Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Keratoconus associated with choroidal neovascularization: a case report

<p>Abstract</p> <p>Introduction</p> <p>Keratoconus and choroidal neovascularization can occur as a result of dysfunction of the epithelium and its basement membrane.</p> <p>Case presentation</p> <p>A 17-year-old Asian man, who was diagnosed with myopic choroidal neovascularization in both eyes and who subsequently underwent intravitreal injection of ranibizumab (Lucentis^®) five times over six months, presented with further vision decrease and pain in his right eye. Examination showed corneal steepening and stromal edema in the inferocentral cornea of his right eye, both of which were indicative of advanced keratoconus with acute hydrops. Corneal topography also showed features consistent with keratoconus in his left eye. Fluorescein angiography and optical coherence tomography revealed choroidal neovascularization-associated subretinal hemorrhages and lacquer cracks in both eyes.</p> <p>Conclusion</p> <p>Keratoconus and choroidal neovascularization, possibly resulting from dysfunction of the epithelium and its basement membrane, can occur together in the same individual. This would suggest a possible connection in pathogenesis between these two conditions.</p

Role of Mesenchymal Stem Cells on Cornea Wound Healing Induced by Acute Alkali Burn

The aim of this study was to investigate the effects of subconjunctivally administered mesenchymal stem cells (MSCs) on corneal wound healing in the acute stage of an alkali burn. A corneal alkali burn model was generated by placing a piece of 3-mm diameter filter paper soaked in NaOH on the right eye of 48 Sprague-Dawley female rats. 24 rats were administered a subconjunctival injection of a suspension of 2×106 MSCs in 0.1 ml phosphate-buffered saline (PBS) on day 0 and day 3 after the corneal alkali burn. The other 24 rats were administered a subconjunctival injection of an equal amount of PBS as a control. Deficiencies of the corneal epithelium and the area of corneal neovascularization (CNV) were evaluated on days 3 and 7 after the corneal alkali burn. Infiltrated CD68+ cells were detected by immunofluorescence staining. The mRNA expression levels of macrophage inflammatory protein-1 alpha (MIP-1α), tumor necrosis factor-alpha (TNF-α), monocyte chemotactic protein-1 (MCP-1) and vascular endothelial growth factor (VEGF) were analyzed using real-time polymerase chain reaction (real-time PCR). In addition, VEGF protein levels were analyzed using an enzyme-linked immunosorbent assay (ELISA). MSCs significantly enhanced the recovery of the corneal epithelium and decreased the CNV area compared with the control group. On day 7, the quantity of infiltrated CD68+ cells was significantly lower in the MSC group and the mRNA levels of MIP-1α, TNF-α, and VEGF and the protein levels of VEGF were also down-regulated. However, the expression of MCP-1 was not different between the two groups. Our results suggest that subconjunctival injection of MSCs significantly accelerates corneal wound healing, attenuates inflammation and reduces CNV in alkaline-burned corneas; these effects were found to be related to a reduction of infiltrated CD68+ cells and the down-regulation of MIP-1α, TNF-α and VEGF

McPAD: A multiple classifier system for accurate payload-based anomaly detection

Anomaly-based network intrusion detection systems (IDS) are valuable tools for the defense-in-depth of computer networks. Unsupervised or unlabeled learning approaches for network anomaly detection have been recently proposed. Such anomaly-based network IDS are able to detect (unknown) zero-day attacks, although much care has to be dedicated to controlling the amount of false positives generated by the detection system. As a matter of fact, it is has been shown that the false positive rate is the true limiting factor for the performance of IDS, and that in order to substantially increase the Bayesian detection rate, P(Intrusion/Alarm), the IDS must have a very low false positive rate (e.g., as low as 10(-5) or even lower). In this paper we present McPAD (multiple classifier payload-based anomaly detector), a new accurate payload-based anomaly detection system that consists of an ensemble of one-class classifiers. We show that our anomaly detector is very accurate in detecting network attacks that bear some form of sheH-code in the malicious payload. This holds true even in the case of polymorphic attacks and for very low false positive rates. Furthermore, we experiment with advanced polymorphic blending attacks and we show that in some cases even in the presence of such sophisticated attacks and for a low false positive rate our IDS still has a relatively high detection rate.

Propagation of premixed flames in the presence of Darrieus–Landau and thermal diffusive instabilities

We study the propagation of premixed flames, in the absence of external turbulence, under the effect of both hydrodynamic (Darrieus–Landau) and thermodiffusive instabilities. The Sivashinsky equation in a suitable parameter space is initially utilized to parametrically investigate the flame propagation speed under the potential action of both kinds of instability. An adequate variable transformation shows that the propagation speed can collapse on a universal scaling law as a function of a parameter related to the number of unstable wavelengths within the domain nc. To assess whether this picture can persist in realistic flames, a DNS database of large scale, two-dimensional flames is presented, embracing a range of nc values and subject to either purely hydrodynamic instability (DL) or both kinds of instability (TD). With the aid of similar DNS databases from the literature we observe that when adequately rescaled, propagation speeds follow two distinct scaling laws, depending on the presence of thermodiffusive instability or lack thereof. We verify the presence of secondary cutoff values for nc identifying (a) the insurgence of secondary wrinkling in purely hydrodynamically unstable flames and (b) the attainment of domain independence in thermodiffusively unstable flames. A possible flame surface density based model for the subgrid wrinkling is also proposed

Cataract Surgery Complications in Uveitis Patients: A Review Article

Uveitis is a leading causes of blindness worldwide, and the development of cataracts is common due to both the presence of intraocular inflammation and the most commonly employed treatment with corticosteroids. The management of these cataracts can be very challenging and often requires additional procedures that can compromise surgical results. The underlying disease affects a relatively young population at higher risk of complications. Preoperative control of inflammation/quiescent disease for at least three months is generally accepted as the minimum amount of time prior to surgical intervention. Phacoemulsification with intraocular lens is the preferred method for surgery, with some studies showing improvement in visual acuity in over 90% of patients. The most common postoperative complications include macular edema, posterior capsule opacification, recurrent or persistent inflammation, glaucoma, epiretinal membrane and IOL deposits, or dislocation. Despite the potential complications, cataract surgery in uveitis patients is considered a safe and successful procedure