377 research outputs found
Malaria vaccines: Genomic search for profiling naturally acquired immunity
Malaria remains a major public health problem worldwide. Despite many efforts to control or to eliminate the disease many malaria cases and deaths are still reported. The current measures to control malaria include quick diagnosis and treatment of malaria cases, vector control strategies, active research for malaria vaccine discovery and new drugs. Resistance of Plasmodium falciparum to the common and affordable antimalarial drugs as well as the resistance of the malaria vector to usual insecticides has been reported. An effective and affordable malaria vaccine would be the most important tool to control malaria. To date there is no licensed malaria vaccine. Traditional approaches toward malaria vaccine discovery have shown their limitations because of the limited number of proteins that were evaluated. The completion of the genome sequence of Plasmodium falciparum as well as the availability of the high throughput protein microarray immunoassay and other bioinformatic approaches offer the possibility to accelerate and to widen research on malaria vaccine candidates. The harnessing of the well-established model of the naturally acquired immunity (NAI) developed in people living in malaria endemic areas is an important way for the discovery of novel malaria vaccine candidates. Protein microarray is a high throughput technology, which allows the profiling of the humoral immune response to many proteins expressed at different stages of the Plasmodium life cycle in a single experiment. However, despite the hope generated by the sequencing of P. falciparum malaria genome no antigen identified by the protein microarray technology has yet been developed as a potential vaccine. On the other hand identification of structurally stable domains with limited or no polymorphism has led to the development of one candidate tested in phase 1a and 1b clinical trials
Malaria vaccines: Genomic search for profiling naturally acquired immunity
Malaria remains a major public health problem worldwide. Despite many efforts to control or to eliminate the disease many malaria cases and deaths are still reported. The current measures to control malaria include quick diagnosis and treatment of malaria cases, vector control strategies, active research for malaria vaccine discovery and new drugs. Resistance of Plasmodium falciparum to the common and affordable antimalarial drugs as well as the resistance of the malaria vector to usual insecticides has been reported. An effective and affordable malaria vaccine would be the most important tool to control malaria. To date there is no licensed malaria vaccine. Traditional approaches toward malaria vaccine discovery have shown their limitations because of the limited number of proteins that were evaluated. The completion of the genome sequence of Plasmodium falciparum as well as the availability of the high throughput protein microarray immunoassay and other bioinformatic approaches offer the possibility to accelerate and to widen research on malaria vaccine candidates. The harnessing of the well-established model of the naturally acquired immunity (NAI) developed in people living in malaria endemic areas is an important way for the discovery of novel malaria vaccine candidates. Protein microarray is a high throughput technology, which allows the profiling of the humoral immune response to many proteins expressed at different stages of the Plasmodium life cycle in a single experiment. However, despite the hope generated by the sequencing of P. falciparum malaria genome no antigen identified by the protein microarray technology has yet been developed as a potential vaccine. On the other hand identification of structurally stable domains with limited or no polymorphism has led to the development of one candidate tested in phase 1a and 1b clinical trials
Continuous Authentication using Stylometry
Static authentication, where user identity is checked once at login time, can be circumvented no matter how strong the authentication mechanism is. Through attacks such as man-in-the-middle and its variants, an authenticated session can be hijacked later after the initial login process has been completed. In the last decade, continuous authentication (CA) using biometrics has emerged as a possible remedy against session hijacking. CA consists of testing the authenticity of the user repeatedly throughout the authenticated session as data becomes available. CA is expected to be carried out unobtrusively, due to its repetitive nature, which means that the authentication information must be collectible without any active involvement of the user and without using any special purpose hardware devices (e.g. biometric readers). Stylometry analysis, which consists of checking whether a target document was written or not by a specific individual, could potentially be used for CA. Although stylometric techniques can achieve high accuracy rates for long documents, it is still challenging to identify an author for short documents, in particular when dealing with large author populations.
