65 research outputs found
Detecting DNS Threats: A Deep Learning Model to Rule Them All
Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing system administrator restrictions. A common detection approach is based on training different models detecting DGA and Tunneling capable of performing a lexicographic discrimination of the domain names. However, since both DGA and Tunneling showed domain names with observable lexicographical differences with normal domains, it is reasonable to apply the same detection approach to both threats. In the present work, we propose a multi-class convolutional network (MC-CNN) capable of detecting both DNS threats. The resulting MC-CNN is able to detect correctly 99% of normal domains, 97% of DGA and 92% of Tunneling, with a False Positive Rate of 2.8%, 0.7% and 0.0015% respectively and the advantage of having 44% fewer trainable parameters than similar models applied to DNS threats detection.Sociedad Argentina de Informática e Investigación Operativ
Detecting DNS Threats: A Deep Learning Model to Rule Them All
Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing system administrator restrictions. A common detection approach is based on training different models detecting DGA and Tunneling capable of performing a lexicographic discrimination of the domain names. However, since both DGA and Tunneling showed domain names with observable lexicographical differences with normal domains, it is reasonable to apply the same detection approach to both threats. In the present work, we propose a multi-class convolutional network (MC-CNN) capable of detecting both DNS threats. The resulting MC-CNN is able to detect correctly 99% of normal domains, 97% of DGA and 92% of Tunneling, with a False Positive Rate of 2.8%, 0.7% and 0.0015% respectively and the advantage of having 44% fewer trainable parameters than similar models applied to DNS threats detection.Sociedad Argentina de Informática e Investigación Operativ
Detecting DNS Threats: A Deep Learning Model to Rule Them All
Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing system administrator restrictions. A common detection approach is based on training different models detecting DGA and Tunneling capable of performing a lexicographic discrimination of the domain names. However, since both DGA and Tunneling showed domain names with observable lexicographical differences with normal domains, it is reasonable to apply the same detection approach to both threats. In the present work, we propose a multi-class convolutional network (MC-CNN) capable of detecting both DNS threats. The resulting MC-CNN is able to detect correctly 99% of normal domains, 97% of DGA and 92% of Tunneling, with a False Positive Rate of 2.8%, 0.7% and 0.0015% respectively and the advantage of having 44% fewer trainable parameters than similar models applied to DNS threats detection.Sociedad Argentina de Informática e Investigación Operativ
Detección de patrones de comportamiento en la red a través del análisis de secuencias
Los enfoques de detección por comportamiento en el tráfico de red se basan en encontrar patrones comunes que sigue un ataque a lo largo de su ciclo de vida, tratando de generalizarlos para poder detectar una traza de ataque no vista con anterioridad. Un enfoque común consiste en la generación de secuencias basadas en caracteres para representar comportamientos maliciosos, y luego aplicar modelos como Cadenas de Markov para generalizar a otros comportamientos similares. Sin embargo, estos últimos presentan limitaciones para explorar más allá del estado anterior. En el presente trabajo se analizan las ventajas y limitaciones de tres arquitecturas de redes neuronales para detectar comportamientos maliciosos capaces de recordar patrones vistos mucho tiempo atrás. Para esto se realizó una evaluación sobre un conjunto de datos específicamente diseñado que incluye comportamientos maliciosos y normales de diversas fuentes. Los resultados preliminares indican que, a pesar de su simplicidad, la aplicación de cualquiera de las arquitecturas de red es un enfoque válido para detectar comportamientos de red maliciosos, lo cual es prometedor para su aplicación a problemas de etiquetado de tráfico de red en el contexto de un flujo de trabajo con interacción humana.Workshop: WSI - Seguridad InformáticaRed de Universidades con Carreras en Informátic
Aplicación de redes neuronales profundas para la detección automática de nombres de dominio generados de manera algorítmica
En el contexto de la seguridad de redes de datos, un nombre de dominio generado de manera algorítmica (DGA, de sus siglas en inglés) es utilizado por el software malicioso (malware) para generar de manera dinámica un gran número de nombres de dominios de manera pseudo aleatoria, y luego utilizar un subconjunto de estos como parte del canal de Comando y Control (C&C). Dada la simplicidad y rapidez con la que los nuevos dominios son generados, las estrategias basadas en listas de dominios estáticas resultan inefectivas. Es por ello que resulta importante el desarrollo técnicas de detección automática que permitan encontrar los patrones comunes en los dominios generados. El presente proyecto propone el desarrollo de algoritmos de detección de DGA mediante la utilización de algoritmos de aprendizaje de máquinas en general y las redes neuronales profundas en particular. Se espera que la aplicación de redes neuronales profundas para el aprendizaje de los patrones comunes a los DGA permita desarrollar herramientas de detección no solo con una baja tasa de falsos positivos sino también con la capacidad de operar en tiempo real. Esto último resulta fundamental para lidiar con las amenazas de seguridad de hoy.Eje: Seguridad informática.Red de Universidades con Carreras en Informátic
Millimeter and submillimeter high angular resolution interferometric observations: dust in the heart of IRAS 18162-2048
The GGD27 complex includes the HH 80-81-80N system, which is one of the most
powerful molecular outflows associated with a high mass star-forming region
observed up to now. This outflow is powered by the star associated with the
source IRAS 18162-2048. Here we report the detection of continuum emission at
sub-arcsec/arcsec resolution with the Submillimeter Array at 1.36mm and
456microns, respectively. We detected dust emission arising from two compact
cores, MM1 and MM2, separated by about 7" (~12000AU in projected distance). MM1
spatially coincides with the powerful thermal radio continuum jet that powers
the very extended molecular outflow, while MM2 is associated with the protostar
that drives the compact molecular outflow recently found in this region.
