An Exploratory Framework for Extrusion Detection

Modern network architecture allows multiple connectivity options, increasing the number of possible attack vectors. With the number of internet enabled devices constantly increasing, along with employees using these devices to access internal corporate networks, the attack surface has become too large to monitor from a single end-point. Traditional security measures have focused on securing a small number of network endpoints, by monitoring inbound con-nections and are thus blind to attack vectors such as mobile internet connections and remova-ble devices. Once an attacker has gained access to a network they are able to operate unde-tected on the internal network and exfiltrate data without hindrance. This paper proposes a framework for extrusion detection, where internal network traffic and outbound connections are monitored to detect malicious activity. The proposed framework has a tiered architecture con-sisting of prevention, detection, reaction and reporting. Each tier of the framework feeds into the subsequent tier with reporting providing a feedback mechanism to improve each tier based on the outcome of previous incidents

A Framework for DNS Based Detection of Botnets at the ISP Level

The rapid expansion of networks and increase in internet connected devices has lead to a large number of hosts susceptible to virus infec-tion. Infected hosts are controlled by attackers and form so called bot-nets. These botnets are used to steal data, mask malicious activity and perform distributed denial of service attacks. Traditional protection mechanisms rely on host based detection of viruses. These systems are failing due to the rapid increase in the number of vulnerable hosts and attacks that easily bypass detection mechanisms. This paper pro-poses moving protection from the individual hosts to the Internet Ser-vice Provider (ISP), allowing for the detection and prevention of botnet traffic. DNS traffic inspection allows for the development of a lightweight and accurate classifier that has little or no effect on network perfor-mance. By preventing botnet activity at the ISP level, it is hoped that the threat of botnets can largely be mitigated

The zeamine antibiotics affect the integrity of bacterial membranes

The zeamines (zeamine, zeamine I, and zeamine II) constitute an unusual class of cationic polyamine-polyketide-nonribosomal peptide antibiotics produced by Serratia plymuthica RVH1. They exhibit potent bactericidal activity, killing a broad range of Gram-negative and Gram-positive bacteria, including multidrug-resistant pathogens. Examination of their specific mode of action and molecular target revealed that the zeamines affect the integrity of cell membranes. The zeamines provoke rapid release of carboxyfluorescein from unilamellar vesicles with different phospholipid compositions, demonstrating that they can interact directly with the lipid bilayer in the absence of a specific target. DNA, RNA, fatty acid, and protein biosynthetic processes ceased simultaneously at subinhibitory levels of the antibiotics, presumably as a direct consequence of membrane disruption. The zeamine antibiotics also facilitated the uptake of small molecules, such as 1-N-phenylnaphtylamine, indicating their ability to permeabilize the Gram-negative outer membrane (OM). The valine-linked polyketide moiety present in zeamine and zeamine I was found to increase the efficiency of this process. In contrast, translocation of the large hydrophilic fluorescent peptidoglycan binding protein PBDKZ-GFP was not facilitated, suggesting that the zeamines cause subtle perturbation of theOMrather than drastic alterations or defined pore formation. At zeamine concentrations above those required for growth inhibition, membrane lysis occurred as indicated by time-lapse microscopy. Together, these findings show that the bactericidal activity of the zeamines derives from generalized membrane permeabilization, which likely is initiated by electrostatic interactions with negatively charged membrane components