Defining categories to select representative attack test-cases

7 pagesRapport LAAS-CNRSTo ameliorate the quality of protection provided by intrusion detection systems (IDS) we strongly need more effective evaluation and testing procedures. Evaluating an IDS against all known and unknown attacks is probably impossible. Nevertheless, a sensible selection of representative attacks is necessary to obtain an unbiased evaluation of such systems. To help in this selection, this paper suggests applying the same approach as in software testing: to overcome the problem of an unmanageably large set of possible inputs, software testers usually divide the data input domain into categories (or equivalence classes), and select representative instances from each category as test cases. We believe that the same principle could be applied to IDS testing if we have a reasonable classification. In this paper we make a thorough analysis of existing attack classifications in order to determine whether they could be helpful in selecting attack test cases. Based on our analysis, we construct a new scheme to classify attacks relying on those attributes that appear to be the best classification criteria. The proposed classification is mainly intended to be used for testing and evaluating IDS although it can be used for other purposes such as incident handling and intrusion reporting. We also apply the Classification Tree Method (CTM) to select attack test cases. As far as we know, this is the first time that this method is applied for this purpose

Locally Isolated Bacterial Strains with Multiple Degradation Potential Capabilities on Petroleum Hydrocarbon Pollutants

Abstract In the present study, 23 isolates, dominated by bacterial genera (74%) were isolated from petroleum sludge at refinery wastewater plant, Jeddah, KSA, by means of selective enrichment in nutritionally optimized refinery wastewater (NORWW) and over twelve successive transfers. Efficiency of biodegradation on complex mixture of hydrocarbons present in refinery wastewater was evidenced by changes in both total viable counts (TVC) and COD content of cultivation broth. Out of the 23 isolates three most potent isolates named BDCC-TUSA-8, BDCC-TUSA-12 and BDCC-TUSA-18 were selected for their efficient COD removal and active growth. The three isolates were tested separately in Bushnell-Haas (BH) media for their capabilities to degrade n-Hexadecane, phenol and phenanthrene, representing the major types of hydrocarbon pollutants. The results strongly indicated that all three isolates showed multiple degradation potentials with remarkably fast reaction rates. Before being recommended for future work, the three isolates were fully characterized and identified employing culture-dependent techniques such as API 20E, API 20NE and API 50CHB, and further confirmed by partial 16S rRNA gene sequencing and phylogenetic analysis as Pantoea agglomerans, Acinetobacter lwoffii and Bacillus thuringiensis respectively. The obtained potent strains provide valuable candidates if assemblages of mixed fewer strains with overall broad and complementary enzymatic capacities are to be considered in order to bring the rate and extent of petroleum biodegradation further as a cost-effective process

Rhodobacter capsulatus B10に及ぼすカドミウムと亜鉛ストレスの影響に関する研究

取得学位：博士(理学)，学位授与番号：博甲第844号，学位授与年月日：平成18年9月28

Humoral and cellular immune responses to modified hepatitis B plasmid DNA vaccine in mice

Purpose: To evaluate the immunogenicity and types of immune response of a quality-controlled modified recombinant hepatitis B surface antigen (HBsAg) plasmid encoding HBsAg in mice.Methods: The characterized plasmid DNA was used in the immunization of Balb/c mice. Three groups of mice were intramuscularly injected with three different concentrations (50, 25 and 10 μg/100 μL) of the modified plasmid. Humoral immune response was monitored by enzyme-linked immunosorbent assay (ELISA), while cellular immune response was investigated by analysis of spleen cytokine profile (TNFα, IFN γ and IL2) as well as CD69 expression level in CD4 and CD8 positive cells.Results: In general, the activated CD4 cells showing intracellular cytokines were higher than CD8 positive population of cells (p < 0.05). These findings indicate that the vaccine induced both a humoral and cellular immunity. Cytokine profile also showed high levels of TNFα, IFN γ and IL2 and CD69 expression in the group of animals immunized at a dose of 10 μg when compared to control group (p < 0.05).Conclusion: A 10 μg dose intramuscular injection of the modified DNA-based vaccine encoding HBsAg in mice induces both high humoral and cellular immune responses.Keywords: Hepatitis B virus, Plasmid DNA, Vaccine, Spleen cytokines, Humoral and cellular immune response

