Real-time Analysis of NetFlow Data for Generating Network Traffic Statistics using Apache Spark

Abstract—In this paper, we present a framework for the realtime generation of network traffic statistics on Apache Spark Streaming, a modern distributed stream processing system. Our previous results showed that stream processing systems provide enough throughput to process a large volume of NetFlow data and hence they are suitable for network traffic monitoring. This paper describes the integration of Apache Spark Streaming into a current network monitoring architecture. We prove that it is possible to implement the same basic methods for NetFlow data analysis in the stream processing framework as in the traditional ones. Moreover, our stream processing implementation discovers new information which is not available when using traditional network monitoring approaches

Current Issues of Malicious Domains Blocking

Cyberattackers often use the Domain Name System (DNS) in their activities. Botnet C&C servers and phishing websites both use DNS to facilitate connection to or from its victims, while the protocol does not contain any security countermeasures to thwart such behavior. In this paper, we examine capabilities of a DNS firewall that would be able to filter access from the protected network to known malicious domains on the outside network. Considering the needs of Computer Security Incident Response Teams (CSIRTs), we formulated functional requirements that a DNS firewall should fulfill to fit the role of a cybersecurity tool. Starting from these requirements, we developed a DNS firewall based on the DNS Response Policy Zones technology, the only suitable open source technology available yet. However, we encountered several essential limitations in the DNS RPZ technology during the testing period. Still, our testing results show that simple DNS firewall can prevent attacks not detected by other cybersecurity tools. We discuss the limitations and propose possible solutions so that the DNS firewall might be used as a more complex cybersecurity tool in the future. Lessons learned from the deployment show that while the DNS firewall can indeed be used to block access to malicious domains, it cannot yet satisfy all the requirements of cybersecurity teams

Higgs boson hadronic branching ratios at the ILC

We present a study of the Higgs boson decay branching ratios to $b\bar{b}$, $c\bar{c}$ and gluons, one of the cornerstones of the physics program at the International Linear Collider (ILC). A standard model Higgs boson of 120\,GeV mass, produced in the Higgs-strahlung process at $\sqrt{s} = 250$\,GeV was investigated using the full detector simulation and reconstruction procedures. The analysis was performed in the framework of the Silicon Detector (SiD) concept with full account of inclusive standard model backgrounds. The selected decay modes contained two heavy flavour jets in the final state and required excellent flavour tagging through precise reconstruction of interaction and decay vertices in the detector. A new signal discrimination technique using correlations of neural network outputs was used to determine the branching ratios and estimate their uncertainties, 4.8\%, 8.4\% and 12.2\% for $b\bar{b}$, $c\bar{c}$ and gluons respectively.Comment: 9 Pages, 5 figures and 5 table

Real-time Pattern Detection in IP Flow Data using Apache Spark

Detection of network attacks is a challenging task, especially concerning detection coverage and timeliness. The defenders need to be able to detect advanced types of attacks and minimize the time gap between the attack detection and its mitigation. To meet these requirements, we present a stream-based IP flow data processing application for real-time attack detection using similarity search techniques. Our approach extends capabilities of traditional detection systems and allows to detect not only anomalies and attacks that match exactly to predefined patterns but also their variations. The approach is demonstrated on detection of SSH authentication attacks. We describe a process of patterns definition and illustrate their usage in a real-world deployment. We show that our approach provides sufficient performance of IP flow data processing for real-time detection while maintaining versatility and ability to detect network attacks that have not been recognized by traditional approaches

Passive OS Fingerprinting Methods in the Jungle of Wireless Networks

Operating system fingerprinting methods are well-known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high identification rate but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains and its performance is comparable to the two established ones. After that, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future

Prospects for the Measurement of the Higgs Yukawa Couplings to b and c quarks, and muons at CLIC

