15 research outputs found
Real-time Analysis of NetFlow Data for Generating Network Traffic Statistics using Apache Spark
Abstract—In this paper, we present a framework for the realtime generation of network traffic statistics on Apache Spark Streaming, a modern distributed stream processing system. Our previous results showed that stream processing systems provide enough throughput to process a large volume of NetFlow data and hence they are suitable for network traffic monitoring. This paper describes the integration of Apache Spark Streaming into a current network monitoring architecture. We prove that it is possible to implement the same basic methods for NetFlow data analysis in the stream processing framework as in the traditional ones. Moreover, our stream processing implementation discovers new information which is not available when using traditional network monitoring approaches
Current Issues of Malicious Domains Blocking
Cyberattackers often use the Domain Name System (DNS) in their activities. Botnet C&C servers and phishing websites both use DNS to facilitate connection to or from its victims, while the protocol does not contain any security countermeasures to thwart such behavior. In this paper, we examine capabilities of a DNS firewall that would be able to filter access from the protected network to known malicious domains on the outside network. Considering the needs of Computer Security Incident Response Teams (CSIRTs), we formulated functional requirements that a DNS firewall should fulfill to fit the role of a cybersecurity tool. Starting from these requirements, we developed a DNS firewall based on the DNS Response Policy Zones technology, the only suitable open source technology available yet. However, we encountered several essential limitations in the DNS RPZ technology during the testing period. Still, our testing results show that simple DNS firewall can prevent attacks not detected by other cybersecurity tools. We discuss the limitations and propose possible solutions so that the DNS firewall might be used as a more complex cybersecurity tool in the future. Lessons learned from the deployment show that while the DNS firewall can indeed be used to block access to malicious domains, it cannot yet satisfy all the requirements of cybersecurity teams
Higgs boson hadronic branching ratios at the ILC
We present a study of the Higgs boson decay branching ratios to ,
and gluons, one of the cornerstones of the physics program at the
International Linear Collider (ILC). A standard model Higgs boson of 120\,GeV
mass, produced in the Higgs-strahlung process at \,GeV was
investigated using the full detector simulation and reconstruction procedures.
The analysis was performed in the framework of the Silicon Detector (SiD)
concept with full account of inclusive standard model backgrounds. The selected
decay modes contained two heavy flavour jets in the final state and required
excellent flavour tagging through precise reconstruction of interaction and
decay vertices in the detector. A new signal discrimination technique using
correlations of neural network outputs was used to determine the branching
ratios and estimate their uncertainties, 4.8\%, 8.4\% and 12.2\% for
, and gluons respectively.Comment: 9 Pages, 5 figures and 5 table
Real-time Pattern Detection in IP Flow Data using Apache Spark
Detection of network attacks is a challenging task, especially concerning detection coverage and timeliness. The defenders need to be able to detect advanced types of attacks and minimize the time gap between the attack detection and its mitigation. To meet these requirements, we present a stream-based IP flow data processing application for real-time attack detection using similarity search techniques. Our approach extends capabilities of traditional detection systems and allows to detect not only anomalies and attacks that match exactly to predefined patterns but also their variations. The approach is demonstrated on detection of SSH authentication attacks. We describe a process of patterns definition and illustrate their usage in a real-world deployment. We show that our approach provides sufficient performance of IP flow data processing for real-time detection while maintaining versatility and ability to detect network attacks that have not been recognized by traditional approaches
Passive OS Fingerprinting Methods in the Jungle of Wireless Networks
