2,003 research outputs found
A lightweight intrusion alert fusion system
In this paper, we present some practical experience on implementing an alert fusion mechanism from our project. After investigation on most of the existing alert fusion systems, we found the current body of work alternatively weighed down in the mire of insecure design or rarely deployed because of their complexity. As confirmed by our experimental analysis, unsuitable mechanisms could easily be submerged by an abundance of useless alerts. Even with the use of methods that achieve a high fusion rate and low false positives, attack is also possible. To find the solution, we carried out analysis on a series of alerts generated by well-known datasets as well as realistic alerts from the Australian Honey-Pot. One important finding is that one alert has more than an 85% chance of being fused in the following 5 alerts. Of particular importance is our design of a novel lightweight Cache-based Alert Fusion Scheme, called CAFS. CAFS has the capacity to not only reduce the quantity of useless alerts generated by IDS (Intrusion Detection System), but also enhance the accuracy of alerts, therefore greatly reducing the cost of fusion processing. We also present reasonable and practical specifications for the target-oriented fusion policy that provides a quality guarantee on alert fusion, and as a result seamlessly satisfies the process of successive correlation. Our experimental results showed that the CAFS easily attained the desired level of survivable, inescapable alert fusion design. Furthermore, as a lightweight scheme, CAFS can easily be deployed and excel in a large amount of alert fusions, which go towards improving the usability of system resources. To the best of our knowledge, our work is a novel exploration in addressing these problems from a survivable, inescapable and deployable point of view
Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection
Machine learning based solutions have been successfully employed for
automatic detection of malware in Android applications. However, machine
learning models are known to lack robustness against inputs crafted by an
adversary. So far, the adversarial examples can only deceive Android malware
detectors that rely on syntactic features, and the perturbations can only be
implemented by simply modifying Android manifest. While recent Android malware
detectors rely more on semantic features from Dalvik bytecode rather than
manifest, existing attacking/defending methods are no longer effective. In this
paper, we introduce a new highly-effective attack that generates adversarial
examples of Android malware and evades being detected by the current models. To
this end, we propose a method of applying optimal perturbations onto Android
APK using a substitute model. Based on the transferability concept, the
perturbations that successfully deceive the substitute model are likely to
deceive the original models as well. We develop an automated tool to generate
the adversarial examples without human intervention to apply the attacks. In
contrast to existing works, the adversarial examples crafted by our method can
also deceive recent machine learning based detectors that rely on semantic
features such as control-flow-graph. The perturbations can also be implemented
directly onto APK's Dalvik bytecode rather than Android manifest to evade from
recent detectors. We evaluated the proposed manipulation methods for
adversarial examples by using the same datasets that Drebin and MaMadroid (5879
malware samples) used. Our results show that, the malware detection rates
decreased from 96% to 1% in MaMaDroid, and from 97% to 1% in Drebin, with just
a small distortion generated by our adversarial examples manipulation method.Comment: 15 pages, 11 figure
Flow Boiling Pressure Drop for R410A and RL32H in Multi-channel Tube
This paper introduced a test facility to conduct both flow boiling and condensation test in a multi-channel tube, including structure designs in test section to maintain good and stable flow regime in multi-channels. It supports flow boiling and condensing testing at the same time. The refrigerant cycle was driven by a gear pump, liquid refrigerant flows from the gear pump, passes through an electrical pre-heater, evaporator and post-heater, then flow through water/glycol bath pre-condenser, condenser and post-condenser. Experimental data for pure R410A, R410A and lubricant RL32H mixture pressure drop in flow boiling is presented and analyzed in this paper. Inlet vapor quality was changing at 0.2, 0.4, 0.6 to 0.8 with 0.2 quality increase along the tube, mass fraction of lubricant was changing from 0%, 1%, 3% to 5%, and mass velocity of the pure and mixture varied from 100 to 700 kg s-1 m-2. The experiments have been conducted for average saturation temperature at 5ºC. Literatures on two phase flow boiling pressure drop for both pure refrigerant and refrigerant mixtures are carefully reviewed, popular published correlations are used in this study to evaluate test data. New two phase flow boiling pressure drop correlations for pure refrigerant and mixtures inside multi-channel tube are proposed. Some published data are used to validate new correlations
Bis(μ-adamantane-1,3-dicarboxylÂato-κ4 O 1,O 1′:O 3,O 3′)bisÂ[aquaÂ(3-carboxyÂadamÂantane-1-carboxylÂato-κO 1)(1,10-phenÂanÂthroline-κ2 N,N′)erbium(III)] dihydrate
The asymmetric unit of the binuclear centrosymmetric title compound, [Er2(C12H14O4)2(C12H15O4)2(C12H8N2)2(H2O)2]·2H2O, contains one ErIII atom, one coordinated water molÂecule, one 1,10-phenanthroline (phen) ligand, two differently coordinated adamantane-1,3-dicarboxylÂate (H2L) ligands and one lattice water molÂecule. The ErIII ion is eight-coordinated by four O atoms from bridging L
2−, one O atom from HL
−, one O atom from the coordinated water and two N atoms from a phen ligand. Extensive O—H⋯O hydrogen-bonding interÂactions result in the formation of chains which are further linked into a layer-like network by π–π stacking interÂactions centroid–centroid distance = 3.611 (3) Å] between adjacent phen ligands belonging to neighbouring chains. The carboxy group of the HL
− ligand is equally disordered over two positions
- …