In response to widespread looting of archaeological sites, archaeologists have used satellite imagery to enable the investigation of looting of affected archaeological sites. Such analyses often require time-consuming direct human interpretation of images, with the potential for human-induced error. We introduce a novel automated image processing mechanism applied to the analysis of very high-resolution panchromatic satellite images and demonstrate its ability to identify damage at archaeological sites with high accuracy and low false-positive rates compared to standard image classification methods. This has great potential for large-scale applications whereby countrywide satellite datasets can be batch processed to find looting hotspots. Time is running out for many archaeological sites in the Middle East and elsewhere, and this mechanism fills a needed gap for locating looting damage in a cost and time efficient manner, with potential global applications.
To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package. Intrusion AnalysisUsing traditional tools, such as grep and awk (or their equivalent), the sysadmin browses each host's log file and examines the resulting text output. This approach is difficult for several reasons: it requires the construction of complex regular expressions or scripts for searching the logs, manual correlation of events from different logs or hosts, and systematic recording of actions and results for later study or action. Because this process is difficult and tedious, most sysadmins can't fully explore and understand an attack or document it so that others can study it. ComponentsThe Kerf approach contributes five key components to the intrusion-analysis process.Secure logging. After successfully compromising a system, most hackers remove traces of their intrusion from the system's logs. Thus, it is important to securely forward and store logging information off the host. (For more information on remote logging, see the "Remote logging in practice" sidebar.) Many approaches and existing software exist for secure real-time transfer of log data from a collection of hosts to a secure log server. Kerf can take advantage of any such mechanism. For the purposes of our prototype, we implemented a secure logging host that can receive, decode, and store logging information from multiple sources.Our approach is similar to that used by the Honeynet Project.2 The key difference is that the Kerf system employs only a user-level daemon to forward ordinary sys-
To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package. Intrusion AnalysisUsing traditional tools, such as grep and awk (or their equivalent), the sysadmin browses each host's log file and examines the resulting text output. This approach is difficult for several reasons: it requires the construction of complex regular expressions or scripts for searching the logs, manual correlation of events from different logs or hosts, and systematic recording of actions and results for later study or action. Because this process is difficult and tedious, most sysadmins can't fully explore and understand an attack or document it so that others can study it. ComponentsThe Kerf approach contributes five key components to the intrusion-analysis process.Secure logging. After successfully compromising a system, most hackers remove traces of their intrusion from the system's logs. Thus, it is important to securely forward and store logging information off the host. (For more information on remote logging, see the "Remote logging in practice" sidebar.) Many approaches and existing software exist for secure real-time transfer of log data from a collection of hosts to a secure log server. Kerf can take advantage of any such mechanism. For the purposes of our prototype, we implemented a secure logging host that can receive, decode, and store logging information from multiple sources.Our approach is similar to that used by the Honeynet Project.2 The key difference is that the Kerf system employs only a user-level daemon to forward ordinary sys-
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.