Detecting and characterizing lateral phishing at scale

We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks

Exact results for the Barabasi model of human dynamics

Human activity patterns display a bursty dynamics, with interevent times following a heavy tailed distribution. This behavior has been recently shown to be rooted in the fact that humans assign their active tasks different priorities, a process that can be modeled as a priority queueing system [A.-L. Barabasi, Nature 435, 207 (2005)]. In this work we obtain exact results for the Barabasi model with two tasks, calculating the priority and waiting time distribution of active tasks. We demonstrate that the model has a singular behavior in the extremal dynamics limit, when the highest priority task is selected first. We find that independently of the selection protocol, the average waiting time is smaller or equal to the number of active tasks, and discuss the asymptotic behavior of the waiting time distribution. These results have important implications for understanding complex systems with extremal dynamics.Comment: 4 pages, 4 figures, revte

zeek-osquery: Host-Network Correlation for Advanced Monitoring and Intrusion Detection

Intrusion Detection Systems (IDSs) can analyze network traffic for signs of attacks and intrusions. However, encrypted communication limits their visibility and sophisticated attackers additionally try to evade their detection. To overcome these limitations, we extend the scope of Network IDSs (NIDSs) with additional data from the hosts. For that, we propose the integrated open-source zeek-osquery platform that combines the Zeek IDS with the osquery host monitor. Our platform can collect, process, and correlate host and network data at large scale, e.g., to attribute network flows to processes and users. The platform can be flexibly extended with own detection scripts using already correlated, but also additional and dynamically retrieved host data. A distributed deployment enables it to scale with an arbitrary number of osquery hosts. Our evaluation results indicate that a single Zeek instance can manage more than 870 osquery hosts and can attribute more than 96% of TCP connections to host-side applications and users in real-time.Comment: Accepted for publication at ICT Systems Security and Privacy Protection (IFIP) SEC 202

Comparison Between Numerically Simulated and Experimentally Measured Flowfield Quantities Behind a Pulsejet

Pulsed combustion is receiving renewed interest as a potential route to higher performance in air breathing propulsion systems. Pulsejets offer a simple experimental device with which to study unsteady combustion phenomena and validate simulations. Previous computational fluid dynamic (CFD) simulation work focused primarily on the pulsejet combustion and exhaust processes. This paper describes a new inlet sub-model which simulates the fluidic and mechanical operation of a valved pulsejet head. The governing equations for this sub-model are described. Sub-model validation is provided through comparisons of simulated and experimentally measured reed valve motion, and time averaged inlet mass flow rate. The updated pulsejet simulation, with the inlet sub-model implemented, is validated through comparison with experimentally measured combustion chamber pressure, inlet mass flow rate, operational frequency, and thrust. Additionally, the simulated pulsejet exhaust flowfield, which is dominated by a starting vortex ring, is compared with particle imaging velocimetry (PIV) measurements on the bases of velocity, vorticity, and vortex location. The results show good agreement between simulated and experimental data. The inlet sub-model is shown to be critical for the successful modeling of pulsejet operation. This sub-model correctly predicts both the inlet mass flow rate and its phase relationship with the combustion chamber pressure. As a result, the predicted pulsejet thrust agrees very well with experimental data

Pervasive and Personal Learning Environments

This position paper provides some elements about the convergence of institutional and personal learning environments based on Web 2.0 as well as pervasive learning

Long-term power-law fluctuation in Internet traffic

Power-law fluctuation in observed Internet packet flow are discussed. The data is obtained by a multi router traffic grapher (MRTG) system for 9 months. The internet packet flow is analyzed using the detrended fluctuation analysis. By extracting the average daily trend, the data shows clear power-law fluctuations. The exponents of the fluctuation for the incoming and outgoing flow are almost unity. Internet traffic can be understood as a daily periodic flow with power-law fluctuations.Comment: 10 pages, 8 figure