CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators' consequent mistrust of systems' abilities to issue appropriate responses. The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions. The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations. The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain

The importance of uncoupling troponin I phosphorylation from Ca2+ sensitivity in the pathogenesis of cardiomyopathy

Heart muscle contraction is regulated via the β adrenergic response that results to phosphorylation of Protein Kinase A (PKA), which in turn decreases the Ca2+ sensitivity of the cardiac myofilament, which is very important for the heart muscle to relax. Mutations in the thin filament that cause Dilated Cardiomyopathy (DCM) and some that cause Hypertrophic Cardiomyopathy (HCM) abolish this relationship, so that the Ca2+ sensitivity becomes independent of Troponin I (TnI) phosphorylation (uncoupling). The aim of the thesis is to unravel the molecular mechanism of the uncoupling phenomenon. It is known that there is a specific interaction between the phosphorylatable TnI N terminal peptide and the Ca2+ binding site on TnC, that is weakened by phosphorylation and we hypothesize that it is disrupted in case of a DCM or HCM mutation, giving rise to the uncoupling phenomenon. Ca2+ sensitisers and desensitisers change the Ca2+ sensitivity of the cardiac muscle like mutations do but their relationship with TnI phosphorylation has never been studied before. Using the in vitro motility assay I showed that the Ca2+ sensitisers EMD 57033 and Bepridil increased the Ca2+ sensitivity of donor thin filaments and additionally they uncoupled the Ca2+ sensitivity from the TnI phosphorylation. Epigallocatechin-3-gallate (EGCG) decreased the Ca2+ sensitivity of donor thin filaments whilst retaining the coupling. On the other hand, EGCG reduced the Ca2+ sensitivity of phosphorylated but not dephosphorylated mutant thin filaments restoring the Ca2+ sensitivity change to TnI phosphorylation. EGCG re-coupled 5 DCM (TPM1 E54K and E40K, TNNI3 K36Q, TNNC1 G159D, ACTC E361G) mutants and 3 HCM (TPM1 E180G, TNNT2 K280N, ACTC E99K) mutants which were originally uncoupled. We were given 30 analogue compounds structurally similar to EGCG and nine of them were able to re-couple uncoupled TPM1 E180G HCM mutant thin filaments. The working compounds re-coupled DCM mutation TPM1 E54K and HCM mutation ACTC E99K. I show for the first time that it is possible to mimic and reverse the effect of DCM and HCM mutations on troponin pharmacologically. EGCG and its analogue compounds might have significant implications for the effective treatment of thin filament cardiomyopathies that uncouple the Ca2+ sensitivity from TnI phosphorylation. In a separate study I investigated 11 mutations in skeletal muscle tropomyosin associated with various myopathies. I found that 7 mutations cause a gain of function that could be accounted for at the molecular level due to destabilising specific actin-tropomyosin interactions. Gain of function at the molecular level correlates with a hypercontractile phenotype in patients.Open Acces

Διάταξη και θεωρία γενικής ισορροπίας

Εθνικό Μετσόβιο Πολυτεχνείο--Μεταπτυχιακή Εργασία. Διεπιστημονικό-Διατμηματικό Πρόγραμμα Μεταπτυχιακών Σπουδών (Δ.Π.Μ.Σ.) “Εφαρμοσμένες Μαθηματικές Επιστήμες

Current cybersecurity maturity models: How effective in healthcare cloud?

This research investigates the effective assessment of healthcare cyber security maturity models for healthcare organizations actively using cloud computing. Healthcare cyber security maturity models designate a collection of capabilities expected in a healthcare organization and facilitate its ability to identify where their practices are weak or absent and where they are truly embedded. However, these assessment practices are sometimes considered not effective because sole compliance to standards does not produce objective assessment outputs, and the performance measurements of individual IS components does not depict the overall security posture of a healthcare organization. They also do not consider the effect of the characteristics of cloud computing in healthcare. This paper presents a literature review of maturity models for cloud security assessment in healthcare and argues the need for a cloud security maturity model for healthcare organizations. This review is seeking to articulate the present lack of research in this area and present relevant healthcare cloud-specific security concerns

