WorldWideScience

Sample records for abdool karim attacking

  1. karim chikh

    Indian Academy of Sciences (India)

    Home; Journals; Bulletin of Materials Science. KARIM CHIKH. Articles written in Bulletin of Materials Science. Volume 41 Issue 2 April 2018 pp 36. Acid-activated bentonite (Maghnite-H + ) as a novel catalyst for the polymerization of decamethylcyclopentasiloxane · DJAMAL EDDINE KHERROUB MOHAMMED BELBACHIR ...

  2. Traditional healers and AIDS prevention | Abdool Karim | South ...

    African Journals Online (AJOL)

    Her questionable beliefs included a Nazi conspiracy as the source of AIDS, a string ritual to prevent promiscuity and a conviction that she could treat AIDS. Notwithstanding the latter beliefs, her generally factual knowledge of AIDS indicated that she could be an important source of AIDS information in the community; she ...

  3. Under-reporting in hepatitis B notifications | Abdool Karim | South ...

    African Journals Online (AJOL)

    Notification and laboratory data for the period January 1985 December 1988 were compared in order to estimate: (i) the minimum level of under-reporting of hepatitis B; and (ii) the consistency of the level of under-reporting, both regiorially and nationally. Ratios between hepatitis B notifications and positive hepatitis B ...

  4. Ere plastikupoeet Karim Rashid / Kadi Lehtmets

    Index Scriptorium Estoniae

    Lehtmets, Kadi

    2007-01-01

    Kairos 1960. a. sündinud disainerist Karim Rashidist, kelle lemmikmaterjaliks on plast. Tema raamatutest "Ma tahan muuta maailma" ja "Design Your Self" (2004), disainitud toodetest, Deutsche Bank VIP Lounge'i ja Ateena Semiramise hotelli (sai Sleep05 Euroopa hotellidisaini auhinna) kujundusest. 16 ill

  5. South African Medical Journal - Vol 79, No 3 (1991)

    African Journals Online (AJOL)

    Under-reporting in hepatitis B notifications · EMAIL FREE FULL TEXT EMAIL FREE FULL TEXT DOWNLOAD FULL TEXT DOWNLOAD FULL TEXT. S.S. Abdool Karim, Q Abdool Karim, 242-244 ... Non-cirrhotic portal hypertension entity in South Africa? A report of 6 cases · EMAIL FREE FULL TEXT EMAIL FREE FULL TEXT

  6. Loss of maternal measles antibody in black South African infants in ...

    African Journals Online (AJOL)

    Loss of maternal measles antibody in black South African infants in the first year of life implications for age of vaccination. P Kiepiela, H. M. Coovadia, W.E.K. Loening, P. Coward, S.S. Abdool Karim ...

  7. ORIGINAL ARTICLES

    African Journals Online (AJOL)

    . PARTNERSHIPS FOR STD. CONTROL IN SOUTH AFRICA-. PERSPECTIVES FROM THE. HLABISA EXPERIENCE. David Wilkinson, Salim S Abdool Karim, Mark Lurie,. Abigail Harrison. Sexually transmitted diseases (STDs) are epidemic in.

  8. Heart Attack

    Science.gov (United States)

    Each year almost 800,000 Americans have a heart attack. A heart attack happens when blood flow to the heart suddenly ... it's important to know the symptoms of a heart attack and call 9-1-1 if you or ...

  9. Attack surfaces

    DEFF Research Database (Denmark)

    Gruschka, Nils; Jensen, Meiko

    2010-01-01

    The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion...... of attack surfaces of the cloud computing scenario participants....

  10. Comments on Awad El Karim M. Ibrahim's "Becoming Black: Rap and Hip-Hop, Race, Gender, and Identity and the Politics of ESL Learning" [and] A Reader Reacts . . . [and] Identity or Identification? A Response to Some Objections.

    Science.gov (United States)

    Goldstein, Lynn; Ibrahim, Awad El Karim M.

    2000-01-01

    Goldstein questions the way Awad El Karim M. Ibrahim portrayed her research on the language and identity of Hispanic English-as-a-Second-Language learners in his article, "Becoming Black: Rap and Hip-Hop, Race, Gender, and Identity and the Politics of ESL Learning." Ibrahim responds to these comments. (Author/VWL)

  11. Heart Attack

    Science.gov (United States)

    ... pain Fatigue Heart attack Symptoms & causes Diagnosis & treatment Advertisement Mayo Clinic does not endorse companies or products. ... a Job Site Map About This Site Twitter Facebook Google YouTube Pinterest Mayo Clinic is a not- ...

  12. About Heart Attacks

    Science.gov (United States)

    ... Artery Disease Venous Thromboembolism Aortic Aneurysm More About Heart Attacks Updated:Jan 11,2018 A heart attack is ... coronary artery damage leads to a heart attack . Heart Attack Questions and Answers What is a heart attack? ...

  13. Heart Attack

    Science.gov (United States)

    ... Pressure, tightness, pain, or a squeezing or aching sensation in your chest or arms that may spread to your neck, jaw or back Nausea, indigestion, heartburn or abdominal pain Shortness of breath Cold sweat Fatigue Lightheadedness or sudden dizziness Heart attack ...

  14. Heart attack

    Science.gov (United States)

    ... part in support groups for people with heart disease . Outlook (Prognosis) After a heart attack, you have a higher ... P, Bonow RO, Braunwald E, eds. Braunwald's Heart Disease: A Textbook of Cardiovascular Medicine . 10th ed. Philadelphia, PA: Elsevier Saunders; 2014: ...

  15. Shark attack.

    Science.gov (United States)

    Guidera, K J; Ogden, J A; Highhouse, K; Pugh, L; Beatty, E

    1991-01-01

    Shark attacks are rare but devastating. This case had major injuries that included an open femoral fracture, massive hemorrhage, sciatic nerve laceration, and significant skin and muscle damage. The patient required 15 operative procedures, extensive physical therapy, and orthotic assistance. A review of the literature pertaining to shark bites is included.

  16. Browse Title Index

    African Journals Online (AJOL)

    S. S. Abdool Karim, D. R. Tait. Vol 78, No 8 (1990), Herhalende akute polihidramnios en indometasienbehandeling: 'n Gevalbespreking, Abstract PDF. B.L. Faber. Vol 108, No 2 (2018), Heroin detoxification during pregnancy: A systematic review and retrospective study of the management of heroin addiction in pregnancy ...

  17. Urodynamics - Basic concepts | Abdool | Obstetrics and ...

    African Journals Online (AJOL)

    Urodynamic studies still remains a controversial investigation in the assessment of patients with urinary incontinence. A systematic review on the correlation between clinical and urodynamic diagnosis in classifying the type of urinary incontinence by van Leijsen et al in 2011 makes interesting reading. The review concluded ...

  18. Pericarditis - after heart attack

    Science.gov (United States)

    ... medlineplus.gov/ency/article/000166.htm Pericarditis - after heart attack To use the sharing features on this page, ... occur in the days or weeks following a heart attack . Causes Two types of pericarditis can occur after ...

  19. Heart attack first aid

    Science.gov (United States)

    First aid - heart attack; First aid - cardiopulmonary arrest; First aid - cardiac arrest ... A heart attack occurs when the blood flow that carries oxygen to the heart is blocked. The heart muscle becomes ...

  20. Social engineering attack framework

    CSIR Research Space (South Africa)

    Mouton, F

    2014-07-01

    Full Text Available link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack...

  1. Terrorists and Suicide Attacks

    National Research Council Canada - National Science Library

    Cronin, Audrey K

    2003-01-01

    Suicide attacks by terrorist organizations have become more prevalent globally, and assessing the threat of suicide attacks against the United States and its interests at home and abroad has therefore...

  2. Solidarity under Attack

    DEFF Research Database (Denmark)

    Meret, Susi; Goffredo, Sergio

    2017-01-01

    https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack......https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack...

  3. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... Ischemic Attack TIA , or transient ischemic attack, is a "mini stroke" that occurs when a blood clot blocks an artery for a short time. The only difference between a stroke ...

  4. Composite Dos Attack Model

    Directory of Open Access Journals (Sweden)

    Simona Ramanauskaitė

    2012-04-01

    Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.

  5. What Is a Heart Attack?

    Science.gov (United States)

    ... Research Home / Heart Attack Heart Attack Also known as Myocardial infarction Leer en español ... or years after the procedure. Other Treatments for Heart Attack Other treatments for heart attack include: Medicines Medical ...

  6. Kleptographic Attacks on ECDSA

    Directory of Open Access Journals (Sweden)

    Nadezhda Anatolievna Chepick

    2014-12-01

    Full Text Available This paper presents secretly trapdoor with universal protection (SETUP attacks on the elliptic curve digital signature algorithm ECDSA. It allows a malicious manufacturer of black-box cryptosystems to implement these attacks to get access to user’s private key. The attacker can obtain user’s private key. The way ECDSA can be used for encryption and key exchange is also described.

  7. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...

  8. Seven deadliest USB attacks

    CERN Document Server

    Anderson, Brian

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdum

  9. Plants under dual attack

    NARCIS (Netherlands)

    Ponzio, C.A.M.

    2016-01-01

    Though immobile, plants are members of complex environments, and are under constant threat from a wide range of attackers, which includes organisms such as insect herbivores or plant pathogens. Plants have developed sophisticated defenses against these attackers, and include chemical responses such

  10. Heart attack - discharge

    Science.gov (United States)

    ... and lifestyle Cholesterol - drug treatment Controlling your high blood pressure Deep vein thrombosis - discharge Dietary fats explained Fast food tips Heart attack - discharge Heart attack - what to ask your doctor Heart bypass ... pacemaker - discharge High blood pressure - what to ask your doctor How to read ...

  11. Nocturnal panic attacks

    Directory of Open Access Journals (Sweden)

    Lopes Fabiana L.

    2002-01-01

    Full Text Available The panic-respiration connection has been presented with increasing evidences in the literature. We report three panic disorder patients with nocturnal panic attacks with prominent respiratory symptoms, the overlapping of the symptoms with the sleep apnea syndrome and a change of the diurnal panic attacks, from spontaneous to situational pattern. The implication of these findings and awareness to the distinct core of the nocturnal panic attacks symptoms may help to differentiate them from sleep disorders and the search for specific treatment.

  12. Heart Attack Payment - State

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – state data. This data set includes state-level data for payments associated with a 30-day episode of care for heart...

  13. Heart Attack Payment - Hospital

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – provider data. This data set includes provider data for payments associated with a 30-day episode of care for heart...

  14. Heart Attack Payment - National

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – national data. This data set includes national-level data for payments associated with a 30-day episode of care for heart...

  15. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... TIA , or transient ischemic attack, is a "mini stroke" that occurs when a blood clot blocks an ... a short time. The only difference between a stroke and TIA is that with TIA the blockage ...

  16. Facial Dog Attack Injuries

    OpenAIRE

    Lin, Wei; Patil, Pavan Manohar

    2013-01-01

    The exposed position of the face makes it vulnerable to dog bite injuries. This fact combined with the short stature of children makes them a high-risk group for such attacks. In contrast to wounds inflicted by assaults and accidents, dog bite wounds are deep puncture type wounds compounded by the presence of pathologic bacteria from the saliva of the attacking dog. This, combined with the presence of crushed, devitalized tissue makes these wounds highly susceptible to infection. Key to succe...

  17. Cyber Attacks, Information Attacks, and Postmodern Warfare

    Directory of Open Access Journals (Sweden)

    Valuch Jozef

    2017-06-01

    Full Text Available The aim of this paper is to evaluate and differentiate between the phenomena of cyberwarfare and information warfare, as manifestations of what we perceive as postmodern warfare. We describe and analyse the current examples of the use the postmodern warfare and the reactions of states and international bodies to these phenomena. The subject matter of this paper is the relationship between new types of postmodern conflicts and the law of armed conflicts (law of war. Based on ICJ case law, it is clear that under current legal rules of international law of war, cyber attacks as well as information attacks (often performed in the cyberspace as well can only be perceived as “war” if executed in addition to classical kinetic warfare, which is often not the case. In most cases perceived “only” as a non-linear warfare (postmodern conflict, this practice nevertheless must be condemned as conduct contrary to the principles of international law and (possibly a crime under national laws, unless this type of conduct will be recognized by the international community as a “war” proper, in its new, postmodern sense.

  18. Collaborative Attack vs. Collaborative Defense

    Science.gov (United States)

    Xu, Shouhuai

    We have witnessed many attacks in the cyberspace. However, most attacks are launched by individual attackers even though an attack may involve many compromised computers. In this paper, we envision what we believe to be the next generation cyber attacks — collaborative attacks. Collaborative attacks can be launched by multiple attackers (i.e., human attackers or criminal organizations), each of which may have some specialized expertise. This is possible because cyber attacks can become very sophisticated and specialization of attack expertise naturally becomes relevant. To counter collaborative attacks, we might need collaborative defense because each “chain” in a collaborative attack may be only adequately dealt with by a different defender. In order to understand collaborative attack and collaborative defense, we present a high-level abstracted framework for evaluating the effectiveness of collaborative defense against collaborative attacks. As a first step towards realizing and instantiating the framework, we explore a characterization of collaborative attacks and collaborative defense from the relevant perspectives.

  19. Seven Deadliest Wireless Technologies Attacks

    CERN Document Server

    Haines, Brad

    2010-01-01

    How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption

  20. Browse Title Index

    African Journals Online (AJOL)

    P Kiepiela, H. M. Coovadia, W.E.K. Loening, P. Coward, S.S. Abdool Karim. Vol 101, No 4 (2011), Loss to follow-up in a community clinic in South Africa – roles of gender, pregnancy and CD4 count, Abstract PDF. B Wang, E Losina, R Stark, A Munro, RP Walensky, M Wilke, D Martin, Z Lu, KA Freedberg, R Wood. Vol 97, No ...

  1. Shark attack in Natal.

    Science.gov (United States)

    White, J A

    1975-02-01

    The injuries in 5 cases of shark attack in Natal during 1973-74 are reviewed. Experience in shark attacks in South Africa during this period is discussed (1965-73), and the value of protecting heavily utilized beaches in Natal with nets is assessed. The surgical applications of elasmobranch research at the Oceanographic Research Institute (Durban) and at the Headquarters of the Natal Anti-Shark Measures Board (Umhlanga Rocks) are described. Modern trends in the training of surf life-guards, the provision of basic equipment for primary resuscitation of casualties on the beaches, and the policy of general and local care of these patients in Natal are discussed.

  2. Depression After Heart Attack

    Science.gov (United States)

    ... Heart Attack? Redford B. Williams Download PDF https://doi.org/10.1161/CIRCULATIONAHA.110.017285 Circulation. 2011; 123: ... e639-e640 , originally published June 27, 2011 https://doi.org/10.1161/CIRCULATIONAHA.110.017285 Citation Manager Formats ...

  3. Temporal Cyber Attack Detection.

    Energy Technology Data Exchange (ETDEWEB)

    Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-11-01

    Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

  4. Fatal crocodile attack.

    Science.gov (United States)

    Chattopadhyay, Saurabh; Shee, Biplab; Sukul, Biswajit

    2013-11-01

    Attacks on human beings by various animals leading to varied types of injuries and even death in some cases are not uncommon. Crocodile attacks on humans have been reported from a number of countries across the globe. Deaths in such attacks are mostly due to mechanical injuries or drowning. Bites by the crocodiles often cause the limbs to be separated from the body. The present case refers to an incident of a fatal attack by a crocodile on a 35 years old female where only the mutilated head of the female was recovered. Multiple lacerated wounds over the face and scalp along with fracture of the cranial bones was detected on autopsy. Two distinct bite marks in the form of punched in holes were noted over the parietal and frontal bones. Injuries on the head with its traumatic amputation from the body were sufficient to cause death. However, the presence of other fatal injuries on the unrecovered body parts could not be ruled out. Copyright © 2013 Elsevier Ltd and Faculty of Forensic and Legal Medicine. All rights reserved.

  5. BIRD ATTACK OCULAR INJURIES.

    Science.gov (United States)

    Tabatabaei, Seyed Ali; Soleimani, Mohammad; Behrouz, Mahmoud Jabbarvand

    2017-03-29

    To report 30 patients with bird attack-related eye injuries. This study was performed among patients coming to Farabi Eye Hospital, Tehran, Iran, from 2010 to 2015 with a history of bird attack causing eye injury. The inclusion criteria were a history of bird attack by pecking causing eye injury and having treatment and follow-up record for at least 6 months after treatment. The primary eye examinations included a full ophthalmic examination including evaluation of uncorrected visual acuity and best-corrected visual acuity (BCVA), anterior segment slit lamp biomicroscopy, and photography. For all patients with penetrating injury, primary repair was undertaken. Thirty patients (10 females and 20 males) with a mean age of 23.3 ± 18.5 years entered the study. The most common zone of injury was zone 1 (P < 0.001), and lensectomy was not needed in majority of patients (P < 0.001). The most common bird causing the injury was mynah (P < 0.001). Those patients with baseline BCVA of less than 20/200 or those with endophthalmitis had statistically worse final BCVA after treatment. Patients attacked by mynah bird had significantly better pretreatment uncorrected visual acuity and BCVA. The most common bird causing the eye injury among the sample of patients from Iran was mynah, which differs with previous studies indicating the rooster attack as the most common cause of eye injury. The authors also found that the most common zone of injury was zone 1, and the presence of endophthalmitis and lower baseline BCVA were significant risk factors for worse visual outcomes.

  6. Blocking of Brute Force Attack

    OpenAIRE

    M.Venkata Krishna Reddy

    2012-01-01

    A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

  7. Bluetooth security attacks comparative analysis, attacks, and countermeasures

    CERN Document Server

    Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka

    2013-01-01

    This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.

  8. Heart Attack Coronary Artery Disease

    Science.gov (United States)

    ... our e-newsletter! Aging & Health A to Z Heart Attack Coronary Artery Disease, Angina Basic Facts & Information What ... and oxygen supply; this is what causes a heart attack. If the damaged area is small, however, your ...

  9. Thrombolytic drugs for heart attack

    Science.gov (United States)

    ... gov/ency/article/007488.htm Thrombolytic drugs for heart attack To use the sharing features on this page, ... supply blood and oxygen to the heart. A heart attack can occur if a blood clot stops the ...

  10. What Is a Heart Attack?

    Science.gov (United States)

    ... to help prevent your first heart attack. Heart-Healthy Lifestyle Changes A heart-healthy lifestyle can help prevent ... blood to flow to the heart muscle. Heart-Healthy Lifestyle Changes Treatment for a heart attack usually includes ...

  11. Automated Discovery of Mimicry Attacks

    National Research Council Canada - National Science Library

    Giffin, Jonathon T; Jha, Somesh; Miller, Barton P

    2006-01-01

    .... These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model...

  12. Attack Trees with Sequential Conjunction

    NARCIS (Netherlands)

    Jhawar, Ravi; Kordy, Barbara; Mauw, Sjouke; Radomirović, Sasa; Trujillo-Rasua, Rolando

    2015-01-01

    We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of

  13. Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

    Directory of Open Access Journals (Sweden)

    Yi-Hsun Wang

    2010-09-01

    Full Text Available Web applications suffer from cross-site scripting (XSS attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1 automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2 mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3 be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.

  14. Seven Deadliest Unified Communications Attacks

    CERN Document Server

    York, Dan

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks featured in this book include: UC Ecosystem Attacks Insecure Endpo

  15. Improving Attack Graph Visualization through Data Reduction and Attack Grouping

    Energy Technology Data Exchange (ETDEWEB)

    John Homer; Ashok Varikuti; Xinming Ou; Miles A. McQueen

    2008-09-01

    Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) automatically group similar attack steps as virtual nodes in a model of the network topology, to immediately increase the understandability of the data. We believe both methods are important steps toward improving visualization of attack graphs to make them more useful in configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) significantly increase the accessibility and understandability of the data presented in the attack graph by clearly showing, within a generated visualization of the network topology, the number and type of potential attacks to which each host is exposed.

  16. Attacks on computer systems

    Directory of Open Access Journals (Sweden)

    Dejan V. Vuletić

    2012-01-01

    Full Text Available Computer systems are a critical component of the human society in the 21st century. Economic sector, defense, security, energy, telecommunications, industrial production, finance and other vital infrastructure depend on computer systems that operate at local, national or global scales. A particular problem is that, due to the rapid development of ICT and the unstoppable growth of its application in all spheres of the human society, their vulnerability and exposure to very serious potential dangers increase. This paper analyzes some typical attacks on computer systems.

  17. Recent "phishing" attacks

    CERN Multimedia

    IT Department

    2009-01-01

    Over the last few weeks there has been a marked increase in the number of attacks on CERN made by cybercriminals. Typical attacks arrive in the form of e-mail messages purporting to come from the CERN Help Desk, Mail Service, or some similarly official-sounding entity and suggest that there is a problem with your account, such as it being over-quota. They then ask you to click on a link or to reply and give your password. Please don’t! Be cautious of any unexpected messages containing web links even if they appear to come from known contacts. If you happen to click on such a link and if your permission is requested to run or install software, always decline it. NEVER provide your password or other details if these are requested. These messages try to trick you into clicking on Web links which will help them to install malicious software on your computer, and anti-virus software cannot be relied on to detect all cases. In case of questions on this topic, you may contact mailto:helpdesk@cern.ch. CERN Comput...

  18. Cyber Attacks and Combat Behavior

    Directory of Open Access Journals (Sweden)

    Carataș Maria Alina

    2017-01-01

    Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.

  19. Attacks on RFID Identification Systems

    Directory of Open Access Journals (Sweden)

    D. M. Mikhaylov

    2010-09-01

    Full Text Available This article is about attacks on RFID systems. Currently antivirus developers are not developing systems that protect from viruses that could exist on RFID tags. Such viruses are considered as not existing because the RFID tag memory is very small. Unfortunately such viruses exist. This article is concerned to such viruses and attacks that hackers could do using such viruses. Based on this article methods to prevent RFID-viruses attacks could be developed.

  20. Seven Deadliest Social Network Attacks

    CERN Document Server

    Timm, Carl

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting social networks? Then you need Seven Deadliest Social Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Social Networking Infrastruct

  1. Seven Deadliest Web Application Attacks

    CERN Document Server

    Shema, Mike

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting web applications? Then you need Seven Deadliest Web Application Attacks. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. .. .. Attacks detailed in this book include: ..: ..; Cross-Site Scripting (XSS) ..; Cross-Site Request Fo

  2. The Timing of Terrorist Attacks

    DEFF Research Database (Denmark)

    Jensen, Thomas

    2016-01-01

    I use a simple optimal stopping model to derive policy relevant insights on the timing of one-shot attacks by small autonomous terrorist units or “lone wolf” individuals. A main insight is that an increase in proactive counterterrorism measures can lead to a short term increase in the number...... of attempted terrorist attacks because it makes it more risky for existing terrorist units to pursue further development of capabilities. This is consistent with the events in London in 2005 where a terrorist attack on 7 July was followed by a similar but unsuccessful attack two weeks later....

  3. Global Mapping of Cyber Attacks

    Science.gov (United States)

    2014-01-01

    Identifying factors behind countries weakness to cyber - attacks is an important step towards addressing these weaknesses at the root level. For...the lowest rates of cyber - attacks . This is surprising given the bad cyber reputation of some African countries such as Nigeria. Our research has many policy implications.

  4. [Heart-attack in pregnancy].

    Science.gov (United States)

    Výtisková, T; Suchá, D; Fučíková, Z

    To describe hear-attack on crystal meth addicted pregnant woman. Case report. Acute heart-attack during pregnancy means unexpected obstetric complication. The consequences could be fatal for the mother and the fetus. Although good delivery management and treatment could reduce morbidity and mortality to a minimum.

  5. Superposition Attacks on Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

    2011-01-01

    string model. While our protocol is classical, it is sound against a cheating unbounded quantum prover and computational zero-knowledge even if the verifier is allowed a superposition attack. Finally, we consider multiparty computation and show that for the most general type of attack, simulation based...

  6. Multiculturalism & The Charlie Hebdo Attack

    DEFF Research Database (Denmark)

    Lægaard, Sune

    2016-01-01

    The attack on Charlie Hebdo has by many been linked to multiculturalism. But it is unclear exactly how the connection between multiculturalism and the attack should be understood and whether there indeed is such a connection. The article discusses this by distinguishing between different senses o...

  7. Automated Generation of Attack Trees

    DEFF Research Database (Denmark)

    Vigo, Roberto; Nielson, Flemming; Nielson, Hanne Riis

    2014-01-01

    -prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees...

  8. WILD PIG ATTACKS ON HUMANS

    Energy Technology Data Exchange (ETDEWEB)

    Mayer, J.

    2013-04-12

    Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.

  9. Shark Attack Project - Marine Attack at Towed Hydrophone Arrays

    National Research Council Canada - National Science Library

    Kalmijn, Adrianus J

    2005-01-01

    The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...

  10. The Cyber-Physical Attacker

    DEFF Research Database (Denmark)

    Vigo, Roberto

    2012-01-01

    the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security......The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...

  11. Female urinary incontinence: A review | Abdool | South African ...

    African Journals Online (AJOL)

    Urinary incontinence affects approximately a quarter of a billion people worldwide. It is associated with high economic costs, psychological morbidity and adverse effects on the quality of life. Despite this, few women seek help for this condition either due to embarrassment and unwillingness to discuss the symptom with their ...

  12. Should we use pessaries for pelvic organ prolapse? | Abdool ...

    African Journals Online (AJOL)

    population of 9 billion by 2040 and also an increase in demand for services to care for female pelvic floor disorders. Currently non-surgical treatment modalities include expectant management, pelvic floor exercises and the use of support devices i.e. vaginal pessaries. Vaginal support devices date back to at least 1550 BC, ...

  13. Gas in Attack and Gas in Defense

    National Research Council Canada - National Science Library

    Fries, Amos A

    1919-01-01

    Carrying out a gas attack is the most technical and dangerous of war's attacks, not only to those on board the airplane that is initiating the attack, but also to those friendly troops on the ground for miles around...

  14. Social Engineering Attack Detection Model: SEADMv2

    CSIR Research Space (South Africa)

    Mouton, F

    2015-10-01

    Full Text Available and is only able to cater for social engineering attacks that use bidirectional communication. Previous research discovered that social engineering attacks can be classified into three different categories, namely attacks that utilise bidirectional...

  15. Forensics Investigation of Web Application Security Attacks

    OpenAIRE

    Amor Lazzez; Thabet Slimani

    2015-01-01

    Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the sec...

  16. Genetic attack on neural cryptography.

    Science.gov (United States)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-03-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

  17. Genetic attack on neural cryptography

    International Nuclear Information System (INIS)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-01-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size

  18. Panic Attacks and Panic Disorder

    Science.gov (United States)

    ... in panic attacks. For example, if a grizzly bear came after you, your body would react instinctively. ... panic disorder Major life stress, such as the death or serious illness of a loved one A ...

  19. Analytical Characterization of Internet Security Attacks

    Science.gov (United States)

    Sellke, Sarah H.

    2010-01-01

    Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

  20. Recurrent spontaneous attacks of dizziness.

    Science.gov (United States)

    Lempert, Thomas

    2012-10-01

    This article describes the common causes of recurrent vertigo and dizziness that can be diagnosed largely on the basis of history. Ninety percent of spontaneous recurrent vertigo and dizziness can be explained by six disorders: (1) Ménière disease is characterized by vertigo attacks, lasting 20 minutes to several hours, with concomitant hearing loss, tinnitus, and aural fullness. Aural symptoms become permanent during the course of the disease. (2) Attacks of vestibular migraine may last anywhere from minutes to days. Most patients have a previous history of migraine headaches, and many experience migraine symptoms during the attack. (3) Vertebrobasilar TIAs affect older adults with vascular risk factors. Most attacks last less than 1 hour and are accompanied by other symptoms from the posterior circulation territory. (4) Vestibular paroxysmia is caused by vascular compression of the eighth cranial nerve. It manifests itself with brief attacks of vertigo that recur many times per day, sometimes with concomitant cochlear symptoms. (5) Orthostatic hypotension causes brief episodes of dizziness lasting seconds to a few minutes after standing up and is relieved by sitting or lying down. In older adults, it may be accompanied by supine hypertension. (6) Panic attacks usually last minutes, occur in specific situations, and are accompanied by choking, palpitations, tremor, heat, and anxiety. Less common causes of spontaneous recurrent vertigo and dizziness include perilymph fistula, superior canal dehiscence, autoimmune inner ear disease, otosclerosis, cardiac arrhythmia, and medication side effects. Neurologists need to venture into otolaryngology, internal medicine, and psychiatry to master the differential diagnosis of recurrent dizziness.

  1. Detection of complex cyber attacks

    Science.gov (United States)

    Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

    2006-05-01

    One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

  2. Mitigating Higher Ed Cyber Attacks

    Science.gov (United States)

    Rogers, Gary; Ashford, Tina

    2015-01-01

    In this presentation we will discuss the many and varied cyber attacks that have recently occurred in the higher ed community. We will discuss the perpetrators, the victims, the impact and how these institutions have evolved to meet this threat. Mitigation techniques and defense strategies will be covered as will a discussion of effective security…

  3. Terrorist attacks escalate in frequency and fatalities preceding highly lethal attacks.

    Science.gov (United States)

    Martens, Andy; Sainudiin, Raazesh; Sibley, Chris G; Schimel, Jeff; Webber, David

    2014-01-01

    Highly lethal terrorist attacks, which we define as those killing 21 or more people, account for 50% of the total number of people killed in all terrorist attacks combined, yet comprise only 3.5% of terrorist attacks. Given the disproportionate influence of these incidents, uncovering systematic patterns in attacks that precede and anticipate these highly lethal attacks may be of value for understanding attacks that exact a heavy toll on life. Here we examined whether the activity of terrorist groups escalates--both in the number of people killed per attack and in the frequency of attacks--leading up to highly lethal attacks. Analyses of terrorist attacks drawn from a state-of-the-art international terrorism database (The Global Terrorism Database) showed evidence for both types of escalation leading up to highly lethal attacks, though complexities to the patterns emerged as well. These patterns of escalation do not emerge among terrorist groups that never commit a highly lethal attack.

