Visualizing Instant Messaging Author Writeprints for Forensic Analysis

As cybercrime continues to increase, new cyber forensics techniques are needed to combat the constant challenge of Internet anonymity. In instant messaging (IM) communications, criminals use virtual identities to hide their true identity, which hinders social accountability and facilitates cybercrime. Current instant messaging products are not addressing the anonymity and ease of impersonation over instant messaging. It is necessary to have IM cyber forensics techniques to assist in identifying cyber criminals as part of the criminal investigation. Instant messaging behavioral biometrics include online writing habits, which may be used to create an author writeprint to assist in identifying an author of a set of instant messages. The writeprint is a digital fingerprint that represents an author’s distinguishing stylometric features that occur in his/her computer-mediated communications. Writeprints can provide cybercrime investigators a unique tool for analyzing IMassisted cybercrimes. The analysis of IM author writeprints in this paper provides a foundation for using behavioral biometrics as a cyber forensics element of criminal investigations. This paper demonstrates a method to create and analyze behavioral biometrics-based instant messaging writeprints as cyber forensics input for cybercrime investigations. The research uses the Principal Component Analysis (PCA) statistical method to analyze IM conversation logs from two distinct data sets to visualize authorship identification. Keywords: writeprints, authorship attribution, authorship identification, principal component analysi

A study on the false positive rate of Stegdetect

In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive rate. In doing so, we process more than 40,000 images randomly downloaded from the Internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts, aiming to study a large number of image files during an investigation, to better understand the capabilities and the limitations of steganalysis tools like Stegdetect. The results obtained show that the rate of false positives generated by Stegdetect depends highly on the chosen sensitivity value, and it is generally quite high. This should support the forensic expert to have better interpretation in their results, and taking the false positive rates into consideration. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in detection between selected groups, close groups and different groups of images. This method can be applied to any steganalysis tool, which gives the analyst a better understanding of the detection results, especially when he has no prior information about the false positive rate of the tool

An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks

As today's organizational computer networks are ever evolving and becoming more and more complex, finding potential vulnerabilities and conducting security audits has become a crucial element in securing these networks. The first step in auditing a network is reconnaissance by mapping it to get a comprehensive overview over its structure. The growing complexity, however, makes this task increasingly effortful, even more as mapping (instead of plain scanning), presently, still involves a lot of manual work. Therefore, the concept proposed in this paper automates the scanning and mapping of unknown and non-cooperative computer networks in order to find security weaknesses or verify access controls. It further helps to conduct audits by allowing comparing documented with actual networks and finding unauthorized network devices, as well as evaluating access control methods by conducting delta scans. It uses a novel approach of augmenting data from iteratively chained existing scanning tools with context, using genuine analytics modules to allow assessing a network's topology instead of just generating a list of scanned devices. It further contains a visualization model that provides a clear, lucid topology map and a special graph for comparative analysis. The goal is to provide maximum insight with a minimum of a priori knowledge.Comment: 7 pages, 6 figure

DeepRoute: Herding Elephant and Mice Flows with Reinforcement Learning

International audienceWide area networks are built to have enough resilience and flexibility, such as offering many paths between multiple pairs of end-hosts. To prevent congestion, current practices involve numerous tweaking of routing tables to optimize path computation, such as flow diversion to alternate paths or load balancing. However, this process is slow, costly and require difficult online decision-making to learn appropriate settings, such as flow arrival rate, workload, and current network environment. Inspired by recent advances in AI to manage resources, we present DeepRoute, a model-less reinforcement learning approach that translates the path computation problem to a learning problem. Learning from the network environment, DeepRoute learns strategies to manage arriving elephant and mice flows to improve the average path utilization in the network. Comparing to other strategies such as prioritizing certain flows and random decisions, DeepRoute is shown to improve average network path utilization to 30% and potentially reduce possible congestion across the whole network. This paper presents results in simulation and also how DeepRoute can be demonstrated by a Mininet implementation

Recurred pneumocephalus in a head trauma patient following positive pressure mask ventilation during induction of anesthesia -A case report-

Pneumocephalus is a condition which usually results from head trauma. It has been known that iatrogenic pneumocephalus can occur as a complication of positive pressure mask ventilation during induction of anesthesia or ventilatory care for head trauma patients. We report a case of mask ventilation during anesthesia induction in a 50-year-old male patient with head trauma. Initial pneumocephalus associated with cerebrospinal fluid leakage was diagnosed immediate following head injury involving facial sinuses. He was managed with emergent lumbar drainage and supportive care. Pneumocephalus recurred following positive pressure mask ventilation (PPMV) during anesthesia induction for surgery on the right arm. Recurred pneumocephalus was managed with high flow oxygen and supportive care. Anesthesiologists should be aware of pneumocephalus as a potential complication of PPMV in head trauma patients, even after resolution of previous pneumocephalus

Tracking replication enzymology in vivo by genome-wide mapping of ribonucleotide incorporation

Ribonucleotides are frequently incorporated into DNA during eukaryotic replication. Here we map the genome-wide distribution of these ribonucleotides as markers of replication enzymology in budding yeast, using a new 5′-DNA end-mapping method, Hydrolytic End Sequencing. HydEn-Seq of DNA from ribonucleotide excision repair-deficient strains reveals replicase- and strand-specific patterns of ribonucleotides in the nuclear genome. These patterns support the role of DNA polymerases α and δ in lagging strand replication and of DNA polymerase ε in leading strand replication. They identify replication origins, termination zones and variations in ribonucleotide incorporation frequency across the genome that exceed three orders of magnitude. HydEn-Seq also reveals strand-specific 5′-DNA ends at mitochondrial replication origins, suggesting unidirectional replication of a circular genome. Given the conservation of enzymes that incorporate and process ribonucleotides in DNA, HydEn-Seq can be used to track replication enzymology in other organisms

Prediction of second neurological attack in patients with clinically isolated syndrome using support vector machines

The aim of this study is to predict the conversion from clinically isolated syndrome to clinically definite multiple sclerosis using support vector machines. The two groups of converters and non-converters are classified using features that were calculated from baseline data of 73 patients. The data consists of standard magnetic resonance images, binary lesion masks, and clinical and demographic information. 15 features were calculated and all combinations of them were iteratively tested for their predictive capacity using polynomial kernels and radial basis functions with leave-one-out cross-validation. The accuracy of this prediction is up to 86.4% with a sensitivity and specificity in the same range indicating that this is a feasible approach for the prediction of a second clinical attack in patients with clinically isolated syndromes, and that the chosen features are appropriate. The two features gender and location of onset lesions have been used in all feature combinations leading to a high accuracy suggesting that they are highly predictive. However, it is necessary to add supporting features to maximise the accuracy. © 2013 IEEE