A framework for DNS based detection and mitigation of malware infections on a network
- Stalmans, Etienne, Irwin, Barry V W
- Authors: Stalmans, Etienne , Irwin, Barry V W
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429827 , vital:72642 , 10.1109/ISSA.2011.6027531
- Description: Modern botnet trends have lead to the use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques bypass traditional detection systems such as blacklists and intrusion detection systems. The Domain Name Service (DNS) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities, including botnet activity. For this reason DNS forms the ideal candidate for monitoring, detecting and mit-igating botnet activity. In this paper a system placed at the network edge is developed with the capability to detect fast-flux domains using DNS queries. Multiple domain features were examined to determine which would be most effective in the classification of domains. This is achieved using a C5.0 decision tree classifier and Bayesian statistics, with positive samples being labeled as potentially malicious and nega-tive samples as legitimate domains. The system detects malicious do-main names with a high degree of accuracy, minimising the need for blacklists. Statistical methods, namely Naive Bayesian, Bayesian, Total Variation distance and Probability distribution are applied to detect mali-cious domain names. The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low false positive rates.
- Full Text:
- Date Issued: 2011
- Authors: Stalmans, Etienne , Irwin, Barry V W
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429827 , vital:72642 , 10.1109/ISSA.2011.6027531
- Description: Modern botnet trends have lead to the use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques bypass traditional detection systems such as blacklists and intrusion detection systems. The Domain Name Service (DNS) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities, including botnet activity. For this reason DNS forms the ideal candidate for monitoring, detecting and mit-igating botnet activity. In this paper a system placed at the network edge is developed with the capability to detect fast-flux domains using DNS queries. Multiple domain features were examined to determine which would be most effective in the classification of domains. This is achieved using a C5.0 decision tree classifier and Bayesian statistics, with positive samples being labeled as potentially malicious and nega-tive samples as legitimate domains. The system detects malicious do-main names with a high degree of accuracy, minimising the need for blacklists. Statistical methods, namely Naive Bayesian, Bayesian, Total Variation distance and Probability distribution are applied to detect mali-cious domain names. The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low false positive rates.
- Full Text:
- Date Issued: 2011
African Languages And ICT Education
- Dalvit, Lorenzo, Murray, Sarah, Terzoli, Alfredo
- Authors: Dalvit, Lorenzo , Murray, Sarah , Terzoli, Alfredo
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/431166 , vital:72750 , https://www.scitepress.org/Papers/2011/33507/33507.pdf
- Description: In South Africa, English plays a dominant role compared to African lan-guages in empowering domain. Better access to Education through the use of African languages is an object of heated debate. This paper shows that an intervention involving the use of an African language in the domain of ICT Education can change the attitudes of Black universi-ty students. The methodology used included a survey with preliminary and follow-up questionnaires and interviews and an intervention involv-ing the use of localised software and of an on-line glossary of computer terms translated, explained and exemplified in an African language (isiXhosa). This experience increased the support for the use of African languages as additional LoLT, even in the English-dominated field of study of Computer Science. This is an initial step towards promoting linguistic equality between English and African languages and social equality between their speakers.
- Full Text:
- Date Issued: 2011
- Authors: Dalvit, Lorenzo , Murray, Sarah , Terzoli, Alfredo
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/431166 , vital:72750 , https://www.scitepress.org/Papers/2011/33507/33507.pdf
- Description: In South Africa, English plays a dominant role compared to African lan-guages in empowering domain. Better access to Education through the use of African languages is an object of heated debate. This paper shows that an intervention involving the use of an African language in the domain of ICT Education can change the attitudes of Black universi-ty students. The methodology used included a survey with preliminary and follow-up questionnaires and interviews and an intervention involv-ing the use of localised software and of an on-line glossary of computer terms translated, explained and exemplified in an African language (isiXhosa). This experience increased the support for the use of African languages as additional LoLT, even in the English-dominated field of study of Computer Science. This is an initial step towards promoting linguistic equality between English and African languages and social equality between their speakers.
- Full Text:
- Date Issued: 2011
An illustrated leaflet containing antiretroviral information targeted for low-literate readers: development and evaluation
- Dowse, Roslind, Ramela, Thato, Browne, Sara H
- Authors: Dowse, Roslind , Ramela, Thato , Browne, Sara H
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/156731 , vital:40043 , https://doi.org/10.1016/j.pec.2011.01.013
- Description: To apply a dual visual/textual modal approach in developing and evaluating a medicine information leaflet with pictograms suitable for low-literate HIV/AIDS patients. To identify and recommend best practices in this type of information design.
- Full Text:
- Date Issued: 2011
- Authors: Dowse, Roslind , Ramela, Thato , Browne, Sara H
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/156731 , vital:40043 , https://doi.org/10.1016/j.pec.2011.01.013
- Description: To apply a dual visual/textual modal approach in developing and evaluating a medicine information leaflet with pictograms suitable for low-literate HIV/AIDS patients. To identify and recommend best practices in this type of information design.
- Full Text:
- Date Issued: 2011
Biphenyl sorption to different soil clay minerals
- Tandlich, Roman, Baláž, Štefan
- Authors: Tandlich, Roman , Baláž, Štefan
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/76869 , vital:30632 , https://doi.org/10.5897/AJAR10.1012
- Description: Only limited information is available in the literature on the role of soil mineral surfaces in the sorption of hydrophobic organic pollutants. This knowledge gap is addressed through the assessment of biphenyl sorption to kaolinite, illite and bentonite; using the batch equilibration technique with incubations lasting 6 or 21 days at 28 ± 2°C in the dark [RT1]. Sorption of biphenyl onto kaolinite followed the Freundlich sorption isotherm, whereas linear sorption isotherms were observed on illite and bentonite [RT2]. The biphenyl sorption partition coefficient on kaolinite ranged from 0.1 to 9.1 cm3.g-1 after 6 days and no sorption was observed after 21 days. This could have been caused by a completely reversible sorption or a loss of binding capacity after 21 days [RT3]. The respective values of the biphenyl sorption partition coefficient on illite and bentonite ranged from 20.3 ± 0.3 to 120 ± 8 cm3.g-1.Sorption equilibrium on the internal clay surfaces was reached after 6 days, as indicated by the sorption data for illite and bentonite [RT4]. Access of biphenyl molecules to the internal clay surfaces is a function of the ionic strength of soil solution and the soil organic matter is the dominant site for biphenyl sorption after 6 to 21 days.
- Full Text:
- Date Issued: 2011
- Authors: Tandlich, Roman , Baláž, Štefan
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/76869 , vital:30632 , https://doi.org/10.5897/AJAR10.1012
- Description: Only limited information is available in the literature on the role of soil mineral surfaces in the sorption of hydrophobic organic pollutants. This knowledge gap is addressed through the assessment of biphenyl sorption to kaolinite, illite and bentonite; using the batch equilibration technique with incubations lasting 6 or 21 days at 28 ± 2°C in the dark [RT1]. Sorption of biphenyl onto kaolinite followed the Freundlich sorption isotherm, whereas linear sorption isotherms were observed on illite and bentonite [RT2]. The biphenyl sorption partition coefficient on kaolinite ranged from 0.1 to 9.1 cm3.g-1 after 6 days and no sorption was observed after 21 days. This could have been caused by a completely reversible sorption or a loss of binding capacity after 21 days [RT3]. The respective values of the biphenyl sorption partition coefficient on illite and bentonite ranged from 20.3 ± 0.3 to 120 ± 8 cm3.g-1.Sorption equilibrium on the internal clay surfaces was reached after 6 days, as indicated by the sorption data for illite and bentonite [RT4]. Access of biphenyl molecules to the internal clay surfaces is a function of the ionic strength of soil solution and the soil organic matter is the dominant site for biphenyl sorption after 6 to 21 days.
- Full Text:
- Date Issued: 2011
Polygamy in the recognition of Customary Marriages Act:
- Authors: Vincent, Louise
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/141809 , vital:38006 , DOI: 10.1080/10130950.2009.9676275
- Description: The Recognition of Customary Marriages Act (RCMA) 1998, recognises customary marriages which are “negotiated, celebrated or concluded according to any of the systems of indigenous African customary law which exist in South Africa” including polygamous marriages. The Act arises in the context of South Africa's Constitution which bans discrimination on grounds of culture and sexual orientation and allows for heterogeneity in its definitions of marriage and the family. A pluralist approach to family jurisprudence, however, is sometimes conceived of as setting up an irresolvable tension between the constitutional commitment to gender equality and protection for patriarchal prerogatives sanctioned by customary law. The fact that rights sometimes collide with one another is one of the reasons why it is impossible always to treat rights as absolute. When rights clash the question that arises is which of the rights that find themselves in tension with one another should give way and why?
- Full Text:
- Date Issued: 2011
- Authors: Vincent, Louise
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/141809 , vital:38006 , DOI: 10.1080/10130950.2009.9676275
- Description: The Recognition of Customary Marriages Act (RCMA) 1998, recognises customary marriages which are “negotiated, celebrated or concluded according to any of the systems of indigenous African customary law which exist in South Africa” including polygamous marriages. The Act arises in the context of South Africa's Constitution which bans discrimination on grounds of culture and sexual orientation and allows for heterogeneity in its definitions of marriage and the family. A pluralist approach to family jurisprudence, however, is sometimes conceived of as setting up an irresolvable tension between the constitutional commitment to gender equality and protection for patriarchal prerogatives sanctioned by customary law. The fact that rights sometimes collide with one another is one of the reasons why it is impossible always to treat rights as absolute. When rights clash the question that arises is which of the rights that find themselves in tension with one another should give way and why?
