Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the ...malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian, Support Vector Machine and K-Neighbors. The experimental validation was performed on two public datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited higher precision rates whilst analyzing a large number of samples with less processing time. The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a ...category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Summary
Crops generally have seeds larger than their wild progenitors´ and with reduced dormancy. In wild plants, seed mass and allocation to the seed coat (a proxy for physical dormancy) scale ...allometrically so that larger seeds tend to allocate less to the coats. Larger seeds and lightweight coats might thus have evolved as correlated traits in crops.
We tested whether 34 crops and 22 of their wild progenitors fit the allometry described in the literature, which would indicate co‐selection of both traits during crop evolution. Deviations from the allometry would suggest that other evolutionary processes contribute to explain the emergence of larger, lightweight‐coated seeds in crops.
Crops fitted the scaling slope but deviated from its intercept in a consistent way: Seed coats of crops were lighter than expected by their seed size. The wild progenitors of crops displayed the same trend, indicating that deviations cannot be solely attributed to artificial selection during or after domestication.
The evolution of seeds with small coats in crops likely resulted from a combination of various pressures, including the selection of wild progenitors with coats smaller than other wild plants, further decreases during early evolution under cultivation, and indirect selection due to the seed coat‐seed size allometry.
Full text
Available for:
BFBNIB, FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SAZU, SBCE, SBMB, UL, UM, UPUK
Nowadays, Information and Communication Technology (ICT) infrastructures play a crucial role for human beings, providing essential services at astonishing speed. Nevertheless, such a centrality of ...those infrastructures attracts the interest of ill-motivated actors that target such infrastructures with cyberattacks that are every day more sophisticated and more disruptive. In this alarming context, selecting the optimal set of countermeasures represents a primary need to react against the appearance of potentially dangerous threats effectively. With the motivation to contribute to develop ing faster and more effective response capabilities against them, the paper at hand introduces a novel cybersecurity reaction methodology based on Artificial Immune Systems (AIS), for which the evolutionary computing paradigm has been adopted. By leveraging the outstanding properties of these bio-inspired techniques, the selected countermeasures to defeat cyberthreats through cloning and mutation phases in an effort to improve the quality of the solution from a quantitative perspective, being able to adjust the risk to which the assets of the protected system are exposed. Exhaustive experiments demonstrate the feasibility of the proposed approach, reducing the risk in a more than acceptable time lapse.
Autonomic self-management is a key challenge for next-generation networks. This paper proposes an automated analysis framework to infer knowledge in 5G networks with the aim to understand the network ...status and to predict potential situations that might disrupt the network operability. The framework is based on the Endsley situational awareness model, and integrates automated capabilities for metrics discovery, pattern recognition, prediction techniques and rule-based reasoning to infer anomalous situations in the current operational context. Those situations should then be mitigated, either proactive or reactively, by a more complex decision-making process. The framework is driven by a use case methodology, where the network administrator is able to customize the knowledge inference rules and operational parameters. The proposal has also been instantiated to prove its adaptability to a real use case. To this end, a reference network traffic dataset was used to identify suspicious patterns and to predict the behavior of the monitored data volume. The preliminary results suggest a good level of accuracy on the inference of anomalous traffic volumes based on a simple configuration.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Denial of service attacks pose a threat in constant growth. This is mainly due to their tendency to gain in sophistication, ease of implementation, obfuscation and the recent improvements in ...occultation of fingerprints. On the other hand, progress towards self-organizing networks, and the different techniques involved in their development, such as software-defined networking, network-function virtualization, artificial intelligence or cloud computing, facilitates the design of new defensive strategies, more complete, consistent and able to adapt the defensive deployment to the current status of the network. In order to contribute to their development, in this paper, the use of artificial immune systems to mitigate denial of service attacks is proposed. The approach is based on building networks of distributed sensors suited to the requirements of the monitored environment. These components are capable of identifying threats and reacting according to the behavior of the biological defense mechanisms in human beings. It is accomplished by emulating the different immune reactions, the establishment of quarantine areas and the construction of immune memory. For their assessment, experiments with public domain datasets (KDD’99, CAIDA’07 and CAIDA’08) and simulations on various network configurations based on traffic samples gathered by the University Complutense of Madrid and flooding attacks generated by the tool DDoSIM were performed.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK, ZRSKP
