Analysis of Credential Stealing Attacks in an Open Networked Environment

Abstract. This paper analyses the forensic data on credential stealing incidents over a period of 5 years across 5000 machines monitored at the National Center for Supercomputing Applications at the University of Illinois. The analysis conducted is the first attempt in an open operational environment (i) to evaluate the intricacies of carrying out SSH-based credential stealing attacks, (ii) to highlight and quantify key characteristics of such attacks, and (iii) to provide the system level characterization of such incidents in terms of distribution of alerts and incident consequences. Keywords-Incident analysis;Credential stealing; Intrusion detectio

Classifying malicious windows executables using anomaly based detection

A malicious executable is broadly defined as any program or piece of code designed to cause damage to a system or the information it contains, or to prevent the system from being used in a normal manner. A generic term used to describe any kind of malicious software is Maiware, which includes Viruses, Worms, Trojans, Backdoors, Root-kits, Spyware and Exploits. Anomaly detection is technique which builds a statistical profile of the normal and malicious data and classifies unseen data based on these two profiles. A detection system is presented here which is anomaly based and focuses on the Windows® platform. Several file infection techniques were studied to understand what particular features in the executable binary are more susceptible to being used for the malicious code propagation. A framework is presented for collecting data for both static (non-execution based) as well as dynamic (execution based) analysis of the malicious executables. Two specific features are extracted using static analysis, Windows API (from the Import Address Table of the Portable Executable Header) and the hex byte frequency count (collected using Hexdump utility) which have been explained in detail. Dynamic analysis features which were extracted are briefly mentioned and the major challenges faced using this data is explained. Classification results using Support Vector Machines for anomaly detection is shown for the two static analysis features. Experimental results have provided classification results with up to 94% accuracy for new, previously unseen executables

Interspecific interactions between saprotrophic basidiomycetes: effect on volatile production and gene expression of mycelia

Saprotrophic basidiomycetes play key roles in decomposition and nutrient cycling within woodland ecosystems. Species compete for space and resources, resulting in interactions with a range of outcomes, ranging from deadlock to replacement. Trametes versicolor was chosen to study these interactions in more detail and at a molecular level. During interactions T. versicolor produced barrages of aerial mycelium at the interaction front, and hyphal growth was inhibited in the presence of an opponent prior to contact. Volatile sesquiterpenes and aromatic hydrocarbons were produced when T. versicolorinteracted with Stereum gauspatum, which may have inhibitory effects and cause DNA and protein damage. Suppression subtractive hybridisation libraries were constructed for the interaction of T. versicolor vs S. gausapatum. This is one of the first studies to examine interspecific interactions of saprotrophic basidiomycetes from a molecular perspective. Expressed sequence tag analysis coupled with cDNA microarray technology was used to study the molecular basis of interactions of T. versicolor with S. gausapatum, Bjerkandera adusta and Hypholoma fasciculare, which are replaced, deadlock and replace T. versicolor, respectively. Analysis revealed up-regulation of peroxidases, catalase, chaperone proteins and fungal cell wall enzymes, common to interactions. These genes may be employed to deal with an oxidative environment and intracellular damage generated during interactions and responsible for changes in morphology. More genes were common to interactions in which T. versicolor deadlocked with, or replaced its competitor, than when it was replaced itself. Different mechanisms may be employed against different species resulting in the range of outcomes observed

