On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

Hydrogeologic Investigation of a Covered Karst Terrain

Increasing demand for water for agricultural use within the Dougherty Plain of the Southeastern United States has depleted surface water bodies. In karstic landscapes, such as the Dougherty Plain in southwest Georgia where the linkages between surface and ground waters are close, there is a need to understand the physical characteristics of the subsurface that allow these close linkages. Having a better understanding of the subsurface characteristics will aid numerical modeling efforts that underpin policy decisions and economic analyses. Two common features on this karstic landscape are draws and geographically isolated wetlands. Using LiDAR, aerial imagery, and ground-penetrating radar, this study investigates the subsurface characteristics of a draw and a series of geographically isolated wetlands. GPR reflections indicative of karst features are laterally-continuous and connect the landscape to nearby Ichawaynochaway Creek. The identification of the size and scale of the laterally continuous karstic features will guide the implementation of groundwater models used to determine irrigation and forest restoration programs while minimizing the impacts of water use on surface streams and the ecosystems

Investigation related to multispectral imaging systems

A summary of technical progress made during a five year research program directed toward the development of operational information systems based on multispectral sensing and the use of these systems in earth-resource survey applications is presented. Efforts were undertaken during this program to: (1) improve the basic understanding of the many facets of multispectral remote sensing, (2) develop methods for improving the accuracy of information generated by remote sensing systems, (3) improve the efficiency of data processing and information extraction techniques to enhance the cost-effectiveness of remote sensing systems, (4) investigate additional problems having potential remote sensing solutions, and (5) apply the existing and developing technology for specific users and document and transfer that technology to the remote sensing community

Natural and Technological Hazards in Urban Areas

Natural hazard events and technological accidents are separate causes of environmental impacts. Natural hazards are physical phenomena active in geological times, whereas technological hazards result from actions or facilities created by humans. In our time, combined natural and man-made hazards have been induced. Overpopulation and urban development in areas prone to natural hazards increase the impact of natural disasters worldwide. Additionally, urban areas are frequently characterized by intense industrial activity and rapid, poorly planned growth that threatens the environment and degrades the quality of life. Therefore, proper urban planning is crucial to minimize fatalities and reduce the environmental and economic impacts that accompany both natural and technological hazardous events

MIDDLE TO LATE HOLOCENE (7200-2900 CAL. BP) ARCHAEOLOGICAL SITE FORMATION PROCESSES AT CRUMPS SINK AND THE ORIGINS OF ANTHROPOGENIC ENVIRONMENTS IN CENTRAL KENTUCKY, USA

Though some researchers have argued that the Big Barrens grasslands of Kentucky were the product of anthropogenic land clearing practices by Native Americans, heretofore, this hypothesis had not been tested archaeologically. More work was needed to refine chronologies of fire activity in the region, determine the extent to which humans played a role in the process, and integrate these findings with the paleoenvironmental and archaeological record. With these goals in mind, I conducted archaeological and geoarchaeological investigations at Crumps Sink in the Sinkhole Plain of Kentucky. The archaeological record and site formation history of Crumps Sink were compared with environmental and archaeological data from the Interior Low Plateaus and Southern Appalachian Mountains for an understanding of how the site fits into the larger story of human-environmental interactions in the Eastern Woodlands. Based on the data recovered, I argue that through land burning Archaic hunter-gatherers were active managers of ecosystems to a greater degree than previously acknowledged. Excavations at Crumps Sink revealed stratified archaeological deposits spanning the late Middle Archaic to Terminal Late Archaic periods. Radiocarbon dates and an analysis of projectile point typologies provided information on the chronological and cultural history of the site. Magnetic susceptibility, loss-on-ignition, plant available phosphorous, and soil micromorphological analyses were conducted to examine landform dynamics in response to environmental change and to trace the anthropogenic signature created by human activities at the site. Masses of lithic debitage, animal bone, and burned sediment nodules per ten-cm-level provide an indication of human occupation intensity and shifting activities over time. Radiocarbon dates were used to reconstruct rates of sediment accumulation in the sink. These varying datasets were considered together for a holistic understanding of localized environmental and anthropogenic impacts on the landform. Between 7200 and 5600 cal. BP, during the Middle Holocene Thermal Maximum and corresponding with the late Middle Archaic period, sediment accumulation was sustained with one identifiable episode of very weak soil development. Background magnetic and chemical signatures in the soils were greater than they were at pre-occupation levels, demonstrating that human activities left a lasting imprint in soils as early as the late Middle Archaic period. Between 5600 and 3900 cal. BP, periods of diminished sedimentation led to more pronounced episodes of soil formation. However, these soil horizons are interposed by pulses of enhanced sediment accumulation. These soil data may signal shifting environmental regimes during the Middle to Late Holocene transition. Between 5600 and 3900 cal. BP scattered plant ash, elevated masses of burned sediment nodules, and pestle fragments in Late Archaic deposits suggest that hunter-gatherers were intensively processing nut mast, potentially in association with early forest clearance and silviculture. Botanical assemblages from a coincident archaeological sequence at the Carlston Annis site in the nearby middle Green River region has demonstrated woodland disturbance and potential silviculture in central Kentucky during this time. During the Late Archaic and Terminal Late Archaic periods (3900-3000 cal. BP), substantial plant ash deposition occurred in a stratum that accumulated relatively quickly. Very low burned sediment nodule masses in this deposit indicate that combustion features were not common in the immediate vicinity and that elevated frequencies of plant ash were the result of burning on a broader expanse of the surrounding landform. Chronologically, the zone with enhanced plant ash deposition is coeval with previously demonstrated occurrences of increased forest fires, grassland expansion, and a shift to early horticultural economies throughout the region. Soil development occurred after 3000 cal. BP, and this episode of landform stability may have lasted for over two millennia until being capped by sediment accumulation from historic agriculture. The late Middle Archaic through Terminal Late Archaic data from Crumps Sink demonstrate that hunter-gatherer activities left lasting signatures in soils in Kentucky. The data from the Late Archaic to Terminal Late Archaic periods (ca. 5600-3000 cal. BP) may indicate intentional land burning by hunter-gatherers to create anthropogenic environments, first for silviculture and then for early plant domestication. This forces a rethinking of labor and subsistence systems within hunter-gatherer societies. Thus, if hunter-gatherers were utilizing long-term forest management methods, they were employing a delayed-return economic system relying on labor investment and negotiated understandings about land tenure. Further characterization of the origin of fire management activities will help us to elucidate the nature of incipient indigenous plant domestication in the Eastern Woodlands

Predictive geohazard mapping using LiDAR and satellite imagery in Missouri and Oklahoma, USA

”Light Detection and Ranging (LiDAR) and satellite imagery have become the most utilized remote sensing technologies for compiling inventories of surficial geologic conditions. Point cloud data obtained from multi-spectral remote sensing methods provide a detailed characterization of the surface features, in particular, the detailed surface manifestations of underlying geologic structures. When combined, point clouds eliminate bias from visual inconsistencies and/or statistical values. This research explores the competence of point clouds derived from LiDAR and Unmanned Aerial Systems (UAS) as a predictive tool in evaluating various geohazards. It combines these data sets with other remote sensing techniques to evaluate the sensitivity of the respective datasets to temporal changes in the earth’s surface (potentially detectable at a centimeter-scale). A two-phase research approach was employed to test several hazard mapping scenarios in three geographic areas in the U.S. Midcontinent as follows: 1) UAS-derived surficial deformations near the epicenter of the 2016 Mw 5.8 Pawnee, Oklahoma earthquake (Paper I); 2) UAS mapping of recent earthquake epicenters in Noble Payne and Pawnee counties of Oklahoma State (Paper II); and, 3) Evaluation of geohazards in Greater Cape Girardeau Southeast Missouri (Paper III). These analyses detected geomorphic changes in the study locations, such as ground subsidence, soil heave and expansion, liquefaction-induced structures, dynamically-induced consolidation, and surface fault rupture. The studies underscore the importance of early hazard identification and providing information to relevant data users to make informed decisions”--Abstract, page iv

Synoptic analysis techniques for intrusion detection in wireless networks

Current system administrators are missing intrusion alerts hidden by large numbers of false positives. Rather than accumulation more data to identify true alerts, we propose an intrusion detection tool that e?ectively uses select data to provide a picture of ?network health?. Our hypothesis is that by utilizing the data available at both the node and cooperative network levels we can create a synoptic picture of the network providing indications of many intrusions or other network issues. Our major contribution is to provide a revolutionary way to analyze node and network data for patterns, dependence, and e?ects that indicate network issues. We collect node and network data, combine and manipulate it, and tease out information about the state of the network. We present a method based on utilizing the number of packets sent, number of packets received, node reliability, route reliability, and entropy to develop a synoptic picture of the network health in the presence of a sinkhole and a HELLO Flood attacker. This method conserves network throughput and node energy by requiring no additional control messages to be sent between the nodes unless an attacker is suspected. We intend to show that, although the concept of an intrusion detection system is not revolutionary, the method in which we analyze the data for clues about network intrusion and performance is highly innovative

Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures

Wireless Sensor Networks (WSNs) constitute one of the most promising third-millennium technologies and have wide range of applications in our surrounding environment. The reason behind the vast adoption of WSNs in various applications is that they have tremendously appealing features, e.g., low production cost, low installation cost, unattended network operation, autonomous and longtime operation. WSNs have started to merge with the Internet of Things (IoT) through the introduction of Internet access capability in sensor nodes and sensing ability in Internet-connected devices. Thereby, the IoT is providing access to huge amount of data, collected by the WSNs, over the Internet. Hence, the security of IoT should start with foremost securing WSNs ahead of the other components. However, owing to the absence of a physical line-of-defense, i.e., there is no dedicated infrastructure such as gateways to watch and observe the flowing information in the network, security of WSNs along with IoT is of a big concern to the scientific community. More specifically, for the application areas in which CIA (confidentiality, integrity, availability) has prime importance, WSNs and emerging IoT technology might constitute an open avenue for the attackers. Besides, recent integration and collaboration of WSNs with IoT will open new challenges and problems in terms of security. Hence, this would be a nightmare for the individuals using these systems as well as the security administrators who are managing those networks. Therefore, a detailed review of security attacks towards WSNs and IoT, along with the techniques for prevention, detection, and mitigation of those attacks are provided in this paper. In this text, attacks are categorized and treated into mainly two parts, most or all types of attacks towards WSNs and IoT are investigated under that umbrella: “Passive Attacks” and “Active Attacks”. Understanding these attacks and their associated defense mechanisms will help paving a secure path towards the proliferation and public acceptance of IoT technology