  4. A computer network attack taxonomy and ontology

    CSIR Research Space (South Africa)

    Van Heerden, RP

    2012-01-01

    Full Text Available taxonomy and ontology RP van Heerden1,2, B Irwin2, ID Burke1, L Leenen1 1CSIR, Pretoria, South Africa 2Rhodes University, Grahamstown, South Africa Keywords/ Key Phrases: Network Attack, Network Attack Classification, Taxonomy, Ontology, Attack... Scenario rvheerden@csir.co.za b.irwin@ru.ac.za iburke@csir.co.za lleenen@csir.co.za Abstract: Computer network attacks differ in the motivation of the entity behind the attack, the execution and the end result. The diversity of attacks has a...

  5. Protecting Cryptographic Memory against Tampering Attack

    DEFF Research Database (Denmark)

    Mukherjee, Pratyay

    . In practice such attacks can be executed easily, e.g. by heating the device, as substantiated by numerous works in the past decade. Tampering attacks are a class of such physical attacks where the attacker can change the memory/computation, gains additional (non-black-box) knowledge by interacting...... with the faulty device and then tries to break the security. Prior works show that generically approaching such problem is notoriously difficult. So, in this dissertation we attempt to solve an easier question, known as memory-tampering, where the attacker is allowed tamper only with the memory of the device......In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks...

  6. Being active after a heart attack (image)

    Science.gov (United States)

    ... best activity when you start exercising after a heart attack. Start slowly, and increase the amount of time ... best activity when you start exercising after a heart attack. Start slowly, and increase the amount of time ...

  7. Using an ontology for network attack planning

    CSIR Research Space (South Africa)

    Van Heerden, R

    2016-09-01

    Full Text Available The modern complexity of network attacks and their counter-measures (cyber operations) requires detailed planning. This paper presents a Network Attack Planning ontology which is aimed at providing support for planning such network operations within...

  8. Social engineering attack examples, templates and scenarios

    CSIR Research Space (South Africa)

    Mouton, Francois

    2016-06-01

    Full Text Available link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks...

  9. Understand Your Risk of Heart Attack

    Science.gov (United States)

    ... Heart-Health Basics Reducing your risk starts with smart choices. If you smoke, stop. The American Heart ... a Second Heart Attack | Spanish Cardiac Rehab Referral Card | Spanish Heart Attack Warning Signs: Patient sheet | Infographic | ...

  10. Can Vitamins Help Prevent a Heart Attack?

    Science.gov (United States)

    ... vitamins help prevent a heart attack? Can taking vitamins help prevent heart disease or a heart attack? Answers ... M.D. It's not yet clear if taking vitamins can reduce your risk of developing heart disease ...

  11. Peacetime Use of Computer Network Attack

    National Research Council Canada - National Science Library

    Busby, Daniel

    2000-01-01

    .... PDD-63 alerts the nation to prepare for impending cyber attacks. This paper examines the nature, scale, and likelihood of cyber attacks posited in PDD-63 and finds that the country does not face an imminent "electronic Pearl Harbor...

  12. Quantifying Shannon's work function for cryptanalytic attacks

    NARCIS (Netherlands)

    van Son, R.J.J.H.

    2010-01-01

    Attacks on cryptographic systems are limited by the available computational resources. A theoretical understanding of these resource limitations is needed to evaluate the security of cryptographic primitives and procedures. This study uses an Attacker versus Environment game formalism based on

  13. Stochastic Model of TCP SYN Attacks

    Directory of Open Access Journals (Sweden)

    Simona Ramanauskaitė

    2011-08-01

    Full Text Available A great proportion of essential services are moving into internet space making the threat of DoS attacks even more actual. To estimate the real risk of some kind of denial of service (DoS attack in real world is difficult, but mathematical and software models make this task easier. In this paper we overview the ways of implementing DoS attack models and offer a stochastic model of SYN flooding attack. It allows evaluating the potential threat of SYN flooding attacks, taking into account both the legitimate system flow as well as the possible attack power. At the same time we can assess the effect of such parameters as buffer capacity, open connection storage in the buffer or filte­ring efficiency on the success of different SYN flooding attacks. This model can be used for other type of memory depletion denial of service attacks.Article in Lithuanian

  14. Network Attack Reference Data Set

    Science.gov (United States)

    2004-12-01

    fingerprinting tools include QueSO [10] (literally translates to “what OS”) and nmap [11], however there are a number of additional tools available for...Network Attack Reference Data Set J. McKenna and J. Treurniet Defence R&D Canada √ Ottawa TECHNICAL...collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources

  15. Biometrics Evaluation under Spoofing Attacks

    OpenAIRE

    Chingovska, Ivana; Anjos, André; Marcel, Sébastien

    2014-01-01

    While more accurate and reliable than ever, the trustworthiness of biometric verification systems is compromised by the emergence of spoofing attacks. Responding to this threat, numerous research publications address isolated spoofing detection, resulting in efficient counter-measures for many biometric modes. However, an important, but often overlooked issue regards their engagement into a verification task and how to measure their impact on the verification systems themselves. A novel evalu...

  16. Survey of Sybil Attacks in Social Networks

    OpenAIRE

    Gunturu, Rupesh

    2015-01-01

    This paper reviews the Sybil attack in social networks, which has the potential to compromise the whole distributed network. In the Sybil attack, the malicious user claims multiple identities to compromise the network. Sybil attacks can be used to change the overall ranking in voting applications, bad-mouth an opinion, access resources or to break the trust mechanism behind a P2P network. In this paper, different defense mechanisms used to mitigate Sybil attacks are also reviewed.

  17. Cyberprints: Identifying Cyber Attackers by Feature Analysis

    Science.gov (United States)

    Blakely, Benjamin A.

    2012-01-01

    The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

  18. Attacks and countermeasures on AES and ECC

    DEFF Research Database (Denmark)

    Tange, Henrik; Andersen, Birger

    2013-01-01

    is foreseeable while the rounds are performed. ECC (Elliptic Curve Cryptography) is used as a public key crypto system with the key purpose of creating a private shared between two participants in a communication network. Attacks on ECC include the Pohlig-Hellman attack and the Pollard's rho attack. Furthermore...

  19. Attacks and countermeasures on AES and ECC

    DEFF Research Database (Denmark)

    Tange, Henrik; Andersen, Birger

    2013-01-01

    AES (Advanced Encryption Standard) is widely used in LTE and Wi-Fi communication systems. AES has recently been exposed to new attacks which have questioned the overall security of AES. The newest attack is a so called biclique attack, which is using the fact that the content of the state array...

  20. The Value of Attack-Defence Diagrams

    NARCIS (Netherlands)

    Hermanns, H.; Krämer, Julia; Krčál, Jan; Stoelinga, Mariëlle Ida Antoinette; Piessens, Frank; Viganò, Luca

    Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling

  1. Automated classification of computer network attacks

    CSIR Research Space (South Africa)

    Van Heerden, R

    2013-11-01

    Full Text Available In this paper we demonstrate how an automated reasoner, HermiT, is used to classify instances of computer network based attacks in conjunction with a network attack ontology. The ontology describes different types of network attacks through classes...

  2. Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

    NARCIS (Netherlands)

    Pieters, Wolter; Davarynejad, Mohsen

    2015-01-01

    Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in

  3. Whispering through DDoS attack

    OpenAIRE

    Miralem Mehic; Jiri Slachta; Miroslav Voznak

    2016-01-01

    Denial of service (DoS) attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS) attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes o...

  4. Script-viruses Attacks on UNIX OS

    Directory of Open Access Journals (Sweden)

    D. M. Mikhaylov

    2010-06-01

    Full Text Available In this article attacks on UNIX OS are considered. Currently antivirus developers are concentrated on protecting systems from viruses that are most common and attack popular operating systems. If the system or its components are not often attacked then the antivirus products are not protecting these components as it is not profitable. The same situation is with script-viruses for UNIX OS as most experts consider that it is impossible for such viruses to get enough rights to attack. Nevertheless the main conclusion of this article is the fact that such viruses can be very powerful and can attack systems and get enough rights.

  5. Stochastic Model of TCP SYN Attacks

    OpenAIRE

    Simona Ramanauskaitė; Antanas Čenys

    2011-01-01

    A great proportion of essential services are moving into internet space making the threat of DoS attacks even more actual. To estimate the real risk of some kind of denial of service (DoS) attack in real world is difficult, but mathematical and software models make this task easier. In this paper we overview the ways of implementing DoS attack models and offer a stochastic model of SYN flooding attack. It allows evaluating the potential threat of SYN flooding attacks, taking into account both...

  6. NETWORK SECURITY ATTACKS. ARP POISONING CASE STUDY

    Directory of Open Access Journals (Sweden)

    Luminiţa DEFTA

    2010-12-01

    Full Text Available Arp poisoning is one of the most common attacks in a switched network. A switch is a network device that limits the ability of attackers that use a packet sniffer to gain access to information from internal network traffic. However, using ARP poisoning the traffic between two computers can be intercepted even in a network that uses switches. This method is known as man in the middle attack. With this type of attack the affected stations from a network will have invalid entries in the ARP table. Thus, it will contain only the correspondence between the IP addresses of the stations from the same network and a single MAC address (the station that initiated the attack. In this paper we present step by step the initiation of such an attack in a network with three computers. We will intercept the traffic between two stations using the third one (the attacker.

  7. Whispering through DDoS attack

    Directory of Open Access Journals (Sweden)

    Miralem Mehic

    2016-03-01

    Full Text Available Denial of service (DoS attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes of hiding data or concealing the existing covert channel. In addition, in this paper we analyzed the possibility of detection of such covert communication with the well-known statistical method. Also, we proposed the coordination mechanisms of the attack which may be used. A lot of research has been done in order to describe and prevent DDoS attacks, yet research on steganography on this field is still scarce.

  8. Attack Tree Generation by Policy Invalidation

    DEFF Research Database (Denmark)

    Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

    2015-01-01

    Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified...... through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based...... on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps....

  9. Network Protection Against DDoS Attacks

    Directory of Open Access Journals (Sweden)

    Petr Dzurenda

    2015-03-01

    Full Text Available The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS. The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS, especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

  10. SQL Injection Attacks and Defense

    CERN Document Server

    Clarke, Justin

    2012-01-01

    SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." -Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Att

  11. Coronary Artery Dissection: Not Just a Heart Attack

    Science.gov (United States)

    ... Aneurysm More Coronary Artery Dissection: Not Just a Heart Attack Updated:Mar 15,2018 Sometimes a heart attack ... Disease Go Red For Women Types of aneurysms Heart Attack • Home • About Heart Attacks Acute Coronary Syndrome (ACS) ...

  12. Model checking exact cost for attack scenarios

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi; Nielson, Flemming

    2017-01-01

    . However, current model checking does not encompass the exact cost analysis of an attack, which is standard for attack trees. Our first contribution is the logic erPCTL with cost-related operators. The extended logic allows to analyse the probability of an event satisfying given cost bounds and to compute......Attack trees constitute a powerful tool for modelling security threats. Many security analyses of attack trees can be seamlessly expressed as model checking of Markov Decision Processes obtained from the attack trees, thus reaping the benefits of a coherent framework and a mature tool support...... the exact cost of an event. Our second contribution is the model checking algorithm for erPCTL. Finally, we apply our framework to the analysis of attack trees....

  13. Securing internet by eliminating DDOS attacks

    Science.gov (United States)

    Niranchana, R.; Gayathri Devi, N.; Santhi, H.; Gayathri, P.

    2017-11-01

    The major threat caused to the authorised usage of Internet is Distributed Denial of Service attack. The mechanisms used to prevent the DDoS attacks are said to overcome the attack’s ability in spoofing the IP packets source addresses. By utilising Internet Protocol spoofing, the attackers cause a consequential load over the networks destination for policing attack packets. To overcome the IP Spoofing level on the Internet, We propose an Inter domain Packet Filter (IPF) architecture. The proposed scheme is not based on global routing information. The packets with reliable source addresses are not rejected, the IPF frame work works in such a manner. The spoofing capability of attackers is confined by IPF, and also the filter identifies the source of an attack packet by minimal number of candidate network.

  14. DDOS ATTACK DETECTION SIMULATION AND HANDLING MECHANISM

    Directory of Open Access Journals (Sweden)

    Ahmad Sanmorino

    2013-11-01

    Full Text Available In this study we discuss how to handle DDoS attack that coming from the attacker by using detection method and handling mechanism. Detection perform by comparing number of packets and number of flow. Whereas handling mechanism perform by limiting or drop the packets that detected as a DDoS attack. The study begins with simulation on real network, which aims to get the real traffic data. Then, dump traffic data obtained from the simulation used for detection method on our prototype system called DASHM (DDoS Attack Simulation and Handling Mechanism. From the result of experiment that has been conducted, the proposed method successfully detect DDoS attack and handle the incoming packet sent by attacker.

  15. Transient ischemic attack: diagnostic evaluation.

    Science.gov (United States)

    Messé, Steven R; Jauch, Edward C

    2008-08-01

    A transient ischemic attack portends significant risk of a stroke. Consequently, the diagnostic evaluation in the emergency department is focused on identifying high-risk causes so that preventive strategies can be implemented. The evaluation consists of a facilitated evaluation of the patient's metabolic, cardiac, and neurovascular systems. At a minimum, the following tests are recommended: fingerstick glucose level, electrolyte levels, CBC count, urinalysis, and coagulation studies; noncontrast computed tomography (CT) of the head; electrocardiography; and continuous telemetry monitoring. Vascular imaging studies, such as carotid ultrasonography, CT angiography, or magnetic resonance angiography, should be performed on an urgent basis and prioritized according to the patient's risk stratification for disease. Consideration should be given for echocardiography if no large vessel abnormality is identified.

  16. Where can an Insider attack?

    DEFF Research Database (Denmark)

    Probst, Christian W.; Hansen, René Rydhof; Nielson, Flemming

    2006-01-01

    By definition, an insider has better access, is more trusted, and has better information about internal procedures, high-value targets, and potential weak spots in the security, than an outsider. Consequently, an insider attack has the potential to cause significant, even catastrophic, damage...... to the targeted organisation. While the problem is well recognised in the security community as well as in law-enforcement and intelligence communities, the main resort still is to audit log files \\$\\backslash\\$emph{after the fact}. There has been little research into developing models, automated tools...... of the modelled systems. Our analysis of processes identifies which actions may be performed by whom, at which locations, accessing which data. This allows to compute a superset of audit results---before an incident occurs....

  17. Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

    Directory of Open Access Journals (Sweden)

    Frédéric Moisan

    2017-06-01

    Full Text Available Game Theory is a common approach used to understand attacker and defender motives, strategies, and allocation of limited security resources. For example, many defense algorithms are based on game-theoretic solutions that conclude that randomization of defense actions assures unpredictability, creating difficulties for a human attacker. However, many game-theoretic solutions often rely on idealized assumptions of decision making that underplay the role of human cognition and information uncertainty. The consequence is that we know little about how effective these algorithms are against human players. Using a simplified security game, we study the type of attack strategy and the uncertainty about an attacker's strategy in a laboratory experiment where participants play the role of defenders against a simulated attacker. Our goal is to compare a human defender's behavior in three levels of uncertainty (Information Level: Certain, Risky, Uncertain and three types of attacker's strategy (Attacker's strategy: Minimax, Random, Adaptive in a between-subjects experimental design. Best defense performance is achieved when defenders play against a minimax and a random attack strategy compared to an adaptive strategy. Furthermore, when payoffs are certain, defenders are as efficient against random attack strategy as they are against an adaptive strategy, but when payoffs are uncertain, defenders have most difficulties defending against an adaptive attacker compared to a random attacker. We conclude that given conditions of uncertainty in many security problems, defense algorithms would be more efficient if they are adaptive to the attacker actions, taking advantage of the attacker's human inefficiencies.

  18. Cache timing attacks on recent microarchitectures

    DEFF Research Database (Denmark)

    Andreou, Alexandres; Bogdanov, Andrey; Tischhauser, Elmar Wolfgang

    2017-01-01

    Cache timing attacks have been known for a long time, however since the rise of cloud computing and shared hardware resources, such attacks found new potentially devastating applications. One prominent example is S$A (presented by Irazoqui et al at S&P 2015) which is a cache timing attack against...... engineered as part of this work. This is the first time CSSAs for the Skylake architecture are reported. Our attacks demonstrate that cryptographic applications in cloud computing environments using key-dependent tables for acceleration are still vulnerable even on recent architectures, including Skylake...

  19. Religion and support for suicide attacks.

    Science.gov (United States)

    Ginges, Jeremy; Hansen, Ian; Norenzayan, Ara

    2009-02-01

    In four studies carried out across different cultural, religious, and political contexts, we investigated the association between religion and popular support for suicide attacks. In two surveys of Palestinians and one cognitive priming experiment with Israeli settlers, prayer to God, an index of religious devotion, was unrelated to support for suicide attacks. Instead, attendance at religious services, thought to enhance coalitional commitment, positively predicted support for suicide attacks. In a survey of six religions in six nations, regular attendance at religious services positively predicted a combination of willing martyrdom and out-group hostility, but regular prayer did not. Implications for understanding the role of religion in suicide attacks are discussed.

  20. Integrating cyber attacks within fault trees

    International Nuclear Information System (INIS)

    Nai Fovino, Igor; Masera, Marcelo; De Cian, Alessio

    2009-01-01

    In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

  1. Visualizing Risks: Icons for Information Attack Scenarios

    National Research Council Canada - National Science Library

    Hosmer, Hilary

    2000-01-01

    .... Visual attack scenarios help defenders see system ambiguities, imprecision, vulnerabilities and omissions, thus speeding up risk analysis, requirements gathering, safeguard selection, cryptographic...

  2. Validation Method of a Telecommunications Blackout Attack

    National Research Council Canada - National Science Library

    Amado, Joao; Nunes, Paulo

    2005-01-01

    This paper presents an evaluation method of telecommunications infrastructure vulnerabilities, allowing the identification of components that can be attacked in order to achieve a communications blackout...

  3. Cued Panic Attacks in Body Dysmorphic Disorder

    Science.gov (United States)

    Phillips, Katharine A.; Menard, William; Bjornsson, Andri S.

    2013-01-01

    Background Body dysmorphic disorder (BDD) is a common and often severe disorder. Clinical observations suggest that panic attacks triggered by BDD symptoms may be common. However, to our knowledge, no study has examined such panic attacks in BDD. We investigated the prevalence, clinical features, and correlates of BDD-triggered panic attacks in individuals with this disorder. Methods Panic attacks and other variables were assessed using reliable and valid measures in 76 individuals with lifetime DSM-IV BDD. Results 28.9% (95% CI, 18.5%–39.4%) of participants reported lifetime panic attacks triggered by BDD symptoms. The most common triggers of such attacks were feeling that others were looking at or scrutinizing the perceived appearance defects (61.9%), looking in the mirror at perceived defects (38.1%), and being in bright light where perceived defects would be more visible (23.8%). The most common panic attack symptoms were palpitations (86.4%), sweating (66.7%), shortness of breath (63.6%), trembling or shaking (63.6%), and fear of losing control or going crazy (63.6%). Compared to participants without such panic attacks, those with BDD-triggered panic attacks had more severe lifetime BDD, social anxiety, and depressive symptoms, as well as poorer functioning and quality of life on a number of measures. They were also less likely to be employed and more likely to have been psychiatrically hospitalized and to have had suicidal ideation due to BDD. Conclusions Panic attacks triggered by BDD-related situations appear common in individuals with this disorder. BDD-triggered panic attacks were associated with greater symptom severity and morbidity. PMID:23653076

  4. Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

    NARCIS (Netherlands)

    Gadyatskaya, Olga; Jhawar, Ravi; Kordy, P.T.; Lounis, Karim; Mauw, Sjouke; Trujillo-Rasua, Rolando

    2016-01-01

    In this tool demonstration paper we present the ADTool2.0: an open-source software tool for design, manipulation and analysis of attack trees. The tool supports ranking of attack scenarios based on quantitative attributes entered by the user; it is scriptable; and it incorporates attack trees with

  5. Evaluation of Crosstalk Attacks in Access Networks

    DEFF Research Database (Denmark)

    Wagner, Christoph; Eiselt, Michael; Grobe, Klaus

    2016-01-01

    WDM-PON systems regained interest as low-cost solution for metro and access networks. We present a comparative analysis of resilience of wavelength-selective and wavelength-routed architectures against crosstalk attackers. We compare the vulnerability of these architectures against attacks...

  6. Rotational Rebound Attacks on Reduced Skein

    DEFF Research Database (Denmark)

    Khovratovich, Dmitry; Nikolic, Ivica; Rechberger, Christian

    2010-01-01

    In this paper we combine a recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach...

  7. Attack Tree Generation by Policy Invalidation

    NARCIS (Netherlands)

    Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, René Rydhof; Kammüller, Florian; Naeem Akram, R.; Jajodia, S.

    2015-01-01

    Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identi﬿cation. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identi﬿ed

  8. Rotational Rebound Attacks on Reduced Skein

    DEFF Research Database (Denmark)

    Khovratovich, Dmitry; Nikolić, Ivica; Rechberger, Christian

    2014-01-01

    In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block...... ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash...... function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest...

  9. Use of Attack Graphs in Security Systems

    Directory of Open Access Journals (Sweden)

    Vivek Shandilya

    2014-01-01

    Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

  10. Automatic Classification of Attacks on IP Telephony

    Directory of Open Access Journals (Sweden)

    Jakub Safarik

    2013-01-01

    Full Text Available This article proposes an algorithm for automatic analysis of attack data in IP telephony network with a neural network. Data for the analysis is gathered from variable monitoring application running in the network. These monitoring systems are a typical part of nowadays network. Information from them is usually used after attack. It is possible to use an automatic classification of IP telephony attacks for nearly real-time classification and counter attack or mitigation of potential attacks. The classification use proposed neural network, and the article covers design of a neural network and its practical implementation. It contains also methods for neural network learning and data gathering functions from honeypot application.

  11. Two Improved Multiple-Differential Collision Attacks

    Directory of Open Access Journals (Sweden)

    An Wang

    2014-01-01

    Full Text Available In CHES 2008, Bogdanov proposed multiple-differential collision attacks which could be applied to the power analysis attacks on practical cryptographic systems. However, due to the effect of countermeasures on FPGA, there are some difficulties during the collision detection, such as local high noise and the lack of sampling points. In this paper, keypoints voting test is proposed for solving these problems, which can increase the success ratio from 35% to 95% on the example of one implementation. Furthermore, we improve the ternary voting test of Bogdanov, which can improve the experiment efficiency markedly. Our experiments show that the number of power traces required in our attack is only a quarter of the requirement of traditional attack. Finally, some alternative countermeasures against our attacks are discussed.

  12. Hill-Climbing Attacks and Robust Online Signature Verification Algorithm against Hill-Climbing Attacks

    Science.gov (United States)

    Muramatsu, Daigo

    Attacks using hill-climbing methods have been reported as a vulnerability of biometric authentication systems. In this paper, we propose a robust online signature verification algorithm against such attacks. Specifically, the attack considered in this paper is a hill-climbing forged data attack. Artificial forgeries are generated offline by using the hill-climbing method, and the forgeries are input to a target system to be attacked. In this paper, we analyze the menace of hill-climbing forged data attacks using six types of hill-climbing forged data and propose a robust algorithm by incorporating the hill-climbing method into an online signature verification algorithm. Experiments to evaluate the proposed system were performed using a public online signature database. The proposed algorithm showed improved performance against this kind of attack.

  13. Protecting complex infrastructures against multiple strategic attackers

    Science.gov (United States)

    Hausken, Kjell

    2011-01-01

    Infrastructures are analysed subject to defence by a strategic defender and attack by multiple strategic attackers. A framework is developed where each agent determines how much to invest in defending versus attacking each of multiple targets. A target can have economic, human and symbolic values, which generally vary across agents. Investment expenditure functions for each agent can be linear in the investment effort, concave, convex, logistic, can increase incrementally, or can be subject to budget constraints. Contest success functions (e.g., ratio and difference forms) determine the probability of a successful attack on each target, dependent on the relative investments of the defender and attackers on each target, and on characteristics of the contest. Targets can be in parallel, in series, interlinked, interdependent or independent. The defender minimises the expected damage plus the defence expenditures. Each attacker maximises the expected damage minus the attack expenditures. The number of free choice variables equals the number of agents times the number of targets, or lower if there are budget constraints. Each agent is interested in how his investments vary across the targets, and the impact on his utilities. Alternative optimisation programmes are discussed, together with repeated games, dynamic games and incomplete information. An example is provided for illustration.

  14. Radiological attacks and accidents. Medical consequences

    International Nuclear Information System (INIS)

    Sakuta, Hidenari

    2007-01-01

    Probability of the occurrence of radiological attacks appears to be elevated after the terrorist attacks against the United States on September 11 in 2001. There are a lot of scenarios of radiological attack: simple radiological device, radiological disperse device (RDD or dirty bomb), attacks against nuclear reactor, improvised nuclear device, and nuclear weapons. Of these, RDD attack is the most probable scenario, because it can be easily made and can generate enormous psychological and economic damages. Radiological incidents are occurring to and fro in the world, including several cases of theft to nuclear facilities and unsuccessful terrorist attacks against them. Recently, a former Russian spy has allegedly been killed using polonium-210. In addition, serious radiological accidents have occurred in Chernobyl, Goiania, and Tokai-mura. Planning, preparation, education, and training exercise appear to be essential factors to cope with radiological attacks and accidents effectively without feeling much anxiety. Triage and psychological first aid are prerequisite to manage and provide effective medial care for mass casualties without inducing panic. (author)

  15. Rotational Rebound Attacks on Reduced Skein

    DEFF Research Database (Denmark)

    Khovratovich, Dmitry; Nikolic, Ivica; Rechberger, Christian

    2010-01-01

    In this paper we combine a recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approac...... inside-out computations and neutral bits in the inbound phase of the rebound attack, and give well-defined rotational distinguishers as certificates of weaknesses for the compression functions and block ciphers.......In this paper we combine a recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach...... and the Threefish cipher. The new techniques include an analytical search for optimal input values in the rotational cryptanalysis, which allows to extend the outbound phase of the attack with a precomputation phase, an approach never used in any rebound-style attack before. Further we show how to combine multiple...

  16. Smart Grid Integrity Attacks: Characterizations and Countermeasures

    Energy Technology Data Exchange (ETDEWEB)

    Annarita Giani; Eilyan Bitar; Miles McQueen; Pramod Khargonekar; Kameshwar Poolla

    2011-10-01

    Real power injections at loads and generators, and real power flows on selected lines in a transmission network are monitored, transmitted over a SCADA network to the system operator, and used in state estimation algorithms to make dispatch, re-balance and other energy management system [EMS] decisions. Coordinated cyber attacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm. These unobservable attacks present a serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of power meters on lines is presented. This requires O(n2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known secure phase measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyber attacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyber attacks.

  17. Situational awareness of a coordinated cyber attack

    Science.gov (United States)

    Sudit, Moises; Stotz, Adam; Holender, Michael

    2005-03-01

    As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

  18. Calcium Supplements: A Risk Factor for Heart Attack?

    Science.gov (United States)

    ... for heart attack? I've read that calcium supplements may increase the risk of heart attack. Is ... Some doctors think it's possible that taking calcium supplements may increase your risk of a heart attack. ...

  19. Detecting Pulsing Denial-of-Service Attacks with Nondeterministic Attack Intervals

    Directory of Open Access Journals (Sweden)

    Xiapu Luo

    2009-01-01

    Full Text Available This paper addresses the important problem of detecting pulsing denial of service (PDoS attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval. Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard is more effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation and detection algorithms (e.g., dynamic time warping.

  20. Detecting Pulsing Denial-of-Service Attacks with Nondeterministic Attack Intervals

    Science.gov (United States)

    Luo, Xiapu; Chan, Edmond W. W.; Chang, Rocky K. C.

    2009-12-01

    This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard is more effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation) and detection algorithms (e.g., dynamic time warping).

  1. The role of sleep in migraine attacks

    Directory of Open Access Journals (Sweden)

    Elaine Inamorato

    1993-11-01

    Full Text Available Migraine attacks may be precipitated by sleep deprivation or excessive sleep and sleep is also associated with relief of migraine attacks. In view of this variable relationship we studied the records of 159 consecutive outpatients of our Headache Unit. In 121 records there was reference to sleep involvement, in 55% by a single form and in 45% by more than one form. When only one form was related, relief was most common (70%. 30% of that group of patients had the migraine attack precipitated by sleep, 24% by deprivation and 6% by sleep excess. When the effects of sleep were multiple, these effects were as expected logically in 65%: «in accordance» group (e.g attack precipitated by sleep deprivation and relieved by sleep onset. In a second group, («conflicting» where the involvement was not logical, there were three different combinations of sleep involvement, possibly due to more than one pathophysiological mechanism.

  2. On localization attacks against cloud infrastructure

    Science.gov (United States)

    Ge, Linqiang; Yu, Wei; Sistani, Mohammad Ali

    2013-05-01

    One of the key characteristics of cloud computing is the device and location independence that enables the user to access systems regardless of their location. Because cloud computing is heavily based on sharing resource, it is vulnerable to cyber attacks. In this paper, we investigate a localization attack that enables the adversary to leverage central processing unit (CPU) resources to localize the physical location of server used by victims. By increasing and reducing CPU usage through the malicious virtual machine (VM), the response time from the victim VM will increase and decrease correspondingly. In this way, by embedding the probing signal into the CPU usage and correlating the same pattern in the response time from the victim VM, the adversary can find the location of victim VM. To determine attack accuracy, we investigate features in both the time and frequency domains. We conduct both theoretical and experimental study to demonstrate the effectiveness of such an attack.

  3. Marine Attack on Towed Hydrophone Arrays

    National Research Council Canada - National Science Library

    Kalmijn, Ad

    2002-01-01

    The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...

  4. Diabetes - preventing heart attack and stroke

    Science.gov (United States)

    Diabetes complications - heart; Coronary artery disease - diabetes; CAD - diabetes; Cerebrovascular disease - diabetes ... People with diabetes have a higher chance of having heart attacks and strokes. Smoking and having high blood pressure and high ...

