Дослідження ефективності Snort в протидії методам сканування портів

Snort Intrusion Detection System became the de-facto standard among the software-based Intrusion Detection Systems because of the high level of customization and the relative ease of use. However, it is essential for an Intrusion Detection System not only to prevent the known attacks, but also to detect zero-day attacks and their preceding steps, such as port scans. A lot of companies neglect the security measures, associated with the prevention of the steps, preceding the attack, such as port scans. This article analyzes the performance of Snort in relation to detecting various port scanning methods and common evasion techniques, as well as the configurations that lead to the best performance. Port scanning prevention is discussed in the context of the nmap service and all the scanning techniques associated with it. Moreover, a packet defragmentation technique is discussed as the evasion technique, as well as the ways of the evasion detection. The article includes the recommendations for configuration of the Snort Intrusion Detection System for effective detection of the port scanning attacks.Система обнаружения вторжений Snort стала де-факто стандартом среди систем обнаружения вторжений на основе программного обеспечения из-за высокого уровня настраиваемости и относительной простоты конфигурации. Тем не менее, она является исключительно важной системой обнаружения вторжений не только для предотвращения известных атак, но и для обнаружения атак нулевого дня и предшествующих им действий, таких как сканирование портов. Тем не менее, как компании, так и исследования часто пренебрегают мерами безопасности, необходимыми для предотвращения предшествующих действий, таких как сканирование портов. В данной статье исследуются эффективность Snort в отношении обнаружения различных методов сканирования портов и популярных техник обхода, а также конфигурации, которые приводят к лучшей производительности. Предотвращение сканирования портов рассмотрено в контексте стандартного сервиса nmap и всех методов сканирования, доступных в данном продукте. Также рассмотрен такой метод предотвращения обнаружения как дефрагментация пакета, а также пути блокировки данного метода обхода обнаружения. Статья включает в себя рекомендации по конфигурации системы Snort для эффективного обнаружения атак сканирования портов.Система виявлення вторгнень Snort стала де-факто стандартом серед систем виявлення вторгнень на основі програмного забезпечення через високий рівень настроюваності і відносну простоту конфігурації. Тим не менш, вона є виключно важливою системою виявлення вторгнень не тільки для запобігання відомих атак, але і для виявлення атак нульового дня і попередніх їм дій, таких як сканування портів. Проте, як компанії, так і дослідження часто нехтують заходами безпеки, необхідними для запобігання попередніх дій, таких як сканування портів. У даній статті досліджуються ефективність Snort щодо виявлення різних методів сканування портів і популярних технік обходу, а також конфігурації, які призводять до кращої продуктивності. Запобігання сканування портів розглянуто в контексті стандартного сервісу nmap і всіх методів сканування, доступних в даному продукті. Так само розглянуто такий метод запобігання виявлення як дефрагментація пакета, а також шляхи блокування цього методу обходу виявлення. Стаття включає в себе рекомендації по конфігурації системи Snort для ефективного виявлення атак сканування портів

Multi-view Subspace Learning for Large-Scale Multi-Modal Data Analysis

Dimensionality reduction methods play a big role within the modern machine learning techniques, and subspace learning is one of the common approaches to it. Although various methods have been proposed over the past years, many of them suffer from limitations related to the unimodality assumptions on the data and low speed in the cases of high-dimensional data (in linear formulations) or large datasets (in kernel-based formulations). In this work, several methods for overcoming these limitations are proposed. In this thesis, the problem of the large-scale multi-modal data analysis for single- and multi-view data is discussed, and several extensions for Subclass Discriminant Analysis (SDA) are proposed. First, a Spectral Regression Subclass Discriminant Analysis method relying on the Graph Embedding-based formulation of SDA is proposed as a way to reduce the training time, and it is shown how the solution can be obtained efficiently, therefore reducing the computational requirements. Secondly, a novel multi-view formulation for Subclass Discriminant Analysis is proposed, allowing to extend it to data coming from multiple views. Besides, a speed-up approach for the multi-view formulation that allows reducing the computational requirements of the method is proposed. Linear and nonlinear kernel-based formulations are proposed for all the extensions. Experiments are performed on nine single-view and nine multi-view datasets and the accuracy and speed of the proposed extensions are evaluated. Experimentally it is shown that the proposed approaches result in a significant reduction of the training time while providing competitive performance, as compared to other subspace-learning based methods

