Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies
|
|
- Harriet French
- 6 years ago
- Views:
Transcription
1 Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Jun Dai, Xiaoyan Sun, and Peng Liu College of Information Sciences and Technology Pennsylvania State University, University Park, PA Abstract. Identifying attack paths in enterprise network is strategically necessary and critical for security defense. However, there has been insufficient efforts in studying how to identify an attack path that goes through unknown security holes. In this paper, we define such attack paths as zero-day attack paths, and propose a prototype system named Patrol to identify them at runtime. Using system calls, Patrol builds a network-wide system object dependency graph that captures dependency relations between OS objects, and identifies suspicious intrusion propagation paths in it as candidate zero-day attack paths through forward and backward tracking from intrusion symptoms. Patrol further identifies highly suspicious candidates among these paths, by recognizing indicators of unknown vulnerability exploitations along the paths through rulebased checking. Our evaluation shows that Patrol can work accurately and effectively at runtime with an acceptable performance overhead. 1 Introduction 1.1 Zero-day Attack Paths When deploying enterprise network security defense, it is important to consider multi-step attacks. Given that today s network is usually under basic protection from security deployments like firewall and IDS, it s not easy for attackers to directly break into their final target. Instead, determined attackers patiently compromise other intermediate hosts as stepping-stones. That is, attackers often have to go through an attack path before they achieve their goal. An attack path is a sequence of vulnerability exploits on compromised hosts. It s necessary and critical to find the attack paths hidden in the network. Suppose that a host is compromised by a local or remote exploit. If this exploit is enabled by a known vulnerability, it s not zero-day. If this exploit is enabled by an unknown vulnerability, it is zero-day. If an attack path includes one or more zero-day exploits, it is a zero-day attack path. Fig. 1 illustrates an example attack scenario including three steps. Internet DMZ Intranet Inside DMZ Firewall Intranet Firewall Inside Firewall Workstation 1 (Linux kernel ) Server NFS Server (UNFS3) Web Server Trojan-horses Attacker NFS mount Bruteforce SSH Server (OpenSSL 0.9.8g) Database Server DNS Server Workstation 2 (bzip ) Fig. 1: An example attack scenario. Step 1, a brute-force key guessing attack is used to exploit CVE on SSH Server to gain root privilege. Step 2, the export table on NFS Server is inappropriately configured to allow any user to share files through a public directory (/exports), so two crafted trojan-horses are uploaded to this directory.
2 2 Jun Dai, Xiaoyan Sun, and Peng Liu The trojan-horses contain exploit code of CVE and CVE Step 3, once a trojan-horse file is mounted and installed by an innocent user like Workstation 1 or 2, arbitrary code is executed to create a hidden channel. Hence, two attack paths exist: p1 {CVE , NFS misconfiguration, CVE } and p2 {CVE , NFS misconfiguration, CVE }. Let s assume the time now is August 1, 2009, then CVE becomes the only known vulnerability. If the attackers are still able to exploit all the vulnerabilities in this scenario, then p1 and p2 both become zero-day attack paths. Zero-day exploit problem is so important and challenging. Zero-day attack path problem is beyond zero-day exploit problem. This paper aims to take the first steps to address the zero-day attack path problem. 1.2 Possible Solutions The literature is explored for possible solutions of zero-day attack path problem. However, we find that no existing technique can well address this problem due to the unknown nature of zero-day attack path. Attack graph [1 3]. By considering vulnerabilities in combination (not merely in isolation), attack graph can generate attack paths that show exploit sequences to specific attack goals. But, this notion has been primarily applied to model causality dependencies among known vulnerabilities. Unknown vulnerabilities are not captured and zero-day attack paths will accordingly be missing in attack graph. Notable exceptions are recent research [4] [5], which have pioneered the attack graph based analysis and modeling of zero-day vulnerabilities. However, a solution to identify zero-day attack paths at runtime is further expected. Penetration test [6 8]. This solution uses real exploits to reveal some speculated attack paths. It requires huge knowledge and operation input from human intelligence. Hence, the cost is usually too expensive. Besides, the attack paths in their discovery are largely known ones, because it s very difficult to exploit unknown vulnerabilities in penetration tests. Alert correlation [9] [10]. This solution correlates isolated alerts to form potential attack paths. Although it has potentials to be automatic and inexpensive, it may induce high false rates. The false rates are twofold: 1) The correlation itself is inaccurate because it attempts to integrate possibly different contexts into a unified story ; 2) The alerts that the correlation largely depends on genetically inherit false rates from security sensors like IDS. When the two folds of false rates are combined together, the accuracy of the whole solution gets worse. Techniques to detect zero-day exploits may help the identification of zero-day attack path, such as anomaly detection [11 18] and specification-based detection [19] [20]. By profiling normal behavior and detecting deviations, these techniques are capable of detecting novel exploits. However, they are hard to cope with false positives. Besides, the identification of novel exploits doesn t mean the identification of zero-day attack paths. As pointed above, IDS alert correlation needs to be involved and thus introduces one more fold of false rates. 1.3 Key Insights and Our Approach This paper leverages a different strategy to identify the zero-day attack paths. Instead of first collecting vulnerabilities or alerts and then correlating them into
3 Patrol 3 paths, we first try to build a superset graph and identify the suspicious intrusion propagation paths hidden in it as candidate zero-day attack paths, and then recognize the highly suspicious candidates among these paths. Interested readers can refer to Fig. 2 for an example of a superset graph (Fig. 2a) and the suspicious intrusion propagation paths (Fig. 2b) hidden in it. We make this decision for four key insights: 1) As the only way for programs to interact with OS, system calls are found hard-to-avoid and attack neutral; 2) We find that a network-wide superset graph can be generated from system calls, and zero-day attack paths are showing themselves in it. This graph is also attack neutral. It exists no matter whether any vulnerability is exploited or not; 3) The superset graph is inherently a set of paths. We find a way to get its appropriate subsets as candidate zero-day attack paths. These paths actually and naturally correlate vulnerability exploitations, different from the logical correlation in attack graph; 4) The candidate zero-day attack paths expose unknown vulnerability exploitations along them, and thus can orientate us to recognize such exploitations. With these paths serving as network-wide attack context, the accuracy and performance of detecting unknown vulnerability exploitations can be better than the detection with only isolated per-host context. The following summarizes our main contributions: 1. We propose to build a network-wide system object dependency graph (SODG) as the superset graph. Built from system calls, an SODG is made up of OS objects like processes/files/sockets (nodes) and dependency relations between them (edges). It neutrally captures the occurrence of vulnerability exploits. 