Scalable Techniques for Anomaly Detection

Computer networks are constantly being attacked by malicious entities for various reasons. Network based attacks include but are not limited to, Distributed Denial of Service (DDoS), DNS based attacks, Cross-site Scripting (XSS) etc. Such attacks have exploited either the network protocol or the end-host software vulnerabilities for perpetration. Current network traffic analysis techniques employed for detection and/or prevention of these anomalies suffer from significant delay or have only limited scalability because of their huge resource requirements. This dissertation proposes more scalable techniques for network anomaly detection. We propose using DNS analysis for detecting a wide variety of network anomalies. The use of DNS is motivated by the fact that DNS traffic comprises only 2-3% of total network traffic reducing the burden on anomaly detection resources. Our motivation additionally follows from the observation that almost any Internet activity (legitimate or otherwise) is marked by the use of DNS. We propose several techniques for DNS traffic analysis to distinguish anomalous DNS traffic patterns which in turn identify different categories of network attacks. First, we present MiND, a system to detect misdirected DNS packets arising due to poisoned name server records or due to local infections such as caused by worms like DNSChanger. MiND validates misdirected DNS packets using an externally collected database of authoritative name servers for second or third-level domains. We deploy this tool at the edge of a university campus network for evaluation. Secondly, we focus on domain-fluxing botnet detection by exploiting the high entropy inherent in the set of domains used for locating the Command and Control (C&C) server. We apply three metrics namely the Kullback-Leibler divergence, the Jaccard Index, and the Edit distance, to different groups of domain names present in Tier-1 ISP DNS traces obtained from South Asia and South America. Our evaluation successfully detects existing domain-fluxing botnets such as Conficker and also recognizes new botnets. We extend this approach by utilizing DNS failures to improve the latency of detection. Alternatively, we propose a system which uses temporal and entropy-based correlation between successful and failed DNS queries, for fluxing botnet detection. We also present an approach which computes the reputation of domains in a bipartite graph of hosts within a network, and the domains accessed by them. The inference technique utilizes belief propagation, an approximation algorithm for marginal probability estimation. The computation of reputation scores is seeded through a small fraction of domains found in black and white lists. An application of this technique, on an HTTP-proxy dataset from a large enterprise, shows a high detection rate with low false positive rates

Fitness of Escherichia coli during Urinary Tract Infection Requires Gluconeogenesis and the TCA Cycle

Microbial pathogenesis studies traditionally encompass dissection of virulence properties such as the bacterium's ability to elaborate toxins, adhere to and invade host cells, cause tissue damage, or otherwise disrupt normal host immune and cellular functions. In contrast, bacterial metabolism during infection has only been recently appreciated to contribute to persistence as much as their virulence properties. In this study, we used comparative proteomics to investigate the expression of uropathogenic Escherichia coli (UPEC) cytoplasmic proteins during growth in the urinary tract environment and systematic disruption of central metabolic pathways to better understand bacterial metabolism during infection. Using two-dimensional fluorescence difference in gel electrophoresis (2D-DIGE) and tandem mass spectrometry, it was found that UPEC differentially expresses 84 cytoplasmic proteins between growth in LB medium and growth in human urine (P<0.005). Proteins induced during growth in urine included those involved in the import of short peptides and enzymes required for the transport and catabolism of sialic acid, gluconate, and the pentose sugars xylose and arabinose. Proteins required for the biosynthesis of arginine and serine along with the enzyme agmatinase that is used to produce the polyamine putrescine were also up-regulated in urine. To complement these data, we constructed mutants in these genes and created mutants defective in each central metabolic pathway and tested the relative fitness of these UPEC mutants in vivo in an infection model. Import of peptides, gluconeogenesis, and the tricarboxylic acid cycle are required for E. coli fitness during urinary tract infection while glycolysis, both the non-oxidative and oxidative branches of the pentose phosphate pathway, and the Entner-Doudoroff pathway were dispensable in vivo. These findings suggest that peptides and amino acids are the primary carbon source for E. coli during infection of the urinary tract. Because anaplerosis, or using central pathways to replenish metabolic intermediates, is required for UPEC fitness in vivo, we propose that central metabolic pathways of bacteria could be considered critical components of virulence for pathogenic microbes

Spear Phishing Attack Detection

This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, and Microsoft Excel, Word, and PowerPoint. SPEAD\u27s malware detection accuracy is compared against five commercially-available email anti-virus solutions. Finally, this research quantifies the time required to perform this detection with email traffic loads emulating an Air Force base network. Results show that SPEAD outperforms the anti-virus products in PE/COFF malware detection with an overall accuracy of 99.68% and an accuracy of 98.2% where new malware is involved. Additionally, SPEAD is comparable to the anti-virus products when it comes to the detection of new Adobe Reader malware with a rate of 88.79%. Ultimately, SPEAD demonstrates a strong tendency to focus its detection on new malware, which is a rare and desirable trait. Finally, after less than 4 minutes of sustained maximum email throughput, SPEAD\u27s non-optimized configuration exhibits one-hour delays in processing files and links

