Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating

The deployment and use of Anomaly Detection (AD) sensors often requires the intervention of a human expert to manually calibrate and optimize their performance. Depending on the site and the type of traffic it receives, the operators might have to provide recent and sanitized training data sets, the characteristics of expected traffic (i.e. outlier ratio), and exceptions or even expected future modifications of system's behavior. In this paper, we study the potential performance issues that stem from fully automating the AD sensors' day-to-day maintenance and calibration. Our goal is to remove the dependence on human operator using an unlabeled, and thus potentially dirty, sample of incoming traffic. To that end, we propose to enhance the training phase of AD sensors with a self-calibration phase, leading to the automatic determination of the optimal AD parameters. We show how this novel calibration phase can be employed in conjunction with previously proposed methods for training data sanitization resulting in a fully automated AD maintenance cycle. Our approach is completely agnostic to the underlying AD sensor algorithm. Furthermore, the self-calibration can be applied in an online fashion to ensure that the resulting AD models reflect changes in the system's behavior which would otherwise render the sensor's internal state inconsistent. We verify the validity of our approach through a series of experiments where we compare the manually obtained optimal parameters with the ones computed from the self-calibration phase. Modeling traffic from two different sources, the fully automated calibration shows a 7.08% reduction in detection rate and a 0.06% increase in false positives, in the worst case, when compared to the optimal selection of parameters. Finally, our adaptive models outperform the statically generated ones retaining the gains in performance from the sanitization process over time

SafeWeb: A Middleware for Securing Ruby-Based Web Applications

Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)

Учебная история болезни по внутренним болезням и военно-полевой терапии

ВНУТРЕННИЕ БОЛЕЗНИВОЕННО-ПОЛЕВАЯ ТЕРАПИЯИСТОРИЯ БОЛЕЗНИМЕТОДИЧЕСКИЕ УКАЗАНИЯМетодические указания учат студентов правильно оформлять историю болезни пациента

Automatic rule extraction from access rules using Genetic Programming

International audienceThe security policy rules in companies are generally proposed by the Chief Security Officer (CSO), who must, for instance, select by hand which access events are allowed and which ones should be forbidden. In this work we propose a way to automatically obtain rules that gen-eralise these single-event based rules using Genetic Programming (GP), which, besides, should be able to present them in an understandable way. Our GP-based system obtains good dataset coverage and small ratios of false positives and negatives in the simulation results over real data, after testing different fitness functions and configurations in the way of coding the individuals

Keratan sulphate in the tumour environment

Keratan sulphate (KS) is a bioactive glycosaminoglycan (GAG) of some complexity composed of the repeat disaccharide D-galactose β1→4 glycosidically linked to N-acetyl glucosamine. During the biosynthesis of KS, a family of glycosyltransferase and sulphotransferase enzymes act sequentially and in a coordinated fashion to add D-galactose (D-Gal) then N-acetyl glucosamine (GlcNAc) to a GlcNAc acceptor residue at the reducing terminus of a nascent KS chain to effect chain elongation. D-Gal and GlcNAc can both undergo sulphation at C6 but this occurs more frequently on GlcNAc than D-Gal. Sulphation along the developing KS chain is not uniform and contains regions of variable length where no sulphation occurs, regions which are monosulphated mainly on GlcNAc and further regions of high sulphation where both of the repeat disaccharides are sulphated. Each of these respective regions in the KS chain can be of variable length leading to KS complexity in terms of chain length and charge localization along the KS chain. Like other GAGs, it is these variably sulphated regions in KS which define its interactive properties with ligands such as growth factors, morphogens and cytokines and which determine the functional properties of tissues containing KS. Further adding to KS complexity is the identification of three different linkage structures in KS to asparagine (N-linked) or to threonine or serine residues (O-linked) in proteoglycan core proteins which has allowed the categorization of KS into three types, namely KS-I (corneal KS, N-linked), KS-II (skeletal KS, O-linked) or KS-III (brain KS, O-linked). KS-I to -III are also subject to variable addition of L-fucose and sialic acid groups. Furthermore, the GlcNAc residues of some members of the mucin-like glycoprotein family can also act as acceptor molecules for the addition of D-Gal and GlcNAc residues which can also be sulphated leading to small low sulphation glycoforms of KS. These differ from the more heavily sulphated KS chains found on proteoglycans. Like other GAGs, KS has evolved molecular recognition and information transfer properties over hundreds of millions of years of vertebrate and invertebrate evolution which equips them with cell mediatory properties in normal cellular processes and in aberrant pathological situations such as in tumourogenesis. Two KS-proteoglycans in particular, podocalyxin and lumican, are cell membrane, intracellular or stromal tissue–associated components with roles in the promotion or regulation of tumour development, mucin-like KS glycoproteins may also contribute to tumourogenesis. A greater understanding of the biology of KS may allow better methodology to be developed to more effectively combat tumourogenic processes