Detecting Advanced Network Threats Using a Similarity Search

In this paper, we propose a novel approach for the detection of advanced network threats. We combine knowledge-based detections with similarity search techniques commonly utilized for automated image annotation. This unique combination could provide effective detection of common network anomalies together with their unknown variants. In addition, it offers a similar approach to network data analysis as a security analyst does. Our research is focused on understanding the similarity of anomalies in network traffic and their representation within complex behaviour patterns. This will lead to a proposal of a system for the realtime analysis of network data based on similarity. This goal should be achieved within a period of three years as a part of a PhD thesis

Network Defence Using Attacker-Defender Interaction Modelling

Network security is still lacking an efficient system which selects a response action based on observed security events and which is capable of running autonomously. The main reason for this is the lack of an effective defence strategy. In this Ph.D., we endeavour to create such a defence strategy. We propose to model the interaction between an attacker and a defender to comprehend how the attacker’s goals affect his actions and use the model as a basis for a more refined network defence strategy. We formulate the research questions that need to be answered and we discuss, how the answers to these questions relate to the proposed solution. This research is at the initial phase and will contribute to a Ph.D. thesis in four years

Effectiveness of entropy-based features in high-and low-intensity DDoS attacks detection

DDoS attack detection using entropy-based features in network traffic has become a popular approach among researchers in the last five years. The use of traffic distribution features constructed using entropy measures has been proposed as a better approach to detect Distributed Denial of Service (DDoS) attacks compared to conventional volumetric methods, but it still lacks in the generality of detecting various intensity DDoS attacks accurately. In this paper, we focus on identifying effective entropy-based features to detect both high- and low-intensity DDoS attacks by exploring the effectiveness of entropy-based features in distinguishing the attack from normal traffic patterns. We hypothesise that using different entropy measures, window sizes, and entropy-based features may affect the accuracy of detecting DDoS attacks. This means that certain entropy measures, window sizes, and entropy-based features may reveal attack traffic amongst normal traffic better than the others. Our experimental results show that using Shannon, Tsallis and Zhou entropy measures can achieve a clearer distinction between DDoS attack traffic and normal traffic than Rényi entropy. In addition, the window size setting used in entropy construction has minimal influence in differentiating between DDoS attack traffic and normal traffic. The result of the effectiveness ranking shows that the commonly used features are less effective than other features extracted from traffic headers

Comparison of Network Intrusion Detection Performance Using Feature Representation

P. 463-475Intrusion detection is essential for the security of the components of any network. For that reason, several strategies can be used in Intrusion Detection Systems (IDS) to identify the increasing attempts to gain unauthorized access with malicious purposes including those base on machine learning. Anomaly detection has been applied successfully to numerous domains and might help to identify unknown attacks. However, there are existing issues such as high error rates or large dimensionality of data that make its deployment di cult in real-life scenarios. Representation learning allows to estimate new latent features of data in a low-dimensionality space. In this work, anomaly detection is performed using a previous feature learning stage in order to compare these methods for the detection of intrusions in network tra c. For that purpose, four di erent anomaly detection algorithms are applied to recent network datasets using two di erent feature learning methods such as principal component analysis and autoencoders. Several evaluation metrics such as accuracy, F1 score or ROC curves are used for comparing their performance. The experimental results show an improvement for two of the anomaly detection methods using autoencoder and no signi cant variations for the linear feature transformationS

Enhanced inhibition of Avian leukosis virus subgroup J replication by multi-target miRNAs

<p>Abstract</p> <p>Background</p> <p>Avian leukosis virus (ALV) is a major infectious disease that impacts the poultry industry worldwide. Despite intensive efforts, no effective vaccine has been developed against ALV because of mutations that lead to resistant forms. Therefore, there is a dire need to develop antiviral agents for the treatment of ALV infections and RNA interference (RNAi) is considered an effective antiviral strategy.</p> <p>Results</p> <p>In this study, the avian leukosis virus subgroup J (ALV-J) proviral genome, including the <it>gag </it>genes, were treated as targets for RNAi. Four pairs of miRNA sequences were designed and synthesized that targeted different regions of the <it>gag </it>gene. The screened target (i.e., the <it>gag </it>genes) was shown to effectively suppress the replication of ALV-J by 19.0-77.3%. To avoid the generation of escape variants during virus infection, expression vectors of multi-target miRNAs were constructed using the multi-target serial strategy (against different regions of the <it>gag</it>, <it>pol</it>, and <it>env </it>genes). Multi-target miRNAs were shown to play a synergistic role in the inhibition of ALV-J replication, with an inhibition efficiency of viral replication ranging from 85.0-91.2%.</p> <p>Conclusion</p> <p>The strategy of multi-target miRNAs might be an effective method for inhibiting ALV replication and the acquisition of resistant mutations.</p

A search for the decay modes B+/- to h+/- tau l

We present a search for the lepton flavor violating decay modes B+/- to h+/- tau l (h= K,pi; l= e,mu) using the BaBar data sample, which corresponds to 472 million BBbar pairs. The search uses events where one B meson is fully reconstructed in one of several hadronic final states. Using the momenta of the reconstructed B, h, and l candidates, we are able to fully determine the tau four-momentum. The resulting tau candidate mass is our main discriminant against combinatorial background. We see no evidence for B+/- to h+/- tau l decays and set a 90% confidence level upper limit on each branching fraction at the level of a few times 10^-5.Comment: 15 pages, 7 figures, submitted to Phys. Rev.

