205 research outputs found
Beyond Counting: New Perspectives on the Active IPv4 Address Space
In this study, we report on techniques and analyses that enable us to capture
Internet-wide activity at individual IP address-level granularity by relying on
server logs of a large commercial content delivery network (CDN) that serves
close to 3 trillion HTTP requests on a daily basis. Across the whole of 2015,
these logs recorded client activity involving 1.2 billion unique IPv4
addresses, the highest ever measured, in agreement with recent estimates.
Monthly client IPv4 address counts showed constant growth for years prior, but
since 2014, the IPv4 count has stagnated while IPv6 counts have grown. Thus, it
seems we have entered an era marked by increased complexity, one in which the
sole enumeration of active IPv4 addresses is of little use to characterize
recent growth of the Internet as a whole.
With this observation in mind, we consider new points of view in the study of
global IPv4 address activity. Our analysis shows significant churn in active
IPv4 addresses: the set of active IPv4 addresses varies by as much as 25% over
the course of a year. Second, by looking across the active addresses in a
prefix, we are able to identify and attribute activity patterns to network
restructurings, user behaviors, and, in particular, various address assignment
practices. Third, by combining spatio-temporal measures of address utilization
with measures of traffic volume, and sampling-based estimates of relative host
counts, we present novel perspectives on worldwide IPv4 address activity,
including empirical observation of under-utilization in some areas, and
complete utilization, or exhaustion, in others.Comment: in Proceedings of ACM IMC 201
Altered rich club and frequency-dependent subnetworks organization in mild traumatic brain injury: A MEG resting-state study
Functional brain connectivity networks exhibit âsmall-worldâ characteristics and some
of these networks follow a ârich-clubâ organization, whereby a few nodes of high
connectivity (hubs) tend to connect more densely among themselves than to nodes
of lower connectivity. The Current study followed an âattack strategyâ to compare the
rich-club and small-world network organization models using Magnetoencephalographic
(MEG) recordings from mild traumatic brain injury (mTBI) patients and neurologically
healthy controls to identify the topology that describes the underlying intrinsic brain
network organization. We hypothesized that the reduction in global efficiency caused
by an attack targeting a modelâs hubs would reveal the âtrueâ underlying topological
organization. Connectivity networks were estimated using mutual information as
the basis for cross-frequency coupling. Our results revealed a prominent rich-club
network organization for both groups. In particular, mTBI patients demonstrated hypersynchronization
among rich-club hubs compared to controls in the d band and the
d-g1, "-g1, and b-g2 frequency pairs. Moreover, rich-club hubs in mTBI patients
were overrepresented in right frontal brain areas, from " to g1 frequencies, and
underrepresented in left occipital regions in the d-b, d-g1, "-b, and b-g2 frequency pairs.
These findings indicate that the rich-club organization of resting-state MEG, considering
its role in information integration and its vulnerability to various disorders like mTBI, may
have a significant predictive value in the development of reliable biomarkers to help the
validation of the recovery frommTBI. Furthermore, the proposed approachmight be used
as a validation tool to assess patient recovery
POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting
Cyber threat intelligence (CTI) is being used to search for indicators of
attacks that might have compromised an enterprise network for a long time
without being discovered. To have a more effective analysis, CTI open standards
have incorporated descriptive relationships showing how the indicators or
observables are related to each other. However, these relationships are either
completely overlooked in information gathering or not used for threat hunting.
In this paper, we propose a system, called POIROT, which uses these
correlations to uncover the steps of a successful attack campaign. We use
kernel audits as a reliable source that covers all causal relations and
information flows among system entities and model threat hunting as an inexact
graph pattern matching problem. Our technical approach is based on a novel
similarity metric which assesses an alignment between a query graph constructed
out of CTI correlations and a provenance graph constructed out of kernel audit
log records. We evaluate POIROT on publicly released real-world incident
reports as well as reports of an adversarial engagement designed by DARPA,
including ten distinct attack campaigns against different OS platforms such as
Linux, FreeBSD, and Windows. Our evaluation results show that POIROT is capable
of searching inside graphs containing millions of nodes and pinpoint the
attacks in a few minutes, and the results serve to illustrate that CTI
correlations could be used as robust and reliable artifacts for threat hunting.Comment: The final version of this paper is going to appear in the ACM SIGSAC
Conference on Computer and Communications Security (CCS'19), November 11-15,
2019, London, United Kingdo
Applying a two-stage Bayesian dynamic model to a short lived species, the anchovy in the Aegean Sea (Eastern Mediterranean). Comparison with an Integrated Catch at Age stock assessment model.
Two different stock assessment models were applied to the North Aegean Sea anchovy stock (Eastern Mediterranean Sea): an Integrated Catch at age Analysis and a Bayesian two-stage biomass based model. Commercial catch data over the period 2000-2008 as well as acoustics and Daily Egg Production Method estimates over the period 2003-2008 were used. Both models results were consistent, indicating that anchovy stock is exploited sustainably in relation to an exploitation rate reference point. Further, the stock biomass appears stable or increasing. However, the limitations in age-composition data, potential problems related to misinterpretation of age readings along with the existence of missing values in the survey data seem to favour the two-stage biomass method, which is based on a simplified age structure.