  5. Outdoor Air Pollution, Heart Attack and Stroke

    Science.gov (United States)

    Elevated outdoor ambient air particle pollution triggers heart attacks, strokes, and abnormal heart rhythms and worsens heart failure in individuals at high risk due to underlying medical conditions. Emergency Medical Services in communities are the first responders to these eme...

  6. Heuristic attacks against graphical password generators

    CSIR Research Space (South Africa)

    Peach, S

    2010-05-01

    Full Text Available In this paper the authors explore heuristic attacks against graphical password generators. A new trend is emerging to use user clickable pictures to generate passwords. This technique of authentication can be successfully used for - for example...

  7. Twisted Polynomials and Forgery Attacks on GCM

    DEFF Research Database (Denmark)

    Abdelraheem, Mohamed Ahmed A. M. A.; Beelen, Peter; Bogdanov, Andrey

    2015-01-01

    nonce misuse resistance, such as POET. The algebraic structure of polynomial hashing has given rise to security concerns: At CRYPTO 2008, Handschuh and Preneel describe key recovery attacks, and at FSE 2013, Procter and Cid provide a comprehensive framework for forgery attacks. Both approaches rely...... heavily on the ability to construct forgery polynomials having disjoint sets of roots, with many roots (“weak keys”) each. Constructing such polynomials beyond naïve approaches is crucial for these attacks, but still an open problem. In this paper, we comprehensively address this issue. We propose to use...... in an improved key recovery algorithm. As cryptanalytic applications of our twisted polynomials, we develop the first universal forgery attacks on GCM in the weak-key model that do not require nonce reuse. Moreover, we present universal weak-key forgeries for the nonce-misuse resistant AE scheme POET, which...

  8. Using agility to combat cyber attacks.

    Science.gov (United States)

    Anderson, Kerry

    2017-06-01

    Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

  9. Joint Warfighting: Attacking Time-Critical Targets

    National Research Council Canada - National Science Library

    Lewis, Jerry

    2001-01-01

    .... While DOD has developed and fielded considerable capability to detect, assess, and attack most fixed enemy targets, experiences in the Persian Gulf and more recently in Kosovo revealed that DOD...

  10. ATTACK WARNING: Costs to Modernize NORAD's Computer System Significantly Understated

    National Research Council Canada - National Science Library

    Cross, F

    1991-01-01

    ...) Integrated Tactical Warning and Attack Assessment (ITW/AA) system. These subsystems provide critical strategic surveillance and attack warning and assessment information to United States and Canadian leaders...

  11. Consciousness in Non-Epileptic Attack Disorder

    OpenAIRE

    Reuber, M.; Kurthen, M.

    2011-01-01

    Non-epileptic attack disorder (NEAD) is one of the most important differential diagnoses of epilepsy. Impairment of\\ud consciousness is the key feature of non-epileptic attacks (NEAs). The first half of this review summarises the clinical research\\ud literature featuring observations relating to consciousness in NEAD. The second half places this evidence in the wider context\\ud of the recent discourse on consciousness in neuroscience and the philosophy of mind. We argue that studies of consci...

  12. Semantic Identification Attacks on Web Browsing

    OpenAIRE

    Guha, Neel

    2016-01-01

    We introduce a Semantic Identification Attack, in which an adversary uses semantic signals about the pages visited in one browsing session to identify other browsing sessions launched by the same user. This attack allows an adver- sary to determine if two browsing sessions originate from the same user regardless of any measures taken by the user to disguise their browser or network. We use the MSNBC Anonymous Browsing data set, which contains a large set of user visits (labeled by category) t...

  13. Panic Attack History and Smoking Topography

    Science.gov (United States)

    Farris, Samantha G.; Brown, Lily A.; Goodwin, Renee D.; Zvolensky, Michael J.

    2016-01-01

    Background Little is known about panic attacks and puffing topography, a behavioral index of the value of smoking reinforcement. This study examined smoking style during the course of smoking of a single cigarette among adult daily smokers with and without a history of panic attacks. Method Participants (n = 124, Mage = 43.9, SD = 9.7; 44.4% female) were non-treatment seeking daily smokers. Lifetime panic attack history was assessed via diagnostic assessment; 28.2% (n = 35) of the sample had a panic attack history. Participants smoked one cigarette during an ad libitum smoking trial. Puff volume, duration, and inter-puff interval were measured using the Clinical Research Support System (CReSS) pocket device. Results Regression analyses revealed that panic attack status was not associated with significant differences in average puff volume, duration, or inter-puff interval. Multi-level modeling was used to examine puffing trajectories. Puff-level data revealed that there was a significant quadratic time x panic effect for puff volume and duration. Those with a panic attack history demonstrated relatively sustained levels of both puff volume and duration over time, whereas those without a history of panic attacks demonstrated an increase followed by a decrease in volume and duration over time. These effects were not accounted for by the presence of general psychopathology. Discussion Smokers with a panic attack history demonstrate more persistent efforts to self-regulate the delivery of nicotine, and thus may be at risk for continued smoking and dependence. Tailored treatment may be needed to address unique vulnerabilities among this group. PMID:28033542

  14. Attack by Pyemotes johnmoseri (Acari: Pyemotidae)

    Science.gov (United States)

    Tulin Askit; Ibrahim Cakmak; John Moser

    2007-01-01

    The Aegean Region of Turkey is one of the largest dried fig producers in the world. A Turkish cultivar sarilop (Ficus carica cv. Calimyrna L.) possesses good qualities for drying process, and has been grown extensively for many years in Turkey. Hypoborus ficus is the most common xylophagous insect attacking fig trees in Aydin (Aks¸it et al. 2003). This pest attacks...

  15. Cyber Security Audit and Attack Detection Toolkit

    Energy Technology Data Exchange (ETDEWEB)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  16. Combined Heuristic Attack Strategy on Complex Networks

    Directory of Open Access Journals (Sweden)

    Marek Šimon

    2017-01-01

    Full Text Available Usually, the existence of a complex network is considered an advantage feature and efforts are made to increase its robustness against an attack. However, there exist also harmful and/or malicious networks, from social ones like spreading hoax, corruption, phishing, extremist ideology, and terrorist support up to computer networks spreading computer viruses or DDoS attack software or even biological networks of carriers or transport centers spreading disease among the population. New attack strategy can be therefore used against malicious networks, as well as in a worst-case scenario test for robustness of a useful network. A common measure of robustness of networks is their disintegration level after removal of a fraction of nodes. This robustness can be calculated as a ratio of the number of nodes of the greatest remaining network component against the number of nodes in the original network. Our paper presents a combination of heuristics optimized for an attack on a complex network to achieve its greatest disintegration. Nodes are deleted sequentially based on a heuristic criterion. Efficiency of classical attack approaches is compared to the proposed approach on Barabási-Albert, scale-free with tunable power-law exponent, and Erdős-Rényi models of complex networks and on real-world networks. Our attack strategy results in a faster disintegration, which is counterbalanced by its slightly increased computational demands.

  17. On the anatomy of social engineering attacks: A literature-based dissection of successful attacks

    OpenAIRE

    Bullée, Jan Willem Hendrik; Montoya, Lorena; Pieters, W.; Junger, M.; Hartel, P.H.

    2018-01-01

    The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineer...

  18. Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

    Directory of Open Access Journals (Sweden)

    Apostolos P. Fournaris

    2017-07-01

    Full Text Available Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT and Operational Technology (OT systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory. Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS such systems are designed to provide.

  19. Predicting Factors of Zone 4 Attack in Volleyball.

    Science.gov (United States)

    Costa, Gustavo C; Castro, Henrique O; Evangelista, Breno F; Malheiros, Laura M; Greco, Pablo J; Ugrinowitsch, Herbert

    2017-06-01

    This study examined 142 volleyball games of the Men's Super League 2014/2015 seasons in Brazil from which we analyzed 24-26 games of each participating team, identifying 5,267 Zone 4 attacks for further analysis. Within these Zone 4 attacks, we analyzed the association between the effect of the attack carried out and the separate effects of serve reception, tempo and type of attack. We found that the reception, tempo of attack, second tempo of attack, and power of diagonal attack were predictors of the attack effect in Zone 4. Moreover, placed attacks showed a tendency to not yield a score. In conclusion, winning points in high-level men's volleyball requires excellent receptions, a fast attack tempo and powerfully executed of attacks.

  20. Pathologic features of fatal shark attacks.

    Science.gov (United States)

    Byard, R W; Gilbert, J D; Brown, K

    2000-09-01

    To examine the pattern of injuries in cases of fatal shark attack in South Australian waters, the authors examined the files of their institution for all cases of shark attack in which full autopsies had been performed over the past 25 years, from 1974 to 1998. Of the seven deaths attributed to shark attack during this period, full autopsies were performed in only two cases. In the remaining five cases, bodies either had not been found or were incomplete. Case 1 was a 27-year-old male surfer who had been attacked by a shark. At autopsy, the main areas of injury involved the right thigh, which displayed characteristic teeth marks, extensive soft tissue damage, and incision of the femoral artery. There were also incised wounds of the right wrist. Bony injury was minimal, and no shark teeth were recovered. Case 2 was a 26-year-old male diver who had been attacked by a shark. At autopsy, the main areas of injury involved the left thigh and lower leg, which displayed characteristic teeth marks, extensive soft tissue damage, and incised wounds of the femoral artery and vein. There was also soft tissue trauma to the left wrist, with transection of the radial artery and vein. Bony injury was minimal, and no shark teeth were recovered. In both cases, death resulted from exsanguination following a similar pattern of soft tissue and vascular damage to a leg and arm. This type of injury is in keeping with predator attack from underneath or behind, with the most severe injuries involving one leg. Less severe injuries to the arms may have occurred during the ensuing struggle. Reconstruction of the damaged limb in case 2 by sewing together skin, soft tissue, and muscle bundles not only revealed that no soft tissue was missing but also gave a clearer picture of the pattern of teeth marks, direction of the attack, and species of predator.

  1. Know the Warning Signs of a Heart Attack

    Science.gov (United States)

    ... No. 22 Know the Warning Signs of a Heart Attack What is a heart attack? Aheart attack happens when the blood vessels that ... hurting your heart muscle. Another name for a heart attack is myocardial infarction, or MI. If you have ...

  2. 12 CFR 263.17 - Collateral attacks on adjudicatory proceeding.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 3 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in... shall be excused based on the pendency before any court of any interlocutory appeal or collateral attack. ...

  3. 12 CFR 509.17 - Collateral attacks on adjudicatory proceeding.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 5 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding....17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is... shall be excused based on the pendency before any court of any interlocutory appeal or collateral attack. ...

  4. A Game Theoretic Approach to Cyber Attack Prediction

    Energy Technology Data Exchange (ETDEWEB)

    Peng Liu

    2005-11-28

    The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.

  5. Trace Attack against Biometric Mobile Applications

    Directory of Open Access Journals (Sweden)

    Sanaa Ghouzali

    2016-01-01

    Full Text Available With the exponential increase in the dependence on mobile devices in everyday life, there is a growing concern related to privacy and security issues in the Gulf countries; therefore, it is imperative that security threats should be analyzed in detail. Mobile devices store enormous amounts of personal and financial information, unfortunately without any security. In order to secure mobile devices against different threats, biometrics has been applied and shown to be effective. However, biometric mobile applications are also vulnerable to several types of attacks that can decrease their security. Biometric information itself is considered sensitive data; for example, fingerprints can leave traces in touched objects and facial images can be captured everywhere or accessed by the attacker if the facial image is stored in the mobile device (lost or stolen. Hence, an attacker can easily forge the identity of a legitimate user and access data on a device. In this paper, the effects of a trace attack on the sensitivity of biometric mobile applications are investigated in terms of security and user privacy. Experimental results carried out on facial and fingerprint mobile authentication applications using different databases have shown that these mobile applications are vulnerable to the proposed attack, which poses a serious threat to the overall system security and user privacy.

  6. Panic Attack during Elective Gastrointestinal Endoscopy

    Directory of Open Access Journals (Sweden)

    Charalampos Mitsonis

    2011-01-01

    Full Text Available Background. Esophagogastroduodenoscopy (EGD and colonoscopy (CS can evoke anxiety, embarrassment, and discomfort. These concerns can culminate in panic attacks, which may traumatize patients and significantly decrease their compliance to the procedure. The objective of this study was to evaluate the relationship between preendoscopic anxiety and the possibility of a panic attack during an elective gastrointestinal endoscopy (EGE. Methods. The study population comprised of 79 Greek outpatients. The examination was carried out without the use of conscious sedation. Patients' anxiety levels were assessed before the procedure using the Greek version of the Spielberger State-Trait Anxiety Inventory (STAI-Y. Results. Seventy-nine patients were enrolled: 45 EGD and 34 CS. Females had higher state and trait anxiety levels than males (48.14 ± 7.94 versus 44.17 ± 7.43, <0.05; and 43.68 ± 6.95 versus 39.86 ± 7.46, <0.05. Patients who experienced panic attack had significantly higher levels of both trait and state anxiety, compared to those who were panic-free. There was no significant relationship between panic attacks and sex or type of procedure. Conclusions. Patients who experience panic attacks during endoscopic procedures appear to have significantly higher anxiety levels before the procedure. Administering the STAI questionnaire prior to the endoscopy seems to be a useful screening method for vulnerable patients.

  7. On the anatomy of social engineering attacks : A literature-based dissection of successful attacks

    NARCIS (Netherlands)

    Bullée, Jan Willem Hendrik; Montoya, Lorena; Pieters, W.; Junger, M.; Hartel, P.H.

    2018-01-01

    The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps,

  8. On the anatomy of social engineering attacks : A literature-based dissection of successful attacks

    NARCIS (Netherlands)

    Bullee, Jan-Willem; Montoya, L.; Pieters, Wolter; Junger, Marianne; Hartel, Pieter H.

    The aim of this studywas to explore the extent towhich persuasion principles are used in successful social engineering attacks. Seventy-four scenarioswere extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenariowas split into attack steps, containing

  9. Overview of DOS attacks on wireless sensor networks and experimental results for simulation of interference attacks

    Directory of Open Access Journals (Sweden)

    Željko Gavrić

    2018-01-01

    Full Text Available Wireless sensor networks are now used in various fields. The information transmitted in the wireless sensor networks is very sensitive, so the security issue is very important. DOS (denial of service attacks are a fundamental threat to the functioning of wireless sensor networks. This paper describes some of the most common DOS attacks and potential methods of protection against them. The case study shows one of the most frequent attacks on wireless sensor networks – the interference attack. In the introduction of this paper authors assume that the attack interference can cause significant obstruction of wireless sensor networks. This assumption has been proved in the case study through simulation scenario and simulation results.

  10. Attack-tolerant networked control system: an approach for detection the controller stealthy hijacking attack

    Science.gov (United States)

    Atta Yaseen, Amer; Bayart, Mireille

    2017-01-01

    In this work, a new approach will be introduced as a development for the attack-tolerant scheme in the Networked Control System (NCS). The objective is to be able to detect an attack such as the Stuxnet case where the controller is reprogrammed and hijacked. Besides the ability to detect the stealthy controller hijacking attack, the advantage of this approach is that there is no need for a priori mathematical model of the controller. In order to implement the proposed scheme, a specific detector for the controller hijacking attack is designed. The performance of this scheme is evaluated be connected the detector to NCS with basic security elements such as Data Encryption Standard (DES), Message Digest (MD5), and timestamp. The detector is tested along with networked PI controller under stealthy hijacking attack. The test results of the proposed method show that the hijacked controller can be significantly detected and recovered.

  11. 2801-IJBCS-Article-Youssao Abdou Karim Issaka

    African Journals Online (AJOL)

    hp

    stratégies de lutte et de contrôle de la fièvre aphteuse varient d'une région à une autre. (Gorna et al., 2014) et ... d'Afrique de l'Est, ont adopté la stratégie de zones indemnes sans vaccin pour accéder aux commerces .... d'appareil photo numérique et de l'Herbier. National du Bénin. Méthodes d'enquête. Les données ont ...

  12. Allelopathic potential of selected rice varieties | Karim | African ...

    African Journals Online (AJOL)

    Average percent inhibition (API) in lettuce due to allelopathic effect of different rice varieties/lines was estimated. Under greenhouse conditions, double-pot technique was followed using barnyard grass (Echinochloa crusgalli L.) as indicator plant. The changes in barnyard grass plant charcters due to allelopathic effect of ...

  13. Reasons for under-reporting of notifiable conditions | Karim | South ...

    African Journals Online (AJOL)

    Objective. To determine the reasons for under-reporting of notifiable conditions by doctors in a tertiary hospital. Design. Questionnaire survey_. Setting. King Edward VIII Hospital, Durban. Participants. A stratified sample of n doctors was interviewed. Main outcome measures. Doctors' knowledge about notifiable conditions ...

  14. 579-IJBCS-Article-Dr Karim Traoré

    African Journals Online (AJOL)

    DR GATSING

    associant le producteur à toutes les étapes de la formation depuis le diagnostic des problèmes, l'identification et la mise en œuvre des meilleures solutions ainsi que l' ..... et étude de leur impact agro écologique. INERA, Département GRN/SP Burkina. Faso, 91p. Joann K, Whalen, Chi Chang, George WC,. Janna PC. 2000.

  15. Allelopathic potential of selected rice varieties | Karim | African ...

    African Journals Online (AJOL)

    Journal Home > Vol 11, No 88 (2012) >. Log in or Register to get access to full text downloads. Username, Password, Remember me, or Register · Download this PDF file. The PDF file you selected should load here if your Web browser has a PDF reader plug-in installed (for example, a recent version of Adobe Acrobat ...

  16. A Traceability Attack against e-Passports

    Science.gov (United States)

    Chothia, Tom; Smirnov, Vitaliy

    Since 2004, many nations have started issuing "e-passports" containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that our data will be protected from any possible unauthorised attempts to read it. In this paper we show that there is a flaw in one of the passport's protocols that makes it possible to trace the movements of a particular passport, without having to break the passport's cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, then by replaying a particular message, the attacker can distinguish that passport from any other. We have implemented our attack and tested it successfully against passports issued by a range of nations.

  17. Liability for damage caused by terrorist attacks

    International Nuclear Information System (INIS)

    Heller, W.

    2004-01-01

    After the terrorist attacks on September 11, 2001, one of the questions raised was about the potential liability of the operator of a nuclear power plant for damage sustained by a third party as a result of a comparable terrorist attack on a nuclear power plant. Internationally, this situation is regulated by the Convention on Third-Party Liability in Nuclear Power, the so-called Paris Liability Convention, of 1960, 1964, 1982. Among other things, that Convention excludes liability in cases directly resulting form 'actions of armed conflict..'. The problem arises, among other things, from the absence of an internationally acknowledged definition of terrorism or terrorist attack, and from the idea that, according to the Paris Convention, the legal entities assumed to be involved in such actions are states and weapons. National and international agreements and laws about the liability of the operator of nuclear facility for damage to third parties as a result of terrorist actions are analyzed and discussed. (orig.)

  18. Key Recovery Attacks on Recent Authenticated Ciphers

    DEFF Research Database (Denmark)

    Bogdanov, Andrey; Dobraunig, Christoph; Eichlseder, Maria

    2014-01-01

    and wireless networks. All these schemes use well-established and secure components such as the AES, Grain-like NFSRs, ChaCha and SipHash as their building blocks. However, we discover key recovery attacks for all three designs, featuring square-root complexities. Using a key collision technique, we can...... recover the secret key of AVALANCHE in 2n/2, where n 2∈ {28; 192; 256} is the key length. This technique also applies to the authentication part of Calico whose 128-bit key can be recovered in 264 time. For RBS, we can recover its full 132-bit key in 265 time with a guess-and-determine attack. All attacks...

  19. Discovering Collaborative Cyber Attack Patterns Using Social Network Analysis

    Science.gov (United States)

    Du, Haitao; Yang, Shanchieh Jay

    This paper investigates collaborative cyber attacks based on social network analysis. An Attack Social Graph (ASG) is defined to represent cyber attacks on the Internet. Features are extracted from ASGs to analyze collaborative patterns. We use principle component analysis to reduce the feature space, and hierarchical clustering to group attack sources that exhibit similar behavior. Experiments with real world data illustrate that our framework can effectively reduce from large dataset to clusters of attack sources exhibiting critical collaborative patterns.

  20. Playing Attack and Defense with Trusted Storage

    DEFF Research Database (Denmark)

    Gonzalez, Javier; Bonnet, Philippe; Bouganim, Luc

    2014-01-01

    It is often convenient to assume in a data management platform that one or several computing devices are trusted, specially when the goal is to provide privacy guarantees over personal data. But what does it take for a computing device to be trusted? More specifically, how can a personal device...... provide trusted storage? This is the question we tackle in this demonstration. We describe how secure devices, equipped with a trusted execution environment, differ from general purpose devices. We illustrate with our demonstration scenario, that it is much more difficult to attack a storage service...... running on a secure device, than to attack the same service running on a general purpose device....

  1. Attacks and infections in percolation processes

    International Nuclear Information System (INIS)

    Janssen, Hans-Karl; Stenull, Olaf

    2017-01-01

    We discuss attacks and infections at propagating fronts of percolation processes based on the extended general epidemic process. The scaling behavior of the number of the attacked and infected sites in the long time limit at the ordinary and tricritical percolation transitions is governed by specific composite operators of the field-theoretic representation of this process. We calculate corresponding critical exponents for tricritical percolation in mean-field theory and for ordinary percolation to 1-loop order. Our results agree well with the available numerical data. (paper)

  2. A novel proposed network security management approach for cyber attacks

    International Nuclear Information System (INIS)

    Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

    2007-01-01

    Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

  3. Investigating the Possibility to Individualize Asthma Attack Therapy Based on Attack Severity and Patient Characteristics

    Directory of Open Access Journals (Sweden)

    Sárkány Zoltán

    2016-03-01

    Full Text Available Introduction: The objective of this study was to investigate with the help of a computerized simulation model whether the treatment of an acute asthma attack can be individualized based on the severity of the attack and the characteristics of the patient. Material and Method: A stochastic lung model was used to simulate the deposition of 1 nm - 10 μm particles during a mild and a moderate asthma attack. Breathing parameters were varied to maximize deposition, and simulation results were compared with those obtained in the case of a severe asthma attack. In order to investigate the effect of height on the deposition of inhaled particles, another series of simulations was carried out with identical breathing parameters, comparing patient heights of 155 cm, 175 cm and 195 cm. Results: The optimization process yielded an increase in the maximum deposition values of around 6-7% for each type of investigated asthma attack, and the difference between attacks of different degree of severity was around 5% for both the initial and the optimized values, a higher degree of obstruction increasing the amount of deposited particles. Conclusions: Our results suggest that the individualization of asthma attack treatment cannot be based on particles of different size, as the highest deposited fraction in all three types of attacks can be obtained using 0.01 μm particles. The use of a specific set of breathing parameters yields a difference between a mild and a moderate, as well as a moderate and a severe asthma attack of around 5%.

  4. Afghanistan: Green-on-Blue Attacks

    Science.gov (United States)

    2013-05-02

    killing infidels in their land. In order to mitigate attacks within the ANSF embedded Afghan intelligence agents to watch for any ANA soldier or ANP...said, “Americans use the word f--k all the time.” 37 Many Afghan troops take the meaning sexually , not as a meaningless expletive, the understanding

  5. Rising Trend: Complex and sophisticated attack methods

    Indian Academy of Sciences (India)

    Increased frequency and intensity of DoS/DDoS. Few Gbps is now normal; Anonymous VPNs being used; Botnets being used as a vehicle for launching DDoS attacks. Large scale booking of domain names. Hundred thousands of domains registered in short duration via few registrars; Single registrant; Most of the domains ...

  6. Rising Trend: Complex and sophisticated attack methods

    Indian Academy of Sciences (India)

    Stux, DuQu, Nitro, Luckycat, Exploit Kits, FLAME. ADSL/SoHo Router Compromise. Botnets of compromised ADSL/SoHo Routers; User Redirection via malicious DNS entry. Web Application attacks. SQL Injection, RFI etc. More and more Webshells. More utility to hackers; Increasing complexity and evading mechanisms.

  7. Attack Classification Schema for Smart City WSNs

    Directory of Open Access Journals (Sweden)

    Victor Garcia-Font

    2017-04-01

    Full Text Available Urban areas around the world are populating their streets with wireless sensor networks (WSNs in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.

  8. Attack Classification Schema for Smart City WSNs.

    Science.gov (United States)

    Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

    2017-04-05

    Urban areas around the world are populating their streets with wireless sensor networks (WSNs) in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.

  9. Adversarial Feature Selection Against Evasion Attacks.

    Science.gov (United States)

    Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

    2016-03-01

    Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

  10. Sequential and Parallel Attack Tree Modelling

    NARCIS (Netherlands)

    Arnold, Florian; Guck, Dennis; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Koornneef, Floor; van Gulijk, Coen

    The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial

  11. Wrap-Attack Pack: Product Packaging Exercise

    Science.gov (United States)

    Lee, Seung Hwan; Hoffman, K. Douglas

    2016-01-01

    Although many marketing courses discuss traditional concepts pertaining to product strategy, concepts specifically relating to packaging are often glossed over. This exercise, "Wrap-Attack Pack," teaches students about the utilitarian and hedonic design elements of packaging. More specifically, the primary objective is to creatively…

  12. Shark attack: review of 86 consecutive cases.

    Science.gov (United States)

    Woolgar, J D; Cliff, G; Nair, R; Hafez, H; Robbs, J V

    2001-05-01

    On average there are approximately 50 confirmed shark attacks worldwide annually. Despite their rarity, such incidents often generate much public and media attention. The injuries of 86 consecutive victims of shark attack were reviewed from 1980 to 1999. Clinical data retrieved from the South African Shark Attack Files, maintained by the Natal Sharks Board, were retrospectively analyzed to determine the nature, treatment, and outcome of injuries. The majority of victims (n = 68 [81%]) had relatively minor injuries that required simple primary suture. Those patients (n = 16 [19%]) with more extensive limb lacerations longer than 20 cm or with soft-tissue loss of more than one myofascial compartment were associated with higher morbidity and limb loss. In 8 of the 10 fatalities, death occurred as a result of exsanguinating hemorrhage from a limb vascular injury. Victims of shark attack usually sustain only minor injuries. In more serious cases, particularly if associated with a major vascular injury, hemorrhage control and early resuscitation are of utmost importance during the initial management if these patients are to survive.

  13. Shark Attack! Sinking Your Teeth into Anatomy.

    Science.gov (United States)

    House, Herbert

    2002-01-01

    Presents a real life shark attack story and studies arm reattachment surgery to teach human anatomy. Discusses how knowledge of anatomy can be put to use in the real world and how the arm functions. Includes teaching notes and suggestions for classroom management. (YDS)

  14. Algebraic Side-Channel Attack on Twofish

    Directory of Open Access Journals (Sweden)

    Chujiao Ma

    2017-05-01

    Full Text Available While algebraic side-channel attack (ASCA has been successful in breaking simple cryptographic algorithms, it has never been done on larger or more complex algorithms such as Twofish. Compared to other algorithms that ASCA has been used on, Twofish is more difficult to attack due to the key-dependent S-boxes as well as the complex key scheduling. In this paper, we propose the first algebraic side-channel attack on Twofish, and examine the importance of side-channel information in getting past the key-dependent S-boxes and the complex key scheduling. The cryptographic algorithm and side-channel information are both expressed as boolean equations and a SAT solver is used to recover the key. While algebraic attack by itself is not sufficient to break the algorithm, with the help of side-channel information such as Hamming weights, we are able to correctly solve for 96 bits of the 128 bits key in under 2 hours with known plaintext/ciphertext.

  15. Association between Terror Attacks and Suicide Attempts

    Science.gov (United States)

    Weizman, Tal; Yagil, Yaron; Schreiber, Shaul

    2009-01-01

    Based on Durkheim's "Control theory," we explored the association between frequency of terror attacks in Israel and the frequency of suicide attempts admitted to the Emergency Room of a major general hospital in Tel-Aviv (1999-2004). Analysis of the six-year study period as a whole revealed no significant correlation between the…

  16. Fighting Through a Logistics Cyber Attack

    Science.gov (United States)

    2015-06-19

    Infiltrating GATES ............................................................................................................ 19 SCADA Vulnerability...not adequately protected; there isn’t sufficient guidance, or funding allocated to the security of our Supervisory Control and Data Acquisition ( SCADA ...attack against a vital system such as GATES, and instead focus her efforts on a less secure more conspicuous system 6 such as the SCADA systems

  17. Strengthening Crypto-1 Cipher Against Algebraic Attacks

    Directory of Open Access Journals (Sweden)

    Farah Afianti

    2015-08-01

    Full Text Available In the last few years, several studies addressed the problem of data security in Mifare Classic. One of its weaknesses is the low random number quality. This causes SAT solver attacks to have lower complexity. In order to strengthen Crypto-1 against SAT solver attacks, a modification of the feedback function with better cryptographic properties is proposed. It applies a primitive polynomial companion matrix. SAT solvers cannot directly attack the feedback shift register that uses the modified Boolean feedback function, the register has to be split into smaller groups. Experimental testing showed that the amount of memory and CPU time needed were highest when attacking the modified Crypto-1 using the modified feedback function and the original filter function. In addition, another modified Crypto-1, using the modified feedback function and a modified filter function, had the lowest percentage of revealed variables. It can be concluded that the security strength and performance of the modified Crypto-1 using the modified feedback function and the modified filter function are better than those of the original Crypto-1.

  18. Intrusion-Tolerant Replication under Attack

    Science.gov (United States)

    Kirsch, Jonathan

    2010-01-01

    Much of our critical infrastructure is controlled by large software systems whose participants are distributed across the Internet. As our dependence on these critical systems continues to grow, it becomes increasingly important that they meet strict availability and performance requirements, even in the face of malicious attacks, including those…

  19. Rhode Island School Terrorist Attack Preparedness

    Science.gov (United States)

    Dube, Michael W. M.