Behaviour profiling on mobile devices

Over the last decade, the mobile device has become a ubiquitous tool within everyday life. Unfortunately, whilst the popularity of mobile devices has increased, a corresponding increase can also be identified in the threats being targeted towards these devices. Security countermeasures such as AV and firewalls are being deployed, however, the increasing sophistication of the attacks requires additional measures to be taken. This paper proposes a novel behaviour-based profiling technique that is able to build upon the weaknesses of current systems by developing a comprehensive multilevel approach to profiling. In support of this model, a series of experiments have been designed to look at profiling calling, device usage and Bluetooth network scanning. Using neural networks, experimental results for the aforementioned activities\u27 are able to achieve an EER (Equal Error Rate) of: 13.5%, 35.1% and 35.7%

Behaviour Profiling for Transparent Authentication for Mobile Devices

Since the first handheld cellular phone was introduced in 1970s, the mobile phone has changed significantly both in terms of popularity and functionality. With more than 4.6 billion subscribers around the world, it has become a ubiquitous device in our daily life. Apart from the traditional telephony and text messaging services, people are enjoying a much wider range of mobile services over a variety of network connections in the form of mobile applications. Although a number of security mechanisms such as authentication, antivirus, and firewall applications are available, it is still difficult to keep up with various mobile threats (i.e. service fraud, mobile malware and SMS phishing); hence, additional security measures should be taken into consideration. This paper proposes a novel behaviour-based profiling technique by using a mobile user’s application usage to detect abnormal mobile activities. The experiment employed the MIT Reality dataset. For data processing purposes and also to maximise the number of participants, one month (24/10/2004-20/11/2004) of users’ application usage with a total number of 44,529 log entries was extracted from the original dataset. It was further divided to form three subsets: two intra-application datasets compiled with telephone and message data; and an inter-application dataset containing the rest of the mobile applications. Based upon the experiment plan, a user’s profile was built using either static and dynamic profiles and the best experimental results for the telephone, text message, and application-level applications were an EER (Equal Error Rate) of: 5.4%, 2.2% and 13.5% respectively. Whilst some users were difficult to classify, a significant proportion fell within the performance expectations of a behavioural biometric and therefore a behaviour profiling system on mobile devices is able to detect anomalies during the use of the mobile device. Incorporated within a wider authentication system, this biometric would enable transparent and continuous authentication of the user, thereby maximising user acceptance and security

Prediction of NH4NO3 thermal decomposition parameters in the presence of two additives using the single additive experimental values

PresentationNH4NO3 thermal decomposition rate is significantly affected by the presence of additives such as Na2SO4 (an inhibitor) or KCl (a promoter). The presence of Na2SO4 increases substantially the decomposition “onset” temperature of NH4NO3; K2CO3 does the same, while KCl reduces the same parameter. In this work the effect of individual additives on characteristic thermal decomposition parameters of NH4NO3 have been correlated and used to predict the respective parameters when two additives are present simultaneously. A simple model predicting the effect of mixtures of additives on the “onset” temperature and the temperature rise due to the thermal decomposition of AN, using the same data from the individual compounds was developed. The results showed that the behavior of each compound is independent from that of the others. The model predicts well To and Tf of such mixtures of additives

Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection

A risk index model for security incident prioritisation

With thousands of incidents identified by security appliances every day, the process of distinguishing which incidents are important and which are trivial is complicated. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the Analytic Hierarchy Process (AHP). The model uses indicators, such as criticality, maintainability, replaceability, and dependability as decision factors to calculate incidents’ risk index. The RIM was validated using the MIT DARPA LLDOS 1.0 dataset, and the results were compared against the combined priorities of the Common Vulnerability Scoring System (CVSS) v2 and Snort Priority. The experimental results have shown that 100% of incidents could be rated with RIM, compared to only 17.23% with CVSS. In addition, this study also improves the limitation of group priority in the Snort Priority (e.g. high, medium and low priority) by quantitatively ranking, sorting and listing incidents according to their risk index. The proposed study has also investigated the effect of applying weighted indicators at the calculation of the risk index, as well as the effect of calculating them dynamically. The experiments have shown significant changes in the resultant risk index as well as some of the top priority rankings

