NGBPA Next Generation BotNet Protocol Analysis

Abstract The command & control (c&c) protocols of botnets are moving away from plaintext IRC communicationt towards encrypted and obfuscated protocols. In gen-eral, these protocols are proprietary. Therefore, standard network monitoring tools are not able to extract the commands from the collected traffic. However, if we want to monitor these new botnets, we need to know how their protocol decryption works. In this paper we present a novel approach in malware analysis for locating the en-cryption and decryption functions in botnet programs. This information can be used to extract these functions for c&c protocols. We illustrate the applicability of our approach by a sample from the Kraken botnet. Using our approach, we were able to identify the encryption routine within minutes. We then extracted the c&c protocol encryption and decryption. Both are presented in this paper.

Gastroesophageal reflux disease in surgical versus clinical literature: clinicians do not read surgical journals

BACKGROUND: Several diseases may be treated either medically or surgically; however, clinical and surgical therapies are often not treated as different options for the same patient but rather as different medical philosophies. AIM: To assess whether the main surgical and medical journals make references to their counterparts, with gastroesophageal reflux as a model of clinical/surgical disease. METHOD: It was reviewed the leading medical journals in order to verify if surgeons and clinicians make references to their counterparts on their work using gastroesophageal reflux disease as a model of a clinical/surgical disease. It was reviewed the five top-ranked journals in the field of gastroenterology, general surgery and general medicine and a neutral journal. The issues of the year 2008 of the selected journals were searched for papers dealing with gastroesophageal reflux disease. RESULTS: The search in the selected journals retrieved 49 papers, 36 (74%) in clinical journals, 5 (10%) in surgical journals, 2 (4%) in general medicine journals, and 6 (12%) in the neutral journal. Thirty one (63%) had a clinical origin, 13 (26%) a surgical origin, and 5 (10%) a neutral origin. Surgical journals published only surgical papers and general medicine journals published only clinical papers. Clinical journals and general medicine journals showed a higher proportion of clinical/surgical references compared to surgical journals (p<0.001) and the neutral journal (p<0.001). There was no differences in the proportion of clinical/surgical references when surgical and the neutral journal were compared (p=0.06). Clinical journals and general medicine journals showed a similar proportion of clinical/surgical references (p=0.06). CONCLUSION: Clinicians make significantly less references to surgical journals than surgeons do to clinical journals.RACIONAL: Várias doenças podem ser tratadas médica ou cirurgicamente; no entanto, a terapêutica clínica ou cirúrgica não é muitas vezes usada como diferente opção para o mesmo paciente, mas sim como diferente filosofia médica na abordagem. OBJETIVO: Verificar se os principais periódicos cirúrgicos e clínicos fazem referências aos seus congêneres, tendo a doença do refluxo gastroesofágico como um modelo de doença clínico/cirúrgica. MÉTODO: Foram revistos os cinco primeiros periódicos classificados na área de gastroenterologia, cirurgia geral e medicina geral e um jornal neutro. Os números do ano 2008 dos periódicos selecionados foram pesquisados no como lidar com a doença do refluxo gastroesofágico. RESULTADOS: Foram selecionados 49 trabalhos, 36 (74%) em revistas clínicas, 5 (10%) em revistas de cirurgia, 2 (4%) em revistas de medicina geral e 6 (12%) no jornal neutro. Trinta e um (63%) tiveram origem clínica, 13 (26%) cirúrgica, e 5 (10%) a origem foi neutra. Revistas cirúrgicas publicaram apenas artigos cirúrgicos e revistas de medicina geral, publicaram apenas trabalhos clínicos. Revistas e jornais de medicina clínica geral mostraram maior proporção de referências clínico/cirúrgicas em relação às revistas de cirurgia (p<0,001) e do jornal neutro (p<0,001). Não houve diferenças na proporção de referências clínico/cirúrgicas quando revistas cirúrgicas e a neutra foram comparadas (p= 0,06). Revistas clínicas e de medicina geral mostraram semelhante proporção de referências clínico/cirúrgicas (p=0,06). CONCLUSÃO: Os clínicos fazem referências significativamente menores para revistas cirúrgicas do que os cirurgiões fazem para as revistas clínicas.Universidade Federal de São Paulo (UNIFESP) Escola Paulista de Medicina Departmento de CirurgiaUniversity of Chicago Department of SurgeryUNIFESP, EPM, Departmento de CirurgiaSciEL