    2012-01-01

    This study examined the state of safety and terrorist attack preparedness in Rhode Island Schools as determined by Rhode Island school leader perceptions. The study is descriptive in nature as it gathers data to describe a particular event or situation. Using a researcher generated survey based on terrorist preparedness guidelines and suggestions…

  20. Modeling of Aggregate Attacks on Complex Networks

    Directory of Open Access Journals (Sweden)

    F. Galindo

    2010-09-01

    Full Text Available An order factor in combinations of random and targeted attacks on modern scale free network model has been explored. Protection concepts based on timely restructuring of topologies have been discussed. Vulnerability parameter defined by investment value has been introduced, and protection financing strategies depending on node connectivity has been analyzed.

  1. Rising Trend: Complex and sophisticated attack methods

    Indian Academy of Sciences (India)

    Few Gbps is now normal; Anonymous VPNs being used; Botnets being used as a vehicle for launching DDoS attacks ... Single registrant; Most of the domains kept unresolved; Mostly being used for spamming and malware distribution; Many domains are listed as malicious; Poor process control by Domain Registrars.

  2. Quantitative Verification and Synthesis of Attack-Defence Scenarios

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi; Nielson, Flemming; Parker, David

    2016-01-01

    Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal...... analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack......-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders...

  3. Transforming Graphical System Models to Graphical Attack Models

    DEFF Research Database (Denmark)

    Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

    2016-01-01

    Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations...... that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic...... approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset....

  4. An Adaptive Approach for Defending against DDoS Attacks

    Directory of Open Access Journals (Sweden)

    Muhai Li

    2010-01-01

    Full Text Available In various network attacks, the Distributed Denial-of-Service (DDoS attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.

  5. Error and attack vulnerability of temporal networks

    Science.gov (United States)

    Trajanovski, S.; Scellato, S.; Leontiadis, I.

    2012-06-01

    The study of real-world communication systems via complex network models has greatly expanded our understanding on how information flows, even in completely decentralized architectures such as mobile wireless networks. Nonetheless, static network models cannot capture the time-varying aspects and, therefore, various temporal metrics have been introduced. In this paper, we investigate the robustness of time-varying networks under various failures and intelligent attacks. We adopt a methodology to evaluate the impact of such events on the network connectivity by employing temporal metrics in order to select and remove nodes based on how critical they are considered for the network. We also define the temporal robustness range, a new metric that quantifies the disruption caused by an attack strategy to a given temporal network. Our results show that in real-world networks, where some nodes are more dominant than others, temporal connectivity is significantly more affected by intelligent attacks than by random failures. Moreover, different intelligent attack strategies have a similar effect on the robustness: even small subsets of highly connected nodes act as a bottleneck in the temporal information flow, becoming critical weak points of the entire system. Additionally, the same nodes are the most important across a range of different importance metrics, expressing the correlation between highly connected nodes and those that trigger most of the changes in the optimal information spreading. Contrarily, we show that in randomly generated networks, where all the nodes have similar properties, random errors and intelligent attacks exhibit similar behavior. These conclusions may help us in design of more robust systems and fault-tolerant network architectures.

  6. Recovery of human remains after shark attack.

    Science.gov (United States)

    Byard, Roger W; James, Ross A; Heath, Karen J

    2006-09-01

    Two cases of fatal shark attack are reported where the only tissues recovered were fragments of lung. Case 1: An 18-year-old male who was in the sea behind a boat was observed by friends to be taken by a great white shark (Carcharodon carcharias). The shark dragged him under the water and then, with a second shark, dismembered the body. Witnesses noted a large amount of blood and unrecognizable body parts coming to the surface. The only tissues recovered despite an intensive beach and sea search were 2 fragments of lung. Case 2: A 19-year-old male was attacked by a great white shark while diving. A witness saw the shark swim away with the victim's body in its mouth. Again, despite intensive beach and sea searches, the only tissue recovered was a single piece of lung, along with pieces of wetsuit and diving equipment. These cases indicate that the only tissue to escape being consumed or lost in fatal shark attacks, where there is a significant attack with dismemberment and disruption of the integrity of the body, may be lung. The buoyancy of aerated pulmonary tissue ensures that it rises quickly to the surface, where it may be recovered by searchers soon after the attack. Aeration of the lung would be in keeping with death from trauma rather than from drowning and may be a useful marker in unwitnessed deaths to separate ante- from postmortem injury, using only relatively small amounts of tissues. Early organ recovery enhances the identification of human tissues as the extent of morphologic alterations by putrefactive processes and sea scavengers will have been minimized. DNA testing is also possible on such recovered fragments, enabling confirmation of the identity of the victim.

  7. Modelling Social-Technical Attacks with Timed Automata

    DEFF Research Database (Denmark)

    David, Nicolas; David, Alexandre; Hansen, Rene Rydhof

    2015-01-01

    Attacks on a system often exploit vulnerabilities that arise from human behaviour or other human activity. Attacks of this type, so-called socio-technical attacks, cover everything from social engineering to insider attacks, and they can have a devastating impact on an unprepared organisation....... In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks...

  8. Optimal counterterrorism and the recruitment effect of large terrorist attacks

    DEFF Research Database (Denmark)

    Jensen, Thomas

    2011-01-01

    makes it more likely that terrorist cells plan small rather than large attacks and therefore may increase the probability of a successful attack. Analyzing optimal counterterrorism we see that the recruitment effect makes authorities increase the level of counterterrorism after large attacks. Therefore......, in periods following large attacks a new attack is more likely to be small compared to other periods. Finally, we analyze the long-run consequences of the recruitment effect. We show that it leads to more counterterrorism, more small attacks, and a higher sum of terrorism damage and counterterrorism costs...

  9. Diverticulitis Diet: Can Certain Foods Trigger an Attack?

    Science.gov (United States)

    ... there trigger foods I should avoid to prevent diverticulitis attacks? Answers from Katherine Zeratsky, R.D., L. ... Actually, no specific foods are known to trigger diverticulitis attacks. And no special diet has been proved ...

  10. Heart Attack or Sudden Cardiac Arrest: How Are They Different?

    Science.gov (United States)

    ... Attack or Sudden Cardiac Arrest: How Are They Different? Updated:Mar 15,2018 People often use these ... The heart attack symptoms in women can be different than men. What is cardiac arrest? Sudden cardiac ...

  11. Cyber Attacks During the War on Terrorism: A Predictive Analysis

    National Research Council Canada - National Science Library

    Vatis, Michael

    2001-01-01

    ... responsible for the attack. This paper examines case studies of political conflicts that have led to attacks on cyber systems, such as the recent clashes between India and Pakistan, Israel and the Palestinians, and NATO...

  12. Information Warfare: Defining the Legal Response to An Attack

    National Research Council Canada - National Science Library

    Pottorff, James

    1999-01-01

    This paper discusses the difficulty in determining whether an information warfare attack, such as a computer virus, can be treated as an "armed attack" for purposes of national defense under the United Nations charter. As the U.S...

  13. Denial of Service Attack Techniques: Analysis, Implementation and Comparison

    Directory of Open Access Journals (Sweden)

    Khaled Elleithy

    2005-02-01

    Full Text Available A denial of service attack (DOS is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. In this paper we show the implementation and analysis of three main types of attack: Ping of Death, TCP SYN Flood, and Distributed DOS. The Ping of Death attack will be simulated against a Microsoft Windows 95 computer. The TCP SYN Flood attack will be simulated against a Microsoft Windows 2000 IIS FTP Server. Distributed DOS will be demonstrated by simulating a distribution zombie program that will carry the Ping of Death attack. This paper will demonstrate the potential damage from DOS attacks and analyze the ramifications of the damage.

  14. Cyber Attacks During the War on Terrorism: A Predictive Analysis

    National Research Council Canada - National Science Library

    Vatis, Michael

    2001-01-01

    .... Just as the terrorist attacks of September 11, 2001 defied what many thought possible, cyber attacks could escalate in response to United States and allied retaliatory measures against the terrorists...

  15. Satellite Threat Warning and Attack Reporting

    Energy Technology Data Exchange (ETDEWEB)

    Hilland, D. [Kirkland AFB, NM (United States). Air Force Research Lab.; Phipps, G. [Sandia National Labs., Albuquerque, NM (United States). Optics & Technologies Dept.; Jingle, C.; Newton, G. [Schafer Corp., Albuquerque, NM (United States)

    1997-12-31

    The Air Force Research Laboratory`s Satellite Threat Warning and Attack Reporting (STW/AR) program will provide technologies for advanced threat warning and reporting of radio frequency (RF) and laser threats. The STW/AR program objectives are: (a) develop cost- effective technologies to detect, identify, locate, characterize, and report attacks or interference against U.S. and Allied satellites. (b) demonstrate innovative, light-weight, low-power, laser and RF sensors. The program focuses on the demonstration of RF and laser sensors. The RF sensor effort includes the investigation of interferometric antenna arrays, multi-arm spiral and butler matrix antennas, wideband receivers, adaptive processors, and improved processing algorithms. The laser sensor effort includes the investigation of alternative detectors, broadband grating and optical designs, active pixel sensing, and improved processing algorithms.

  16. Quantum Communication Attacks on Classical Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre

    , one can show that the protocol remains secure even under such an attack. However, there are also cases where the honest players are quantum as well, even if the protocol uses classical communication. For instance, this is the case when classical multiparty computation is used as a “subroutine......” in quantum multiparty computation. Furthermore, in the future, players in a protocol may employ quantum computing simply to improve efficiency of their local computation, even if the communication is supposed to be classical. In such cases, it no longer seems clear that a quantum adversary must be limited......In the literature on cryptographic protocols, it has been studied several times what happens if a classical protocol is attacked by a quantum adversary. Usually, this is taken to mean that the adversary runs a quantum algorithm, but communicates classically with the honest players. In several cases...

  17. Research About Attacks Over Cloud Environment

    Directory of Open Access Journals (Sweden)

    Li Jie

    2017-01-01

    Full Text Available Cloud computing is expected to continue expanding in the next few years and people will start to see some of the following benefits in their real lives. Security of cloud computing environments is the set of control-based technologies and policies absolute to adhere regulatory compliance rules and protect information data applications and infrastructure related with cloud use. In this paper we suggest a model to estimating the cloud computing security and test the services provided to users. The simulator NG-Cloud Next Generation Secure Cloud Storage is used and modified to administer the proposed model. This implementation achieved security functions potential attacks as defined in the proposed model. Finally we also solve some attacks over cloud computing to provide the security and safety of the cloud.

  18. Two fatal tiger attacks in zoos.

    Science.gov (United States)

    Tantius, Britta; Wittschieber, Daniel; Schmidt, Sven; Rothschild, Markus A; Banaschak, Sibylle

    2016-01-01

    Two captive tiger attacks are presented that took place in Cologne and Münster zoos. Both attacks occurred when the handlers, intent on cleaning the enclosures, entered whilst the tigers accidently retained access to the location, and thus defended their territory against the perceived intruders. Both victims suffered fatal neck injuries from the bites. At Münster, colleagues managed to lure the tiger away from its victim to enable treatment, whilst the Cologne zoo tiger had to be shot in order to allow access to be gained. Whilst it was judged that human error led to the deaths of the experienced zookeepers, the investigation in Münster was closed as no third party was found to be at fault, whereas the Cologne zoo director was initially charged with being negligent. These charges were subsequently dismissed as safety regulations were found to be up to date.

  19. Presentation attack detection in voice biometrics

    OpenAIRE

    Korshunov, Pavel; Marcel, Sébastien; Vielhauer, Claus

    2017-01-01

    Recent years have shown an increase in both the accuracy of biometric systems and their practical use. The application of biometrics is becoming widespread with fingerprint sensors in smartphones, automatic face recognition in social networks and video-based applications, and speaker recognition in phone banking and other phone-based services. The popularization of the biometric systems, however, exposed their major flaw --- high vulnerability to spoofing attacks. A fingerprint sensor can be ...

  20. A Study of Gaps in Attack Analysis

    Science.gov (United States)

    2016-10-12

    necessarily reflect the views of the Department of Defense. © 2016 MASSACHUSETTS INSTITUTE OF TECHNOLOGY Delivered to the U.S. Government with...and identify cyber attacks reflects the “arms race” na- ture of the cyber domain. While defenders develop new and improved techniques to detect known...Trost. Digging into ShellShock Exploitation attempts using ShockPot Data. https://www.threatstream.com/ blog /shockpot-exploitation-analysis, September

  1. Collision attack against Tav-128 hash function

    Science.gov (United States)

    Hariyanto, Fajar; Hayat Susanti, Bety

    2017-10-01

    Tav-128 is a hash function which is designed for Radio Frequency Identification (RFID) authentication protocol. Tav-128 is expected to be a cryptographically secure hash function which meets collision resistance properties. In this research, a collision attack is done to prove whether Tav-128 is a collision resistant hash function. The results show that collisions can be obtained in Tav-128 hash function which means in other word, Tav-128 is not a collision resistant hash function.

  2. Attacking Paper-Based E2E Voting Systems

    Science.gov (United States)

    Kelsey, John; Regenscheid, Andrew; Moran, Tal; Chaum, David

    In this paper, we develop methods for constructing vote-buying/coercion attacks on end-to-end voting systems, and describe vote-buying/coercion attacks on three proposed end-to-end voting systems: Punchscan, Prêt-à-voter, and ThreeBallot. We also demonstrate a different attack on Punchscan, which could permit corrupt election officials to change votes without detection in some cases. Additionally, we consider some generic attacks on end-to-end voting systems.

  3. Fuzzy Expert System for Heart Attack Diagnosis

    Science.gov (United States)

    Hassan, Norlida; Arbaiy, Nureize; Shah, Noor Aziyan Ahmad; Afizah Afif@Afip, Zehan

    2017-08-01

    Heart attack is one of the serious illnesses and reported as the main killer disease. Early prevention is significant to reduce the risk of having the disease. The prevention efforts can be strengthen through awareness and education about risk factor and healthy lifestyle. Therefore the knowledge dissemination is needed to play role in order to distribute and educate public in health care management and disease prevention. Since the knowledge dissemination in medical is important, there is a need to develop a knowledge based system that can emulate human intelligence to assist decision making process. Thereby, this study utilized hybrid artificial intelligence (AI) techniques to develop a Fuzzy Expert System for Diagnosing Heart Attack Disease (HAD). This system integrates fuzzy logic with expert system, which helps the medical practitioner and people to predict the risk and as well as diagnosing heart attack based on given symptom. The development of HAD is expected not only providing expert knowledge but potentially become one of learning resources to help citizens to develop awareness about heart-healthy lifestyle.

  4. Iraqi violence, Saudi attack and further bombings

    Energy Technology Data Exchange (ETDEWEB)

    Anon

    2006-03-15

    Iraq moved closer to all-out civil war following an attack on the Imam Ali al-Hadi mosque in Samarra, one of Shi'i Islam's holiest shrines, on 22nd February. In the days that followed, several hundred Iraqis died in inter-communal violence. Attacks on installations close to the Basrah Oil Terminal were reported. Earlier in the month, the main oil storage facility in Kirkuk was bombed, forcing the Northern Oil Company to shut-in the 0.3 mn bpd field. Oil and electricity supplies in southern Iraq were cut by attacks on installations some 40 miles south of Baghdad. Turkey agreed to resume product exports to Iraq after a deal was agreed on repaying Iraqi debts of $1 bn to Turkish suppliers. An official Australian inquiry into illegal payments made under the UN's oil-for-food programme is to investigate allegations involving two Australian-controlled oil firms. (author)

  5. Smoking behaviour under intense terrorist attacks.

    Science.gov (United States)

    Keinan-Boker, Lital; Kohn, Robert; Billig, Miriam; Levav, Itzhak

    2011-06-01

    Smoking is one of the varied psychological reactions to stress. This study examined the rate and changes in cigarette smoking among former Gaza and current West Bank Jewish settlers subjected to direct and indirect terrorist attacks during the Al-Aksa Intifada. The relationship with degree of religious observance and emotional distress was explored as well. In this cross-sectional study, the respondents were settlers randomly selected and interviewed by telephone (N = 706). The interview schedule included socio-demographic items, information on direct exposure to terrorist attacks (e.g. threat to life or physical integrity, personal losses, property damage) and on steady and changes in smoking habits, and a scale to measure emotional distress. In contrast with the country population, a larger percentage of settlers who smoked increased the number of cigarettes consumed with exposure to terrorism (10 and 27%, respectively). Respondents who were injured or had their home damaged reported a higher rate of smoking during the preceding year (30 and 20%, respectively). Emotional distress was related to cigarette smoking, but not in the controlled analysis. Religious observance had no effect. Direct or indirect exposure to terrorist attacks had an impact on smoking prevalence rates and on changes in smoking habits. Studies investigating reactions to traumatic events should include a detailed section on smoking while mental health interventions should address the needs of smokers.

  6. Link-layer jamming attacks on S-MAC

    NARCIS (Netherlands)

    Law, Y.W.; Hartel, Pieter H.; den Hartog, Jeremy; Havinga, Paul J.M.

    We argue that among denial-of-service (DoS) attacks, link-layer jamming is a more attractive option to attackers than radio jamming is. By exploiting the semantics of the link-layer protocol (aka MAC protocol), an attacker can achieve better efficiency than blindly jamming the radio signals alone.

  7. Link-layer Jamming Attacks on S-MAC

    NARCIS (Netherlands)

    Law, Y.W.; Hartel, Pieter H.; den Hartog, Jeremy; Havinga, Paul J.M.

    2004-01-01

    We argue that among denial-of-service (DoS) attacks, link-layer jamming is a more attractive option to attackers than radio jamming is. By exploiting the semantics of the link-layer protocol (aka MAC protocol), an attacker can achieve better efficiency than blindly jamming the radio signals alone.

  8. What Can We Learn?--The Algonquin Bear Attack.

    Science.gov (United States)

    Strickland, Dan

    1992-01-01

    Describes a bear attack in Algonquin Park in Lake Opeongo (Canada) in which a man and woman were killed. Hypothesizes that the bear deliberately preyed on its victims and concludes that the bear was physically normal. Despite this isolated attack, the chance of being attacked by a black bear when camping is virtually nonexistent. (KS)

  9. STAR Performance with SPEAR (Signal Processing Electronic Attack RFIC)

    Science.gov (United States)

    2017-03-01

    STAR Performance with SPEAR ( Signal Processing Electronic Attack RFIC) Luciano Boglione, Clayton Davis, Joel Goodman, Matthew McKeon, David...Parrett, Sanghoon Shin and Naomi Walker Naval Research Laboratory Washington, DC, 20375 Figure 1: The Signal Processing Electronic Attack RFIC...SPEAR) system. Abstract: The Signal Processing Electronic Attack RFIC (SPEAR) is a simultaneous transmit and receive (STAR) system capable of

  10. Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference

    NARCIS (Netherlands)

    Aslanyan, Zaruhi; Nielson, Flemming; Parker, David

    Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal

  11. Regression Nodes: Extending attack trees with data from social sciences

    NARCIS (Netherlands)

    Bullee, Jan-Willem; Montoya, L.; Pieters, Wolter; Junger, Marianne; Hartel, Pieter H.

    In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to

  12. Quantitative Attack Tree Analysis via Priced Timed Automata

    NARCIS (Netherlands)

    Kumar, Rajesh; Ruijters, Enno Jozef Johannes; Stoelinga, Mariëlle Ida Antoinette; Sankaranarayanan, Sriram; Vicario, Enrico

    The success of a security attack crucially depends on the resources available to an attacker: time, budget, skill level, and risk appetite. Insight in these dependencies and the most vulnerable system parts is key to providing effective counter measures. This paper considers attack trees, one of the

  13. Pareto Efficient Solution of Attack-Defence Trees

    NARCIS (Netherlands)

    Aslanyan, Zaruhi; Nielson, Flemming

    Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes, such as

  14. Vulnerability Assessment by Learning Attack Specifications in Graphs

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Lopes, Raul H.C.

    This paper presents an evolutionary approach for learning attack specifications that describe attack scenarios. The objective is to find vulnerabilities in computer networks which minimise the cost of an attack with maximum impact. Although we focus on Insider Threat, the proposed approach applies

  15. Limit Asthma Attacks Caused by Colds or Flu

    Science.gov (United States)

    Asthma: Limit asthma attacks caused by colds or flu A cold or the flu can trigger an asthma attack. Here's why — and how to keep your sneeze ... plan. If you notice warning signs of an asthma attack — such as coughing, wheezing, chest tightness or shortness ...

  16. Modeling and Analysis of Information Attack in Computer Networks

    National Research Council Canada - National Science Library

    Pepyne, David

    2003-01-01

    ... (as opposed to physical and other forms of attack) . Information based attacks are attacks that can be carried out from anywhere in the world, while sipping cappuccino at an Internet cafe' or while enjoying the comfort of a living room armchair...

  17. Attacks on the AJPS Mersenne-based cryptosystem

    NARCIS (Netherlands)

    K. de Boer (Koen); L. Ducas (Léo); S. Jeffery (Stacey); R. M. de Wolf (Ronald)

    2018-01-01

    textabstractAggarwal, Joux, Prakash and Santha recently introduced a new potentially quantum-safe public-key cryptosystem, and suggested that a brute-force attack is essentially optimal against it. They consider but then dismiss both Meet-in-the-Middle attacks and LLL-based attacks. Very soon after

  18. 12 CFR 747.17 - Collateral attacks on adjudicatory proceeding.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... INVESTIGATIONS Uniform Rules of Practice and Procedure § 747.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any court concerning all or any part of an...

  19. 12 CFR 308.17 - Collateral attacks on adjudicatory proceeding.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... PRACTICE RULES OF PRACTICE AND PROCEDURE Uniform Rules of Practice and Procedure § 308.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any...

  20. 12 CFR 19.17 - Collateral attacks on adjudicatory proceeding.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... OF PRACTICE AND PROCEDURE Uniform Rules of Practice and Procedure § 19.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any court concerning all...

  1. Unified communications forensics anatomy of common UC attacks

    CERN Document Server

    Grant, Nicholas Mr

    2013-01-01

    Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment. This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including: analysis of forensic artifacts in common UC attacks an in-depth look at established UC technologies and attack exploits hands-on understanding of UC attack vectors and associated countermeasures

  2. Denial of Service Attack Techniques: Analysis, Implementation and Comparison

    OpenAIRE

    Khaled Elleithy; Drazen Blagovic; Wang Cheng; Paul Sideleau

    2005-01-01

    A denial of service attack (DOS) is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. In this paper we show the implementation and analysis of three main types of attack: Ping of Death, TCP SYN Flood, and Distributed DOS. The Ping of Death attack wil...

  3. False Positive and False Negative Effects on Network Attacks

    Science.gov (United States)

    Shang, Yilun

    2018-01-01

    Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

  4. Web Forms and Untraceable DDoS Attacks

    Science.gov (United States)

    Jakobsson, Markus; Menczer, Filippo

    We analyze a Web vulnerability that allows an attacker to perform an email-based attack on selected victims, using standard scripts and agents. What differentiates the attack we describe from other, already known forms of distributed denial of service (DDoS) attacks is that an attacker does not need to infiltrate the network in any manner - as is normally required to launch a DDoS attack. Thus, we see this type of attack as a poor man's DDoS. Not only is the attack easy to mount, but it is also almost impossible to trace back to the perpetrator. Along with descriptions of our attack, we demonstrate its destructive potential with (limited and contained) experimental results. We illustrate the potential impact of our attack by describing how an attacker can disable an email account by flooding its inbox; block competition during on-line auctions; harm competitors with an on-line presence; disrupt phone service to a given victim; disconnect mobile corporate leaders from their networks; and disrupt electronic elections. Finally, we propose a set of countermeasures that are light-weight, do not require modifications to the infrastructure, and can be deployed in a gradual manner.

  5. Machine Learning Methods for Attack Detection in the Smart Grid.

    Science.gov (United States)

    Ozay, Mete; Esnaola, Inaki; Yarman Vural, Fatos Tunay; Kulkarni, Sanjeev R; Poor, H Vincent

    2016-08-01

    Attack detection problems in the smart grid are posed as statistical learning problems for different attack scenarios in which the measurements are observed in batch or online settings. In this approach, machine learning algorithms are used to classify measurements as being either secure or attacked. An attack detection framework is provided to exploit any available prior knowledge about the system and surmount constraints arising from the sparse structure of the problem in the proposed approach. Well-known batch and online learning algorithms (supervised and semisupervised) are employed with decision- and feature-level fusion to model the attack detection problem. The relationships between statistical and geometric properties of attack vectors employed in the attack scenarios and learning algorithms are analyzed to detect unobservable attacks using statistical learning methods. The proposed algorithms are examined on various IEEE test systems. Experimental analyses show that machine learning algorithms can detect attacks with performances higher than attack detection algorithms that employ state vector estimation methods in the proposed attack detection framework.

  6. Hybrid attacks on model-based social recommender systems

    Science.gov (United States)

    Yu, Junliang; Gao, Min; Rong, Wenge; Li, Wentao; Xiong, Qingyu; Wen, Junhao

    2017-10-01

    With the growing popularity of the online social platform, the social network based approaches to recommendation emerged. However, because of the open nature of rating systems and social networks, the social recommender systems are susceptible to malicious attacks. In this paper, we present a certain novel attack, which inherits characteristics of the rating attack and the relation attack, and term it hybrid attack. Furtherly, we explore the impact of the hybrid attack on model-based social recommender systems in multiple aspects. The experimental results show that, the hybrid attack is more destructive than the rating attack in most cases. In addition, users and items with fewer ratings will be influenced more when attacked. Last but not the least, the findings suggest that spammers do not depend on the feedback links from normal users to become more powerful, the unilateral links can make the hybrid attack effective enough. Since unilateral links are much cheaper, the hybrid attack will be a great threat to model-based social recommender systems.

  7. Noncombatants and liability to be attacked in wars

    DEFF Research Database (Denmark)

    Lippert-Rasmussen, Kasper

    2013-01-01

    attack," I mean that S has forfeited his or her right not to be attacked by armed forces. Here, "liable" is used in a normative-cum-legal sense, not descriptively as it is when one says "some colors are liable to darken in perpetual shade," and "attack" is used passively, as an equivalent of be attacked....... Colloquially, then, "S is liable to attack" means roughly that S is a legitimate target. Given this, it should be clear that when I talk about the criteria of "liability to attack," I am talking in effect about the features separating people who may and may not be attacked. Unless I indicate otherwise, I also...... mean to focus on intended, as opposed to incidental, attacks. Finally, although "attack" often implies initiation of a conflict ("I didn't attack him! He started it!"), it does not do so here. An unjust aggressor who initiates a conflict can be, and indeed very often is, liable to attack. All...

  8. Cyber Attacks and Energy Infrastructures: Anticipating Risks

    International Nuclear Information System (INIS)

    Desarnaud, Gabrielle

    2017-01-01

    This study analyses the likelihood of cyber-attacks against European energy infrastructures and their potential consequences, particularly on the electricity grid. It also delivers a comparative analysis of measures taken by different European countries to protect their industries and collaborate within the European Union. The energy sector experiences an unprecedented digital transformation upsetting its activities and business models. Our energy infrastructures, sometimes more than a decade old and designed to remain functional for many years to come, now constantly interact with light digital components. The convergence of the global industrial system with the power of advanced computing and analytics reveals untapped opportunities at every step of the energy value chain. However, the introduction of digital elements in old and unprotected industrial equipment also exposes the energy industry to the cyber risk. One of the most compelling example of the type of threat the industry is facing, is the 2015 cyber-attack on the Ukraine power grid, which deprived about 200 000 people of electricity in the middle of the winter. The number and the level of technical expertise of cyber-attacks rose significantly after the discovery of the Stuxnet worm in the network of Natanz uranium enrichment site in 2010. Energy transition policies and the growing integration of renewable sources of energy will intensify this tendency, if cyber security measures are not part of the design of our future energy infrastructures. Regulators try to catch up and adapt, like in France where the authorities collaborate closely with the energy industry to set up a strict and efficient regulatory framework, and protect critical operators. This approach is adopted elsewhere in Europe, but common measures applicable to the whole European Union are essential to protect strongly interconnected energy infrastructures against a multiform threat that defies frontiers

  9. Neuroradiological study of transient ischemic attack

    International Nuclear Information System (INIS)

    Takusagawa, Yoshihiko; Fujiwara, Yasuhiro; Ichiki, Ken; Suga, Takeshi; Nishigaki, Shinichi

    1986-01-01

    Fifty-two patients with carotid TIAs and thirteen patients with vertebrobasilar TIAs were investigated by angiography and computed tomography. TIA was diagnosed by clinical symptoms in accordance with the criteria for TIA of the Joint Committee for Stroke Facilities in the U.S.A. (1974). The 65 patients with TIAs included 49 males and 16 females with average age of 63.5 years old at the initial episode of TIA. As for the diseases associated with TIA, hypertension (51 %), diabetes mellitus (15 %) and ischemic heart diseases (11 %) were the major disorders. Atrial fibrillation was observed in 2 cases. Intervals from last TIA attack to angiography were less than 7 days in 22 cases, 8 ∼ 30 days in 19 cases, 1 ∼ 4 monthes in 14 cases and more than 4 monthes in 10 cases, respectively. The cases in which angiography was done earlier after attacks displayed more abnormal findings. In 52 patients with caroted TIAs the artherosclerotic change of extracranial portion of the internal carotid artery was found in 14 cases (27 %), that of intracranial portion of the artery in 11 cases (21 %) and both lesions in 2 cases (4 %). On the other hand, in 13 patients with vertebrobasilar TIAs, this change was observed in 4 cases at the extracranival potion and in 1 case at the intracranial potion (siphon) of the internal carotid artery. Abnormal CT findings were found in 29 of 65 patients, namely 9 had ventricular dilatation and brain atrophy, 6 had cerebral infarction which was not associated with associated with symptoms of TIA. In carotid TIAs, Cerebral infarction was associated with symptoms of TIAs in 15 cases, namely 10 had a small low density area in the basal ganglia near the internal capsule and 5 had a low density area in the cortical or subcortical region. All of these 5 cases had cerebral embolism, which recanalized after attacks. (J.P.N.)