In this dissertation, we propose a new framework for continuous authentication using authorship verification based on the writing style. Authorship verification can be checked using stylometric techniques through the analysis of linguistic styles and writing characteristics of the authors. Different from traditional authorship verification that focuses on long texts, we tackle the use of short messages. Shorter authentication delay (i.e. smaller data sample) is essential to reduce the window size of the re-authentication period in CA. We validate our method using different block sizes, including 140, 280, and 500 characters, and investigate shallow and deep learning architectures for machine learning classification. Experimental evaluation of the proposed authorship verification approach based on the Enron emails dataset with 76 authors yields an Equal Error Rate (EER) of 8.21% and Twitter dataset with 100 authors yields an EER of 10.08%. The evaluation of the approach using relatively smaller forgery samples with 10 authors yields an EER of 5.48%.Graduat
Impact study of length in detecting algorithmically generated domains
Domain generation algorithm (DGA) is a popular technique for evading detection used by many sophisticated malware families. Since the DGA domains are randomly generated, they tend to exhibit properties that are different from legitimate domain names. It is observed that shorter DGA domains used in emerging malware are more difficult to detect, in contrast to regular DGA domains that are unusually long. While length was considered as a contributing feature in earlier approaches, there has not been a systematic focus on how to leverage its impact on DGA domains detection accuracy. Through our study, we present a new detection model based on semantic and information theory features. The research applies concept of domain length threshold to detect DGA domains regardless of their lengths. The experimental evaluation of the proposed approach, using public datasets, yield a detection rate (DR) of 98.96% and a false positive rate (FPR) of 2.1%, when using random forests classification techniqueGraduat
Flexible owner retained access control for document management systems
The majority of the security policy and enforcement frameworks deployed today require a centralized security model. These models are often tied to a central authentication service or operating system (OS) service. In collaboration environments, such as the Internet, there is no guarantee that users will be using the same OSs, authentication services, or access control policies. In such context, the risk of data interception or information leakage is extremely high during collaborations. Therefore, there is a need to control access to information that remains independent of these, and other, platform specific security features. Owner-retained access control, derived from labeling practices that historically have been used in paper based access control schemes, such as the military use of ORCON label, can provide such a feature. The owner-retained access control model allows for the owner of a document, not necessarily the creator of the document, to specify and maintain the access control restrictions for their data, even after disseminating such data. The access control policy itself is not sufficient to guarantee security; an enforcement framework is also required to ensure that the rules specified in the policy are enforced. The framework will allow us to overcome some of the limitations found in other access control policies. Discretionary access control, as an example, allows for authorized users to copy and distribute data once it has been accessed; thus breaking the principle of attenuation of privilege. In an attempt to satisfy this objective, we propose in this thesis, a formal security model and flexible policy specification and enforcement framework that allows for owner-retained control for document distribution in scalable collaborative environments. The body of the thesis also includes a description and validation of the security protocols that were developed to provide a framework for enforcing the security policy, the architecture and implementation of the prototype application (ORCS), case studies, and a performance evaluation of the most costly operations
Security vulnerability verification through contract-based assertion monitoring at runtime
In this dissertation we seek to identify ways in which the systems development life cycle (SDLC) can be augmented with improved software engineering practices to measurably address security concerns that have arisen relating to security vulnerability defects in software. By proposing a general model for identifying potential vulnerabilities (weaknesses) and using runtime monitoring for verifying their reachability and exploitability during development and testing reduces security risk in delivered products.
We propose a form of contract for our monitoring framework that is used to specify the environmental and system security conditions necessary for the generation of probes that monitor security assertions during runtime to verify suspected vulnerabilities. Our assertion-based security monitoring framework, based on contracts and probes, known as the Contract-Based Security Assertion Monitoring Framework (CB_SAMF) can be employed for verifying and reacting to suspected vulnerabilities in the application and kernel layers of the Linux operating system. Our methodology for integrating CB_SAMF into SDLC during development and testing to verify suspected vulnerabilities reduces the human effort by allowing developers to focus on fixing verified vulnerabilities. Metrics intended for the weighting, prioritizing, establishing confidence, and detectability of potential vulnerability categories are also introduced. These metrics and weighting approaches identify deficiencies in security assurance programs/products and also help focus resources towards a class of suspected vulnerabilities, or a detection method, which may presently be outside of the requirements and priorities of the system.
Our empirical evaluation demonstrates the effectiveness of using contracts to verify exploitability of suspected vulnerabilities across five input validation related vulnerability types, combining our contracts with existing static analysis detection mechanisms, and measurably improving security assurance processes/products used in an enhanced SDLC. As a result of this evaluation we introduced two new security assurance test suites, through collaborations with the National Institute of Standards and Technology (NIST), replacing existing test suites. The new and revised test cases provide numerous improvements to consistency, accuracy, and preciseness along with enhanced test case metadata to aid researchers using the Software Assurance Reference Dataset (SARD).Graduat
Agentless Host Intrusion Detection Using Machine Learning Techniques
With the rise in the frequency and sophistication of cyberattacks, host intrusion detection systems (HIDSs) have become an essential component in monitoring and protecting endpoints in the network security perimeter. Current HIDSs rely on a local software agent deployed on the monitored host that collects and processes or pre-processes required data. However, this architecture has adverse effects such as increased attack surface, and high maintenance cost and overhead.
