1,375 research outputs found
Recommended from our members
Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network
In this paper we present empirical results and speculative analysis based on observations collected over a two month period from studies with two high interaction honeynets, deployed in a corporate and an SME (small to medium enterprise) environment, and a distributed honeypots deployment. All three networks contain a mixture of Windows and Linux hosts. We detail the architecture of the deployment and results of comparing the observations from the three environments. We analyze in detail the times between attacks on different hosts, operating systems, networks or geographical location. Even though results from honeynet deployments are reported often in the literature, this paper provides novel results analyzing traffic from three different types of networks and some initial exploratory models. This research aims to contribute to endeavours in the wider security research community to build methods, grounded on strong empirical work, for assessment of the robustness of computer-based systems in hostile environments
Recommended from our members
Diverse protection systems for improving security: a study with AntiVirus engines
Diverse “barriers” or “protection systems” are very common in many industries, especially in safety-critical ones where the designers must use “defense in depth” techniques to prevent safety failures. Similar techniques are also commonly prescribed for security systems: using multiple, diverse detection systems to prevent security breaches. However empirical evidence of the effectiveness of diversity is rare. We present results of an empirical study which uses a large-scale dataset to assess the benefits of diversity with an important category of security systems: AntiVirus products. The analysis was based on 1599 malware samples collected from a distributed honeypot deployment over a period of 178 days. The malware samples were sent to the signature engines of 32 different AntiVirus products hosted by the VirusTotal service. We also present an exploratory model which shows that the number of diverse protection layers that are needed to achieve “perfect” detection with our dataset follows an exponential power-law distribution. If this distribution is shown to be generic with other datasets, it would be a cost-effective means for predicting the probability of perfect detection for systems that use a large number of barriers based on measurements made with systems that are composed of fewer (say 2, 3) barriers
Recommended from our members
Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity
Fault/intrusion tolerance is usually the only viable way of improving the system dependability and security in the presence of continuously evolving threats. Many of the solutions in the literature concern a specific snapshot in the production or deployment of a fault-tolerant system and no immediate considerations are made about how the system should evolve to deal with novel threats. In this paper we outline and evaluate a set of operating systems’ and applications’ reconfiguration rules which can be used to modify the state of a system replica prior to deployment or in between recoveries, and hence increase the replicas chance of a longer intrusion-free operation
Recommended from our members
FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery
The goal of the FOREVER project is to develop a service for Fault/intrusiOn REmoVal through Evolution & Recovery. In order to achieve this goal, our work addresses three main tasks: the definition of the FOREVER service architecture; the analysis of how diversity techniques can improve resilience; and the evaluation of the FOREVER service. The FOREVER service is an important contribution to intrustion-tolerant replication middleware and significantly enhances the resilience
Live video streaming over packet networks and wireless channels
The transmission of live video over noisy channels requires very low end-to-end delay. Although automatic repeat request ensures lossless transmission, its usefulness to live video streaming is restricted to short connections because of the unbounded retransmission latency. An alternative is to use forward error correction (FEC). Since finding an optimal error protection strategy can be time expensive, FEC systems are commonly designed for the worst case condition of the channel, which limits the end-to-end performance. We study the suitability of two scalable FEC-based systems to the transmission of live video over packet networks. The first one uses Reed-Solomon codes and is appropriate for the Internet. The second one uses a product channel code and is appropriate for wireless channels. We show how fast and robust transmission can be achieved by exploiting a parametric model for the distortion-rate curve of the source coder and by using fast joint source-channel allocation algorithms. Experimental results for the 3D set partitioning in hierarchical tree video coder show that the systems have good reconstruction quality even in severe channel conditions. Finally, we compare the performance of the systems to the state-of-the-art for video transmission over the Internet. 1
The impact of atrazine on several biochemical properties of chernozem soil
The impact of the pesticide atrazine on biochemical processes in soil was investigated. Atrazine loadings of 8.0, 40.0 and 80.0 mg/kg soil were laboratory tested in an experiment set up on a clay loam soil. Dehydrogenase activity, change in biomass carbon, soil respiration and metabolic coefficient were examined. The samples were collected for analysis 1, 7, 14, 21, 30 and 60 days after atrazine application. The acquired data indicated that the effect of atrazine on the biochemical activity of the soil depended on its application rate and duration of activity, and the effect was either stimulating or inhibiting. However, the detected changes were found to be transient, indicating that there is no real risk of the compound disrupting the balance of biochemical processes in soil
Reducing 4DCBCT imaging time and dose: the first implementation of variable gantry speed 4DCBCT on a linear accelerator.
