Modeling User Search Behavior for Masquerade Detection

Masquerade attacks are a common security problem that is a consequence of identity theft. This paper extends prior work by modeling user search behavior to detect deviations indicating a masquerade attack. We hypothesize that each individual user knows their own file system well enough to search in a limited, targeted and unique fashion in order to find information germane to their current task. Masqueraders, on the other hand, will likely not know the file system and layout of another user's desktop, and would likely search more extensively and broadly in a manner that is different than the victim user being impersonated. We identify actions linked to search and information access activities, and use them to build user models. The experimental results show that modeling search behavior reliably detects all masqueraders with a very low false positive rate of 1.1%, far better than prior published results. The limited set of features used for search behavior modeling also results in large performance gains over the same modeling techniques that use larger sets of features

Convalescent plasma in patients admitted to hospital with COVID-19 (RECOVERY): a randomised controlled, open-label, platform trial

Background: Many patients with COVID-19 have been treated with plasma containing anti-SARS-CoV-2 antibodies. We aimed to evaluate the safety and efficacy of convalescent plasma therapy in patients admitted to hospital with COVID-19. Methods: This randomised, controlled, open-label, platform trial (Randomised Evaluation of COVID-19 Therapy [RECOVERY]) is assessing several possible treatments in patients hospitalised with COVID-19 in the UK. The trial is underway at 177 NHS hospitals from across the UK. Eligible and consenting patients were randomly assigned (1:1) to receive either usual care alone (usual care group) or usual care plus high-titre convalescent plasma (convalescent plasma group). The primary outcome was 28-day mortality, analysed on an intention-to-treat basis. The trial is registered with ISRCTN, 50189673, and ClinicalTrials.gov, NCT04381936. Findings: Between May 28, 2020, and Jan 15, 2021, 11558 (71%) of 16287 patients enrolled in RECOVERY were eligible to receive convalescent plasma and were assigned to either the convalescent plasma group or the usual care group. There was no significant difference in 28-day mortality between the two groups: 1399 (24%) of 5795 patients in the convalescent plasma group and 1408 (24%) of 5763 patients in the usual care group died within 28 days (rate ratio 1·00, 95% CI 0·93–1·07; p=0·95). The 28-day mortality rate ratio was similar in all prespecified subgroups of patients, including in those patients without detectable SARS-CoV-2 antibodies at randomisation. Allocation to convalescent plasma had no significant effect on the proportion of patients discharged from hospital within 28 days (3832 [66%] patients in the convalescent plasma group vs 3822 [66%] patients in the usual care group; rate ratio 0·99, 95% CI 0·94–1·03; p=0·57). Among those not on invasive mechanical ventilation at randomisation, there was no significant difference in the proportion of patients meeting the composite endpoint of progression to invasive mechanical ventilation or death (1568 [29%] of 5493 patients in the convalescent plasma group vs 1568 [29%] of 5448 patients in the usual care group; rate ratio 0·99, 95% CI 0·93–1·05; p=0·79). Interpretation: In patients hospitalised with COVID-19, high-titre convalescent plasma did not improve survival or other prespecified clinical outcomes. Funding: UK Research and Innovation (Medical Research Council) and National Institute of Health Research

Association between blood pressure and DNA methylation of retrotransposons and pro-inflammatory genes

Background Methylation of deoxyribonucleic acid (DNA) is an epigenetic regulator of gene expression that changes with age, but its contribution to aging-related disorders, including high blood pressure (BP), is still largely unknown. We examined the relation of BP to the methylation of retrotransposon sequences of DNA and of selected candidate genes. Methods This investigation included 789 elderly participants in the Normative Aging Study, ranging in age from 55 to 100 years, who had longitudinal measurements of DNA methylation. In these subjects DNA we measured the proportion of methylated sites in retrotransposable sequences and in pro-inflammatory genes, expressed as the percent of 5-methylated cytosines (5mC) among all cytosines. From one to four methylation measurements were made for each subject between 1999 and 2009. We fit mixed-effects models, using repeated measures of BP as the outcome and DNA methylation as the explanatory variable, adjusting for confounding variables. We also fit a Bayesian mixed-effects structural equation model to account for heterogeneity in the effects of methylation sites within each gene. Results An increase in inter-quartile range (IQR) in the methylation of Alu elements was associated with an increase of 0.97 mm Hg in diastolic blood pressure (DBP) (95 CI 0.32-1.57), but no such association was observed for long interspersed nuclear element-1 (LINE-1). We also found positive associations between DBP and methylation of the genes for toll-like receptor 2 (TLR2) and inducible nitric oxide synthase (iNOS), and a negative association between DBP and methylation of the gene for interferon-\u3b3 (IFN-\u3b3). Associations between methylation and systolic blood pressure (SBP) were weaker than those between methylation and DBP. Bayesian mixed-effects structural equation model results were similar for both DBP and SBP models. Conclusions The results of our study suggest that changes in DNA methylation of some pro-inflammatory genes and retrotransposable elements are related to small changes in BP. Published by Oxford University Press on behalf of the International Epidemiological Associatio

Creating User Profiles from a Command-Line Interface: A Statistical Approach

Proceeding of: 17th International Conference on User Modeling, Adaptation, and Personalization (UMAP), Trento, Italy, June 22-26 2009.Knowledge about computer users is very beneficial for assisting them, predicting their future actions or detecting masqueraders. In this paper, an approach for creating and recognizing automatically the behavior profile of a user from the commands (s)he types in a commandline interface, is presented. Specifically, in this research, a computer user behavior is represented as a sequence of UNIX commands. This sequence is transformed into a distribution of relevant subsequences in order to find out a profile that defines its behavior. Then, statistical methods are used for recognizing a user from the commands (s)he types. The experiment results, using 2 different sources of UNIX command data, show that a system based on our approach can efficiently recognize a UNIX user. In addition, a comparison with a HMM-base method is done. Because a user profile usually changes constantly, we also propose a method to keep up to date the created profiles using an age-based mechanism.Publicad

Website Detection Using Remote Traffic Analysis

Abstract. Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers. To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.