Dynamic effective anisotropy: Asymptotics, simulations, and microwave experiments with dielectric fibers
International audienceWe investigate dynamic effective anisotropy in photonic crystals (PCs) through a combination of an effective medium theory, which is a high-frequency homogenization (HFH) method explicitly developed to operate for short waves, as well as through numerical simulations and microwave experiments. The HFH yields accurate predictions of the effective anisotropic properties of periodic structures when the wavelength is of comparable order to the pitch of the array; specifically, we investigate a square array of pitch 2 cm consisting of dielectric rods of radius 0.5 cm and refractive index n=6â within an air matrix. This behaves as an effective medium, with strong artificial anisotropy, at a frequency corresponding to a flat band emerging from a Dirac-like point in transverse magnetic (TM) polarization. At this frequency, highly directive emission is predicted for an electric source placed inside this PC, and this artificial anisotropy can be shown to coincide with a change of character of the underlying effective equation from isotropic to unidirective, with coefficients of markedly different magnitudes appearing in the effective equation tensor. In transverse electric (TE) polarization, we note a second radical change of character of the underlying effective equation, this time from elliptic to hyperbolic, near a frequency at which a saddle point occurs in the corresponding dispersion curves. Delicate microwave experiments are performed in both polarizations for such a PC consisting of 80 rods, and we demonstrate that a directive emission in the form of a + (respectively, an X) is indeed seen experimentally at the predicted frequency 9.5 GHz in TM polarization (respectively, 5.9 GHz in TE polarization). These are clearly dynamic effects since in the quasistatic regime the PC just behaves as an isotropic medium
Data-driven topological filtering based on orthogonal minimal spanning trees: application to multi-group MEG resting-state connectivity
In the present study, a novel data-driven topological filtering technique is introduced to derive the backbone of functional brain networks relying on orthogonal minimal spanning trees (OMSTs). The method aims to identify the essential functional connections to ensure optimal information flow via the objective criterion of global efficiency minus the cost of surviving connections. The OMST technique was applied to multichannel, resting-state neuromagnetic recordings from four groups of participants: healthy adults (nâ=â50), adults who have suffered mild traumatic brain injury (nâ=â30), typically developing children (nâ=â27), and reading-disabled children (nâ=â25). Weighted interactions between network nodes (sensors) were computed using an integrated approach of dominant intrinsic coupling modes based on two alternative metrics (symbolic mutual information and phase lag index), resulting in excellent discrimination of individual cases according to their group membership. Classification results using OMST-derived functional networks were clearly superior to results using either relative power spectrum features or functional networks derived through the conventional minimal spanning tree algorithm
An asymptotic theory for waves guided by diffraction gratings or along microstructured surfaces
An effective surface equation, that encapsulates the detail of a microstructure, is developed to model microstructured surfaces. The equations deduced accurately reproduce a key feature of surface wave phenomena, created by periodic geometry, that are commonly called Rayleigh-Bloch waves, but which also go under other names such as Spoof Surface Plasmon Polaritons in photonics. Several illustrative examples are considered and it is shown that the theory extends to similar waves that propagate along gratings. Line source excitation is considered and an implicit long-scale wavelength is identified and compared to full numerical simulations. We also investigate non-periodic situations where a long-scale geometric variation in the structure is introduced and show that localised defect states emerge which the asymptotic theory explains
Clust-IT:Clustering-Based Intrusion Detection in IoT Environments
Low-powered and resource-constrained devices are forming a greater part of our smart networks. For this reason, they have recently been the target of various cyber-attacks. However, these devices often cannot implement traditional intrusion detection systems (IDS), or they can not produce or store the audit trails needed for inspection. Therefore, it is often necessary to adapt existing IDS systems and malware detection approaches to cope with these constraints. We explore the application of unsupervised learning techniques, specifically clustering, to develop a novel IDS for networks composed of low-powered devices. We describe our solution, called Clust-IT (Clustering of IoT), to manage heterogeneous data collected from cooperative and distributed networks of connected devices and searching these data for indicators of compromise while remaining protocol agnostic. We outline a novel application of OPTICS to various available IoT datasets, composed of both packet and flow captures, to demonstrate the capabilities of the proposed techniques and evaluate their feasibility in developing an IoT IDS
A haystack full of needles: scalable detection of IoT devices in the wild
Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks, with notable recent large scale coordinated global attacks disrupting large service providers. Thus, an important first step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled flow statistics. In particular, it is challenging for an ISP to efficiently and effectively track and trace activity from IoT devices deployed by its millions of subscribers --all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our findings indicate that millions of IoT devices are detectable and identifiable within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network flow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is effective for providing network analytics, it also highlights significant privacy consequences
- âŠ