Characterizing the IRC-based Botnet Phenomenon

Botnets, networks of compromised machines that can be remotely controlled by an attacker, are one of the most common attack platforms nowadays. They can, for example, be used to launch distributed denial-of-service (DDoS) attacks, steal sensitive information, or send spam emails. A long-term measurement study of botnet activities is useful as a basis for further research on global botnet mitigation and disruption techniques. We have built a distributed and fully-automated botnet measurement system which allows us to collect data on the botnet activity we observe in China. Based on the analysis of tracking records of 3,290 IRC-based botnets during a period of almost twelve months, this paper presents several novel results of botnet activities which can only be measured via long-term measurements. These include. amongst others, botnet lifetime, botnet discovery trends and distributions, command and control channel distributions, botnet size and end-host distributions. Furthermore, our measurements confirm and extend several previous results from this area. Our results show that the botnet problem is of global scale, with a scattered distribution of the control infrastructure and also a scattered distribution of the victims. Furthermore, the control infrastructure itself is rather flexible, with an average lifetime of a Command \& Control server of about 54 days. These results can also leverage research in the area of botnet detection, mitigation, and disruption: only by understanding the problem in detail, we can develop efficient counter measures

Studying Malicious Websites and the Underground Economy on the Chinese Web

The World Wide Web gains more and more popularity within China with more than 1.31 million websites on the Chinese Web in June 2007. Driven by the economic profits, cyber criminals are on the rise and use the Web to exploit innocent users. In fact, a real underground black market with thousand of participants has developed which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more. In this paper, we provide a detailed overview of this underground black market and present a model to describe the market. We substantiate our model with the help of measurement results within the Chinese Web. First, we show that the amount of virtual assets traded on this underground market is huge. Second, our research proofs that a significant amount of websites within China’s part of the Web are malicious: our measurements reveal that about 1.49% of the examined sites contain some kind of malicious content

Long-lived and disorder-free charge transfer states enable endothermic charge separation in efficient non-fullerene organic solar cells

Funder: HKU | University Research Committee, University of Hong Kong (HKU Research Committee); doi: https://doi.org/10.13039/501100003802Abstract: Organic solar cells based on non-fullerene acceptors can show high charge generation yields despite near-zero donor–acceptor energy offsets to drive charge separation and overcome the mutual Coulomb attraction between electron and hole. Here, we use time-resolved optical spectroscopy to show that free charges in these systems are generated by thermally activated dissociation of interfacial charge-transfer states that occurs over hundreds of picoseconds at room temperature, three orders of magnitude slower than comparable fullerene-based systems. Upon free electron–hole encounters at later times, both charge-transfer states and emissive excitons are regenerated, thus setting up an equilibrium between excitons, charge-transfer states and free charges. Our results suggest that the formation of long-lived and disorder-free charge-transfer states in these systems enables them to operate closely to quasi-thermodynamic conditions with no requirement for energy offsets to drive interfacial charge separation and achieve suppressed non-radiative recombination

An Improved Residual Network for Pork Freshness Detection Using Near-Infrared Spectroscopy

Effective and rapid assessment of pork freshness is significant for monitoring pork quality. However, a traditional sensory evaluation method is subjective and physicochemical analysis is time-consuming. In this study, the near-infrared spectroscopy (NIRS) technique, a fast and non-destructive analysis method, is employed to determine pork freshness. Considering that commonly used statistical modeling methods require preprocessing data for satisfactory performance, this paper presents a one-dimensional squeeze-and-excitation residual network (1D-SE-ResNet) to construct the complex relationship between pork freshness and NIRS. The developed model enhances the one-dimensional residual network (1D-ResNet) with squeeze-and-excitation (SE) blocks. As a deep learning model, the proposed method is capable of extracting features from the input spectra automatically and can be used as an end-to-end model to simplify the modeling process. A comparison between the proposed method and five popular classification models indicates that the 1D-SE-ResNet achieves the best performance, with a classification accuracy of 93.72%. The research demonstrates that the NIRS analysis technique based on deep learning provides a promising tool for pork freshness detection and therefore is helpful for ensuring food safety.Applied Science, Faculty ofNon UBCElectrical and Computer Engineering, Department ofReviewedFacult

Identification of Coal Geographical Origin Using Near Infrared Sensor Based on Broad Learning

