Introducing the SlowDrop Attack

In network security, Denial of Service (DoS) attacks target network systems with the aim of making them unreachable. Last generation threats are particularly dangerous because they can be carried out with very low resource consumption by the attacker. In this paper we propose SlowDrop, an attack characterized by a legitimate-like behavior and able to target different protocols and server systems. The proposed attack is the first slow DoS threat targeting Microsoft IIS, until now unexploited from other similar attacks. We properly describe the attack, analyzing its ability to target arbitrary systems on different scenarios, by including both wired and wireless connections, and comparing the proposed attack to similar threats. The obtained results show that by executing targeted attacks, SlowDrop is successful both against conventional servers and Microsoft IIS, which is closed source and required us the execution of so called \u201cnetwork level reverse engineering\u201d activities. Due to its ability to successfully target different servers on different scenarios, the attack should be considered an important achievement in the slow DoS field

Dht-based security infrastructure for trusted internet and grid computing

Abstract: We designed a distributed security infrastructure with self-defence capabilities to secure networked resources in Grids and internet applications. This paper reports new developments in fuzzy trust management, game-theoretic Grid models, security-binding methodology, as well as new Grid performance metrics, defence architecture and mechanisms against intrusions, worms, and low-rate pulsing Distributed Denial of Service (DDoS) attacks. The design is based on a novel Distributed Has

Improvement of DDoS attack detection and web access anonymity

The thesis has covered a range of algorithms that help to improve the security of web services. The research focused on the problems of DDoS attack and traffic analysis attack against service availability and information privacy respectively. Finally, this research significantly advantaged DDoS attack detection and web access anonymity.<br /

Security in peer-to-peer communication systems

P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version

User-Centric Active Learning for Outlier Detection

Outlier detection searches for unusual, rare observations in large, often high-dimensional data sets. One of the fundamental challenges of outlier detection is that ``unusual\u27\u27 typically depends on the perception of a user, the recipient of the detection result. This makes finding a formal definition of ``unusual\u27\u27 that matches with user expectations difficult. One way to deal with this issue is active learning, i.e., methods that ask users to provide auxiliary information, such as class label annotations, to return algorithmic results that are more in line with the user input. Active learning is well-suited for outlier detection, and many respective methods have been proposed over the last years. However, existing methods build upon strong assumptions. One example is the assumption that users can always provide accurate feedback, regardless of how algorithmic results are presented to them -- an assumption which is unlikely to hold when data is high-dimensional. It is an open question to which extent existing assumptions are in the way of realizing active learning in practice. In this thesis, we study this question from different perspectives with a differentiated, user-centric view on active learning. In the beginning, we structure and unify the research area on active learning for outlier detection. Specifically, we present a rigorous specification of the learning setup, structure the basic building blocks, and propose novel evaluation standards. Throughout our work, this structure has turned out to be essential to select a suitable active learning method, and to assess novel contributions in this field. We then present two algorithmic contributions to make active learning for outlier detection user-centric. First, we bring together two research areas that have been looked at independently so far: outlier detection in subspaces and active learning. Subspace outlier detection are methods to improve outlier detection quality in high-dimensional data, and to make detection results more easy to interpret. Our approach combines them with active learning such that one can balance between detection quality and annotation effort. Second, we address one of the fundamental difficulties with adapting active learning to specific applications: selecting good hyperparameter values. Existing methods to estimate hyperparameter values are heuristics, and it is unclear in which settings they work well. In this thesis, we therefore propose the first principled method to estimate hyperparameter values. Our approach relies on active learning to estimate hyperparameter values, and returns a quality estimate of the values selected. In the last part of the thesis, we look at validating active learning for outlier detection practically. There, we have identified several technical and conceptual challenges which we have experienced firsthand in our research. We structure and document them, and finally derive a roadmap towards validating active learning for outlier detection with user studies

Towards secure message systems

Message systems, which transfer information from sender to recipient via communication networks, are indispensable to our modern society. The enormous user base of message systems and their critical role in information delivery make it the top priority to secure message systems. This dissertation focuses on securing the two most representative and dominant messages systems---e-mail and instant messaging (IM)---from two complementary aspects: defending against unwanted messages and ensuring reliable delivery of wanted messages.;To curtail unwanted messages and protect e-mail and instant messaging users, this dissertation proposes two mechanisms DBSpam and HoneyIM, which can effectively thwart e-mail spam laundering and foil malicious instant message spreading, respectively. DBSpam exploits the distinct characteristics of connection correlation and packet symmetry embedded in the behavior of spam laundering and utilizes a simple statistical method, Sequential Probability Ratio Test, to detect and break spam laundering activities inside a customer network in a timely manner. The experimental results demonstrate that DBSpam is effective in quickly and accurately capturing and suppressing e-mail spam laundering activities and is capable of coping with high speed network traffic. HoneyIM leverages the inherent characteristic of spreading of IM malware and applies the honey-pot technology to the detection of malicious instant messages. More specifically, HoneyIM uses decoy accounts in normal users\u27 contact lists as honey-pots to capture malicious messages sent by IM malware and suppresses the spread of malicious instant messages by performing network-wide blocking. The efficacy of HoneyIM has been validated through both simulations and real experiments.;To improve e-mail reliability, that is, prevent losses of wanted e-mail, this dissertation proposes a collaboration-based autonomous e-mail reputation system called CARE. CARE introduces inter-domain collaboration without central authority or third party and enables each e-mail service provider to independently build its reputation database, including frequently contacted and unacquainted sending domains, based on the local e-mail history and the information exchanged with other collaborating domains. The effectiveness of CARE on improving e-mail reliability has been validated through a number of experiments, including a comparison of two large e-mail log traces from two universities, a real experiment of DNS snooping on more than 36,000 domains, and extensive simulation experiments in a large-scale environment

Supporting claimants' health: A role for the personal adviser?

