DOCSLIB.ORG

Modelo Para Dissertações E Teses

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Modelo Para Dissertações E Teses Universidade Federal de Pernambuco Centro de Informática Pós-Graduação em Ciência da Computação Daniel Araújo Melo ARCA – Alerts Root Cause Analysis Framework Dissertação de Mestrado Recife 2014 Universidade Federal de Pernambuco Centro de Informática Daniel Araújo Melo ARCA - Alerts Root Cause Analysis Framework This dissertation has been submitted to the Informat- ics Center of the Federal University of Pernambuco as a partial requirement to obtain the degree of Master in Computer Science. Orientador: Djamel F. H. Sadok Recife 2014 Catalogação na fonte Bibliotecária Jane Souto Maior, CRB4-571 M528a Melo, Daniel Araújo ARCA - Alerts root cause analysis framework / Daniel Araújo Melo. – Recife: O Autor, 2014. 122 f.: il., fig., tab. Orientador: Djamel Fawzi Hadj Sadok. Dissertação (Mestrado) – Universidade Federal de Pernam- buco. CIn, Ciência da computação, 2014. Inclui referências. 1. Redes de computadores. 2. Segurança da informação. I. Sadok, Djamel Fawzi Hadj (orientador). II. Título. 004.6 CDD (23. ed.) UFPE- MEI 2015-42 Daniel Araújo Melo ARCA - Alerts Root Cause Analysis Dissertação apresentada ao Programa de Pós-Graduação em Ciência da Computação da Universidade Federal de Pernambuco, como requisito parcial para a obtenção do tí- tulo de Mestre em Ciência da Computação. Aprovado em: 08/09/2014 BANCA EXAMINADORA __________________________________________ Prof. Dr. Stênio Flávio de Lacerda Fernandes Centro de Informática / UFPE __________________________________________ Prof. Dr. Arthur de Castro Callado Mestrado e Doutorado em Ciências da Computação / UFC ___________________________________________ Prof. Dr. Djamel Fawzi Hadj Sadok (Orientador) Centro de Informática / UFPE A minha família, esposa e filhos. Acknowledgments Initially, I would like to thank my family, especially my mother, Carmem Dolores, my wife Juliana, my son Enos Daniel and my grandmothers, Olga and Inez. They have always stood by my side even when I was absent working in this research. I would like to gratefully acknowledge the supervision of Professor Djamel Sadok. He provided me important suggestions and encouragement during the course of this work and offered the opportunity to join GPRT research team My sincere thanks also goes to Professor Judith Kelner for pulling my ears when needed and helping me when I lost the matriculation. I would not complete the aca- demic requirements without her help. I´d like to thank to my examination committee, Stenio Fernandes e Arthur Cal- lado, for suggestions that enriched this work. I cordially thank to my colleagues from GPRT for the help and revision of my presentation, and colleagues from SERPRO, especially those that always believed that this moment would come. I want to express my gratitude to Andre Tio, Lalá, Tadeu, Noemi, Iuri, Nacho, Suana, Amanda, Maíra, for the good vibrations. And finally, thanks Universe! “If you know the enemy and know yourself you need not fear the results of hundred battles.” - Sun Tzu Abstract Modern virtual plagues, or malwares, have focused on internal host infection and em- ploy evasive techniques to conceal itself from antivirus systems and users. Traditional network security mechanisms, such as Firewalls, IDS (Intrusion Detection Systems) and Antivirus Systems, have lost efficiency when fighting malware propagation. Recent researches present alternatives to detect malicious traffic and malware propagation through traffic analysis, however, the presented results are based on experiments with biased artificial traffic or traffic too specific to generalize, do not consider the existence of background traffic related with local network services or demands previous knowledge of networks infrastructure. Specifically don’t consider a well-known intru- sion detection systems problem, the high false positive rate which may be responsible for 99% of total alerts. This dissertation proposes a framework (ARCA – Alerts Root Cause Analysis) capable of guide a security engineer, or system administrator, to iden- tify alerts root causes, malicious or not, and allow the identification of malicious traffic and false positives. Moreover, describes modern malwares propagation mechanisms, presents methods to detect malwares through analysis of IDS alerts and false positives reduction. ARCA combines an aggregation method based on Relative Uncertainty with Apriori, a frequent itemset mining algorithm. Tests with 2 real datasets show an 88% reduction in the amount of alerts to be analyzed without previous knowledge of network infrastructure. Palavras-chave: Intrusion detection. Malwares. Alerts correlation. Advanced persis- tent threats. Resumo As pragas virtuais modernas focam na contaminação de estações em redes internas, e empregam técnicas evasivas para se ocultarem dos sistemas antivírus e dos usuá- rios dos sistemas. Mecanismos tradicionais de segurança de rede, como firewalls, sis- temas de detecção de intrusão (IDS – Intrusion Detection Systems) e sistemas antiví- rus, perdem eficiência no combate a propagação de malwares. Pesquisas apresentam alternativas para detectar de tráfego malicioso e propagação de malwares através da análise de tráfego, mas apresentam resultados baseados em conjuntos de dados ar- tificiais enviesados ou reais específicos demais para serem generalizados, não consi- deram a existência de tráfego de background relacionado com serviços de rede local ou exigem conhecimento prévio da infraestrutura de rede. Especificamente não con- sideram um problema bem conhecido dos IDS: a alta taxa de falsos positivos, que podem chegar a 99% do total de alertas. Esta dissertação propõe um framework (ARCA – Alerts Root Cause Analysis) capaz de auxiliar um engenheiro de segurança a identificar causas-raiz de alertas, maliciosos ou não, permitindo a identificação de tráfego malicioso e falsos positivos. Adicionalmente, descreve os mecanismos de pro- pagação de malwares modernos, propostas de detecção de malwares através da aná- lise de alertas emitidos por IDS e propostas de redução de falsos positivos. ARCA combina um mecanismo de agregação de alertas baseado na Incerteza Relativa com o algoritmo de análise de itens frequentes Apriori. Testes realizados com dados reais demonstraram uma redução em até 88% a quantidade de alertas a serem analisados sem conhecimento prévio da infraestrutura de rede Palavras-Chaves: Intrusion detection. Malware. Alerts correlation. Advanced persis- tent threats. Lista de Figuras Figure 1 Worm propagation model (ZOU et al., 2005) .............................................. 24 Figure 2 Typical bonet´s elements (SILVA et al., 2013) ........................................... 26 Figure 4 Typical botnet life-cycle proposed in (FEILY; SHAHRESTANI; RAMADASS, 2009) ......................................................................................................................... 29 Figure 5 Botnet life cycle proposed in (RODRÍGUEZ-GÓMEZ; MACIÁ-FERNÁNDEZ; GARCÍA-TEODORO, 2013) ...................................................................................... 31 Figure 6 IRC-based botnet DDOS Attack (COOKE; JAHANIAN; MCPHERSON, 2005) .................................................................................................................................. 33 Figure 7 Hybrid P2P network .................................................................................... 36 Figure 10 Gameover Zeus network topology. Dotted line indicates information flow. .................................................................................................................................. 41 Figure 11 Organizations Categories (MCAFEE, 2010) ............................................. 43 Figure 12 Victim´s Country of Origin (MCAFEE, 2010) ............................................ 44 Figure 13 Model for APT stages proposed by (GIURA; WANG, 2012). .................... 44 Figure 14 A targeted attack in action (SOOD; ENBODY, 2013) ............................... 45 Figure 15 Infected Hosts according Wan IP (FALLIERE; MURCHU; CHIEN, 2011) 48 Figure 16 Overview of Stuxnet Malware Operation .................................................. 49 Figure 17 Countries affected by Flame according to McAfee (GOSTEV, 2012b) .... 51 Figure 18 Countries affected by Flame according Symantec (SYMANTEC, 2012b) 52 Figure 19 Flame C&C Platform(ZHIOUA, 2013) ....................................................... 54 Figure 20 An example of (a) bipartite graph and (b) one-mode projection. .............. 55 Figure 21 BotHunter System by (PORRAS, 2009) .................................................. 56 Figure 22 Vulnerabilities reported do NVD (NIST, 2014). ......................................... 59 Figure 23 Incidents reported to Cert.br (CERT.BR, 2014) ........................................ 60 Figure 24 Layout of the proposed classification system in (PARIKH; CHEN, 2008). .................................................................................................................................. 68 Figure 25 A sample multi-step-attack (SOLEIMANI; GHORBANI, 2008) ................. 70 Figure 26 Generic view of alarm correlation according (HUBBALLI; SURYANARAYANAN, 2014)..................................................................................... 71 Figure 27 Generic view of graph ordering (PAO et al., 2012). .................................. 74 Figure 28 ATLANTIDES architecture (BOLZONI; CRISPO; ETALLE, 2007) ............ 75 Figure 29 Proposed Architecture (HUBBALLI; BISWAS; NANDI, 2011). ................. 76 Figure 30 Normalized SrcIp and DstIp
Load more

Recommended publications
  • Users As Co-Designers of Software-Based Media: the Co-Construction of Internet Relay Chat
    Users as Co-Designers of Software-Based Media: The Co-Construction of Internet Relay Chat Guillaume Latzko-Toth Université Laval AbsTrAcT While it has become commonplace to present users as co-creators or “produsers” of digital media, their participation is generally considered in terms of content production. The case of Internet Relay Chat (IRC) shows that users can be fully involved in the design process, a co-construction in the sense of Science and Technology Studies (STS): a collective, simultaneous, and mutual construction of actors and artifacts. A case study of the early de - velopment of two IRC networks sheds light on that process and shows that “ordinary users” managed to invite themselves as co-designers of the socio-technical device. The article con - cludes by suggesting that IRC openness to user agency is not an intrinsic property of software- based media and has more to do with its architecture and governance structure. Keywords Digital media; Communication technology; Co-construction; Design process; Ordinary user résumé Il est devenu banal de présenter l’usager comme cocréateur ou « produtilisateur » des médias numériques, mais sa participation est généralement envisagée comme une production de contenus. Le cas d’IRC (Internet Relay Chat) montre que les usagers des médias à support logiciel peuvent s’engager pleinement dans le processus de conception, une co-construction au sens des Science and Technology Studies : une construction collective, simultanée et mutuelle des acteurs et des artefacts. Une étude de cas portant sur le développement de deux réseaux IRC éclaire ce processus et montre que les « usagers ordinaires » sont parvenus à s’inviter comme co-concepteurs du dispositif.
    [Show full text]
  • The Flame: Questions and Answers 1.8
    The Flame: Questions and Answers 1.8 Aleks Kaspersky Lab Expert Posted May 28, 13:00 GMT Tags: Targeted Attacks, Wiper, Cyber weapon, Cyber espionage, Flame Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame. Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super­weapons’ currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage. For the full low­down on this advanced threat, read on… General Questions What exactly is Flame? A worm? A backdoor? What does it do? Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm­like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.
    [Show full text]
  • Potential Human Cost of Cyber Operations
    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Detecting Botnets Using File System Indicators
    Detecting botnets using file system indicators Master's thesis University of Twente Author: Committee members: Peter Wagenaar Prof. Dr. Pieter H. Hartel Dr. Damiano Bolzoni Frank Bernaards LLM (NHTCU) December 12, 2012 Abstract Botnets, large groups of networked zombie computers under centralised control, are recognised as one of the major threats on the internet. There is a lot of research towards ways of detecting botnets, in particular towards detecting Command and Control servers. Most of the research is focused on trying to detect the commands that these servers send to the bots over the network. For this research, we have looked at botnets from a botmaster's perspective. First, we characterise several botnet enhancing techniques using three aspects: resilience, stealth and churn. We see that these enhancements are usually employed in the network communications between the C&C and the bots. This leads us to our second contribution: we propose a new botnet detection method based on the way C&C's are present on the file system. We define a set of file system based indicators and use them to search for C&C's in images of hard disks. We investigate how the aspects resilience, stealth and churn apply to each of the indicators and discuss countermeasures botmasters could take to evade detection. We validate our method by applying it to a test dataset of 94 disk images, 16 of which contain C&C installations, and show that low false positive and false negative ratio's can be achieved. Approaching the botnet detection problem from this angle is novel, which provides a basis for further research.
    [Show full text]
  • Instalación Y Administración De Servicios De Mensajería Instantánea, Noticias Y Listas De Distribución
    Servicios de red e internet Instalación y administración de servicios de mensajería instantánea, noticias y listas de distribución Raquel Castellanos Crespo Instalación y administración de servicios de mensajería instantánea, noticias y listas de distribución Servicios de red e internet Raquel Castellanos Crespo INDICE 2 Servicios de red e internet | Instalación y administración de servicios de mensajería instantánea, noticias y listas de distribución Servicios de red e internet Raquel Castellanos Crespo Protocolos La mensajería instantánea (conocida también en inglés como IM) es una forma de comunicación en tiempo real entre dos o más personas basada en texto. El texto es enviado a través de dispositivos conectados a una red como Internet. La mensajería instantánea requiere el uso de un cliente de mensajería instantánea que realiza el servicio y se diferencia del correo electrónico en que las conversaciones se realizan en tiempo real. La mayoría de los servicios ofrecen el "aviso de presencia", indicando cuando el cliente de una persona en la lista de contactos se conecta o en qué estado se encuentra, si está disponible para tener una conversación. En los primeros programas de mensajería instantánea, cada letra era enviada según se escribía y así, las correcciones de las erratas también se veían en tiempo real. Esto daba a las conversaciones más la sensación de una conversación telefónica que un intercambio de texto. En los programas actuales, habitualmente, se envía cada frase de texto al terminarse de escribir. Además, en algunos, también se permite dejar mensajes aunque la otra parte no esté conectada al estilo de un contestador automático. Otra función que tienen muchos servicios es el envío de ficheros.
    [Show full text]
  • Download Article (PDF)
    Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013) Trust in Cyberspace: New Information Security Paradigm R. Uzal, D. Riesco, G. Montejano N. Debnath Universidad Nacional de San Luis Department of Computer Science San Luis, Argentina Winona State University [email protected] USA {driesco, gmonte}@unsl.edu.ar [email protected] Abstract—This paper is about the differences between grids and infrastructure for destruction [3]. It is evident we traditional and new Information Security paradigms, the are facing new and very important changes in the traditional conceptual difference between “known computer viruses” and Information Security paradigm. Paradigm shift means a sophisticated Cyber Weapons, the existence of a Cyber fundamental change in an individual's or a society's view of Weapons “black market”, the differences between Cyber War, how things work in the cyberspace. For example, the shift Cyber Terrorism and Cyber Crime, the new Information from the geocentric to the heliocentric paradigm, from Security paradigm characteristics and the author’s conclusion “humors” to microbes as causes of disease, from heart to about the new Information Security paradigm to be faced. brain as the center of thinking and feeling [4]. Criminal Authors remark that recently discovered Cyber Weapons can hackers could detect some of those placed “military logic be easily described as one of the most complex IT threats ever bombs” and use them for criminal purposes. This is not a discovered. They are big and incredibly sophisticated. They pretty much redefine the notion of Information Security. theory. It is just a component of current and actual Considering the existence of a sort of Cyber Weapon black Information Security new scenarios.
    [Show full text]
  • Threat Landscape Report – 1St Quarter 2018
    TLP-AMBER Threat Landscape Report – 1st Quarter 2018 (FINAL) V1.0 – 10/04/2018 This quarterly report summarises the most significant direct cyber threats to EU institutions, bodies, and agencies (EU-I or 'Constituents') in Part I, the development of cyber-threats on a broader scale in Part II, and recent technical trends in Part III. KEY FINDINGS Direct Threats • In Europe, APT28 / Sofacy threat actor (likely affiliated to Russia military intelligence GRU) targeted government institutions related to foreign affairs and attendees of a military conference. Another threat actor, Turla (likely affiliated to Russia’s security service FSB) executed a cyber-operation against foreign affairs entities in a European country. • A spear-phishing campaign that targeted European foreign ministries in the end of 2017 was attributed to a China-based threat actor (Ke3chang) which has a long track record of targeting EU institutions (since 2011). As regards cyber-criminality against EU institutions, attempts to deliver banking trojans are stable, ransomware activities are still in decline and cryptojacking on the rise. Phishing lures involve generic matters (’invoice’, ‘payment’, ‘purchase’, ‘wire transfer’, ‘personal banking’, ‘job application’) and more specific ones (foreign affairs issues, European think tanks matters, energy contracts, EU delegation, EU watch keeper). Almost all EU-I are affected by credential leaks (email address | password) on pastebin-like websites. Several credential- harvesting attempts have also been detected. Attackers keep attempting to lure EU-I staff by employing custom methods such as spoofed EU-I email addresses or weaponisation of EU-I documents. Broader Threats • Critical infrastructure. In the energy sector, the US authorities have accused Russian actors of targeting critical infrastructure (including nuclear) for several years and are expecting this to continue in 2018.
    [Show full text]
  • Stuxnet, Flame, and Duqu
    Page 212 Part 4: Militarization A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 Page 213 Stuxnet, Flame, and Duqu - the DLYMPIC GAMES succeeded in creating problems for a lirnited number of our centrifuges with the software they had installed in electronic parts."3 The Iranian government seemed to downplay the Chris Morton1 impact Stuxnet had on their systems, but a public adrnission of interference was ouc of Stuxnet emerged on the wořld stage in the sununer of2010 as the most sophisticated piece character for a government known for playing their nuclear program cards close to their chest. of malicious software ever found. Designed to permanently damage Iranian uranium enriclunent gas centrifuges, Stuxnet represented a quantum leap in complexity and Ultimately,Stuxnet rendered nearly 1,000 ofthe 9,000 IR-1 type gas centrifuges unusable audaciry in cyber conflict. Not only did the malware astonish researchers with its ab~ty to at the Natanz uranium enrichment facility.Whil e the computer virus <lid not cripple Iran's penetrate and cripple a secretive regime's sensitive nuclear enrichment prog~, 1t. ~so ability to enrich uranium, it is unclear how close Iran would be to producing a nuclear \ concerned security experts due to its brash destruction of part of a na non s cnttcal weapon without the Stuxnet infection.4 i infrastructure.With the emergence of the Duqu and Flame computer viruses, the revelation ofa covertAmerican cyber campaign (code- named OLYMPIC GAMES) against Iran, and Geopolitical Context the recognition of commonality between the three pieces of malware, Stuxnet became known as the centerpiece of a broader campaign, one that rnight hint at the future of On the international stage, Iran was perceived as a destabilizing force, accused ofs ponsoring warfare.
    [Show full text]
  • Dhiraj Kukreja* Securing Cyberspace
    Dhiraj Kukreja* Securing Cyberspace Abstract Cyber-security is thus a very serious issue. Attacks can have catastrophic consequences. The cyber-war is for real. Greater legal certainty, less confrontation between departments and more cooperation between governments, is the call of the hour. India has to make cyber-security a priority, if the government wants to go digital. Attitudes and behaviour have to change. Introduction Almost 33 years ago, William Gibson, an American-Canadian author of the popular sci-fi novel, Neuromancer, coined the term —cyberspace“ and envisaged a future, in which hacking would be a norm, and giant corporations would be actually raiding each other‘s computer systems in search of secrets. He was more or less right in his predictions about these future trends that he foresaw almost 3 decades ago, in 1984. He was slightly wrong about some of the pertinent details though; i.e. today, the governments of warring/ competing countries, not corporations or anti-social teenagers, have become the world‘s best hackers. Though hacking has apparently become a constant threat and a major irritant, much more cyberspace activity substantially crosses the screens of watch-centre monitors, backstage, hidden from sight and unknown to the public. The Chinese, the Russians, the Americans, the Israelis as well as many other known and unknown players, use hacking in one way or another, for a spectrum of reasons ranging from espionage, extortion, damaging enemy systems, or simply as an irritant. * The author is former Air Officer Commanding in Chief of Training Command, Indian Air Force. 196 Liberal Studies , Vol.
    [Show full text]
  • Understanding the Twitter User Networks of Viruses and Ransomware Attacks
    Understanding the Twitter user networks of Viruses and Ransomware attacks Michelangelo Puliga12,∗ Guido Caldarelli123†, Alessandro Chessa12‡, and Rocco De Nicola1§ 1 Scuola IMT Alti Studi Lucca, Piazza San Francesco 19 55100, Italy [email protected] 2 Laboratorio Linkalab, Cagliari, Italy 3 London Institute for Mathematical Sciences, 35a South St. Mayfair London UK Abstract We study the networks of Twitter users posting information about Ransomware and Virus and other malware since 2010. We collected more than 200k tweets about 25 attacks measuring the impact of these outbreaks on the social network. We used the mention network as paradigm of network analysis showing that the networks have a similar behavior in terms of topology and tweet/retweet volumes. A detailed analysis on the data allowed us to better understand the role of the major technical web sites in diffusing the news of each new epidemic, while a study of the social media response reveal how this one is strictly correlated with the media hype but it is not directly proportional to the virus/ransomware diffusion. In fact ransomware is perceived as a problem hundred times more relevant than worms or botnets. We investigated the hypothesis of Early Warning signals in Twitter of malware attacks showing that, despite the popularity of the platform and its large user base, the chances of identifying early warning signals are pretty low. Finally we study the most active users, their distribution and their tendency of discussing more attack and how in time the users switch from a topic to another. Investigating the quality of the information on Twitter about malware we saw a great quality and the possibility to use this information as automatic classification of new attacks.
    [Show full text]
  • PDF Completo, 1700K
    Caracterizac¸ao˜ de um Processo de Software para Projetos de Software Livre Christian Robottom Reis [email protected] Orientac¸ao:˜ Profa. Dra. Renata Pontin de Mattos Fortes [email protected] Dissertac¸ao˜ apresentada ao Instituto de Cienciasˆ Matematicas´ e de Computac¸ao˜ da Universidade de Sao˜ Paulo para a obtenc¸ao˜ do t´ıtulo de Mestre em Cienciasˆ da Computac¸ao˜ e Matematica´ Computacional. Sao˜ Carlos, Sao˜ Paulo Fevereiro de 2003 ii Resumo Software Livre e´ software fornecido com codigo´ fonte, e que pode ser livremente usado, modifica- do e redistribu´ıdo. Projetos de Software Livre sao˜ organizac¸oes˜ virtuais formadas por indiv´ıduos que trabalham juntos no desenvolvimento de um software livre espec´ıfico. Estes indiv´ıduos trabalham geo- graficamente dispersos, utilizando ferramentas simples para coordenar e comunicar seu trabalho atraves´ da Internet. Este trabalho analisa esses projetos do ponto de vista de seu processo de software; em outras pala- vras, analisa as atividades que realizam para produzir, gerenciar e garantir a qualidade do seu software. Na parte inicial do trabalho e´ feita uma extensa revisao˜ bibliografica,´ comentando os principais traba- lhos na area,´ e sao˜ detalhadas as caracter´ısticas principais dos projetos de software livre. O conteudo´ principal deste trabalho resulta de dois anos de participac¸ao˜ ativa na comunidade, e de um levantamento realizado atraves´ de questionario,´ detalhando mais de quinhentos projetos diferentes. Sao˜ apresenta- das treze hipoteses´ experimentais, e os resultados do questionario´ sao˜ discutidos no contexto destas hipoteses.´ Dos projetos avaliados nesse levantamento, algumas caracter´ısticas comuns foram avaliadas. As equipes da grande maioria dos projetos sao˜ pequenas, tendo menos de cinco participantes.
    [Show full text]