The investigation of the properties of the Higgs boson, especially a test of the predicted linear dependence of the branching ratios on the mass of the final state is going to be an integral part of the physics program at colliders at the energy frontier for the foreseeable future. The large Higgs boson production cross section at a 3TeV CLIC machine allows for a precision measurement of the Higgs branching ratios. The cross section times branching ratio of the decays H->bb, H->cc and H->{\mu}{\mu} of a Standard Model Higgs boson with a mass of 120 GeV can be measured with a statistical uncertainty of 0.23%, 3.1% and 15%, respectively, assuming an integrated luminosity of 2 ab-1.Comment: 6 pages, 4 figure

SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization

Stanovení rozvětvených mastných kyselin v plazmě u onemocnění diabetes mellitus 2

Insulin resistance in type 2 diabetic patients reduces activation of PPAR, which may lead to accumulation of branched chain fatty acids as well as saturated fatty acids. Natural sources of these fatty acids are dairy products. The aim of our study was to verify whether the accumulation of branched chain fatty acids takes place in type 2 diabetes and in positive case to specify the corresponding lipid fraction. 23 anonymized plasma samples of type 2 diabetic patients, which were subsequently divided by glycosidic haemoglobin levels into groups of 11 compensated and 12 decompensated; and plasma of 10 healthy blood donors were processed. At first the samples were divided into particular lipid classes using the thin layer chromatography. Then we set the content of individual fatty acids in all lipid classes using the gas chromatography. Results were calculated with statistical application SigmaStat 3.5. The most abundant branched chain fatty acid is 14-methylhexadecanoic acid. Statistically significant increase of this acid was found both in compensated diabetics (p≤0.001) and in the decompensated ones (p≤0.001) in comparison with controls. The 14-methylhexadecanoic acid was found in diacylglycerol fraction as well as in the free fatty acid fraction in compensated (p=0.008) and decompensated (p=0.007) diabetics. Increase of the content of branched chain fatty acids in diabetic patients was proved. Accumulation of branched chain fatty acids in diabetics raises a question on the precise influence of these fatty acids on the human organism.Inzulínová rezistence u pacientů s diabetem 2. typu snižuje aktivaci PPAR, což může vést k akumulaci rozvětvených mastných kyselin, jakož i nasycených mastných kyselin. Přírodní zdroje těchto mastných kyselin jsou mléčné výrobky. Cílem naší studie bylo ověřit, zda hromadění rozvětvených mastných kyselin probíhá u diabetu mellitu 2. typu a pokud ano určit v jaké frakci lipidů. K dispozici bylo 23 anonymních vzorků plazmy od pacientů s diabetem 2. typu, které byly následně rozděleny podle hladiny hemoglobinu do dvou skupin; 11 kompenzovaných a 12 špatně kompenzovaných. Dále bylo pro porovnání zpracováno 10 vzorků plazmy od dárců bez onemocnění diabetes mellitus typu 2. Nejprve byly vzorky rozděleny do pěti tříd lipidů za použití tenkovrstvé chromatografie. Pak jsme si stanovili obsah jednotlivých mastných kyselin ve všech třídách lipidů pomocí plynové chromatografie. Výsledky byly vypočítány dle statistického programu SigmaStat 3.5. Nejhojnější mastná kyselina s rozvětveným řetězcem je kyselina 14-methylhexadekanová. Ve srovnání s kontrolní skupinou bylo zjištěno statisticky významné zvýšení této kyseliny, a to jak u kompenzovaných diabetiků (p ≤ 0,001), tak i u špatně kompenzovaných (p ≤ 0,001). Kyselina 14-methylhexadekanová byla nalezena v diacylglycerolové frakci, jakož i ve frakci volných mastných kyselin u kompenzovaných (p = 0,008) a špatně kompenzovaných (p = 0,007) diabetiků. Náš výzkum prokázal zvýšený obsah rozvětvených mastných kyselin u diabetických pacientů. Hromadění mastných kyselin s rozvětveným řetězcem u diabetiků vyvolává otázku o přesném vlivu těchto mastných kyselin na lidský organismus