2. We propose to identify suspicious intrusion propagation paths (SIPPs) in the network-wide SODG as candidate zero-day attack paths. The SIPPs actually and naturally correlate known/unknown vulnerability exploitations. We further coin the concepts of vulnerability shadow and shadow indicator to help recognize the highly suspicious candidates among the SIPPs. 3. We implemented a prototype system, called Patrol, which can work accurately and effectively at runtime with an acceptable performance overhead. 2 Models and Assumptions We assume a network consists of Unix-like operating systems, in which system objects can be mainly classified into processes, files and sockets. We propose to build a network-wide system object dependency graph (SODG) using system call traces. Since a system call is designed to be the only way to get service from OS in modern operating systems, attackers have to talk to the system via system calls. Therefore, although unknown exploits could not be seen by us, they can be seen by SODG. Fig. 2a gives an example of a 3-host SODG. To build a network-wide SODG, we first need to construct the SODG for each host, namely per-host SODG. As in Definition 1, a per-host SODG is a directed graph made up of OS objects (nodes) and dependency relations (directed edges) between them. System calls are parsed to generate these nodes and edges. There are several types of dependency relations. For example, system call read infers that a process depends on a file (denoted as file process), while write determines
4 4 Jun Dai, Xiaoyan Sun, and Peng Liu Host 1: SSH Server Host 2: NFS Server Host 3: Workstation 1 3 : ( : : h t t p ) 4 : ( : ) 2 0 : ( : ) 2 1 : ( : ) 5 : ( : 5 3 ) 6 : ( : : h t t p ) 7 : ( : ) 1 8 : ( : ) 2 3 : ( : ) 8 : ( : : b a s h ) 1 1 : ( : : b a s h ) 2 9 : ( : : b a s h ) : ( : : b a s h ) 9 : ( / h o m e / j u n : ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( / b i n / m o u n t : ) 1 2 : ( / e t c / l d. s o. c a c h e : ) 3 2 : ( : : m o u n t ) 3 4 : ( : : m o d p r o b e ) 9 6 : ( : : a p t ) 9 9 : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : r u n - p a r t s ) : ( : : r u n - p a r t s ) : ( : : r u n - p a r t s ) : ( : : l o g r o t a t e ) : ( : : l o g r o t a t e ) : ( : : l o g r o t a t e ) : ( : : s h ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( : : x a r g s ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( : : x a r g s ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( : : x a r g s ) : ( : : i n v o k e - r c. d ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : c u p s y s ) : ( : : s h ) : ( : : r u n - p a r t s ) : ( : : m a n - d b ) : ( : : m a n - d b ) : ( : : s h ) : ( : : s h ) : ( : : m a n - d b ) : ( : : r u n - p a r t s ) : ( : : m l o c a t e ) : ( : : r u n - p a r t s ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( : : h e a d ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : s a v e l o g ) : ( : : g r e p ) : ( : : c a t ) : ( : : c a t ) : ( : : h e a d ) : ( : : t r ) : ( : : g r e p ) : ( : : u s p l a s h _ wr i t e ) : ( : : t p u t ) : ( : : t p u t ) : ( : : t p u t ) : ( : : t p u t ) : ( : : e x p r ) : ( : : e x p r ) : ( : : t p u t ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : c h o wn ) : ( : : s t a r t - s t o p - d a e m ) : ( : : u s p l a s h _ wr i t e ) : ( : : t p u t ) 1 3 : ( / p r o c / / m o u n t s : ) 1 4 : ( / e t c / l o c a l e. a l i a s : ) 1 5 : ( / e t c / m t a b : ) 1 6 : ( / p r o c / f i l e s y s t e m s : ) : ( : : s s h d ) ( / m n t ) 1 9 : ( : 5 3 ) 2 2 : ( : 5 3 ) 2 4 : ( : 1 : c r o n ) 2 5 : ( / e t c / c r o n t a b : ) 2 6 : ( / e t c / c r o n. d : ) 2 7 : ( / e t c / c r o n. d / a n a c r o n : ) 2 8 : ( / e t c / l o c a l t i m e : ) : ( : 1 : a n a c r o n ) 3 0 : ( / p r o c / / m o u n t s : ) 3 1 : ( / s b i n / m o u n t. n f s : ) 3 3 : ( u i d : 0 ) 7 8 : ( / e x p o r t s : ) 7 9 ( / m n t / t r o j a n Ho r s e. t a r. g z ) : ( / e t c / m t a b ~ : ) 8 2 : ( / e t c / m t a b ~ : ) 3 5 : ( / e t c / m o d p r o b e. d : ) 3 6 : ( / e t c / m o d p r o b e. d / n v i d i a - k e r n e l - n k c : ) 3 7 : ( / e t c / m o d p r o b e. d / b l a c k l i s t - wa t c h d o g : ) 3 8 : ( / e t c / m o d p r o b e. d / i s a p n p : ) 3 9 : ( / e t c / m o d p r o b e. d / o p t i o n s : ) 4 0 : ( / e t c / m o d p r o b e. d / b l a c k l i s t - f r a m e b u f f e r : ) 4 1 : ( / e t c / m o d p r o b e. d / a r c h / i : ) 4 2 : ( / e t c / m o d p r o b e. d / a l i a s e s : ) 4 3 : ( / e t c / m o d p r o b e. d / t o s h i b a _ a c p i. m o d p r o b e : ) 4 4 : ( / e t c / m o d p r o b e. d / b l a c k l i s t : ) 4 5 : ( / e t c / m o d p r o b e. d / l r m - v i d e o : ) 4 6 : ( / e t c / m o d p r o b e. d / f u s e : ) 4 7 : ( / e t c / m o d p r o b e. d / a l s a - b a s e : ) 4 8 : ( / e t c / m o d p r o b e. d / b l a c k l i s t - m o d e m : ) 4 9 : ( / p r o c / m o d u l e s : ) 5 0 : ( : 1 : u d e v d ) 5 1 : ( / d e v /. u d e v / u e v e n t _ s e q n u m : ) 5 3 : ( / d e v /. u d e v / q u e u e : ) 5 5 : ( / d e v /. u d e v / q u e u e / : ) 5 7 : ( : : u d e v d ) 5 8 : ( / d e v /. u d e v / q u e u e / : ) 5 9 : ( : : u d e v d ) 6 0 : ( / d e v /. u d e v / q u e u e / : ) 6 1 : ( : : u d e v d ) 6 2 : ( / d e v /. u d e v / q u e u e / : ) 6 3 : ( : : u d e v d ) 6 4 : ( / d e v /. u d e v / q u e u e / : ) 6 5 : ( : : u d e v d ) 6 6 : ( / d e v /. u d e v / q u e u e / : ) 6 7 : ( : : u d e v d ) 6 8 : ( / d e v /. u d e v / q u e u e / : ) 6 9 : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) 5 2 : ( / d e v /. u d e v : ) 5 4 : ( / : 2 ) 5 6 : ( / p r o c / s t a t : ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) : ( : : a p t ) 9 7 : ( / b i n / wh i c h : ) 9 8 : ( / u s r / b i n / d b u s - s e n d : ) : ( : 1 : d b u s - d a e m o n ) : ( / e t c / p a s s wd : ) : ( : 1 : c u p s d ) : ( / e t c / g r o u p : ) : ( / b i n / t o u c h : ) : ( / u s r / b i n / f i n d : ) : ( / u s r / b i n / x a r g s : ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( : : i n v o k e - r c. d ) : ( / b i n / d a t e : ) : ( / b i n / l s : ) : ( : : s t a n d a r d ) : ( / p r o c / / m o u n t s : ) : ( / u s r / b i n / d u : ) : ( / e t c / c r o n. d a i l y / a p t : ) : ( : : r u n - p a r t s ) : ( : : r u n - p a r t s ) : ( / e t c / c r o n. d a i l y / a p t i t u d e : ) : ( / e t c / c r o n. d a i l y / b s d m a i n u t i l s : ) : ( / e t c / c r o n. d a i l y / l o g r o t a t e : ) : ( / u s r / s b i n / l o g r o t a t e : ) : ( / p r o c / / m o u n t s : ) : ( / e t c / l o g r o t a t e. c o n f : ) : ( / e t c / l o g r o t a t e. d : ) : ( / e t c / l o g r o t a t e. d / a c p i d : ) : ( / e t c / l o g r o t a t e. d / a p p o r t : ) : ( / e t c / l o g r o t a t e. d / a p t : ) : ( / e t c / l o g r o t a t e. d / a p t i t u d e : ) : ( / e t c / l o g r o t a t e. d / c u p s y s : ) : ( / e t c / n s s wi t c h. c o n f : ) : ( / e t c / l o g r o t a t e. d / p p p : ) : ( / e t c / l o g r o t a t e. d / s c r o l l k e e p e r : ) : ( / e t c / l o g r o t a t e. d / u n a t t e n d e d - u p g r a d e s : ) : ( / e t c / l o g r o t a t e. d / wp a _ a c t i o n : ) : ( / b i n / g z i p : ) : ( / b i n / d a s h : ) : ( / u s r / s b i n / i n v o k e - r c. d : ) : ( : : i n v o k e - r c. d ) : ( / e t c / i n i t. d / c u p s y s : ) : ( / s b i n / r u n l e v e l : ) : ( / b i n / s e d : ) : ( / e t c / r c 2. d : ) : ( / p r o c / / m o u n t s : ) : ( / e t c / r c 2. d / S 2 0 c u p s y s : ) : ( / b i n / e c h o : ) : ( / p r o c / / m o u n t s : ) : ( / e t c / r c S. d : ) : ( / p r o c / / m o u n t s : ) : ( / u s r / s b i n / c u p s d : ) : ( / e t c / d e f a u l t / c u p s y s : ) : ( / e t c / l s b - b a s e - l o g g i n g. s h : ) : ( / e t c / t i m e z o n e : ) : ( / b i n / c a t : ) : ( / s b i n / u s p l a s h _ wr i t e : ) : ( / u s r / b i n / t p u t : ) : ( / u s r / b i n / e x p r : ) : ( / e t c / t e r m i n f o : ) : ( / s b i n / s t a r t - s t o p - d a e m o n : ) : ( / p r o c / / s t a t : ) : ( : ) : ( / e t c / r e s o l v. c o n f : ) : ( / e t c / h o s t s : ) : ( / e t c / c u p s / c u p s d. c o n f : ) : ( / e t c / c u p s : ) : ( / e t c / c u p s / p p d : ) : ( / e t c / c u p s / s s l : ) : ( / e t c / c u p s / p r i n t e r s. c o n f : ) : ( / e t c / c u p s / m i m e. c o n v s : ) : ( / e t c / c u p s / c u p s - p d f. c o n f : ) : ( / e t c / c u p s / c u p s d. c o n f. d e f a u l t : ) : ( / e t c / c u p s / p d f t o p s. c o n f : ) : ( / e t c / c u p s / m i m e. t y p e s : ) : ( / e t c / c u p s / r a w. c o n v s : ) : ( / e t c / c u p s / s n m p. c o n f : ) : ( / e t c / c u p s / a c r o r e a d. c o n f : ) : ( / e t c / c u p s / r a w. t y p e s : ) : ( / e t c / c u p s / p p d / P DF. p p d : ) : ( / b i n / s l e e p : ) : ( / b i n / c h m o d : ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : : s s h d ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : 0 ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / u s r / s b i n / s s h d : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / d e v / u r a n d o m : ) : ( / e t c / g a i. c o n f : ) : ( / e t c / s s h / s s h _ h o s t _ r s a _ k e y : ) : ( / e t c / s s h / s s h _ h o s t _ d s a _ k e y : ) : ( / e t c / p r o t o c o l s : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / e t c / h o s t s. a l l o w: ) : ( / e t c / h o s t s. d e n y : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / e t c / s s h / m o d u l i : ) : ( / e t c / h o s t. c o n f : ) : ( / e t c / c r o n. d a i l y / m a n - d b : ) : ( : : m a n - d b ) : ( / b i n / c h o wn : ) : ( / p r o c / s y s / k e r n e l / n g r o u p s _ m a x : ) : ( / u s r / b i n / m a n d b : ) : ( / e t c / m a n p a t h. c o n f i g : ) : ( / u s r / l o c a l / m a n : ) : ( / e t c / c r o n. d a i l y / m l o c a t e : ) : ( / u s r / b i n / i o n i c e : ) : ( / b i n / b a s h : ) : ( / e t c / p a m. d : ) : ( / e t c / p a m. d / s s h d : ) : ( / e t c / p a m. d / c o m m o n - a u t h : ) : ( / e t c / p a m. d / c o m m o n - a c c o u n t : ) : ( / e t c / p a m. d / c o m m o n - s e s s i o n : ) : ( / e t c / p a m. d / c o m m o n - p a s s wo r d : ) : ( / e t c / p a m. d / o t h e r : ) : ( / h o m e / j u n /. s s h / a u t h o r i z e d _ k e y s : ) : ( / h o m e : ) : ( / h o m e / j u n /. s s h : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / e t c / s h a d o w: ) : ( / e t c / s e c u r i t y / l i m i t s. c o n f : ) : ( / e t c / s e c u r i t y / p a m _ e n v. c o n f : ) : ( / e t c / e n v i r o n m e n t : ) : ( / e t c / d e f a u l t / l o c a l e : ) : ( / p r o c / m e m i n f o : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( : ) : ( : ) : ( : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / u s r / b i n / s c p : ) : ( / e t c / c r o n. d a i l y / s t a n d a r d : ) : ( : : s t a n d a r d ) : ( : : s t a n d a r d ) : ( / u s r / b i n / c m p : ) : ( / e t c / g s h a d o w: ) : ( / b i n / d f : ) : ( / u s r / b i n / a wk : ) : ( / u s r / b i n / m a wk : ) : ( / l o s t + f o u n d : 1 1 ) : ( / p r o c / / m o u n t s : ) : ( / b i n / g r e p : ) : ( / u s r / b i n / s a v e l o g : ) : ( / u s r / b i n / b a s e n a m e : ) : ( / u s r / b i n / d i r n a m e : ) : ( / b i n / r m : ) : ( / b i n / m v : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / b i n / c h g r p : ) : ( / b i n / l n : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / t m p / f i l e P o W e i u : ( d e l e t e d ) ) : ( : ) : ( / e x p o r t s : ) : ( : ) : ( : ) : ( : ) : ( / e x p o r t s /. n f s : ) : ( / e x p o r t s /. n f s : ) : ( / e x p o r t s /. n f s : ) : ( / e x p o r t s /. n f s : ) : ( / e x p o r t s /. n f s a : ) : ( / : 2 ) : ( / e x p o r t s /. n f s : ) : ( / e x p o r t s /. n f s : ) : ( / e x p o r t s /. n f s c : ) : ( : : b a s h ) : ( : : b a s h ) : ( / h o m e / c a r t : ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( / b i n / m o u n t : ) : ( : : m o u n t ) : ( / e t c / l d. s o. c a c h e : ) : ( : : m o d p r o b e ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : t a r ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : e x p l o i t. s h ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : c c 1 ) : ( : : c c ) : ( : : c o l l e c t 2 ) : ( : : c o l l e c t 2 ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : c c 1 ) : ( : : c c ) : ( : : c o l l e c t 2 ) : ( : : c o l l e c t 2 ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : m o d p r o b e ) : ( : : m o d p r o b e ) : ( : : s h ) : ( : : wu n d e r b a r _ e m p o r ) : ( : : h a l d - r u n n e r ) : ( : : h a l - a c l - t o o l ) : ( : : b a s h ) : ( : : h a l - a c l - t o o l ) : ( : : h a l d - r u n n e r ) : ( : : h a l - a c l - t o o l ) : ( : : h a l - a c l - t o o l ) : ( : : h a l d - r u n n e r ) : ( : : h a l - a c l - t o o l ) : ( : : h a l - a c l - t o o l ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( / p r o c / / m o u n t s : ) : ( / e t c / l o c a l e. a l i a s : ) : ( / e t c / m t a b : ) : ( / s b i n / m o u n t. n f s : ) : ( u i d : 0 ) : ( / e x p o r t s : ) : ( / m n t / t r o j a n Ho r s e. t a r. g z : ) : ( / e t c / m t a b ~ : ) : ( / e t c / m t a b ~ : ) : ( : : b a s h ) : ( / e t c / m o d p r o b e. d : ) : ( / e t c / m o d p r o b e. d / a l s a - b a s e : ) : ( / e t c / m o d p r o b e. d / t o s h i b a _ a c p i. m o d p r o b e : ) : ( / e t c / m o d p r o b e. d / o p t i o n s : ) : ( / e t c / m o d p r o b e. d / n v i d i a - k e r n e l - n k c : ) : ( / e t c / m o d p r o b e. d / a l i a s e s : ) : ( / e t c / m o d p r o b e. d / l r m - v i d e o : ) : ( / e t c / m o d p r o b e. d / i s a p n p : ) : ( / e t c / m o d p r o b e. d / b l a c k l i s t - f r a m e b u f f e r : ) : ( / e t c / m o d p r o b e. d / b l a c k l i s t - m o d e m : ) : ( / e t c / m o d p r o b e. d / b l a c k l i s t : ) : ( / e t c / m o d p r o b e. d / f u s e : ) : ( / e t c / m o d p r o b e. d / a r c h / i : ) : ( / e t c / m o d p r o b e. d / b l a c k l i s t - wa t c h d o g : ) : ( / p r o c / m o d u l e s : ) : ( : 1 : u d e v d ) : ( / d e v /. u d e v / u e v e n t _ s e q n u m : ) : ( / d e v /. u d e v / q u e u e : ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v / q u e u e / : ) : ( : : u d e v d ) : ( / d e v /. u d e v : ) : ( / : 2 ) : ( : : b a s h ) : ( : : b a s h ) : ( / p r o c / s t a t : ) : ( : 1 : h a l d ) : ( / p r o c / / m o u n t s : ) : ( / d e v / d i s k / b y - u u i d / e c d f - 6 f 1 a a b e 8 1 b e 5 0 : ) : ( : 1 : f a s t - u s e r - s wi t c ) : ( i n o t i f y : 1 ) : ( : : n a u t i l u s ) : ( / p r o c / / m o u n t s : ) : ( / e t c / f s t a b : ) : ( / d e v : ) : ( / d e v / s c d 0 : ) : ( / d e v / f d 0 : ) : ( : 1 : c r o n ) : ( / e t c / c r o n t a b : ) : ( / e t c / c r o n. d : ) : ( / e t c / c r o n. d / a n a c r o n : ) : ( / e t c / l o c a l t i m e : ) : ( : : b a s h ) : ( / b i n / l s : ) : ( / p r o c / / m o u n t s : ) : ( / h o m e / u s e r / t e s t - b e d : ) : ( : : b a s h ) : ( : : b a s h ) : ( / b i n / c p : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / f i l e s y s t e m s : ) : ( / p r o c / / m o u n t s : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e _ b k. t a r. g z : ) : ( / b i n / t a r : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / o l d _ l o g : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / o l d _ l o g / t r a c e _ d j. o l d : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / o l d _ l o g / t r a c e _ x i. o l d : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / o l d _ l o g / t r a c e _ d j. 2 : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m - 3. t g z : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m _ l o g : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / t r a c e 1 : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / t g z : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / t r a c e 2 : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / e x p l o i t. s h : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / o l d _ l o g : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / o l d _ l o g / t r a c e _ x i. o l d : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / o l d _ l o g / t r a c e _ d j. n e w: ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / e x p l o i t. c : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / wu n d e r b a r _ e m p o r i u m. s h : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l. o : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / e x p l o i t : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / t z a m e t i. a v i : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l _ x i. o l d : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / e x p l o i t. c ~ : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l. c : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / e x p l o i t. s o : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l. o l d : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / e x p l o i t. s o. o l d : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l. c ~ : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / / r u n. c : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / / e x p l o i t. c : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / / r u n. s h : ) : ( E RROR: ) : ( / b i n / g z i p : ) : ( / e t c / n s s wi t c h. c o n f : ) : ( : 1 : d b u s - d a e m o n ) : ( / e t c / g r o u p : ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( : : b a s h ) : ( / p r o c / / m o u n t s : ) : ( / h o m e / c a r t / T e m p l a t e s : ) : ( / h o m e / c a r t / t r o j a n Ho r s e. t a r. g z : ) : ( / h o m e / c a r t / P i c t u r e s : ) : ( / h o m e / c a r t / M u s i c : ) : ( / h o m e / c a r t / Vi d e o s : ) : ( / h o m e / c a r t / S c r e e n s h o t - 1. p n g : ) : ( / h o m e / c a r t / wo r k s t a t i o n _ s p _ b _ e. o v a : ) : ( / h o m e / c a r t / Vi r t u a l Bo x : VM s ) : ( / h o m e / c a r t / e x p e r i m e n t a t i o n : ) : ( / h o m e / c a r t / S c r e e n s h o t. p n g : ) : ( / h o m e / c a r t / P u b l i c : ) : ( / h o m e / c a r t / Do c u m e n t s : ) : ( / h o m e / c a r t / De s k t o p : ) : ( / h o m e / c a r t / t r o j a n Ho r s e : ) : ( / h o m e / c a r t / E x a m p l e s : ) : ( : : b a s h ) : ( / h o m e : ) : ( : : b a s h ) : ( / h o m e / u s e r : ) : ( : : b a s h ) : ( / p r o c / / m o u n t s : ) : ( : : b a s h ) : ( / p r o c / / m o u n t s : ) : ( : : e x p l o i t. s h ) : ( / d e v / t t y : ) : ( / p r o c / m e m i n f o : ) : ( : : wu n d e r b a r _ e m p o r ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l 1. c : ) : ( : : wu n d e r b a r _ e m p o r ) : ( / b i n / s e d : ) : ( / b i n / m v : ) : ( / h o m e / u s e r / t e s t - b e d / t r o j a n Ho r s e / wu n d e r b a r _ e m p o r i u m / p wn k e r n e l 2. c : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / u s r / b i n / k i l l a l l : ) : ( / p r o c / / s t a t : ) : ( / p r o c : 1 ) : ( / p r o c / 1 / s t a t : ) : ( / p r o c / 2 / s t a t : ) : ( / p r o c / 3 / s t a t : ) : ( / p r o c / 4 / s t a t : ) : ( / p r o c / 5 / s t a t : ) : ( / p r o c / 6 / s t a t : ) : ( / p r o c / 7 / s t a t : ) : ( / p r o c / 4 0 / s t a t : ) : ( / p r o c / 4 3 / s t a t : ) : ( / p r o c / 4 4 / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / s t a t : ) : ( / p r o c / / c m d l i n e : ) : ( / b i n / u n a m e : ) : ( / b i n / c a t : ) : ( / p r o c / s y s / v m / m m a p _ m i n _ a d d r : ) : ( / u s r / b i n / c c : ) : ( / t m p / c c c XQx Z n. s : ) : ( / t m p / c c f RR3 4 r. o : ) : ( / u s r / b i n / g c c : ) : ( / u s r : ) : ( / u s r / b i n : ) : ( / e t c : ) : ( / e t c / a l t e r n a t i v e s : ) : ( / e t c / a l t e r n a t i v e s / c c : ) : ( / u s r / b i n / g c c : ) : ( / u s r / l o c a l / i n c l u d e : ) : ( / u s r / i n c l u d e : ) : ( / u s r / i n c l u d e / a s m / u n i s t d. h : ) : ( / u s r / i n c l u d e / a s m / u n i s t d _ 3 2. h : ) : ( / u s r / i n c l u d e / s i g n a l. h : ) : ( / u s r / i n c l u d e / f e a t u r e s. h : ) : ( / u s r / i n c l u d e / s y s / c d e f s. h : ) : ( / u s r / i n c l u d e / b i t s / wo r d s i z e. h : ) : ( / u s r / i n c l u d e / g n u / s t u b s. h : ) : ( / u s r / i n c l u d e / g n u / s t u b s h : ) : ( / u s r / i n c l u d e / b i t s / s i g s e t. h : ) : ( / u s r / i n c l u d e / b i t s / t y p e s. h : ) : ( / u s r / i n c l u d e / b i t s / t y p e s i z e s. h : ) : ( / u s r / i n c l u d e / b i t s / s i g n u m. h : ) : ( / u s r / i n c l u d e / t i m e. h : ) : ( / u s r / i n c l u d e / b i t s / s i g i n f o. h : ) : ( / u s r / i n c l u d e / b i t s / s i g a c t i o n. h : ) : ( / u s r / i n c l u d e / b i t s / s i g c o n t e x t. h : ) : ( / u s r / i n c l u d e / b i t s / s i g s t a c k. h : ) : ( / u s r / i n c l u d e / b i t s / p t h r e a d t y p e s. h : ) : ( / u s r / i n c l u d e / b i t s / s i g t h r e a d. h : ) : ( / u s r / i n c l u d e / s t d i n t. h : ) : ( / u s r / i n c l u d e / b i t s / wc h a r. h : ) : ( / u s r / i n c l u d e / s t d i o. h : ) : ( / u s r / i n c l u d e / _ G_ c o n f i g. h : ) : ( / u s r / i n c l u d e / wc h a r. h : ) : ( / u s r / i n c l u d e / b i t s / s t d i o _ l i m. h : ) : ( / u s r / i n c l u d e / b i t s / s y s _ e r r l i s t. h : ) : ( / u s r / i n c l u d e / s t d l i b. h : ) : ( / u s r / i n c l u d e / s y s / t y p e s. h : ) : ( / u s r / i n c l u d e / e n d i a n. h : ) : ( / u s r / i n c l u d e / b i t s / e n d i a n. h : ) : ( / u s r / i n c l u d e / s y s / s e l e c t. h : ) : ( / u s r / i n c l u d e / b i t s / s e l e c t. h : ) : ( / u s r / i n c l u d e / b i t s / t i m e. h : ) : ( / u s r / i n c l u d e / s y s / s y s m a c r o s. h : ) : ( / u s r / i n c l u d e / a l l o c a. h : ) : ( / u s r / i n c l u d e / s t r i n g. h : ) : ( / u s r / i n c l u d e / s y s / f i l e. h : ) : ( / u s r / i n c l u d e / f c n t l. h : ) : ( / u s r / i n c l u d e / b i t s / f c n t l. h : ) : ( / u s r / i n c l u d e / s y s / m m a n. h : ) : ( / u s r / i n c l u d e / b i t s / m m a n. h : ) : ( / u s r / i n c l u d e / s y s / s e n d f i l e. h : ) : ( / u s r / i n c l u d e / s y s / s o c k e t. h : ) : ( / u s r / i n c l u d e / s y s / u i o. h : ) : ( / u s r / i n c l u d e / b i t s / u i o. h : ) : ( / u s r / i n c l u d e / b i t s / s o c k e t. h : ) : ( / u s r / i n c l u d e / l i m i t s. h : ) : ( / u s r / i n c l u d e / b i t s / p o s i x 1 _ l i m. h : ) : ( / u s r / i n c l u d e / b i t s / l o c a l _ l i m. h : ) : ( / u s r / i n c l u d e / l i n u x / l i m i t s. h : ) : ( / u s r / i n c l u d e / b i t s / p o s i x 2 _ l i m. h : ) : ( / u s r / i n c l u d e / b i t s / s o c k a d d r. h : ) : ( / u s r / i n c l u d e / a s m / s o c k e t. h : ) : ( / u s r / i n c l u d e / a s m / s o c k i o s. h : ) : ( / u s r / i n c l u d e / s y s / u s e r. h : ) : ( / u s r / i n c l u d e / u n i s t d. h : ) : ( / u s r / i n c l u d e / b i t s / p o s i x _ o p t. h : ) : ( / u s r / i n c l u d e / b i t s / c o n f n a m e. h : ) : ( / u s r / i n c l u d e / g e t o p t. h : ) : ( / u s r / i n c l u d e / s y s / p e r s o n a l i t y. h : ) : ( / u s r / b i n / a s : ) : ( / t m p / c c 6 6 o f x d. c : ) : ( / t m p / c c 2 7 J S Ug. o : ) : ( / t m p / c c i 7 i q i k. l d : ) : ( / t m p / c c G2 P 2 Hn. l e : ) : ( / u s r / b i n / l d : ) : ( / u s r / b i n / n m : ) : ( / u s r / b i n / s t r i p : ) : ( / t m p / c c QXp wl K. s : ) : ( / t m p / c c UZ c d 3 t. o : ) : ( / u s r / i n c l u d e / s y s / s t a t. h : ) : ( / u s r / i n c l u d e / b i t s / s t a t. h : ) : ( / t m p / c c t KW e p V. c : ) : ( / t m p / c c W Dc T E G. o : ) : ( / t m p / c c Hwv Z Ur. l d : ) : ( / t m p / c c q U6 u b d. l e : ) : ( p e r s o n a l i t y : P E R_ S VR4 ) : ( / t m p / p u l s e - c a r t : ) : ( / t m p / p u l s e - c a r t / p i d : ) : ( / d e v / s h m / p u l s e - s h m : ) : ( / t m p /. e s d : ) : ( / t m p /. e s d / s o c k e t : ) : ( / h o m e / c a r t /. e s d _ a u t h : ) : ( / t m p / p u l s e - c a r t / n a t i v e : ) : ( / h o m e / c a r t /. p u l s e - c o o k i e : ) : ( / t m p / s e n d f i l e. p 4 l b t q : ) : ( / u s r / b i n / p u l s e a u d i o : ) : ( / e t c / p u l s e / d e f a u l t. p a : ) : ( / e t c / p u l s e / d a e m o n. c o n f : ) : ( / p r o c / s y s / k e r n e l / n g r o u p s _ m a x : ) : ( / d e v / u r a n d o m : ) : ( / d e v / s h m : ) : ( / d e v / s h m / p u l s e - s h m : ) : ( / h o m e / c a r t /. p u l s e / d e f a u l t - s i n k : ) : ( / h o m e / c a r t /. p u l s e / d e f a u l t - s o u r c e : ) : ( / p r o c / / f d : ) : ( / h o m e / c a r t /. Xa u t h o r i t y : ) : ( / e t c / h o s t. c o n f : ) : ( / e t c / r e s o l v. c o n f : ) : ( / e t c / h o s t s : ) : ( / p r o c / k a l l s y m s : ) : ( / b i n / d a s h : ) : ( / e t c /. p wd. l o c k : ) : ( / e t c / g r o u p : ) : ( / e t c / g r o u p. l o c k : ) : ( / e t c / g r o u p - : ) : ( / e t c / g r o u p + : ) : ( / u s r / s b i n / u s e r a d d : ) : ( / p r o c / / m o u n t s : ) : ( / e t c / d e f a u l t / u s e r a d d : ) : ( / e t c / l o g i n. d e f s : ) : ( / p r o c / / m o u n t s : ) : ( : 1 : s s h d ) : ( : 2 2 ) : ( : ) : ( : ) : ( : 0 ) : ( : ) : ( : ) : ( : ) : ( : ) : ( / u s r / s b i n / s s h d : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / e t c / g a i. c o n f : ) : ( / e t c / s s h / s s h _ h o s t _ r s a _ k e y : ) : ( / e t c / s s h / b l a c k l i s t. RS A : ) : ( / e t c / s s h / s s h _ h o s t _ d s a _ k e y : ) : ( / e t c / s s h / b l a c k l i s t. DS A : ) : ( / e t c / p r o t o c o l s : ) : ( / e t c / h o s t s. a l l o w: ) : ( / e t c / h o s t s. d e n y : ) : ( / e t c / s s h / m o d u l i : ) : ( : 5 3 ) : ( : 5 3 ) : ( : 5 3 ) : ( / b i n / b a s h : ) : ( / e t c / p a m. d : ) : ( / e t c / p a m. d / s s h d : ) : ( / e t c / p a m. d / c o m m o n - a u t h : ) : ( / e t c / p a m. d / c o m m o n - a c c o u n t : ) : ( / e t c / p a m. d / c o m m o n - s e s s i o n : ) : ( / e t c / p a m. d / c o m m o n - p a s s wo r d : ) : ( / e t c / p a m. d / o t h e r : ) : ( / e t c / s e c u r i t y / p a m _ e n v. c o n f : ) : ( / e t c / e n v i r o n m e n t : ) : ( / e t c / d e f a u l t / l o c a l e : ) : ( / e t c / s e c u r i t y / l i m i t s. c o n f : ) : ( : : h a l d - r u n n e r ) : ( / p r o c / / f d : ) : ( / e t c / P o l i c y Ki t / P o l i c y Ki t. c o n f : ) : ( / e t c / p r o f i l e : ) : ( / e t c / p r o f i l e. d : ) : ( / p r o c / / m o u n t s : ) : ( / u s r / b i n / g r o u p s : ) : ( / u s r / b i n / i d : ) : ( / p r o c / / m o u n t s : ) : ( / e t c / t e r m i n f o : ) : ( / e t c / i n p u t r c : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / f d : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / u s r / b i n / t o u c h : ) : ( / v i r u s : ) : ( / b i n / t o u c h : ) : ( / u s r / b i n / wh o a m i : ) : ( / p r o c / / m o u n t s : ) : ( / p r o c / / m o u n t s : ) : ( / b i n / r m : ) : ( / p r o c / / m o u n t s : ) : ( / u s r / l o c a l : ) : ( / u s r / l o c a l / s b i n : ) : ( / u s r / l o c a l / b i n : ) : ( / u s r / s b i n : ) : ( / s b i n : ) : ( / b i n : ) : ( / u s r / g a m e s : ) (a) An example 3-host SODG for the attack scenario in Fig. 1, with 1288 OS objects from system calls (Table 4 in Appendix). The SIPPs hidden in it is highlighted in red color. SSH Server NFS Server Workstation (b) The red colored SIPPs hidden in (a), with 175 OS objects (Table 4). The trigger node is highlighted in red color and other verified malicious nodes in grey. Fig. 2: This figure is to show what the SODG and SIPPs are like. A box contains a per-host SODG, in which a rectangle denotes a process, a diamond denotes a socket, and an ellipse denotes a file. They look unreadable because of the fine granularity at OS-level and the scale of network. Readers are not expected to understand the details. A main merit of Patrol is that it can dig out SIPPs from the network-wide SODG. that a file depends on a process (process file). Table 1 gives the dependency rules to help generate dependency relations from system calls. start and end respectively denote the timestamp at which a system call is invoked and returned. Definition 1. per-host System Object Dependency Graph If the system call trace for the i-th host is denoted as Σ i, then the per-host SODG for the host is a directed graph G(V i, E i ), where: V i is the set of nodes, and initialized to empty set ; E i is the set of directed edges, and initialized to empty set ; If a system call syscall Σ i, and dep is the dependency relation parsed from syscall according to dependency rules in Table 1, where dep {(src sink), (src sink), (src sink)}, src and sink are OS objects (mainly a process, file or socket), then V i = V i {src, sink}, E i = E i {dep}. dep inherits timestamps start and end from syscall; If (a b) E i and (b c) E i, then c transitively depends on a. As shown in Definition 2, the network-wide SODG is constructed by recursively concatenating the per-host SODGs. If and only if at least one directed edge exists between two nodes from two different SODGs, these two SODGs can be concatenated together (by the operation in Cantor set theory). Definition 2. network-wide System Object Dependency Graph If the per-host SODG for the i-th host is denoted as G(V i, E i ), then the networkwide SODG can be denoted as G(V i, E i ), where: G(V 2, E 2 )=G(V 1, E 1 ) G(V 2, E 2 )=G( V 2, E 2 ), iff obj 1 V 1, obj 2 V 2 and dep 1,2 E 2, where dep 1,2 {obj 1 obj 2, obj 1 obj 2, obj 1 obj 2 }. V 2 denotes V 1 V 2, and E 2 denotes E 1 E 2 ; G(V i, E i )={ G(V i 1, E i 1 )} G(V i, E i )=G( V i, E i ), iff obj i 1 V i 1, obj i V i and dep i 1,i E i, where dep i 1,i {obj i 1 obj i, obj i 1 obj i, obj i 1 obj i }. V i denotes V 1 V i, and E i denotes E 1 E i.