High angular resolution obervations at 1.36mm show that MM1 is unresolved and
that MM2 splits into two subcomponents separated by ~1". The mass of MM1 is
about 4Msun and it has a size of <300AU. This is consistent with MM1 being
associated with a massive and dense (n(H2)>10^9cm-3) circumstellar dusty disk
surrounding a high-mass protostar, which has not developed yet a compact HII
region. On the other hand, the masses of the two separate components of MM2 are
about 2Msun each. One of these components is a compact core with an
intermediate-mass young protostar inside and the other component is probably a
pre-stellar core.
MM1 is the brigthest source at 1.36mm, while MM2 dominates the emission at
456microns. These are the only (sub)millimeter sources detected in the SMA
observations. Hence, it seems that both sources may contribute significantly to
the bolometric luminosity of the region. Finally, we argue that the
characteristics of these two sources indicate that MM2 is probably in an
earlier evolutionary stage than MM1.Comment: Accepted in AJ (Oct 31, 2010
Unveiling a Network of Parallel Filaments in the Infrared Dark Cloud G14.225–0.506
We present the results of combined NH_3 (1,1) and (2,2) line emission observed with the Very Large Array and the Effelsberg 100 m telescope of the infrared dark cloud G14.225–0.506. The NH3 emission reveals a network of filaments constituting two hub-filament systems. Hubs are associated with gas of rotational temperature T_(rot) ~ 15 K, non-thermal velocity dispersion σ_(NT) ~ 1 km s^(–1), and exhibit signs of star formation, while filaments appear to be more quiescent (T_(rot) ~ 11 K and σ_(NT) ~ 0.6 km s^(–1)). Filaments are parallel in projection and distributed mainly along two directions, at P.A. ~ 10° and 60°, and appear to be coherent in velocity. The averaged projected separation between adjacent filaments is between 0.5 pc and 1 pc, and the mean width of filaments is 0.12 pc. Cores within filaments are separated by ~0.33 ± 0.09 pc, which is consistent with the predicted fragmentation of an isothermal gas cylinder due to the "sausage"-type instability. The network of parallel filaments observed in G14.225–0.506 is consistent with the gravitational instability of a thin gas layer threaded by magnetic fields. Overall, our data suggest that magnetic fields might play an important role in the alignment of filaments, and polarization measurements in the entire cloud would lend further support to this scenario
Aplicación de redes neuronales profundas para la detección automática de nombres de dominio generados de manera algorítmica
En el contexto de la seguridad de redes de datos, un nombre de dominio generado de manera algorítmica (DGA, de sus siglas en inglés) es utilizado por el software malicioso (malware) para generar de manera dinámica un gran número de nombres de dominios de manera pseudo aleatoria, y luego utilizar un subconjunto de estos como parte del canal de Comando y Control (C&C). El presente proyecto se enfoca en el desarrollo de algoritmos de detección de DGA mediante la utilización de algoritmos de aprendizaje de máquinas en general y las redes neuronales profundas en particular. Durante el último periodo del proyecto, se ha puesto especial énfasis en la puesta a punto de los modelos obtenidos con vista a su despliegue en ambientes de producción. En particular lo referido a la evaluación de los distintos aspectos necesarios para la estimación del error de generalización, más allá de la división aleatoria entre conjuntos de entrenamiento y prueba.Eje: Seguridad informática.Red de Universidades con Carreras en Informátic
The challenge of preparing teams for the European robotics league: Emergency
© 2017, Society for Imaging Science and Technology. ERL Emergency is an outdoor multi-domain robotic competition inspired by the 2011 Fukushima accident. The ERL Emergency Challenge requires teams of land, underwater and flying robots to work together to survey the scene, collect environmental data, and identify critical hazards. To prepare teams for this multidisciplinary task a series of summer schools and workshops have been arranged. In this paper the challenges and hands-on results of bringing students and researchers collaborating successfully in unknown environments and in new research areas are explained. As a case study results from the euRathlon/SHERPA workshop 2015 in Oulu are given
- …