- Full Text:
- Date Issued: 2011
Tartarus: A honeypot based malware tracking and mitigation framework
- Hunter, Samuel O, Irwin, Barry V W
- Authors: Hunter, Samuel O , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428629 , vital:72525 , https://d1wqtxts1xzle7.cloudfront.net/96055420/Hunter-libre.pdf?1671479103=andresponse-content-disposi-tion=inline%3B+filename%3DTartarus_A_honeypot_based_malware_tracki.pdfandExpires=1714722666andSignature=JtPpR-IoAXILqsIJSlmCEvn6yyytE17YLQBeFJRKD5aBug-EbLxFpEGDf4GtQXHbxHvR4~E-b5QtMs1H6ruSYDti9fIHenRbLeepZTx9jYj92to3qZjy7UloigYbQuw0Y6sN95jI7d4HX-Xkspbz0~DsnzwFmLGopg7j9RZSHqpSpI~fBvlml3QQ2rLCm4aB9u8tSW8du5u~FiJgiLHNgJaPzEOzy4~yfKkXBh--LTFdgeAVYxQbOESGGh9k5bc-LDJhQ6dD5HpXsM3wKJvYuVyU6m83vT2scogVgKHIr-t~XuiqL35PfI3hs2c~ZO0TH4hCqwiNMHQ8GCYsLvllsA__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: On a daily basis many of the hosts connected to the Internet experi-ence continuous probing and attack from malicious entities. Detection and defence from these malicious entities has primarily been the con-cern of Intrusion Detection Systems, Intrusion Prevention Systems and Anti-Virus software. These systems rely heavily on known signatures to detect nefarious traffic. Due to the reliance on known malicious signa-tures, these systems have been at a serious disadvantage when it comes to detecting new, never before seen malware. This paper will introduce Tartarus which is a malware tracking and mitigation frame-work that makes use of honeypot technology in order to detect mali-cious traffic. Tartarus implements a dynamic quarantine technique to mitigate the spread of self propagating malware on a production net-work. In order to better understand the spread and impact of internet worms Tartarus is used to construct a detailed demographic of poten-tially malicious hosts on the internet. This host demographic is in turn used as a blacklist for firewall rule creation. The sources of malicious traffic is then illustrated through the use of a geolocation based visuali-sation.
- Full Text:
- Date Issued: 2011
- Authors: Hunter, Samuel O , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428629 , vital:72525 , https://d1wqtxts1xzle7.cloudfront.net/96055420/Hunter-libre.pdf?1671479103=andresponse-content-disposi-tion=inline%3B+filename%3DTartarus_A_honeypot_based_malware_tracki.pdfandExpires=1714722666andSignature=JtPpR-IoAXILqsIJSlmCEvn6yyytE17YLQBeFJRKD5aBug-EbLxFpEGDf4GtQXHbxHvR4~E-b5QtMs1H6ruSYDti9fIHenRbLeepZTx9jYj92to3qZjy7UloigYbQuw0Y6sN95jI7d4HX-Xkspbz0~DsnzwFmLGopg7j9RZSHqpSpI~fBvlml3QQ2rLCm4aB9u8tSW8du5u~FiJgiLHNgJaPzEOzy4~yfKkXBh--LTFdgeAVYxQbOESGGh9k5bc-LDJhQ6dD5HpXsM3wKJvYuVyU6m83vT2scogVgKHIr-t~XuiqL35PfI3hs2c~ZO0TH4hCqwiNMHQ8GCYsLvllsA__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: On a daily basis many of the hosts connected to the Internet experi-ence continuous probing and attack from malicious entities. Detection and defence from these malicious entities has primarily been the con-cern of Intrusion Detection Systems, Intrusion Prevention Systems and Anti-Virus software. These systems rely heavily on known signatures to detect nefarious traffic. Due to the reliance on known malicious signa-tures, these systems have been at a serious disadvantage when it comes to detecting new, never before seen malware. This paper will introduce Tartarus which is a malware tracking and mitigation frame-work that makes use of honeypot technology in order to detect mali-cious traffic. Tartarus implements a dynamic quarantine technique to mitigate the spread of self propagating malware on a production net-work. In order to better understand the spread and impact of internet worms Tartarus is used to construct a detailed demographic of poten-tially malicious hosts on the internet. This host demographic is in turn used as a blacklist for firewall rule creation. The sources of malicious traffic is then illustrated through the use of a geolocation based visuali-sation.
- Full Text:
- Date Issued: 2011
- «
- ‹
- 1
- ›
- »