Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. Therefore, simply matching communications with blacklist entries is insufficient, and administrators should pursue their detection causes by investigating the communications themselves. In this paper, we propose an approach for classifying malicious DNS queries detected through blacklists by their causes. This approach is motivated by the following observation: a malware communication is divided into several transactions, each of which generates queries related to the malware; thus, surrounding queries that occur before and after a malicious query detected through blacklists help in estimating the cause of the malicious query. Our cause-based classification drastically reduces the number of malicious queries to be investigated because the investigation scope is limited to only representative queries in the classification results. In experiments, we have confirmed that our approach could group 388 malicious queries into 3 clusters, each consisting of queries with a common cause. These results indicate that administrators can briefly pursue all the causes by investigating only representative queries of each cluster, and thereby swiftly address the problem of infected machines in the network.
Electricity consumption in the world is constantly increasing, making our lives become more and more dependent on electricity. There are several new paradigms proposed in the field of power grids. In Japan, especially after the Great East Japan Earthquake in March 2011, the new power grid paradigms are expected to be more resilient to survive several difficulties during disasters. In this paper, we focus on microgrids and propose priority-based hierarchical operational management for multiagent-based microgrids. The proposed management is a new multiagent-based load shedding scheme and multiagent-based hierarchical architecture to realize such resilient microgrids. We developed a prototype system and performed an evaluation of the proposed management using the developed system. The result of the evaluation shows the effectiveness of our proposal in power shortage situations, such as disasters.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.