The Guardian Node Slow DoS Detection Model for Real-Time Application in IoT Networks

The pernicious impact of malicious Slow DoS (Denial of Service) attacks on the application layer and web-based Open Systems Interconnection model services like Hypertext Transfer Protocol (HTTP) has given impetus to a range of novel detection strategies, many of which use machine learning (ML) for computationally intensive full packet capture and post-event processing. In contrast, existing detection mechanisms, such as those found in various approaches including ML, artificial intelligence, and neural networks neither facilitate real-time detection nor consider the computational overhead within resource-constrained Internet of Things (IoT) networks. Slow DoS attacks are notoriously difficult to reliably identify, as they masquerade as legitimate application layer traffic, often resembling nodes with slow or intermittent connectivity. This means they often evade detection mechanisms because they appear as genuine node activity, which increases the likelihood of mistakenly being granted access by intrusion-detection systems. The original contribution of this paper is an innovative Guardian Node (GN) Slow DoS detection model, which analyses the two key network attributes of packet length and packet delta time in real time within a live IoT network. By designing the GN to operate within a narrow window of packet length and delta time values, accurate detection of all three main Slow DoS variants is achieved, even under the stealthiest malicious attack conditions. A unique feature of the GN model is its ability to reliably discriminate Slow DoS attack traffic from both genuine and slow nodes experiencing high latency or poor connectivity. A rigorous critical evaluation has consistently validated high, real-time detection accuracies of more than 98% for the GN model across a range of demanding traffic profiles. This performance is analogous to existing ML approaches, whilst being significantly more resource efficient, with computational and storage overheads being over 96% lower than full packet capture techniques, so it represents a very attractive alternative for deployment in resource-scarce IoT environments

Packet Filtering and Sampling for Efficient Slow Denial of Service Detection in Resource Scarce IoT Networks

There has recently been considerable interest in automatic detection strategies for recognising application layer security threats such as Hypertext Transfer Protocol (HTTP) Slow Denial of-Service (Slow DoS) attacks in Internet of Things (IoT) networks. Most existing approaches however, fail to take cognisance of the substantial resource constraints imposed upon IoT environments, which limits the applicability and deployment of many Slow DoS detection mechanisms. This paper addresses this significant security threat for resource scarce IoT nodes and networks in proposing an accurate and computationally efficient approach to packet-based intrusion detection of HTTP Slow DoS activity. The paper both critically analyses and measures the impact of applying network attribute filtering and packet sampling to reduce the computational overheads on the resource constrained IoT Slow DoS detection node. The unique solution proposed uses a dataset synthesised from a live IoT environment comprising both legitimate and malicious network events in the form of legitimate HTTP traffic and Slow DoS attacks. Experimental results corroborate that combining filtering at the Border Router of only in-bound packets containing no TCP payload with a systematic packet sampling scheme at a sampling ratio of up to 1:64, the processing overheads on the detection node are significantly reduced. The novel contribution presented is a resource efficient solution, garnered by employing systematic sampling to seamlessly and accurately support selective attribute based intrusion detection of HTTP Slow DoS attacks in IoT networks

A Reliable Real-Time Slow DoS Detection Framework for Resource-Constrained IoT Networks

Slow DoS attacks have proven to pose a significant security threat to low-resource IoT devices and networks, because they can be launched by nodes which consume nominal bandwidth and have limited resource capability. This makes such malicious attacks easy to initiate, but difficult to mitigate. There also exists the recurrent likelihood of misclassifying legitimate nodes, which are incurring slow or poor network connectivity, as malicious activity. Existing intrusion detection systems (IDS) for detecting Slow DoS attacks often require the creation of large datasets for post event analysis. A functional disadvantage of this dataset-driven approach is the sheer volume of data required, due to the high number of network attributes and events collated, which precludes an in-line, real-time IDS detection solution for live IoT networks. This paper presents an innovative IDS detection framework for resource constrained IoT networks. Using a set of only four attributes, a two-step analysis of live IoT network events enables Slow DoS attacks, in the form of Slowloris, to be both efficiently and reliably detected in real-time. In addition, this lightweight IDS framework can accurately distinguish between malicious and genuine nodes encountering slow or intermittent network connections

A Novel Role for ATM in Regulating Proteasome-Mediated Protein Degradation through Suppression of the ISG15 Conjugation Pathway

Ataxia Telangiectasia (A-T) is an inherited immunodeficiency disorder wherein mutation of the ATM kinase is responsible for the A-T pathogenesis. Although the precise role of ATM in A-T pathogenesis is still unclear, its function in responding to DNA damage has been well established. Here we demonstrate that in addition to its role in DNA repair, ATM also regulates proteasome-mediated protein turnover through suppression of the ISG15 pathway. This conclusion is based on three major pieces of evidence: First, we demonstrate that proteasome-mediated protein degradation is impaired in A-T cells. Second, we show that the reduced protein turnover is causally linked to the elevated expression of the ubiquitin-like protein ISG15 in A-T cells. Third, we show that expression of the ISG15 is elevated in A-T cells derived from various A-T patients, as well as in brain tissues derived from the ATM knockout mice and A-T patients, suggesting that ATM negatively regulates the ISG15 pathway. Our current findings suggest for the first time that proteasome-mediated protein degradation is impaired in A-T cells due to elevated expression of the ISG15 conjugation pathway, which could contribute to progressive neurodegeneration in A-T patients

