Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance

Provenance graphs are structured audit logs that describe the history of a system's execution. Recent studies have explored a variety of techniques to analyze provenance graphs for automated host intrusion detection, focusing particularly on advanced persistent threats. Sifting through their design documents, we identify four common dimensions that drive the development of provenance-based intrusion detection systems (PIDSes): scope (can PIDSes detect modern attacks that infiltrate across application boundaries?), attack agnosticity (can PIDSes detect novel attacks without a priori knowledge of attack characteristics?), timeliness (can PIDSes efficiently monitor host systems as they run?), and attack reconstruction (can PIDSes distill attack activity from large provenance graphs so that sysadmins can easily understand and quickly respond to system intrusion?). We present KAIROS, the first PIDS that simultaneously satisfies the desiderata in all four dimensions, whereas existing approaches sacrifice at least one and struggle to achieve comparable detection performance. Kairos leverages a novel graph neural network-based encoder-decoder architecture that learns the temporal evolution of a provenance graph's structural changes to quantify the degree of anomalousness for each system event. Then, based on this fine-grained information, Kairos reconstructs attack footprints, generating compact summary graphs that accurately describe malicious activity over a stream of system audit logs. Using state-of-the-art benchmark datasets, we demonstrate that Kairos outperforms previous approaches.Comment: 23 pages, 16 figures, to appear in the 45th IEEE Symposium on Security and Privacy (S&P'24

Improvements on the optical properties of Ge-Sb-Se chalcogenide glasses with iodine incorporation

International audienceDecreasing glass network defects and improving optical transmittance are essential work for material researchers. We studied the function of halogen iodine (I) acting as a glass network modifier in Ge–Sb–Se–based chalcogenide glass system. A systematic series of Ge20Sb5Se75-xIx (x = 0, 5, 10, 15, 20 at%) infrared (IR) chalcohalide glasses were investigated to decrease the weak absorption tail (WAT) and improve the mid-IR transparency. The mechanisms of the halogen I affecting the physical, thermal, and optical properties of Se-based chalcogenide glasses were reported. The structural evolutions of these glasses were also revealed by Raman spectroscopy and camera imaging. The progressive substitution of I for Se increased the optical bandgap. The WAT and scatting loss significantly decreased corresponding to the progressive decrease in structural defects caused by dangling bands and structure defects in the original Ge20Sb5Se75 glass. The achieved maximum IR transparency of Ge–Sb–Se–I glasses can reach up to 80% with an effective transmission window between 0.94 μm to 17 μm, whereas the absorption coefficient decreased to 0.029 cm-1 at 10.16 μm. Thus, these materials are promising candidates for developing low-loss IR fibers

Undernutrition-induced substance metabolism and energy production disorders affected the structure and function of the pituitary gland in a pregnant sheep model

IntroductionUndernutrition spontaneously occurs in ewes during late gestation and the pituitary is an important hinge in the neurohumoral regulatory system. However, little is known about the effect of undernutrition on pituitary metabolism.MethodsHere, 10 multiparous ewes were restricted to a 30% feeding level during late gestation to establish an undernutrition model while another 10 ewes were fed normally as controls. All the ewes were sacrificed, and pituitary samples were collected to perform transcriptome, metabolome, and quantitative real-time PCR analysis and investigate the metabolic changes.ResultsPCA and PLS-DA of total genes showed that undernutrition changed the total transcriptome profile of the pituitary gland, and 581 differentially expressed genes (DEGs) were identified between the two groups. Clusters of orthologous groups for eukaryotic complete genomes demonstrated that substance transport and metabolism, including lipids, carbohydrates, and amino acids, energy production and conversion, ribosomal structure and biogenesis, and the cytoskeleton were enriched by DEGs. Kyoto encyclopedia of genes and genomes pathway enrichment analysis displayed that the phagosome, intestinal immune network, and oxidative phosphorylation were enriched by DEGs. Further analysis found that undernutrition enhanced the lipid degradation and amino acid transport, repressing lipid synthesis and transport and amino acid degradation of the pituitary gland. Moreover, the general metabolic profiles and metabolic pathways were affected by undernutrition, repressing the 60S, 40S, 28S, and 39S subunits of the ribosomal structure for translation and myosin and actin synthesis for cytoskeleton. Undernutrition was found also to be implicated in the suppression of oxidative phosphorylation for energy production and conversion into a downregulation of genes related to T cell function and the immune response and an upregulation of genes involved in inflammatory reactions enriching phagosomes.DiscussionThis study comprehensively analyses the effect of undernutrition on the pituitary gland in a pregnant sheep model, which provides a foundation for further research into the mechanisms of undernutrition-caused hormone secretion and metabolic disorders

