A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy

Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots

Abstract. Spitzner proposed to classify honeypots into low, medium and high interaction ones. Several instances of low interaction exist, such as honeyd, as well as high interaction, such as GenII. Medium interaction systems have recently received increased attention. ScriptGen and Role-Player, for instance, are as talkative as a high interaction system while limiting the associated risks. In this paper, we do build upon the work we have proposed on ScriptGen to automatically create honeyd scripts able to interact with attack tools without relying on any a-priori knowl-edge of the protocols involved. The main contributions of this paper are threefold. First, we propose a solution to detect and handle so-called intra-protocol dependencies. Second, we do the same for inter-protocols dependencies. Last but not least, we show how, by modifying our initial refinement analysis, we can, on the fly, generate new scripts as new at-tacks, i.e. 0-day, show up. As few as 50 samples of attacks, i.e. less than one per platform we have currently deployed in the world, is enough to produce a script that can then automatically enrich all these platforms.

Honeypots and honeynets: issues of privacy

Honeypots and honeynets are popular tools in the area of network security and network forensics. The deployment and usage of these tools are influenced by a number of technical and legal issues, which need to be carefully considered. In this paper, we outline the privacy issues of honeypots and honeynets with respect to their technical aspects. The paper discusses the legal framework of privacy and legal grounds to data processing. We also discuss the IP address, because by EU law, it is considered personal data. The analysis of legal issues is based on EU law and is supported by discussions on privacy and related issues

Editorial: Paz, la tarea es fortalecer la participación social y popular

Asistimos a un momento histórico en Colombia, se marca posiblemente, el cierre de una cruenta confrontación armada de más de 50 años, entre las Farc-Ep y el gobierno Colombiano, este solo hecho ya de por sí, es bien importante, pero no suficiente

Farsighted Risk Mitigation of Lateral Movement Using Dynamic Cognitive Honeypots

Lateral movement of advanced persistent threats has posed a severe security challenge. Due to the stealthy and persistent nature of the lateral movement, defenders need to consider time and spatial locations holistically to discover latent attack paths across a large time-scale and achieve long-term security for the target assets. In this work, we propose a time-expanded random network to model the stochastic service links in the user-host enterprise network and the adversarial lateral movement. We design cognitive honeypots at idle production nodes and disguise honey links as service links to detect and deter the adversarial lateral movement. The location of the honeypot changes randomly at different times and increases the honeypots' stealthiness. Since the defender does not know whether, when, and where the initial intrusion and the lateral movement occur, the honeypot policy aims to reduce the target assets' Long-Term Vulnerability (LTV) for proactive and persistent protection. We further characterize three tradeoffs, i.e., the probability of interference, the stealthiness level, and the roaming cost. To counter the curse of multiple attack paths, we propose an iterative algorithm and approximate the LTV with the union bound for computationally efficient deployment of cognitive honeypots. The results of the vulnerability analysis illustrate the bounds, trends, and a residue of LTV when the adversarial lateral movement has infinite duration. Besides honeypot policies, we obtain a critical threshold of compromisability to guide the design and modification of the current system parameters for a higher level of long-term security. We show that the target node can achieve zero vulnerability under infinite stages of lateral movement if the probability of movement deterrence is not less than the threshold

Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov Decision Processes

A honeynet is a promising active cyber defense mechanism. It reveals the fundamental Indicators of Compromise (IoCs) by luring attackers to conduct adversarial behaviors in a controlled and monitored environment. The active interaction at the honeynet brings a high reward but also introduces high implementation costs and risks of adversarial honeynet exploitation. In this work, we apply infinite-horizon Semi-Markov Decision Process (SMDP) to characterize a stochastic transition and sojourn time of attackers in the honeynet and quantify the reward-risk trade-off. In particular, we design adaptive long-term engagement policies shown to be risk-averse, cost-effective, and time-efficient. Numerical results have demonstrated that our adaptive engagement policies can quickly attract attackers to the target honeypot and engage them for a sufficiently long period to obtain worthy threat information. Meanwhile, the penetration probability is kept at a low level. The results show that the expected utility is robust against attackers of a large range of persistence and intelligence. Finally, we apply reinforcement learning to the SMDP to solve the curse of modeling. Under a prudent choice of the learning rate and exploration policy, we achieve a quick and robust convergence of the optimal policy and value.Comment: The presentation can be found at https://youtu.be/GPKT3uJtXqk. arXiv admin note: text overlap with arXiv:1907.0139

Topoisomerase IIβ Activates a Subset of Neuronal Genes that Are Repressed in AT-Rich Genomic Environment

DNA topoisomerase II (topo II) catalyzes a strand passage reaction in that one duplex is passed through a transient brake or gate in another. Completion of late stages of neuronal development depends on the presence of active β isoform (topo IIβ). The enzyme appears to aid the transcriptional induction of a limited number of genes essential for neuronal maturation. However, this selectivity and underlying molecular mechanism remains unknown. Here we show a strong correlation between the genomic location of topo IIβ action sites and the genes it regulates. These genes, termed group A1, are functionally biased towards membrane proteins with ion channel, transporter, or receptor activities. Significant proportions of them encode long transcripts and are juxtaposed to a long AT-rich intergenic region (termed LAIR). We mapped genomic sites directly targeted by topo IIβ using a functional immunoprecipitation strategy. These sites can be classified into two distinct classes with discrete local GC contents. One of the classes, termed c2, appears to involve a strand passage event between distant segments of genomic DNA. The c2 sites are concentrated both in A1 gene boundaries and the adjacent LAIR, suggesting a direct link between the action sites and the transcriptional activation. A higher-order chromatin structure associated with AT richness and gene poorness is likely to serve as a silencer of gene expression, which is abrogated by topo IIβ releasing nearby genes from repression. Positioning of these genes and their control machinery may have developed recently in vertebrate evolution to support higher functions of central nervous system

