SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models

The dependability community has expressed a growing interest in the recent years for the effects of malicious, ex-ternal, operational faults in computing systems, ie. intru-sions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault toler-ant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lack-ing sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we de-scribe a framework similar in its spirit to so called honey-farms but built in a way that makes its large-scale deploy-ment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The sys-tem is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.

Modeling and optimization of the palm oil (Elaeis guineensis) supply chain in Colombia

The aim of this research is to develop a quantitative tool that supports decision-makers in the strategic planning of supply chains (SC). The problem to be solved consists in determining the optimal configuration of the palm oil SC, including decisions associated to the number, location and capacity of all the facilities of the SC in a given country; its expansion policy in the planning horizon, means of transportation, production rates, material flow, waste management, and its potential environmental impact. Bearing this in mind, two mathematical models are presented to address this problem. The first one is a mixed integer linear programming (MILP) model applied to the oil palm industry in Colombia that aims to maximize the net present value of its SC in a specific planning horizon. On the other hand, the second model solves a multi-objective optimization (MOO) MILP problem. It combines the first model with the Life Cycle Assessment (LCA) methodology to optimize the palm oil SC in Colombia. The MOO model aims at maximizing the economic benefit of this SC and simultaneously minimizing its environmental impact (measured in “eco-points”). The MOO problem was solved using the epsilon constraint method. Pareto optimal solutions provide valuable information for the optimal design and configuration of the palm oil SC, in particular the compensations or trade-offs resulting from economic profit, and its environmental impact. The solutions obtained through this model show a more rational distribution of productive units, including the establishment of renewable power plants.DoctoradoDoctor en Ingeniería Industria

Richesses des bibliothèques provinciales de France. Historique des dépôts,oeuvres d\u27Art, manuscrits, miniatures, livres, reliures, musiques, dessins et gravures, monnaies et médailles, fonds locaux, spécialités (Les)

« Document numérisé pour l\u27ENSSIB » - Cet ouvrage rend compte d\u27une enquête prescrite par la Circulaire ministérielle du 31 mars 1928 et menée auprès des conservateurs des bibliothèques provinciales de France. Il synthétise quatre années de travail dont l\u27objectif est de promouvoir et faire connaître les richesses des bibliothèques françaises. Publié par Pol Neveux et Émile Dacier, ce document est un précieux ouvrage de référence. Son intérêt historique tient tant dans son propos que dans sa date de publication qui permet à l\u27historien d\u27avoir des éléments sur l\u27histoire des bibliothèques, mais lui fournit également un instantané de la situation de celles-ci à l\u27aube des années trente. Pol Neveux présente le projet initial dans son introduction, revenant sur l\u27ampleur d\u27une telle entreprise. Il propose ensuite un rapide historique des bibliothèques provinciales de France, offrant l\u27opportunité au lecteur de resituer ces établissements dans le contexte général de leur évolution. Le corps de l\u27ouvrage se compose des notices relatives aux bibliothèques provinciales conservant plus de 10 000 volumes. Classées par ordre alphabétique, elles fonctionnent selon le questionnaire de l\u27enquête originale : historiques des dépôts, ?uvres d\u27art, manuscrits, miniatures, livres, reliures, musiques, dessins et gravures, monnaies et médailles, fonds locaux, spécialités. Elles sont de surcroît accompagnées de nombreuses illustrations. Le présent document correspond au premier tome regroupant les notices des bibliothèques d\u27Abbeville à Luxeuil

Richesses des bibliothèques provinciales de France. Historique des dépôts, oeuvres d\u27Art, manuscrits, miniatures, livres, reliures, musiques, dessins et gravures, monnaies et médailles, fonds locaux, spécialités (Les)

« Document numérisé pour l\u27ENSSIB » - Cet ouvrage rend compte d\u27une enquête prescrite par la Circulaire ministérielle du 31 mars 1928 et menée auprès des conservateurs des bibliothèques provinciales de France. Il synthétise quatre années de travail dont l\u27objectif est de promouvoir et faire connaître les richesses des bibliothèques françaises. Publié par Pol Neveux et Émile Dacier, ce document est un précieux ouvrage de référence. Son intérêt historique tient tant dans son propos que dans sa date de publication qui permet à l\u27historien d\u27avoir des éléments sur l\u27histoire des bibliothèques, mais lui fournit également un instantané de la situation de celles-ci à l\u27aube des années trente. Pol Neveux présente le projet initial dans son introduction, revenant sur l\u27ampleur d\u27une telle entreprise. Il propose ensuite un rapide historique des bibliothèques provinciales de France, offrant l\u27opportunité au lecteur de resituer ces établissements dans le contexte général de leur évolution. Le corps de l\u27ouvrage se compose des notices relatives aux bibliothèques provinciales conservant plus de 10 000 volumes. Classées par ordre alphabétique, elles fonctionnent selon le questionnaire de l\u27enquête originale : historiques des dépôts, ?uvres d\u27art, manuscrits, miniatures, livres, reliures, musiques, dessins et gravures, monnaies et médailles, fonds locaux, spécialités. Elles sont de surcroît accompagnées de nombreuses illustrations. Le présent document correspond au second tome regroupant les notices des bibliothèques de Lyon à Yvetot

Lessons Learned from the deployment of a high-interaction honeypot

This paper presents an experimental study and the lessons learned from the observation of the attackers when logged on a compromised machine. The results are based on a six months period during which a controlled experiment has been run with a high interaction honeypot. We correlate our findings with those obtained with a worldwide distributed system of lowinteraction honeypots

Scraping Airlines Bots: Insights Obtained Studying Honeypot Data

Airline websites are the victims of unauthorised online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airlines' websites. In this work, we propose a deceptive approach to counter scraping bots. We present a platform capable of mimicking airlines' sites changing prices at will. We provide results on the case studies we performed with it. We have lured bots for almost 2 months, fed them with indistinguishable inaccurate information. Studying the collected requests, we have found behavioural patterns that could be used as complementary bot detection. Moreover, based on the gathered empirical pieces of evidence, we propose a method to investigate the claim commonly made that proxy services used by web scraping bots have millions of residential IPs at their disposal. Our mathematical models indicate that the amount of IPs is likely 2 to 3 orders of magnitude smaller than the one claimed. This finding suggests that an IP reputation-based blocking strategy could be effective, contrary to what operators of these websites think today

Gone Rogue: An Analysis of Rogue Security Software Campaigns

In the past few years, Internet miscreants have developed a number of techniques to defraud and make a hefty profit out of their unsuspecting victims. A troubling, recent example of this trend is cyber-criminals distributing rogue security software, that is malicious programs that,by pretending to be legitimate security tools (e.g., anti-virus or anti-spyware), deceive users into paying a substantial amount of money in exchange for little or no protection.While the technical and economical aspects of rogue security software (e.g., its distribution and monetization mechanisms) are relatively well-understood, much less is known about the campaigns through which this type of malware is distributed, that is what are the underlying techniques and coordinated efforts employed by cyber-criminals to spread their malware.In this paper, we present the techniques we used to analyze rogue security software campaigns, with an emphasis on the infrastructure employed in the campaign and the life-cycle of the clients that they infect

Kiri Karl Morgensternile, Paris

http://tartu.ester.ee/record=b1854055~S1*es