27 research outputs found
Present and Future of Network Security Monitoring
This work was funded by the Ministry of Science and Innovation through CDTI through the Ayudas Cervera para Centros Tecnologicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA under Grant CER-20191012, and in part by the Spanish Ministry of Economy and Competitiveness and European Regional Development Fund (ERDF) funds under Project TIN2017-83494-R.Network Security Monitoring (NSM) is a popular term to refer to the detection of security incidents by monitoring the network events. An NSM system is central for the security of current networks, given the escalation in sophistication of cyberwarfare. In this paper, we review the state-of-the-art in NSM, and derive a new taxonomy of the functionalities and modules in an NSM system. This taxonomy is useful to assess current NSM deployments and tools for both researchers and practitioners. We organize a list of popular tools according to this new taxonomy, and identify challenges in the application of NSM in modern network deployments, like Software Defined Network (SDN) and Internet of Things (IoT).Ministry of Science and Innovation through CDTI through the Ayudas Cervera para Centros Tecnologicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA CER-20191012Spanish Ministry of Economy and CompetitivenessEuropean Regional Development Fund (ERDF) funds TIN2017-83494-
Evaluation of Diagnosis Methods in PCA-based Multivariate Statistical Process Control
Multivariate Statistical Process Control (MSPC) based on Principal Component
Analysis (PCA) is a well-known methodology in chemometrics that is aimed at testing whether an industrial process is under Normal Operation Conditions (NOC).
As a part of the methodology, once an anomalous behaviour is detected, the root
causes need to be diagnosed to troubleshoot the problem and/or avoid it in the
future. While there have been a number of developments in diagnosis in the past
decades, no sound method for comparing existing approaches has been proposed.
In this paper, we propose such a procedure and use it to compare several diagnosis
methods using randomly simulated data and from realistic data sources. This is a
general comparative approach that takes into account factors that have not previously been considered in the literature. The results show that univariate diagnosis
is more reliable than its multivariate counterpart
Semi-supervised Multivariate Statistical Network Monitoring for Learning Security Threats
This paper presents a semi-supervised approach
for intrusion detection. The method extends the unsupervised
Multivariate Statistical Network Monitoring approach based
on Principal Component Analysis by introducing a supervised
optimization technique to learn the optimum scaling in the input
data. It inherits the advantages of the unsupervised strategy,
capable of uncovering new threats, with that of supervised
strategies, able of learning the pattern of a targeted threat. The
supervised learning is based on an extension of the gradient
descent method based on Partial Least Squares (PLS). Moreover,
we enhance this method by using sparse PLS variants. The
practical application of the system is demonstrated on a recently
published real case study, showing relevant improvements in
detection performance and in the interpretation of the attacks
SIMAGRO: Un prototipo para la detecciĂłn de anomalĂas en entornos IoT para el sector agroalimentario
El sector primario es uno de los m Ìas relevantes
en AndalucĂa. Una de las Ìareas m Ìas importantes dentro de este
sector es la agricultura, destacando la producciĂłn de aceituna,
frutas y hortalizas tropicales, ademĂĄs de los cultivos ecolĂłgicos
(estos Ășltimos suponen la mitad del total en España). Tras
los a Ìnos que se han sucedido de crisis, uno de los pilares
fundamentales para que se reactive este sector es la optimizaciĂłn
de las técnicas de cultivo, lo que implica la necesidad de una
transformaciĂłn digital profunda. Por esta razĂłn, la sensorizaciĂłn
de plantaciones agrarias y la implantación del IoT (del inglés,
Internet of Things) como mecanismo de monitorizaciĂłn de los
cultivos supone un gran avance para las entidades que lo estĂĄn
implantando.