NMR Spectroscopy Can Help Accelerate Antiviral Drug Discovery Programs

Small molecule drugs have an important role to play in combating viral infections, and biophysics support has been central for contributing to the discovery and design of direct acting antivirals. Perhaps one of the most successful biophysical tools for this purpose is NMR spectroscopy when utilized strategically and pragmatically within team workflows and timelines. This report describes some clear examples of how NMR applications contributed to the design of antivirals when combined with medicinal chemistry, biochemistry, X-ray crystallography and computational chemistry. Overall, these multidisciplinary approaches allowed teams to reveal and expose compound physical properties from which design ideas were spawned and tested to achieve the desired successes. Examples are discussed for the discovery of antivirals that target HCV, HIV and SARS-CoV-2

Studies of granulocyte colony stimulating factor signaling to develop tools for clinical assessments of severe congenital neutropenia

Neutropenia is condition characterized by low number of neutrophils in circulation. This leads to an increased risk of infections and is often diagnosed early in life. Extreme cases are known as severe neutropenia and are often associated with inactivating mutations in common neutrophil genes. Granulocyte colony stimulating factor receptor (G-CSFR), encoded by CSF3R, is a growth factor receptor known to induce stem cell release from bone marrow (BM), but also stimulate granulopoiesis. Mutations in this gene leading to low neutrophil counts are associated with the disease severe congenital neutropenia 7 (SNC7). Classification of genetic variants or mutations based solely on sequencing data can be subjective and often lead to misclassification. Pathogenic mutations have the potential to be categorized as variants of uncertain significance (VUS). This also includes mutations in CSF3R, where missense mutations can have a large impact on neutrophile production. A functional test to assess the effects of novel missense mutations in the CSF3R gene would be beneficial for the diagnostic work up of SCN7 patients. This project aims to establish cellular assays for the investigation of G-CSF signaling and for functional characterization of CSF3R mutations. First, an assay was created using phospho-flow cytometry to study changes in protein signaling after G-CSF stimulation of primary human blood cells. Secondly, a reporter assay was developed for assessing the impact of CSF3R-mutations on STAT3 signaling. A specific mutation previously classified as a VUS, p.(Gly27Arg) was also studied to characterize its impacts on STAT3 signaling following receptor stimulation. Stimulation assays on neutrophils showed a lack of signaling downstream from the G-CSF receptor. We did, however, observe significant signal transduction in the phospho-flow assay for two out of the four signaling proteins (STAT3 and STAT5) when studying monocytes. The reporter-assay was successful in quantifying STAT3 signal after G-CSF stimulation but showed some difficulties with activating mutations. The mutation p.(Gly27Arg) was found to be likely pathogenic with STAT3 signaling barely detectable compared to WT. Both assays created show promising results for clinically validating the significance of CSF3R variants.Masteroppgave i molekylærbiologiMOL399MAMN-MO

2021 Student Symposium Research and Creative Activity Book of Abstracts

The UMaine Student Symposium (UMSS) is an annual event that celebrates undergraduate and graduate student research and creative work. Students from a variety of disciplines present their achievements with video presentations. It’s the ideal occasion for the community to see how UMaine students’ work impacts locally – and beyond. The 2021 Student Symposium Research and Creative Activity Book of Abstracts includes a complete list of student presenters as well as abstracts related to their works

Inventory of projects : Progress report: Implementation of A Public Health Action Plan To Combat Antimicrobial Resistance : progress through 2008

Last revised: December 29, 200

Cytokines, antibodies and plasma viremia of cats infected with feline immunodeficiency virus

2013 Spring.Includes bibliographical references.Feline immunodeficiency viruses (FIVs) are naturally occurring lentiviruses (family Retroviridae) of felid species, including domestic and wild cats. Studies on FIVs are beneficial for understanding the host immune response associated with disease progression (e.g., domestic cat FIV) or the viral kinetics and molecular ecology associated with naturally occurring infections in wildlife (e.g., bobcat and mountain lion FIVs). Here we describe the development and validation of the following microsphere immunoassays (MIAs) for evaluating the cytokine and antibody response of domestic cats: i) the quantification of cytokines (interferon gamma (IFNγ), interleukin (IL)-10, and IL-12/IL-23) in cell culture supernatant, and ii) the quantification of these cytokines in plasma; iii) the quantification of total IgG and IgA in plasma, and iv) the detection of IgG and IgA antibodies to feline CD134 (the primary cell receptor for FIV), and FIV capsid (CA) and surface (SU) proteins in plasma. These assays were used to evaluate temporal cytokine and antibody responses of domestic cats experimentally infected with various FIV strains. To analyze viral RNA loads associated with naturally occurring FIV infections in bobcats or mountain lions, we are adapting existing quantitative PCR assays for use with plasma samples. The eight assays described here are/will be beneficial for addressing questions related to lentiviral immune response and viral kinetics

Analysis of bacterial biofilms using NMR-based metabolomics

Infectious diseases can be difficult to cure, especially if the pathogen forms a biofilm. After decades of extensive research into the morphology, physiology and genomics of biofilm formation, attention has recently been directed toward the analysis of the cellular metabolome in order to understand the transformation of a planktonic cell to a biofilm. Metabolomics can play an invaluable role in enhancing our understanding of the underlying biological processes related to the structure, formation and antibiotic resistance of biofilms. A systematic view of metabolic pathways or processes responsible for regulating this ‘social structure’ of microorganisms may provide critical insights into biofilm-related drug resistance and lead to novel treatments. This review will discuss the development of NMR-based metabolomics as a technology to study medically relevant biofilms. Recent advancements from case studies reviewed in this manuscript have shown the potential of metabolomics to shed light on numerous biological problems related to biofilms