SSHCure: a flow-based SSH intrusion detection system

SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data

Protocol-independent Detection of Dictionary Attacks

Data throughput of current high-speed networks makes it prohibitively expensive to detect attacks using conventional means of deep packet inspection. The network behavior analysis seemed to be a solution, but it lacks in several aspects. The academic research focuses on sophisticated and advanced detection schemes that are, however, often problematic to deploy into the production. In this paper we try different approach and take inspiration from industry practice of using relatively simple but effective solutions. We introduce a model of malicious traffic based on practical experience that can be used to create simple and effective detection methods. This model was used to develop a successful proof-of-concept method for protocol-independent detection of dictionary attacks that is validated with empirical data in this paper

Expression patterns of semaphorin7A and plexinC1 during rat neural development suggest roles in axon guidance and neuronal migration

Contains fulltext : 84465.pdf (publisher's version ) (Open Access

Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches

The rapid development of network technologies entails an increase in traffic volume and attack count. The associated increase in computational complexity for methods of deep packet inspection has driven the development of behavioral detection methods. These methods distinguish attackers from valid users by measuring how closely their behavior resembles known anomalous behavior. In real-life deployment, an attacker is flagged only on very close resemblance to avoid false positives. However, many attacks can then go undetected. We believe that this problem can be solved by using more detection methods and then correlating their results. These methods can be set to higher sensitivity, and false positives are then reduced by accepting only attacks reported from more sources. To this end we propose a novel sketch-based method that can detect attackers using a correlation of particular anomaly detections. This is in contrast with the current use of sketch-based methods that focuses on the detection of heavy hitters and heavy changes. We illustrate the potential of our method by detecting attacks on RDP and SSH authentication by correlating four methods detecting the following anomalies: source network scan, destination network scan, abnormal connection count, and low traffic variance. We evaluate our method in terms of detection capabilities compared to other deployed detection methods, hardware requirements, and the attacker’s ability to evade detection

Detection of Bacterial Colonization in Lung Transplant Recipients Using an Electronic Nose

Bacterial colonization (BC) of the lower airways is common in lung transplant recipients (LTRs) and increases the risk of chronic lung allograft dysfunction. Diagnosis often requires bronchoscopy. Exhaled breath analysis using electronic nose (eNose) technology may noninvasively detect BC in LTRs. Therefore, we aimed to assess the diagnostic accuracy of an eNose to detect BC in LTRs. Methods. We performed a cross-sectional analysis within a prospective, single-center cohort study assessing the diagnostic accuracy of detecting BC using eNose technology in LTRs. In the outpatient clinic, consecutive LTR eNose measurements were collected. We assessed and classified the eNose measurements for the presence of BC. Using supervised machine learning, the diagnostic accuracy of eNose for BC was assessed in a random training and validation set. Model performance was evaluated using receiver operating characteristic analysis. Results. In total, 161 LTRs were included with 80 exclusions because of various reasons. Of the remaining 81 patients, 16 (20%) were classified as BC and 65 (80%) as non-BC. eNose-based classification of patients with and without BC provided an area under the curve of 0.82 in the training set and 0.97 in the validation set. Conclusions. Exhaled breath analysis using eNose technology has the potential to noninvasively detect BC.</p

A Survey of Methods for Encrypted Traffic Classification and Analysis

With the widespread use of encrypted data transport network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away a lot of information for encrypted traffic classification and analysis. Then, we survey payload and feature-based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature-based classification methods and present their weaknesses and strengths.Šifrování síťového provozu se v dnešní době stalo standardem. To přináší vysoké nároky na monitorování síťového provozu, zejména pak na analýzu provozu a detekci anomálií, které jsou závislé na znalosti typu síťového provozu. V tomto článku přinášíme přehled existujících způsobů klasifikace a analýzy šifrovaného provozu. Nejprve popisujeme nejrozšířenější šifrovací protokoly, a ukazujeme, jakým způsobem lze získat informace pro analýzu a klasifikaci šifrovaného provozu. Následně se zabýváme klasifikačními metodami založenými na obsahu paketů a vlastnostech síťového provozu. Tyto metody klasifikujeme pomocí zavedené taxonomie. Výhodou některých popsaných klasifikačních metod je schopnost rozeznat nejen šifrovací protokol, ale také šifrovaný aplikační protokol. Na závěr porovnáváme silné a slabé stránky všech popsaných klasifikačních metod

Developments in lung transplantation over the past decade

With an improved median survival of 6.2 years, lung transplantation has become an increasingly acceptable treatment option for end-stage lung disease. Besides survival benefit, improvement of quality of life is achieved in the vast majority of patients. Many developments have taken place in the field of lung transplantation over the past decade. Broadened indication criteria and bridging techniques for patients awaiting lung transplantation have led to increased waiting lists and changes in allocation schemes worldwide. Moreover, the use of previously unacceptable donor lungs for lung transplantation has increased, with donations from donors after cardiac death, donors with increasing age and donors with positive smoking status extending the donor pool substantially. Use of ex vivo lung perfusion further increased the number of lungs suitable for lung transplantation. Nonetheless, the use of these previously unacceptable lungs did not have detrimental effects on survival and long-term graft outcomes, and has decreased waiting list mortality. To further improve long-term outcomes, strategies have been proposed to modify chronic lung allograft dysfunction progression and minimise toxic immunosuppressive effects. This review summarises the developments in clinical lung transplantation over the past decade

Stage-specific functions of Semaphorin7A during adult hippocampal neurogenesis rely on distinct receptors

The guidance protein Semaphorin7A (Sema7A) is required for the proper development of the immune and nervous systems. Despite strong expression in the mature brain, the role of Sema7A in the adult remains poorly defined. Here we show that Sema7A utilizes different cell surface receptors to control the proliferation and differentiation of neural progenitors in the adult hippocampal dentate gyrus (DG), one of the select regions of the mature brain where neurogenesis occurs. PlexinC1 is selectively expressed in early neural progenitors in the adult mouse DG and mediates the inhibitory effects of Sema7A on progenitor proliferation. Subsequently, during differentiation of adult-born DG granule cells, Sema7A promotes dendrite growth, complexity and spine development through β1-subunit-containing integrin receptors. Our data identify Sema7A as a key regulator of adult hippocampal neurogenesis, providing an example of how differential receptor usage spatiotemporally controls and diversifies the effects of guidance cues in the adult brain