A graph oriented approach for network forensic analysis

Network forensic analysis is a process that analyzes intrusion evidence captured from networked environment to identify suspicious entities and stepwise actions in an attack scenario. Unfortunately, the overwhelming amount and low quality of output from security sensors make it difficult for analysts to obtain a succinct high-level view of complex multi-stage intrusions. This dissertation presents a novel graph based network forensic analysis system. The evidence graph model provides an intuitive representation of collected evidence as well as the foundation for forensic analysis. Based on the evidence graph, we develop a set of analysis components in a hierarchical reasoning framework. Local reasoning utilizes fuzzy inference to infer the functional states of an host level entity from its local observations. Global reasoning performs graph structure analysis to identify the set of highly correlated hosts that belong to the coordinated attack scenario. In global reasoning, we apply spectral clustering and Pagerank methods for generic and targeted investigation respectively. An interactive hypothesis testing procedure is developed to identify hidden attackers from non-explicit-malicious evidence. Finally, we introduce the notion of target-oriented effective event sequence (TOEES) to semantically reconstruct stealthy attack scenarios with less dependency on ad-hoc expert knowledge. Well established computation methods used in our approach provide the scalability needed to perform post-incident analysis in large networks. We evaluate the techniques with a number of intrusion detection datasets and the experiment results show that our approach is effective in identifying complex multi-stage attacks

A review of bovine Johne's disease control activities in 6 endemically infected countries

Mycobacterium avium subspecies paratuberculosis (MAP) is endemic in the bovine populations of many countries and can cause a significant reduction in animal welfare and production efficiency making control desirable. Effective control has proved very difficult to achieve despite multiple regionally coordinated programmes being in existence since the 1920s. The international community increasingly recognises the value in learning from the collective experiences of existing programmes to improve the effectiveness of control. The aim of this review is to outline key aspects of bovine Johne's disease control activities across 6 endemically infected countries to facilitate comparison of current international practice. The background, control activities and monitoring components of programmes in Australia, Canada, Denmark, the Netherlands, the United Kingdom and the United States of America were individually reviewed. Factual accuracy of each review was checked by individuals involved in the respective programmes before the reviews were condensed and combined into a single document presented here, with the complete reviews of each programme available as supplementary material. There was considerable heterogeneity in key aspects of control activity design including goals, responses to declining participation, herd classification, recommended control measures and associated test requirements. The data presented will be of interest to organisations that are involved in developing new or existing regionally coordinated BJD control activities

Interdisciplinary perspectives on the development, integration and application of cognitive ontologies

We discuss recent progress in the development of cognitive ontologies and summarize three challenges in the coordinated development and application of these resources. Challenge 1 is to adopt a standardized definition for cognitive processes. We describe three possibilities and recommend one that is consistent with the standard view in cognitive and biomedical sciences. Challenge 2 is harmonization. Gaps and conflicts in representation must be resolved so that these resources can be combined for mark-up and interpretation of multi-modal data. Finally, Challenge 3 is to test the utility of these resources for large-scale annotation of data, search and query, and knowledge discovery and integration. As term definitions are tested and revised, harmonization should enable coordinated updates across ontologies. However, the true test of these definitions will be in their community-wide adoption which will test whether they support valid inferences about psychological and neuroscientific data