T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationAttack Graph Modeling and Generation
Attack Graph Modeling and Generation Ratnesh Kumar, Professor, IEEE Fellow Electrical and Computer Engineering, Iowa State University PhD Students: Mariam Ibrahim German Jordanian University Attack Graph:
More informationUnsupervised Anomaly Detection for High Dimensional Data
Unsupervised Anomaly Detection for High Dimensional Data Department of Mathematics, Rowan University. July 19th, 2013 International Workshop in Sequential Methodologies (IWSM-2013) Outline of Talk Motivation
More informationOn Permissions, Inheritance and Role Hierarchies
On Permissions, Inheritance and Role Hierarchies Information Security Group Royal Holloway, University of London Introduction The role hierarchy is central to most RBAC models Modelled as a partially ordered
More informationA study of entropy transfers
A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F. Goichon, G. Salagnac, C. Lauradoux The need for random numbers Computers are built to be fully deterministic......but
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationTransactions on Information and Communications Technologies vol 18, 1998 WIT Press, ISSN
GIS in the process of road design N.C. Babic, D. Rebolj & L. Hanzic Civil Engineering Informatics Center, University ofmaribor, Faculty of Civil Engineering, Smetanova 17, 2000 Maribor, Slovenia. E-mail:
More informationMySQL Attack Mitigation Using Deception Technology
1 RESEARCH REPORT : MySQL Attack Mitigation Using Deception Technology RESEARCH REPORT MySQL Attack Mitigation Using Deception Technology A Report by TrapX Labs December 31, 2016 2 RESEARCH REPORT : MySQL
More informationIMS4 ARWIS. Airport Runway Weather Information System. Real-time data, forecasts and early warnings
Airport Runway Weather Information System Real-time data, forecasts and early warnings Airport Runway Weather Information System FEATURES: Detection and prediction of runway conditions Alarms on hazardous
More informationBridging the Gap between Engineering and GIS
Bridging the Gap between Engineering and GIS Presented by: Karen Stewart, B.Tech, GISP Manager of Geomatics Township of Langley February 13, 2006 Agenda Introduction History Goals Implementation Benefits
More informationMining State Dependencies Between Multiple Sensor Data Sources
Mining State Dependencies Between Multiple Sensor Data Sources C. Robardet Co-Authored with Marc Plantevit and Vasile-Marian Scuturici April 2013 1 / 27 Mining Sensor data A timely challenge? Why is it
More informationIntroduction to Portal for ArcGIS. Hao LEE November 12, 2015
Introduction to Portal for ArcGIS Hao LEE November 12, 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration options Portal for ArcGIS + ArcGIS for
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationIncident Response tactics with Compromise Indicators
Vladimir Kropotov, Vitaly Chetvertakov, Fyodor Yarochkin RusCrypto 2014 March 25-28, 2014 Outline Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions Introduction Indicators
More informationThe Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center.
The Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center In the Beginning GIS was independent The GIS analyst or manager was typically a oneperson
More informationArcGIS 10.1 An Overview of the System
ArcGIS 10.1 An Overview of the System ArcGIS 10.1 An Overview of the System Damian Spangrud Director of Solutions, Esri Redlands, CA USA ArcGIS 10.1 Web Cloud Online Mobile Enterprise Desktop ArcGIS 10.1
More informationIntroduction to Portal for ArcGIS
Introduction to Portal for ArcGIS Derek Law Product Management March 10 th, 2015 Esri Developer Summit 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationDeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning. Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar University of Utah
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar University of Utah Background 2 Background System Event Log 3 Background
More informationARGUS.net IS THREE SOLUTIONS IN ONE
OVERVIEW H i g h l y c o n f i g u r a b l e s o f t w a r e a c c o m m o d a t e s a w i d e r a n g e o f c o l l e c t i o n s T h r e e s o l u t i o n s c o v e r P o r t a l s, C o l l e c t i o
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationImagery and the Location-enabled Platform in State and Local Government
Imagery and the Location-enabled Platform in State and Local Government Fred Limp, Director, CAST Jim Farley, Vice President, Leica Geosystems Oracle Spatial Users Group Denver, March 10, 2005 TM TM Discussion
More informationPortal for ArcGIS: An Introduction
Portal for ArcGIS: An Introduction Derek Law Esri Product Management Esri UC 2014 Technical Workshop Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationTowards a Theory of Moving Target Defense
Towards a Theory of Moving Target Defense Rui Zhuang Scott A. DeLoach Xinming Ou Kansas State University Manhattan, KS USA {zrui, sdeloach, xou}@ksu.edu ABSTRACT The static nature of cyber systems gives
More informationChapter 3 Deterministic planning
Chapter 3 Deterministic planning In this chapter we describe a number of algorithms for solving the historically most important and most basic type of planning problem. Two rather strong simplifying assumptions
More informationExelis and Esri Technologies for Defense and National Security. Cherie Muleh
Exelis and Esri Technologies for Defense and National Security Cherie Muleh Cherie.Muleh@exelisinc.com ENVI IMAGERY AND DATA BECOME KNOWLEDGE > Add information from imagery to your GIS > Automated workflows
More informationFeatures and Benefits
Autodesk LandXplorer Features and Benefits Use the Autodesk LandXplorer software family to help improve decision making, lower costs, view and share changes, and avoid the expense of creating physical
More information2007 / 2008 GeoNOVA Secretariat Annual Report
2007 / 2008 GeoNOVA Secretariat Annual Report Prepared for: Assistant Deputy Minister and Deputy Minister of Service Nova Scotia and Municipal Relations BACKGROUND This report reflects GeoNOVA s ongoing
More informationRandom Number Generation Is Getting Harder It s Time to Pay Attention
SESSION ID: PDAC-F03 Random Number Generation Is Getting Harder It s Time to Pay Attention Richard Moulds General Manager Whitewood Richard Hughes Laboratory Fellow (Retired) Los Alamos National Laboratory
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationAutomatic Differentiation Equipped Variable Elimination for Sensitivity Analysis on Probabilistic Inference Queries
Automatic Differentiation Equipped Variable Elimination for Sensitivity Analysis on Probabilistic Inference Queries Anonymous Author(s) Affiliation Address email Abstract 1 2 3 4 5 6 7 8 9 10 11 12 Probabilistic
More informationHierarchical Anomaly Detection in Load Testing with StormRunner Load
White Paper Application Development, Test & Delivery Hierarchical Anomaly Detection in Load Testing with StormRunner Load A fresh approach to cloud-based website load testing is proving more effective
More informationOne Optimized I/O Configuration per HPC Application
One Optimized I/O Configuration per HPC Application Leveraging I/O Configurability of Amazon EC2 Cloud Mingliang Liu, Jidong Zhai, Yan Zhai Tsinghua University Xiaosong Ma North Carolina State University
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationIntegrated Electricity Demand and Price Forecasting
Integrated Electricity Demand and Price Forecasting Create and Evaluate Forecasting Models The many interrelated factors which influence demand for electricity cannot be directly modeled by closed-form
More informationInternational Journal of Scientific & Engineering Research, Volume 7, Issue 2, February ISSN
International Journal of Scientific & Engineering Research, Volume 7, Issue 2, February-2016 9 Automated Methodology for Context Based Semantic Anomaly Identification in Big Data Hema.R 1, Vidhya.V 2,
More informationBRINGING MARINE DATA ASSETS TO THE FUTURE INTERNET
ENVIROfying the Future Internet BRINGING MARINE DATA ASSETS TO THE FUTURE INTERNET Leveraging the Future Internet for the Marine Usage Area Dr.Conor Delaney Galway Bay Smart Bay - Ireland MARINE SCENARIOS
More informationEntropy-based data organization tricks for browsing logs and packet captures
Entropy-based data organization tricks for browsing logs and packet captures Department of Computer Science Dartmouth College Outline 1 Log browsing moves Pipes and tables Trees are better than pipes and
More informationTelecommunication Services Engineering (TSE) Lab. Chapter IX Presence Applications and Services.
