based on the features extracted. Secondly, I demonstrate the effects of adversarial attacks on a reconfigurable RRAM-neuromorphic architecture with different learning algorithms and device characteristics. I also propose an integrated solution for mitigating the effects of the adversarial attack using the reconfigurable RRAM architecture.Comment: arXiv admin note: substantial text overlap with arXiv:2104.0665

Wildlife Health Centre Newsletter, Volume 11-1, Fall 2005

Canada Takes a Big Step Forward Update from the Centre for Coastal Health West Nile Virus in non-corvid Bird Species National Cervid Population Estimates Fatal Encounter of a Great Horned Owl with a Porcupine Total Amputation of Extremities in a Raccoon Foot Gangrene in Northern Gannets Avian Cholera in the St. Lawrence Estuary in the Common Eider Verminous pneumonia in beluga whales from the St. Lawrence Estuary Pesticide Toxicities in Birds Virus Infections in Gulls & Cormorants on Lakes Erie and Ontario A Mortality Event in Freshwater Drum from Lake Ontario, Associated with Viral Hemorrhagic Septicemia virus (VHSv), Type IV Hibernation-Associated & Early Post-Emergence Mortalities of Vancouver Island Marmots in BC, May 2005 Post Mortem Findings in Small Cetacean Strandings in the Pacific Northwest, 1999-2004 Changes in the Regulatory Status of Ketamine & its Implications for Wildlife Professionals New Wildlife Disease Specialist for the Canadian Wildlife Service Download Your Newsletter from our Websit

Markovian and stochastic differential equation based approaches to computer virus propagation dynamics and some models for survival distributions

This dissertation is divided in two Parts. The first Part explores probabilistic modeling of propagation of computer \u27malware\u27 (generally referred to as \u27virus\u27) across a network of computers, and investigates modeling improvements achieved by introducing a random latency period during which an infected computer in the network is unable to infect others. In the second Part, two approaches for modeling life distributions in univariate and bivariate setups are developed. In Part I, homogeneous and non-homogeneous stochastic susceptible-exposed-infectious- recovered (SEIR) models are specifically explored for the propagation of computer virus over the Internet by borrowing ideas from mathematical epidemiology. Large computer networks such as the Internet have become essential in today\u27s technological societies and even critical to the financial viability of the national and the global economy. However, the easy access and widespread use of the Internet makes it a prime target for malicious activities, such as introduction of computer viruses, which pose a major threat to large computer networks. Since an understanding of the underlying dynamics of their propagation is essential in efforts to control them, a fair amount of research attention has been devoted to model the propagation of computer viruses, starting from basic deterministic models with ordinary differential equations (ODEs) through stochastic models of increasing realism. In the spirit of exploring more realistic probability models that seek to explain the time dependent transient behavior of computer virus propagation by exploiting the essential stochastic nature of contacts and communications among computers, the present study introduces a new refinement in such efforts to consider the suitability and use of the stochastic SEIR model of mathematical epidemiology in the context of computer viruses propagation. We adapt the stochastic SEIR model to the study of computer viruses prevalence by incorporating the idea of a latent period during which computer is in an \u27exposed state\u27 in the sense that the computer is infected but cannot yet infect other computers until the latency is over. The transition parameters of the SEIR model are estimated using real computer viruses data. We develop the maximum likelihood (MLE) and Bayesian estimators for the SEIR model parameters, and apply them to the \u27Code Red worm\u27 data. Since network structure can be a possibly important factor in virus propagation, multi-group stochastic SEIR models for the spreading of computer virus in heterogeneous networks are explored next. For the multi-group stochastic SEIR model using Markovian approach, the method of maximum likelihood estimation for model parameters of interest are derived. The method of least squares is used to estimate the model parameters of interest in the multi-group stochastic SEIR-SDE model, based on stochastic differential equations. The models and methodologies are applied to Code Red worm data. Simulations based on different models proposed in this dissertation and deterministic/ stochastic models available in the literature are conducted and compared. Based on such comparisons, we conclude that (i) stochastic models using SEIR framework appear to be relatively much superior than previous models of computer virus propagation - even up to its saturation level, and (ii) there is no appreciable difference between homogeneous and heterogeneous (multi-group) models. The \u27no difference\u27 finding of course may possibly be influenced by the criterion used to assign computers in the overall network to different groups. In our study, the grouping of computers in the total network into subgroups or, clusters were based on their geographical location only, since no other grouping criterion were available in the Code Red worm data. Part II covers two approaches for modeling life distributions in univariate and bivariate setups. In the univariate case, a new partial order based on the idea of \u27star-shaped functions\u27 is introduced and explored. In the bivariate context; a class of models for joint lifetime distributions that extends the idea of univariate proportional hazards in a suitable way to the bivariate case is proposed. The expectation-maximization (EM) method is used to estimate the model parameters of interest. For the purpose of illustration, the bivariate proportional hazard model and the method of parameter estimation are applied to two real data sets

Wildlife Health Centre Newsletter, Volume 11, Fall 2005

Canada Takes a Big Step Forward Update from the Centre for Coastal Health West Nile Virus in non-corvid Bird Species National Cervid Population Estimates Disease Updates Atlantic Region: Fatal Encounter of a Great Horned Owl with a Porcupine Total Amputation of Extremities in a Raccoon Foot Gangrene in Northern Gannets Quebec Region: Avian Cholera in the St. Lawrence Estuary in the Common Eider Verminous pneumonia in beluga whales from the St. Lawrence Estuary Ontario Region: Type E Botulism in Lake Ontario 2004/2005 Pesticide Toxicities in Birds Virus Infections in Gulls & Cormorants on Lakes Erie and Ontario A Mortality Event in Freshwater Drum from Lake Ontario, Associated with Viral Hemorrhagic Septicemia virus (VHSv), Type IV Western/Northern Region Tularemia in Deer Mice in West-Central SK Hibernation-Associated & Early Post-Emergence Mortalities of Vancouver Island Marmots in BC, May 2005 Post Mortem Findings in Small Cetacean Strandings in the Pacific Northwest, 1999-2004 Changes in the Regulatory Status of Ketamine & its Implications for Wildlife Professionals New Wildlife Disease Specialist for the Canadian Wildlife Service Download Your Newsletter from our Websit

Wildlife Health Centre Newsletter, Volume 11-1, Fall 2005

Canada Takes a Big Step Forward Update from the Centre for Coastal Health West Nile Virus in non-corvid Bird Species National Cervid Population Estimates Fatal Encounter of a Great Horned Owl with a Porcupine Total Amputation of Extremities in a Raccoon Foot Gangrene in Northern Gannets Avian Cholera in the St. Lawrence Estuary in the Common Eider Verminous pneumonia in beluga whales from the St. Lawrence Estuary Pesticide Toxicities in Birds Virus Infections in Gulls & Cormorants on Lakes Erie and Ontario A Mortality Event in Freshwater Drum from Lake Ontario, Associated with Viral Hemorrhagic Septicemia virus (VHSv), Type IV Hibernation-Associated & Early Post-Emergence Mortalities of Vancouver Island Marmots in BC, May 2005 Post Mortem Findings in Small Cetacean Strandings in the Pacific Northwest, 1999-2004 Changes in the Regulatory Status of Ketamine & its Implications for Wildlife Professionals New Wildlife Disease Specialist for the Canadian Wildlife Service Download Your Newsletter from our Websit