Effects of cyclic adenosine 3': 5'-monophosphate on phosphoprotein kinase and phosphatase fractions prepared from rat liver nuclei

A soluble rat liver nuclear extract containing total RNA polymerase activities also exhibits appreciable amounts of protein kinase activity. This unfractionated protein kinase catalyzes the phosphorylation of both endogenous proteins and exogenous lysine-rich histone in the presence of [[gamma]-32P]ATP and Mg2+. The optimal concentration of Mg2+ is 5 m for histone phosphorylation and 25 m for the phosphorylation of endogenous proteins. Cyclic AMP has no effect on the phosphorylation of lysine-rich histone by this unfractionated nuclear protein kinase. However, addition of cyclic AMP causes a reduction in the 32P-labeling of an endogenous protein (CAI) which can be characterized by its mobility during SDS-acrylamide gel electrophoresis and elution in the unbound fraction of a DEAESephadex column. If CAI is first labeled with 32P and then incubated with 10-6 cyclic AMP under conditions where protein kinase activity is inhibited, the presence of the cyclic nucleotide causes a loss of the 32P-labeling of this protein, implying the activation of a substrate-specific protein phosphatase. When rat liver RNA polymerases are purified by DEAE-Sephadex chromatography, protein kinase activity is found in the unbound fraction and in those column fractions containing RNA polymerase I and II. The fractionated protein kinases exhibit different responses to cyclic AMP, the unbound protein kinase being stimulated and the RNA polymerase-associated protein kinases being dramatically inhibited. A second protein (CAII) whose phosphorylated state is modified by cyclic AMP is found within the DEAE-Sephadex column fractions containing RNA polymerase II. The cyclic nucleotide in this case appears to reduce labeling of CAII by inhibition of the protein kinase activity which co-chromatographs with both CAII and RNA polymerase II. Based on molecular weight estimates, neither CAI nor CAII appears to be an RNA polymerase subunit. The identity of CAI as a protein factor whose phosphorylated state influences nuclear RNA synthesis is suggested by the fact that addition of fractions containing CAI to purified RNA polymerase II inhibits the activity of this enzyme, but only if CAI has been previously incubated in the presence of cyclic AMP.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/22481/1/0000022.pd

BOTection: bot detection by building Markov Chain models of bots network behavior

This paper was presented at the 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2020), 5-9 October 2020, Taipei, Taiwan. This is the accepted manuscript version of the paper. The final version is available online from the Association for Computing Machinery at: https://doi.org/10.1145/3320269.3372202.Botnets continue to be a threat to organizations, thus various machine learning-based botnet detectors have been proposed. However, the capability of such systems in detecting new or unseen botnets is crucial to ensure its robustness against the rapid evolution of botnets. Moreover, it prolongs the effectiveness of the system in detecting bots, avoiding frequent and time-consuming classifier re-training. We present BOTection, a privacy-preserving bot detection system that models the bot network flow behavior as a Markov Chain. The Markov Chain state transitions capture the bots' network behavior using high-level flow features as states, producing content-agnostic and encryption resilient behavioral features. These features are used to train a classifier to first detect flows produced by bots, and then identify their bot families. We evaluate our system on a dataset of over 7M malicious flows from 12 botnet families, showing its capability of detecting bots' network traffic with 99.78% F-measure and classifying it to a malware family with a 99.09% F-measure. Notably, due to the modeling of general bot network behavior by the Markov Chains, BOTection can detect traffic belonging to unseen bot families with an F-measure of 93.03% making it robust against malware evolution.Accepted manuscrip

Paradigms for Mobile Agent-Based Active Monitoring of Network Systems

We present here a framework together with a set of paradigms for mobile agent based active monitoring of network systems. In our framework mobile agents are used to perform remote information filtering and control functions. Such agents can detect basic events or correlate existing events that are stored in a database to enforce system policies. A system administrator can securely modify the monitoring policies and information filtering functions of its agents, or install new agents at a node. The framework presented here includes monitor, subscriber, auditor and inspector agents. The policies and itineraries of these agents can be modified dynamically. In response to certain trigger events agents may change their itineraries to correlate event data. We present here a set of experiments that we have conducted using the Ajanta mobile agent system to evaluate and demonstrate the capabilities of our mobile agent framework

Data mining for network intrusion detection

This paper gives an overview of our research in building rare class prediction models for identifying known intrusions and their variations and anomaly/outlier detection schemes for detecting novel attacks whose nature is unknown. Experimental results on the KDDCup’99 data set have demonstrated that our rare class predictive models are much more efficient in the detection of intrusive behavior than standard classification techniques. Experimental results on the DARPA 1998 data set, as well as on live network traffic at the University of Minnesota, show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT. In fact, many of these have been on the CERT/CC list of recent advisories and incident notes. 1

Protecting Against Cyber Threats in Networked Information Systems

This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT