73 research outputs found
ESASCF: Expertise Extraction, Generalization and Reply Framework for an Optimized Automation of Network Security Compliance
The Cyber threats exposure has created worldwide pressure on organizations to
comply with cyber security standards and policies for protecting their digital
assets. Vulnerability assessment (VA) and Penetration Testing (PT) are widely
adopted Security Compliance (SC) methods to identify security gaps and
anticipate security breaches. In the computer networks context and despite the
use of autonomous tools and systems, security compliance remains highly
repetitive and resources consuming. In this paper, we proposed a novel method
to tackle the ever-growing problem of efficiency and effectiveness in network
infrastructures security auditing by formally introducing, designing, and
developing an Expert-System Automated Security Compliance Framework (ESASCF)
that enables industrial and open-source VA and PT tools and systems to extract,
process, store and re-use the expertise in a human-expert way to allow direct
application in similar scenarios or during the periodic re-testing. The
implemented model was then integrated within the ESASCF and tested on different
size networks and proved efficient in terms of time-efficiency and testing
effectiveness allowing ESASCF to take over autonomously the SC in Re-testing
and offloading Expert by automating repeated segments SC and thus enabling
Experts to prioritize important tasks in Ad-Hoc compliance tests. The obtained
results validate the performance enhancement notably by cutting the time
required for an expert to 50% in the context of typical corporate networks
first SC and 20% in re-testing, representing a significant cost-cutting. In
addition, the framework allows a long-term impact illustrated in the knowledge
extraction, generalization, and re-utilization, which enables better SC
confidence independent of the human expert skills, coverage, and wrong
decisions resulting in impactful false negatives
A Comprehensive Analysis of the Role of Artificial Intelligence and Machine Learning in Modern Digital Forensics and Incident Response
In the dynamic landscape of digital forensics, the integration of Artificial
Intelligence (AI) and Machine Learning (ML) stands as a transformative
technology, poised to amplify the efficiency and precision of digital forensics
investigations. However, the use of ML and AI in digital forensics is still in
its nascent stages. As a result, this paper gives a thorough and in-depth
analysis that goes beyond a simple survey and review. The goal is to look
closely at how AI and ML techniques are used in digital forensics and incident
response. This research explores cutting-edge research initiatives that cross
domains such as data collection and recovery, the intricate reconstruction of
cybercrime timelines, robust big data analysis, pattern recognition,
safeguarding the chain of custody, and orchestrating responsive strategies to
hacking incidents. This endeavour digs far beneath the surface to unearth the
intricate ways AI-driven methodologies are shaping these crucial facets of
digital forensics practice. While the promise of AI in digital forensics is
evident, the challenges arising from increasing database sizes and evolving
criminal tactics necessitate ongoing collaborative research and refinement
within the digital forensics profession. This study examines the contributions,
limitations, and gaps in the existing research, shedding light on the potential
and limitations of AI and ML techniques. By exploring these different research
areas, we highlight the critical need for strategic planning, continual
research, and development to unlock AI's full potential in digital forensics
and incident response. Ultimately, this paper underscores the significance of
AI and ML integration in digital forensics, offering insights into their
benefits, drawbacks, and broader implications for tackling modern cyber
threats
The Automation of the Extraction of Evidence masked by Steganographic Techniques in WAV and MP3 Audio Files
Antiforensics techniques and particularly steganography and cryptography have
become increasingly pressing issues that affect the current digital forensics
practice, both techniques are widely researched and developed as considered in
the heart of the modern digital era but remain double edged swords standing
between the privacy conscious and the criminally malicious, dependent on the
severity of the methods deployed. This paper advances the automation of hidden
evidence extraction in the context of audio files enabling the correlation
between unprocessed evidence artefacts and extreme Steganographic and
Cryptographic techniques using the Least Significant Bits extraction method
(LSB). The research generates an in-depth review of current digital forensic
toolkit and systems and formally address their capabilities in handling
steganography-related cases, we opted for experimental research methodology in
the form of quantitative analysis of the efficiency of detecting and extraction
of hidden artefacts in WAV and MP3 audio files by comparing standard industry
software. This work establishes an environment for the practical implementation
and testing of the proposed approach and the new toolkit for extracting
