1.
2.
DNS tunneling detection through statistical fingerprints of protocol messages and machine learning
Aiello, M.; Mongelli, M.; Papaleo, G.
International journal of communication systems,
25 September 2015, Letnik:
28, Številka:
14
Journal Article
Summary
The use of covert‐channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like ...
peer‐to‐peer, chat or http proxy into other allowed protocols like Domain Name Server (DNS) or HTTP. This paper illustrates a machine learning approach to detect one particular covert‐channel technique: DNS tunneling.
Despite packet inspection may guarantee reliable intrusion detection in this context, it may suffer of scalability performance when a large set of sockets should be monitored in real time. Detecting the presence of DNS intruders by an aggregation‐based monitoring is of main interest as it avoids packet inspection, thus preserving privacy and scalability. The proposed monitoring mechanism looks at simple statistical properties of protocol messages, such as statistics of packets inter‐arrival times and of packets sizes. The analysis is complicated by two drawbacks: silent intruders (generating small statistical variations of legitimate traffic) and quick statistical fingerprints generation (to obtain a detection tool really applicable in the field).
Results from experiments conducted on a live network are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. The technique overcomes traditional classifier limitations. An insightful analysis of the performance leads to discover a unique intrusion detection tool, applicable in the presence of different tunneled applications. Copyright © 2014 John Wiley & Sons, Ltd.
The use of covert‐channel methods to bypass security policies has increased considerably in the recent years. The paper discusses several machine learning tools for DNS tunneling detection in the presence of silent intruders and by looking at the entire aggregate of traffic. Neither packet inspection nor socket‐by‐socket analysis is required. Quick statistical fingerprints generation is also considered. Results are presented for a real network scenario.
več
3.
Design of countermeasure to packet falsification in vehicle platooning by explainable artificial intelligence
Mongelli, M.
Computer communications,
11/2021, Letnik:
179
Journal Article
In view of system reliability, extraction of knowledge from models of artificial intelligence may be more important than their forecasting ability. The elaboration of rules found by explainable ...
artificial intelligence gives here insight into the problem of packet falsification in vehicle platooning. Detection and countermeasure are designed on the basis of feature and value ranking as well as rule confidence and they are validated under a large range of working conditions. The certification of safe operating conditions is found by achieving (statistically) zero false negatives, namely, the operating conditions predicted as ‘safe’ never lead to collision despite the cyber attack.
•Assessing vehicle platooning safety under cyber attacks is a real challenge.•Explainable artificial intelligence drives detection and countermeasure with respect to all parameters involved.
več
4.
BeaQoS: Load balancing and deadline management of queues in an OpenFlow SDN switch
Boero, L.; Cello, M.; Garibotto, C. ...
Computer networks (Amsterdam, Netherlands : 1999),
09/2016, Letnik:
106
Journal Article
Current OpenFlow specification is unable to set the service rate of the queues inside OpenFlow devices. This lack does not allow to apply most algorithms for the satisfaction of Quality of Service ...
requirements to new and established flows. In this paper we propose an alternative solution implemented through some modifications of Beacon, one popular SDN controller. It acts as follows: using ‘almost’-real-time statistics from OpenFlow devices, Beacon will re-route flows on different queues to guarantee the observance of deadline requirements (e.g. the flow is still useful if, and only if, is completely received by a given time) and/or an efficient queue balancing in an OpenFlow SDN switch. Differently from the literature, we do not propose any new primitive or modification of the OpenFlow standard: our mechanism, implemented in the controller, works with regular OpenFlow devices. Our changes in the SDN controller will be the base for the design of a class of new re-routing algorithms able to guarantee deadline constraints and queue balancing without any modification of the OpenFlow specification, as well as, of OpenFlow devices.
več
5.
6.
7.
Three‐dimensional transvaginal sonographic assessment of uterine volume as preoperative predictor of need to morcellate in women undergoing laparoscopic hysterectomy
Gerges, B.; Mongelli, M.; Casikar, I. ...
Ultrasound in obstetrics & gynecology,
August 2017, 2017-Aug, 2017-08-00, 20170801, Letnik:
50, Številka:
2
Journal Article
ABSTRACT
Objective
In light of recent statements from the United States Food and Drug Administration warning against the use of power morcellation of uterine leiomyomas during laparoscopy, we sought ...
to evaluate the use of preoperative two‐ (2D) and three‐ (3D) dimensional transvaginal ultrasound (US) assessment of uterine volume to predict the need for morcellation in women undergoing laparoscopic hysterectomy (LH).
Methods
This was a prospective observational study performed between October 2008 and November 2011 in a tertiary referral laparoscopic unit. All women scheduled to undergo LH were included and underwent detailed preoperative transvaginal US. Uterine volumes were calculated using 2D‐US measurements (ellipsoid formula), and using Virtual Organ Computer‐aided AnaLysis (VOCAL™) having acquired 3D‐US volumes of the uterus. Age, parity, need to morcellate and final uterine dry weight at histology were recorded. The estimated uterine volumes were then incorporated into a previously published logistic regression model to predict the need to morcellate for both nulliparous and parous women. The probability threshold cut‐off of 0.14 (95% sensitivity) was evaluated in terms of sensitivity, specificity, positive predictive value (PPV), negative predictive value (NPV) and likelihood ratios (LRs). The performance of the models incorporating 2D‐ and 3D‐US calculations were compared with 2D‐ and 3D‐US‐generated volumes alone, using receiver–operating characteristics (ROC) curves.
Results
Of 76 women who underwent LH during the study period, 79% (n = 60) had complete background and 3D‐US data. Their mean age was 43.7 years, 91.7% were parous and 35% underwent morcellation. The greatest uterine volume that did not require morcellation was 404 mL estimated using 3D‐US, which corresponded to a uterine volume of 688.8 mL using 2D‐US. The smallest uterine volume that required morcellation was 118.9 mL using 3D‐US, which corresponded to a uterine volume of 123.4 mL using 2D‐US. The 3D‐US uterine volume for parous women with a sensitivity of 95% based on ROC‐curve analysis was approximately 120 mL, which equated to a predicted probability of morcellation cut‐off of 0.14. For this cut‐off, specificity was 55.00%, PPV was 51.35%, NPV was 95.65%, LR+ was 2.11 and LR– was 0.09. Areas under the ROC curves for the morcellation logistic regression model were 0.769 (95% CI, 0.653–0.886) and 0.586 (95% CI, 0.419–0.753) using uterine volumes obtained by 3D‐US and by 2D‐US, respectively, and they were 0.938 (95% CI, 0.879–0.996) and 0.815 (95% CI, 0.681–0.948) using 3D‐US and 2D‐US volumes alone.
Conclusions
The need to morcellate can be predicted preoperatively using 3D‐US uterine volumes obtained by transvaginal US with a fair degree of accuracy. Uteri with volumes smaller than 120 mL at 3D‐US are very unlikely to require morcellation. The incorporation of 3D‐US‐estimated uterine volume into the previously published logistic regression model does not seem to confer any significant improvement when compared with 3D‐US uterine volume alone to predict the need to morcellate in women undergoing total LH. Copyright © 2016 ISUOG. Published by John Wiley & Sons Ltd.
več
8.
9.
10.
PDF
