Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware

This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we will present new detection methods which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows’ memory content using a new method of Shannon Entropy calculation; methods of digital photogrammetry; the Zipf–Mandelbrot law, as well as by disassembling the memory content and analyzing the output. Finally, we present an idea and architecture of the software tool, which uses CUDA-enabled GPU hardware, to speed-up memory forensics. All three ideas are currently a work in progress. Keywords: rootkit detection, anti-forensics, memory analysis, scattered fragments, anticipatory enhancement, CUDA

Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware

This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we present new detection methods, which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows memory content using a new method of Shannon Entropy calculation; methods of digital photogrammetry; the Zipf Mandelbrot law, as well as by disassembling the memory content and analyzing the output. Finally, we present an idea and architecture of the software tool, which uses CUDA enabled GPU hardware to speed-up memory forensics. All three ideas are currently a work in progress

Gas transfer through clay barriers

Gas transport through clay-rocks can occur by different processes that can be basically subdivided into pressure-driven flow of a bulk gas phase and transport of dissolved gas either by molecular diffusion or advective water flow (Figure 1, Marschall et al., 2005). The relative importance of these transport mechanisms depends on the boundary conditions and the scale of the system. Pressure-driven volume flow (“Darcy flow”) of gas is the most efficient transport mechanism. It requires, however, pressure gradients that are sufficiently large to overcome capillary forces in the typically water-saturated rocks (purely gas-saturated argillaceous rocks are not considered in the present context). These pressure gradients may form as a consequence of the gravity field (buoyancy, compaction) or by gas generation processes (thermogenic, microbial, radiolytic). Dissolved gas may be transported by water flow along a hydraulic gradient. This process is not affected by capillary forces but constrained by the solubility of the gas. It has much lower transport efficiency than bulk gas phase flow. Molecular diffusion of dissolved gas, finally, is occurring essentially without constraints, ubiquitously and perpetually. Effective diffusion distances are, however, proportional to the square root of time, which limits the relevance of this transport process to the range of tens to hundreds of metres on a geological time scale (millions of years). 2 Process understanding and the quantification of the controlling parameters, like diffusion coefficients, capillary gas breakthrough pressures and effective gas permeability coefficients, is of great importance for up-scaling purposes in different research disciplines and applications. During the past decades, gas migration through fully water-saturated geological clay-rich barriers has been investigated extensively (Thomas et al., 1968, Pusch and Forsberg, 1983; Horseman et al., 1999; Galle, 2000; Hildenbrand et al., 2002; Marschall et al., 2005; Davy et al., 2009; Harrington et al., 2009, 2012a, 2014). All of these studies aimed at the analysis of experimental data determined for different materials (rocks of different lithotype, composition, compaction state) and pressure/temperature conditions. The clay-rocks investigated in these studies, ranged from unconsolidated to indurated clays and shales, all characterised by small pores (2-100 nm) and very low hydraulic conductivity (K < 10-12 m·s-1) or permeability coefficients (k < 10-19 m²). Studies concerning radioactive waste disposal include investigations of both the natural host rock formation and synthetic/engineered backfill material at a depth of a few hundred meters (IAEA, 2003, 2009). Within a geological disposal facility, hydrogen is generated by anaerobic corrosion of metals and through radiolysis of water (Rodwell et al., 1999; Yu and Weetjens, 2009). Additionally, methane and carbon dioxide are generated by microbial degradation of organic wastes (Rodwell et al., 1999; Ortiz et al., 2002; Johnson, 2006; Yu and Weetjens, 2009). The focus of carbon capture and storage (CCS) studies is on the analysis of the long-term sealing efficiency of lithologies above depleted reservoirs or saline aquifers, typically at larger depths (hundreds to thousands of meters). During the last decade, several studies were published on the sealing integrity of clay-rocks to carbon dioxide (Hildenbrand et al., 2004; Li et al., 2005; Hangx et al., 2009; Harrington et al., 2009; Skurtveit et al., 2012; Amann-Hildenbrand et al., 2013). In the context of petroleum system analysis, a significant volume of research has been undertaken regarding gas/oil expulsion mechanisms from sources rocks during burial history (Tissot & Pellet, 1971; Appold & Nunn, 2002), secondary migration (Luo et al., 2008) and the capillary sealing capacity of caprocks overlying natural gas accumulations (Berg, 1975; Schowalter, 1979; Krooss, 1992; Schlömer and Kross, 2004; Li et al., 2005; Berne et al., 2010). Recently, more attention has been paid to investigations of the transport efficiency of shales in the context of oil/gas shale production (Bustin et al., 2008; Eseme et al., 2012; Amann-Hildenbrand et al., 2012; Ghanizadeh et al., 2013, 2014). Analysis of the migration mechanisms within partly unlithified strata becomes important when explaining the 3 origin of overpressure zones, sub-seafloor gas domes and gas seepages (Hovland & Judd, 1988; Boudreau, 2012). The conduction of experiments and data evaluation/interpretation requires a profound process understanding and a high level of experience. The acquisition and preparation of adequate samples for laboratory experiments usually constitutes a major challenge and may have serious impact on the representativeness of the experimental results. Information on the success/failure rate of the sample preparation procedure should therefore be provided. Sample specimens “surviving” this procedure are subjected to various experimental protocols to derive information on their gas transport properties. The present overview first presents the theoretical background of gas diffusion and advective flow, each followed by a literature review (sections 2 and 3). Different experimental methods are described in sections 4.1 and 4.2. Details are provided on selected experiments performed at the Belgian Nuclear Research Centre (SCK-CEN, Belgium), Ecole Centrale de Lille (France), British Geological Survey (UK), and at RWTH-Aachen University (Germany) (section 4.3). Experimental data are discussed with respect to different petrophysical parameters outlined above: i) gas diffusion, ii) evolution of gas breakthrough, iii) dilation-controlled flow, and iv) effective gas permeability after breakthrough. These experiments were conducted under different pressure and temperature conditions, depending on sample type, burial depth and research focus (e.g. radioactive waste disposal, natural gas exploration, or carbon dioxide storage). The interpretation of the experimental results can be difficult and sometimes a clear discrimination between different mechanisms (and the controlling parameters) is not possible. This holds, for instance, for gas breakthrough experiments where the observed transport can be interpreted as intermittent, continuous, capillary- or dilation-controlled flow. Also, low gas flow rates through samples on the length-scale of centimetres can be equally explained by effective two-phase flow or diffusion of dissolved gas