evidence hidden by Cryptographic and Steganographic techniques during forensics
investigations. The proposed multi-approach automation demonstrated a huge
positive impact in terms of efficiency and accuracy and notably on large audio
files (MP3 and WAV) which the forensics analysis is time-consuming and requires
significant computational resources and memory. However, the proposed
automation may occasionally produce false positives (detecting steganography
where none exists) or false negatives (failing to detect steganography that is
present) but overall achieve a balance between detecting hidden data accurately
along with minimising the false alarms.Comment: Wires Forensics Sciences Under Revie
Reinforcement Learning for Intelligent Penetration Testing
Penetration testing (PT) is an active method for assessing and evaluating the security of digital assets by planning, generating and executing all possible attacks that can exploit existing vulnerabilities. Current PT practice is becoming repetitive, complex and resource consuming despite the use of automated tools. The goal of this paper is to design an intelligent PT approach using reinforcement learning (RL) that will allow regular and systematic testing, saving human resources. The system is modelled as a partially observed Markov decision process (POMDP), and tested using an external POMDP-solver with different algorithms. Although this paper is limited to only the planning phase and not the entire PT process, the results support the hypothesis that reinforcement learning can enhance PT beyond the capabilities of any human expert in terms of accurate and reliable outputs
Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks
Penetration testing (PT) is a method for assessing and evaluating the security of digital
assets by planning, generating, and executing possible attacks that aim to discover and
exploit vulnerabilities. In large networks, penetration testing becomes repetitive, complex
and resource consuming despite the use of automated tools. This paper investigates reinforcement learning (RL) to make penetration testing more intelligent, targeted, and efficient. The proposed approach called Intelligent Automated Penetration Testing Framework
(IAPTF) utilizes model-based RL to automate sequential decision making. Penetration
testing tasks are treated as a partially observed Markov decision process (POMDP) which
is solved with an external POMDP-solver using different algorithms to identify the most
efficient options. A major difficulty encountered was solving large POMDPs resulting from
large networks. This was overcome by representing networks hierarchically as a group of
clusters and treating each cluster separately. This approach is tested through simulations
of networks of various sizes. The results show that IAPTF with hierarchical network modeling outperforms previous approaches as well as human performance in terms of time,
number of tested vectors and accuracy, and the advantage increases with the network size.
Another advantage of IAPTF is the ease of repetition for retesting similar networks, which
is often encountered in real PT. The results suggest that IAPTF is a promising approach to
offload work from and ultimately replace human pen testing
Effects of Alpha Interferon Treatment on Intrinsic Anti-HIV-1 Immunity In Vivo
Alpha interferon (IFN-α) suppresses human immunodeficiency virus type 1 (HIV-1) replication in vitro by inducing cell-intrinsic retroviral restriction mechanisms. We investigated the effects of IFN-α/ribavirin (IFN-α/riba) treatment on 34 anti-HIV-1 restriction factors in vivo. Expression of several anti-HIV-1 restriction factors was significantly induced by IFN-α/riba in HIV/hepatitis C virus (HCV)-coinfected individuals. Fold induction of cumulative restriction factor expression in CD4+ T cells was significantly correlated with viral load reduction during IFN-α/riba treatment (r2 = 0.649; P < 0.016). Exogenous IFN-α induces supraphysiologic restriction factor expression associated with a pronounced decrease in HIV-1 viremia
Assessment of human cytomegalovirus co-infection in Egyptian chronic HCV patients
Human cytomegalovirus (HCMV) is the most common cause of severe morbidity and mortality in immune- compromised individuals. This study was conducted to determine the incidence of HCMV infection in HCV patients who either spontaneously cleared the virus or progressed to chronic HCV infection. The study included a total of eighty four cases (48 females and 36 males) that were referred to blood banks for blood donation with an age range of 18-64 years (mean age 37.62 ± 10.03 years). Hepatitis C virus RNA and HCMV DNA were detected in sera by RT-nested PCR and nested PCR respectively in all subjects. Immunoglobulin G levels for HCV and HCMV were determined. Besides, IgM antibodies for HCMV infection were also determined in subjects' sera. Fifty three out of 84 cases (63%) were positive for HCV-RNA while 31 (37%) cases had negative HCV RNA. Forty six (87%) and 13 (25%) cases out of 53 HCV RNA positive patients were positive for HCMV IgG and IgM antibodies respectively. While 20 of 53 cases (38%) had detectable HCMV DNA. To examine the role of HCMV infection in HCV spontaneous resolution, two groups of HCV