The activity coefficient at infinite dilution for 47 selected organic solutes in 1-allyl-3-methylimidazolium chloride (AMIMCl) ionic liquid (IL) was determined at 303.15 K to 343.15 K through inverse ...gas chromatography (IGC). The partial molar excess enthalpy, entropy, Gibbs free energy at infinite dilution, and Hildebrand solubility parameters were obtained from the values of activity coefficient at infinite dilution. The selectivity and capacity of heptane/thiophene, heptane/benzene and benzene/thiophene separation problems were also calculated based on the activity coefficient at infinite dilution values. The selectivity of three separation problems of AMIMCl was 85.36, 30.65 and 2.79, which indicated that AMIMCl is an ideal solvent for the separation of heptane/thiophene.
The monitoring of unused IP address space - so called darknet - provides a cost-effective way to monitor the global trends of cyber-attacks in the Internet. By monitoring a large, distributed, ...global-scale darknet, the NICTER project has been collecting, reporting, and mitigating tremendous malicious activities in the cyberspace for more than a decade. In this paper, we present the recent advances at the NICTER with a focus on the newly developed data mining engines that lie at its core. The experiment results show that darknet monitoring provides a good tradeoff between the monitoring cost and global knowledge acquisition for tracking the trends of cyber-threats in the Internet. Strategic countermeasure to cyber-threats can be enabled based on the discoveries reported in this paper.
Max-flow has been adopted for semi-supervised data modelling, yet existing algorithms were derived only for the learning from static data. This paper proposes an online max-flow algorithm for the ...semi-supervised learning from data streams. Consider a graph learned from labelled and unlabelled data, and the graph being updated dynamically for accommodating online data adding and retiring. In learning from the resulting non stationary graph, we augment and de-augment paths to update max-flow with a theoretical guarantee that the updated max-flow equals to that from batch retraining. For classification, we compute min-cut over current max-flow, so that minimized number of similar sample pairs are classified into distinct classes. Empirical evaluation on real-world data reveals that our algorithm outperforms state-of-the-art stream classification algorithms.
Along with the proliferation of Internet of Things (IoT) devices, cyberattacks towards these devices are on the rise. In this paper, we present a study on applying Association Rule Learning to ...discover the regularities of these attacks from the big stream data collected on a large-scale darknet. By exploring the regularities in IoT-related indicators such as
destination ports
,
type of service
, and
TCP window sizes
, we succeeded in discovering the activities of attacking hosts associated with well-known classes of malware programs. As a case study, we report an interesting observation of the attack campaigns before and after the first source code release of the well-known IoT malware
Mirai
. The experiments show that the proposed scheme is effective and efficient in early detection and tracking of activities of new malware on the Internet and hence induces a promising approach to automate and accelerate the identification and mitigation of new cyber threats.
Display omitted
•A novel evolving possibilistic Cauchy clustering (eCauchy) is presented that is able to learn a classifier in an online manner on a stream of data.•As oppose to some evolving ...algorithms the presented approach has only few tuning parameters.•The eCauchy clustering is tested on large-scale monitoring for cyber-attacks on a KDD data set.•The results are given for all three KDD data sets in a form of typical classifier goodness measures.•The obtained results are promising and show that the approach can be potentially useful for monitoring network traffic.
We are living in an information age where all our personal data and systems are connected to the Internet and accessible from more or less anywhere in the world. Such systems can be prone to cyber-attacks; therefore the monitoring and identification of cyber-attacks play a significant role in preventing the abuse of our data and systems. The majority of such systems proposed in the literature are based on a model/classifiers built with the help of classical/off-line learning methods on a learning data set. Since cyber-attacks evolve over time such models or classifiers sooner or later become outdated. To keep a proper system functioning the models need to be updated over a period of time. When dealing with models/classifiers learned by classical off-line methods, this is an expensive and time-consuming task. One way to keep the models updated is to use evolving methodologies to learn and adapt the models in an on-line manner. Such methods have been developed, extensively studied and implemented for regression problems. The presented paper introduces a novel evolving possibilistic Cauchy clustering (eCauchy) method for classification problems. The given method is used as a basis for large-scale monitoring of cyber-attacks. By using the presented method a more flexible system for detection of attacks is obtained. The approach was tested on a database from 1999 KDD intrusion detection competition. The obtained results are promising. The presented method gives a comparable degree of accuracy on raw data to other methods found in the literature; however, it has the advantage of being able to adapt the classifier in an on-line manner. The presented method also uses less labeled data to learn the classifier than classical methods presented in the literature decreasing the costs of data labeling. The study is opening a new possible application area for evolving methodologies. In future research, the focus will be on implementing additional data filtering and new algorithms to optimize the classifier for detection of cyber-attacks.