Chapter IX Presence Applications and Services http://users.encs.concordia.ca/~glitho/ Outline 1. Basics 2. Interoperability 3. Presence service in clouds Basics 1 - IETF abstract model 2 - An example of
More informationSelf-Organized Public-Key Management for Mobile Ad Hoc Networks
Self-Organized Public-Key Management for Mobile Ad Hoc Networks Srđan Čapkun, Levente Buttyàn and Jean-Pierre Hubaux {srdan.capkun, levente.buttyan and jean-pierre.hubaux}@epfl.ch Laboratory for Computer
More informationThe Design and Implementation of Attack Path Extraction Model in Power Cyber Physical System
The Design and Implementation of Attack Path Extraction Model in Power Cyber System Lei Wang, Zhaoyang Qu, and Zelong Li School of Engineering, Northeast Dianli University, Jilin 132012, China Email: neduwanglei@qq.com;
More informationMEASUREMENTS ASSOCIATED WITH LEARNING MORE SECURE COMPUTER CONFIGURATION PARAMETERS XIN ZHOU. A Thesis Submitted to the Graduate Faculty of
MEASUREMENTS ASSOCIATED WITH LEARNING MORE SECURE COMPUTER CONFIGURATION PARAMETERS BY XIN ZHOU A Thesis Submitted to the Graduate Faculty of WAKE FOREST UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES
More informationArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D
ArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D ArcGIS Earth is ArcGIS Earth is a lightweight globe desktop application that helps you explore any part of the world and investigate
More informationA Genetic Algorithm Approach for Doing Misuse Detection in Audit Trail Files
A Genetic Algorithm Approach for Doing Misuse Detection in Audit Trail Files Pedro A. Diaz-Gomez and Dean F. Hougen Robotics, Evolution, Adaptation, and Learning Laboratory (REAL Lab) School of Computer
More informationAuditing with the Critical Security Controls in Washington State
Auditing with the Critical Security Controls in Washington State 2017 NSAA IT Conference and Workshop October 6, 2017 Joe Clark Performance Auditor Sunia Laulile IT Security Specialist Michael Hjermstad
More informationArcGIS Web Tools, Templates, and Solutions for Defence & Intelligence. Renee Bernstein Esri Solutions Engineer
ArcGIS Web Tools, Templates, and Solutions for Defence & Intelligence Renee Bernstein Esri Solutions Engineer ArcGIS Solutions Includes 450+ Industry Focused Apps and Capabilities Organized by 9 Primary
More informationIntroduction Models of Attack Trees Computational Semantics. Attack Trees. Models and Computation. Jan Willemson, Aivo Jürgenson, Margus Niitsoo
Attack Trees Models and Computation Jan Willemson, Aivo Jürgenson, Margus Niitsoo Cybernetica, Estonia http://www.cybernetica.eu/ January 19th, 2010 University of Luxembourg We will use the basic multi-parameter
More informationSecure Indexes* Eu-Jin Goh Stanford University 15 March 2004
Secure Indexes* Eu-Jin Goh Stanford University 15 March 2004 * Generalizes an early version of my paper How to search on encrypted data on eprint Cryptology Archive on 7 October 2003 Secure Indexes Data
More informationSocket Programming. Daniel Zappala. CS 360 Internet Programming Brigham Young University
Socket Programming Daniel Zappala CS 360 Internet Programming Brigham Young University Sockets, Addresses, Ports Clients and Servers 3/33 clients request a service from a server using a protocol need an
More informationDetecting Wormhole Attacks in Wireless Networks Using Local Neighborhood Information
Detecting Wormhole Attacks in Wireless Networks Using Local Neighborhood Information W. Znaidi M. Minier and JP. Babau Centre d'innovations en Télécommunication & Intégration de services wassim.znaidi@insa-lyon.fr
More informationDavid Lanter PhD GISP. Information Security Risks and Controls of Public Geospatial Datasets July 17, 2014
David Lanter PhD GISP Information Security Risks and Controls of Public Geospatial Datasets July 17, 2014 This Presentation CDM Smith applies GIS and develops custom applications producing, deploying and
More informationEnterprise GIS to Support ADMS ESRI GeoConx EGUG 2016 Parag Parikh
October 20, 2016 ESRI GeoConX Enterprise GIS to Support ADMS ESRI GeoConx EGUG 2016 Parag Parikh Parag.Parikh@us.abb.com Slide 1 WE Energies Overview Total accounts: 2,240,640 Electric accounts: 1,148,805
More informationA Novel Attack Graph Posterior Inference Model Based on Bayesian Network
Journal of Information Security, 2011, 2, 8-27 doi:10.4236/jis.2011.21002 Published Online January 2011 (http://www.scirp.org/journal/jis) A Novel Attack Graph Posterior Inference Model Based on Bayesian
More informationForecast solutions for the energy sector
Forecast solutions for the energy sector A/S Lyngsø Allé 3 DK-2970 Hørsholm Henrik Aalborg Nielsen, A/S 1 Consumption and production forecasts Heat load forecasts for district heating systems usually for
More informationEnabling Web GIS. Dal Hunter Jeff Shaner
Enabling Web GIS Dal Hunter Jeff Shaner Enabling Web GIS In Your Infrastructure Agenda Quick Overview Web GIS Deployment Server GIS Deployment Security and Identity Management Web GIS Operations Web GIS
More informationA Quantum Computing Approach to the Verification and Validation of Complex Cyber-Physical Systems
A Quantum Computing Approach to the Verification and Validation of Complex Cyber-Physical Systems Achieving Quality and Cost Control in the Development of Enormous Systems Safe and Secure Systems and Software
More informationGIS for Crime Analysis. Building Better Analysis Capabilities with the ArcGIS Platform
GIS for Crime Analysis Building Better Analysis Capabilities with the ArcGIS Platform Crime Analysis The Current State One of the foundations of criminological theory is that three things are needed for
More informationMPRI Course on Concurrency. Lecture 14. Application of probabilistic process calculi to security
MPRI Course on Concurrency Lecture 14 Application of probabilistic process calculi to security Catuscia Palamidessi LIX, Ecole Polytechnique kostas@lix.polytechnique.fr www.lix.polytechnique.fr/~catuscia
More informationNATO Headquarters The Situation Center GIS experience.
NATO Headquarters The Situation Center GIS experience. Abstract Recently, the dynamic capability of responding to a major world crisis with comprehensive in-depth information has become a crucial aspect
More informationSolving Polynomial Systems in the Cloud with Polynomial Homotopy Continuation
Solving Polynomial Systems in the Cloud with Polynomial Homotopy Continuation Jan Verschelde joint with Nathan Bliss, Jeff Sommars, and Xiangcheng Yu University of Illinois at Chicago Department of Mathematics,
More informationI N T R O D U C T I O N : G R O W I N G I T C O M P L E X I T Y
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R I n v a r i a n t A n a l y z e r : A n A u t o m a t e d A p p r o a c h t o
More informationCan Vector Space Bases Model Context?
Can Vector Space Bases Model Context? Massimo Melucci University of Padua Department of Information Engineering Via Gradenigo, 6/a 35031 Padova Italy melo@dei.unipd.it Abstract Current Information Retrieval
More informationArcGIS Enterprise: What s New. Philip Heede Shannon Kalisky Melanie Summers Sam Williamson
ArcGIS Enterprise: What s New Philip Heede Shannon Kalisky Melanie Summers Sam Williamson ArcGIS Enterprise is the new name for ArcGIS for Server What is ArcGIS Enterprise ArcGIS Enterprise is powerful
More informationAutomatic Differentiation and Neural Networks
Statistical Machine Learning Notes 7 Automatic Differentiation and Neural Networks Instructor: Justin Domke 1 Introduction The name neural network is sometimes used to refer to many things (e.g. Hopfield
More informationarxiv: v1 [cs.cr] 20 Dec 2012
Modeling and Performance Evaluation of Computer Systems Security Operation D. Guster N. K. Krivulin arxiv:1212.5289v1 [cs.cr] 20 Dec 2012 Abstract A model of computer system security operation is developed
More informationBenefits of Applying Predictive Intelligence to the Space Situational Awareness (SSA) Mission
Benefits of Applying Predictive Intelligence to the Space Situational Awareness (SSA) Mission Abstract Ben Lane and Brian Mann Military Civil Space and Ground (MCS&G) Northrop Grumman Electronic Systems
More informationTowards information flow control. Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011
Towards information flow control Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011 Mandatory access controls and security levels DAC vs. MAC Discretionary access control
More informationCrime Analysis. GIS Solutions for Intelligence-Led Policing
Crime Analysis GIS Solutions for Intelligence-Led Policing Applying GIS Technology to Crime Analysis Know Your Community Analyze Your Crime Use Your Advantage GIS aids crime analysis by Identifying and
More informationAn Optimization Approach In Information Security Risk Management
Advances in Management & Applied Economics, vol.2, no.3, 2012, 1-12 ISSN: 1792-7544 (print version), 1792-7552 (online) Scienpress Ltd, 2012 An Optimization Approach In Information Security Risk Management
More informationWireless Sensor Network Wormhole Detection using an Artificial Neural Network
Int'l Conf. Wireless Networks ICWN'15 115 Wireless Sensor Network Wormhole Detection using an Artificial Neural Network Mohammad Nurul Afsar Shaon and Ken Ferens Department of Electrical and Computer Engineering
More informationCompensation Planning Application
Compensation Planning Application Why Physician Compensation? More and more organizations are formally aligning with physicians. These organizations require large support structures to effectively manage
More informationBi-Abduction. Philippa Gardner (Imperial College London) Separation Logic 1 / 17. Bi-Abduction
8 Bi-abduction and Abstraction Slide 1 In the last lecture, we saw how frame inference lets us verify that the pre- and post-conditions and loop invariants of a given program are correct. Abstraction lets
More informationPARASITIC COMPUTING: PROBLEMS AND ETHICAL
ISSN 2320-9194 8 International Journal of Advance Research, IJOAR.org Volume 1, Issue 11, November 2013, Online: ISSN 2320-9194 PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION Abstract Parasitic
More informationPolarization and Bipolar Probabilistic Argumentation Frameworks
Polarization and Bipolar Probabilistic Argumentation Frameworks Carlo Proietti Lund University Abstract. Discussion among individuals about a given issue often induces polarization and bipolarization effects,
More informationIntelligent GIS: Automatic generation of qualitative spatial information
Intelligent GIS: Automatic generation of qualitative spatial information Jimmy A. Lee 1 and Jane Brennan 1 1 University of Technology, Sydney, FIT, P.O. Box 123, Broadway NSW 2007, Australia janeb@it.uts.edu.au
More informationR E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.
R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E
More informationProbability in Programming. Prakash Panangaden School of Computer Science McGill University
Probability in Programming Prakash Panangaden School of Computer Science McGill University Two crucial issues Two crucial issues Correctness of software: Two crucial issues Correctness of software: with
More informationComponents for Accurate Forecasting & Continuous Forecast Improvement
Components for Accurate Forecasting & Continuous Forecast Improvement An ISIS Solutions White Paper November 2009 Page 1 Achieving forecast accuracy for business applications one year in advance requires
More informationTime, Clocks, and the Ordering of Events in a Distributed System
Time, Clocks, and the Ordering of Events in a Distributed System Motivating example: a distributed compilation service FTP server storing source files, object files, executable file stored files have timestamps,
More informationEMMA : ECDC Mapping and Multilayer Analysis A GIS enterprise solution to EU agency. Sharing experience and learning from the others
EMMA : ECDC Mapping and Multilayer Analysis A GIS enterprise solution to EU agency. Sharing experience and learning from the others Lorenzo De Simone, GIS Expert/ EMMA Project Manager 2014 GIS Workshop,
More informationArcGIS GeoAnalytics Server: An Introduction. Sarah Ambrose and Ravi Narayanan
ArcGIS GeoAnalytics Server: An Introduction Sarah Ambrose and Ravi Narayanan Overview Introduction Demos Analysis Concepts using GeoAnalytics Server GeoAnalytics Data Sources GeoAnalytics Server Administration
More informationCyber-Awareness and Games of Incomplete Information
Cyber-Awareness and Games of Incomplete Information Jeff S Shamma Georgia Institute of Technology ARO/MURI Annual Review August 23 24, 2010 Preview Game theoretic modeling formalisms Main issue: Information
More informationSpatial Analysis with Web GIS. Rachel Weeden
Spatial Analysis with Web GIS Rachel Weeden Agenda Subhead goes here Introducing ArcGIS Online Spatial Analysis Workflows Scenarios Other Options Resources ArcGIS is a Platform Making mapping and analytics
More informationCIS 4930/6930: Principles of Cyber-Physical Systems
CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 11 Scheduling Hao Zheng Department of Computer Science and Engineering University of South Florida H. Zheng (CSE USF) CIS 4930/6930: Principles
More informationLogical Provenance in Data-Oriented Workflows (Long Version)
Logical Provenance in Data-Oriented Workflows (Long Version) Robert Ikeda Stanford University rmikeda@cs.stanford.edu Akash Das Sarma IIT Kanpur akashds.iitk@gmail.com Jennifer Widom Stanford University
More informationFrequency-hiding Dependency-preserving Encryption for Outsourced Databases
Frequency-hiding Dependency-preserving Encryption for Outsourced Databases ICDE 17 Boxiang Dong 1 Wendy Wang 2 1 Montclair State University Montclair, NJ 2 Stevens Institute of Technology Hoboken, NJ April
More informationAcknowledgments xiii Preface xv. GIS Tutorial 1 Introducing GIS and health applications 1. What is GIS? 2
Acknowledgments xiii Preface xv GIS Tutorial 1 Introducing GIS and health applications 1 What is GIS? 2 Spatial data 2 Digital map infrastructure 4 Unique capabilities of GIS 5 Installing ArcView and the
More informationInformation-Theoretic Measures for Anomaly Detection
Information-Theoretic Measures for Anomaly Detection Wenke Lee Computer Science Department North Carolina State University Raleigh, NC 27695-7534 wenke@csc.ncsu.edu Dong Xiang Computer Science Department
More informationA Scalable and Provably Secure Hash-Based RFID Protocol
PerSec 05 A Scalable and Provably Secure Hash-Based RFID Protocol EPFL, Lausanne, Switzerland ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE Outline A Brief Introduction to the RFID Technology A Brief Introduction
More informationAnomaly Detection. What is an anomaly?
Anomaly Detection Brian Palmer What is an anomaly? the normal behavior of a process is characterized by a model Deviations from the model are called anomalies. Example Applications versus spyware There
More informationRobust Network Codes for Unicast Connections: A Case Study
Robust Network Codes for Unicast Connections: A Case Study Salim Y. El Rouayheb, Alex Sprintson, and Costas Georghiades Department of Electrical and Computer Engineering Texas A&M University College Station,
More informationDefending against Internet worms using a phase space method from chaos theory
Defending against Internet worms using a phase space method from chaos theory Jing Hu and Jianbo Gao Department of Electrical & Computer Engineering University of Florida Nageswara S. Rao Computer Science
More informationArup Nanda Starwood Hotels
Arup Nanda Starwood Hotels Why Analyze The Database is Slow! Storage, CPU, memory, runqueues all affect the performance Know what specifically is causing them to be slow To build a profile of the application
More informationCHAPTER 22 GEOGRAPHIC INFORMATION SYSTEMS
CHAPTER 22 GEOGRAPHIC INFORMATION SYSTEMS PURPOSE: This chapter establishes the administration and use of to improve the quality and accessibility of Department s spatial information and support graphical
More informationManagement of Geological Information for Mining Sector Development and Investment Attraction Examples from Uganda and Tanzania
Mineral Wealth Conference 2016 Kampala / Uganda Management of Geological Information for Mining Sector Development and Investment Attraction Examples from Uganda and Tanzania Andreas Barth 1, Andreas Knobloch
More informationParticipatory GIS (PGIS)
Participatory GIS (PGIS) Join public opinions as an information source into environmental decision-making ESRM 250. May, 29 th, 2012 Mu-Ning Wang wang0209@uw.edu GIS is... A Mapping Tool An Analysis Tool
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationEsri Overview for Mentor Protégé Program:
Agenda Passionate About Helping You Succeed Esri Overview for Mentor Protégé Program: Northrop Grumman CSSS Jeff Dawley 3 September 2010 Esri Overview ArcGIS as a System ArcGIS 10 - Map Production - Mobile
More informationLecture 14 - P v.s. NP 1
CME 305: Discrete Mathematics and Algorithms Instructor: Professor Aaron Sidford (sidford@stanford.edu) February 27, 2018 Lecture 14 - P v.s. NP 1 In this lecture we start Unit 3 on NP-hardness and approximation
More informationOptimal XOR based (2,n)-Visual Cryptography Schemes
Optimal XOR based (2,n)-Visual Cryptography Schemes Feng Liu and ChuanKun Wu State Key Laboratory Of Information Security, Institute of Software Chinese Academy of Sciences, Beijing 0090, China Email:
More informationResearch Article The Application of Baum-Welch Algorithm in Multistep Attack
e Scientific World Journal, Article ID 374260, 7 pages http://dx.doi.org/10.1155/2014/374260 Research Article The Application of Baum-Welch Algorithm in Multistep Attack Yanxue Zhang, 1 Dongmei Zhao, 2
More information