ĂGIDA es la primera Red de Excelencia Cervera para la
privacidad y la seguridad de los datos. Uno de los objetivos de
esta Red es concienciar sobre la necesidad de llevar a cabo una
digitalizaciĂłn segura. En este sentido, existe una alta implicaciĂłn
con la securizaci Ìon activa de los entornos IoT, concretamente
en el sector agroalimentario. En este contexto, y fruto de la
colaboraciĂłn activa entre la Universidad de Granada (UGR)
y Fidesol, se ha llevado a cabo el desarrollo un prototipo
para la detecci Ìon de anomalĂas en entornos IoT para el sector
agroalimentario. Este prototipo aplica por primera vez el sensor
MSNM (MSNM-S) en un escenario IoT. El objetivo de este
artĂculo es doble: por un lado, probar el funcionamiento de
Atenea Lab y, por otro, presentar los resultados de la evaluaciĂłn
de este prototipo y resolver las siguientes cuestiones: i) ÂżEs
aplicable MSNM jerĂĄrquico a entornos IoT? y ii) ÂżCĂłmo afecta
la configuraciĂłn de MSNM-S a entornos IoT? AdemĂĄs, se
pretende identificar posibles puntos de mejora para continuar
evolucionando tanto el prototipo obtenido para IoT como el
sensor de MSNMEste trabajo estĂĄ financiado en parte por las Ayudas Cervera
para Centros TecnolĂłgicos del Centro Españool para el Desarrollo de Tecnolog Ìıa Industrial (CDTI) en el marco del proyecto EGIDA (CER-20191012) y por el Ministerio de Ciencia
e InnovaciĂłn (MICIN) MICIN/AEI/10.13039/501100011033,
bajo los proyectos PID2020-113462RB-I00 y PID2020-
114495RB-I00, asĂ como los proyectos PPJIA2022-51 y
PPJIA2022-52 de ayudas del plan propio de la UGR
High frequency of low-count monoclonal B-cell lymphocytosis in hospitalized COVID-19 patients
Low-count monoclonal B-cell lymphocytosis (MBLlo, <500 clonal B-cells/ÎŒL) is a highly prevalent condition in the general population (4% to 16% of otherwise healthy adults), which increases significantly with age.1-7 In most cases, clonal B-cells share phenotypic and cytogenetic features with chronic lymphocytic leukemia (CLL), but only a small fraction (â1.8%) progresses to high-count MBL (MBLhi; â„500 and <5000 clonal B-cells/ÎŒL)3 in the medium-term.8 However, previous reports showed that MBLlo subjects had an increased risk of severe infections in association with a (predominantly) secondary antibody deficiency,8-10 suggesting that MBLlo might be a risk marker for developing more severe infections.This work was supported by the Instituto de Salud Carlos III (Ministerio de Ciencia e InnovaciĂłn, Madrid, Spain, and FONDOS FEDER (a way to build Europe) grants CB16/12/00400 (CIBERONC), COV20/00386, and PI17/00399; the ConsejerĂa de EducaciĂłn and the Gerencia Regional de Salud, ConsejerĂa de Sanidad from Junta de Castilla y LeĂłn (Valladolid, Spain) grants SA109P20 and GRS-COVID-33/A/20; the European Regional Development Fund (INTERREG POCTEP Spain-Portugal) grant 0639-IDIAL-NET-3-3; and the CRUK (United Kingdom), FundaciĂłn AECC (Spain), and Associazione Italiana per la Ricerca Sul Cancro (Italy) âEarly Cancer Research Initiative Network on MBL (ECRINM3)â ACCELERATOR award. G.O.-A. is supported by a grant from the ConsejerĂa de EducaciĂłn, Junta de Castilla y LeĂłn (Valladolid, Spain); B.F.-H. was supported by grant 0639-IDIAL-NET-3-3.Peer reviewe
Risk Factors for COVID-19 in Inflammatory Bowel Disease: A National, ENEIDA-Based CaseâControl Study (COVID-19-EII)
(1) Scant information is available concerning the characteristics that may favour the acquisition of COVID-19 in patients with inflammatory bowel disease (IBD). Therefore, the aim of this study was to assess these differences between infected and noninfected patients with IBD. (2) This nationwide case-control study evaluated patients with inflammatory bowel disease with COVID-19 (cases) and without COVID-19 (controls) during the period March-July 2020 included in the ENEIDA of GETECCU. (3) A total of 496 cases and 964 controls from 73 Spanish centres were included. No differences were found in the basal characteristics between cases and controls. Cases had higher comorbidity Charlson scores (24% vs. 19%; p = 0.02) and occupational risk (28% vs. 10.5%; p < 0.0001) more frequently than did controls. Lockdown was the only protective measure against COVID-19 (50% vs. 70%; p < 0.0001). No differences were found in the use of systemic steroids, immunosuppressants or biologics between cases and controls. Cases were more often treated with 5-aminosalicylates (42% vs. 34%; p = 0.003). Having a moderate Charlson score (OR: 2.7; 95%CI: 1.3-5.9), occupational risk (OR: 2.9; 95%CI: 1.8-4.4) and the use of 5-aminosalicylates (OR: 1.7; 95%CI: 1.2-2.5) were factors for COVID-19. The strict lockdown was the only protective factor (OR: 0.1; 95%CI: 0.09-0.2). (4) Comorbidities and occupational exposure are the most relevant factors for COVID-19 in patients with IBD. The risk of COVID-19 seems not to be increased by immunosuppressants or biologics, with a potential effect of 5-aminosalicylates, which should be investigated further and interpreted with caution
COVID-19 symptoms at hospital admission vary with age and sex: results from the ISARIC prospective multinational observational study
Background:
The ISARIC prospective multinational observational study is the largest cohort of hospitalized patients with COVID-19. We present relationships of age, sex, and nationality to presenting symptoms.