Geographical origin, an important indicator of the chemical composition and quality grading, is one essential factor that should be taken into account in evaluating coal quality. However, traditional coal origin identification methods based on chemistry experiments are not only time consuming and labour intensive, but also costly. Near-Infrared (NIR) spectroscopy is an effective and efficient way to measure the chemical compositions of samples and has demonstrated excellent performance in various fields of quantitative and qualitative research. In this study, we employ NIR spectroscopy to identify coal origin. Considering the fact that the NIR spectra of coal samples always contain a large amount of redundant information and the number of samples is small, the broad learning algorithm is utilized here as the modelling system to classify the coal geographical origin. In addition, the particle swarm optimization algorithm is introduced to improve the structure of the Broad Learning (BL) model. We compare the improved model with the other five multivariate classification methods on a dataset with 243 coal samples collected from five countries. The experimental results indicate that the improved BL model can achieve the highest overall accuracy of 97.05%. The results obtained in this study suggest that the NIR technique combined with machine learning methods has significant potential for further development of coal geographical origin identification systems.Applied Science, Faculty ofNon UBCElectrical and Computer Engineering, Department ofReviewedFacult

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

Autonomous spreading malware in the form of worms or bots has become a severe threat in today's Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop antivirus signatures. In this paper, we present an integrated toolkit called HoneyBow, which is able to collect autonomous spreading malware in an automated manner using high-interaction honeypots. Compared to low-interaction honeypots, HoneyBow has several advantages due to a wider range of captured samples and the capability of collecting malware which propagates by exploiting new vulnerabilities. We validate the properties of HoneyBow with experimental data collected during a period of about nine months, in which we collected thousands of malware binaries. Furthermore, we demonstrate the capability of collecting new malware via a case study of a certain hot.Computer Science, Hardware & ArchitectureComputer Science, Information SystemsComputer Science, Theory & MethodsTelecommunicationsCPCI-S(ISTP)

Label-Free Fluorescent Detection of Ions, Proteins, and Small Molecules Using Structure-Switching Aptamers, SYBR Gold, and Exonuclease I

We have demonstrated a label-free sensing strategy employing structure-switching aptamers (SSAs), SYBR Gold, and exonuclease I to detect a broad range of targets including inorganic ions, proteins, and small molecules. This nearly universal biosensor approach is based on the observation that SSAs at binding state with their targets, which fold into secondary structures such as quadruplex structure or Y shape structure, show more resistance to nuclease digestion than SSAs at unfolded states. The amount of aptamer left after nuclease reaction is proportional to the concentrations of the targets and in turn is proportional to the fluorescence intensities from SYBR Gold that can only stain nucleic acids but not their digestion products, nucleoside monophosphates (dNMPs). Fluorescent assays employing this mechanism for the detection of potassium ion (K⁺) are sensitive, selective, and convenient. Twenty μM K⁺ is readily detected even at the presence of a 500-fold excess of Na⁺. Likewise, we have generalized the approach to the specific and convenient detection of proteins (thrombin) and small molecules (cocaine). The assays were then validated by detecting K⁺, cocaine, and thrombin in urine and serum or cutting and masking adulterants with good agreements with the true values. Compared to other reported approaches, most limited to G-quadruplex structures, the demonstrated method has less structure requirements of both the SSAs and their complexes with targets, therefore rending its wilder applications for various targets. The detection scheme could be easily modified and extended to detection platforms to further improve the detection sensitivity or for other applications as well as being useful in high-throughput and paralleled analysis of multiple targets

Towards High Level Attack Scenario Graph through Honeynet Data Correlation Analysis

Abstract—Honeynet Data Analysis has become a core requirement of honeynet technology. However, current honeynet data analysis mechanisms are still unable to provide security analysts enough capacities of comprehend the captured data quickly, in particular, there is no work done on behavior level correlation analysis. Towards providing high level attack scenario graphs, in this paper, we propose a honeynet data correlation analysis model and method. Based on a network attack and defense knowledge base and network environment perceiving mechanism, our proposed honeynet data correlation analysis method can recognize the attacker\s plan from a large volume of captured data and consequently reconstruct attack scenarios. Two proofof-concept experiments on Scan of the Month 27 dataset and inthe-wild botnet scenarios are presented to show the effectiveness of our method