Contemporary security information and event management (SIEM) solutions struggle to identify critical security incidents effectively due to the overwhelming number of false alerts generated by ...disparate security products, which results in significant alert fatigue and hinders effective incident response. To overcome this challenge, we propose a next-generation SIEM framework that integrates security orchestration automation and response capabilities and utilizes a divide-and-conquer strategy to mitigate the impact of low-quality IDS alerts. The proposed framework leverages advanced machine learning and data visualization tools-including a cost-sensitive learning method and an event segmenting algorithm-to filter and correlate alerts plus an augmented visualization tool to expedite the triage process. The proposed framework was evaluated experimentally on a dataset collected from a real-world enterprise network, and we report highly convincing results. The alert screening scheme demonstrates significant potential for real-world security operations. We believe that our findings will contributing to the development of a next-generation SIEM system that effectively addresses alert fatigue and lays the foundation for future research in this field.
Intrusion analysis is essential for cybersecurity, but oftentimes, the overwhelming number of false alerts issued by security appliances can prove to be a considerable hurdle. Machine learning ...algorithms can automate a task known as security alert data analysis to facilitate faster alert triage and incident response. This paper presents a bidirectional approach to address severe class imbalance in security alert data analysis. The proposed method utilizes an ensemble of three oversampling techniques to generate an augmented set of high-quality synthetic positive samples and employs a data subsampling algorithm to identify and remove noisy negative samples. Experimental results using an enterprise and a benchmark dataset confirm that this approach yields significantly improved recall and false positive rates compared with conventional oversampling techniques, suggesting its potential for more effective and efficient AI-assisted security operations.
Various malware and cyberattacks have arisen along with the proliferation of IoT devices. The evolving malware targeting IoT devices calls forth effective and efficient solutions to protect ...vulnerable IoT devices from being compromised. In this paper, we investigate the feasibility of a state-of-the-art graph embedding method, graph2vec, for performing family classification for IoT malware, with promising results reported. To further improve the generalization performance of the classifiers based on graph2vec-extracted features, we propose two new mechanisms to improve the quality of feature representation. First, we unify user-defined function calls by reinterpreting the opcode sequences therein to better capture the semantics of the function-call relationship in malware binaries. Then, we integrate literal information into the graph2vec embedding of the function call graph to achieve better discriminant ability. To prove the effectiveness of the proposed scheme, we carried out performance comparison on a large-scale dataset containing more than 108K malware binaries collected from seven CPU architectures. The accuracy rates obtained by five widely adopted classifiers on malware family classification are improved by 2%, on average, by adopting the two proposed mechanisms. Specifically, when combined with the proposed approach, the support vector machine classifier obtained an accuracy rate of 98.88% on malware family classification, outperforming known function-call-graph (FCG)-based methods and previous work on static malware analysis.
The chemotherapy drug doxorubicin (DOX) is an anthracycline with over 30% incidence of liver injury in breast cancer patients, yet the mechanism of its hepatotoxicity remains unclear. To identify ...potential biomarkers for anthracycline-induced hepatotoxicity (AIH), we generated clinically-relevant mouse and rat models administered low-dose, long-term DOX. These models exhibited significant liver damage but no decline in cardiac function. Through untargeted metabolic profiling of the liver, we identified 27 differential metabolites in a mouse model and 28 in a rat model. We then constructed a metabolite-metabolite network for each animal model and computationally identified several potential metabolic markers, with particular emphasis on aromatic amino acids, including phenylalanine, tyrosine, and tryptophan. We further performed targeted metabolomics analysis on DOX-treated 4T1 breast cancer mice for external validation. We found significant (
< 0.001) reductions in hepatic levels of phenylalanine and tyrosine (but not tryptophan) following DOX treatment, which were strongly correlated with serum aminotransferases (ALT and AST) levels. In summary, the results of our study present compelling evidence supporting the use of phenylalanine and tyrosine as metabolic signatures of AIH.
Security Incident and Event Manager (SIEM) is a security management approach designed to identify possible threats within a real-time enterprise environment. The main challenge for SIEM is to find ...critical security incidents among a huge number of less critical alerts coming from separate security products. The continuously growing number of internet-connected devices has led to the alert fatigue problem, which is defined as the inability of security operators to investigate each incoming alert from intrusion detection systems. This fatigue can lead to human errors and leave many alerts being not investigated. Aiming at reducing the number of less important threat alerts presented to security operators, this paper presents a new method for highlighting critical alerts with a minimal number of false negatives. The proposed method employs isolation forest to ensure unsupervised performance and adaptability to different types of networks. Furthermore, it takes the advantage of day-forward-chaining analysis to ensure the detection of highly important alerts in real time. The number of false positive cases is reduced by employing an autoencoder. The proposed method achieved a recall score of 95.89% and a false positive rate of 5.86% on a dataset comprising more than half a million alerts collected in a real-world enterprise environment over ten months. This study highlights the importance of addressing the alert fatigue problem and validates the effectiveness of unsupervised learning in filtering out less important threat alerts.