Advanced Threat Intelligence: Interpretation of Anomalous Behavior in Ubiquitous Kernel Processes

Targeted attacks on digital infrastructures are a rising threat against the confidentiality, integrity, and availability of both IT systems and sensitive data. With the emergence of advanced persistent threats (APTs), identifying and understanding such attacks has become an increasingly difficult task. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. This thesis presents a multi-stage system able to detect and classify anomalous behavior within a user session by observing and analyzing ubiquitous kernel processes. Application candidates suitable for monitoring are initially selected through an adapted sentiment mining process using a score based on the log likelihood ratio (LLR). For transparent anomaly detection within a corpus of associated events, the author utilizes star structures, a bipartite representation designed to approximate the edit distance between graphs. Templates describing nominal behavior are generated automatically and are used for the computation of both an anomaly score and a report containing all deviating events. The extracted anomalies are classified using the Random Forest (RF) and Support Vector Machine (SVM) algorithms. Ultimately, the newly labeled patterns are mapped to a dedicated APT attacker–defender model that considers objectives, actions, actors, as well as assets, thereby bridging the gap between attack indicators and detailed threat semantics. This enables both risk assessment and decision support for mitigating targeted attacks. Results show that the prototype system is capable of identifying 99.8% of all star structure anomalies as benign or malicious. In multi-class scenarios that seek to associate each anomaly with a distinct attack pattern belonging to a particular APT stage we achieve a solid accuracy of 95.7%. Furthermore, we demonstrate that 88.3% of observed attacks could be identified by analyzing and classifying a single ubiquitous Windows process for a mere 10 seconds, thereby eliminating the necessity to monitor each and every (unknown) application running on a system. With its semantic take on threat detection and classification, the proposed system offers a formal as well as technical solution to an information security challenge of great significance.The financial support by the Christian Doppler Research Association, the Austrian Federal Ministry for Digital and Economic Affairs, and the National Foundation for Research, Technology and Development is gratefully acknowledged

AIDIS: Detecting and Classifying Anomalous Behavior in UbiquitousKernel Processes

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Targeted attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. With the rising prominence of advanced persistent threats (APTs), identifying and under-standing such attacks has become increasingly important. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst.In this article we propose AIDIS, an Advanced Intrusion Detection and Interpretation System capable to explain anomalous behavior within a network-enabled user session by considering kernel event anomalies identified through their deviation from a set of baseline process graphs. For this purpose we adapt star-structures, a bipartite representation used to approximate the edit distance be-tween two graphs. Baseline templates are generated automatically and adapt to the nature of the respective operating system process.We prototypically implemented smart anomaly classification through a set of competency questions applied to graph template deviations and evaluated the approach using both Random Forest and linear kernel support vector machines.The determined attack classes are ultimately mapped to a dedicated APT at-tacker/defender meta model that considers actions, actors, as well as assets and mitigating controls, thereby enabling decision support and contextual interpretation of ongoing attack

A heteroscedastic, rank-based approach for analyzing 2 x 2 independent groups designs

The ANOVA F is a widely used statistic in psychological research despite its shortcomings when the assumptions of normality and variance heterogeneity are violated. A Monte Carlo investigation compared Type I error and power rates of the ANOVA F, Alexander-Govern with trimmed means and Johnson transformation, Welch-James with trimmed means and Johnson Transformation, Welch with trimmed means, and Welch on ranked data using Johansen’s interaction procedure. Results suggest that the ANOVA F is not appropriate when assumptions of normality and variance homogeneity are violated, and that the Welch/Johansen on ranks offers the best balance of empirical Type I error control and statistical power under these conditions.Social Sciences and Humanities Research Council (SSHRC

Self-Efficacy Training To Improve Hardiness of Firefigthers in “Dinas Kebakaran dan Penanggulangan Bencana Kota Bandung”