patients, group 1) chronic HCV infection (positive HCV RNA and positive IgG antibodies) vs group 2) spontaneous resolution (negative HCV RNA and positive IgG antibodies) were compared. The percentages of positive CMV IgG and IgM results is higher in chronic HCV patient than those in spontaneously cleared HCV patients and the difference is highly statistically significant (P value < 0.001). Also, there is a general trend towards elevated levels of CMV IgG antibodies in HCV chronic patients than those in spontaneously cleared HCV patients (P value < 0.02). HCMV DNA detection in group 1 was more than twice the value observed in group 2 (38% vs 14.3%, P value < 0.001). Moreover, levels of liver enzymes were significantly higher in HCV RNA positive cases co-infected with HCMV DNA than HCMV negative cases (P value < 0.001). The results indicate the role of HCMV in the liver pathogenesis. We conclude that chronic HCV patients co-infected with HCMV infection can be regarded as high risk groups for liver disease progression where they should be monitored for the long term outcome of the disease
Antimicrobial resistance among migrants in Europe: a systematic review and meta-analysis
BACKGROUND: Rates of antimicrobial resistance (AMR) are rising globally and there is concern that increased migration is contributing to the burden of antibiotic resistance in Europe. However, the effect of migration on the burden of AMR in Europe has not yet been comprehensively examined. Therefore, we did a systematic review and meta-analysis to identify and synthesise data for AMR carriage or infection in migrants to Europe to examine differences in patterns of AMR across migrant groups and in different settings. METHODS: For this systematic review and meta-analysis, we searched MEDLINE, Embase, PubMed, and Scopus with no language restrictions from Jan 1, 2000, to Jan 18, 2017, for primary data from observational studies reporting antibacterial resistance in common bacterial pathogens among migrants to 21 European Union-15 and European Economic Area countries. To be eligible for inclusion, studies had to report data on carriage or infection with laboratory-confirmed antibiotic-resistant organisms in migrant populations. We extracted data from eligible studies and assessed quality using piloted, standardised forms. We did not examine drug resistance in tuberculosis and excluded articles solely reporting on this parameter. We also excluded articles in which migrant status was determined by ethnicity, country of birth of participants' parents, or was not defined, and articles in which data were not disaggregated by migrant status. Outcomes were carriage of or infection with antibiotic-resistant organisms. We used random-effects models to calculate the pooled prevalence of each outcome. The study protocol is registered with PROSPERO, number CRD42016043681. FINDINGS: We identified 2274 articles, of which 23 observational studies reporting on antibiotic resistance in 2319 migrants were included. The pooled prevalence of any AMR carriage or AMR infection in migrants was 25·4% (95% CI 19·1-31·8; I2 =98%), including meticillin-resistant Staphylococcus aureus (7·8%, 4·8-10·7; I2 =92%) and antibiotic-resistant Gram-negative bacteria (27·2%, 17·6-36·8; I2 =94%). The pooled prevalence of any AMR carriage or infection was higher in refugees and asylum seekers (33·0%, 18·3-47·6; I2 =98%) than in other migrant groups (6·6%, 1·8-11·3; I2 =92%). The pooled prevalence of antibiotic-resistant organisms was slightly higher in high-migrant community settings (33·1%, 11·1-55·1; I2 =96%) than in migrants in hospitals (24·3%, 16·1-32·6; I2 =98%). We did not find evidence of high rates of transmission of AMR from migrant to host populations. INTERPRETATION: Migrants are exposed to conditions favouring the emergence of drug resistance during transit and in host countries in Europe. Increased antibiotic resistance among refugees and asylum seekers and in high-migrant community settings (such as refugee camps and detention facilities) highlights the need for improved living conditions, access to health care, and initiatives to facilitate detection of and appropriate high-quality treatment for antibiotic-resistant infections during transit and in host countries. Protocols for the prevention and control of infection and for antibiotic surveillance need to be integrated in all aspects of health care, which should be accessible for all migrant groups, and should target determinants of AMR before, during, and after migration. FUNDING: UK National Institute for Health Research Imperial Biomedical Research Centre, Imperial College Healthcare Charity, the Wellcome Trust, and UK National Institute for Health Research Health Protection Research Unit in Healthcare-associated Infections and Antimictobial Resistance at Imperial College London
Surgical site infection after gastrointestinal surgery in high-income, middle-income, and low-income countries: a prospective, international, multicentre cohort study
Background: Surgical site infection (SSI) is one of the most common infections associated with health care, but its importance as a global health priority is not fully understood. We quantified the burden of SSI after gastrointestinal surgery in countries in all parts of the world.
