SNARE: Spatio-temporal Network-level Automatic Reputation Engine

Current spam filtering techniques classify email based on content and IP reputation blacklists or whitelists. Unfortunately, spammers can alter spam content to evade content based filters, and spammers continually change the IP addresses from which they send spam. Previous work has suggested that filters based on network-level behavior might be more efficient and robust, by making decisions based on how messages are sent, as opposed to what is being sent or who is sending them. This paper presents a technique to identify spammers based on features that exploit the network-level spatio temporal behavior of email senders to differentiate the spamming IPs from legitimate senders. Our behavioral classifier has two benefits: (1) it is early (i.e., it can automatically detect spam without seeing a large amount of email from a sending IP address-sometimes even upon seeing only a single packet); (2) it is evasion-resistant (i.e., it is based on spatial and temporal features that are difficult for a sender to change). We build classifiers based on these features using two different machine learning methods, support vector machine and decision trees, and we study the efficacy of these classifiers using labeled data from a deployed commercial spam-filtering system. Surprisingly, using only features from a single IP packet header (i.e., without looking at packet contents), our classifier can identify spammers with about 93% accuracy and a reasonably low false-positive rate (about 7%). After looking at a single message spammer identification accuracy improves to more than 94% with a false rate of just over 5%. These suggest an effective sender reputation mechanism

A palaeoenvironmental reconstruction of the Middle Jurassic of Sardinia (Italy) based on integrated palaeobotanical, palynological and lithofacies data assessment

During the Jurassic, Sardinia was close to continental Europe. Emerged lands started from a single island forming in time a progressively sinking archipelago. This complex palaeogeographic situation gave origin to a diverse landscape with a variety of habitats. Collection- and literature-based palaeobotanical, palynological and lithofacies studies were carried out on the Genna Selole Formation for palaeoenvironmental interpretations. They evidence a generally warm and humid climate, affected occasionally by drier periods. Several distinct ecosystems can be discerned in this climate, including alluvial fans with braided streams (Laconi-Gadoni lithofacies), paralic swamps and coasts (Nurri-Escalaplano lithofacies), and lagoons and shallow marine environments (Ussassai-Perdasdefogu lithofacies). The non-marine environments were covered by extensive lowland and a reduced coastal and tidally influenced environment. Both the river and the upland/hinterland environments are of limited impact for the reconstruction. The difference between the composition of the palynological and palaeobotanical associations evidence the discrepancies obtained using only one of those proxies. The macroremains reflect the local palaeoenvironments better, although subjected to a transport bias (e.g. missing upland elements and delicate organs), whereas the palynomorphs permit to reconstruct the regional palaeoclimate. Considering that the flora of Sardinia is the southernmost of all Middle Jurassic European floras, this multidisciplinary study increases our understanding of the terrestrial environments during that period of time

The Use of Honeynets to Increase Computer Abstract Network Security and User Awareness

In this paper, we address how honeynets, networks of computers intended to be compromised, can be used to increase network security in a large organizational environment. We outline the current threats Internet security is facing at present and show how honeynets can be used to learn about those threats for the future. We investigate issues researchers have to take into account before deploying or while running a honeynet. Moreover, we describe how we tied honeynet research into computer security classes at Georgia Tech to successfully train students and spark interest in computer security.

Verkehrsablauf an aufeinanderfolgenden Trennungs- und Zusammenfuehrungspunkten in planfreien Knotenpunkten innerhalb bebauter Gebiete

The objective of this research project was to employ empirical studies of traffic flow and traffic safety to derive minimum distances and minimum dimensions for the most frequently used designs of entrances and exits at junctions on urban motorways. The test results indicate that a separation point - with good quality advance signposting and signposting - with a distance of 80 m between the tip of the first island and the signposting, and - a distance of 70 m between the signposting and the tip of the subsequent prohibited zone can be regarded as being adequately dimensioned for traffic quality and safety purposes. Even in situations with minimum distances between the separation points, satisfactory quality of traffic flow and traffic safety were determined when there was - suitable advance signposting and signposting - suitable marking and the driving speeds were adapted to the geometrical design of the junction. The test results for merging points showed that - a merging lane length of 120 m can be regarded as adequate for merging zones designed in accordance with type ER 1, - the design of the merging zone must take account of the relevant load relation (of traffic streams), the use of a ramp link of the order of 40 m after the end of the first merging zone would seem appropriate and favourable to safety. (orig.)Available from TIB Hannover: ZA 4681(552)+a / FIZ - Fachinformationszzentrum Karlsruhe / TIB - Technische InformationsbibliothekSIGLEDEGerman