Methods:
International, prospective observational study of 60â109 hospitalized symptomatic patients with laboratory-confirmed COVID-19 recruited from 43 countries between 30 January and 3 August 2020. Logistic regression was performed to evaluate relationships of age and sex to published COVID-19 case definitions and the most commonly reported symptoms.
Results:
âTypicalâ symptoms of fever (69%), cough (68%) and shortness of breath (66%) were the most commonly reported. 92% of patients experienced at least one of these. Prevalence of typical symptoms was greatest in 30- to 60-year-olds (respectively 80, 79, 69%; at least one 95%). They were reported less frequently in children (â€â18 years: 69, 48, 23; 85%), older adults (â„â70 years: 61, 62, 65; 90%), and women (66, 66, 64; 90%; vs. men 71, 70, 67; 93%, each Pâ<â0.001). The most common atypical presentations under 60 years of age were nausea and vomiting and abdominal pain, and over 60 years was confusion. Regression models showed significant differences in symptoms with sex, age and country.
Interpretation:
This international collaboration has allowed us to report reliable symptom data from the largest cohort of patients admitted to hospital with COVID-19. Adults over 60 and children admitted to hospital with COVID-19 are less likely to present with typical symptoms. Nausea and vomiting are common atypical presentations under 30 years. Confusion is a frequent atypical presentation of COVID-19 in adults over 60 years. Women are less likely to experience typical symptoms than men
Multivariate Statistical Network Monitoring for Network Security based on Principal Component Analysis
Currently we live in hyper-connected world, which is one of the main causes
for the fast propagation of Information Technology (IT) Security attacks. An
IT Security incident can impact both in the economy and the reputation of
the organization that suffers it. Thus, IT Security is a prior concern for any
organization. Another important issue related to IT Security threats is that
the time required for compromising a network is, on average, in the order
of minutes, while the security team may need months to detect an incident
after it takes place. This makes it necessary to enhance the mechanisms of
intrusion detection to improve the capability of prioritization and classification
of IT security alarms. With the appropriate tools, the security team can detect
the incidents timely without being overwhelmed by an excessive number of
alarms.
Network security is of utmost importance within IT Security, and it aims
to make the communications infrastructure secure from the point of view of
the IT. In general, there are three approaches for network security: prevention,
detection and response. These approaches can be combined to achieve a
comprehensive security system. A practical combination of the detection and
response dimensions is the so-called Network Security Monitoring (NSM),
which is an approach that aims to detect the incidents in a network by monitoring
the network traffic. NSM is carried out by collecting, combining
and analyzing different sources of information, in order to detect and notify
intrusions. There are two main techniques for incident detection: Signature
based, which allows to detect attacks from previously defined patterns; and
Anomaly-based, which allows to detect deviations from the normal behavior
in a network, captured in a previously trained model.
Multivariate Statistical Network Monitoring (MSNM) is an NSM methodology
that follows an anomaly-based detection scheme that extends the
Multivariate Statistical Process Control (MSPC) theory, developed in the
area of industrial process research. MSPC consists in two phases: phase I,
detection of assignable causes of variation in the calibration data that are
corrected and eliminated until the process is under Normal Operation Condition
(NOC); and phase II, monitoring of new data to detect (and diagnose)
anomalies. MSNM applies this philosophy to traffic network data, adding two
prior steps: parsing and fusion, which are needed to combine information from
different data sources in NSM. MSNM is useful to prioritize and diagnose
anomalies, which is congruent with the security teamâs workflow.
In this PhD, we start from the MSNM methodology and introduce a
number of enhancements: i) a pre-processing method to consider the cyclostationarity
of the data (e.g. the cycles existing during day and night or weeks
and weekends), ii) a methodology for the comparison of diagnosis methods,
and iii) a univariate method for diagnosis. Furthermore, the pre-processing and
diagnosis methods, as well as some of other existing extensions for MSNM
are evaluated and compared with other reference methods using a real network
data set for the first time. The application on real network data allows to assess
the MSNM extensions under realistic conditions, yielding a more accurate
perspective of their performance.
This research work shows the existing symbiosis between industrial processes
and network security, introducing enhancements that are of interest for
both topics and that open new lines of research exploring the synergy between
MSPC and MSNM.Tesis Univ. Granada