  10. Suicide bomb attack causing penetrating craniocerebral injury

    OpenAIRE

    Hussain Manzar; Bari Muhammad Ehsan

    2013-01-01

    【Abstract】Penetrating cerebral injuries caused by foreign bodies are rare in civilian neurosurgical trauma, al-though there are various reports of blast or gunshot inju-ries in warfare due to multiple foreign bodies like pellets and nails. In our case, a 30-year-old man presented to neurosur-gery clinic with signs and symptoms of right-sided weak-ness after suicide bomb attack. The skull X-ray showed a single intracranial nail. Small craniotomy was done and the nail was removed wi...

  11. Suicide bomb attack causing penetrating craniocerebral injury.

    Science.gov (United States)

    Hussain, Manzar; Bari, Muhammad-Ehsan

    2013-01-01

    Penetrating cerebral injuries caused by foreign bodies are rare in civilian neurosurgical trauma, although there are various reports of blast or gunshot injuries in warfare due to multiple foreign bodies like pellets and nails. In our case, a 30-year-old man presented to neurosurgery clinic with signs and symptoms of right-sided weakness after suicide bomb attack. The skull X-ray showed a single intracranial nail. Small craniotomy was done and the nail was removed with caution to avoid injury to surrounding normal brain tissue. At 6 months'follow-up his right-sided power improved to against gravity.

  12. Close Air Support versus Close Combat Attack

    Science.gov (United States)

    2012-12-06

    consequence when discussing the two different processes of close air support and close combat attack. This section focuses on service culture. Understanding...According to a RAND study written by Carl Builder, the Air Force “could be said to worship at the altar of technology.”67 These are not what Hofstede...characteristics that are highly prized in a culture and thus serve as models for behavior,” people like Billy Mitchell, Hap Arnold, Tooey Spaatz to name a

  13. Consciousness in non-epileptic attack disorder.

    Science.gov (United States)

    Reuber, Markus; Kurthen, M

    2011-01-01

    Non-epileptic attack disorder (NEAD) is one of the most important differential diagnoses of epilepsy. Impairment of consciousness is the key feature of non-epileptic attacks (NEAs). The first half of this review summarises the clinical research literature featuring observations relating to consciousness in NEAD. The second half places this evidence in the wider context of the recent discourse on consciousness in neuroscience and the philosophy of mind. We argue that studies of consciousness should not only distinguish between the 'level' and `content' of consciousness but also between 'phenomenal consciousness' (consciousness of states it somehow "feels to be like") and 'access consciousness' (having certain 'higher' cognitive processes at one's disposal). The existing evidence shows that there is a great intra- and interindividual variability of NEA experience. However, in most NEAs phenomenal experience - and, as a precondition for that experience, vigilance or wakefulness - is reduced to a lesser degree than in those epileptic seizures involving impairment of consciousness. In fact, complete loss of "consciousness" is the exception rather than the rule in NEAs. Patients, as well as external observers, may have a tendency to overestimate impairments of consciousness during the seizures.

  14. Recent computer attacks via Instant Messaging

    CERN Multimedia

    IT Department

    2008-01-01

    Be cautious of any unexpected messages containing web links even if they appear to come from known contacts. If you happen to click on such a link and if your permission is requested to run or install software, always decline it. Several computers at CERN have recently been broken into by attackers who have tricked users of Instant Messaging applications (e.g. MSN, Yahoo Messenger, etc.) into clicking on web links which appeared to come from known contacts. The links appeared to be photos from ‘friends’ and requested software to be installed. In practice, attacker software was installed and the messages did not come from real contacts. In the past such fake messages were mainly sent by email but now a wider range of applications are being targeted, including Instant Messaging. Cybercriminals are making growing use of fake messages to try to trick you into clicking on Web links which will help them to install malicious software on your computer. Anti-virus software cann...

  15. [Diagnosis, pathogenesis and treatment of panic attacks].

    Science.gov (United States)

    Turczyński, J

    Panic accompanies several diseases both psychological and somatic. It may be secondary, i.e. produced by other symptoms and morbid processes. It may also be primary--"neurotic". In such cases there are two forms of panic: generalized and paroxysmal. Attacks of panic are seen in 1.6-2.9% of women and in 0.4-1.7% of men. Main pathogenetic role is played by the psychologic factors (psychical trauma precedes the onset of diseases). The role of biological factors is also important. It is believed that disorders of the noradrenergic, serotonin-ergic, and GABA-ergic transmission may produce the attacks of panic. Psychotherapy is a treatment of choice. Pharmacotherapy plays only an adjuvant role. Antidepressants (tricyclic of II generation) are most frequently used for this purpose and--exceptionally due to possible addiction--benzodiazepines. The highest impact on the development of disease has first contact physician attitude. Patient and thoughtful listening to the patient, explanation of the complaints and their source often produce and improvement, and even complete recovery.

  16. Consciousness in Non-Epileptic Attack Disorder

    Science.gov (United States)

    Reuber, M.; Kurthen, M.

    2011-01-01

    Non-epileptic attack disorder (NEAD) is one of the most important differential diagnoses of epilepsy. Impairment of consciousness is the key feature of non-epileptic attacks (NEAs). The first half of this review summarises the clinical research literature featuring observations relating to consciousness in NEAD. The second half places this evidence in the wider context of the recent discourse on consciousness in neuroscience and the philosophy of mind. We argue that studies of consciousness should not only distinguish between the ‘level’ and ‘content’ of consciousness but also between ‘phenomenal consciousness’ (consciousness of states it somehow “feels to be like”) and ‘access consciousness’ (having certain ‘higher’ cognitive processes at one’s disposal). The existing evidence shows that there is a great intra- and interindividual variability of NEA experience. However, in most NEAs phenomenal experience – and, as a precondition for that experience, vigilance or wakefulness – is reduced to a lesser degree than in those epileptic seizures involving impairment of consciousness. In fact, complete loss of “consciousness” is the exception rather than the rule in NEAs. Patients, as well as external observers, may have a tendency to overestimate impairments of consciousness during the seizures. PMID:21447903

  17. STABILITY OF UNDERWATER STRUCTURE UNDER WAVE ATTACK

    Directory of Open Access Journals (Sweden)

    C. Paotonan

    2012-02-01

    Full Text Available Geotube is, among others, a type of coastal structure that is increasingly accepted for coastal protection especially underwater breakwater. Besides its relatively low cost, it has other advantages such as flexibility, ease of construction and the fact that it can be filled with local sand material. Similar to all other coastal structures, it should also be stable under wave attack. A simple theoretical approach based on linear wave was adopted to estimate the stability of such structure. The theoretical solution was then compared with an experimental study. The experimental study was conducted at the Hydraulics and Hydrology Laboratory of Universitas Gadjah Mada. However, instead of a real geotube, PVC pipe was used where the weight of the PVC was varied by adjusting the volume of sand in the pipe. The result indicated that the agreement between the theoretical solution and the experiment was encouraging. The analytical solution may be utilized to predict underwater pipe stability under wave attack with certain degree of accuracy.

  18. Baiting Inside Attackers Using Decoy Documents

    Science.gov (United States)

    Bowen, Brian M.; Hershkop, Shlomo; Keromytis, Angelos D.; Stolfo, Salvatore J.

    The insider threat remains one of the most vexing problems in computer security. A number of approaches have been proposed to detect nefarious insider actions including user modeling and profiling techniques, policy and access enforcement techniques, and misuse detection. In this work we propose trap-based defense mechanisms and a deployment platform for addressing the problem of insiders attempting to exfiltrate and use sensitive information. The goal is to confuse and confound an adversary requiring more effort to identify real information from bogus information and provide a means of detecting when an attempt to exploit sensitive information has occurred. “Decoy Documents” are automatically generated and stored on a file system by the D3 System with the aim of enticing a malicious user. We introduce and formalize a number of properties of decoys as a guide to design trap-based defenses to increase the likelihood of detecting an insider attack. The decoy documents contain several different types of bogus credentials that when used, trigger an alert. We also embed “stealthy beacons” inside the documents that cause a signal to be emitted to a server indicating when and where the particular decoy was opened. We evaluate decoy documents on honeypots penetrated by attackers demonstrating the feasibility of the method.

  19. Command Disaggregation Attack and Mitigation in Industrial Internet of Things.

    Science.gov (United States)

    Xun, Peng; Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

    2017-10-21

    A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

  20. Quantitative Method for Network Security Situation Based on Attack Prediction

    Directory of Open Access Journals (Sweden)

    Hao Hu

    2017-01-01

    Full Text Available Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.

  1. Command Disaggregation Attack and Mitigation in Industrial Internet of Things

    Directory of Open Access Journals (Sweden)

    Peng Xun

    2017-10-01

    Full Text Available A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1 the command sequence is disordered and (2 disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

  2. Simulation of Attacks for Security in Wireless Sensor Network.

    Science.gov (United States)

    Diaz, Alvaro; Sanchez, Pablo

    2016-11-18

    The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node's software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.

  3. Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions

    NARCIS (Netherlands)

    M.M.J. Stevens (Marc); D. Shumow

    2017-01-01

    textabstractCounter-cryptanalysis, the concept of using cryptanalytic techniques to detect cryptanalytic attacks, was introduced by Stevens at CRYPTO 2013 [22] with a hash collision detection algorithm. That is, an algorithm that detects whether a given single message is part of a colliding message

  4. Minimizing Expected Maximum Risk from Cyber-Attacks with Probabilistic Attack Success

    Energy Technology Data Exchange (ETDEWEB)

    Bhuiyan, Tanveer H.; Nandi, Apurba; Medal, Hugh; Halappanavar, Mahantesh

    2016-07-16

    The goal of our work is to enhance network security by generating partial cut-sets, which are a subset of edges that remove paths from initially vulnerable nodes (initial security conditions) to goal nodes (critical assets), on an attack graph given costs for cutting an edge and a limited overall budget.

  5. Managing burn victims of suicide bombing attacks: outcomes, lessons learnt, and changes made from three attacks in Indonesia.

    Science.gov (United States)

    Chim, Harvey; Yew, Woon Si; Song, Colin

    2007-01-01

    Terror attacks in Southeast Asia were almost nonexistent until the 2002 Bali bomb blast, considered the deadliest attack in Indonesian history. Further attacks in 2003 (Jakarta), 2004 (Jakarta), and 2005 (Bali) have turned terrorist attacks into an ever-present reality. The authors reviewed medical charts of victims evacuated to the Singapore General Hospital (SGH) Burns Centre during three suicide attacks involving Bali (2002 and 2005) and the Jakarta Marriott hotel (2003). Problems faced, lessons learnt, and costs incurred are discussed. A burns disaster plan drawing on lessons learnt from these attacks is presented. Thirty-one patients were treated at the SGH Burns Centre in three attacks (2002 Bali attack [n = 15], 2003 Jakarta attack [n = 14], and 2005 Bali attack [n = 2]). For the 2002 Bali attack, median age was 29 years (range 20 to 50 years), median percentage of total burn surface area (TBSA) was 29% (range 5% to 55%), and median abbreviated burn severity index (ABSI) was 6 (range 3 to 10). Eight of 15 patients were admitted to the intensive care unit. For the 2003 Jakarta attack, median age was 35 years (range 24 to 56 years), median percentage of TBSA was 10% (range 2% to 46%), and median ABSI was 4 (range 3 to 9). A large number of patients had other injuries. Problems faced included manpower issues, lack of bed space, shortage of blood products, and lack of cadaver skin. The changing nature of terror attacks mandates continued vigilance and disaster preparedness. The multidimensional burns patient, complicated by other injuries, is likely to become increasingly common. A burns disaster plan with emphasis on effective command, control, and communication as well as organisation of health care personnel following a 'team concept' will do much to ensure that the sudden onset of a crisis situation at an unexpected time does not overwhelm hospital manpower and resources.

  6. Analysis of Network Vulnerability Under Joint Node and Link Attacks

    Science.gov (United States)

    Li, Yongcheng; Liu, Shumei; Yu, Yao; Cao, Ting

    2018-03-01

    The security problem of computer network system is becoming more and more serious. The fundamental reason is that there are security vulnerabilities in the network system. Therefore, it’s very important to identify and reduce or eliminate these vulnerabilities before they are attacked. In this paper, we are interested in joint node and link attacks and propose a vulnerability evaluation method based on the overall connectivity of the network to defense this attack. Especially, we analyze the attack cost problem from the attackers’ perspective. The purpose is to find the set of least costs for joint links and nodes, and their deletion will lead to serious network connection damage. The simulation results show that the vulnerable elements obtained from the proposed method are more suitable for the attacking idea of the malicious persons in joint node and link attack. It is easy to find that the proposed method has more realistic protection significance.

  7. A Secure Localization Approach against Wormhole Attacks Using Distance Consistency

    Directory of Open Access Journals (Sweden)

    Lou Wei

    2010-01-01

    Full Text Available Wormhole attacks can negatively affect the localization in wireless sensor networks. A typical wormhole attack can be launched by two colluding attackers, one of which sniffs packets at one point in the network and tunnels them through a wired or wireless link to another point, and the other relays them within its vicinity. In this paper, we investigate the impact of the wormhole attack on the localization and propose a novel distance-consistency-based secure localization scheme against wormhole attacks, which includes three phases of wormhole attack detection, valid locators identification and self-localization. The theoretical model is further formulated to analyze the proposed secure localization scheme. The simulation results validate the theoretical results and also demonstrate the effectiveness of our proposed scheme.

  8. Why cryptography should not rely on physical attack complexity

    CERN Document Server

    Krämer, Juliane

    2015-01-01

    This book presents two practical physical attacks. It shows how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these attacks, and presents countermeasures on the software and the hardware level that can help to prevent them in the future. Though their theory has been known for several years now, since neither attack has yet been successfully implemented in practice, they have generally not been considered a serious threat. In short, their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, the book introduces the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its initial implementation, it has not been taken seriously. The work shows both simple and differential photonic side channel analyses. Then, it presents a fault attack against pairing-based cryptography. Due to the need for at least two indepe...

  9. Attack and Vulnerability Penetration Testing: FreeBSD

    Directory of Open Access Journals (Sweden)

    Abdul Hanan Abdullah

    2013-07-01

    Full Text Available Computer system security has become a major concern over the past few years. Attacks, threasts or intrusions, against computer system and network have become commonplace events. However, there are some system devices and other tools that are available to overcome the threat of these attacks. Currently, cyber attack is a major research and inevitable. This paper presents some steps of penetration in FreeBSD operating system, some tools and new steps to attack used in this experiment, probes for reconnaissance, guessing password via brute force, gaining privilege access and flooding victim machine to decrease availability. All these attacks were executed and infiltrate within the environment of Intrusion Threat Detection Universiti Teknologi Malaysia (ITD UTM data set. This work is expected to be a reference for practitioners to prepare their systems from Internet attacks.

  10. Spreading of localized attacks in spatial multiplex networks

    Science.gov (United States)

    Vaknin, Dana; Danziger, Michael M.; Havlin, Shlomo

    2017-07-01

    Many real-world multilayer systems such as critical infrastructure are interdependent and embedded in space with links of a characteristic length. They are also vulnerable to localized attacks or failures, such as terrorist attacks or natural catastrophes, which affect all nodes within a given radius. Here we study the effects of localized attacks on spatial multiplex networks of two layers. We find a metastable region where a localized attack larger than a critical size induces a nucleation transition as a cascade of failures spreads throughout the system, leading to its collapse. We develop a theory to predict the critical attack size and find that it exhibits novel scaling behavior. We further find that localized attacks in these multiplex systems can induce a previously unobserved combination of random and spatial cascades. Our results demonstrate important vulnerabilities in real-world interdependent networks and show new theoretical features of spatial networks.

  11. Attribution Of Cyber Attacks On Process Control Systems

    Science.gov (United States)

    Hunker, Jeffrey; Hutchinson, Robert; Margulies, Jonathan

    The attribution of cyber attacks is an important problem. Attribution gives critical infrastructure asset owners and operators legal recourse in the event of attacks and deters potential attacks. This paper discusses attribution techniques along with the associated legal and technical challenges. It presents a proposal for a voluntary network of attributable activity, an important first step towards a more complete attribution methodology for the control systems community.

  12. Attack polish for nickel-base alloys and stainless steels

    Science.gov (United States)

    Not Available

    1980-05-28

    A chemical attack polish and polishing procedure for use on metal surfaces such as nickel base alloys and stainless steels is described. The chemical attack polich comprises FeNO/sub 3/, concentrated CH/sub 3/COOH, concentrated H/sub 2/SO/sub 4/ and H/sub 2/O. The polishing procedure includes saturating a polishing cloth with the chemical attack polish and submicron abrasive particles and buffing the metal surface.

  13. Different Types of Attacks on Integrated MANET-Internet Communication

    OpenAIRE

    Abhay Kumar Rai, Rajiv Ranjan Tewari & Saurabh Kant Upadhyay

    2010-01-01

    Security is an important issue in the integrated MANET-Internet environment because inthis environment we have to consider the attacks on Internet connectivity and also onthe ad hoc routing protocols. The focus of this work is on different types of attacks onintegrated MANET-Internet communication. We consider most common types of attackson mobile ad hoc networks and on access point through which MANET is connected tothe Internet. Specifically, we study how different attacks affect the perfor...

  14. Backside polishing detector: a new protection against backside attacks

    OpenAIRE

    Manich Bou, Salvador; Arumi Delgado, Daniel; Rodríguez Montañés, Rosa; Mujal Colell, Jordi; Hernández García, David

    2015-01-01

    Secure chips are in permanent risk of attacks. Physical attacks usually start removing part of the package and accessing the dice by different means: laser shots, electrical or electromagnetic probes, etc. Doing this from the backside of the chip gives some advantages since no metal layers interfere between the hacker and the signals of interest. The bulk silicon is thinned from hundreds to some tens of micrometers in order to improve the performance of the attack. In thi...

  15. Flow-based Brute-force Attack Detection

    OpenAIRE

    Drašar, Martin; Vykopal, Jan; Winter, Philipp

    2013-01-01

    Brute-force attacks are a prevalent phenomenon that is getting harderto successfully detect on a network level due to increasing volume and en-cryption of network traffic and growing ubiquity of high-speed networks.Although the research in this field advanced considerably, there still remainclasses of attacks that are undetectable. In this chapter, we present sev-eral methods for the detection of brute-force attacks based on the analysisof network flows. We discuss their strengths and shortco...

  16. TCP-SYN Flooding Attack in Wireless Networks

    OpenAIRE

    Bogdanoski, Mitko; Suminoski, Tomislav; Risteski, Aleksandar

    2012-01-01

    This paper concerns the TCP (Transmission Control Protocol) vulnerabilities which gives space for a DoS (Denial of Service) attacks called TCP-SYN flooding which is well-known to the community for several years. The paper shows this attack in wireless as well as wired networks using perl synflood script, Wireshark network analyzer server, Windows 2008 server, and OPNET simulation environment. Using these tools an effects of this attack are shown. Finally, some effective practical mitigation t...

  17. Resveratrol products resulting by free radical attack

    Science.gov (United States)

    Bader, Yvonne; Quint, R. M.; Getoff, Nikola

    2008-06-01

    Trans-resveratrol ( trans-3,4',5-trihydroxystilbene; RES), which is contained in red wine and many plants, is one of the most relevant and extensively investigated stilbenes with a broad spectrum of biological activities. Among other duties, RES has been reported to have anti-carcinogenetic activities, which could be attributed to its antioxidant properties. The degradation of RES was studied under various conditions. The products (aldehydes, carboxylic acids, etc.) generated from RES by the attack of free radicals were registered as a function of the radical concentration (absorbed radiation dose). Based on the obtained data it appears that the OH radicals are initiating the rather complicated process, which involves of the numerous consecutive reactions. A possible starting reaction mechanism is presented.

  18. Entanglement generation secure against general attacks

    Science.gov (United States)

    Pirker, Alexander; Dunjko, Vedran; Dür, Wolfgang; Briegel, Hans J.

    2017-11-01

    We present a security proof for establishing private entanglement by means of recurrence-type entanglement distillation protocols over noisy quantum channels. We consider protocols where the local devices are imperfect, and show that nonetheless a confidential quantum channel can be established, and used to e.g. perform distributed quantum computation in a secure manner. While our results are not fully device independent (which we argue to be unachievable in settings with quantum outputs), our proof holds for arbitrary channel noise and noisy local operations, and even in the case where the eavesdropper learns the noise. Our approach relies on non-trivial properties of distillation protocols which are used in conjunction with de-Finetti and post-selection-type techniques to reduce a general quantum attack in a non-asymptotic scenario to an i.i.d. setting. As a side result, we also provide entanglement distillation protocols for non-i.i.d. input states.

  19. Detecting Cyber Attacks On Nuclear Power Plants

    Science.gov (United States)

    Rrushi, Julian; Campbell, Roy

    This paper proposes an unconventional anomaly detection approach that provides digital instrumentation and control (I&C) systems in a nuclear power plant (NPP) with the capability to probabilistically discern between legitimate protocol frames and attack frames. The stochastic activity network (SAN) formalism is used to model the fusion of protocol activity in each digital I&C system and the operation of physical components of an NPP. SAN models are employed to analyze links between protocol frames as streams of bytes, their semantics in terms of NPP operations, control data as stored in the memory of I&C systems, the operations of I&C systems on NPP components, and NPP processes. Reward rates and impulse rewards are defined in the SAN models based on the activity-marking reward structure to estimate NPP operation profiles. These profiles are then used to probabilistically estimate the legitimacy of the semantics and payloads of protocol frames received by I&C systems.

  20. Suicide bomb attack causing penetrating craniocerebral injury

    Directory of Open Access Journals (Sweden)

    Hussain Manzar

    2013-02-01

    Full Text Available 【Abstract】Penetrating cerebral injuries caused by foreign bodies are rare in civilian neurosurgical trauma, al-though there are various reports of blast or gunshot inju-ries in warfare due to multiple foreign bodies like pellets and nails. In our case, a 30-year-old man presented to neurosur-gery clinic with signs and symptoms of right-sided weak-ness after suicide bomb attack. The skull X-ray showed a single intracranial nail. Small craniotomy was done and the nail was removed with caution to avoid injury to surround-ing normal brain tissue. At 6 months’ follow-up his right-sided power improved to against gravity. Key words: Head injury, penetrating; Bombs; Nails

  1. Cyber-physical attacks: A growing invisible threat

    OpenAIRE

    Loukas, George

    2015-01-01

    Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building’s lights, make a car veer off the road, or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism. The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Pe...

  2. Attacks on biometric systems: a case study in fingerprints

    Science.gov (United States)

    Uludag, Umut; Jain, Anil K.

    2004-06-01

    In spite of numerous advantages of biometrics-based personal authentication systems over traditional security systems based on token or knowledge, they are vulnerable to attacks that can decrease their security considerably. In this paper, we analyze these attacks in the realm of a fingerprint biometric system. We propose an attack system that uses a hill climbing procedure to synthesize the target minutia templates and evaluate its feasibility with extensive experimental results conducted on a large fingerprint database. Several measures that can be utilized to decrease the probability of such attacks and their ramifications are also presented.

  3. Neural network classifier of attacks in IP telephony

    Science.gov (United States)

    Safarik, Jakub; Voznak, Miroslav; Mehic, Miralem; Partila, Pavol; Mikulec, Martin

    2014-05-01

    Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

  4. Cyber-physical attacks a growing invisible threat

    CERN Document Server

    Loukas, George

    2015-01-01

    Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building's lights, make a car veer off the road,  or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism. The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Perpetrators can now cause damage without the same risk, and without the political, social, or moral

  5. Further attacks on Yeung-Mintzer fragile watermarking scheme

    Science.gov (United States)

    Fridrich, Jessica; Goljan, Miroslav; Memon, Nasir D.

    2000-05-01

    In this paper, we describe new and improved attacks on the authentication scheme previously proposed by Yeung and Mintzer. Previous attacks assumed that the binary watermark logo inserted in an image for the purposes of authentication was known. Here we remove that assumption and show how the scheme is still vulnerable, even if the binary logo is not known but the attacker has access to multiple images that have been watermarked with the same secret key and contain the same (but unknown) logo. We present two attacks. The first attack infers the secret watermark insertion function and the binary logo, given multiple images authenticated with the same key and containing the same logo. We show that a very good approximation to the logo and watermark insertion function can be constructed using as few as two images. With color images, one needs many more images, nevertheless the attack is still feasible. The second attack we present, which we call the 'collage-attack' is a variation of the Holliman-Memon counterfeiting attack. The proposed variation does not require knowledge of the watermark logo and produces counterfeits of superior quality by means of a suitable dithering process that we develop.

  6. Cluster headache attack remission with sphenopalatine ganglion stimulation

    DEFF Research Database (Denmark)

    Barloese, Mads C J; Jürgens, Tim P; May, Arne

    2016-01-01

    attacks. Methods: We monitored self-reported attack frequency, headache disability, and medication intake in 33 patients with medically refractory, chronic CH (CCH) in an open label follow-up study of the original Pathway CH-1 study. Patients were followed for at least 24 months (average 750 ± 34 days...... disability improvements remained and patient satisfaction measures were positive in 100 % (10/10). Conclusions: In this population of 33 refractory CCH patients, in addition to providing the ability to treat acute attacks, neuromodulation of the SPG induced periods of remission from cluster attacks...

  7. The Need for Situational Awareness in a CBRNE Attack

    Directory of Open Access Journals (Sweden)

    Jordan Nelms

    2011-02-01

    Full Text Available Six years before the terrorist attacks on the World Trade Center and the Pentagon, and eight years before the United States went to war with Saddam Hussein for his alleged concealment of chemical and biological weapons caches, Japan's Tokyo subway was struck by one of the most vicious terror attacks in modern history.  The 1995 Sarin terrorist attack represents an important case study for post-9/11 emergency managers because it highlights the key issues first responders and public health officials face when confronted with a CBRNE ('C'hemical, 'B'iological, 'R'adiological, 'N'uclear, 'E'xplosive mass-casualty attack.

  8. Attack Pattern Analysis Framework for a Multiagent Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Krzysztof Juszczyszyn

    2008-08-01

    Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.

  9. Cybersecurity protecting critical infrastructures from cyber attack and cyber warfare

    CERN Document Server

    Johnson, Thomas A

    2015-01-01

    The World Economic Forum regards the threat of cyber attack as one of the top five global risks confronting nations of the world today. Cyber attacks are increasingly targeting the core functions of the economies in nations throughout the world. The threat to attack critical infrastructures, disrupt critical services, and induce a wide range of damage is becoming more difficult to defend against. Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare examines the current cyber threat landscape and discusses the strategies being used by governments and corporatio

  10. Network attacks and defenses a hands-on approach

    CERN Document Server

    Trabelsi, Zouheir; Al Braiki, Arwa; Mathew, Sujith Samuel

    2012-01-01

    The attacks on computers and business networks are growing daily, and the need for security professionals who understand how malfeasants perform attacks and compromise networks is a growing requirement to counter the threat. Network security education generally lacks appropriate textbooks with detailed, hands-on exercises that include both offensive and defensive techniques. Using step-by-step processes to build and generate attacks using offensive techniques, Network Attacks and Defenses: A Hands-on Approach enables students to implement appropriate network security solutions within a laborat

  11. RFA: R-Squared Fitting Analysis Model for Power Attack

    Directory of Open Access Journals (Sweden)

    An Wang

    2017-01-01

    Full Text Available Correlation Power Analysis (CPA introduced by Brier et al. in 2004 is an important method in the side-channel attack and it enables the attacker to use less cost to derive secret or private keys with efficiency over the last decade. In this paper, we propose R-squared fitting model analysis (RFA which is more appropriate for nonlinear correlation analysis. This model can also be applied to other side-channel methods such as second-order CPA and collision-correlation power attack. Our experiments show that the RFA-based attacks bring significant advantages in both time complexity and success rate.

  12. A Review Of Recent Cyber-Attacks In Fiji

    Directory of Open Access Journals (Sweden)

    Neeraj A. Sharma

    2015-08-01

    Full Text Available Computing technology has evolved in such dramatic ways that a child can use such technology and their features. Internet is one such technology which allows peripheral devices to be connected to each other creating a network to share information. In the same way information can be attacked. In this paper we will be discussing the different types of cyber-attack that recently took place in Fiji. Common attacks discussed in this review paper are phishing email scams website defacement and skimming. Apart from common preventative methods some novel recommendations have been made. We believe the Fiji experiences and recommendations will assist technology users prepare better against such attacks.

  13. The timing of terrorist attacks: An optimal stopping approach

    Directory of Open Access Journals (Sweden)

    Thomas Jensen

    2016-02-01

    Full Text Available I use a simple optimal stopping model to derive policy relevant insights on the timing of one-shot attacks by small autonomous terrorist units or “lone wolf” individuals. A main insight is that an increase in proactive counterterrorism measures can lead to a short term increase in the number of attempted terrorist attacks because it makes it more risky for existing terrorist units to pursue further development of capabilities. This is consistent with the events in London in 2005 where a terrorist attack on 7 July was followed by a similar but unsuccessful attack two weeks later.

  14. Software test attacks to break mobile and embedded devices

    CERN Document Server

    Hagar, Jon Duncan

    2013-01-01

    Address Errors before Users Find Them Using a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of ""smart"" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams. The numerous test attacks show you when a software product does not work (i.e., has bugs) and provide you with information about the software product under test. The book guides you step by step starting with the basics. It

  15. Application distribution model and related security attacks in VANET

    Science.gov (United States)

    Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

    2013-03-01

    In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

  16. Privacy Leaks through Data Hijacking Attack on Mobile Systems

    Directory of Open Access Journals (Sweden)

    Zhang Daojuan

    2017-01-01

    Full Text Available To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices. In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack.

  17. Computer Network Attacks and Modern International Law

    Directory of Open Access Journals (Sweden)

    Andrey L. Kozik

    2014-01-01

    Full Text Available Computer network attacks (CNA is a no doubt actual theoretical and practical topic today. Espionage, public and private computer-systems disruptions committed by states have been a real life. States execute CNA's involving its agents or hiring private hacker groups. However, the application of lex lata remains unclear in practice and still undeveloped in doctrine. Nevertheless the international obligations, which states have accepted under the UN Charter and other treaties as well as customs - with any related exemptions and reservations - are still in force and create a legal framework, which one cannot ignore. Taking into account the intensity level or the consequences of a CNA the later could be considered as an unfriendly, but legal doing, or, as a use of force (prohibited under the article 2(4 of the UN Charter, or - in the case the proper threshold is taken - as an armed attack (which gives the victim-state the right to use force in self-defence under the customs and the article 51 of the UN Charter. Researches in the field of lex lata applicability to the CNAs could highlight gaps and week points of the nowadays legal regime. The subject is on agenda in western doctrine, and it is a pity - not in Russian one - the number of publication here is still unsatisfied. The article formulates issues related to CNAs and the modern international legal regime. The author explores the definition, legal volume of the term CNA, highlights main issues, which have to be analyzed from the point of the contemporary law.

