Integration of Arctic Node threat intelligence sharing platform with Suricata

Abstract. The Internet has connected the modern world. Nowadays anyone can access anything straight from their home computer. Everything and everyone has a presence in the cyber domain, including those who seek to conduct criminal activities. In response to this, the field of cyber security has been born. Cyber threat intelligence refers to information about cyber threats such as computers with open vulnerabilities and malicious Internet sites. The amount of available information is vast and the only way to handle such a large amount of data is automation. Threat intelligence sharing platforms have been developed for this task. They are used to fetch threat intelligence data from multiple sources, harmonize and analyze the data, and share it further. One part of the automation process is the integration of threat intelligence sharing platforms with other cyber security applications. The goal of this thesis was to integrate a new intrusion detection and prevention system into the Arctic Node threat intelligence sharing platform. Suricata was chosen as the integrated system. A new integration submodule was created for Arctic Node to convert threat intelligence collected by the platform into Suricata rules and send it automatically to Suricata. One of the prominent features of this new module was the capability to deduplicate the output data. The new integration submodule was compared to a similar functionality in another threat intelligence sharing platform, MISP. Testing was conducted in a custom virtual environment using real threat intelligence from seven different feeds. The results of these tests indicated that the new submodule was able to notice a greater number of possible threats, and it generated a more diverse set of different types of Suricata rules from the same input data. Deduplication was found to only have a small impact in reducing the size of the generated rule set as the overlap between different threat intelligence feeds was minimal.Arctic Node -alustan yhdistäminen Suricataohjelmaan. Tiivistelmä. Internet on yhdistänyt nykyajan maailman. Kaikilla on pääsy kaikkialle suoraan kotikoneelta. Myös rikolliset ovat havainneet tämän, ja hakkerointi on noussut modernin maailman suureksi riesaksi. Internetissä tapahtuvan rikollisuuden estämiseksi on syntynyt kyberturvallisuuden ala. Tietoturvatieto käsittää tietoa eri uhkatekijöistä internetissä. Tieto voi koskea esimerkiksi vaarallisia sivustoja tai haavoittuvaisia tietokoneita. Tietoturvatietoa on olemassa valtavasti, eikä kaikkea tätä tietoa voida hallita manuaalisesti, vaan sen hallinta täytyy automatisoida. Tietoturvatiedon hallintaa varten on kehitetty erilaisia tietoturvatiedon hallinta-alustoja, joilla tietoa voidaan kerätä eri lähteistä, rikastaa, analysoida ja jakaa eteenpäin. Yksi tietoturvatiedon hallinta-alustojen toiminnallisuuden osa-alueista on niiden integraatio toisten tietoturvaohjelmien kanssa. Tämän diplomityön tavoitteena oli yhdistää uusi tietoturvaohjelma Arctic Node -alustaan. Yhdistettäväksi ohjelmaksi valittiin Suricata. Diplomityössä tehtiin toiminnallisuus, joka muuttaa Arctic Node -alustan keräämää tietoturvatietoa Suricata-säännöiksi ja joka kykenee jakamaan säännöt automaattisesti Suricata-ohjelmalle. Yksi tämän toiminnallisuuden tavoitteista oli poistaa toisto luoduista Suricata-säännöistä, jotta jokainen sääntö olisi uniikki. Arctic Node -alustan uutta toiminnallisuutta testattiin MISP-alustan samanlaista toiminnallisuutta vastaan. Testin tuloksena oli, että uusi toiminnallisuus tuotti jonkin verran enemmän Suricata-sääntöjä kuin MISP-alusta samoilla tietoturvalähteillä, ja säännöt olivat myös monipuolisempia kuin MISP-alustan luomat säännöt. Testeissä Arctic Node -alustan tuottamat säännöt havaitsivat haitallista liikennettä paremmin kuin MISP-alustan tuottamat säännöt. Testeissä ei havaittu Suricata-sääntöjen toiston poistamisen olevan kovinkaan merkittävää, koska tietoturvalähteiden välillä on melko vähän päällekkäisyyksiä

Taming the massive genome of Scots pine with PiSy50k, a new genotyping array for conifer research

Pinus sylvestris (Scots pine) is the most widespread coniferous tree in the boreal forests of Eurasia, with major economic and ecological importance. However, its large and repetitive genome presents a challenge for conducting genome-wide analyses such as association studies, genetic mapping and genomic selection. We present a new 50K single-nucleotide polymorphism (SNP) genotyping array for Scots pine research, breeding and other applications. To select the SNP set, we first genotyped 480 Scots pine samples on a 407 540 SNP screening array and identified 47 712 high-quality SNPs for the final array (called 'PiSy50k'). Here, we provide details of the design and testing, as well as allele frequency estimates from the discovery panel, functional annotation, tissue-specific expression patterns and expression level information for the SNPs or corresponding genes, when available. We validated the performance of the PiSy50k array using samples from Finland and Scotland. Overall, 39 678 (83.2%) SNPs showed low error rates (mean = 0.9%). Relatedness estimates based on array genotypes were consistent with the expected pedigrees, and the level of Mendelian error was negligible. In addition, array genotypes successfully discriminate between Scots pine populations of Finnish and Scottish origins. The PiSy50k SNP array will be a valuable tool for a wide variety of future genetic studies and forestry applications.Peer reviewe

High-dose adenosine versus saline-induced cardioplegic arrest in coronary artery bypass grafting : A randomized double-blind clinical feasibility trial

Peer reviewe

Development of Human Leukocyte Antigen (HLA) Antibodies Against Vascular Homograft Donor in Pediatric Heart Transplant Recipients

Background: The appearance of human leukocyte antigen (HLA) antibodies after solid organ transplantation predisposes recipients to graft dysfunction. In theory, vascular homografts, which are widely used in children with congenital heart defects, may cause allosensitization. Material/Methods: In this single-center retrospective study, the presence of pre-existing HLA antibodies in pediatric heart trans- plant (HTx) recipients with a vascular homograft was evaluated in a cohort of 12 patients. HLA antibodies were screened before and after HTx and positive screening results were confirmed and identified using the Luminex (R) single antigen bead method. Endomyocardial biopsies (EMB) and coronary angiography studies were re-evaluated to assess the prevalence of acute rejections and coronary artery change in these patients. Results: At the time of HTx, 8 patients (67%) had HLA antibodies detected by the Luminex assay, none of which were heart donor specific (DSA). All patients had negative leukocyte crossmatch. One patient developed DSAs against homograft donor prior to HTx. After the HTx, 5 patients (42%) developed DSAs against the heart donor and 4 patients (40%) against the homograft donor. In 2 patients (17%), the antibodies were against both heart and homograft donors. The rejection rate or prevalence of coronary artery vasculopathy did not differ significantly between the homograft cohort and our historical controls. Conclusions: Our results suggest that the prevalence of DSAs against homograft donor prior to HTx is relatively rare. However, almost half of the patients developed DSAs against homograft post-HTx. The clinical importance of these antibodies warrants further studies.Peer reviewe

Measuring the Neutrino Cross Section Using 8 years of Upgoing Muon Neutrinos Observed with IceCube

The IceCube Neutrino Observatory detects neutrinos at energies orders of magnitude higher than those available to current accelerators. Above 40 TeV, neutrinos traveling through the Earth will be absorbed as they interact via charged current interactions with nuclei, creating a deficit of Earth-crossing neutrinos detected at IceCube. The previous published results showed the cross section to be consistent with Standard Model predictions for 1 year of IceCube data. We present a new analysis that uses 8 years of IceCube data to fit the ν$_{μ}$ absorption in the Earth, with statistics an order of magnitude better than previous analyses, and with an improved treatment of systematic uncertainties. It will measure the cross section in three energy bins that span the range 1 TeV to 100 PeV. We will present Monte Carlo studies that demonstrate its sensitivity