BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection

We introduce BotSwindler, a bait injection system designed to delude and detect crimeware by forcing it to reveal during the exploitation of monitored information. The implementation of BotSwindler relies upon an out-of-host software agent that drives user-like interactions in a virtual machine, seeking to convince malware residing within the guest OS that it has captured legitimate credentials. To aid in the accuracy and realism of the simulations, we propose a low overhead approach, called virtual machine verification, for verifying whether the guest OS is in one of a predefined set of states. We present results from experiments with real credential-collecting malware that demonstrate the injection of monitored financial bait for detecting compromises. Additionally, using a computational analysis and a user study, we illustrate the believability of the simulations and we demonstrate that they are sufficiently human-like. Finally, we provide results from performance measurements to show our approach does not impose a performance burden

Predation on centrarchid nests in the St. Lawrence River following introduction of the round goby (Neogobius melanostomus)

The widespread introduction of round goby (Neogobius melanostomus ) throughout the Great Lakes basin has raised concerns regarding increased risk of egg predation on nesting fish species. Five-minute observation trials were conducted to determine the identity and number of nest predators on rock bass (Ambloplites rupestris), pumpkinseed (Lepomis gibbosus), and smallmouth bass (Micropterus dolomieu) nests following removal of the guarding male. Rock bass had a greater proportion of nests invaded (85.4 %) and average number of predators per nest (9.32, SE 1.7) than pumpkinseed (45.0%, 1.83, SE 0.64) in 2011. Similarly, rock bass had a greater proportion of nests invaded (52.5%) and average number of predators per nest (5.3, SE 1.7) than pumpkinseed (35.0%, 2.3, SE 1.1) and smallmouth bass (37.5%, 2.7, SE 0.94) in 2012. Principal components analysis and canonical correspondence analysis of habitat variables indicates some species are more vulnerable to nest predation due to preferred spawning habitat

Comparing Anomaly-Detection Algorithms for Keystroke Dynamics

Keystroke dynamics—the analysis of typing rhythms to discriminate among users—has been proposed for detecting impostors (i.e., both insiders and external attackers). Since many anomaly-detection algorithms have been proposed for this task, it is natural to ask which are the top performers (e.g., to identify promising research directions). Unfortunately, we cannot conduct a sound comparison of detectors using the results in the literature because evaluation conditions are inconsistent across studies. Our objective is to collect a keystroke-dynamics data set, to develop a repeatable evaluation procedure, and to measure the performance of a range of detectors so that the results can be compared soundly. We collected data from 51 subjects typing 400 passwords each, and we implemented and evaluated 14 detectors from the keystrokedynamics and pattern-recognition literature. The three top-performing detectors achieve equal-error rates between 9.6 % and 10.2%. The results—along with the shared data and evaluation methodology—constitute a benchmark for comparing detectors and measuring progress. 1