弓形虫复合黏膜疫苗滴鼻免疫小鼠的黏膜相关淋巴细胞及其亚群的动态变化

目的探讨弓形虫复合黏膜疫苗滴鼻免疫小鼠的黏膜相关淋巴细胞及其亚群的动态变化。方法取BALB/c小鼠96只,随机分为实验组和对照组,实验组以弓形虫复合黏膜疫苗20μl/只滴鼻免疫,对照组以PBS滴鼻。滴鼻2次(间隔2周)后,分别于第1、2、3、4、6、8、10、12周处死小鼠,分离鼻相关淋巴组织(NALT)、Peyer结(PP)和上皮内淋巴细胞(IEL),制备淋巴细胞悬液,计数并涂片。免疫细胞化学法检测CD4+、CD8+T细胞亚群水平。结果实验组NALT、PP和IEL的T淋巴细胞均显著增生,PP和IEL的T淋巴细胞第2周达高峰,之后逐渐降低。与对照组相比,NALT的T淋巴细胞于第1、2、6、8、12周显著增生,PP的T淋巴细胞数于第1、2、3周显著增生,IEL于第1～4周显著增生。NALT和PP中主要以CD4+T细胞增生为主,肠IEL以CD8+T细胞增生为主。结论弓形虫复合黏膜疫苗滴鼻免疫BALB/c小鼠,可诱导鼻相关淋巴组织和肠相关淋巴组织T淋巴细胞明显增生,同时诱导其向不同亚群分化。     

基于免疫原理的恶意软件检测模型*

针对恶意软件检测尤其是未知恶意软件检测的不足,提出一种基于免疫原理的恶意软件检测模型,该模型采用程序运行时产生的IRP请求序列作为抗原,定义系统中的正常程序为自体,恶意程序为非自体,通过选定数量的抗体,采用人工免疫原理对非自体进行识别。实验结果表明,此模型在恶意软件的检测方面具有较高的准确率,且误报和漏报率较低,是一种有效的恶意软件检测方法。     

Anatomy of a Data Breach

ABSTRACT

In the wake of undiscovered data breaches and subsequent public exposure, regulatory compliance and security audit standards are becoming more important to protecting critical assets. Despite the increase in the number of data breaches via illicit means, internal controls seem to fail when it comes to the assurance that critical assets remain uncompromised. According to the Identity Theft Resource Center, 336 breaches have been reported in 2008 alone, 69%?greater than this time last year ¹ 1. Identity Theft Resource Center. (2008, July 15). IRTC 2008 Breach List. . This is a concern for security teams, especially since a lack of dedicated resources exists to combat and revert this trend.

This is significantly important to take into consideration when going through the formal audit process to certify adherence to Sarbanes-Oxley (SOX), Graham Leach Bliley (GLBA), Payment Card Industry (PCI), or the Health Insurance and Portability and Accountability Act (HIPAA). With the significant increase in data exposure corporations cannot afford to take shortcuts when it comes to information assurance. Otherwise it is almost certain that one will become a victim of a serious exposure of sensitive information. This paper will explore the several disconnects between established and accepted security audit framework and the variable of hidden infections.     

A Survey on Fast-flux Attacks

ABSTRACT

“Fast-flux” refers to rapidly assigning different IP addresses to the same domain name. Although there are some legitimate uses for this technique, recently it has become a favorite tool for cyber criminals to launch collaborative attacks. After it was first observed by Honeynet, it was reported that fast-flux has been used in phishing, malware spreading, spam, and other malicious activities linked to criminal organizations. Combining with peer-to-peer networking, distributed command and control, web-based load balancing, and proxy redirection, fast-flux makes Internet attacks more resistant to discovery and counter-measure. This article aims at giving a comprehensive survey on fast-flux attacks. Some important issues including technical background, classification, characterization, measurement and detection, and mitigation are discussed. Challenges of detecting and mitigating fast-flux attack are also pointed out.     

基于带有惩罚因子的阴性选择算法的恶意程序检测模型

提出了一个基于带有惩罚因子的阴性选择算法的恶意程序检测模型.该模型从指令频率和包含相应指令的文件频率两个角度出发,对指令进行了深入的趋向性分析,提取出了趋向于代表恶意程序的恶意程序指令库.利用这些指令,有序切分程序比特串,模型提取得到恶意程序候选特征库和合法程序类恶意程序特征库.在此基础上,文中提出了一种带有惩罚因子的阴性选择算法(negative selection algorithm with penalty factor,NSAPF),根据异体和自体的匹配情况,采用惩罚的方式,对恶意程序候选特征进行划分,组成了恶意程序检测特征库1(malware detection signature library 1,MDSL1)和恶意程序检测特征库2(MDSL2),以此作为检测可疑程序的二维参照物.综合可疑程序和MDSL1,MDSL2的匹配值,文中模型将可疑程序分类到合法程序和恶意程序.通过在阴性选择算法中引入惩罚因子C,摆脱了传统阴性选择算法中对自体和异体有害性定义的缺陷,继而关注程序代码本身的危险性,充分挖掘和调节了特征的表征性,既提高了模型的检测效果,又使模型可以满足用户对识别率和虚警率的不同要求.综合实验...     

隐式API调用行为的静态检测方法

为有效提取恶意程序及其变种中的隐式API调用行为,提出一种基于静态分析的隐式API调用行为检测方法。采用指令模板匹配的方法识别具体调用形式,通过分析调用目标地址与函数名之间的关系来识别被调用API函数。实验结果表明,该方法能提高静态分析工具对恶意代码及其变体的检测能力。     

Exploiting an antivirus interface

We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justify the effectiveness of our approach.     

可执行文件中子程序异常返回的识别

针对子程序异常返回对反汇编操作的干扰,提出一种能够有效对抗该技术的反汇编算法。该算法通过2遍解码流程对目标可执行程序进行扫描,模拟代码执行过程中对内存栈的操作,从而正确解码出经过混淆处理的可执行程序。通过与2款常用反汇编器IDAPro和OBJDump的反汇编结果进行比较,证明该算法能够有效地识别出子程序异常返回的情况,从而有效提高反汇编的正确率。     

“云安全”检测技术安全性分析

“云安全”检测已成为病毒查杀领域发展的新趋势,为对其在病毒检测过程中的安全性有进一步了解,研究了“云安全”检测体系结构以及主流“云安全”策略,针对某“云安全”检测软件的文件样本提取方式和网络传输数据的特点,分析了检测流程中存在的安全隐患,基于这些安全隐患设计并实现了“云安全”检测的规避方案,针对规避方案提出了防护建议.实验结果表明,“云安全”检测在实际应用过程中仍可能被恶意程序绕过.