A Host-Based Detection Method of Remote Access Trojan in the Early Stage

2016 ◽  
pp. 110-121 ◽  
Author(s):  
Daichi Adachi ◽  
Kazumasa Omote
Keyword(s):  
Detection Method ◽  
Early Stage ◽  
Remote Access

scholarly journals PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1894
Author(s):  
Chun Guo ◽  
Zihua Song ◽  
Yuan Ping ◽  
Guowei Shen ◽  
Yuhei Cui ◽  
...  
Keyword(s):  
False Positive ◽  
Detection Method ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Remote Access ◽  
Detection Methods ◽  
Security Threats ◽  
True Positive ◽  
Trojan Detection ◽  
Positive Rate

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

scholarly journals Optimal remote access trojans detection based on network behavior

2019 ◽  
Vol 9 (3) ◽  
pp. 2177
Author(s):  
Khin Swe Yin ◽  
May Aye Khine
Keyword(s):  
Early Stage ◽  
False Negative ◽  
False Negative Rate ◽  
Remote Access ◽  
Network Behavior ◽  
Random Forest Algorithm ◽  
Detection Model ◽  
Negative Rate ◽  
Confidential Data ◽  
Unbalanced Dataset

<p>RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm.</p>

scholarly journals A Miniaturized Pump Out Method for Characterizing Molecule Interaction with ABC Transporters

2019 ◽  
Vol 20 (22) ◽  
pp. 5529 ◽  
Author(s):  
Emmanuel Sevin ◽  
Lucie Dehouck ◽  
Romain Versele ◽  
Maxime Culot ◽  
Fabien Gosselet
Keyword(s):  
Abc Transporters ◽  
Detection Method ◽  
Cell Model ◽  
Early Stage ◽  
Cell Monolayer ◽  
Efflux Pumps ◽  
Apparent Permeability ◽  
Traditional Use ◽  
Molecule Design ◽  
Molecule Interaction

Characterizing interaction of newly synthetized molecules with efflux pumps remains essential to improve their efficacy and safety. Caco-2 cell line cultivated on inserts is widely used for measuring apparent permeability of drugs across biological barriers, and for estimating their interaction with efflux pumps such as P-gp, BCRP and MRPs. However, this method remains time consuming and expensive. In addition, detection method is required for measuring molecule passage across cell monolayer and false results can be generated if drugs concentrations used are too high as demonstrated with quinidine. For this reason, we developed a new protocol based on the use of Caco-2 cell directly seeded on 96- or 384-well plates and the use of fluorescent substrates for efflux pumps. We clearly observed that the new method reduces costs for molecule screening and leads to higher throughput compared to traditional use of Caco-2 cell model. This accelerated model could provide quick feedback regarding the molecule design during the early stage of drug discovery and therefore reduce the number of compounds to be further evaluated using the traditional Caco-2 insert method.

Detecting Loosening of Bolted Connections in a Pipeline Using Changes in Natural Frequencies

2011 ◽  
Author(s):  
K. He ◽  
W. D. Zhu
Keyword(s):  
Damage Detection ◽  
Natural Frequencies ◽  
Detection Method ◽  
Complex Geometry ◽  
Early Stage ◽  
Measurement Noise ◽  
Modeling Error ◽  
Bolted Connections ◽  
Bolted Connection ◽  
Stiffness Reduction

Loosening of bolted connections in a structure can significantly reduce the load-bearing capacities of the structure. Detecting loosening of bolted connections at an early stage can avoid failure of the structure. Due to the complex geometry of a bolted connection and the material discontinuity between the clamped components, it is difficult to detect loosening of a bolted connection using conventional non-destructive test methods. A vibration-based method that uses changes in natural frequencies of a structure to detect the locations and extent of damage can be used to detect loosening of bolted connections, since the method focuses on detecting a stiffness reduction, which can result from loosening of the bolted connections. Experimental and numerical damage detection using the vibration-based method was conducted to detect the loosening of the bolted connections in a fullsize steel pipeline with bolted flanges. With the recent development of a predictive modeling technique for bolted connections in thin-walled structures, an accurate physics-based finite element model of the pipeline that is required by the vibration-based damage detection method is developed. A trust-region search strategy is employed to improve the damage detection method so that convergence of the damage detection algorithm can be ensured for under-determined systems, and the robustness of the algorithm can be enhanced when relatively large modeling error and measurement noise are present. The location and extent of the loosened bolted connections were successfully detected in experimental damage detection using changes in the natural frequencies of the first several modes; the exact location and extent of the loosened bolted connections can be detected in the numerical simulation where there are no modeling error and measurement noise.

Early Visualization Detection of Gray Mold (Botrytis) on Eggplant Leaves Based on Multi-Spectral Image

2015 ◽  
Vol 741 ◽  
pp. 323-327
Author(s):  
Yan Yang
Keyword(s):  
Detection Method ◽  
Early Stage ◽  
Gray Mold ◽  
Usual Method ◽  
Excessive Amount ◽  
Disease Spread ◽  
Spectral Image ◽  
Fungal Strains ◽  
Entire Field ◽  
Fungus Disease

Gray mold (Botrytis) is a common fungus disease on eggplants,it can reduce the production by 20-30% at worse. Most disease infestations are not evenly distributed across the cultivation area but in patches [1]. The usual method of prevention is spraying fungicide on entire field, which would requires an excessive amount of fungicide and resulting, increases cost of production, pollutes the environment, and improves of resistance fungal strains [2]. In fact, the fungicide can be spray only the area infected which is rather small on the early stage and it is fully capable of controlling disease spread. Therefore, rapid disease detection is the key. The accurate and effective detection method would be helpful for reducing the dosage of fungicide and preventing disease spread.

Detecting Loosening of Bolted Connections in a Pipeline Using Changes in Natural Frequencies

2014 ◽  
Vol 136 (3) ◽  
Author(s):  
K. He ◽  
W. D. Zhu
Keyword(s):  
Damage Detection ◽  
Natural Frequencies ◽  
Detection Method ◽  
Complex Geometry ◽  
Early Stage ◽  
Measurement Noise ◽  
Modeling Error ◽  
Bolted Connections ◽  
Bolted Connection ◽  
Stiffness Reduction

Loosening of bolted connections in a structure can significantly reduce its load-bearing capacity. Detecting loosening of bolted connections at an early stage can prevent failure of the structure. Due to the complex geometry of a bolted connection and material discontinuity between clamped components, it is difficult to detect loosening of a bolted connection using conventional nondestructive test methods. A vibration-based method that uses changes in natural frequencies of a structure to detect locations and extent of damage can be used to detect loosening of bolted connections since the method focuses on detecting a stiffness reduction, which can result from loosening of bolted connections. Experimental and numerical damage detection was conducted to detect loosening of bolted connections in a full-size steel pipeline with bolted flanges using the vibration-based method. With the recent development of a modeling technique for bolted connections in thin-walled structures, an accurate physics-based finite element model of the pipeline that is required by the vibration-based damage detection method is developed. A trust-region search strategy is employed to improve the damage detection method so that global convergence of the damage detection algorithm can be ensured for underdetermined systems, and robustness of the algorithm can be enhanced when relatively large modeling error and measurement noise are present. The location and extent of loosened bolted connections were successfully detected in experimental damage detection using changes in natural frequencies of the first several elastic modes of the pipeline; the exact location and extent of the loosened bolted connections can be detected in numerical simulation where there are no modeling error and measurement noise.

Chatter Detection in Turning Processes Using Coherence of Acceleration and Audio Signals

2014 ◽  
Vol 136 (4) ◽  
Author(s):  
Katja M. Hynynen ◽  
Juho Ratava ◽  
Tuomo Lindh ◽  
Mikko Rikkonen ◽  
Ville Ryynänen ◽  
...  
Keyword(s):  
Surface Quality ◽  
Detection Method ◽  
Early Stage ◽  
Coherence Function ◽  
Audio Signal ◽  
Chatter Detection ◽  
Audio Signals ◽  
Control Actions ◽  
Longitudinal Turning

Chatter is an unfavorable phenomenon in turning operation causing poor surface quality. Active chatter elimination methods require the chatter to be detected before the control reacts. In this paper, a chatter detection method based on a coherence function of the acceleration of the tool in the x direction and an audio signal is proposed. The method was experimentally tested on longitudinal turning of a stock bar and facing of a hollow bar. The results show that the proposed method detects the chatter in an early stage and allows correcting control actions before the chatter influences the surface quality of the workpiece. The method is applicable both to facing and longitudinal turning.

Sign in / Sign up

Export Citation Format

Share Document