  18. Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

    Science.gov (United States)

    Kebert, Alan; Barnejee, Bikramjit; Solano, Juan; Solano, Wanda

    2013-01-01

    The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

  19. Attacks on Mobile Phones that Use the Automatic Configuration Mechanism

    Directory of Open Access Journals (Sweden)

    A. G. Beltov

    2012-09-01

    Full Text Available The authors analyze the attacks on mobile devices that use the mechanism of an automatic configuration OMA/OTA, whose aim is listening to the Internet traffic of subscribers and the intrusion of malicious software on the user’s device, and suggest ways to protect mobile phones against such attacks.

  20. Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

    DEFF Research Database (Denmark)

    Meng, Weizhi; Fei, Fei; Li, Wenjuan

    2017-01-01

    information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period...

  1. Understanding How Components of Organisations Contribute to Attacks

    DEFF Research Database (Denmark)

    Gu, Min; Aslanyan, Zaruhi; Probst, Christian W.

    2016-01-01

    components quickly results in a large quantity of interrelations, which are hard to grasp. In this work we present several approaches for visualising attributes of attacks such as likelihood of success, impact, and required time or skill level. The resulting visualisations provide a link between attacks...

  2. Randomized, controlled trial of telcagepant over four migraine attacks

    DEFF Research Database (Denmark)

    Ho, Andrew P; Dahlöf, Carl Gh; Silberstein, Stephen D

    2010-01-01

    This study evaluated the calcitonin gene-related peptide (CGRP) receptor antagonist telcagepant (tablet formulation) for treatment of a migraine attack and across four attacks. Adults with migraine were randomized, double-blind, to telcagepant 140 mg, telcagepant 280 mg, or control treatment sequ...

  3. Quantitative security and safety analysis with attack-fault trees

    NARCIS (Netherlands)

    Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette

    2017-01-01

    Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks). This paper presents attack fault trees (AFTs), a formalism that

  4. Can a Copycat Effect be Observed in Terrorist Suicide Attacks?

    Directory of Open Access Journals (Sweden)

    Nicholas Farnham

    2017-03-01

    Full Text Available The purpose of this paper is to explore how a copycat effect – established within the field of suicide studies – may manifest itself in terrorist suicide attacks, and takes an exploratory approach in evaluating the prospect of incorporating open-data resources in future counter-terrorism research. This paper explores a possible ‘copycat effect’ in cases of suicide terrorism, which entails a perpetrator being inspired by a preceding attack to carry out a similar attack not long after the original. In the wake of mounting risks of lone wolf terrorist attacks today and due to the general difficulties faced in preventing such attacks, in this paper we explore a potential area of future prevention in media reporting, security and anti-terrorism policies today. Using the START Global Terrorism Database (GTD, this paper investigates terrorist suicide-attack clusters and analyses the relationship between attacks found within the same cluster. Using a mixed-method approach, our analyses did not uncover clear evidence supporting a copycat effect among the studied attacks. These and other findings have numerous policy and future research implications.

  5. Hereditary Angioedema Attacks: Local Swelling at Multiple Sites.

    Science.gov (United States)

    Hofman, Zonne L M; Relan, Anurag; Hack, C Erik

    2016-02-01

    Hereditary angioedema (HAE) patients experience recurrent local swelling in various parts of the body including painful swelling of the intestine and life-threatening laryngeal oedema. Most HAE literature is about attacks located in one anatomical site, though it is mentioned that HAE attacks may also involve multiple anatomical sites simultaneously. A detailed description of such multi-location attacks is currently lacking. This study investigated the occurrence, severity and clinical course of HAE attacks with multiple anatomical locations. HAE patients included in a clinical database of recombinant human C1-inhibitor (rhC1INH) studies were evaluated. Visual analog scale scores filled out by the patients for various symptoms at various locations and investigator symptoms scores during the attack were analysed. Data of 219 eligible attacks in 119 patients was analysed. Thirty-three patients (28%) had symptoms at multiple locations in anatomically unrelated regions at the same time during their first attack. Up to five simultaneously affected locations were reported. The observation that severe HAE attacks often affect multiple sites in the body suggests that HAE symptoms result from a systemic rather than from a local process as is currently believed.

  6. The Icatibant Outcome Survey: treatment of laryngeal angioedema attacks

    Science.gov (United States)

    Aberer, Werner; Bouillet, Laurence; Caballero, Teresa; Maurer, Marcus; Fabien, Vincent; Zanichelli, Andrea

    2016-01-01

    Objective To characterize the management and outcomes of life-threatening laryngeal attacks of hereditary angioedema (HAE) treated with icatibant in the observational Icatibant Outcome Survey (NCT01034969) registry. Methods This retrospective analysis was based on data from patients with HAE type I/II who received healthcare professional-administered or self-administered icatibant to treat laryngeal attacks between September 2008 and May 2013. Results Twenty centers in seven countries contributed data. Overall, 42 patients with HAE experienced 67 icatibant-treated laryngeal attacks. Icatibant was self-administered for 62.3% of attacks (healthcare professional-administered, 37.7%). One icatibant injection was used for 87.9% of attacks, with rescue or concomitant medication used for 9.0%. The median time to treatment was 2.0 h (n=31 attacks) and the median time to resolution was 6.0 h (n=35 attacks). Conclusions This analysis describes successful use of icatibant for the treatment of laryngeal HAE attacks in a real-world setting. PMID:27116379

  7. Effectiveness of the Call in Beach Volleyball Attacking Play

    Directory of Open Access Journals (Sweden)

    Künzell Stefan

    2014-12-01

    Full Text Available In beach volleyball the setter has the opportunity to give her or his hitter a “call”. The call intends that the setter suggests to her or his partner where to place the attack in the opponent’s court. The effectiveness of a call is still unknown. We investigated the women’s and men’s Swiss National Beach Volleyball Championships in 2011 and analyzed 2185 attacks. We found large differences between female and male players. While men called in only 38.4% of attacks, women used calls in 85.5% of attacks. If the male players followed a given call, 63% of the attacks were successful. The success rate of attacks without any call was 55.8% and 47.6% when the call was ignored. These differences were not significant (χ2(2 = 4.55, p = 0.103. In women’s beach volleyball, the rate of successful attacks was 61.5% when a call was followed, 35% for attacks without a call, and 42.6% when a call was ignored. The differences were highly significant (χ2(2 = 23.42, p < 0.0005. Taking into account the findings of the present study, we suggested that the call was effective in women’s beach volleyball, while its effect in men’s game was unclear. Considering the quality of calls we indicate that there is a significant potential to increase the effectiveness of a call.

  8. Defender-Attacker Decision Tree Analysis to Combat Terrorism.

    Science.gov (United States)

    Garcia, Ryan J B; von Winterfeldt, Detlof

    2016-12-01

    We propose a methodology, called defender-attacker decision tree analysis, to evaluate defensive actions against terrorist attacks in a dynamic and hostile environment. Like most game-theoretic formulations of this problem, we assume that the defenders act rationally by maximizing their expected utility or minimizing their expected costs. However, we do not assume that attackers maximize their expected utilities. Instead, we encode the defender's limited knowledge about the attacker's motivations and capabilities as a conditional probability distribution over the attacker's decisions. We apply this methodology to the problem of defending against possible terrorist attacks on commercial airplanes, using one of three weapons: infrared-guided MANPADS (man-portable air defense systems), laser-guided MANPADS, or visually targeted RPGs (rocket propelled grenades). We also evaluate three countermeasures against these weapons: DIRCMs (directional infrared countermeasures), perimeter control around the airport, and hardening airplanes. The model includes deterrence effects, the effectiveness of the countermeasures, and the substitution of weapons and targets once a specific countermeasure is selected. It also includes a second stage of defensive decisions after an attack occurs. Key findings are: (1) due to the high cost of the countermeasures, not implementing countermeasures is the preferred defensive alternative for a large range of parameters; (2) if the probability of an attack and the associated consequences are large, a combination of DIRCMs and ground perimeter control are preferred over any single countermeasure. © 2016 Society for Risk Analysis.

  9. A Survey of Man in the Middle Attacks

    DEFF Research Database (Denmark)

    Conti, Mauro; Dragoni, Nicola; Lesyk, Viktor

    2016-01-01

    The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, ...

  10. Optimizing power system investments and resilience against attacks

    International Nuclear Information System (INIS)

    Fang, Yiping; Sansavini, Giovanni

    2017-01-01

    This paper studies the combination of capacity expansion and switch installation in electric systems that ensures optimum performance under nominal operations and attacks. The planner–attacker–defender model is adopted to develop decisions that minimize investment and operating costs, and functionality loss after attacks. The model bridges long-term system planning for transmission expansion and short-term switching operations in reaction to attacks. The mixed-integer optimization is solved by decomposition via two-layer cutting plane algorithm. Numerical results on an IEEE system shows that small investments in transmission line switching enhance resilience by responding to disruptions via system reconfiguration. Sensitivity analyses show that transmission planning under the assumption of small-scale attacks provides the most robust strategy, i.e. the minimum-regret planning, if many constraints and limited investment budget affect the planning. On the other hand, the assumption of large-scale attacks provides the most robust strategy if the planning process involves large flexibility and budget. - Highlights: • Investment optimization in power systems under attacks is presented. • Capacity expansion and switch installation for system reconfiguration are combined. • The problem is solved by decomposition via two-layer cutting plane algorithm. • Small investments in switch installation enhance resilience by response to attacks. • Sensitivity analyses identify robust planning against different attack scenarios.

  11. Rebound Attack on the Full LANE Compression Function

    DEFF Research Database (Denmark)

    Matusiewicz, Krystian; Naya-Plasencia, Maria; Nikolic, Ivica

    2009-01-01

    In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct...

  12. The Rebound Attack and Subspace Distinguishers: Application to Whirlpool

    DEFF Research Database (Denmark)

    Lamberger, Mario; Mendel, Florian; Schläffer, Martin

    2015-01-01

    We introduce the rebound attack as a variant of differential cryptanalysis on hash functions and apply it to the hash function Whirlpool, standardized by ISO/IEC. We give attacks on reduced variants of the 10-round Whirlpool hash function and compression function. Our results are collisions for 5...

  13. Transforming Graphical System Models To Graphical Attack Models

    NARCIS (Netherlands)

    Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, René Rydhof; Kammüller, Florian; Mauw, S.; Kordy, B.

    2015-01-01

    Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that

  14. Pattern association--a key to recognition of shark attacks.

    Science.gov (United States)

    Cirillo, G; James, H

    2004-12-01

    Investigation of a number of shark attacks in South Australian waters has lead to recognition of pattern similarities on equipment recovered from the scene of such attacks. Six cases are presented in which a common pattern of striations has been noted.

  15. Impacts Of Xenophobia Attacks On Tourism | Adeleke | IFE ...

    African Journals Online (AJOL)

    economic and social roles is Xenophobia. Safety has always been an important prerequisite for the altraction of international tourists. Xenophobic attacks puts tourism is a difficult trading environment as it scares tourist away. As tourism aids in building nation\\'s image, this is damaged easily by xenophobic attacks, and also ...

  16. Attacking process characterization of elite water polo female teams

    Directory of Open Access Journals (Sweden)

    Sofia Canossa

    2009-06-01

    Full Text Available The purpose of the present study was to analyze the attacking tasks and tactical organization of elite Women’s Water Polo. The sample consisted of 442 attack sequences of 8 games played by the top teams in a European Championship. Seventeen variables were analyzed according to the position and player’s participation, tactical organization and playing styles, as well as the efficacy of actions performed. The results from this study indicate that positional attack was the predominant performance factor in the attacking process. To this occurrence, the mixed floating defense was identified as the most frequent opposition. The counter-attack proved to be the most efficient strategy. The attacking process frequently started by ball recovering, in anticipation, and by the defense of the goal-keeper in the 2m zone. In central path, a first long-range pass to the right wing predominated. Teams preferred spontaneous shot on goal supported by assisted displacements, and extra player man offence situations. In general, the attacking sequences, do not take longer than 35s to be developed. Teams efficiency emerged related to the tactical means adopted, namely the spontaneous shot at goal on the front line and numerical superiority of players in attacking game situations.

  17. Attacking process characterization of elite water polo female teams

    Directory of Open Access Journals (Sweden)

    S. Canossa

    2009-01-01

    Full Text Available The purpose of the present study was to analyze the attacking tasks and tactical organization of elite Women’s Water Polo. The sample consisted of 442 attack sequences of 8 games played by the top teams in a European Championship. Seventeen variables were analyzed according to the position and player’s participation, tactical organization and playing styles, as well as the efficacy of actions performed. The results from this study indicate that positional attack was the predominant performance factor in the attacking process. To this occurrence, the mixed floating defense was identified as the most frequent opposition. The counter-attack proved to be the most efficient strategy. The attacking process frequently started by ball recovering, in anticipation, and by the defense of the goal-keeper in the 2m zone. In central path, a first long-range pass to the right wing predominated. Teams preferred spontaneous shot on goal supported by assisted displacements, and extra player man offence situations. In general, the attacking sequences, do not take longer than 35s to be developed. Teams efficiency emerged related to the tactical means adopted, namely the spontaneous shot at goal on the front line and numerical superiority of players in attacking game situations.

  18. 12 CFR 1780.16 - Collateral attacks on adjudicatory proceeding.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 7 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... Rules § 1780.16 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral... subpart shall be excused based on the pendency before any court of any interlocutory appeal or collateral...

  19. Measuring the effectiveness of SDN mitigations against cyber attacks

    NARCIS (Netherlands)

    Koning, R.; de Graaff, B.; Meijer, R.; de Laat, C.; Grosso, P.

    2017-01-01

    To address increasing problems caused by cyber attacks, we leverage Software Defined networks and Network Function Virtualisation governed by a SARNET-agent to enable autonomous response and attack mitigation. A Secure Autonomous Response Network (SARNET) uses a control loop to constantly assess the

  20. Extended KCI attack against two-party key establishment protocols

    NARCIS (Netherlands)

    Tang, Qiang; Chen, Liqun

    2011-01-01

    We introduce an extended Key Compromise Impersonation (KCI) attack against two-party key establishment protocols, where an adversary has access to both long-term and ephemeral secrets of a victim. Such an attack poses serious threats to both key authentication and key confirmation properties of a

  1. Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

    NARCIS (Netherlands)

    van Wieren, Maarten; Doerr, Christian; Jacobs, Vivian; Pieters, Wolter; Livraga, Giovanni; Torra, Vicenç; Aldini, Alessandro; Martinelli, Fabio; Suri, Neeraj

    2016-01-01

    Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the

  2. Securing ARP and DHCP for mitigating link layer attacks

    Indian Academy of Sciences (India)

    Osama S Younes

    2017-11-24

    Nov 24, 2017 ... issues were not considered. Hence, the DHCP lacks some security mechanisms and is vulnerable to many attacks, such as the rogue DHCP server, DHCP starvation, and malicious DHCP client attacks [1]. The main source of. DHCP vulnerabilities is that it cannot authenticate entities. (the DHCP server and ...

  3. Israeli Adolescents' Coping Strategies in Relation to Terrorist Attacks

    Science.gov (United States)

    Tatar, Moshe; Amram, Sima

    2007-01-01

    Exposure to terrorism seriously threatens the well-being of children and adolescents. Israeli citizens have witnessed massive ongoing terrorist attacks during the last few years. The present research, conducted among 330 Israeli adolescents, examined coping strategies in relation to terrorist attacks. We found that adolescents utilize more…

  4. Are Risk Assessments of a Terrorist Attack Coherent?

    Science.gov (United States)

    Mandel, David R.

    2005-01-01

    Four experiments examined 3 types of violations of coherence criteria in risk assessments of a terrorist attack. First, the requirement that extensionally equivalent descriptions be assigned the same probability (i.e., additivity) was violated. Unpacking descriptions of an attack into subtypes led to an increase in assessed risk. Second,…

  5. Information on and Comments Concerning Suicide Plane Attacks

    Science.gov (United States)

    1945-06-25

    Attacks -’Defense Against. Reference: (a) CTF 51 Despatch 060900 of LUay 1945. 1.. This vessel has ’been subjected to suicide attacks from medium and lom...reports on the folloving ships: BOIERS (DE 637), RITHEUPINE ( YPD -25), I’ILSON (DD-408), TiALUGO (AO), RiLPH T;,LBOT (DD-39O), H. Ai. WTILEY (DI,-29

  6. Python Source Code Plagiarism Attacks on Introductory Programming Course Assignments

    Science.gov (United States)

    Karnalim, Oscar

    2017-01-01

    This paper empirically enlists Python plagiarism attacks that have been found on Introductory Programming course assignments for undergraduate students. According to our observation toward 400 plagiarism-suspected cases, there are 35 plagiarism attacks that have been conducted by students. It starts with comment & whitespace modification as…

  7. DDoS Attack Detection Algorithms Based on Entropy Computing

    Science.gov (United States)

    Li, Liying; Zhou, Jianying; Xiao, Ning

    Distributed Denial of Service (DDoS) attack poses a severe threat to the Internet. It is difficult to find the exact signature of attacking. Moreover, it is hard to distinguish the difference of an unusual high volume of traffic which is caused by the attack or occurs when a huge number of users occasionally access the target machine at the same time. The entropy detection method is an effective method to detect the DDoS attack. It is mainly used to calculate the distribution randomness of some attributes in the network packets' headers. In this paper, we focus on the detection technology of DDoS attack. We improve the previous entropy detection algorithm, and propose two enhanced detection methods based on cumulative entropy and time, respectively. Experiment results show that these methods could lead to more accurate and effective DDoS detection.

  8. Matrix metalloproteinases during and outside of migraine attacks without aura

    DEFF Research Database (Denmark)

    Ashina, M.; Tvedskov, J.F.; Thiesen, Kerstin Lipka

    2010-01-01

    Ashina M, Tvedskov JF, Lipka K, Bilello J, Penkowa M & Olesen J. Matrix metalloproteinases during and outside of migraine attacks without aura. Cephalalgia 2009. London. ISSN 0333-1024To test the hypothesis that permeability of the blood-brain barrier (BBB) is altered during migraine attack due...... to enhanced activation of matrix metalloproteinases (MMPs), we investigated MMP-3, MMP-9 and tissue inhibitor of metalloproteases (TIMP)-1 in the external jugular vein during and outside of migraine attacks in 21 patients with migraine without aura. In addition, we measured plasma levels of several other...... of MMP-3 in the external jugular (P = 0.002) and cubital (P = 0.008) vein during attacks compared with outside of attacks. We found no correlation of ictal or interictal MMP-3, MMP-9 and TIMP-1 to migraine duration and frequency analysed in 21 patients (P > 0.05). There was no difference between ictal...

  9. Improved Impossible Differential Attacks on Large-Block Rijndael

    DEFF Research Database (Denmark)

    Wang, Qingju; Gu, Dawu; Rijmen, Vincent

    2012-01-01

    . The improvement can lead to 10-round attack on Rijndael-256 as well. With 2198.1 chosen plaintexts, an attack is demonstrated on 9-round Rijndael-224 with 2 195.2 encryptions and 2140.4 bytes memory. Increasing the data complexity to 2216 plaintexts, the time complexity can be reduced to 2130 encryptions...... and the memory requirements to 2 93.6 bytes. For 9-round Rijndael-256, we provide an attack requiring 2229.3 chosen plaintexts, 2194 encryptions, and 2 139.6 bytes memory. Alternatively, with 2245.3 plaintexts, an attack with a reduced time of 2127.1 encryptions and a memory complexity of 290.9 bytes can...... be mounted. With 2244.2 chosen plaintexts, we can attack 10-round Rijndael-256 with 2253.9 encryptions and 2186.8 bytes of memory....

  10. Pareto Efficient Solutions of Attack-Defence Trees

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi; Nielson, Flemming

    2015-01-01

    Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes......, such as probability or cost of attacks and defences. In case of multiple parameters most analytical methods optimise one parameter at a time, e.g., minimise cost or maximise probability of an attack. Such methods may lead to sub-optimal solutions when optimising conflicting parameters, e.g., minimising cost while...... maximising probability. In order to tackle this challenge, we devise automated techniques that optimise all parameters at once. Moreover, in the case of conflicting parameters our techniques compute the set of all optimal solutions, defined in terms of Pareto efficiency. The developments are carried out...

  11. Anti-discrimination Analysis Using Privacy Attack Strategies

    KAUST Repository

    Ruggieri, Salvatore

    2014-09-15

    Social discrimination discovery from data is an important task to identify illegal and unethical discriminatory patterns towards protected-by-law groups, e.g., ethnic minorities. We deploy privacy attack strategies as tools for discrimination discovery under hard assumptions which have rarely tackled in the literature: indirect discrimination discovery, privacy-aware discrimination discovery, and discrimination data recovery. The intuition comes from the intriguing parallel between the role of the anti-discrimination authority in the three scenarios above and the role of an attacker in private data publishing. We design strategies and algorithms inspired/based on Frèchet bounds attacks, attribute inference attacks, and minimality attacks to the purpose of unveiling hidden discriminatory practices. Experimental results show that they can be effective tools in the hands of anti-discrimination authorities.

  12. Toward Security Verification against Inference Attacks on Data Trees

    Directory of Open Access Journals (Sweden)

    Ryo Iwase

    2013-11-01

    Full Text Available This paper describes our ongoing work on security verification against inference attacks on data trees. We focus on infinite secrecy against inference attacks, which means that attackers cannot narrow down the candidates for the value of the sensitive information to finite by available information to the attackers. Our purpose is to propose a model under which infinite secrecy is decidable. To be specific, we first propose tree transducers which are expressive enough to represent practical queries. Then, in order to represent attackers' knowledge, we propose data tree types such that type inference and inverse type inference on those tree transducers are possible with respect to data tree types, and infiniteness of data tree types is decidable.

  13. Step to improve neural cryptography against flipping attacks.

    Science.gov (United States)

    Zhou, Jiantao; Xu, Qinzhen; Pei, Wenjiang; He, Zhenya; Szu, Harold

    2004-12-01

    Synchronization of neural networks by mutual learning has been demonstrated to be possible for constructing key exchange protocol over public channel. However, the neural cryptography schemes presented so far are not the securest under regular flipping attack (RFA) and are completely insecure under majority flipping attack (MFA). We propose a scheme by splitting the mutual information and the training process to improve the security of neural cryptosystem against flipping attacks. Both analytical and simulation results show that the success probability of RFA on the proposed scheme can be decreased to the level of brute force attack (BFA) and the success probability of MFA still decays exponentially with the weights' level L. The synchronization time of the parties also remains polynomial with L. Moreover, we analyze the security under an advanced flipping attack.

  14. Pre-attack signs and symptoms in cluster headache

    DEFF Research Database (Denmark)

    Snoer, Agneta; Lund, Nunu; Beske, Rasmus

    2018-01-01

    Introduction In contrast to the premonitory phase of migraine, little is known about the pre-attack (prodromal) phase of a cluster headache. We aimed to describe the nature, prevalence, and duration of pre-attack symptoms in cluster headache. Methods Eighty patients with episodic cluster headache...... or chronic cluster headache, according to ICHD-3 beta criteria, were invited to participate. In this observational study, patients underwent a semi-structured interview where they were asked about the presence of 31 symptoms/signs in relation to a typical cluster headache attack. Symptoms included previously...... reported cluster headache pre-attack symptoms, premonitory migraine symptoms and accompanying symptoms of migraine and cluster headache. Results Pre-attack symptoms were reported by 83.3% of patients, with an average of 4.25 (SD 3.9) per patient. Local and painful symptoms, occurring with a median of 10...

  15. Attacks on Bluetooth Security Architecture and Its Countermeasures

    Science.gov (United States)

    Iqbal, Mian Muhammad Waseem; Kausar, Firdous; Wahla, Muhammad Arif

    WPANs compliment the traditional IEEE 802.11 wireless networks by facilitating the clients with flexibility in network topologies, higher mobility and relaxed configuration/hardware requirements. Bluetooth, a WPAN technology, is an open standard for short-range radio frequency (RF) communication. However, it is also susceptible to typical security threats found in wireless LANs. This paper discuses some of the attack scenarios against the bluetooth network such as hostile intrusion, active Man-in-the-Middle (MITM) attack using unit key and various forms of denial of service (DoS) attacks. These threats and attacks compromise the confidentiality and availability of bluetooth data and services. This paper proposes an improved security architecture for bluetooth device which provides protection against the above mentioned attacks.

  16. Variability of clinical features in attacks of migraine with aura

    DEFF Research Database (Denmark)

    Hansen, Jakob M; Goadsby, Peter J; Charles, Andrew C

    2016-01-01

    BACKGROUND: There is significant variability in the clinical presentation of migraine, both among patients, and between attacks in an individual patient. We examined clinical features of migraine with aura in a large group of patients enrolled in a clinical trial, and compared retrospective...... a detailed retrospective description of the clinical features of their attacks of migraine. During the trial, clinical symptoms in migraine attacks starting with aura were recorded prospectively in 861 attacks. RESULTS: Retrospectively reported visual aura symptoms were variable and often overlapping...... in recalling or speaking words. A significant percentage of patients also reported a change in olfaction. There were several inconsistencies between the features of prospectively recorded and retrospectively reported attacks. Headache, nausea, photophobia, and phonophobia were all less common in prospectively...

  17. THE REPRISAL ATTACKS BY AL-SHABAAB AGAINST KENYA

    Directory of Open Access Journals (Sweden)

    E.O.S.ODHIAMBO

    2013-10-01

    Full Text Available The incursion of Kenya Defence Forces (KDF into Somalia was met by a series of threats from the Al-Shabaab that it would increase the attacks against Kenya if the troops were not withdrawn. The capture of Kismayu by KDF has weakened the nerve of Al-Shabaab but has not eliminated the imminent danger of a substantive terror attack. Since the incursion by KDF, Kenya has succumbed to a sequence of grenade and Improvised Explosive Devices attacks, roadside bombs, landmines and raids by fighters using small arms and light weapons and Rocket Propelled Grenades against Kenyans mostly in North Eastern, Coastal and Nairobi counties, marking the resurgence of terrorism in the country. We argue that Kenya is more vulnerable to Al-Shabaab terrorists attack than before the KDF incursion by citing the frequencies of reprisal attacks from October 2011 to January 2013. Hence, our troops should be withdrawn and deployed within our boundary.

  18. Detecting peripheral-based attacks on the host memory

    CERN Document Server

    Stewin, Patrick

    2015-01-01

    This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the host’s main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process – an aspect attackers are quick to exploit.  Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the host’s main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only me...

  19. Metrics for Assessment of Smart Grid Data Integrity Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

    2012-07-01

    There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

  20. Preventing Heart Attacks and Strokes: Increasing Awareness ...

    Science.gov (United States)

    Summary: Chronic cardiovascular disease imposes a significant health and economic burden on individuals and communities. Despite decades of improvement in cardiovascular mortality, cardiovascular disease and stroke remain the leading cause of death in the U.S. and disparities in health outcomes persist. Moreover, the continuous improvement in cardiovascular mortality typical of the last four decades has ended motivating new and innovative approaches to improve population health and wellbeing. Apart from continued focus on traditional risk factor modification such as identification and treatment of high blood pressure and cholesterol, cessation of smoking, and appropriate use of evidence-based pharmacological prevention measures and disease management, other factors should be considered such as increasing physical activity, dietary sodium reduction and modification of social and environmental determinants known to cause heart attacks and stroke and exacerbate vascular disease. Such an approach will require greater cooperation among public health, environmental health, the broader public and private healthcare delivery and payment systems, and federal agencies. To introduce this concept the U.S. EPA held a workshop in September 2016 bringing together representatives of local and state public health officials, the healthcare system, educators, data analytics, and federal partners (CMS, CDC, Dept. of State and EPA) for the purpose of exploring the idea of prom

  1. Neurons under viral attack: victims or warriors?

    Science.gov (United States)

    Chakraborty, Swarupa; Nazmi, Arshed; Dutta, Kallol; Basu, Anirban

    2010-01-01

    When the central nervous system (CNS) is under viral attack, defensive antiviral responses must necessarily arise from the CNS itself to rapidly and efficiently curb infections with minimal collateral damage to the sensitive, specialized and non-regenerating neural tissue. This presents a unique challenge because an intact blood-brain barrier (BBB) and lack of proper lymphatic drainage keeps the CNS virtually outside the radar of circulating immune cells that are at constant vigilance for antigens in peripheral tissues. Limited antigen presentation skills of CNS cells in comparison to peripheral tissues is because of a total lack of dendritic cells and feeble expression of major histocompatibility complex (MHC) proteins in neurons and glia. However, research over the past two decades has identified immune effector mechanisms intrinsic to the CNS for immediate tackling, attenuating and clearing of viral infections, with assistance pouring in from peripheral circulation in the form of neutralizing antibodies and cytotoxic T cells at a later stage. Specialized CNS cells, microglia and astrocytes, were regarded as sole sentinels of the brain for containing a viral onslaught but neurons held little recognition as a potential candidate for protecting itself from the proliferation and pathogenesis of neurotropic viruses. Accumulating evidence however indicates that extracellular insult causes neurons to express immune factors characteristic of lymphoid tissues. This article aims to comprehensively analyze current research on this conditional alteration in the protein expression repertoire of neurons and the role it plays in CNS innate immune response to counter viral infections. Copyright 2010 Elsevier Ltd. All rights reserved.