This paper introduces a malware detection system for smartphones based on studying the dynamic behavior of suspicious applications. The main goal is to prevent the installation of the malicious ...software on the victim systems. The approach focuses on identifying malware addressed against the Android platform. For that purpose, only the system calls performed during the boot process of the recently installed applications are studied. Thereby the amount of information to be considered is reduced, since only activities related with their initialization are taken into account. The proposal defines a pattern recognition system with three processing layers: monitoring, analysis and decision-making. First, in order to extract the sequences of system calls, the potentially compromised applications are executed on a safe and isolated environment. Then the analysis step generates the metrics required for decision-making. This level combines sequence alignment algorithms with bagging, which allow scoring the similarity between the extracted sequences considering their regions of greatest resemblance. At the decision-making stage, the Wilcoxon signed-rank test is implemented, which determines if the new software is labeled as legitimate or malicious. The proposal has been tested in different experiments that include an in-depth study of a particular use case, and the evaluation of its effectiveness when analyzing samples of well-known public datasets. Promising experimental results have been shown, hence demonstrating that the approach is a good complement to the strategies of the bibliography.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK, ZRSKP
In recent years, an important increase in the amount and impact of Distributed Denial of Service (DDoS) threats has been reported by the different information security organizations. They typically ...target the depletion of the computational resources of the victims, hence drastically harming their operational capabilities. Inspired by these methods, Economic Denial of Sustainability (EDoS) attacks pose a similar motivation, but adapted to Cloud computing environments, where the denial is achieved by damaging the economy of both suppliers and customers. Therefore, the most common EDoS approach is making the offered services unsustainable by exploiting their auto-scaling algorithms. In order to contribute to their mitigation, this paper introduces a novel EDoS detection method based on the study of entropy variations related with metrics taken into account when deciding auto-scaling actuations. Through the prediction and definition of adaptive thresholds, unexpected behaviors capable of fraudulently demand new resource hiring are distinguished. With the purpose of demonstrate the effectiveness of the proposal, an experimental scenario adapted to the singularities of the EDoS threats and the assumptions driven by their original definition is described in depth. The preliminary results proved high accuracy.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
An Approach to Data Analysis in 5G Networks Barona López, Lorena; Maestre Vidal, Jorge; García Villalba, Luis
Entropy (Basel, Switzerland),
02/2017, Volume:
19, Issue:
2
Journal Article
Peer reviewed
Open access
5G networks expect to provide significant advances in network management compared to traditional mobile infrastructures by leveraging intelligence capabilities such as data analysis, prediction, ...pattern recognition and artificial intelligence. The key idea behind these actions is to facilitate the decision-making process in order to solve or mitigate common network problems in a dynamic and proactive way. In this context, this paper presents the design of Self-Organized Network Management in Virtualized and Software Defined Networks (SELFNET) Analyzer Module, which main objective is to identify suspicious or unexpected situations based on metrics provided by different network components and sensors. The SELFNET Analyzer Module provides a modular architecture driven by use cases where analytic functions can be easily extended. This paper also proposes the data specification to define the data inputs to be taking into account in diagnosis process. This data specification has been implemented with different use cases within SELFNET Project, proving its effectiveness.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Context:
Lamin A (LMNA)-linked lipodystrophies belong to a group of clinical disorders characterized by a redistribution of adipose tissue with a variable range of metabolic complications. The ...leading cause of these disorders is the nonphysiological accumulation of the lamin A precursor, prelamin A. However, the molecular mechanisms by which prelamin A induces the pathology remain unclear.
Objective:
The aim of this study is to use an experimental LMNA-lipodystrophy model based on human mesenchymal stem cell (hMSC)-derived adipocytes that accumulate prelamin A to gain deeper insights into the mechanisms governing these diseases.
Design/Setting/Participants:
Prelamin A-induced or -noninduced hMSC-derived adipocytes were obtained from healthy donors. The study was performed at the Biocruces Health Research Institute.
Main Outcome Measures:
Lipolytic activity was determined by the measurement of glycerol and free fatty acids. Ultrastructural analysis was performed by electron microscopy. Flow cytometry was used to assess mitochondrial membrane potential, and ultra-performance liquid chromatography coupled to mass spectrometry was used to explore lipid profiles.
Results:
Prelamin A accumulating hMSC-derived adipocytes revealed increased lipolysis, mitochondrial dysfunction, and endoplasmic reticulum stress. Accumulation of prelamin A induces an altered lipid profile characterized by reduced diacylglyceride content, a higher ratio of monounsaturated over polyunsaturated fatty acids, and decreased stearoyl-coenzyme A desaturase-1 activity. In contrast, the ratio of diacylglycerophosphatidylcholine over diacylglycerophosphatidylethanolamine and the activity of phosphatidylethanolamine-methyltransferase were increased.
Conclusions:
Prelamin A accumulation causes mitochondrial dysfunction, endoplasmic reticulum stress, and altered lipid metabolism resembling a premature aging phenotype.