An empirical approach to modeling uncertainty in intrusion analysis

Master of ScienceDepartment of Computing and Information SciencesXinming (Simon) OuA well-known problem in current intrusion detection tools is that they create too many low-level alerts and system administrators find it hard to cope up with the huge volume. Also, when they have to combine multiple sources of information to confirm an attack, there is a dramatic increase in the complexity. Attackers use sophisticated techniques to evade the detection and current system monitoring tools can only observe the symptoms or effects of malicious activities. When mingled with similar effects from normal or non-malicious behavior they lead intrusion analysis to conclusions of varying confidence and high false positive/negative rates. In this thesis work we present an empirical approach to the problem of modeling uncertainty where inferred security implications of low-level observations are captured in a simple logical language augmented with uncertainty tags. We have designed an automated reasoning process that enables us to combine multiple sources of system monitoring data and extract highly-confident attack traces from the numerous possible interpretations of low-level observations. We have developed our model empirically: the starting point was a true intrusion that happened on a campus network we studied to capture the essence of the human reasoning process that led to conclusions about the attack. We then used a Datalog-like language to encode the model and a Prolog system to carry out the reasoning process. Our model and reasoning system reached the same conclusions as the human administrator on the question of which machines were certainly compromised. We then automatically generated the reasoning model needed for handling Snort alerts from the natural-language descriptions in the Snort rule repository, and developed a Snort add-on to analyze Snort alerts. Keeping the reasoning model unchanged, we applied our reasoning system to two third-party data sets and one production network. Our results showed that the reasoning model is effective on these data sets as well. We believe such an empirical approach has the potential of codifying the seemingly ad-hoc human reasoning of uncertain events, and can yield useful tools for automated intrusion analysis

Proceedings of the Seventh Italian Conference on Computational Linguistics CLiC-it 2020

On behalf of the Program Committee, a very warm welcome to the Seventh Italian Conference on Computational Linguistics (CLiC-it 2020). This edition of the conference is held in Bologna and organised by the University of Bologna. The CLiC-it conference series is an initiative of the Italian Association for Computational Linguistics (AILC) which, after six years of activity, has clearly established itself as the premier national forum for research and development in the fields of Computational Linguistics and Natural Language Processing, where leading researchers and practitioners from academia and industry meet to share their research results, experiences, and challenges

Abstracts of Papers, 86th Annual Meeting of the Virginia Academy of Science

Abstracts for the 86th Annual Meeting of the Virginia Academy of Science, May 20-23, 2008, Hampton University, Hampton, VA