Evaluation des systèmes de détection d'intrusion

This thesis contributes to the improvement of intrusion detection system (IDS) evaluation. The work is motivated by two problems. First, the observed increase in the number and the complexity of attacks requires that IDSes evolve to stay capable of detecting new attack variations efficiently. Second, the large number of false alarms that are generated by current IDSes renders them ineffective or even useless. Test and evaluation mechanisms are necessary to determine the quality of detection of IDSes or of their detection algorithms. Unfortunately, there is currently no IDS evaluation method that would be unbiased and scientifically rigorous. During our study, we have noticed that current IDS evaluations suffer from three major defects: 1) the lack of a rigorous methodology; 2) the use of non-representative test datasets; and 3) the use of incorrect metrics. From this perspective, we have introduced a rigorous approach covering most aspects of IDS evaluation. In the first place, we propose an evaluation methodology that allows carrying out the evaluation process in a systematic way. Secondly, in order to create representative test datasets, we have characterized attacks by classifying attack activities with respect to IDS-relevant manifestations or features. This allows not only to select attacks that will be included in the evaluation dataset but also to analyze the evaluation result with respect to attack classes rather than individual attack instances. Third, we have analyzed a large number of attack incidents and malware samples, such as viruses and worms. Thanks to this analysis, we built a model for the attack process that exhibits the dynamics of attack activities. This model allows us to generate large number of realistic and diverse attack scenarios. The proposed methods have been experimented on two very different IDSes to show how general is our approach. The results show that the proposed approach allows overcoming the two main defects of existing evaluat ions, i.e., the lack of a rigorous methodology and the use of non-representative datasets. Moreover, it allows to better manage the evaluation process and to select representative attack test cases in a flexible manner while providing a better coverage of the attack space.Cette thèse vise à contribuer à l'amélioration des méthodes d'évaluation des systèmes de détection d'intrusion (en anglais, Intrusion Detection Systems ou IDS). Ce travail est motivé par deux problèmes actuels : tout d'abord, l'augmentation du nombre et de la complexité des attaques que l'on observe aujourd'hui nécessite de faire évoluer les IDS pour leur permettre de les détecter. Deuxièmement, les IDS actuels génèrent de trop fréquentes fausses alertes, ce qui les rend inefficaces voir inutiles. Des moyens de test et d'évaluation sont nécessaires pour déterminer la qualité de détection des IDS et de leurs algorithmes de détection. Malheureusement, il n'existe pas actuellement de méthode d'évaluation satisfaisante. En effet, les méthodes employées jusqu'ici présentent trois défauts majeurs : 1) une absence de méthodologie rigoureuse, 2) l'utilisation de données de test non représentatives, et 3) l'utilisation de métriques incorrectes. Partant de ce constat, nous proposons une démarche rigoureuse couvrant l'ensemble de l'évaluation des IDS. Premièrement, nous proposons une méthodologie d'évaluation qui permet d'organiser l'ensemble du processus d'évaluation. Deuxièmement, afin d'obtenir des données de test représentatives, nous avons défini une classification des types d'attaques en fonction des moyens de détection utilisés par les IDS. Cela permet non seulement de choisir les attaques à inclure dans les données de test mais aussi d'analyser les résultats de l'évaluation selon les types d'attaques plutôt que sur chaque attaque individuellement. Troisièmement, nous avons analysé un grand nombre d'attaques réelles et de " maliciels " connus, tels que les virus et les vers. Grâce à cette analyse, nous avons pu construire un modèle générique de processus d'attaques qui met en évidence la dynamique des activités d'attaque. Ce modèle permet de générer un nombre important de scénarios d'attaques à la fois réalistes et variés. Les méthodes proposées ont été expérimentées su r deux systèmes de détection d'intrusion très différents, pour montrer la généralité de notre démarche. Les résultats montrent que l'approche proposée permet de surmonter les deux défauts principaux des évaluations existantes, à savoir l'absence de méthodologie et l'utilisation de données non représentatives. Elle permet en particulier de mieux gérer le processus d'évaluation et de choisir les cas de test pertinents pour les types d'IDS et les objectifs de l'évaluation, tout en couvrant une large partie de l'espace d'attaques

An anharmonic contribution to the Helmholtz free energy O(lambda 6)

The anharmonic contributions of order A6 to the Helmholtz free energy for a crystal in which every atom is on a site of inversion symmetry, have been evaluated The cor~esponding diagrams in the various orders of the perturbation theory have been presented The validity of the expressions given is for high temperatures. Numerical calculations for the diagrams which contribute to the free energy have been worked out for a nearest-n~ighbour central-force model of a facecentered cubic lattice in the high-temperature limit and in the leading term and the Ludwig approximations. The accuracy of the Ludwig approximation in evaluating the Brillouin-zone sums has been investigated. Expansion for all diagrams in the high-temperature limit has been carried out The contribution to the specific heat involves a linear as well as cubic term~ We have applied Lennard-Jones, Morse and Exponential 6 types of potentials. A comparison between the contribution to the free energy of order A6 to that of order A4 has been made

Utilization of biochemical peculiarities of fungus alternaria solani (ell et mart) sor in cellular selection of tomato species immune to alternariosis

The investigation is concerned with the strains of fungus Alternaria solani and tomato species "Beli Naliv", "Sibirski Ranniy" and "Talalikhin". The object of investigation is revelation of the possibility of cellular selection of tomato species immune to alternariosis. The researchers have studied the process of formation of phytotoxins of fungi in diverse nutritive media, obtained regenerating plants immune to cultural fungous filtrates and developed new methods for isolating and identifying fungous phytotoxins in fungus cultural filtrates and methods of cellular selection of tomato species resistant to fungus phytotoxins. The disclosed methods of isolation and identification of phytotoxins Alternaria solani have been proposed for publicationAvailable from VNTIC / VNTIC - Scientific & Technical Information Centre of RussiaSIGLERURussian Federatio

モバイル ネットワーク ニ オケル コウリツ ノ ヨイ サービス フクセイ ト ジョウホウ シュウシュウ

博士(Doctor)工学(Engineering)奈良先端科学技術大学院大学博第1042号甲第1042号博士(工学)奈良先端科学技術大学院大

Testing Intrusion Detection Systems: An Engineered Approach

The enhancements of Intrusion Detection Systems (IDS) are still bellow expectations. The great number of false positives (false alarms) and false negatives (undetected intrusions) has survived in recent versions as well as in the old ones. This may be -in part- caused by the shortage of an effective, unbiased evaluation and testing methodology that is both scientifically rigorous and technically feasible. The complexity of the environments where Intrusion detection systems operate, makes the evaluation process itself a nontrivial task. For this reason, ad-hoc evaluations often produce results that don't correspond to real world. In this paper, we propose a framework for evaluating IDSes as well as some new metrics. This systematic methodology follows an engineered approach to manage the complexity of the evaluation process and takes into account both environment and IDS characteristics