Olea

The genus Olea contains about 30 species were grouped into three subgenera, Tetrapilus, Paniculatae, and Olea (cultivated olive and wild relatives), found in Asia, Australia and Asia, Africa and Europe, respectively. The species O. europaea L. includes six subspecies: Olea europaea L. ssp. europaea (the Mediterranean olives); O. e. laperrinei (distributed in Saharan massifs of Hoggar, Aïr, Jebel Marra in Algeria); O. e. cuspidata (which moved from South Africa to Egypt, East Australian areas and Hawaii, and from Arabia to northern India and Southwest China); O. e. guanchica (Canary Islands); O. e. maroccana (southwestern Morocco); and O. e. cerasiformis (Madeira). Using molecular markers, it has been ascertained that the Mediterranean olives include the cultivated types (O. europaea L. ssp. europaea var. sativa), the true wild oleaster (O. e. e. var. sylvestris), and the feral form olevaster from seedlings raised from seeds of the cultivated types. The oleaster has a narrow range of distribution and it is often mistaken for olevaster. Recolonization of the Mediterranean basin by Oleaster occurred after the last glacial event, from refuges located in both eastern and western Mediterranean basin areas toward southern Europe. Oleaster is a source of rootstock for propagating new improved cultivated varieties. Cultivated and wild forms have the same diploid chromosome number (2n = 46) and are fully interfertile. Triploid and tetraploid genotypes have been isolated from cultivated O.e.e., but polyploid forms have been found in endangered natural populations of O. e. guancica (tetraploid) and O. e. maroccana (hexaploid). Individual oleaster trees showing superior performance for size and/or oil content of fruit were selected empirically during olive domestication and propagated vegetatively as clones using cuttings that were planted directly or, more recently, grafted onto indigenous oleasters. Genetic markers linked for most important agronomic traits, such as size of the tree, content of secondary products of fruit, flowering induction, oil quality, and biotic and abiotic resistance, will help introgression by conventional breeding of oleaster trait-enhancing genes into cultivated olive. Successful results were difficult to achieve due to both the complex genetic basis of the traits to be improved and the long juvenile period of the progenies that delays the expression of the target traits. In vitro techniques to regenerate doubled haploids from hybrids or somaclonal variation induction may complement classical breeding procedures. Genetic transformation could speed up the development of new genotypes, and transgenic olive plants with modified growth habit and putative induced disease resistance are being tested under filed conditions. However, the development of an efficient regeneration method from mature tissue is the limiting factor for the routine application of this technology to olive genetic improvement.La pubblicazione originale è disponibile sul sito dell'editore http://www.springerlink.co

Ochratoxin A and Ochratoxigenic Fungi in Freshly Harvested and Stored Barley and Wheat

Ochratoxin A (OTA) is a toxin produced both prior to harvest and during storage by Penicillium and Aspergillus species in a variety of commodities. Although several studies have been conducted in Europe and Canada examining the occurrence and concentration of OTA in cereal grains, data is lacking for the United States, where guidance levels and regulations do not exist. This study aims to fill in the knowledge gaps surrounding OTA and ochratoxigenic fungi in barley and durum and hard red spring wheat grown in the northwestern and Upper Great Plains regions of the United States. In total 2.7% (n = 37) of the 1370 samples taken over 2 consecutive years had detectable levels of OTA (0.15-9.11 ng/g) directly after harvest. The number of positive samples was significantly greater in 2012 compared to 2011. This difference may be due to weather conditions during the planting and growing seasons or simply natural variation between years. Stored barley and wheat (N = 262) had a higher prevalence (12.2%) and greater range (0.16-185.24 ng/g) of OTA compard to freshly harvested samples. Although 81.3% of the OTA-positive samples had been stored for ≥6 months, samples that had been stored for as short as 1 month also tested positive. These results underline the importance of proper storage conditions in minimizing OTA contamination. P. verrucosum was found to be the primary ochratoxigenic species in these samples. Of the 110 isolates tested, 64.7% were confirmed OTA producers. Samples containing >1 ng/g OTA had significantly more OTA-producing P. verrucosum strains than samples with undetectable OTA. Infestation rate did not correlate with OTA level. Additionally, OTA concentration did not correlate with otanpsPN, an OTA biosynthesis gene. This indicates that the concentration of P. verrucosum in a sample may increase the likelihood of contamination but is not a reliable indicator of OTA level.USDA National Institute of Food and Agriculture (Agriculture and Food Research Initiative Competitive Grant, no. 2011-67005-20676