STAND: Sanitization Tool for ANomaly Detection

The efficacy of Anomaly Detection (AD) sensors depends heavily on the quality of the data used to train them. Artificial or contrived training data may not provide a realistic view of the deployment environment. Most realistic data sets are dirty; that is, they contain a number of attacks or anomalous events. The size of these high-quality training data sets makes manual removal or labeling of attack data infeasible. As a result, sensors trained on this data can miss attacks and their variations. We propose extending the training phase of AD sensors (in a manner agnostic to the underlying AD algorithm) to include a sanitization phase. This phase generates multiple models conditioned on small slices of the training data. We use these "micro-models"Â to produce provisional labels for each training input, and we combine the micro-models in a voting scheme to determine which parts of the training data may represent attacks. Our results suggest that this phase automatically and significantly improves the quality of unlabeled training data by making it as "attack-free"Â and "regular"Â as possible in the absence of absolute ground truth. We also show how a collaborative approach that combines models from different networks or domains can further refine the sanitization process to thwart targeted training or mimicry attacks against a single site

Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems

Anomaly Detection (AD) sensors have become an invaluable tool for forensic analysis and intrusion detection. Unfortunately, the detection accuracy of all learning-based ADs depends heavily on the quality of the training data, which is often poor, severely degrading their reliability as a protection and forensic analysis tool. In this paper, we propose extending the training phase of an AD to include a sanitization phase that aims to improve the quality of unlabeled training data by making them as "attack-free" and "regular" as possible in the absence of absolute ground truth. Our proposed scheme is agnostic to the underlying AD, boosting its performance based solely on training-data sanitization. Our approach is to generate multiple AD models for content-based AD sensors trained on small slices of the training data. These AD "micro-models" are used to test the training data, producing alerts for each training input. We employ voting techniques to determine which of these training items are likely attacks. Our preliminary results show that sanitization increases 0-day attack detection while maintaining a low false positive rate, increasing confidence to the AD alerts. We perform an initial characterization of the performance of our system when we deploy sanitized versus unsanitized AD systems in combination with expensive host-based attack-detection systems. Finally, we provide some preliminary evidence that our system incurs only an initial modest cost, which can be amortized over time during online operation

Quotient probabilistic normed spaces and completeness results

Quotient spaces of probabilistic normed spaces have never been considered. This note is a first attempt to fill this gap: the quotient space of a PN space with respect to one of its subspaces is introduced and its properties are studied. Finally, we investigate the completeness relationship among the PN spaces considered

From STEM to SEAD: Speculative Execution for Automated Defense

Most computer defense systems crash the process that they protect as part of their response to an attack. In contrast, self-healing software recovers from an attack by automatically repairing the underlying vulnerability. Although recent research explores the feasibility of the basic concept, self-healing faces four major obstacles before it can protect legacy applications and COTS software. Besides the practical issues involved in applying the system to such software (e.g., not modifying source code), self-healing has encountered a number of problems: knowing when to engage, knowing how to repair, and handling communication with external entities. Our previous work on a self-healing system, STEM, left these challenges as future work. STEM provides self-healing by speculatively executing "slices" of a process. This paper improves STEM's capabilities along three lines: (1) applicability of the system to COTS software (STEM does not require source code, and it imposes a roughly 73% performance penalty on Apache's normal operation), (2) semantic correctness of the repair (we introduce virtual proxies and repair policy to assist the healing process), and (3) creating a behavior profile based on aspects of data and control flow

Casting Out Demons: Sanitizing Training Data for Anomaly Sensors

The efficacy of anomaly detection (AD) sensors depends heavily on the quality of the data used to train them. Artificial or contrived training data may not provide a realistic view of the deployment environment. Most realistic data sets are dirty; that is, they contain a number of attacks or anomalous events. The size of these high-quality training data sets makes manual removal or labeling of attack data infeasible. As a result, sensors trained on this data can miss attacks and their variations. We propose extending the training phase of AD sensors (in a manner agnostic to the underlying AD algorithm) to include a sanitization phase. This phase generates multiple models conditioned on small slices of the training data. We use these "micro-models" to produce provisional labels for each training input, and we combine the micro-models in a voting scheme to determine which parts of the training data may represent attacks. Our results suggest that this phase automatically and significantly improves the quality of unlabeled training data by making it as "attack-free" and "regular" as possible in the absence of absolute ground truth. We also show how a collaborative approach that combines models from different networks or domains can further refine the sanitization process to thwart targeted training or mimicry attacks against a single site

Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems

Anomaly Detection (AD) sensors have become an invaluable tool for forensic analysis and intrusion detection. Unfortunately, the detection performance of all learning-based ADs depends heavily on the quality of the training data. In this paper, we extend the training phase of an AD to include a sanitization phase. This phase significantly improves the quality of unlabeled training data by making them as "attack-free"Â as possible in the absence of absolute ground truth. Our approach is agnostic to the underlying AD, boosting its performance based solely on training-data sanitization. Our approach is to generate multiple AD models for content-based AD sensors trained on small slices of the training data. These AD "micro-models"Â are used to test the training data, producing alerts for each training input. We employ voting techniques to determine which of these training items are likely attacks. Our preliminary results show that sanitization increases 0-day attack detection while in most cases reducing the false positive rate. We analyze the performance gains when we deploy sanitized versus unsanitized AD systems in combination with expensive hostbased attack-detection systems. Finally, we show that our system incurs only an initial modest cost, which can be amortized over time during online operation

Ethanol Sensing Performances of Zinc-doped Copper Oxide Nano-crystallite Layers

The synthesis via chemical solutions (aqueous) (SCS) wet route is a low-temperature and cost-effective growth technique of high crystalline quality oxide semiconductors films. Here we report on morphology, chemical composition, structure and ethanol sensing performances of a device prototype based on zincdoped copper oxide nanocrystallite layer. By thermal annealing in electrical furnace for 30 min at temperatures higher than 550 ˚C, as-deposited zinc doped Cu2O samples are converted to tenorite, ZnxCu1-xOy, (x=1.3wt%) that demonstrate higher ethanol response than sensor structures based on samples treated at 450 ˚C. In case of the specimens after post-growth treatment at 650 ˚C was found an ethanol gas response of about 79 % and 91 % to concentrations of 100 ppm and 500 ppm, respectively, at operating temperature of 400 ˚C in air

International migration and labour turnover: workers’ agency in the construction sector of Russia and Italy

This article focuses on migrant workers’ agency through exploring the relationship between working and employment conditions, on one side, and labour mobility, on the other. The study is based on qualitative research involving workers from Moldova and Ukraine working in the Russian and Italian construction sector. Fieldwork has been carried out in Russia, Italy and Moldova to investigate informal networks, recruitment mechanisms and employment conditions to establish their impact on migration processes. Overcoming methodological nationalism, this study recognises transnational spaces as the new terrain where antagonistic industrial relations are rearticulated. Labour turnover is posited as a key explanatory factor and understood not simply as the outcome of capital recruitment strategies but also as workers’ agency

Labour mobility in construction: migrant workers’ strategies between integration and turnover

The construction industry historically is characterised by high levels of labour mobility favouring the recruitment of migrant labour. In the EU migrant workers make up around 25% of overall employment in the sector and similar if not higher figures exist for the sector in Russia. The geo-political changes of the 1990s have had a substantial impact on migration flows, expanding the pool of labour recruitment within and from the post-socialist East but also changing the nature of migration. The rise of temporary employment has raised concerns about the weakness and isolation of migrant workers and the concomitant risk of abuse. Migrant workers though cannot be reduced to helpless victims of state policies and employers’ recruitment strategies. Findings of the research presented here unveil how they meet the challenges of the international labour market, the harshness of debilitating working conditions and the difficult implications for their family life choices

Medication use by middle-aged and older participants of an exercise study: results from the Brain in Motion study

BACKGROUND: Over the past 50 years, there has been an increase in the utilization of prescribed, over-the-counter (OTC) medications, and natural health products. Although it is known that medication use is common among older persons, accurate data on the patterns of use, including the quantity and type of medications consumed in a generally healthy older population from a Canadian perspective are lacking. In this study, we study the pattern of medication use in a sedentary but otherwise healthy older persons use and determined if there was an association between medication use and aerobic fitness level. METHODS: All participants enrolled in the Brain in Motion study provided the name, formulation, dosage and frequency of any medications they were consuming at the time of their baseline assessment. Maximal aerobic capacity (VO(2)max) was determined on each participant. RESULTS: Two hundred seventy one participants (mean age 65.9 ± 6.5 years; range 55–92; 54.6% females) were enrolled. Most were taking one or more (1+) prescribed medication (n = 204, 75.3%), 1+ natural health product (n = 221, 81.5%) and/or 1+ over-the-counter (OTC) drug (n = 174, 64.2%). The most commonly used prescribed medications were HMG-CoA reductase inhibitors (statins) (n = 52, 19.2%). The most common natural health product was vitamin D (n = 201, 74.2%). For OTC drugs, non-steroidal anti-inflammatories (n = 82, 30.3%) were the most common. Females were more likely than males to take 1+ OTC medications, as well as supplements. Those over 65 years of age were more likely to consume prescription drugs than their counterparts (p ≤ 0.05). Subjects taking more than two prescribed or OTC medications were less physically fit as determined by their VO(2)max. The average daily Vitamin D intake was 1896.3 IU per participant. CONCLUSIONS: Medication use was common in otherwise healthy older individuals. Consumption was higher among females and those older than 65 years. Vitamin D intake was over two-fold higher than the recommended 800 IU/day for older persons, but within the tolerable upper intake of 4,000 IU/day. The appropriateness of the high rate of medication use in this generally healthy population deserves further investigation