Transcriptional and Post-Transcriptional Mechanisms for Oncogenic Overexpression of Ether À Go-Go K+ Channel

The human ether-à-go-go-1 (h-eag1) K+ channel is expressed in a variety of cell lines derived from human malignant tumors and in clinical samples of several different cancers, but is otherwise absent in normal tissues. It was found to be necessary for cell cycle progression and tumorigenesis. Specific inhibition of h-eag1 expression leads to inhibition of tumor cell proliferation. We report here that h-eag1 expression is controlled by the p53−miR-34−E2F1 pathway through a negative feed-forward mechanism. We first established E2F1 as a transactivator of h-eag1 gene through characterizing its promoter region. We then revealed that miR-34, a known transcriptional target of p53, is an important negative regulator of h-eag1 through dual mechanisms by directly repressing h-eag1 at the post-transcriptional level and indirectly silencing h-eag1 at the transcriptional level via repressing E2F1. There is a strong inverse relationship between the expression levels of miR-34 and h-eag1 protein. H-eag1antisense antagonized the growth-stimulating effects and the upregulation of h-eag1 expression in SHSY5Y cells, induced by knockdown of miR-34, E2F1 overexpression, or inhibition of p53 activity. Therefore, p53 negatively regulates h-eag1 expression by a negative feed-forward mechanism through the p53−miR-34−E2F1 pathway. Inactivation of p53 activity, as is the case in many cancers, can thus cause oncogenic overexpression of h-eag1 by relieving the negative feed-forward regulation. These findings not only help us understand the molecular mechanisms for oncogenic overexpression of h-eag1 in tumorigenesis but also uncover the cell-cycle regulation through the p53−miR-34−E2F1−h-eag1 pathway. Moreover, these findings place h-eag1 in the p53−miR-34−E2F1−h-eag1 pathway with h-eag as a terminal effecter component and with miR-34 (and E2F1) as a linker between p53 and h-eag1. Our study therefore fills the gap between p53 pathway and its cellular function mediated by h-eag1

Indução da atividade fagocitária e produção de óxido nítrico numa população natural de Trypanosoma cruzi I e II do Estado do Paraná, Brasil

Twelve strains of Trypanosoma cruzi isolated from wild reservoirs, triatomines, and chronic chagasic patients in the state of Paraná, southern Brazil, and classified as T. cruzi I and II, were used to test the correlation between genetic and biological diversity. The Phagocytic Index (PI) and nitric-oxide (NO) production in vitro were used as biological parameters. The PI of the T. cruzi I and II strains did not differ significantly, nor did the PI of the T. cruzi strains isolated from humans, triatomines, or wild reservoirs. There was a statistical difference in the inhibition of NO production between T. cruzi I and II and between parasites isolated from humans and the strains isolated from triatomines and wild reservoirs, but there was no correlation between genetics and biology when the strains were analyzed independently of the lineages or hosts from which the strains were isolated. There were significant correlations for Randomly Amplified Polymorphic Deoxyribonucleic acid (RAPD) and biological parameters for T. cruzi I and II, and for humans or wild reservoirs when the lineages or hosts were considered individually.Doze cepas de Trypanosoma cruzi isoladas de reservatórios silvestres, triatomíneos e de pacientes chagásicos crônicos do Estado do Paraná, Brasil, classificadas como Tc I e II foram usadas para avaliar a correlação entre genética e diversidade biológica. Índice fagocítico (IF) e produção de óxido nítrico (ON) in vitro foram os parâmetros biológicos utilizados. O IF de cepas T. cruzi I e II não diferiram significativamente assim como o IF de cepas isoladas de humanos, triatomíneos ou de reservatórios silvestres. Há diferença estatística na inibição da produção de ON entre T. cruzi I e II e entre parasitos isolados de humanos e de cepas isoladas de triatomíneos e reservatórios silvestres, mas não foi observada correlação entre genética e biologia quando as cepas foram analisadas independentemente da linhagem ou hospedeiros das quais elas foram isoladas. Observou-se correlação significativa para amplificação aleatória do DNA polimórfico e parâmetros biológicos de Tc I ou II e para os seres humanos ou reservatório silvestre quando linhagens ou hospedeiros são consideradas separadamente

Micro-computed tomography and histology to explore internal morphology in decapod larvae

Traditionally, the internal morphology of crustacean larvae has been studied using destructive techniques such as dissection and microscopy. The present study combines advances in microcomputed tomography (micro-CT) and histology to study the internal morphology of decapod larvae, using the common spider crab (Maja brachydactyla Balss, 1922) as a model and resolving the individual limitations of these techniques. The synergy of micro-CT and histology allows the organs to be easily identified, revealing simultaneously the gross morphology (shape, size, and location) and histological organization (tissue arrangement and cell identification). Micro-CT shows mainly the exoskeleton, musculature, digestive and nervous systems, and secondarily the circulatory and respiratory systems, while histology distinguishes several cell types and confirms the organ identity. Micro-CT resolves a discrepancy in the literature regarding the nervous system of crab larvae. The major changes occur in the metamorphosis to the megalopa stage, specifically the formation of the gastric mill, the shortening of the abdominal nerve cord, the curving of the abdomen beneath the cephalothorax, and the development of functional pereiopods, pleopods, and lamellate gills. The combination of micro-CT and histology provides better results than either one alone.Financial support was provided by the Spanish Ministry of Economy and Competitiveness through the INIA project (grant number RTA2011-00004-00-00) to G.G. and a pre-doctoral fellowship to D.C. (FPI-INIA)