The purpose of this research is to understand the increasing of hardiness in Firefighter of Dinas Kebakaran dan Penanggulangan Bencana Kota Bandung after given self-efficacy training. The theory used were self-efficacy theory from Bandura (2002) and hardiness from Maddi & Khosaba (2005). The research has 18 subjects as a sample taken by purposive sampling methods. The methods use was Quasi-experimental. Data was analyzed using Wilcoxon signed rank test statistic methods to make comparison between pre-test and post-test. As a result of this research: degree of hardiness in Firefighter of Dinas Kebakaran dan Penanggulangan Bencana Kota Bandung was increase after participate in self-efficacy training. Conclude that self-efficacy training could help to increase hardiness in Firefighter of Dinas Kebakaran dan Penanggulangan Bencana Kota Bandung

Influence of social media exposure on knowledge and behaviour of COVID-19 preventive measure:a cross sectional study

A lot of misinformation about COVID-19 on social media possibly hinder the practice of healthy behaviors that are essential to protect individuals. This situation is exacerbated by the lack of health literacy in Indonesia. This study aimed to determine the influence of social media information exposure on the knowledge and behavior of Indonesians in compliance with COVID-19 protocols. An online survey of 909 people was conducted from July 2nd to August 10th, 2020. The data collected were knowledge and behavior of preventing COVID-19, while independent variables were socio-demographic characteristics and exposure to social media information. Inclusion criteria were defined as follows: minimum age of 18 years and domiciled in the country during the data collection period. The analysis used for the data collected were univariate and multivariate. The result showed that gender, age, marital status, and social media presence significantly affect a person's knowledge about COVID-19 with a p-value of 0.05. Enforcement behavior of health and healthy living protocols is significantly influenced by the respondent’s gender, marital status, education level, the island of residence, and exposure to online information. The frequency of exposure to information affects people's knowledge and behavior to implement health protocols and healthy living in the COVID-19 era, and it is further influenced by socio-demographic characteristics

RUNX2 Phosphorylation by Tyrosine Kinase ABL Promotes Breast Cancer Invasion

Activity of transcription factors is normally regulated through interaction with other transcription factors, chromatin remodeling proteins and transcriptional co-activators. In distinction to these well-established transcriptional controls of gene expression, we have uncovered a unique activation model of transcription factors between tyrosine kinase ABL and RUNX2, an osteoblastic master transcription factor, for cancer invasion. We show that ABL directly binds to, phosphorylates, and activates RUNX2 through its SH2 domain in a kinase activity-dependent manner and that the complex formation of these proteins is required for expression of its target gene MMP13. Additionally, we show that the RUNX2 transcriptional activity is dependent on the number of its tyrosine residues that are phosphorylated by ABL. In addition to regulation of RUNX2 activity, we show that ABL transcriptionally enhances RUNX2 expression through activation of the bone morphogenetic protein (BMP)-SMAD pathway. Lastly, we show that ABL expression in highly metastatic breast cancer MDA-MB231 cells is associated with their invasive capacity and that ABL-mediated invasion is abolished by depletion of endogenous RUNX2 or MMP13. Our genetic and biochemical evidence obtained in this study contributes to a mechanistic insight linking ABL-mediated phosphorylation and activation of RUNX2 to induction of MMP13, which underlies a fundamental invasive capacity in cancer and is different from the previously described model of transcriptional activation

Video-assisted thoracic surgery (VATS) for resection of metastatic adenocarcinoma as an acceptable alternative

