Enhancing Enterprise Network Security: Comparing Machine-Level and Process-Level Analysis for Dynamic Malware Detection

Analysing malware is important to understand how malicious software works and to develop appropriate detection and prevention methods. Dynamic analysis can overcome evasion techniques commonly used to bypass static analysis and provide insights into malware runtime activities. Much research on dynamic analysis focused on investigating machine-level information (e.g., CPU, memory, network usage) to identify whether a machine is running malicious activities. A malicious machine does not necessarily mean all running processes on the machine are also malicious. If we can isolate the malicious process instead of isolating the whole machine, we could kill the malicious process, and the machine can keep doing its job. Another challenge dynamic malware detection research faces is that the samples are executed in one machine without any background applications running. It is unrealistic as a computer typically runs many benign (background) applications when a malware incident happens. Our experiment with machine-level data shows that the existence of background applications decreases previous state-of-the-art accuracy by about 20.12% on average. We also proposed a process-level Recurrent Neural Network (RNN)-based detection model. Our proposed model performs better than the machine-level detection model; 0.049 increase in detection rate and a false-positive rate below 0.1.Comment: Dataset link: https://github.com/bazz-066/cerberus-trac

How anxiety and incremental secondary task demands impact processing efficiency, visual search, and gait kinematics in older adults

How anxiety and incremental secondary task demands impact processing efficiency, visual search, and gait kinematics in older adult

FMDV replicons encoding green fluorescent protein are replication competent

The study of replication of viruses that require high bio-secure facilities can be accomplished with less stringent containment using non-infectious 'replicon' systems. The FMDV replicon system (pT7rep) reported by Mclnerney et al. (2000) was modified by the replacement of sequences encoding chloramphenicol acetyl-transferase (CAT) with those encoding a functional L proteinase (Lpro) linked to a bi-functional fluorescent/antibiotic resistance fusion protein (green fluorescent protein/puromycin resistance, [GFP-PAC]). Cells were transfected with replicon-derived transcript RNA and GFP fluorescence quantified. Replication of transcript RNAs was readily detected by fluorescence, whilst the signal from replication-incompetent forms of the genome was >2-fold lower. Surprisingly, a form of the replicon lacking the Lpro showed a significantly stronger fluorescence signal, but appeared with slightly delayed kinetics. Replication can, therefore, be quantified simply by live-cell imaging and image analyses, providing a rapid and facile alternative to RT-qPCR or CAT assays

Cogent: uniqueness types and certifying compilation

This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations

The motion of trees in the wind: a data synthesis

Interactions between wind and trees control energy exchanges between the atmosphere and forest canopies. This energy exchange can lead to the widespread damage of trees, and wind is a key disturbance agent in many of the world\u27s forests. However, most research on this topic has focused on conifer plantations, where risk management is economically important, rather than broadleaf forests, which dominate the forest carbon cycle. This study brings together tree motion time-series data to systematically evaluate the factors influencing tree responses to wind loading, including data from both broadleaf and coniferous trees in forests and open environments. We found that the two most descriptive features of tree motion were (a) the fundamental frequency, which is a measure of the speed at which a tree sways and is strongly related to tree height, and (b) the slope of the power spectrum, which is related to the efficiency of energy transfer from wind to trees. Intriguingly, the slope of the power spectrum was found to remain constant from medium to high wind speeds for all trees in this study. This suggests that, contrary to some predictions, damping or amplification mechanisms do not change dramatically at high wind speeds, and therefore wind damage risk is related, relatively simply, to wind speed. Conifers from forests were distinct from broadleaves in terms of their response to wind loading. Specifically, the fundamental frequency of forest conifers was related to their size according to the cantilever beam model (i.e. vertically distributed mass), whereas broadleaves were better approximated by the simple pendulum model (i.e. dominated by the crown). Forest conifers also had a steeper slope of the power spectrum. We interpret these finding as being strongly related to tree architecture; i.e. conifers generally have a simple shape due to their apical dominance, whereas broadleaves exhibit a much wider range of architectures with more dominant crowns

Forest disturbance and growth processes are reflected in the geographical distribution of large canopy gaps across the Brazilian Amazon

Canopy gaps are openings in the forest canopy resulting from branch fall and tree mortality events. The geographical distribution of large canopy gaps may reflect underlying variation in mortality and growth processes. However, a lack of data at the appropriate scale has limited our ability to study this relationship until now. We detected canopy gaps using a unique LiDAR dataset consisting of 650 transects randomly distributed across 2500 km(2) of the Brazilian Amazon. We characterized the size distribution of canopy gaps using a power law and we explore the variation in the exponent, alpha. We evaluated how the alpha varies across the Amazon, in response to disturbance by humans and natural environmental processes that influence tree mortality rates. We observed that South-eastern forests contained a higher proportion of large gaps than North-western, which is consistent with recent work showing greater tree mortality rates in the Southeast than the Northwest. Regions characterized by strong wind gust speeds, frequent lightning and greater water shortage also had a high proportion of large gaps, indicating that geographical variation in alpha is a reflection of underlying disturbance processes. Forests on fertile soils were also found to contain a high proportion of large gaps, in part because trees grow tall on these sites and create large gaps when they fall; thus, canopy gap analysis picked up differences in growth as well as mortality processes. Finally, we found that human-modified forests had a higher proportion of large gaps than intact forests, as we would expect given that these forests have been disturbed. Synthesis. The proportion of large gaps in the forest canopy varied substantially over the Brazilian Amazon. We have shown that the trends can be explained by geographical variation in disturbance and growth. The frequency of extreme weather events is predicted to increase under climate change, and changes could lead to greater forest disturbance, which should be detectable as an increased proportion of large gaps in intact forests.Peer reviewe

Cogent: uniqueness types and certifying compilation.

This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations

The Metabochip, a Custom Genotyping Array for Genetic Studies of Metabolic, Cardiovascular, and Anthropometric Traits

PMCID: PMC3410907This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited