Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers

In this paper, we present the results of using bags of system calls for learning the behavior of Linux containers for use in anomaly-detection based intrusion detection system. By using system calls of the containers monitored from the host kernel for anomaly detection, the system does not require any prior knowledge of the container nature, neither does it require altering the container or the host kernel.Comment: Published version available on IEEE Xplore (http://ieeexplore.ieee.org/document/7414047/) arXiv admin note: substantial text overlap with arXiv:1611.0305

Toward Smart Moving Target Defense for Linux Container Resiliency

This paper presents ESCAPE, an informed moving target defense mechanism for cloud containers. ESCAPE models the interaction between attackers and their target containers as a "predator searching for a prey" search game. Live migration of Linux-containers (prey) is used to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate ESCAPE effectiveness, we simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. Simulation results show high container survival probabilities with minimal added overhead.Comment: Published version is available on IEEE Xplore at http://ieeexplore.ieee.org/document/779685

Persistent issues in encryption software: A heuristic and cognitive walkthrough

The support information accompanying security software can be difficult to understand by end-users, who have little knowledge in cyber security. One mechanism for ensuring the integrity and confidentiality of information is encryption software. Unfortunately, software usability issues can hinder an end-user’s capability to properly utilise the security features effectively. To date there has been little research in investigating the usability of encryption software and proposing solutions for improving them. This research paper analysed the usability of encryption software targeting end-users. The research identified several issues that could impede the ability of a novice end-user to adequately utilise the encryption software. A set of proposed recommendations are suggested to improve encryption software which could be empirically verified through further research

Neural network fault diagnosis of a trolling motor based on feature reduction techniques for an unmanned surface vehicle

This article presents a novel approach to the diagnosis of unbalanced faults in a trolling motor under stationary operating conditions. The trolling motor being typically of that used as the propulsion system for an unmanned surface vehicle, the diagnosis approach is based on the use of discrete wavelet transforms as a feature extraction tool and a time-delayed neural network for fault classification. The time-delayed neural network classifies between healthy and faulty conditions of the trolling motor by analysing the stator current and vibration. To overcome feature redundancy, which affects diagnosis accuracy, several feature reduction methods have been tested, and the orthogonal fuzzy neighbourhood discriminant analysis approach is found to be the most effective method. Four faulty conditions were analysed under laboratory conditions, where one of the blades causing damage to the trolling motor is cut into 10%, 25%, half and then into full to simulate the effects of propeller blades being damaged partly or fully. The results obtained from the real-time simulation demonstrate the effectiveness and reliability of the proposed methodology in classifying the different faults faster and accurately

Reliability of Early Fetal Echocardiography for Congenital Heart Disease Detection: A Preliminary Experience and Outcome Analysis of 102 Fetuses to Demonstrate the Value of a Clinical Flow-Chart Designed for At-Risk Pregnancy Management

Early fetal echocardiography (EFEC) is a fetal cardiac ultrasound analysis performed between the 12th and 16th week of pregnancy (compared with the usual 18-22 weeks). In the last 10 years, the introduction of “aneuploidy sonographic markers” in screening for cardiac defects has led to a shift from late second to end of the first trimester or beginning of the second trimester of pregnancy for specialist fetal echocardiography. In this prospective study, early obstetric screening was performed between January 2014 and October 2015, using “aneuploidy sonographic markers” following SIEOG Guidelines 2014. These parameters were then collected and strategically combined in an evaluation score to select the group of pregnancies for performing EFEC, in accordance with the American Society of Echocardiography guidelines for fetal Echocardiography. All second-level examinations were performed transabdominally using a 3D convex volumetric probe with frequency range of 4-8 MHz (Accuvix – Samsung). The outcome data included transabdominal fetal echocardiography from 18 weeks to term and after birth. Overall, 99 pregnant women in the first trimester underwent EFEC (95 singleton and 4 twin pregnancies). Specifically, 30 fetuses were evaluated for extra-cardiac anomalies evidenced by obstetric screening (30%), 25 for family history of congenital heart diseases (25%), 8 for family history of genetic-linked diseases (8%), 4 for heart diseases suspected by obstetric screening (4%) and 19 by normal screening (19%). Was detected 11 (10.7%) CHD, when EFEC detected CHD, were compared to those performed later in pregnancy (18 weeks GA-term), a high degree of diagnosis correspondence was evidenced. The higher sensitivity value of EFEC vs late-FE, in comparison with the post-natal value, coupled with the high EFEC specificity shown vs both the end points, enabled us to consider it as a really reliable diagnostic technology, at least in perienced hands. The introduction of a key combination of the more sensitive obstetric and cardiologic variables should facilitate the formulation of a possible flow-chart as a guide for CHD at-risk pregnancies