Φάρμακα και συγγενείς διαμαρτίες στο έμβρυο

Η χρήση χημειοθεραπευτικών κατά τη διάρκεια της εγκυμοσύνης αποτελεί δίλημμα, τόσο για την ασθενή όσο και για τον γιατρό. Πρέπει να δοθεί προσοχή σε πιθανά τερατολογικά προβλήματα και θα πρέπει να εξισορροπηθούν προσεκτικά οι κίνδυνοι για τη μητέρα και το έμβρυο. Χημειοθεραπευτικοί παράγοντες μπορούν να χορηγηθούν στο 2ο και 3ο τρίμηνο χωρίς σοβαρό τερατογόνο κίνδυνο. Όμως, η ακριβής επίδραση της χημειοθεραπείας στον περιορισμό της ανάπτυξης του εμβρύου δεν έχει τεκμηριωθεί πλήρως. Οι πληροφορίες είναι λιγοστές λόγω της σπανιότητας της κακοήθειας που συμβαίνει κατά τη διάρκεια της εγκυμοσύνης, ακόμη και της έλλειψης ομοιόμορφων πρωτοκόλλων θεραπείας. Ως προς τους κινδύνους τερατογένεσης, είναι σημαντικοί, αλλά το βαλπροϊκό νάτριο εξακολουθεί να συνταγογραφείται ευρέως σε πολλές χώρες, για γυναίκες σε αναπαραγωγική ηλικία, ως σταθεροποιητής της διάθεσης στη διπολική διαταραχή και επίσης στην επιληψία. Υπάρχει έδαφος για περαιτέρω έρευνα τόσο για την αποτελεσματικότητα, όσο και για την ασφάλεια των εναλλακτικών λύσεων ως προς το βαλπροϊκό. Ορισμένα άτυπα αντιψυχωσικά συσχετίζονται με μεταβολικές παρενέργειες, οι οποίες είναι παράγοντες κινδύνου που οδηγούν σε διαβήτη κύησης. Τα αντιεπιληπτικά φάρμακα νεότερης γενιάς (AEDs) δεν συσχετίζονται με σημαντικούς αυξημένους κινδύνους συγγενών δυσπλασιών. Ωστόσο, αυτό δεν σημαίνει ότι αυτοί οι παράγοντες δεν είναι επιβλαβείς για βρέφη / παιδιά που εκτίθενται in utero. Συνιστάται η παροχή συμβουλών σχετικά με τους τερατογόνους κινδύνους, όταν η συνταγή γράφεται για μια γυναίκα σε αναπαραγωγική ηλικία και πριν οι γυναίκες συνεχίσουν να λαμβάνουν αυτούς τους φαρμακευτικούς παράγοντες, όταν σκέφτονται την πιθανότητα εγκυμοσύνης. Αυτές οι αποφάσεις πρέπει να εξισορροπούνται ως προς την ανάγκη ελέγχου των επιληπτικών κρίσεων.The use of chemotherapy during pregnancy is a dilemma, both for the patient and the doctor. Attention should be paid to potential teratological problems and the risks to the mother and fetus should be carefully balanced. Chemotherapeutic agents can be administered in the 2nd and 3rd trimester without serious teratogenic risk. However, the exact effect of chemotherapy on restricting fetal development has not been fully established. Information is scarce due to the rarity of malignancy that occurs during pregnancy, and even the lack of uniform treatment protocols. In terms of teratogenic risks, they are significant, but sodium valproate is still widely prescribed in many countries, for women of childbearing potential, as a mood stabilizer in bipolar disorder and also in epilepsy. There is room for further research on both the efficacy and safety of valproate alternatives. Some atypical antipsychotics are associated with metabolic side effects, which are risk factors for gestational diabetes. Newer generation antiepileptic drugs (AEDs) are not associated with a significant increased risk of congenital malformations. However, this does not mean that these factors are not harmful to infants / children exposed in utero. Counseling is advisable on teratogenic risks, when the prescription is written for a woman of childbearing age, and before women continue with these medications when considering the possibility of pregnancy. These decisions need to be balanced with the need to control seizures