Worm Epidemics in Wireless Adhoc Networks

A dramatic increase in the number of computing devices with wireless communication capability has resulted in the emergence of a new class of computer worms which specifically target such devices. The most striking feature of these worms is that they do not require Internet connectivity for their propagation but can spread directly from device to device using a short-range radio communication technology, such as WiFi or Bluetooth. In this paper, we develop a new model for epidemic spreading of these worms and investigate their spreading in wireless ad hoc networks via extensive Monte Carlo simulations. Our studies show that the threshold behaviour and dynamics of worm epidemics in these networks are greatly affected by a combination of spatial and temporal correlations which characterize these networks, and are significantly different from the previously studied epidemics in the Internet

Botnets for scalable management

International audienceWith an increasing number of devices that must be managed, the scalability of network and service management is a real challenge. A similar challenge seems to be solved by botnets which are the major security threats in today's Internet where a botmaster can control several thousands of computers around the world. This is done although many hindernesses like firewalls, intrusion detection systems and other deployed security appliances to protect current networks. From a technical point of view, such an efficiency can be a benefit for network and service management. This paper describes a new management middleware based on botnets, evaluates its performances and shows its potential impact based on a parametric analytical model

Forecasting Cryptocurrency Value by Sentiment Analysis: An HPC-Oriented Survey of the State-of-the-Art in the Cloud Era

This chapter surveys the state-of-the-art in forecasting cryptocurrency value by Sentiment Analysis. Key compounding perspectives of current challenges are addressed, including blockchains, data collection, annotation, and filtering, and sentiment analysis metrics using data streams and cloud platforms. We have explored the domain based on this problem-solving metric perspective, i.e., as technical analysis, forecasting, and estimation using a standardized ledger-based technology. The envisioned tools based on forecasting are then suggested, i.e., ranking Initial Coin Offering (ICO) values for incoming cryptocurrencies, trading strategies employing the new Sentiment Analysis metrics, and risk aversion in cryptocurrencies trading through a multi-objective portfolio selection. Our perspective is rationalized on the perspective on elastic demand of computational resources for cloud infrastructures

Long-term clinical outcomes in a cohort of patients with solitary plasmacytoma treated in the modern era

BackgroundThe risk of recurrence of solitary plasmacytoma (SP)/progression to MM is well established, but patient, imaging and treatment factors influencing risk of progression require further evaluation.MethodsThis is a retrospective analysis of 66 SP patients (23 UK, 43 Brazil) diagnosed 1989-2016. Patient baseline characteristics were recorded. The incidence of progression to MM was calculated, including biochemical and imaging findings and the treatment modality received. Survival estimates were determined by Kaplan-Meier analyses.ResultsWith a median follow-up of 53.6 months the 5 year overall survival (OS) was 90.7% (95%CI 79-96%). The median progression free survival (PFS) from diagnosis was 61 months. Cumulative incidence of progression to MM was 49.9% at 5 years (95% CI 35.6-62.6%) and was significantly higher with bone plasmacytoma (47.2%, 95%CI 31.9-61.1%), than an extramedullary location (8.3%, 95%CI 0.4-32.3%, Gray test p = 0.0095)). The majority of patients with solitary bony plasmacytoma (SBP) received radiotherapy (RT) (51/53, 96.2%) whereas most extramedullary cases were treated with surgical resection (7/13, 53.8%). A small proportion of SBP patients received additional upfront chemotherapy, with 5/6 in remission after a median follow-up (FU) of 10 years. The diagnostic yield of surveillance functional FU imaging without other indications of relapse/progression was low. The positive predictive value of functional FU imaging was high but with a low negative predictive value, especially in cases of suspected relapse/progression.ConclusionOur data suggests functional imaging should be used if clinical suspicion of relapse/progression, rather than a routine surveillance tool, and upfront adjuvant chemotherapy is worthy of prospective evaluation