VTAC: Virtual terrain assisted impact assessment for cyber attacks

Recently, there has been substantial research in the area of network security. Correlation of intrusion detection sensor alerts, vulnerability analysis, and threat projection are all being studied in hopes to relieve the workload that analysts have in monitoring their networks. Having an automated algorithm that can estimate the impact of cyber attacks on a network is another facet network analysts could use in defending their networks and gaining better overall situational awareness. Impact assessment involves determining the effect of a cyber attack on a network. Impact algorithms may consider items such as machine importance, connectivity, user accounts, known attacker capability, and similar machine configurations. Due to the increasing number of attacks, constantly changing vulnerabilities, and unknown attacker behavior, automating impact assessment is a non-trivial task. This work develops a virtual terrain that contains network and machine characteristics relevant to impact assessment. Once populated, this virtual terrain is used to perform impact assessment algorithms. The goal of this work is to investigate and propose an impact assessment system to assist network analysts in prioritizing attacks and analyzing overall network status. VTAC is tested with several scenarios over a network with a variety of configurations. Insights into the results of the scenarios, including how the network topologies and network asset configurations affect the impact analysis are discussed

VTAC: Virtual Terrain Assisted Impact Assessment for Cyber Attacks

Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their ‘impact’ to services and users of the network. A network is modeled as ‘virtual terrain’ where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC)

Terrain and Behavior Modeling for Projecting Multistage Cyber Attacks

Contributions from the information fusion community have enabled comprehensible traces of intrusion alerts occurring on computer networks. Traced or tracked cyber attacks are the bases for threat projection in this work. Due to its complexity, we separate threat projection into two subtasks: predicting likely next targets and predicting attacker behavior. A virtual cyber terrain is proposed for identifying likely targets. Overlaying traced alerts onto the cyber terrain reveals exposed vulnerabilities, services, and hosts. Meanwhile, a novel attempt to extract cyber attack behavior is discussed. Leveraging traditional work on prediction and compression, this work identifies behavior patterns from traced cyber attack data. The extracted behavior patterns are expected to further refine projections deduced from the cyber terrain

Current trends in sample preparation for growth promoter and veterinary drug residue analysis

This research was part-funded under the Food Institutional Research Measure (project reference number: 06RDTAFRC479) and Food for Health Research Initiative (project reference number: 07FHRITAFRC5), which was administered under the Irish Department of Agriculture, Fisheries and Food.peer-reviewedA comprehensive review is presented on the current trends in sample preparation for isolation of veterinary drugs and growth promotors from foods. The objective of the review is to firstly give an overview of the sample preparation techniques that are applied in field. The review will focus on new techniques and technologies, which improve efficiency and coverage of residues. The underlying theme to the paper is the developments that have been made in multi-residue methods and particularly multi-class methods for residues of licensed animal health products, which have been developed in the last couple of years. The role of multi-class methods is discussed and how they can be accommodated in future residue surveillance.Department of Agriculture, Food and the Marin