Tracking Cyber Adversaries with Adaptive Indicators of Compromise

A forensics investigation after a breach often uncovers network and host indicators of compromise (IOCs) that can be deployed to sensors to allow early detection of the adversary in the future. Over time, the adversary will change tactics, techniques, and procedures (TTPs), which will also change the data generated. If the IOCs are not kept up-to-date with the adversary's new TTPs, the adversary will no longer be detected once all of the IOCs become invalid. Tracking the Known (TTK) is the problem of keeping IOCs, in this case regular expressions (regexes), up-to-date with a dynamic adversary. Our framework solves the TTK problem in an automated, cyclic fashion to bracket a previously discovered adversary. This tracking is accomplished through a data-driven approach of self-adapting a given model based on its own detection capabilities. In our initial experiments, we found that the true positive rate (TPR) of the adaptive solution degrades much less significantly over time than the naive solution, suggesting that self-updating the model allows the continued detection of positives (i.e., adversaries). The cost for this performance is in the false positive rate (FPR), which increases over time for the adaptive solution, but remains constant for the naive solution. However, the difference in overall detection performance, as measured by the area under the curve (AUC), between the two methods is negligible. This result suggests that self-updating the model over time should be done in practice to continue to detect known, evolving adversaries.Comment: This was presented at the 4th Annual Conf. on Computational Science & Computational Intelligence (CSCI'17) held Dec 14-16, 2017 in Las Vegas, Nevada, US

A Riemann solver at a junction compatible with a homogenization limit

We consider a junction regulated by a traffic lights, with n incoming roads and only one outgoing road. On each road the Phase Transition traffic model, proposed in [6], describes the evolution of car traffic. Such model is an extension of the classic Lighthill-Whitham-Richards one, obtained by assuming that different drivers may have different maximal speed. By sending to infinity the number of cycles of the traffic lights, we obtain a justification of the Riemann solver introduced in [9] and in particular of the rule for determining the maximal speed in the outgoing road.Comment: 19 page

The short meeting with children in healthcare : A literature review on nurses experiences

Inledning: Den största anledningen till att barn kommer i kontakt med sjukvården är på grund av misstänkt fraktur, vilket innebär att röntgensjuksköterskor ofta möter barn i det dagliga arbetet på röntgenavdelningen. Trots det är dessa sällan utbildade i bemötande av barn, eller inom pediatrisk bildtagning. Vuxna som inte är vana vid att hantera barn kan känna viss tveksamhet eller rädsla inför att vårda ett barn. För att kunna förbättra mötet med barn är det viktigt att veta vilka känslor sjukvårdpersonal känner i mötet, och varför. Syfte: att beskriva vilka upplevelser sjukvårdpersonal känner i mötet med barn. Metod: Studien utfördes som en litteraturöversikt med 10 artiklar som granskades med en induktiv kvalitativ innehållsanalys. De 10 artiklarna var av kvalitativ ansats och intervjuade sjukvårdspersonal som bestod av ambulanspersonal, akutsjuksköterskor, allmänsjuksköterskor och radioterapeuter. Resultat: Fyra kategorier; bemötande, hanterbarhet, tiden har betydelse och föräldrar. Dessa beskriver i vilka situationer sjukvårdspersonal upplever både negativa och positiva känslor i mötet med barn. Slutsats: att identifiera vilka känslor som uppstår är grunden för fortsatta studier för att förbättra arbetsmiljön för såväl röntgensjuksköterskor som övrig sjukvårdspersonal.

Flow-chart of study population.

<p>The Study population consisted of the members of the Northern Finland Birth Cohort 1986 (NFBC 1986) in the two northernmost provinces of Finland (n = 9479) who lived within 100 km of the city of Oulu in 2003 (n = 2969). Those who participated in the physical examination at 19 years of age were invited to lumbar magnetic resonance imaging (MRI), which was performed between November 2005 and February 2008 at a mean participant age of 21 years. LBP = low back pain.</p

Prevalence of Modic type II changes from L1-2 to L5-S1 among train engineers and factory workers

<p><b>Copyright information:</b></p><p>Taken from "Are the determinants of vertebral endplate changes and severe disc degeneration in the lumbar spine the same? A magnetic resonance imaging study in middle-aged male workers"</p><p>http://www.biomedcentral.com/1471-2474/9/51</p><p>BMC Musculoskeletal Disorders 2008;9():51-51.</p><p>Published online 16 Apr 2008</p><p>PMCID:PMC2373785.</p><p></p

Discography studies–pooled results.

<p>Discography studies–pooled results.</p

Risk of bias assessment.

<p>Risk of bias assessment.</p

Prevalence of Modic type I changes in discs from L1-2 to L5-S1 among train engineers and factory workers

<p><b>Copyright information:</b></p><p>Taken from "Are the determinants of vertebral endplate changes and severe disc degeneration in the lumbar spine the same? A magnetic resonance imaging study in middle-aged male workers"</p><p>http://www.biomedcentral.com/1471-2474/9/51</p><p>BMC Musculoskeletal Disorders 2008;9():51-51.</p><p>Published online 16 Apr 2008</p><p>PMCID:PMC2373785.</p><p></p

Means (95% confidence intervals) of adiposity measures, classified by disc degeneration sum score.

a<p>From one-way ANOVA.</p

Midsagittal image of lumbar spine showing level of measurement: abdominal diameter (AD), sagittal diameter (SAD), ventral subcutaneous thickness (VST), and dorsal subcutaneous thickness (DST).

<p>AA, SAD, and VST are not at the same level in the image as that measured in the study, due to technical reasons.</p