  2. Current therapy for chronic cerebrovascular attack

    Directory of Open Access Journals (Sweden)

    A. A. Shmonin

    2015-01-01

    Full Text Available Chronic cerebrovascular attack (CCVA is a brain lesion caused by vascular factors. CCVA appears as cognitive impairments (CIs, affective (emotional disorders and focal syndromes. Treatment for CCVA requires a comprehensive approach. Effective combination therapy for CCVA involves secondary prevention of stroke and CIs; treatment of CIs; treatment of depression and other affective disorders; and neuroprotective therapy. Basic therapy for CCVA includes modification of risk factors, antihypertensive, hypolipidemic, and antithrombotic therapies. Central acetylcholinesterase inhibitors (galantamine, rivastigmine, donepezil and a reversible NMDA receptor blocker (memantine are symptomatically used at a stage of vascular and mixed dementia. There are no unique guidelines for the therapy of mild and moderate vascular nondementia-related CIs. Drug use, based on the neurochemical mechanisms underlying the development of vascular CIs, is substantiated. When choosing psychotropic agents, it is necessary to take into account the causes and clinical manifestations of neuromediator deficiency. Antidepressants are used as essential drugs. Neuroleptics and tranquilizers are additionally administered in complex-pattern syndromes, such as depression with marked anxiety. Prescription of neuroprotectors may be effective in treating both stroke and CCVA. These medicaments are most effective when a damaging factor acts, i.e. neuroprotectors should be given in a risk situation and to reduce damage. Citicoline is one of the most test drugs in a group of neuroprotectors. 

  3. Intergranular attack evaluation from hideout return

    International Nuclear Information System (INIS)

    Nordmann, F.; Dupin, M.; Menet, O.; Fiquet, J.-M.

    1989-01-01

    Intergranular Attack (IGA) is the secondary side corrosion mechanism on PWR steam generator tubing, which can occur most frequently even with a good waterchemistry. It has moderately developed in a few French units. Consequently, several remedies have been implemented, such as sodium content decrease in makeup water and application of more stringent chemistry specifications. In order to evaluate the local chemistry in restricted areas where IGA may occur, a large hideout return programme has been carried out on many units. It shows that free alkalinity returning during shutdown is usually ranging from 0.5 to 5 g of sodium per steam generator, and that the required time to let it return is about 40 hours. However, high temperature pH calculations indicate that such an amount of alkalinity can correspond to a potentially corrosive solution in restricted areas, where a concentration factor of 10 5 to 10 7 can be reached, inducing a pH of 10 at 300 o C. Studies are still in progress in order to define when a shutdown should be required to allow hideout return and help to prevent IGA. (author)

  4. Effects of Permanent Bounded Cyber-Attacks on Networked Control Systems

    OpenAIRE

    Gerard, Benjamin; Voos, Holger; Li, Yumei; Darouach, Mohamed

    2015-01-01

    In this paper, the problem of permanent bounded cyber-attacks on networked control systems is treated. After a characterisation of malicious cyber attacks, the danger of permanent bounded cyber-attacks of two types is proved, the step attacks on system with invariant zero with zero real part and the free attacks. Simulation examples demonstrate the obtained results.

  5. Fatal injection: a survey of modern code injection attack countermeasures

    Directory of Open Access Journals (Sweden)

    Dimitris Mitropoulos

    2017-11-01

    Full Text Available With a code injection attack (CIA an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

  6. Changes in vestibular evoked myogenic potentials after Meniere attacks.

    Science.gov (United States)

    Kuo, Shih-Wei; Yang, Ting-Hua; Young, Yi-Ho

    2005-09-01

    The aim of this study was to apply videonystagmography (VNG) and vestibular evoked myogenic potential (VEMP) tests to patients with Meniere attacks, to explore the mechanics of where saccular disorders may affect the semicircular canals. From January 2001 to December 2003, 12 consecutive patients with unilateral definite Meniere's disease with vertiginous attacks underwent VNG for recording spontaneous nystagmus, as well as VEMP tests. At the very beginning of the Meniere attack, the spontaneous nystagmus beat toward the lesion side in 5 patients (42%) and toward the healthy side in 7 patients (58%). Twenty-four hours later, only 6 patients (50%) showed spontaneous nystagmus beating toward the healthy side. Nevertheless, spontaneous nystagmus subsided in all patients within 48 hours. The VEMP test was performed within 24 hours of a Meniere attack; the VEMPs were normal in 4 patients and abnormal in 8 patients (67%). After 48 hours, 4 patients with initially abnormal VEMPs had resolution and return to normal VEMPs, and the other 4 patients still had absent VEMPs. Most patients (67%) with Meniere attacks revealed abnormal VEMPs, indicating that the saccule participates in a Meniere attack. This is an important idea that stimulates consideration of the mechanism of Meniere attacks.

  7. Risk factors for hypertensive attack during pheochromocytoma resection

    Directory of Open Access Journals (Sweden)

    Se Yun Kwon

    2016-05-01

    Full Text Available Purpose: We aimed to retrospectively evaluate the risk factors for hypertensive attack during adrenalectomy in patients with pheochromocytoma. Despite the development of newer surgical and anesthetic techniques for the management of pheochromocytoma, intraoperative hypertensive attack continues to present a challenge. Materials and Methods: Data from 53 patients diagnosed with pheochromocytoma at Kyungpook National Uriversity Medical Center between January 2000 and June 2012 were retrospectively analyzed. The subjects were divided into 2 groups depending on the presence or absence of hypertensive attack at the time of surgery. Patient demographic characteristics and preoperative evaluations were assessed for their prognostic relevance with respect to hypertensive attack. A univariate analysis was conducted, and a multivariate logistic regression analysis was also performed. Results: In the univariate analysis, systolic blood pressure at presentation, preoperative hormonal status (including epinephrine, norepinephrine, vanillylmandelic acid, and metanephrine levels in a 24-hour urine sample, tumor size, and postoperative systolic blood pressure were significantly associated with the development of hypertensive attack. In the multivariate analysis, preoperative epinephrine level and tumor size were independent factors that predicted hypertensive attack. The highest odds ratio for tumor size (2.169 was obtained at a cutoff value of 4.25 cm and the highest odds ratio for preoperative epinephrine (1.020 was obtained at a cutoff value of 166.3 μg/d. Conclusions: In this study, a large tumor size and an elevated preoperative urinary epinephrine level were risk factors for intraoperative hypertensive attack in patients with pheochromocytoma.

  8. Construction of a Cyber Attack Model for Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

    2017-05-01

    The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missed if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.

  9. Data-plane Defenses against Routing Attacks on Tor

    Directory of Open Access Journals (Sweden)

    Tan Henry

    2016-10-01

    Full Text Available Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

  10. Attack resilience of the evolving scientific collaboration network.

    Directory of Open Access Journals (Sweden)

    Xiao Fan Liu

    Full Text Available Stationary complex networks have been extensively studied in the last ten years. However, many natural systems are known to be continuously evolving at the local ("microscopic" level. Understanding the response to targeted attacks of an evolving network may shed light on both how to design robust systems and finding effective attack strategies. In this paper we study empirically the response to targeted attacks of the scientific collaboration networks. First we show that scientific collaboration network is a complex system which evolves intensively at the local level--fewer than 20% of scientific collaborations last more than one year. Then, we investigate the impact of the sudden death of eminent scientists on the evolution of the collaboration networks of their former collaborators. We observe in particular that the sudden death, which is equivalent to the removal of the center of the egocentric network of the eminent scientist, does not affect the topological evolution of the residual network. Nonetheless, removal of the eminent hub node is exactly the strategy one would adopt for an effective targeted attack on a stationary network. Hence, we use this evolving collaboration network as an experimental model for attack on an evolving complex network. We find that such attacks are ineffectual, and infer that the scientific collaboration network is the trace of knowledge propagation on a larger underlying social network. The redundancy of the underlying structure in fact acts as a protection mechanism against such network attacks.

  11. Familial patterns in patients with infrequent panic attacks.

    Science.gov (United States)

    Dumas, C A; Katerndahl, D A; Burge, S K

    1995-10-01

    To evaluate the family environment in patients with infrequent panic attacks. Survey. Waiting room of a family health center at a university-based family practice residency program. The center primarily serves low-income or underinsured patients, 80% of whom are Hispanic. Randomly selected patients completed the panic disorder section of the Structured Clinical Interview of the Diagnostic and Statistical Manual of Mental Disorders, Third Edition. Thirty patients with infrequent panic attacks were compared with 30 control patients without panic attacks matched for age, gender, and ethnicity. Both groups completed in-depth interviews. None. The in-depth structured interview included family environment instruments--Family Adaptability and Cohesion Evaluation Scales and Duke Social Support and Stress Scale--as well as a genogram. Family violence and sexual abuse were assessed by means of the Conflict Tactic Scales and the Sexual Stress Questionnaire. Although patients with infrequent panic attacks were of lower birth order than patients without panic attacks (Wilcoxon chi 2 = 2.13, P family functioning were found. However, patients with infrequent panic attacks reported higher levels of childhood (paired t = 3.97, P family stress. Although the prevalence of family violence was similar between groups, the group with infrequent panic attacks reported more violent events in the past year (paired t = 2.60, P family functioning or support were found, the group with infrequent panic attacks reported more frequent violent events currently and higher levels of family stress. The high rate of childhood sexual abuse may have important causative implications for infrequent panic attacks.

  12. TCPL: A Defense against wormhole attacks in wireless sensor networks

    International Nuclear Information System (INIS)

    Kumar, K. E. Naresh; Waheed, Mohd. Abdul; Basappa, K. Kari

    2010-01-01

    Do In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many sensor network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

  13. Securing SQL server protecting your database from attackers

    CERN Document Server

    Cherry, Denny

    2015-01-01

    SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack. In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practic

  14. Towards A Taxonomy Of Attacks Against Energy Control Systems

    Science.gov (United States)

    Fleury, Terry; Khurana, Himanshu; Welch, Von

    Control systems in the energy sector (e.g., supervisory control and data acquisition (SCADA) systems) involve a hierarchy of sensing, monitoring and control devices connected to centralized control stations or centers. The incorporation of commercial off-the-shelf technologies in energy control systems makes them vulnerable to cyber attacks. A taxonomy of cyber attacks against control systems can assist the energy sector in managing the cyber threat. This paper takes the first step towards a taxonomy by presenting a comprehensive model of attacks, vulnerabilities and damage related to control systems. The model is populated based on a survey of the technical literature from industry, academia and national laboratories.

  15. Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Most methods for protocol analysis classify protocols as “broken” if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications...

  16. The LOCAL attack: Cryptanalysis of the authenticated encryption scheme ALE

    DEFF Research Database (Denmark)

    Khovratovich, Dmitry; Rechberger, Christian

    2014-01-01

    We show how to produce a forged (ciphertext, tag) pair for the scheme ALE with data and time complexity of 2102 ALE encryptions of short messages and the same number of authentication attempts. We use a differential attack based on a local collision, which exploits the availability of extracted...... state bytes to the adversary. Our approach allows for a time-data complexity tradeoff, with an extreme case of a forgery produced after 2119 attempts and based on a single authenticated message. Our attack is further turned into a state recovery and a universal forgery attack with a time complexity...

  17. Exploring Windows Domain-Level Defenses Against Authentication Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Nichols, Jeff A. {Cyber Sciences} [ORNL; Curtis, Laura [Pacific Northwest National Laboratory (PNNL)

    2016-01-01

    We investigated the security resilience of the current Windows Active Directory (AD) environments to Pass-the-Hash and Pass- the-Ticket credential theft attacks. While doing this, we discovered a way to trigger the removal of all previously issued authentication credentials for a client, thus preventing their use by attackers. After triggered, the user is forced to contact the domain administrators and to authenticate to the AD to continue. This could become the basis for a response that arrests the spread of a detected attack. Operating in a virtualized XenServer environment, we were able to carefully determine and recreate the conditions necessary to cause this response.

  18. Integrated Guidance and Control Based Air-to-Air Autonomous Attack Occupation of UCAV

    OpenAIRE

    Luo, Chang; Wang, Jie; Huang, Hanqiao; Wang, Pengfei

    2016-01-01

    An approach of air-to-air autonomous attack occupation for Unmanned Combat Aerial Vehicles (UCAVs) is proposed to improve attack precision and combat effectiveness. According to the shortage of UCAV in the task of attack occupation, kinematic and dynamic models of UCAV and missile loaded on it are formed. Then, attack zone and no-escape zone are calculated by pattern search algorithm, and the optimum attack position is indicated. To arrive at the optimum attack position accurately with restri...

  19. The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications

    Science.gov (United States)

    2015-10-16

    The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications Yossef Oren Vasileios P. Kemerlis Simha Sethumadhavan Angelos D...security General Terms Languages, Measurement, Security Keywords side-channel attacks; cache-timing attacks; JavaScript -based cache attacks; covert...more detail in Section 3, executes a JavaScript - based cache attack, which lets the attacker track accesses to the victim’s last-level cache over

  20. Detection and mitigation algorithm for malicious TCP port scan attacks in software-defined networking

    OpenAIRE

    Purushothama, Rakesh

    2014-01-01

    The vulnerabilities existing in the Internet such as insecure network architectures are exploited to gain un-authorized access to a network. A launch of an attack usually begins with a deliberate process of analyzing potential victims. This attack is called scan attack. The most common scan attack type is called TCP port scan attack as TCP is a connection oriented protocol. A TCP port scan attack misuses the process of establishing connection between two hosts for communication (TCP three-way...

  1. VTAC: virtual terrain assisted impact assessment for cyber attacks

    Science.gov (United States)

    Argauer, Brian J.; Yang, Shanchieh J.

    2008-03-01

    Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).

  2. Personality characteristics of victims of illegal attacks on the Internet

    Directory of Open Access Journals (Sweden)

    Safuanov F.S.

    2016-01-01

    Full Text Available The article examines the personality characteristics of victims of illegal attacks on the Internet. We used methods as follow: 16 factors Cattell personality questionnaire, subjective control level, life-style index, Buss-Perry questionnaire, Spielberger State-Trait Anxiety Inventory, a COPE inventory. 78 internet users were divided into two groups of 38 persons: the main group included people falling victim to illegal attacks on the Internet, the control group participants were not attacked on the internet. We identified specific aggregated symptoms of individual psychological characteristics of internet attack victims and show that victims of "non-forced" and "forced" offenses have different levels of situational and personal anxiety, aggression and locus of control.

  3. Quantum cloning attacks against PUF-based quantum authentication systems

    Science.gov (United States)

    Yao, Yao; Gao, Ming; Li, Mo; Zhang, Jian

    2016-08-01

    With the advent of physical unclonable functions (PUFs), PUF-based quantum authentication systems have been proposed for security purposes, and recently, proof-of-principle experiment has been demonstrated. As a further step toward completing the security analysis, we investigate quantum cloning attacks against PUF-based quantum authentication systems and prove that quantum cloning attacks outperform the so-called challenge-estimation attacks. We present the analytical expression of the false-accept probability by use of the corresponding optimal quantum cloning machines and extend the previous results in the literature. In light of these findings, an explicit comparison is made between PUF-based quantum authentication systems and quantum key distribution protocols in the context of cloning attacks. Moreover, from an experimental perspective, a trade-off between the average photon number and the detection efficiency is discussed in detail.

  4. Fault Attacks on the Authenticated Encryption Stream Cipher MORUS

    Directory of Open Access Journals (Sweden)

    Iftekhar Salam

    2018-01-01

    Full Text Available This paper investigates the application of fault attacks to the authenticated encryption stream cipher algorithm MORUS. We propose fault attacks on MORUS with two different goals: one to breach the confidentiality component, and the other to breach the integrity component. For the fault attack on the confidentiality component of MORUS, we propose two different types of key recovery. The first type is a partial key recovery using a permanent fault model, except for one of the variants of MORUS where the full key is recovered with this model. The second type is a full key recovery using a transient fault model, at the cost of a higher number of faults compared to the permanent fault model. Finally, we describe a fault attack on the integrity component of MORUS, which performs a forgery using the bit-flipping fault model.

  5. Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

    Science.gov (United States)

    Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

    2017-05-01

    This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

  6. Compounding the Losses of Convoyed Ships Attacked by Tactical Submarines

    Directory of Open Access Journals (Sweden)

    Kåre M. Mjelde

    1982-10-01

    Full Text Available It is demonstrated that a time dependent stochastic model for the losses of convoyed ships attacked by submarines can be applied in the determination of the losses in terms of the results of two submodels:

  7. APPLYING INTERNATIONAL HUMANITARIAN LAW TO CYBER-ATTACKS

    Directory of Open Access Journals (Sweden)

    Dan-Iulian VOITAŞEC

    2015-07-01

    Full Text Available Technology plays an important role in everyday life. Technological advancement can be found in every field of government including the military. Because of this, new means and methods of conducting hostilities have emerged. Cyber warfare starts to represent the latest challenge at an international level. States and non-state actors have started to implement new security policies and new defences against cyber-attacks but also have embraced using cyber-attacks as a method of conducting hostilities. The question that has to be answered regarding the use of cyber-attacks is what is the legal regime that governs such attacks and if IHL can apply to cyber warfare?

  8. Game Theoretic Solutions to Cyber Attack and Network Defense Problems

    National Research Council Canada - National Science Library

    Shen, Dan; Chen, Genshe; Cruz, Jr., , Jose B; Blasch, Erik; Kruger, Martin

    2007-01-01

    .... The protection and defense against cyber attacks to computer network is becoming inadequate as the hacker knowledge sophisticates and as the network and each computer system become more complex...

  9. Defense Against Rocket Attacks in the Presence of False Cues

    National Research Council Canada - National Science Library

    Harari, Lior

    2008-01-01

    Rocket attacks on civilian and military targets, from both Hezbollah (South Lebanon) and Hamas (Gaza strip) have been causing a major operational problem for the Israeli Defense Force for over two decades...

  10. Stealth, the End of Dedicated Electronic Attack Aircraft

    National Research Council Canada - National Science Library

    Hake, Michael

    1999-01-01

    .... Furthermore, if a target is missed because of defensive reactions to radar-guided weapons, the sortie is lost and the target will have to be attacked again, draining valuable resources from the war...

  11. After-gate attack on a quantum cryptosystem

    International Nuclear Information System (INIS)

    Wiechers, C; Wittmann, C; Elser, D; Marquardt, Ch; Leuchs, G; Lydersen, L; Skaar, J; Makarov, V

    2011-01-01

    We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

  12. Countermeasures Against Blinding Attack on Superconducting Nanowire Detectors for QKD

    Directory of Open Access Journals (Sweden)

    Elezov M.S.

    2015-01-01

    Full Text Available Nowadays, the superconducting single-photon detectors (SSPDs are used in Quantum Key Distribution (QKD instead of single-photon avalanche photodiodes. Recently bright-light control of the SSPD has been demonstrated. This attack employed a “backdoor” in the detector biasing technique. We developed the autoreset system which returns the SSPD to superconducting state when it is latched. We investigate latched state of the SSPD and define limit conditions for effective blinding attack. Peculiarity of the blinding attack is a long nonsingle photon response of the SSPD. It is much longer than usual single photon response. Besides, we need follow up response duration of the SSPD. These countermeasures allow us to prevent blind attack on SSPDs for Quantum Key Distribution.

  13. Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    National Research Council Canada - National Science Library

    Wilson, Clay

    2005-01-01

    Many international terrorist groups now actively use computers and the Internet to communicate, and several may develop or acquire the necessary technical skills to direct a coordinated attack against...

  14. An Annotated Review of Past Papers on Attack Graphs

    National Research Council Canada - National Science Library

    Lippmann, Richard; Ingols, K. W

    2005-01-01

    This report reviews past research papers that describe how to construct attack graphs, how to use them to improve security of computer networks, and how to use them to analyze alerts from intrusion detection systems...

  15. Counting equations in algebraic attacks on block ciphers

    DEFF Research Database (Denmark)

    Knudsen, Lars Ramkilde; Miolane, Charlotte Vikkelsø

    2010-01-01

    This paper is about counting linearly independent equations for so-called algebraic attacks on block ciphers. The basic idea behind many of these approaches, e.g., XL, is to generate a large set of equations from an initial set of equations by multiplication of existing equations by the variables...... in the system. One of the most difficult tasks is to determine the exact number of linearly independent equations one obtain in the attacks. In this paper, it is shown that by splitting the equations defined over a block cipher (an SP-network) into two sets, one can determine the exact number of linearly...... independent equations which can be generated in algebraic attacks within each of these sets of a certain degree. While this does not give us a direct formula for the success of algebraic attacks on block ciphers, it gives some interesting bounds on the number of equations one can obtain from a given block...

  16. Computer Network Attack Versus Operational Maneuver from the Sea

    National Research Council Canada - National Science Library

    Herdegen, Dale

    2000-01-01

    ...) vulnerable to computer network attack (CNA). Mission command and control can reduce the impact of the loss of command and control, but it can not overcome the vast and complex array of threats...

  17. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

    Directory of Open Access Journals (Sweden)

    Jayakumar Kaliappan

    2015-01-01

    Full Text Available An intrusion detection system (IDS helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU, there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

  18. Messaging Attacks on Android: Vulnerabilities and Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Khodor Hamandi

    2015-01-01

    Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.

  19. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection.

    Science.gov (United States)

    Kaliappan, Jayakumar; Thiagarajan, Revathi; Sundararajan, Karpagam

    2015-01-01

    An intrusion detection system (IDS) helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU), there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

  20. An unusual case of predation: dog pack or cougar attack?

    Science.gov (United States)

    Fonseca, Gabriel M; Palacios, Rocío

    2013-01-01

    Injuries produced by animals are capable of leaving severe patterns and in some cases may result in the death of the attacked individual. Law enforcement authorities may come to erroneous conclusions about the source of the bites based on their awareness of animals present and similarities of the injuries to the untrained eye, with dreadful consequences. Expertise of a carnivore biologist and an odontologist that indentifies the particularities of bite marks may be useful for identifying the attacking species. We present the investigation of a fatal dog pack attack involving a 43-year-old man in Bell Ville (Argentina) where the evidence provided by a forensic dentist and a biologist was categorical for establishing the animal species involved. Because of the unusual characteristics of the wounds and the initial hypothesis made by local authorities of a cougar attack, habits and specific patterns of both dog pack and cougar predation on humans are discussed. © 2012 American Academy of Forensic Sciences.

  1. Reducing an attack surface of an operating system

    OpenAIRE

    VALKONEN, VILLE

    2012-01-01

    Certain security choices done on the operating system level can mitigate harm done by an malicious attacker or a program. The main focus in the thesis is on open source operating systems. Asiasanat: software security, operating system security

  2. Bound Maxima as a Traffic Feature under DDOS Flood Attacks

    Directory of Open Access Journals (Sweden)

    Jie Xue

    2012-01-01

    Full Text Available This paper gives a novel traffic feature for identifying abnormal variation of traffic under DDOS flood attacks. It is the histogram of the maxima of the bounded traffic rate on an interval-by-interval basis. We use it to experiment on the traffic data provided by MIT Lincoln Laboratory under Defense Advanced Research Projects Agency (DARPA in 1999. The experimental results profitably enhance the evidences that traffic rate under DDOS attacks is statistically higher than that of normal traffic considerably. They show that the pattern of the histogram of the maxima of bounded rate of attack-contained traffic greatly differs from that of attack-free traffic. Besides, the present traffic feature is simple in mathematics and easy to use in practice.

  3. Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Omar Achbarou

    2017-03-01

    Full Text Available Cloud computing is a new way of integrating a set of old technologies to implement a new paradigm that creates an avenue for users to have access to shared and configurable resources through internet on-demand. This system has many common characteristics with distributed systems, hence, the cloud computing also uses the features of networking. Thus the security is the biggest issue of this system, because the services of cloud computing is based on the sharing. Thus, a cloud computing environment requires some intrusion detection systems (IDSs for protecting each machine against attacks. The aim of this work is to present a classification of attacks threatening the availability, confidentiality and integrity of cloud resources and services. Furthermore, we provide literature review of attacks related to the identified categories. Additionally, this paper also introduces related intrusion detection models to identify and prevent these types of attacks.

  4. [Forensic-medical assessment of terroristic chemical attacks].

    Science.gov (United States)

    Babakhanian, R B; Bushuev, E S

    2005-01-01

    By potential damage, chemical terroristic attacks are much more dangerous than terroristic bombing. To fight chemical terrorism it is necessary to create the system of medical-environmental defense of the population. In line with emergency medicine, forensic medical service is a very important element of the antiterroristic defense. The activity of forensic-medical experts in the field of terroristic chemical attack is analysed.

  5. A forensics investigation into attacks on Linux servers

    OpenAIRE

    Andrade, Jhonattan Javier Barriga; Gan, Diane; University of East London Staff

    2012-01-01

    The aim of this work was to probe a Linux server and then to identify the digital footprint left behind. This investigation focuses mainly on passive attacks using Linux BackTrack5 tools, including Metasploit, Nessus, Whatweb, Nmap, PHP-Backdoor and Weevely. These are commonly used tools which can determine the security flaws and vulnerabilities present that could be exploited. The results of the forensic evidence collection will then be analysed to determine how to identify passive attacks i...

  6. Treatment of HAE Attacks in the Icatibant Outcome Survey

    DEFF Research Database (Denmark)

    Hernández Fernandez de Rojas, Dolores; Ibañez, Ethel; Longhurst, Hilary

    2015-01-01

    were performed (February 2008 to December 2012). RESULTS: Icatibant was used in 652 attacks in 170 patients with HAE type I/II. Most icatibant injections were self-administered (431/652, 68.5%). The proportion of self-treated attacks increased over time (40.3% in 2009 vs. 89.7% in 2012). The median......-administration of icatibant provides a complementary option to HCP administration, enabling optimization of patient care. © 2015 S. Karger AG, Basel....

  7. Patrol Detection for Replica Attacks on Wireless Sensor Networks

    OpenAIRE

    Wang, Liang-Min; Shi, Yang

    2011-01-01

    Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by d...

  8. Security solution against denial of service attacks in BESIP system

    Science.gov (United States)

    Rezac, Filip; Voznak, Miroslav; Safarik, Jakub; Partila, Pavol; Tomala, Karel

    2013-05-01

    This article deals about embedded SIP communication server with an easy integration into the computer network based on open source solutions and its effective defense against the most frequent attack in the present - Denial of Service. The article contains brief introduction into the Bright Embedded Solution for IP Telephony - BESIP and describes the most common types of DoS attacks, which are applied on SIP elements of the VoIP infrastructure including the results of defensive mechanism that has been designed.

  9. Intrusions into Privacy in Video Chat Environments: Attacks and Countermeasures

    OpenAIRE

    Xing, Xinyu; Dang, Jianxun; Han, Richard; Liu, Xue; Mishra, Shivakant

    2010-01-01

    Video chat systems such as Chatroulette have become increasingly popular as a way to meet and converse one-on-one via video and audio with other users online in an open and interactive manner. At the same time, security and privacy concerns inherent in such communication have been little explored. This paper presents one of the first investigations of the privacy threats found in such video chat systems, identifying three such threats, namely de-anonymization attacks, phishing attacks, and ma...

  10. PUF Modeling Attacks on Simulated and Silicon Data

    OpenAIRE

    Ruhrmair, Ulrich; Solter, Jan; Sehnke, Frank; Xu, Xiaolin; Mahmoud, Ahmed; Stoyanova, Vera; Dror, Gideon; Schmidhuber, Jurgen; Burleson, Wayne; Devadas, Srinivas

    2013-01-01

    We discuss numerical modeling attacks on several proposed strong physical unclonable functions (PUFs). Given a set of challenge-response pairs (CRPs) of a Strong PUF, the goal of our attacks is to construct a computer algorithm which behaves indistinguishably from the original PUF on almost all CRPs. If successful, this algorithm can subsequently impersonate the Strong PUF, and can be cloned and distributed arbitrarily. It breaks the security of any applications that rest on the Strong PUF's ...

  11. Pathological findings of a fatal leopard seal attack.

    Science.gov (United States)

    Rutty, Guy N

    2007-03-01

    A unique case of a fatal leopard seal attack against an adult human female is presented. The death occurred in Rothera, Antarctica when the female was snorkeling while undertaking scientific research. The principle injuries occurred, during life, to the facial areas prior to the act of drowning. The method of attack of leopard seals against their natural prey is discussed and related to the findings on the deceased.

  12. Successful attack on permutation-parity-machine-based neural cryptography.

    Science.gov (United States)

    Seoane, Luís F; Ruttor, Andreas

    2012-02-01

    An algorithm is presented which implements a probabilistic attack on the key-exchange protocol based on permutation parity machines. Instead of imitating the synchronization of the communicating partners, the strategy consists of a Monte Carlo method to sample the space of possible weights during inner rounds and an analytic approach to convey the extracted information from one outer round to the next one. The results show that the protocol under attack fails to synchronize faster than an eavesdropper using this algorithm.

  13. AMC Model for Denial of Sleep Attack Detection

    OpenAIRE

    Bhattasali, Tapalina; Chaki, Rituparna

    2012-01-01

    Due to deployment in hostile environment, wireless sensor network is vulnerable to various attacks. Exhausted sensor nodes in sensor network become a challenging issue because it disrupts the normal connectivity of the network. Affected nodes give rise to denial of service that resists to get the objective of sensor network in real life. A mathematical model based on Absorbing Markov Chain (AMC)is proposed for Denial of Sleep attack detection in sensor network. In this mechanism, whether sens...

  14. Alternatives to retaliation in response to state sponsored terrorist attacks

    OpenAIRE

    Evans, Paul James

    2014-01-01

    Approved for public release; distribution is unlimited We consider a game played between a state sponsor of international terrorism, a terrorist organization and the victim of a terrorist attack. The state sponsor wishes to inflict as much damage to the victim as possible without risking retaliation. The victim state wishes to end these attacks as soon as possible, through non-retaliatory means if possible in order to avoid the penalty associated with retaliation. In this thesis we compare...

  15. British media attacks on homeopathy: are they justified?

    Science.gov (United States)

    Vithoulkas, George

    2008-04-01

    Homeopathy is being attacked by the British media. These attacks draw support from irresponsible and unjustified claims by certain teachers of homeopathy. Such claims include the use of 'dream' and 'imaginative' methods for provings. For prescribing some such teachers attempt to replace the laborious process of matching symptom picture and remedy with spurious theories based on 'signatures', sensations and other methods. Other irresponsible claims have also been made. These "new ideas" risk destroying the principles, theory, and practice of homeopathy.