Adenocarcinomas commonly metastasize to the lungs and can be resected using open thoracotomy or video-assisted thoracic surgery (VATS). This study reviews metastatic resections in primary adenocarcinoma patients, using both thoracotomy and VATS. We aim to compare long-term prognoses to test the efficacy and viability of VATS. A retrospective review of primary adenocarcinoma patients who underwent resection of pulmonary metastases from 1990 to 2006 was carried out. Information was obtained by chart review. Endpoints analyzed were disease-free interval (DFI), survival time, and recurrence-free survival (RFS). In a total of 42 (16 male, 26 female; median age 58.5 years) primary adenocarcinoma patients, 21 patients underwent first pulmonary metastatic resection using VATS (7 male, 14 female; median age 57 years) and 21 using thoracotomy (9 male, 12 female; median age 59 years). Primary adenocarcinomas were mainly 27 colorectal (64%) and 11 breast (26%). Two VATS (10%) and three open patients (14%) had local recurrences of the original cancer. Median postoperative follow was 13.3 months [interquartile range (IQR) 4.5–32.8 months] for VATS and 36.9 months (IQR 19.3–48.6 months) after thoracotomy. Median DFI–1 was 22.3 months (IQR 13.5–40.6 months) for VATS patients and 35.6 months (IQR 26.7–61.3 months) for open patients. Second thoracic occurrences were noted in six VATS patients (median DFI–2 9.2 months), and in seven open patients (median DFI-2 21.5 months). Third thoracic occurrences were noted in one VATS patient (DFI-3 18.7 months) and in one thoracotomy patient (DFI-3 21.8 months). Odds ratio of recurrence showed 12.5% less chance of developing recurrence in VATS patients. Five-year RFS was 53% in VATS and 57% in thoracotomy patients. VATS has become a viable alternative to open thoracotomy for resection of pulmonary metastases. In cases of primary adenocarcinoma, VATS showed no increase in number of thoracic recurrences, and comparable RFS. Short-term follow-up is encouraging; long-term follow-up will be needed to confirm these results

Ruxolitinib for Glucocorticoid-Refractory Acute Graft-versus-Host Disease

BACKGROUND: Acute graft-versus-host disease (GVHD) remains a major limitation of allogeneic stem-cell transplantation; not all patients have a response to standard glucocorticoid treatment. In a phase 2 trial, ruxolitinib, a selective Janus kinase (JAK1 and JAK2) inhibitor, showed potential efficacy in patients with glucocorticoid-refractory acute GVHD. METHODS: We conducted a multicenter, randomized, open-label, phase 3 trial comparing the efficacy and safety of oral ruxolitinib (10 mg twice daily) with the investigator's choice of therapy from a list of nine commonly used options (control) in patients 12 years of age or older who had glucocorticoid-refractory acute GVHD after allogeneic stem-cell transplantation. The primary end point was overall response (complete response or partial response) at day 28. The key secondary end point was durable overall response at day 56. RESULTS: A total of 309 patients underwent randomization; 154 patients were assigned to the ruxolitinib group and 155 to the control group. Overall response at day 28 was higher in the ruxolitinib group than in the control group (62% [96 patients] vs. 39% [61]; odds ratio, 2.64; 95% confidence interval [CI], 1.65 to 4.22; P<0.001). Durable overall response at day 56 was higher in the ruxolitinib group than in the control group (40% [61 patients] vs. 22% [34]; odds ratio, 2.38; 95% CI, 1.43 to 3.94; P<0.001). The estimated cumulative incidence of loss of response at 6 months was 10% in the ruxolitinib group and 39% in the control group. The median failure-free survival was considerably longer with ruxolitinib than with control (5.0 months vs. 1.0 month; hazard ratio for relapse or progression of hematologic disease, non-relapse-related death, or addition of new systemic therapy for acute GVHD, 0.46; 95% CI, 0.35 to 0.60). The median overall survival was 11.1 months in the ruxolitinib group and 6.5 months in the control group (hazard ratio for death, 0.83; 95% CI, 0.60 to 1.15). The most common adverse events up to day 28 were thrombocytopenia (in 50 of 152 patients [33%] in the ruxolitinib group and 27 of 150 [18%] in the control group), anemia (in 46 [30%] and 42 [28%], respectively), and cytomegalovirus infection (in 39 [26%] and 31 [21%]). CONCLUSIONS: Ruxolitinib therapy led to significant improvements in efficacy outcomes, with a higher incidence of thrombocytopenia, the most frequent toxic effect, than that observed with control therapy