Tra Mentorella e Parigi. La visione artistica di Padre Leon Zbyszewski (1832-1907) nella Chiesa Resurrezionista di Cracovia

W tekście omówiono architekturę i wyposażenie kościoła Zmartwychwstańców w Krakowie, który został zbudowany w latach 1886-1887 przy krakowskim domu zgromadzenia, ufundowanym w 1885 roku. Była to druga świątynia zmartwychwstańców na ziemiach polskich, po kościele we Lwowie. Fundamentalny wpływ na świątynię miała artystyczna wizja o. Leona Zbyszewskiego (1832-1907) CR. Przy pomocy o. Władysława Orpiszewskiego opracował artystyczną wizję kościoła, w której odwołał się do wzorów antycznych i wczesnośredniowiecznych, a także współczesnej neostylowej świątyni Saint Pierre de Montrouge w Paryżu (1863-1872), wzniesionej według projektu Émile’a Vaudremera. Leon Zbyszewski, współpracujący z krakowskim architektem i budowniczym Wandalinem Beringerem, opracował całościowy artystyczno-ideowy program wyposażenia i dekoracji kościoła, który obejmował zarówno otwartą więźbę dachową, dekorację malarsko-rzeźbiarską, projekt przegrody ołtarzowej, ołtarzy, chóru muzycznego, ambony, a nawet ławek i konfesjonałów. W wyniku syntezy artystycznych doświadczeń o. Zbyszewskiego powstała unikatowa, choć skromna, świątynia, w udany sposób łącząca wzory sztuki antycznej i średniowiecznej, o programie ideowym, który wpisywał się w charyzmat zgromadzenia.  L’articolo è uno studio dell’architettura e delle attrezzature della Chiesa Resurrezionista di Cracovia, che fu costruita tra il 1886 e il 1887 dalla filiale di Cracovia della congregazione, fondata nel 1885. Si trattò del secondo tempio risurrezionalista in territorio polacco, dopo la chiesa di Lviv. La visione artistica di Padre Leon Zbyszewski (1832-1907) CR ebbe un impatto fondamentale sul santuario. Con l‘aiuto di Padre W. Orpiszewski, Zbyszewski sviluppò una visione artistica per la chiesa, dove si rifece a modelli antichi e altomedievali, così come al tempio moderno in stile neostile di Saint Pierre de Montrouge a Parigi (1863-1872), costruito su progetto di Émile Vaudremer. Leon Zbyszewski, collaborando con l‘architetto e costruttore di Cracovia Wandalin Beringer, preparò un programma artistico e ideologico completo per l‘arredamento e la decorazione della chiesa, che comprese sia la capriata del tetto a vista, sia le decorazioni pittoriche e scultoree, il design della parete dell‘altare, gli altari stessi, il coro, il pulpito e persino i banchi ed i confessionali. La sintesi dell‘esperienza artistica di Padre Zbyszewski ha prodotto un tempio unico, ma modesto, che combina con successo i modelli dell‘arte antica e medievale, con un programma ideologico coerente con il carisma della congregazione.The paper is a study of the architecture and equipment of the Resurrectionist Church in Cracow, which was built between 1886 and 1887 by the Cracow house of the congregation, founded in 1885. It was the second Resurrectionist temple on Polish territory, after the Lviv church. The artistic vision of Father Leon Zbyszewski (1832-1907) CR had a fundamental impact on the temple. With the help of Father W. Orpiszewski, Zbyszewski developed an artistic vision for the church, where he referred to ancient and early medieval models, as well as the modern neostyle temple of Saint Pierre de Montrouge in Paris (1863-1872), built after a design by Émile Vaudremer. Leon Zbyszewski, collaborating with the Cracow architect and builder Wandalin Beringer, prepared a comprehensive artistic and ideological program for the church’s furnishings and decoration, including both the exposed roof truss, painting and sculpture decorations, the design of the altar partition, altars, music choir, pulpit and even pews and confessionals. The synthesis of Father Zbyszewski’s artistic experience produced a unique, yet modest, temple that successfully combined the patterns of ancient and medieval art, with an ideological program that was consistent with the congregation’s charism