21 |
Characterizing InternetWorm Spatial-Temporal Infection StructuresWang, Qian 15 October 2010 (has links)
Since the Morris worm was released in 1988, Internet worms continue to be one of top security threats. For example, the Conficker worm infected 9 to 15 million machines in early 2009 and shut down the service of some critical government and medical networks. Moreover, it constructed a massive peer-to-peer (P2P) botnet. Botnets are zombie networks controlled by attackers setting out coordinated attacks. In recent years, botnets have become the number one threat to the Internet. The objective of this research is to characterize spatial-temporal infection structures of Internet worms, and apply the observations to study P2P-based botnets formed by worm infection. First, we infer temporal characteristics of the Internet worm infection structure, i.e., the host infection time and the worm infection sequence, and thus pinpoint patient zero or initially infected hosts. Specifically, we apply statistical estimation techniques on Darknet observations. We show analytically and empirically that our proposed estimators can significantly improve the inference accuracy. Second, we reveal two key spatial characteristics of the Internet worm infection structure, i.e., the number of children and the generation of the underlying tree topology formed by worm infection. Specifically, we apply probabilistic modeling methods and a sequential growth model. We show analytically and empirically that the number of children has asymptotically a geometric distribution with parameter 0.5, and the generation follows closely a Poisson distribution. Finally, we evaluate bot detection strategies and effects of user defenses in P2P-based botnets formed by worm infection. Specifically, we apply the observations of the number of children and demonstrate analytically and empirically that targeted detection that focuses on the nodes with the largest number of children is an efficient way to expose bots. However, we also point out that future botnets may self-stop scanning to weaken targeted detection, without greatly slowing down the speed of worm infection. We then extend the worm spatial infection structure and show empirically that user defenses, e.g., patching or cleaning, can significantly mitigate the robustness and the effectiveness of P2P-based botnets. To counterattack, we evaluate a simple measure by future botnets that enhances topology robustness through worm re-infection.
|
22 |
Les marchés de drogues sur le darkweb : impacts des opérations de perturbation de la policeGagné, Camille 07 1900 (has links)
L’émergence des cryptomarchés, ayant mené au développement de nouvelles méthodes de distribution de drogues et autres produits et services illicites (Walsh et Phil, 2011), pose divers défis aux forces de l’ordre. Ces dernières, souhaitant limiter la portée de leurs actions, adoptent habituellement des stratégies similaires à celles utilisées auprès de réseaux de drogues traditionnels (Décary-Hétu et Giommoni, 2016). Toutefois, les différences entre ces marchés et ceux en ligne génèrent des questionnements quant à l’efficacité de ces techniques. Jusqu’à présent, peu d’études s’y sont intéressées, mais celles qui ont été recensées sont effectivement parvenues à des résultats peu enthousiastes. Ces recherches ont conclu que les activités tentées jusqu’à présent par la police n’avaient pas influencé le marché de façon significativement durable (Décary-Hétu et Giommoni, 2016; Van Buskirk, Roxburgh, Farrell et Burns; 2014; Soska et Christin, 2015). Dans cette optique, ce mémoire pose un regard sur l’impact d’une opération policière n’ayant toujours pas été analysée à ce jour, qui, en collaboration avec les services postaux, a mené à une arrestation et à plusieurs saisies en lien avec des vendeurs de cannabis canadiens opérant sur les cryptomarchés. Après avoir analysé les données recueillies selon un modèle d’évaluation d’impact considérant l’offre, la demande et le prix, les résultats démontrent qu’au contraire de ce que nous dicte la littérature, l’opération a eu pour effet de diminuer significativement à long terme certains indicateurs tels que le nombre de transactions, les parts des marchés de transactions, le nombre de vendeurs actifs, les revenus engendrés et les parts de marchés de revenus, le tout au sein du marché de cannabis canadien. Le modèle de prédiction utilisé, se basant sur des analyses de séries chronologiques interrompues (ARIMA), nous a permis de déterminer que l’opération étudiée avait contribué à éviter 2452 transactions sur ce qui était normalement prévu par la tendance pré-intervention, soulignant une baisse considérable de 101%, versus 91% internationalement (différence de 10%) 18 mois après le début de l’intervention. / The emergence of cryptomarkets, which has led to the development of new methods of distributing drugs and other illicit products and services (Walsh and Phil, 2011), poses various challenges to the police. The latter, wishing to limit the scope of their actions, usually adopt strategies similar to those used with traditional drug networks (Décary-Hétu and Giommoni, 2016). However, the differences between these markets and those online raise questions about the effectiveness of these techniques. So far, few studies have focused on that topic, but those that have been identified have achieved unenthusiastic results. This research concluded that the activities attempted to date by the police have not influenced the market in a significantly sustainable manner (Décary-Hétu and Giommoni, 2016, Van Buskirk, Roxburgh, Farrell and Burns, 2014, Soska and Christin, 2015). With this in mind, this Masters thesis looks at the impact of a police operation that has not yet been analyzed, which, in collaboration with the postal services, has made an arrest and several seizures in connection with cryptomarket sellers. After analyzing the data collected according to an impact evaluation model considering supply, demand and price, the results show that, contrary to what the literature dictates, the operation had the effect of reducing significantly long-term indicators such as the number of transactions, shares of trading markets, the number of active sellers, income generated and market share of income, all within the Canadian cannabis market. The prediction model used, based on interrupted time series analyzes (ARIMA), allowed us to determine that the study had avoided 2452 transactions normally planned by the trend before the intervention, showing us a considerable drop of 101%, comparatively to 91% internationally (difference of 10%) 18 months after the beginning of the intervention.
|
23 |
Visual tracking systém pro UAVKOLÁŘ, Michal January 2018 (has links)
This master thesis deals with the analysis of the current possibilities for object tracking in the image, based on which is designed a procedure for creating a system capable of tracking an object of interest. Part of this work is designing virtual reality for the needs of implementation of the tracking system, which is finally deployed and tested on a real prototype of unmanned vehicle.
|
24 |
The Dark Flows of Cryptocurrency : an overview of money flow behaviors in Bitcoin transactions related to online criminal activities and Bitcoin mixersOlsson, Anton, Andersson, Daniel January 2024 (has links)
The decentralized and pseudonymous nature of cryptocurrencies like Bitcoin has made it easier for criminal entities to engage in illicit activities online compared to relying on traditional currency systems. Detecting these activities is vital to preventing and combating such abuse. We employ a data collection tool based on a Depth First Search algorithm to follow the largest receivers from 10 illicit starting addresses in each abuse type; Darknet, Blackmail, Tumbler, and Ransomware. The results from our two searches showed that money tends to be concentrated to one or two receivers and that all abuse types rely heavily on so-called Two-Transaction addresses. These addresses are only used once, likely as intermediaries to obfuscate money flow, potentially within the inner layer of Bitcoin Tumblers. The results also showed behaviors within the abuse types that were both consistent with and divergent from existing research. Furthermore, similarities and unique behaviors across the abuse types were identified. Expanding the dataset with deeper searches could yield clearer patterns in money flow behavior. Additionally, increasing the number of data collection points could enhance the analysis. Finally, the starting addresses significantly impacted the trustworthiness and reliability of our results. We hope our findings, lessons, and developed tools will aid future research and the development of strategies to combat online abuse.
|
Page generated in 0.0131 seconds