Recently, a generic agentless endpoint framework that collects transparently raw data from the monitored host was proposed by Ghaleb et al [1] along with a basic threshold-based statistical model for intrusion detection as an initial proof of concept.
This report extends the generic agentless framework by collecting a new dataset with more attack vectors and developing and comparing six machine learning models, including k-nearest neighbors, logistic regression, naïve Bayes, decision tree, random forest, and support vector machine.
The experimental evaluation using the collected dataset confirmed the feasibility of agentless host intrusion detection, with increased detection efficiency and effectiveness.Graduat
Visual Analysis of Spam Campaigns based on Network Modelling
With the growing Internet use, spamming methods have evolved, and attackers have modernized the attack strategies, making them more scalable using botnets. Botnets play a crucial role in spreading these spam email campaigns. A single individual or a group usually controls botnets. However, the same attacker or group can run different campaigns in many cases. Therefore, detecting the campaigns run by the same entity is crucial. Furthermore, it helps the analyst to capture stronger evidence against the attacker.
The report proposes an approach for exposing coordinated spam campaigns initiated by single controlling entities. It uses network modelling and creates network graphs based on different behavioural traces for spam campaigns. Campaigns have a strong connection among them if they have similar behaviours. The proposed approach can also be used in investigating other cybersecurity attacks.Graduat
Protection against malicious JavaScript using hybrid flow-sensitive information flow monitoring
Modern web applications use several third-party JavaScript libraries to achieve higher levels of engagement. The third-party libraries range from utility libraries such as jQuery to libraries that provide services such as Google Analytics and context- sensitive advertisement. These third-party libraries have access to most (if not all) the elements of the displayed webpage. This allows malicious third-party libraries to perform attacks that steal information from the end-user or perform an action without the end-user consent. These types of attacks are the stealthiest and the hardest to defend against, because they are agnostic to the browser type and platform of the end-user and at the same time they rely on web standards when performing the attacks. Such kind of attacks can perform actions using the victim’s browser without her permission. The nature of such actions can range from posting an embarrassing message on the victim’s behalf over her social network account, to performing online biding using the victim’s account. This poses the need to develop effective mechanisms for protecting against client-side web attacks that mainly target the end-user. In the proposed research, we address the above challenges from information flow monitoring perspective by developing a framework that restricts the flow of information on the client-side to legitimate channels. The proposed model tracks sensitive information flow in the JavaScript code and prevents information leakage from happening. The main component of the framework is a hybrid flow-sensitive security monitor that controls, at runtime, the dissemination of information flow and its inlining. The security monitor is hybrid as it combines both static analysis and runtime monitoring of the running JavaScript program. We provide the soundness proof of the model with respect to termination-insensitive non-interference security policy and develop a new security benchmark to establish experimentally its effectiveness in detecting and preventing illicit information flow. When applied to the context of client-side web-based attacks, the proposed model provides a more secure browsing environment for the end-user.Graduat
Assessing the Effectiveness of Malicious Domain Prediction Using Machine Learning
Malicious domains are a serious threat to network security as they deceive users into accessing them, leading to information disclosure, identity theft, and economic losses. Despite efforts to tackle this problem, cybercriminals continue to buy and use brand-new domains to evade detection, bypassing network defenses and endangering users' security. Predicting future malicious domains in advance can greatly reduce their harm. The Domain Prediction System (DPS) developed by one of the industry partners of the Information Security and Object Technology (ISOT) Lab aims to predict in advance potentially malicious domains, but the effectiveness of the system needs to be tested as it is uncertain whether the predicted domains will be used for malicious purposes. This report introduces the problem's background and a description of the dataset used in the experiments. Then evaluates the effectiveness of the DPS system by comparing two sets of models: baseline and predictive models. The baseline models were obtained by training and testing different machine learning (ML) classifiers using existing (known) benign and malicious domains. The predictive models were obtained by training the ML classifiers using domains generated by the DPS that may be used for malicious purposes, and testing using the same benign domains as previously. The evaluation of the predictive models on the same test set as the baseline models yielded comparable performance measures, providing a strong indication of the utility and credibility of the predicted domains.Graduat
- …