Methods: This international, prospective, multicentre cohort study included consecutive patients undergoing elective or emergency gastrointestinal resection within 2-week time periods at any health-care facility in any country. Countries with participating centres were stratified into high-income, middle-income, and low-income groups according to the UN's Human Development Index (HDI). Data variables from the GlobalSurg 1 study and other studies that have been found to affect the likelihood of SSI were entered into risk adjustment models. The primary outcome measure was the 30-day SSI incidence (defined by US Centers for Disease Control and Prevention criteria for superficial and deep incisional SSI). Relationships with explanatory variables were examined using Bayesian multilevel logistic regression models. This trial is registered with ClinicalTrials.gov, number NCT02662231.
Findings: Between Jan 4, 2016, and July 31, 2016, 13 265 records were submitted for analysis. 12 539 patients from 343 hospitals in 66 countries were included. 7339 (58·5%) patient were from high-HDI countries (193 hospitals in 30 countries), 3918 (31·2%) patients were from middle-HDI countries (82 hospitals in 18 countries), and 1282 (10·2%) patients were from low-HDI countries (68 hospitals in 18 countries). In total, 1538 (12·3%) patients had SSI within 30 days of surgery. The incidence of SSI varied between countries with high (691 [9·4%] of 7339 patients), middle (549 [14·0%] of 3918 patients), and low (298 [23·2%] of 1282) HDI (p < 0·001). The highest SSI incidence in each HDI group was after dirty surgery (102 [17·8%] of 574 patients in high-HDI countries; 74 [31·4%] of 236 patients in middle-HDI countries; 72 [39·8%] of 181 patients in low-HDI countries). Following risk factor adjustment, patients in low-HDI countries were at greatest risk of SSI (adjusted odds ratio 1·60, 95% credible interval 1·05–2·37; p=0·030). 132 (21·6%) of 610 patients with an SSI and a microbiology culture result had an infection that was resistant to the prophylactic antibiotic used. Resistant infections were detected in 49 (16·6%) of 295 patients in high-HDI countries, in 37 (19·8%) of 187 patients in middle-HDI countries, and in 46 (35·9%) of 128 patients in low-HDI countries (p < 0·001).
Interpretation: Countries with a low HDI carry a disproportionately greater burden of SSI than countries with a middle or high HDI and might have higher rates of antibiotic resistance. In view of WHO recommendations on SSI prevention that highlight the absence of high-quality interventional research, urgent, pragmatic, randomised trials based in LMICs are needed to assess measures aiming to reduce this preventable complication
Global economic burden of unmet surgical need for appendicitis
Background: There is a substantial gap in provision of adequate surgical care in many low-and middle-income countries. This study aimed to identify the economic burden of unmet surgical need for the common condition of appendicitis. Methods: Data on the incidence of appendicitis from 170 countries and two different approaches were used to estimate numbers of patients who do not receive surgery: as a fixed proportion of the total unmet surgical need per country (approach 1); and based on country income status (approach 2). Indirect costs with current levels of access and local quality, and those if quality were at the standards of high-income countries, were estimated. A human capital approach was applied, focusing on the economic burden resulting from premature death and absenteeism. Results: Excess mortality was 4185 per 100 000 cases of appendicitis using approach 1 and 3448 per 100 000 using approach 2. The economic burden of continuing current levels of access and local quality was US 73 141 million using approach 2. The economic burden of not providing surgical care to the standards of high-income countries was 75 666 million using approach 2. The largest share of these costs resulted from premature death (97.7 per cent) and lack of access (97.0 per cent) in contrast to lack of quality. Conclusion: For a comparatively non-complex emergency condition such as appendicitis, increasing access to care should be prioritized. Although improving quality of care should not be neglected, increasing provision of care at current standards could reduce societal costs substantially
- …