scholarly journals MD-MinerP: Interaction Profiling Bipartite Graph Mining for Malware-Control Domain Detection

2020 ◽  
Vol 2020 ◽  
pp. 1-20
Author(s):  
Tzung-Han Jeng ◽  
Yi-Ming Chen ◽  
Chien-Chih Chen ◽  
Chuan-Chiang Huang
Keyword(s):  
Network Traffic ◽  
Graph Mining ◽  
Single Point ◽  
Bipartite Graphs ◽  
Traffic Data ◽  
Domain Names ◽  
Advanced Persistent Threat ◽  
Threat Intelligence ◽  
Extraction Stage

Despite the efforts of information security experts, cybercrimes are still emerging at an alarming rate. Among the tools used by cybercriminals, malicious domains are indispensable and harm from the Internet has become a global problem. Malicious domains play an important role from SPAM and Cross-Site Scripting (XSS) threats to Botnet and Advanced Persistent Threat (APT) attacks at large scales. To ensure there is not a single point of failure or to prevent their detection and blocking, malware authors have employed domain generation algorithms (DGAs) and domain-flux techniques to generate a large number of domain names for malicious servers. As a result, malicious servers are difficult to detect and remove. Furthermore, the clues of cybercrime are stored in network traffic logs, but analyzing long-term big network traffic data is a challenge. To adapt the technology of cybercrimes and automatically detect unknown malicious threats, we previously proposed a system called MD-Miner. To improve its efficiency and accuracy, we propose the MD-MinerP here, which generates more features with identification capabilities in the feature extraction stage. Moreover, MD-MinerP adapts interaction profiling bipartite graphs instead of annotated bipartite graphs. The experimental results show that MD-MinerP has better area under curve (AUC) results and found new malicious domains that could not be recognized by other threat intelligence systems. The MD-MinerP exhibits both scalability and applicability, which has been experimentally validated on actual enterprise network traffic.

scholarly journals Observations of Tidal Flat Sedimentation within a Native and an Exotic Spartina Species

Water ◽  
2021 ◽  
Vol 13 (11) ◽  
pp. 1566
Author(s):  
Barbara Proença ◽  
Florian Ganthy ◽  
Richard Michalet ◽  
Aldo Sottolichio
Keyword(s):  
Single Point ◽  
Field Measurements ◽  
Species Variation ◽  
Storm Events ◽  
Level Variation ◽  
Wave Forcing ◽  
Bed Elevation ◽  
Sediment Stabilization ◽  
Consistent Response

Field measurements of bed elevation and related wave events were performed within a tidal marsh, on two cordgrass species, Spartina anglica (exotic) and Spartina maritima (native), in the Bay of Arcachon (SW France). Bed- and water-level time series were used to infer on the sediment behavior patterns from short to long term. A consistent response was found between the bed-level variation and the wave forcing, with erosion occurring during storms and accretion during low energy periods. Such behavior was observed within the two species, but the magnitude of bed-level variation was higher within the native than the exotic Spartina. These differences, in the order of millimeters, were explained by the opposite allocation of biomass of the two species. On the long term, the sedimentation/erosion patterns were dominated by episodic storm events. A general sediment deficit was observed on the site, suggested by an overall bed-level decrease registered within both species. However, further verification of within species variation needs to be considered when drawing conclusions. Despite possible qualitative limitations of the experimental design, due to single point survey, this work provides original and considerable field data to the understanding the different species ability to influence bed sediment stabilization and their potential to build marsh from the mudflat pioneer stage. Such information is valuable for coastal management in the context of global change.

scholarly journals Real-Time Detection of Dictionary DGA Network Traffic Using Deep Learning

2021 ◽  
Vol 2 (2) ◽  
Author(s):  
Kate Highnam ◽  
Domenic Puzio ◽  
Song Luo ◽  
Nicholas R. Jennings
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Real Time ◽  
Network Traffic ◽  
Short Term Memory ◽  
Domain Names ◽  
Control Networks ◽  
Detection Techniques ◽  
Lstm Network ◽  
And Control

AbstractBotnets and malware continue to avoid detection by static rule engines when using domain generation algorithms (DGAs) for callouts to unique, dynamically generated web addresses. Common DGA detection techniques fail to reliably detect DGA variants that combine random dictionary words to create domain names that closely mirror legitimate domains. To combat this, we created a novel hybrid neural network, Bilbo the “bagging” model, that analyses domains and scores the likelihood they are generated by such algorithms and therefore are potentially malicious. Bilbo is the first parallel usage of a convolutional neural network (CNN) and a long short-term memory (LSTM) network for DGA detection. Our unique architecture is found to be the most consistent in performance in terms of AUC, $$F_1$$ F 1 score, and accuracy when generalising across different dictionary DGA classification tasks compared to current state-of-the-art deep learning architectures. We validate using reverse-engineered dictionary DGA domains and detail our real-time implementation strategy for scoring real-world network logs within a large enterprise. In 4 h of actual network traffic, the model discovered at least five potential command-and-control networks that commercial vendor tools did not flag.

scholarly journals DomainChroma: Building actionable threat intelligence from malicious domain names

2018 ◽  
Vol 77 ◽  
pp. 138-161 ◽  
Author(s):  
Daiki Chiba ◽  
Mitsuaki Akiyama ◽  
Takeshi Yagi ◽  
Kunio Hato ◽  
Tatsuya Mori ◽  
...  
Keyword(s):  
Domain Names ◽  
Threat Intelligence

Mutations in Phytoene Desaturase Gene in Fluridone-Resistant Hydrilla (Hydrilla verticillata) Biotypes in Florida

Weed Science ◽  
2007 ◽  
Vol 55 (5) ◽  
pp. 412-420 ◽  
Author(s):  
Atul Puri ◽  
Gregory E. MacDonald ◽  
Fredy Altpeter ◽  
William T. Haller
Keyword(s):  
Herbicide Resistance ◽  
Single Point ◽  
Hydrilla Verticillata ◽  
The United States ◽  
Phytoene Desaturase ◽  
Day Length ◽  
Single Point Mutation ◽  
Aquatic Weed ◽  
Systemic Control

Hydrilla is one of the most serious aquatic weed problems in the United States, and fluridone is the only U.S. Environment Protection Agency (USEPA)–approved herbicide that provides relatively long-term systemic control. Recently, hydrilla biotypes with varying levels of fluridone resistance have been documented in Florida. One susceptible and five fluridone-resistant biotypes of hydrilla varying in resistance levels were maintained in 950-L tanks under ambient sunlight and day-length conditions from September 2004 to September 2005 in absence of fluridone. Because fluridone is an inhibitor of the enzyme phytoene desaturase (PDS), the gene for PDS (pds) was cloned from fluridone-susceptible and -resistant hydrilla biotypes. Somatic mutations in amino acid 304 of hydrilla PDS are known to confer herbicide resistance. We determinedpdssequence from these hydrilla biotypes at planting and 12-mo after planting. Two independent mutations at the arginine 304 codon ofpdswere found in the resistant hydrilla plants. The codon usage for arginine 304 is CGT, and a single point mutation yielding either serine (AGT) or histidine (CAT) was identified in different resistant hydrilla biotypes. There were no differences at codon 304 in the PDS protein of any hydrilla biotype 12-mo after planting. Several other mutations were also found in resistantpdsalleles, though their possible role in herbicide resistance is unclear.

Use of Long-Term Pavement Performance Data to Develop Traffic Defaults in Support of Mechanistic-Empirical Pavement Design Procedures

2003 ◽  
Vol 1855 (1) ◽  
pp. 176-182 ◽  
Author(s):  
Weng On Tam ◽  
Harold Von Quintus
Keyword(s):  
Pavement Design ◽  
Vehicle Classification ◽  
Pavement Performance ◽  
Traffic Data ◽  
Design Procedures ◽  
Load Spectra ◽  
State Highway ◽  
Pavement Structures ◽  
Empirical Design

Traffic data are a key element for the design and analysis of pavement structures. Automatic vehicle-classification and weigh-in-motion (WIM) data are collected by most state highway agencies for various purposes that include pavement design. Equivalent single-axle loads have had widespread use for pavement design. However, procedures being developed under NCHRP require the use of axle-load spectra. The Long-Term Pavement Performance database contains a wealth of traffic data and was selected to develop traffic defaults in support of NCHRP 1-37A as well as other mechanistic-empirical design procedures. Automated vehicle-classification data were used to develop defaults that account for the distribution of truck volumes by class. Analyses also were conducted to determine direction and lane-distribution factors. WIM data were used to develop defaults to account for the axle-weight distributions and number of axles per vehicle for each truck type. The results of these analyses led to the establishment of traffic defaults for use in mechanistic-empirical design procedures.

scholarly journals Reducing Network Traffic Data Sets

2007 ◽  
Author(s):  
A. Botta ◽  
A. Dainotti ◽  
A. Pescape ◽  
G. Ventre
Keyword(s):  
Network Traffic ◽  
Data Sets ◽  
Traffic Data

scholarly journals Data Correction Method of The Persistent Scatterer Interferometric Synthetic Aperture Radar Technique in Landslide Surface Monitoring

Mining Scince ◽  
2019 ◽  
Vol 26 ◽  
Author(s):  
Mowen Xie ◽  
Fuxia Lv ◽  
Liwei Wang
Keyword(s):  
Synthetic Aperture Radar ◽  
Single Point ◽  
Synthetic Aperture ◽  
Hydropower Station ◽  
Landslide Monitoring ◽  
Interferometric Synthetic Aperture Radar ◽  
Reservoir Area ◽  
Radar Technique ◽  
Aperture Radar

Landslides generally cause more damage than first predicted. Currently, many methods are available for monitoring landslides occurrence. Conventional methods are mainly based on single-point monitoring, which omits the aspect of variation in large-scale landslides. Due to the development of radar satellites, the differential interferometric synthetic aperture radar technique has been widely used for landslide monitoring. In this study, an experimental region in the Wudongde Hydropower Station reservoir area was studied using archived spaceborne synthetic aperture radar (SAR) data collected over many years. As the permanent scatterer interferometric SAR (PS-InSAR) technique is an advanced technology, it could be suitably used to overcome the time discontinuity in long time series. However, the accuracy of date processing obtained using the PS-InSAR technique is lower than that obtained using the single-point monitoring method. The monitoring results of the PS-InSAR technique only demonstrate the moving trend of landslides and do not present the actual displacement. The Advanced Land Observation Satellite and a high-precision total station were used for long-term landslide monitoring of the Jinpingzi landslide at the Wudongde Hydropower Station reservoir area. Based on a relationship analysis between the data obtained using the PS-InSAR technique and the total station, a revised method was proposed to reduce the errors in the PS-InSAR monitoring results. The method can not only enhance the monitoring precision of the PS-InSAR technology but also achieve long-term monitoring of landslide displacement from a bird’s-eye view.

scholarly journals Practical DDoS Attack Group Discovery and Tracking with Complex Graph-Based Network

2020 ◽  
pp. 97-114
Author(s):  
Yu Rao ◽  
Weixin Liu ◽  
Tian Zhu ◽  
Hanbin Yan ◽  
Hao Zhou ◽  
...  
Keyword(s):  
Situation Awareness ◽  
Graph Mining ◽  
Evidence Based ◽  
Ddos Attack ◽  
Threat Intelligence ◽  
Complex Graph ◽  
Control Message ◽  
Meta Path ◽  
Set Up ◽  
Security Organizations

AbstractIn recent years, a large number of users continuously suffer from DDoS attacks. DDoS attack volume is on the rise and the scale of botnets is also getting larger. Many security organizations began to use data-driven approaches to investigate gangs and groups beneath DDoS attack behaviors, trying to unveil the facts and intentions of DDoS gangs. In this paper, DDoSAGD - a DDoS Attack Group Discovery framework is proposed to help gang recognition and situation awareness. A heterogeneous graph is constructed from botnet control message and relative threat intelligence data, and a meta path-based similarity measurement is set up to calculate relevance between C2 servers. Then two graph mining measures are combined to build up our hierarchical attack group discovery workflow, which can output attack groups with both behavior-based similarity and evidence-based relevance. Finally, the experimental results demonstrate that the designed models are promising in terms of recognition of attack groups, and evolution process of different attack groups is also illustrated.

Sign in / Sign up

Export Citation Format

Share Document