Fabrication and characterization of Ge–Sb–Se–I glasses and fibers

International audienceChalcogenide glasses of the Ge20Sb5Se75−x I x (x = 0, 5, 10, 15, 20 at.%) system were prepared. This study was performed to examine some Ge–Sb–Se–I glass physical and optical properties, the structural evolution of the glass network, and the optical properties of the infrared glass fibers based on our previous studies. The variation process of the glass physical properties, such as transition temperature, glass density, and refractive index, was investigated from the glass of Ge20Sb5Se75 to the Ge20Sb5Se75−x I x glass series. The structural evolutions of these glasses were examined by Raman spectroscopy. The Ge20Sb5Se55I20 composition was selected for the preparation of the IR fiber. The Ge20Sb5Se55I20 glass was purified through distillation, and the intensity of the impurity absorption peaks caused by Ge–O, H2O, and Se–H was reduced or eliminated in the purified glasses. Then, Ge20Sb5Se55I20 chalcogenide glass fiber for mid-infrared transmission was fabricated using high-purity materials. The transmission loss of the Ge20Sb5Se55I20 fiber was greatly reduced compared with that of the Ge20Sb5Se75 glass fiber. The lowest losses obtained were 3.5 dB/m at 3.3 μm for Ge20Sb5Se75I20 fiber, which was remarkably improved compared with 48 dB/m of the unpurified Ge20Sb5Se75 fiber

Whole-genome sequencing analysis of Klebsiella aerogenes among men who have sex with men in Guangzhou, China

Klebsiella aerogenes is a common infectious bacterium that poses a threat to human health. Nevertheless, there are limited data on the population structure, genetic diversity, and pathogenicity of K. aerogenes, especially among men who have sex with men (MSM). The present study aimed to clarify the sequence types (STs), clonal complexes (CCs), resistance genes, and virulence factors of popular strains. Multilocus sequence typing was used to describe the population structure of K. aerogenes. The Virulence Factor Database and Comprehensive Antibiotic Resistance Database were used to assess the virulence and resistance profiles. In this study, next-generation sequencing was performed on nasal swabs specimens collected in an HIV Voluntary Counseling Testing outpatient department in Guangzhou, China, from April to August 2019. The identification results showed that a total of 258 K. aerogenes isolates were collected from 911 participants. We found that the isolates were most resistant to furantoin (89.53%, 231/258) and ampicillin (89.15%, 230/258), followed by imipenem (24.81%, 64/258) and cefotaxime (18.22%, 47/258). The most common STs in carbapenem-resistant K. aerogenes were ST4, ST93, and ST14. The population has at least 14 CCs, including several novel ones identified in this study (CC11-CC16). The main mechanism of drug resistance genes was antibiotic efflux. Based on the presence of the iron carrier production genes irp and ybt, we identified two clusters according to virulence profiles. In cluster A, CC3 and CC4 carry the clb operator encoding the toxin. Increased monitoring is needed for the three main ST type strains carried by MSM. The main clone group CC4 has a large number of toxin genes, and it spreads among MSM. Caution is needed to prevent further spread of this clone group in this population. In sum, our results may provide a foundation for the development of new therapeutic and surveillance strategies for treating MSM

Approximate solution of plastic zone boundary of surrounding rock of circular roadway considering axial stress