Four dimensional cone beam computed tomography (4DCBCT) uses a constant gantry speed and imaging frequency that are independent of the patient's breathing rate. Using a technique called respiratory motion guided 4DCBCT (RMG-4DCBCT), we have previously demonstrated that by varying the gantry speed and imaging frequency, in response to changes in the patient's real-time respiratory signal, the imaging dose can be reduced by 50-70%. RMG-4DCBCT optimally computes a patient specific gantry trajectory to eliminate streaking artefacts and projection clustering that is inherent in 4DCBCT imaging. The gantry trajectory is continuously updated as projection data is acquired and the patient's breathing changes. The aim of this study was to realise RMG-4DCBCT for the first time on a linear accelerator. To change the gantry speed in real-time a potentiometer under microcontroller control was used to adjust the current supplied to an Elekta Synergy's gantry motor. A real-time feedback loop was developed on the microcontroller to modulate the gantry speed and projection acquisition in response to the real-time respiratory signal so that either 40, RMG-4DCBCT40, or 60, RMG-4DCBCT60, uniformly spaced projections were acquired in 10 phase bins. Images of the CIRS dynamic Thorax phantom were acquired with sinusoidal breathing periods ranging from 2 s to 8 s together with two breathing traces from lung cancer patients. Image quality was assessed using the contrast to noise ratio (CNR) and edge response width (ERW). For the average patient, with a 3.8 s breathing period, the imaging time and image dose were reduced by 37% and 70% respectively. Across all respiratory rates, RMG-4DCBCT40 had a CNR in the range of 6.5 to 7.5, and RMG-4DCBCT60 had a CNR between 8.7 and 9.7, indicating that RMG-4DCBCT allows consistent and controllable CNR. In comparison, the CNR for conventional 4DCBCT drops from 20.4 to 6.2 as the breathing rate increases from 2 s to 8 s. With RMG-4DCBCT, the ERW in the direction of motion of the imaging insert decreases from 2.1 mm to 1.1 mm as the breathing rate increases from 2 s to 8 s while for conventional 4DCBCT the ERW increases from 1.9 mm to 2.5 mm. Image quality can be controlled during 4DCBCT acquisition by varying the gantry speed and the projection acquisition in response to the patient's real-time respiratory signal. However, although the image sharpness, i.e. ERW, is improved with RMG-4DCBCT, the ERW depends on the patient's breathing rate and breathing regularity
Experiments on joint source-channel fractal image coding with unequal error protection
We propose a joint source-channel coding system for fractal image compression. We allocate the available total bit rate between the source code and a range of error-correcting codes using a Lagrange multiplier optimization technique. The principle of the proposed unequal error protection strategy is to partition the information bits into sensitivity classes and to assign one code from a range of error-correcting codes to each sensitivity class in a nearly optimal way. Experimental results show that joint source-channel coding with fractal image compression is feasible, leads to ef"cient protection strategies, and outperforms previous works in this "eld that only covered channel coding with a "xed source rate
Towards a Formal Verification Methodology for Collective Robotic Systems
We introduce a UML-based notation for graphically modeling
systems’ security aspects in a simple and intuitive
way and a model-driven process that transforms graphical
specifications of access control policies in XACML. These
XACML policies are then translated in FACPL, a policy
language with a formal semantics, and the resulting policies
are evaluated by means of a Java-based software tool
- …