Exploratory trial of a school-based alcohol prevention intervention with a family component: Implications for implementation

Purpose – Involvement of parents/carers may increase effectiveness of primary school-based alcohol-misuse prevention projects through strengthening family-based protective factors, but rates of parental engagement are typically low. This paper reports findings from an exploratory trial of a school-based prevention intervention – Kids, Adults Together (KAT), based on the Social Development Model, which aimed to promote pro-social family communication in order to prevent alcohol misuse, and incorporated strategies to engage parents/carers. The purpose of this paper is to assess the feasibility and value of conducting an effectiveness trial of KAT. Design/methodology/approach – The study was a parallel-group cluster randomised exploratory trial with an embedded process evaluation. The study took place in south Wales, UK, and involved nine primary schools, 367 pupils in Years 5/6 (aged 9-11 years) and their parents/carers and teachers. Questionnaires were completed by pupils at baseline and four month follow-up, and by parents at six month follow-up. Findings – Overall KAT was delivered with good fidelity, but two of five intervention schools withdrew from the study without completing implementation. In total, 50 per cent of eligible parents participated in the intervention, and KAT had good acceptability among pupils, parents and teachers. However, a number of “progression to effectiveness trial” criteria were not met. Intermediate outcomes on family communication (hypothesised to prevent alcohol misuse) showed insufficient evidence of an intervention effect. Difficulties were encountered in identifying age appropriate outcome measures for primary school-age children, particularly in relation to family communication processes. The study was unable to find comprehensive methodological guidance on exploratory trials. Research limitations/implications – It would not be appropriate to conduct an effectiveness trial as key progression criteria relating to intervention and trial feasibility were not met. There is a need for new measures of family communication which are suitable for primary school-age children, and more guidance on the design and conduct of exploratory/feasibility trials. Originality/value – KAT achieved high rates of parental involvement, and its theoretical framework and processes could be adapted by other interventions which experience difficulties with recruitment of parents/carers

Hazard Testing To Reduce Risk in the Development of Automated Planning Tools

PURPOSE: Hazard scenarios were created to assess and reduce the risk of planning errors in automated planning processes. This was accomplished through iterative testing and improvement of examined user interfaces. METHODS: Automated planning requires three user inputs: a computed tomography (CT), a prescription document, known as the service request, and contours. We investigated the ability of users to catch errors that were intentionally introduced into each of these three stages, according to an FMEA analysis. Five radiation therapists each reviewed 15 patient CTs, containing three errors: inappropriate field of view, incorrect superior border, and incorrect identification of isocenter. Four radiation oncology residents reviewed 10 service requests, containing two errors: incorrect prescription and treatment site. Four physicists reviewed 10 contour sets, containing two errors: missing contour slices and inaccurate target contour. Reviewers underwent video training prior to reviewing and providing feedback for various mock plans. RESULTS: Initially, 75% of hazard scenarios were detected in the service request approval. The visual display of prescription information was then updated to improve the detectability of errors based on user feedback. The change was then validated with five new radiation oncology residents who detected 100% of errors present. 83% of the hazard scenarios were detected in the CT approval portion of the workflow. For the contour approval portion of the workflow none of the errors were detected by physicists, indicating this step will not be used for quality assurance of contours. To mitigate the risk from errors that could occur at this step, radiation oncologists must perform a thorough review of contour quality prior to final plan approval. CONCLUSIONS: Hazard testing was used to pinpoint the weaknesses of an automated planning tool and as a result, subsequent improvements were made. This study identified that not all workflow steps should be used for quality assurance and demonstrated the importance of performing hazard testing to identify points of risk in automated planning tools

Search algorithms as a framework for the optimization of drug combinations

Combination therapies are often needed for effective clinical outcomes in the management of complex diseases, but presently they are generally based on empirical clinical experience. Here we suggest a novel application of search algorithms, originally developed for digital communication, modified to optimize combinations of therapeutic interventions. In biological experiments measuring the restoration of the decline with age in heart function and exercise capacity in Drosophila melanogaster, we found that search algorithms correctly identified optimal combinations of four drugs with only one third of the tests performed in a fully factorial search. In experiments identifying combinations of three doses of up to six drugs for selective killing of human cancer cells, search algorithms resulted in a highly significant enrichment of selective combinations compared with random searches. In simulations using a network model of cell death, we found that the search algorithms identified the optimal combinations of 6-9 interventions in 80-90% of tests, compared with 15-30% for an equivalent random search. These findings suggest that modified search algorithms from information theory have the potential to enhance the discovery of novel therapeutic drug combinations. This report also helps to frame a biomedical problem that will benefit from an interdisciplinary effort and suggests a general strategy for its solution.Comment: 36 pages, 10 figures, revised versio