In order to study the boundary of plastic zone of surrounding rock of a roadway considering axial stress, based on Mohr-Coulomb criterion, the implicit equation of plastic zone boundary of surrounding rock of circular roadway considering axial stress is derived by introducing Lode angle parameter. The size and shape of plastic zone of surrounding rock under different stress fields are analyzed by changing the horizontal stress σx and axial stress σy of roadway, and the reliability of theoretical analysis is further illustrated by numerical simulation. In addition, the influence of cohesion C, internal friction angle φ, roadway radius R and Poisson’s ratio v on the stability of surrounding rock is studied. The results show that : ① Under the condition of fixed axial lateral pressure while changing horizontal lateral pressure, the size change of plastic zone of surrounding rock can be divided into sensitive zone and insensitive zone, and in the changing process of horizontal lateral pressure, the plastic zone of surrounding rock shows three forms: circular, elliptical and butterfly-shaped. ② Under the condition of fixed horizontal lateral pressure while changing axial lateral pressure, the plastic zone at each position of surrounding rock shows a strong interval effect. By comparing the size of plastic zone under plane strain problem, the region is divided into axial stress-affected zone and axial stress-unaffected zone. In the influence zone of axial stress, the change of axial lateral pressure has great influence on the size of plastic zone of surrounding rock. ③ The failure mode of roadway surrounding rock is determined by the horizontal lateral pressure η1, and the axial lateral pressure η2 has little effect on the shape of plastic zone, but has great influence on the size. ④ The increase of surrounding rock C and φ will reduce the size of plastic zone of roadway surrounding rock to varying degrees, and the increase of R will increase the plastic zone at different positions of surrounding rock in an equal number sequence. In the axial stress-unaffected zone, v has no effect on the size of plastic zone of surrounding rock. In the axial stress-affected zone, the size of plastic zone at the wing corner is not affected by v, and the size of plastic zone at other locations is affected to different degrees

Surgical treatment of patellar dislocation: A network meta-analysis of randomized control trials and cohort studies

BackgroundCurrently, there are many surgical options for patellar dislocation. The purpose of this study is to perform a network meta-analysis of the randomized controlled trials (RCTs) and cohort studies to determine the better treatment.MethodWe searched the Pubmed, Embase, Cochrane Central Register of Controlled Trials, Web of Science, clinicaltrials.gov and who.int/trialsearch. Clinical outcomes included Kujala score, Lysholm score, International Knee Documentation Committee (IKDC) score, redislocation or recurrent instability. We conducted pairwise meta-analysis and network meta-analysis respectively using the frequentist model to compare the clinical outcomes.ResultsThere were 10 RCTs and 2 cohort studies with a total of 774 patients included in our study. In network meta-analysis, double-bundle medial patellofemoral ligament reconstruction (DB-MPFLR) achieved good results on functional scores. According to the surface under the cumulative ranking (SUCRA), DB-MPFLR had the highest probabilities of their protective effects on outcomes of Kujala score (SUCRA 96.5 %), IKDC score (SUCRA 100.0%) and redislocation (SUCRA 67.8%). However, DB-MPFLR (SUCRA 84.6%) comes second to SB-MPFLR (SUCRA 90.4%) in Lyshlom score. It is (SUCRA 70%) also inferior to vastus medialis plasty (VM-plasty) (SUCRA 81.9%) in preventing Recurrent instability. The results of subgroup analysis were similar.ConclusionOur study demonstrated that MPFLR showed better functional scores than other surgical options

Using of Linux Containers in Test Fixture

Táto práca sa zaoberá štúdiom Linuxových kontajnerov a ich aplikáciou na vytvorenie stabilného prostredia pre testovanie softvéru. Programové riešenie problém delí na niekoľko častí. Najprv sa podľa požiadavok používateľa vytvorí konfigurácia, následne sa podľa nej vytvorí kontajner a nakoniec sa tento kontajner spustí spolu s dodanými testami za použitia platformy Docker. Program sám o sebe naplňuje počiatočné požiadavky, avšak jeho funkcionalita nie je zaručená vzhľadom na využitie softvéru tretej strany ako napríklad správcovia balíkov, čo môže spôsobiť neočakávané chyby za behu programu. Hlavným prínosom práce je zaobalenie platformy Docker tak, aby od užívateľa vyžadovala minimálnu, alebo žiadnu znalosť platformy Docker a umožňovala vytvárať kontajnery zjednodušenou formou.The main focus of this thesis is the study of Linux containers and their application in creation of software test fixtures. The program solution divides the problem into several segments. At first, a configurationisset upin accordance with the user’s specification, next a container is created according to given configuration, and in the end,the created container is launched alongside supplied tests while using the Docker platform. The program itself meets initial requirements although its functionality is not guaranteed as a result of usage of third-party software such as package managers, which may cause unexpected runtime errors. Primary asset of the thesis is the wrapping of the Docker platform to the degree, that its user needs minimal, or no knowledge of the platform, and allows them to create containers in a simplified way