Tracking Cyber Adversaries with Adaptive Indicators of Compromise

A forensics investigation after a breach often uncovers network and host indicators of compromise (IOCs) that can be deployed to sensors to allow early detection of the adversary in the future. Over time, the adversary will change tactics, techniques, and procedures (TTPs), which will also change the data generated. If the IOCs are not kept up-to-date with the adversary's new TTPs, the adversary will no longer be detected once all of the IOCs become invalid. Tracking the Known (TTK) is the problem of keeping IOCs, in this case regular expressions (regexes), up-to-date with a dynamic adversary. Our framework solves the TTK problem in an automated, cyclic fashion to bracket a previously discovered adversary. This tracking is accomplished through a data-driven approach of self-adapting a given model based on its own detection capabilities. In our initial experiments, we found that the true positive rate (TPR) of the adaptive solution degrades much less significantly over time than the naive solution, suggesting that self-updating the model allows the continued detection of positives (i.e., adversaries). The cost for this performance is in the false positive rate (FPR), which increases over time for the adaptive solution, but remains constant for the naive solution. However, the difference in overall detection performance, as measured by the area under the curve (AUC), between the two methods is negligible. This result suggests that self-updating the model over time should be done in practice to continue to detect known, evolving adversaries.Comment: This was presented at the 4th Annual Conf. on Computational Science & Computational Intelligence (CSCI'17) held Dec 14-16, 2017 in Las Vegas, Nevada, US

A Riemann solver at a junction compatible with a homogenization limit

We consider a junction regulated by a traffic lights, with n incoming roads and only one outgoing road. On each road the Phase Transition traffic model, proposed in [6], describes the evolution of car traffic. Such model is an extension of the classic Lighthill-Whitham-Richards one, obtained by assuming that different drivers may have different maximal speed. By sending to infinity the number of cycles of the traffic lights, we obtain a justification of the Riemann solver introduced in [9] and in particular of the rule for determining the maximal speed in the outgoing road.Comment: 19 page

Association Study between the <i>FTCDNL1</i> (<i>FONG) </i>and Susceptibility to Osteoporosis

<div><p>Osteoporosis is a systemic skeletal disease characterized by a decreased bone mineral density that results in an increased risk of fragility fractures. Previous studies indicated that genetic factors are involved in the pathogenesis of osteoporosis. Polymorphisms of the <i>FONG (FTCDNL1)</i> gene (rs7605378) were reported to be associated with the risk of osteoporosis in a Japanese population. To assess whether polymorphisms of the <i>FTCDNL1</i> gene contribute to the susceptibility and severity of osteoporosis in a Taiwanese population, 326 osteoporosis patients and 595 controls of a Taiwanese population were included in this study. Our results indicated that rs10203122 was significantly associated with osteoporosis susceptibility among female. Our findings provide evidence that rs10203122 in <i>FTCDNL1</i> is associated with a susceptibility to osteoporosis.</p></div

Additional file 1: of Bivariate genome-wide association study identifies novel pleiotropic loci for lipids and inflammation

Study-specific Methods Section for the Replication Section. Table S1. Replication Results for C-Reactive Protein. Table S2. Replication Results for lipids. Table S3. Proxy variants for the Single Nucleotide Polymophisms not Available on the Metabochip Array. (DOCX 30 kb

Haplotype frequencies of the <i>FTCDNL1</i> gene in controls and patients with osteoporosis.

<p>P-value or Q-value < 0.05 are shown in bold. OR, odds ratio. CI, confidence interval.</p><p>Haplotype frequencies of the <i>FTCDNL1</i> gene in controls and patients with osteoporosis.</p

Association analysis between <i>FTCDNL1</i> single-nucleotide polymorphisms and osteoporosis susceptibility in females.

<p>The p value was adjusted for age and the body-mass index. OR, odds ratio. CI, confidence interval. P-values and q-values < 0.05 are shown in bold. Q-values < 0.05 are considered statistical significance after correction for multiple testing.</p><p>Association analysis between <i>FTCDNL1</i> single-nucleotide polymorphisms and osteoporosis susceptibility in females.</p

Basal characteristics of subjects.

<p>BMI, body mass index</p><p>Basal characteristics of subjects.</p

<i>FTCDNL1</i> gene linkage disequilibrium and haplotype block structure in osteoporosis.

<p>The number on the cell is the D’ (D’ x 100).</p

Association analysis between <i>FTCDNL1</i> single-nucleotide polymorphisms and T-scores in females.

<p>The p value was adjusted for age and the body-mass index. P-values and q-values < 0.05 are shown in bold. Q-values < 0.05 are considered statistical significance after correction for multiple testing.</p><p>Association analysis between <i>FTCDNL1</i> single-nucleotide polymorphisms and T-scores in females.</p

Graphical overview of the genotyped human <i>FTCDNL1</i> gene.

<p>Graphical overview of the genotyped human <i>FTCDNL1</i> gene.</p