This study centres on the way in which welfare claimants' health-related needs are understood and addressed within the new welfare-to-work landscape. The study takes a specific interest in the role of the Personal Adviser, a central frontline practice figure who has previously been extensively involved in implementing UK welfare-to-work policy. A qualitative methodology underpinned by ethnographic principles was implemented. The study design aimed to take into consideration the macro, meso and micro-level factors that characterise the policy arena, provider organisations that provide employment support and frontline practice. The methods selected were: a documentary review, participant observation of the policy arena, observation of the practice arena and semi-structured interviews. The study found that the Personal Adviser is often at the heart of employment support delivery. Personal Advisers are expected to be competent in adopting different roles, some of which might conflict and cause tensions, when meeting the diverse needs of claimants who have health conditions. These findings raise important questions about the legitimacy and preparedness of Personal Advisers' practice in relation to supporting claimants' health. The findings also found that Prime Work Programme provider organisations had proposed varied levels of health-related support provision, and some of their models had a lack of prominence to health. This raises concerns about equity, quality and adequacy of any support being provided. The need for welfare policy to retain a health focus has been shown to be crucial, and integration between the NHS and employment provision needs to be improved, especially at the frontline. This study has contributed new knowledge about the nature of health-related support within the policy and practice context, and the Personal Adviser's role in supporting claimants with health conditions in the newly emerging world of welfare-to-work

Crossing the boundaries: Nurses in the medical domain ; An examination of safety and outcomes in secondary care.

Background and Aims Nurses' roles, responsibilities and practice have changed and the boundaries between nursing and medicine have blurred. Few studies compare clinical outcomes of patients managed by Advanced Nurse Practitioners (ANPs) and junior doctors in acute secondary care. Aims of the study were to identify any observable differences between ANPs undertaking traditional junior doctor roles and junior doctors in relation to senior doctor congruence with diagnosis and clinical management planning, and clinical assessment practices. Setting The study took place in an acute hospital in the UK from April 2009 to August 2010. Design and methods This was a retrospective review of clinical records of patients presenting to the emergency medicine division. Data were collected from 311 randomly selected case notes of patients presenting to 10 ANPs and 10 junior doctors. Data were analysed using bivariate and multivariate techniques in SPSS version 19. Analyses were repeated including only patients presenting to Acute Medical Assessment Unit (AMA). Findings Statistically significant findings included: patients presenting to junior doctors were older, had more co-existing problems and were prescribed more medicines before presentation. Patients presenting to ANPs were more likely to have chest pain. ANPs were less likely to prescribe medicines. Clinical management plans were less likely to be agreed for patients with more coexisting problems. There were few inter-professional differences in senior congruence with clinical management planning and diagnosis and clinical assessment practices. These findings are reassuring as nurses' work moves into what was formerly the medical domain

The Nature and Experience of Anxiety in Bipolar Disorder.

Anxiety experiences (defined either categorically as a disorder or on continua as symptoms) have been found to be highly prevalent in bipolar disorder (BD) and have been consistently associated with poorer outcomes. Current research in this area has primarily focused on prevalence rates of anxiety disorders and their association to retrospective outcomes. There is a lack of research regarding the psychological processes which may underlie the relationship between anxiety and bipolar mood experiences and current psychological models of BD have generally omitted anxiety in their explanations of mood swings. A qualitative meta-synthesis and semi-structured interviews were employed in this thesis to explore the lived experience of anxiety in BD. A longitudinal analysis of data from a large scale RCT was also conducted to assess a range of categorical and continuous measures of anxiety as predictors of outcome in BD. Finally, experience sampling methodology assessed momentary interactions between anxiety and affect in daily life for individuals with BD and non-clinical controls. Anxiety was found to be intrinsically linked to bipolar mood experiences across methodologies. Subjectively, anxiety was perceived as a trigger to both depressed and manic experiences. Anxiety about relapse due to extreme negative appraisals of mood swings was reported and impacted on several important life domains including quality of life, sleep, relationships and employment. Anxiety was consistently associated with increased depression and reduced functioning across all studies. Anxiety and mania were found to have both positive and negative associations across studies. The continuous measurement of anxiety, rather than categorical, was the most reliable predictor of outcome longitudinally when carefully controlling for a range of extraneous variables. The results provide support for anxiety as an intrinsic experience in BD and encourage the consideration of integrated psychological models and treatment approaches which include anxiety as a core feature of BD

Journal of Telecommunications and Information Technology, 2022, nr 3

kwartalni