PREVENTIVE CHEMOTHERAPY FOR ELIMINATION OF LYMPHATIC FILARIASIS AND ONCHOCERCIASIS IN SIERRA LEONE

Lymphatic filariasis (LF) and onchocerciasis are highly endemic in Sierra Leone. Using World Health Organization (WHO) guidelines for monitoring national programmes where both infections are co-endemic, this study aimed to determine the impact of preventive chemotherapy on transmission intensity by measuring changes in human infection status using standard epidemiological indicators. Separate longitudinal studies designed to deliver WHO outcomes for programmes targeting the elimination of both diseases were conducted. Onchocerciasis mapping surveys from 1988-2005 revealed that twelve of fourteen health districts were endemic. The baseline average mf prevalence was 53.1%, and mf densities in positive-only or entire populations were 28.87 and 15.33 mf/snip, respectively. Mf prevalence and density increased with age and was higher in males than females. Baseline prevalence and intensity surveys showed that LF was endemic in all 14 districts (Wuchereria bancrofti antigenaemia prevalence > 1%). Mean LF prevalence by ICT cards was 21% (males 28%; females 15%) with higher prevalence in the northeast (Bombali 52%; Koinadugu 46%; Tonkolili 37%; Kono 30%) and lower in the southwest (Bonthe 3%; Pujehun 4%). Mf prevalence was also relatively higher in the northeast (Bombali 6.7%; Koinadugu 5.7%; Port Loko 4.4%; Kono 2.4%). Mf prevalence was higher in males (males 2.9%; females 1.8%) and infection rate was higher in the over 20 years age-group (2.5%) than younger (1.7%). Arithmetic mean mf density was 50.30 mf/ml among mf-positive individuals and 1.19 mf/ml in the population examined. Nationwide mass drug administration (MDA) using ivermectin plus albendazole was applied to eliminate both diseases. In 2010, after five rounds of MDA (2005-2009) with effective treatment coverage for onchocerciasis during 4/5 years, overall onchocerciasis mf prevalence was reduced by 60.26% (from 53.10% to 21.10%), overall mf density among positive-only individuals was reduced by 71.29% (28.87 to 8.29 mf/snip) and overall mf density among the entire population studied was reduced by 88.58% (15.33 to 1.75 mf/snip). Mf prevalence and density were higher in males, lowest in the 1-9 and highest in the 40-49 year age groups. Mf prevalence was reduced by >50% in 10/12 districts, and reduction in skin mf density was ≥50% among positives-only in 11/12 districts. After MDAs with effective treatment coverage in 2008-2010, LF mf prevalence decreased to less than 1% in 11/12 districts. Mf prevalence fell by 88.5% to 0.3%, with decreases of 70-95% in seven and 100% (0 prevalence) in four districts, respectively. Overall arithmetic mean mf density after three MDAs was 17.59 mf/ml among mf positive individuals and 0.05 mf/ml for the entire population examined. After five MDAs, the overall mf prevalence was 0.54% and was higher in males (0.7%) than females (0.36%). Eight of twelve districts with <1% mf prevalence passed the pre-transmission assessment survey (TAS) and therefore qualified for a TAS to determine whether MDA could be stopped. Four districts failed the pre-TAS: Koinadugu (0.98% i.e. close to 1%), Bombali (2.67%), Kailahun (1.56%) and Kenema (0%). Following WHO recommendations, Kenema and Kailahun districts were paired to form a unit of approximately one million. Kenema, the spot check site, was considered to have failed the pre-TAS even though the mf prevalence was 0% because Kailahun, the sentinel site, failed. A qualitative study examining the impact of the Ebola virus disease (EVD) outbreak on the NTD programme found that despite a one-year absence of interventions, two rounds of MDA had been completed, including one during the ongoing outbreak in May/June 2015. Although it compromised the likelihood of achieving the 2020 targets of LF elimination and Onchocerciasis control, the EVD outbreak has enhanced awareness about the important role of community volunteers in ensuring its success. While it may be the ‘endgame’ for LF, the NTD community and collaborating research institutions must address additional challenges if Onchocerciasis is to be eliminated from Sierra Leone

A cumulative index to a continuing bibliography on aeronautical engineering

This bibliography is a cumulative index to the abstracts contained in NASA-SP-7037(184) through NASA-SP-7037(195) of Aeronautical Engineering: A Continuing Bibliography. NASA SP-7037 and its supplements have been compiled through the cooperative efforts of the American Institute of Aeronautics and Astronautics (AIAA) and the National Aeronautics and Space Administration (NASA). This cumulative index includes subject, personal author, corporate source, foreign technology, contract, report number, and accession number indexes

Aeronautical engineering: A cumulative index to a continuing bibliography (supplement 235)

This publication is a cummulative index to the abstracts contained in Supplements 223 through 234 of Aeronautical Engineering: A Continuing Bibliography. The bibliographic series is compiled through the cooperative efforts of the American Institute of Aeronautics and Astronautics (AIAA) and the National Aeronautics and Space Administration (NASA). Seven indexes are included -- subject, personal author, corporate source, foreign technology, contract number, report number and accession number

Mapping the elements of physical security towards the creation of a holistic physical security model

This study has designed a theoretical mapping of complex element relationships within the field of physical security. The main purpose of the mapping is to form individual knowledge structures for modelling and provide a relative understanding of overall risk based on different combinations of physical security arrangements. An understanding of overall risk for modelling purposes should lead to improvements in providing support for decision making within this field. The final series of knowledge structures in this study have been represented by value matrices for element pair assessments within the topic of physical security. The values that have been presented in the knowledge matrices have been gathered from expert opinion and converted to numerical data as a demonstration for a holistic approach to modelling physical security elements. A profile for each respondent and each category group has been developed to be compared for their degree of similarity with other profiles. A correlation technique provides an indication of the degree of consensus within the results

2019 Oklahoma Research Day Full Program

Oklahoma Research Day 2019 - SWOSU Celebrating 20 years of Undergraduate Research Successes