Learn More
Genomic manipulations using site-specific recombinases rely on their applied characteristics in living systems. To understand their applied properties so that they can be optimally deployed, we compared the recombinases FLP and Cre in two assays. In both Escherichia coli and in vitro, FLP shows a different temperature optimum than Cre. FLP is more(More)
In this paper we describe the first large-scale, long-term study of how hosts connected to the Internet manage their clocks. This is important for forensic investigations when there is a need for correlation of events collected from disparate sources, as well as for the correlation of computer events to ''real'' time. We have sampled over 8000 web servers(More)
In this paper we describe the design and implementation of Zeitline. Zeitline is a graphical timeline editor that allows a forensic investigator to create a timeline of events that were gathered from different sources, such as host MAC times, system logs, and firewalls. We present some background information, discuss the design of the tool, describe its(More)
We report the construction of two Escherichia coli strains (294-Cre and 294-FLP) which express either Cre- or FLP-recombinase. Plasmids containing authentic recognition targets for either recombinase (loxPs or FRTs) are recombined when propagated in the appropriate strain. 294-Cre and 294-FLP thus provide a simple test for the recombination competence of(More)
To investigate the exploitation and contamination by self-propagating Internet worms, a provenance-aware tracing mechanism is highly desirable. Provenance unawareness causes difficulties in fast, accurate identification of a worm’s break-in point, and incurs significant log inspection overhead. This paper presents the design, implementation, and(More)
The number of computer attacks has been growing dramatically as the Internet has grown. Attackers currently have little or no disincentive to conducting attacks because they are able to hide their location effectively by creating a chain of connections through a series of hosts. This method is effective because most current host audit systems do not(More)
Worms continue to be a leading security threat on the In-ternet. This paper analyzes several of the more widespread worms and develops a general life-cycle for them. The life-cycle, from the point of view of the victim host, consists of four stages: target selection, exploitation, infection, and propagation. While not all worms fall into this framework(More)
To detect and investigate self-propagating worm attacks against networked servers, the following capabilities are desirable: 1) raising timely alerts to trigger a worm investigation, 2) determining the break-in point of a worm, i.e., the vulnerable service from which the worm infiltrates the victim, and 3) identifying all contaminations inflicted by the(More)