Self-Attention Neural Bag-of-Features

In this work, we propose several attention formulations for multi-variate sequence data. We build on top of the recently introduced 2D-Attention and reformulate the attention learning methodology by quantifying the relevance of feature/temporal dimensions through latent spaces based on self-attention rather than learning them directly. In addition, we propose a joint feature-temporal attention mechanism that learns a joint 2D attention mask highlighting relevant information without treating feature and temporal representations independently. The proposed approaches can be used in various architectures and we specifically evaluate their application together with Neural Bag of Features feature extraction module. Experiments on several sequence data analysis tasks show the improved performance yielded by our approach compared to standard methods.acceptedVersionPeer reviewe

Self-attention fusion for audiovisual emotion recognition with incomplete data

In this paper, we consider the problem of multi-modal data analysis with a use case of audiovisual emotion recognition. We propose an architecture capable of learning from raw data and describe three variants of it with distinct modality fusion mechanisms. While most of the previous works consider the ideal scenario of presence of both modalities at all times during inference, we evaluate the robustness of the model in the unconstrained settings where one modality is absent or noisy, and propose a method to mitigate these limitations in a form of modality dropout. Most importantly, we find that following this approach not only improves performance drastically under the absence/noisy representations of one modality, but also improves the performance in a standard ideal setting, outperforming the competing methods.acceptedVersionPeer reviewe

Weighted Edit Distance for Country Code Recognition in License Plates

acceptedVersionPeer reviewe

Speed-up and multi-view extensions to subclass discriminant analysis

Highlights • We present a speed-up extension to Subclass Discriminant Analysis. • We propose an extension to SDA for multi-view problems and a fast solution to it. • The proposed approaches result in lower training time and competitive performance.In this paper, we propose a speed-up approach for subclass discriminant analysis and formulate a novel efficient multi-view solution to it. The speed-up approach is developed based on graph embedding and spectral regression approaches that involve eigendecomposition of the corresponding Laplacian matrix and regression to its eigenvectors. We show that by exploiting the structure of the between-class Laplacian matrix, the eigendecomposition step can be substituted with a much faster process. Furthermore, we formulate a novel criterion for multi-view subclass discriminant analysis and show that an efficient solution to it can be obtained in a similar manner to the single-view case. We evaluate the proposed methods on nine single-view and nine multi-view datasets and compare them with related existing approaches. Experimental results show that the proposed solutions achieve competitive performance, often outperforming the existing methods. At the same time, they significantly decrease the training time

Ensembling object detectors for image and video data analysis

In this paper, we propose a method for ensembling the outputs of multiple object detectors for improving detection performance and precision of bounding boxes on image data. We further extend it to video data by proposing a two-stage tracking-based scheme for detection refinement. The proposed method can be used as a standalone approach for improving object detection performance, or as a part of a framework for faster bounding box annotation in unseen datasets, assuming that the objects of interest are those present in some common public datasets.acceptedVersionPeer reviewe

Multi-view Subspace Learning for Large-Scale Multi-Modal Data Analysis

Dimensionality reduction methods play a big role within the modern machine learning techniques, and subspace learning is one of the common approaches to it. Although various methods have been proposed over the past years, many of them suffer from limitations related to the unimodality assumptions on the data and low speed in the cases of high-dimensional data (in linear formulations) or large datasets (in kernel-based formulations). In this work, several methods for overcoming these limitations are proposed. In this thesis, the problem of the large-scale multi-modal data analysis for single- and multi-view data is discussed, and several extensions for Subclass Discriminant Analysis (SDA) are proposed. First, a Spectral Regression Subclass Discriminant Analysis method relying on the Graph Embedding-based formulation of SDA is proposed as a way to reduce the training time, and it is shown how the solution can be obtained efficiently, therefore reducing the computational requirements. Secondly, a novel multi-view formulation for Subclass Discriminant Analysis is proposed, allowing to extend it to data coming from multiple views. Besides, a speed-up approach for the multi-view formulation that allows reducing the computational requirements of the method is proposed. Linear and nonlinear kernel-based formulations are proposed for all the extensions. Experiments are performed on nine single-view and nine multi-view datasets and the accuracy and speed of the proposed extensions are evaluated. Experimentally it is shown that the proposed approaches result in a significant reduction of the training time while providing competitive performance, as compared to other subspace-learning based methods