Evidence for an excess of B -> D(*) Tau Nu decays

Based on the full BaBar data sample, we report improved measurements of the ratios R(D(*)) = B(B -> D(*) Tau Nu)/B(B -> D(*) l Nu), where l is either e or mu. These ratios are sensitive to new physics contributions in the form of a charged Higgs boson. We measure R(D) = 0.440 +- 0.058 +- 0.042 and R(D*) = 0.332 +- 0.024 +- 0.018, which exceed the Standard Model expectations by 2.0 sigma and 2.7 sigma, respectively. Taken together, our results disagree with these expectations at the 3.4 sigma level. This excess cannot be explained by a charged Higgs boson in the type II two-Higgs-doublet model. We also report the observation of the decay B -> D Tau Nu, with a significance of 6.8 sigma.Comment: Expanded section on systematics, text corrections, improved the format of Figure 2 and included the effect of the change of the Tau polarization due to the charged Higg

Search for the decay modes D^0 → e^+e^-, D^0 → μ^+μ^-, and D^0 → e^±μ∓

We present searches for the rare decay modes D^0→e^+e^-, D^0→μ^+μ^-, and D^0→e^±μ^∓ in continuum e^+e^-→cc events recorded by the BABAR detector in a data sample that corresponds to an integrated luminosity of 468  fb^(-1). These decays are highly Glashow–Iliopoulos–Maiani suppressed but may be enhanced in several extensions of the standard model. Our observed event yields are consistent with the expected backgrounds. An excess is seen in the D^0→μ^+μ^- channel, although the observed yield is consistent with an upward background fluctuation at the 5% level. Using the Feldman–Cousins method, we set the following 90% confidence level intervals on the branching fractions: B(D^0→e^+e^-)<1.7×10^(-7), B(D^0→μ^+μ^-) within [0.6,8.1]×10^(-7), and B(D^0→e^±μ^∓)<3.3×10^(-7)

Observation and study of baryonic B decays: B -> D(*) p pbar, D(*) p pbar pi, and D(*) p pbar pi pi

We present a study of ten B-meson decays to a D(*), a proton-antiproton pair, and a system of up to two pions using BaBar's data set of 455x10^6 BBbar pairs. Four of the modes (B0bar -> D0 p anti-p, B0bar -> D*0 p anti-p, B0bar -> D+ p anti-p pi-, B0bar -> D*+ p anti-p pi-) are studied with improved statistics compared to previous measurements; six of the modes (B- -> D0 p anti-p pi-, B- -> D*0 p anti-p pi-, B0bar -> D0 p anti-p pi- pi+, B0bar -> D*0 p anti-p pi- pi+, B- -> D+ p anti-p pi- pi-, B- -> D*+ p anti-p pi- pi-) are first observations. The branching fractions for 3- and 5-body decays are suppressed compared to 4-body decays. Kinematic distributions for 3-body decays show non-overlapping threshold enhancements in m(p anti-p) and m(D(*)0 p) in the Dalitz plots. For 4-body decays, m(p pi-) mass projections show a narrow peak with mass and full width of (1497.4 +- 3.0 +- 0.9) MeV/c2, and (47 +- 12 +- 4) MeV/c2, respectively, where the first (second) errors are statistical (systematic). For 5-body decays, mass projections are similar to phase space expectations. All results are preliminary.Comment: 28 pages, 90 postscript figures, submitted to LP0

Study of the reaction e^{+}e^{-} -->J/psi\pi^{+}\pi^{-} via initial-state radiation at BaBar

We study the process $e^+e^-\to J/\psi\pi^{+}\pi^{-}$ with initial-state-radiation events produced at the PEP-II asymmetric-energy collider. The data were recorded with the BaBar detector at center-of-mass energies 10.58 and 10.54 GeV, and correspond to an integrated luminosity of 454 $\mathrm{fb^{-1}}$. We investigate the $J/\psi \pi^{+}\pi^{-}$ mass distribution in the region from 3.5 to 5.5 $\mathrm{GeV/c^{2}}$. Below 3.7 $\mathrm{GeV/c^{2}}$ the $\psi(2S)$ signal dominates, and above 4 $\mathrm{GeV/c^{2}}$ there is a significant peak due to the Y(4260). A fit to the data in the range 3.74 -- 5.50 $\mathrm{GeV/c^{2}}$ yields a mass value $4244 \pm 5$ (stat) $\pm 4$ (syst)$\mathrm{MeV/c^{2}}$ and a width value $114 ^{+16}_{-15}$ (stat)$\pm 7$(syst)$\mathrm{MeV}$ for this state. We do not confirm the report from the Belle collaboration of a broad structure at 4.01 $\mathrm{GeV/c^{2}}$. In addition, we investigate the $\pi^{+}\pi^{-}$ system which results from Y(4260) decay