Different approaches for the detection of SSH anomalous connections

The Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SSH service has been an appealing target for attackers, aiming to guess root passwords performing dictionary attacks or to directly exploit the service itself. To identify such situations, this article addresses the detection of SSH anomalous connections from an intrusion detection perspective. The main idea is to compare several strategies and approaches for a better detection of SSH-based attacks. To test the classification performance of different classifiers and combinations of them, SSH data coming from a real-world honeynet are gathered and analysed. For comparison purposes and to draw conclusions about data collection, both packet-based and flow data are analysed. A wide range of classifiers and ensembles are applied to these data, as well as different validation schemes for better analysis of the obtained results. The high-rate classification results lead to positive conclusions about the identification of malicious SSH connections

Optimising Maintenance: What are the expectations for Cyber Physical Systems

The need for maintenance is based on the wear of components of machinery. If this need can be defined reliably beforehand so that no unpredicted failures take place then the maintenance actions can be carried out economically with minimum disturbance to production. There are two basic challenges in solving the above. First understanding the development of wear and failures, and second managing the measurement and diagnosis of such parameters that can reveal the development of wear. In principle the development of wear and failures can be predicted through monitoring time, load or wear as such. Monitoring time is not very efficient, as there are only limited numbers of components that suffer from aging which as such is result of chemical wear i.e. changes in the material. In most cases the loading of components influences their wear. In principle the loading can be stable or varying in nature. Of these two cases the varying load case is much more challenging than the stable one. The monitoring of wear can be done either directly e.g. optical methods or indirectly e.g. vibration. Monitoring actual wear is naturally the most reliable approach, but it often means that additional investments are needed. The paper discusses the above issues and what are the requirements that follow from these for optimising maintenance based of the use of Cyber Physical Systems

The Way Cyber Physical Systems Will Revolutionise Maintenance

The way maintenance is carried out is altering rapidly. The introduction of Cyber Physical Systems (CPS) and cloud technologies are providing new technological possibilities that change dramatically the way it is possible to follow production machinery and the necessity to carry out maintenance. In the near future, the number of machines that can be followed from remoteness will explode. At the same time, it will be conceivable to carry out local diagnosis and prognosis that support the adaptation of Condition Based Maintenance (CBM) i.e. financial optimisation can drive the decision whether a machine needs maintenance or not. Further to this, the cloud technology allows to accumulate relevant data from numerous sources that can be used for further improvement of the maintenance practices. The paper goes through the new technologies that have been mentioned above and how they can be benefitted from in practise

Detection and Visualization of Android Malware Behavior

Malware analysts still need to manually inspect malware samples that are considered suspicious by heuristic rules. They dissect software pieces and look for malware evidence in the code. The increasing number of malicious applications targeting Android devices raises the demand for analyzing them to find where the malcode is triggered when user interacts with them. In this paper a framework to monitor and visualize Android applications’ anomalous function calls is described. Our approach includes platformindependent application instrumentation, introducing hooks in order to trace restricted API functions used at runtime of the application. These function calls are collected at a central server where the application behavior filtering and a visualization take place. This can help Android malware analysts in visually inspecting what the application under study does, easily identifying such malicious functions

Dynamic DNS Request Monitoring of Android Applications via networking

Smart devices are very popular and are becoming ubiquitous in the modern society, with Android OS as the most widespread operating system on current smartphones/tablets. However, malicious applications is one of the major concerns and fast growing security menaces facing the use of Internet in the Android platform, today. So, we need techniques and methods to address the massive malware attacks. One of the most relevant techniques to disclose sensitive behavior of Android applications during their runtime execution is Dynamic Analysis. Here we proposed a malware detection tool, termed as Network Sentinel, that it can be used for Dynamic DNS request Monitoring of Apps via networking. The main motivation for this work, it is extensively abuse of the DNS by malevolent communities in order to provide Internet connection within malicious networks and botnets. Finally, the experimental results obtained are promising by allowing us to capture the DNS queries requested by the smartphones to remote servers from the collected network traces at very low battery usage

Adaptable and Explainable Predictive Maintenance: Semi-Supervised Deep Learning for Anomaly Detection and Diagnosis in Press Machine Data

Predictive maintenance (PdM) has the potential to reduce industrial costs by anticipating failures and extending the work life of components. Nowadays, factories are monitoring their assets and most collected data belong to correct working conditions. Thereby, semi-supervised data-driven models are relevant to enable PdM application by learning from assets’ data. However, their main challenges for application in industry are achieving high accuracy on anomaly detection, diagnosis of novel failures, and adaptability to changing environmental and operational conditions (EOC). This article aims to tackle these challenges, experimenting with algorithms in press machine data of a production line. Initially, state-of-the-art and classic data-driven anomaly detection model performance is compared, including 2D autoencoder, null-space, principal component analysis (PCA), one-class support vector machines (OC-SVM), and extreme learning machine (ELM) algorithms. Then, diagnosis tools are developed supported on autoencoder’s latent space feature vector, including clustering and projection algorithms to cluster data of synthetic failure types semi-supervised. In addition, explainable artificial intelligence techniques have enabled to track the autoencoder’s loss with input data to detect anomalous signals. Finally, transfer learning is applied to adapt autoencoders to changing EOC data of the same process. The data-driven techniques used in this work can be adapted to address other industrial use cases, helping stakeholders gain trust and thus promote the adoption of data-driven PdM systems in smart factories

A neural-visualization IDS for honeynet data

Neural intelligent systems can provide a visualization of the network traffic for security staff, in order to reduce the widely known high false-positive rate associated with misuse-based Intrusion Detection Systems (IDSs). Unlike previous work, this study proposes an unsupervised neural models that generate an intuitive visualization of the captured traffic, rather than network statistics. These snapshots of network events are immensely useful for security personnel that monitor network behavior. The system is based on the use of different neural projection and unsupervised methods for the visual inspection of honeypot data, and may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection of the traffic itself. Furthermore, it is intended to facilitate verification and assessment of Snort performance (a well-known and widely-used misuse-based IDS), through the visualization of attack patterns. Empirical verification and comparison of the proposed projection methods are performed in a real domain, where two different case studies are defined and analyzedRegional Government of Gipuzkoa, the Department of Research, Education and Universities of the Basque Government, and the Spanish Ministry of Science and Innovation (MICINN) under projects TIN2010-21272-C02-01 and CIT-020000-2009-12 (funded by the European Regional Development Fund). This work was also supported in the framework of the IT4Innovations Centre of Excellence project, reg. no. CZ.1.05/1.1.00/02.0070 supported by the Operational Program 'Research and Development for Innovations' funded through the Structural Funds of the European Union and the state budget of the Czech RepublicElectronic version of an article published as International Journal of Neural Systems, Volume 22, Issue 02, April 2012 10.1142/S0129065712500050 ©copyright World Scientific Publishing Company http://www.worldscientific.com/worldscinet/ijn

Short Messages Spam Filtering Using Sentiment Analysis

In the same way that short instant messages are more and more used, spam and non-legitimate campaigns through this type of communication systems are growing up. Those campaigns, besides being an illegal online activity, are a direct threat to the privacy of the users. Previous short messages spam filtering techniques focus on automatic text classification and do not take message polarity into account. Focusing on phone SMS messages, this work demonstrates that it is possible to improve spam filtering in short message services using sentiment analysis techniques. Using a publicly available labelled (spam/legitimate) SMS dataset, we calculate the polarity of each message and aggregate the polarity score to the original dataset, creating new datasets. We compare the results of the best classifiers and filters over the different datasets (with and without polarity) in order to demonstrate the influence of the polarity. Experiments show that polarity score improves the SMS spam classification, on the one hand, reaching to a 98.91% of accuracy. And on the other hand, obtaining a result of 0 false positives with 98.67% of accuracy