Applications of Machine Learning to Threat Intelligence, Intrusion Detection and Malware

Artificial Intelligence (AI) and Machine Learning (ML) are emerging technologies with applications to many fields. This paper is a survey of use cases of ML for threat intelligence, intrusion detection, and malware analysis and detection. Threat intelligence, especially attack attribution, can benefit from the use of ML classification. False positives from rule-based intrusion detection systems can be reduced with the use of ML models. Malware analysis and classification can be made easier by developing ML frameworks to distill similarities between the malicious programs. Adversarial machine learning will also be discussed, because while ML can be used to solve problems or reduce analyst workload, it also introduces new attack surfaces

The MetaCapitalism Cult.

Qu’il s’agisse de notre vie professionnelle ou de notre vie personnelle, la promesse d’immortalité exerce le même pouvoir de séduction. La promesse de salut délivrée à l’entreprise ne diffère guère de la promesse faite aux êtres humains. Cet idéal de salut, qui a exercé sa fascination sur toutes les époques, les religions ont promis de le réaliser. Les entreprises de conseil s’inscrivent dans la même logique, dans la mesure où elles constituent, pour les entreprises, l’équivalent contemporain d’une expérience religieuse. Les prophètes du conseil s’emploient à générer ce genre de sentiments en utilisant tout un vocabulaire symbolique tel que « reconfiguration des processus », « meilleures pratiques », etc, dans un rituel baptisé MétaCapitalisme, impliquant une communauté de croyants, en l’occurrence leurs clients. Ce rituel, par le biais du Culte du conseil, a des conséquences qui vont bien au-delà des seules entreprises clientes et affectent de manière importante de nombreux groupes de personnes et d’institutions dans notre société devenue globale. Ce constat justifie de procéder à un examen critique de ses mérites. Notre recherche explore la performance du MétaCapitalisme, un terme forgé par le géant du conseil, Price Waterhouse Coopers (PWC), pour décrire sa vision de la « nouvelle économie », qui traite de l’utilisation des e-markets, des échanges en ligne et des communautés d’affaires en réseau, et a eu pour effet de démultiplier l’impact des développements technologiques et des principales améliorations de la vie des affaires issues des années 1990. Le MétaCapitalisme peut être appréhendé en analysant la conversion des leaders du MétaCapitalisme au modèle prôné. Notre étude, en appliquant des techniques de régression à un certain nombre d’indicateurs clés, identifie les tendances relatives à la performance de ces leaders et les compare avec les tendances observées pour les 100 premières entreprises du groupe Fortune. Il en ressort que les entreprises du MétaCapitalisme ont été incapables de maintenir la transformation apparemment brillante qu’elles avaient opérée en 1999 et que sur de nombreux points, les tendances présentent des retournements imprévus par rapport au maintien de la structure idéale du MétaCapitalisme. Une évaluation critique de ces observations est effectuée de manière à valider la possibilité de généralisation du modèle, afin d’être en mesure d’éviter une expérimentation sociale continue et préjudiciable. En conclusion, la stratégie du MétaCapitalisme présente d’indéniables similitudes avec les cultes religieux, ce qui amène à la question suivante : le MétaCapitalisme aura-t-il le même destin que la plupart de ces cultes, à savoir, le désenchantement est lié à des espérances déçues ?

Moving Target Defense Using Live Migration of Docker Containers

abstract: Today the information technology systems have addresses, software stacks and other configuration remaining unchanged for a long period of time. This paves way for malicious attacks in the system from unknown vulnerabilities. The attacker can take advantage of this situation and plan their attacks with sufficient time. To protect our system from this threat, Moving Target Defense is required where the attack surface is dynamically changed, making it difficult to strike. In this thesis, I incorporate live migration of Docker container using CRIU (checkpoint restore) for moving target defense. There are 460K Dockerized applications, a 3100% growth over 2 years[1]. Over 4 billion containers have been pulled so far from Docker hub. Docker is supported by a large and fast growing community of contributors and users. As an example, there are 125K Docker Meetup members worldwide. As we see industry adapting to Docker rapidly, a moving target defense solution involving containers is beneficial for being robust and fast. A proof of concept implementation is included for studying performance attributes of Docker migration. The detection of attack is using a scenario involving definitions of normal events on servers. By defining system activities, and extracting syslog in centralized server, attack can be detected via extracting abnormal activates and this detection can be a trigger for the Docker migration.Dissertation/ThesisMasters Thesis Computer Science 201

Assessing Public Opinions Through Web 2.0: A Case Study on Wal-Mart

The recent advancement of Web 2.0 enables people to exchange their opinions on a variety of topics. Among these discussions, the opinions of employees, customers, and investors are of great interest to companies. Insight into such perspectives can help managers make better decisions on business policies and strategy. However, assessing online opinions is a nontrivial task. The high volume of messages, casual writing style, and the significant amount of noise require the application of sophisticated text mining techniques to digest the data. Previous research has successfully applied sentiment analysis to assess online opinions on specific items and topics. In this research, we propose the integration of topic analysis with sentiment analysis methods to assess the public opinions expressed in forums with diverse topics of discussion. Using a Wal- Mart-related Web forum as an example, we found that combining the two types of analysis can provide us with improved ability to assess public opinions on a company. Through further analysis on one cluster of discussions, several abnormal traffic and sentiment patterns were identified related to Wal-Mart events. The case study validates the propose framework as an IT artifact to assess online public opinion on companies of interest. Our research promotes further efforts to combine topic and sentiment analysis techniques in online research supporting business decision making

Efficient Load Balancing for Cloud Computing by Using Content Analysis

Nowadays, computer networks have grown rapidly due to the demand for information technology management and facilitation of greater functionality. The service provided based on a single machine cannot accommodate large databases. Therefore, single servers must be combined for server group services. The problem in grouping server service is that it is very hard to manage many devices which have different hardware. Cloud computing is an extensive scalable computing infrastructure that shares existing resources. It is a popular option for people and businesses for a number of reasons including cost savings and security. This paper aimed to propose an efficient technique of load balance control by using HA Proxy in cloud computing with the objective of receiving and distributing the workload to the computer server to share the processing resources. The proposed technique applied round-robin scheduling for an efficient resource management of the cloud storage systems that focused on an effective workload balancing and a dynamic replication strategy. The evaluation approach was based on the benchmark data from requests per second and failed requests. The results showed that the proposed technique could improve performance of load balancing by 1,000 request /6.31 sec in cloud computing and generate fewer false alarm