Operating system fingerprinting methods are well-known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high identification rate but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains and its performance is comparable to the two established ones. After that, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future
Prospects for the Measurement of the Higgs Yukawa Couplings to b and c quarks, and muons at CLIC
The investigation of the properties of the Higgs boson, especially a test of
the predicted linear dependence of the branching ratios on the mass of the
final state is going to be an integral part of the physics program at colliders
at the energy frontier for the foreseeable future. The large Higgs boson
production cross section at a 3TeV CLIC machine allows for a precision
measurement of the Higgs branching ratios. The cross section times branching
ratio of the decays H->bb, H->cc and H->{\mu}{\mu} of a Standard Model Higgs
boson with a mass of 120 GeV can be measured with a statistical uncertainty of
0.23%, 3.1% and 15%, respectively, assuming an integrated luminosity of 2 ab-1.Comment: 6 pages, 4 figure
SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security
Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization
Stanovenà rozvětvených mastných kyselin v plazmě u onemocněnà diabetes mellitus 2
Insulin resistance in type 2 diabetic patients reduces activation of PPAR, which may lead to accumulation of branched chain fatty acids as well as saturated fatty acids. Natural sources of these fatty acids are dairy products. The aim of our study was to verify whether the accumulation of branched chain fatty acids takes place in type 2 diabetes and in positive case to specify the corresponding lipid fraction. 23 anonymized plasma samples of type 2 diabetic patients, which were subsequently divided by glycosidic haemoglobin levels into groups of 11 compensated and 12 decompensated; and plasma of 10 healthy blood donors were processed. At first the samples were divided into particular lipid classes using the thin layer chromatography. Then we set the content of individual fatty acids in all lipid classes using the gas chromatography. Results were calculated with statistical application SigmaStat 3.5. The most abundant branched chain fatty acid is 14-methylhexadecanoic acid. Statistically significant increase of this acid was found both in compensated diabetics (p≤0.001) and in the decompensated ones (p≤0.001) in comparison with controls. The 14-methylhexadecanoic acid was found in diacylglycerol fraction as well as in the free fatty acid fraction in compensated (p=0.008) and decompensated (p=0.007) diabetics. Increase of the content of branched chain fatty acids in diabetic patients was proved. Accumulation of branched chain fatty acids in diabetics raises a question on the precise influence of these fatty acids on the human organism.InzulĂnová rezistence u pacientĹŻ s diabetem 2. typu sniĹľuje aktivaci PPAR, coĹľ mĹŻĹľe vĂ©st k akumulaci rozvÄ›tvenĂ˝ch mastnĂ˝ch kyselin, jakoĹľ i nasycenĂ˝ch mastnĂ˝ch kyselin. PĹ™ĂrodnĂ zdroje tÄ›chto mastnĂ˝ch kyselin jsou mlĂ©ÄŤnĂ© vĂ˝robky. CĂlem našà studie bylo ověřit, zda hromadÄ›nĂ rozvÄ›tvenĂ˝ch mastnĂ˝ch kyselin probĂhá u diabetu mellitu 2. typu a pokud ano urÄŤit v jakĂ© frakci lipidĹŻ. K dispozici bylo 23 anonymnĂch vzorkĹŻ plazmy od pacientĹŻ s diabetem 2. typu, kterĂ© byly následnÄ› rozdÄ›leny podle hladiny hemoglobinu do dvou skupin; 11 kompenzovanĂ˝ch a 12 špatnÄ› kompenzovanĂ˝ch. Dále bylo pro porovnánĂ zpracováno 10 vzorkĹŻ plazmy od dárcĹŻ bez onemocnÄ›nĂ diabetes mellitus typu 2. Nejprve byly vzorky rozdÄ›leny do pÄ›ti tĹ™Ăd lipidĹŻ za pouĹľitĂ tenkovrstvĂ© chromatografie. Pak jsme si stanovili obsah jednotlivĂ˝ch mastnĂ˝ch kyselin ve všech tĹ™Ădách lipidĹŻ pomocĂ plynovĂ© chromatografie. VĂ˝sledky byly vypoÄŤĂtány dle statistickĂ©ho programu SigmaStat 3.5. NejhojnÄ›jšà mastná kyselina s rozvÄ›tvenĂ˝m Ĺ™etÄ›zcem je kyselina 14-methylhexadekanová. Ve srovnánĂ s kontrolnĂ skupinou bylo zjištÄ›no statisticky vĂ˝znamnĂ© zvýšenĂ tĂ©to kyseliny, a to jak u kompenzovanĂ˝ch diabetikĹŻ (p ≤ 0,001), tak i u špatnÄ› kompenzovanĂ˝ch (p ≤ 0,001). Kyselina 14-methylhexadekanová byla nalezena v diacylglycerolovĂ© frakci, jakoĹľ i ve frakci volnĂ˝ch mastnĂ˝ch kyselin u kompenzovanĂ˝ch (p = 0,008) a špatnÄ› kompenzovanĂ˝ch (p = 0,007) diabetikĹŻ. Náš vĂ˝zkum prokázal zvýšenĂ˝ obsah rozvÄ›tvenĂ˝ch mastnĂ˝ch kyselin u diabetickĂ˝ch pacientĹŻ. HromadÄ›nĂ mastnĂ˝ch kyselin s rozvÄ›tvenĂ˝m Ĺ™etÄ›zcem u diabetikĹŻ vyvolává otázku o pĹ™esnĂ©m vlivu tÄ›chto mastnĂ˝ch kyselin na lidskĂ˝ organismus