  16. Asessing ethical severity of e-learning systems security attacks

    OpenAIRE

    Levy, Y; Ramim, MM; Hackney, RA

    2013-01-01

    Security and ethical issues with information systems (IS) are important concerns for most organizations. However, limited attention has been given to unethical behaviors and severity of cyber-security attacks, while these instances appear to be critically important. Although managers have been embracing e-learning systems for training and virtual-team collaborations, little is known about motivations for cyber-security attacks on such systems The JCIS editor-in-chief Dr. Alex Koohang and t...

  17. Attacks and Countermeasures in Communications and Power Networks

    Science.gov (United States)

    2014-01-01

    through monitored nodes, the network owner can alert the possibility of an attack. Other applications include the detec- tion of wormhole attack [64] in...which a set of colluding nodes divert a valid network flow through a “ wormhole tunnel.” Understanding the problem of flow detection is also valuable for...Sterne, R. Gopaul, M. Heyman, B. Rivera, P. Budulas, B. Luu, T. Johnson, N. Ivanic, and G. Lawler, “In-Band Wormholes and Countermea- sures in OLSR

  18. Muscular imbalance and shoulder pain in volleyball attackers.

    OpenAIRE

    Kugler, A; Krüger-Franke, M; Reininger, S; Trouillier, H H; Rosemeyer, B

    1996-01-01

    OBJECTIVE: In overhead sports such as volleyball, baseball, or tennis shoulder problems are very common. The aim of this study was to identify features which may correlate with shoulder problems in volleyball attackers. METHODS: 30 competitive volleyball attackers (mean age 25 years) were included in the study; 15 were suffering from shoulder pain and 15 had no history of shoulder pain. The results were compared with those of a control group of 15 recreational athletes without any overhead sp...

  19. Mass casualty response in the 2008 Mumbai terrorist attacks.

    Science.gov (United States)

    Roy, Nobhojit; Kapil, Vikas; Subbarao, Italo; Ashkenazi, Isaac

    2011-12-01

    The November 26-29, 2008, terrorist attacks on Mumbai were unique in its international media attention, multiple strategies of attack, and the disproportionate national fear they triggered. Everyone was a target: random members of the general population, iconic targets, and foreigners alike were under attack by the terrorists. A retrospective, descriptive study of the distribution of terror victims to various city hospitals, critical radius, surge capacity, and the nature of specialized medical interventions was gathered through police, legal reports, and interviews with key informants. Among the 172 killed and 304 injured people, about four-fifths were men (average age, 33 years) and 12% were foreign nationals. The case-fatality ratio for this event was 2.75:1, and the mortality rate among those who were critically injured was 12%. A total of 38.5% of patients arriving at the hospitals required major surgical intervention. Emergency surgical operations were mainly orthopedic (external fixation for compound fractures) and general surgical interventions (abdominal explorations for penetrating bullet/shrapnel injuries). The use of heavy-duty automatic weapons, explosives, hostages, and arson in these terrorist attacks alerts us to new challenges to medical counterterrorism response. The need for building central medical control for a coordinated response and for strengthening public hospital capacity are lessons learned for future attacks. These particular terrorist attacks had global consequences, in terms of increased security checks and alerts for and fears of further similar "Mumbai-style" attacks. The resilience of the citizens of Mumbai is a critical measure of the long-term effects of terror attacks.

  20. An Active Defense Mechanism for TCP SYN flooding attacks

    OpenAIRE

    Kumarasamy, Saravanan; Gowrishankar, A.

    2012-01-01

    Distributed denial-of-service attacks on public servers have recently become a serious problem. To assure that network services will not be interrupted and more effective defense mechanisms to protect against malicious traffic, especially SYN floods. One problem in detecting SYN flood traffic is that server nodes or firewalls cannot distinguish the SYN packets of normal TCP connections from those of a SYN flood attack. Another problem is single-point defenses (e.g. firewalls) lack the scalabi...

  1. Three cases giant panda attack on human at Beijing Zoo

    OpenAIRE

    Zhang, Peixun; Wang, Tianbing; Xiong, Jian; Xue, Feng; Xu, Hailin; Chen, Jianhai; Zhang, Dianying; Fu, Zhongguo; Jiang, Baoguo

    2014-01-01

    Panda is regarded as Chinese national treasure. Most people always thought they were cute and just ate bamboo and had never imagined a panda could be vicious. Giant panda attacks on human are rare. There, we present three cases of giant panda attacks on humans at the Panda House at Beijing Zoo from September 2006 to June 2009 to warn people of the giant panda’s potentially dangerous behavior.

  2. Three cases giant panda attack on human at Beijing Zoo.

    Science.gov (United States)

    Zhang, Peixun; Wang, Tianbing; Xiong, Jian; Xue, Feng; Xu, Hailin; Chen, Jianhai; Zhang, Dianying; Fu, Zhongguo; Jiang, Baoguo

    2014-01-01

    Panda is regarded as Chinese national treasure. Most people always thought they were cute and just ate bamboo and had never imagined a panda could be vicious. Giant panda attacks on human are rare. There, we present three cases of giant panda attacks on humans at the Panda House at Beijing Zoo from September 2006 to June 2009 to warn people of the giant panda's potentially dangerous behavior.

  3. Analisis Explotasi Keamanan Web Denial of Service Attack

    Directory of Open Access Journals (Sweden)

    Junita Juwita Siregar

    2013-12-01

    Full Text Available Internet network which is public and global is unsafe, so the security of public Internet-based information system needs to be considered. When a data is sent from one computer to another on the Internet, it will pass through a number of other computers that are meant to give the user an opportunity to take over one or several computers. denial of service attacks is one of the web security systems which can inhibit the activity of the work of a service even turn it off, so the authorized user cannot use the service. There is an attempt of certain parties to prevent a user access to a system or network by flooding the traffic network with so much data from unregistered users. It makes the user unable to log into the network system. The purpose of this paper is to analyze the cause of the denial of service attack on a web system using literature study. The result of thisresearch is a method to overcome denial of service attack as well as the prevention techniques. This study concludes that securing techniques should be implemented extra carefully on DoS attacks (Denial-of-Service Attacks. Therefore, the attacker cannot overwhelm the network IP address and disrupt communication between a server and its client that may reject user’s request access to a system or a network service provided by a host.

  4. Risk Due to Radiological Terror Attacks With Natural Radionuclides

    Science.gov (United States)

    Friedrich, Steinhäusler; Stan, Rydell; Lyudmila, Zaitseva

    2008-08-01

    The naturally occurring radionuclides radium (Ra-226) and polonium (Po-210) have the potential to be used for criminal acts. Analysis of international incident data contained in the Database on Nuclear Smuggling, Theft and Orphan Radiation Sources (CSTO), operated at the University of Salzburg, shows that several acts of murder and terrorism with natural radionuclides have already been carried out in Europe and Russia. Five different modes of attack (T) are possible: (1) Covert irradiation of an individual in order to deliver a high individual dose; (2) Covert irradiation of a group of persons delivering a large collective dose; (3) Contamination of food or drink; (4) Generation of radioactive aerosols or solutions; (5) Combination of Ra-226 with conventional explosives (Dirty Bomb). This paper assesses the risk (R) of such criminal acts in terms of: (a) Probability of terrorist motivation deploying a certain attack mode T; (b) Probability of success by the terrorists for the selected attack mode T; (c) Primary damage consequence (C) to the attacked target (activity, dose); (d) Secondary damage consequence (C') to the attacked target (psychological and socio-economic effects); (e) Probability that the consequences (C, C') cannot be brought under control, resulting in a failure to manage successfully the emergency situation due to logistical and/or technical deficits in implementing adequate countermeasures. Extensive computer modelling is used to determine the potential impact of such a criminal attack on directly affected victims and on the environment.

  5. Risk Due to Radiological Terror Attacks With Natural Radionuclides

    International Nuclear Information System (INIS)

    Friedrich, Steinhaeusler; Lyudmila, Zaitseva; Stan, Rydell

    2008-01-01

    The naturally occurring radionuclides radium (Ra-226) and polonium (Po-210) have the potential to be used for criminal acts. Analysis of international incident data contained in the Database on Nuclear Smuggling, Theft and Orphan Radiation Sources (CSTO), operated at the University of Salzburg, shows that several acts of murder and terrorism with natural radionuclides have already been carried out in Europe and Russia. Five different modes of attack (T) are possible: (1) Covert irradiation of an individual in order to deliver a high individual dose; (2) Covert irradiation of a group of persons delivering a large collective dose; (3) Contamination of food or drink; (4) Generation of radioactive aerosols or solutions; (5) Combination of Ra-226 with conventional explosives (Dirty Bomb).This paper assesses the risk (R) of such criminal acts in terms of: (a) Probability of terrorist motivation deploying a certain attack mode T; (b) Probability of success by the terrorists for the selected attack mode T; (c) Primary damage consequence (C) to the attacked target (activity, dose); (d) Secondary damage consequence (C') to the attacked target (psychological and socio-economic effects); (e) Probability that the consequences (C, C') cannot be brought under control, resulting in a failure to manage successfully the emergency situation due to logistical and/or technical deficits in implementing adequate countermeasures. Extensive computer modelling is used to determine the potential impact of such a criminal attack on directly affected victims and on the environment

  6. Vulnerability of water supply systems to cyber-physical attacks

    Science.gov (United States)

    Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

    2016-04-01

    The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

  7. On Node Replication Attack in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mumtaz Qabulio

    2016-04-01

    Full Text Available WSNs (Wireless Sensor Networks comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs

  8. Blood flow velocity in migraine attacks - a transcranial Doppler study

    International Nuclear Information System (INIS)

    Zwetsloot, C.P.; Caekebeke, J.F.V.; Jansen, J.C.; Odink, J.; Ferrari, M.D.

    1991-01-01

    A pulsed Doppler device was used to measure blood flow velocities in the common carotid artery, the extracranial part of the internal carotid artery, the external carotid artery, the middle cerebral artery, and the anterior cerebral artery in 31 migraneurs without aura (n=27) and with aura (n=4), both during and ouside an attack. The aims were to compare blood flow velocity during and between migraine attacks and to study asymmetries of the blood flow velocity. Compared with blood flow velocity values obtained in the attack-free interval, blood flow velocity was lower during attacks without aura in both common carotid arteries, but not in the other extra- and intracranial vessels which were examined. However, during attacks of migraine with aura, blood flow velocity tended to be lower in all examined vessels. There were no asymmetries of the blood flow velocity. It is suggested that during migraine attacks without aura there is a dissociation in blood flow regulation in the common carotid and middle cerebral arteries. 20 refs., 2 tabs

  9. Human behaviour can trigger large carnivore attacks in developed countries.

    Science.gov (United States)

    Penteriani, Vincenzo; Delgado, María del Mar; Pinchera, Francesco; Naves, Javier; Fernández-Gil, Alberto; Kojola, Ilpo; Härkönen, Sauli; Norberg, Harri; Frank, Jens; Fedriani, José María; Sahlén, Veronica; Støen, Ole-Gunnar; Swenson, Jon E; Wabakken, Petter; Pellegrini, Mario; Herrero, Stephen; López-Bao, José Vicente

    2016-02-03

    The media and scientific literature are increasingly reporting an escalation of large carnivore attacks on humans in North America and Europe. Although rare compared to human fatalities by other wildlife, the media often overplay large carnivore attacks on humans, causing increased fear and negative attitudes towards coexisting with and conserving these species. Although large carnivore populations are generally increasing in developed countries, increased numbers are not solely responsible for the observed rise in the number of attacks by large carnivores. Here we show that an increasing number of people are involved in outdoor activities and, when doing so, some people engage in risk-enhancing behaviour that can increase the probability of a risky encounter and a potential attack. About half of the well-documented reported attacks have involved risk-enhancing human behaviours, the most common of which is leaving children unattended. Our study provides unique insight into the causes, and as a result the prevention, of large carnivore attacks on people. Prevention and information that can encourage appropriate human behaviour when sharing the landscape with large carnivores are of paramount importance to reduce both potentially fatal human-carnivore encounters and their consequences to large carnivores.

  10. Modeling attacker-defender interactions in information networks.

    Energy Technology Data Exchange (ETDEWEB)

    Collins, Michael Joseph

    2010-09-01

    The simplest conceptual model of cybersecurity implicitly views attackers and defenders as acting in isolation from one another: an attacker seeks to penetrate or disrupt a system that has been protected to a given level, while a defender attempts to thwart particular attacks. Such a model also views all non-malicious parties as having the same goal of preventing all attacks. But in fact, attackers and defenders are interacting parts of the same system, and different defenders have their own individual interests: defenders may be willing to accept some risk of successful attack if the cost of defense is too high. We have used game theory to develop models of how non-cooperative but non-malicious players in a network interact when there is a substantial cost associated with effective defensive measures. Although game theory has been applied in this area before, we have introduced some novel aspects of player behavior in our work, including: (1) A model of how players attempt to avoid the costs of defense and force others to assume these costs; (2) A model of how players interact when the cost of defending one node can be shared by other nodes; and (3) A model of the incentives for a defender to choose less expensive, but less effective, defensive actions.

  11. Panic attacks and panic disorder in the American Indian community.

    Science.gov (United States)

    Sawchuk, Craig N; Roy-Byrne, Peter; Noonan, Carolyn; Craner, Julia R; Goldberg, Jack; Manson, Spero; Buchwald, Dedra

    2017-05-01

    Panic disorder is a common mental health condition, but little is known about panic disorder in non-Caucasian populations. The purpose of this study is to describe the epidemiology, clinical features, and comorbidities of panic attacks and panic disorder in two large American Indian (AI) tribes (N=3084). A culturally-adapted version of the Composite International Diagnostic Interview assessed panic attacks, panic disorder, and various psychiatric comorbidities. After adjusting for age, gender, and tribe, linear and logistic regression analyses were conducted to compare AIs with panic disorder to those with panic attacks only on clinical characteristics and panic symptoms. Approximately 8.5% (N=234) of American Indians reported a lifetime history of panic attacks. Among individuals with panic attacks, comorbid posttraumatic stress disorder was higher in females (p=0.03) and comorbid alcohol-related disorders were higher in males (p≤0.001). The prevalence and clinical features of panic attacks and panic disorder in American Indians were similar to epidemiologic studies with majority populations. However, in contrast to earlier research, panic symptoms were similar in both males and females, and different patterns of comorbidity emerged. Future research should examine the availability and accessibility of evidence-based panic treatments for this traditionally underserved population. Copyright © 2016 Elsevier Ltd. All rights reserved.

  12. Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    Applications of wireless sensor networks (WSNs) are growing tremendously in the domains of habitat, tele-health, industry monitoring, vehicular networks, home automation and agriculture. This trend is a strong motivation for malicious users to increase their focus on WSNs and to develop and initi......Applications of wireless sensor networks (WSNs) are growing tremendously in the domains of habitat, tele-health, industry monitoring, vehicular networks, home automation and agriculture. This trend is a strong motivation for malicious users to increase their focus on WSNs and to develop...... and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it...

  13. Impact modeling and prediction of attacks on cyber targets

    Science.gov (United States)

    Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

    2010-04-01

    In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

  14. Muscular imbalance and shoulder pain in volleyball attackers.

    Science.gov (United States)

    Kugler, A; Krüger-Franke, M; Reininger, S; Trouillier, H H; Rosemeyer, B

    1996-09-01

    In overhead sports such as volleyball, baseball, or tennis shoulder problems are very common. The aim of this study was to identify features which may correlate with shoulder problems in volleyball attackers. 30 competitive volleyball attackers (mean age 25 years) were included in the study; 15 were suffering from shoulder pain and 15 had no history of shoulder pain. The results were compared with those of a control group of 15 recreational athletes without any overhead sports activities. Volleyball attackers have a different muscular and capsular pattern at the playing shoulder compared to the opposite shoulder. Their playing shoulder is depressed, the scapula lateralised, and the dorsal muscles and the posterior and inferior part of the shoulder capsule shortened. These differences were of more significance in volleyball attackers with shoulder pain than in volleyball players without shoulder pain. In contrast to recreational athletes without any overhead sports activity, there were no significant difference in the comparison of the two shoulders. The histories, clinical and sonographic findings did not reveal further typical features for volleyball attackers with shoulder pain. Muscular balance of the shoulder girdle is very important in this sport. It is therefore imperative to include adequate stretching and muscular training programme for the prevention, as well as for therapy, of shoulder pain in volleyball attackers.

  15. Psychological distress and prejudice following terror attacks in France.

    Science.gov (United States)

    Goodwin, Robin; Kaniasty, Krzysztof; Sun, Shaojing; Ben-Ezra, Menachem

    2017-08-01

    Terrorist attacks have the capacity to threaten our beliefs about the world, cause distress across populations and promote discrimination towards particular groups. We examined the impact of two different types of attacks in the same city and same year on psychological distress and probable posttraumatic stress symptoms, and the moderating effects of religion or media use on distress/posttraumatic symptoms and inter-group relations. Two panel surveys four weeks after the January 2015 Charlie Hebdo attack (N = 1981) and the November 2015 Bataclan concert hall/restaurant attacks (N = 1878), measured intrinsic religiosity, social and traditional media use, psychological distress (K6), probable posttraumatic stress symptoms (proposed ICD-11), symbolic racism and willingness to interact with Muslims by non-Muslims. Prevalence of serious mental illness (K6 score > 18) was higher after November 2015 attacks (7.0% after the first attack, 10.2% the second, χ2 (1) = 5.67, p psychological trauma across populations, and protecting inter-group harmony. Copyright © 2017 Elsevier Ltd. All rights reserved.

  16. Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Bri Rolston

    2005-09-01

    Database applications have become a core component in control systems and their associated record keeping utilities. Traditional security models attempt to secure systems by isolating core software components and concentrating security efforts against threats specific to those computers or software components. Database security within control systems follows these models by using generally independent systems that rely on one another for proper functionality. The high level of reliance between the two systems creates an expanded threat surface. To understand the scope of a threat surface, all segments of the control system, with an emphasis on entry points, must be examined. The communication link between data and decision layers is the primary attack surface for SQL injection. This paper facilitates understanding what SQL injection is and why it is a significant threat to control system environments.

  17. A Strategic Analysis of Information Sharing Among Cyber Attackers

    Directory of Open Access Journals (Sweden)

    Kjell Hausken

    2015-10-01

    Full Text Available We build a game theory model where the market design is such that one firm invests in security to defend against cyber attacks by two hackers. The firm has an asset, which is allocated between the three market participants dependent on their contest success. Each hacker chooses an optimal attack, and they share information with each other about the firm’s vulnerabilities. Each hacker prefers to receive information, but delivering information gives competitive advantage to the other hacker. We find that each hacker’s attack and information sharing are strategic complements while one hacker’s attack and the other hacker’s information sharing are strategic substitutes. As the firm’s unit defense cost increases, the attack is inverse U-shaped and reaches zero, while the firm’s defense and profit decrease, and the hackers’ information sharing and profit increase. The firm’s profit increases in the hackers’ unit cost of attack, while the hackers’ information sharing and profit decrease. Our analysis also reveals the interesting result that the cumulative attack level of the hackers is not affected by the effectiveness of information sharing between them and moreover, is also unaffected by the intensity of joint information sharing. We also find that as the effectiveness of information sharing between hackers increases relative to the investment in attack, the firm’s investment in cyber security defense and profit are constant, the hackers’ investments in attacks decrease, and information sharing levels and hacker profits increase. In contrast, as the intensity of joint information sharing increases, while the firm’s investment in cyber security defense and profit remain constant, the hackers’ investments in attacks increase, and the hackers’ information sharing levels and profits decrease. Increasing the firm’s asset causes all the variables to increase linearly, except information sharing which is constant. We extend

  18. Attacks, applications, and evaluation of known watermarking algorithms with Checkmark

    Science.gov (United States)

    Meerwald, Peter; Pereira, Shelby

    2002-04-01

    The Checkmark benchmarking tool was introduced to provide a framework for application-oriented evaluation of watermarking schemes. In this article we introduce new attacks and applications into the existing Checkmark framework. In addition to describing new attacks and applications, we also compare the performance of some well-known watermarking algorithms (proposed by Bruyndonckx,Cox, Fridrich, Dugad, Kim, Wang, Xia, Xie, Zhu and Pereira) with respect to the Checkmark benchmark. In particular, we consider the non-geometric application which contains tests that do not change the geometry of image. This attack constraint is artificial, but yet important for research purposes since a number of algorithms may be interesting, but would score poorly with respect to specific applications simply because geometric compensation has not been incorporated. We note, however, that with the help of image registration, even research algorithms that do not have counter-measures against geometric distortion -- such as a template or reference watermark -- can be evaluated. In the first version of the Checkmark benchmarking program, application-oriented evaluation was introduced, along with many new attacks not already considered in the literature. A second goal of this paper is to introduce new attacks and new applications into the Checkmark framework. In particular, we introduce the following new applications: video frame watermarking, medical imaging and watermarking of logos. Video frame watermarking includes low compression attacks and distortions which warp the edges of the video as well as general projective transformations which may result from someone filming the screen at a cinema. With respect to medical imaging, only small distortions are considered and furthermore it is essential that no distortions are present at embedding. Finally for logos, we consider images of small sizes and particularly compression, scaling, aspect ratio and other small distortions. The challenge

  19. Attacks on IEEE 802.11 wireless networks

    Directory of Open Access Journals (Sweden)

    Dejan Milan Tepšić

    2013-06-01

    Full Text Available Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity. Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key. WPA2 (802.11i later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption. Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated. Introduction In the entire history of

  20. Learn What a Heart Attack Feels Like--It Could Save Your Life

    Science.gov (United States)

    Learn What a Heart Attack Feels Like— It Could Save Your Life. This fact sheet tells you about heart attack signs. It also tells you what to do ... your life. 1. Know the signs of a heart attack. 2. Understand that heart attacks are not all ...

  1. On the potential of IPv6 open resolvers for DDoS attacks

    NARCIS (Netherlands)

    Hendriks, Luuk; de Oliveira Schmidt, Ricardo; van Rijswijk-Deij, Roland; Pras, Aiko; Kaafar, Mohamed Ali; Uhlig, Steve; Amann, Johanna

    2017-01-01

    Distributed Denial of Service (DDoS) attacks have become a daily problem in today’s Internet. These attacks aim at overwhelm- ing online services or network infrastrucure. Some DDoS attacks explore open services to perform reflected and amplified attacks; and the DNS is one of the most (mis)used

  2. The accountability problem of flooding attacks in service-oriented architectures

    DEFF Research Database (Denmark)

    Jensen, Meiko; Schwenk, Jörg

    2009-01-01

    The threat of Denial of Service attacks poses a serious problem to the security of network-based services in general. For flooding attacks against service-oriented applications, this threat is dramatically amplified with potentially much higher impact and very little effort on the attacker's side...... flooding attack model, we illustrate the problem's parameters, and we finally discuss some general solution approaches....

  3. Blind Cartography for Side Channel Attacks: Cross-Correlation Cartography

    Directory of Open Access Journals (Sweden)

    Laurent Sauvage

    2012-01-01

    Full Text Available Side channel and fault injection attacks are major threats to cryptographic applications of embedded systems. Best performances for these attacks are achieved by focusing sensors or injectors on the sensible parts of the application, by means of dedicated methods to localise them. Few methods have been proposed in the past, and all of them aim at pinpointing the cryptoprocessor. However it could be interesting to exploit the activity of other parts of the application, in order to increase the attack's efficiency or to bypass its countermeasures. In this paper, we present a localisation method based on cross-correlation, which issues a list of areas of interest within the attacked device. It realizes an exhaustive analysis, since it may localise any module of the device, and not only those which perform cryptographic operations. Moreover, it also does not require a preliminary knowledge about the implementation, whereas some previous cartography methods require that the attacker could choose the cryptoprocessor inputs, which is not always possible. The method is experimentally validated using observations of the electromagnetic near field distribution over a Xilinx Virtex 5 FPGA. The matching between areas of interest and the application layout in the FPGA floorplan is confirmed by correlation analysis.

  4. Interval forecasting of cyber-attacks on industrial control systems

    Science.gov (United States)

    Ivanyo, Y. M.; Krakovsky, Y. M.; Luzgin, A. N.

    2018-03-01

    At present, cyber-security issues of industrial control systems occupy one of the key niches in a state system of planning and management Functional disruption of these systems via cyber-attacks may lead to emergencies related to loss of life, environmental disasters, major financial and economic damage, or disrupted activities of cities and settlements. There is then an urgent need to develop protection methods against cyber-attacks. This paper studied the results of cyber-attack interval forecasting with a pre-set intensity level of cyber-attacks. Interval forecasting is the forecasting of one interval from two predetermined ones in which a future value of the indicator will be obtained. For this, probability estimates of these events were used. For interval forecasting, a probabilistic neural network with a dynamic updating value of the smoothing parameter was used. A dividing bound of these intervals was determined by a calculation method based on statistical characteristics of the indicator. The number of cyber-attacks per hour that were received through a honeypot from March to September 2013 for the group ‘zeppo-norcal’ was selected as the indicator.

  5. TAWS: TABLE ASSISTED WALK STRATEGY IN CLONE ATTACK DETECTION

    Directory of Open Access Journals (Sweden)

    J Sybi Cynthia

    2016-12-01

    Full Text Available Wireless Sensor Networks (WSNs deployed in the destructive atmosphere are susceptible to clone attacks. Clone attack in wireless sensor network is a complicated problem because it deployed in hostile environments, and also the nodes could be physically compromised by an adversary. For valuable clone attack detection, the selection criteria play an important role in the proposed work. In this paper, it has been classified the existing detection schemes regarding device type, detection methodologies, deployment strategies and detection ranges and far explore various proposals in deployment based selection criteria category. And also this paper provides a review of detection methodology based on various clone attack detection techniques. It is also widely agreed that clones should be detected quickly as possible with the best optional. Our work is exploratory in that the proposed algorithm concern with table assisted random walk with horizontal and vertical line, frequent level key change and revokes the duplicate node. Our simulation results show that it is more efficient than the detection criteria in terms of security feature, and in detection rate with high resiliency. Specifically, it concentrates on deployment strategy which includes grid based deployment technique. These all come under the selection criteria for better security performance. Our protocol analytically provides effective and clone attack detection capability of robustness.

  6. Marital history and survival after a heart attack.

    Science.gov (United States)

    Dupre, Matthew E; Nelson, Alicia

    2016-12-01

    Heart disease is the leading cause of death in the United States and nearly one million Americans will have a heart attack this year. Although the risks associated with a heart attack are well established, we know surprisingly little about how marital factors contribute to survival in adults afflicted with heart disease. This study uses a life course perspective and longitudinal data from the Health and Retirement Study to examine how various dimensions of marital life influence survival in U.S. older adults who suffered a heart attack (n = 2197). We found that adults who were never married (odds ratio [OR] = 1.73), currently divorced (OR = 1.70), or widowed (OR = 1.34) were at significantly greater risk of dying after a heart attack than adults who were continuously married; and the risks were not uniform over time. We also found that the risk of dying increased by 12% for every additional marital loss and decreased by 7% for every one-tenth increase in the proportion of years married. After accounting for more than a dozen socioeconomic, psychosocial, behavioral, and physiological factors, we found that current marital status remained the most robust indicator of survival following a heart attack. The implications of the findings are discussed in the context of life course inequalities in chronic disease and directions for future research. Copyright © 2016 Elsevier Ltd. All rights reserved.

  7. Automatic analysis of attack data from distributed honeypot network

    Science.gov (United States)

    Safarik, Jakub; Voznak, MIroslav; Rezac, Filip; Partila, Pavol; Tomala, Karel

    2013-05-01

    There are many ways of getting real data about malicious activity in a network. One of them relies on masquerading monitoring servers as a production one. These servers are called honeypots and data about attacks on them brings us valuable information about actual attacks and techniques used by hackers. The article describes distributed topology of honeypots, which was developed with a strong orientation on monitoring of IP telephony traffic. IP telephony servers can be easily exposed to various types of attacks, and without protection, this situation can lead to loss of money and other unpleasant consequences. Using a distributed topology with honeypots placed in different geological locations and networks provides more valuable and independent results. With automatic system of gathering information from all honeypots, it is possible to work with all information on one centralized point. Communication between honeypots and centralized data store use secure SSH tunnels and server communicates only with authorized honeypots. The centralized server also automatically analyses data from each honeypot. Results of this analysis and also other statistical data about malicious activity are simply accessible through a built-in web server. All statistical and analysis reports serve as information basis for an algorithm which classifies different types of used VoIP attacks. The web interface then brings a tool for quick comparison and evaluation of actual attacks in all monitored networks. The article describes both, the honeypots nodes in distributed architecture, which monitor suspicious activity, and also methods and algorithms used on the server side for analysis of gathered data.

  8. Effect of Angle of Attack on Slope Climbing Performance

    Science.gov (United States)

    Creager, Colin M.; Jones, Lucas; Smith, Lauren M.

    2017-01-01

    Ascending steep slopes is often a very difficult challenge for off-road vehicles, whether on Earth or on extraterrestrial bodies. This challenge is even greater if the surface consists of loose granular soil that does not provide much shear strength. This study investigated how the path at which a vehicle traverses a slope, specifically the angle that it is commanded to drive relative to the base of the hill (the angle of attack), can affect its performance. A vehicle was driven in loose sand at slope angles up to 15 degrees and angles of attack ranging from 10 to 90 degrees. A novel photogrammetry technique was implemented to both track vehicle motion and create a three-dimensional profile of the terrain. This allowed for true wheel sinkage measurements. The study showed that though low angles of attack result in lower wheel slip and sinkage, the efficiency of the vehicles uphill motion increased at higher angles of attack. For slopes up to 15 degrees, a 90 degree angle of attack provided the greatest likelihood of successful ascent.

  9. Gait biometrics under spoofing attacks: an experimental investigation

    Science.gov (United States)

    Hadid, Abdenour; Ghahramani, Mohammad; Kellokumpu, Vili; Feng, Xiaoyi; Bustard, John; Nixon, Mark

    2015-11-01

    Gait is a relatively biometric modality which has a precious advantage over other modalities, such as iris and voice, in that it can be easily captured from a distance. Although it has recently become a topic of great interest in biometric research, there has been little investigation into gait spoofing attacks where a person tries to imitate the clothing or walking style of someone else. We recently analyzed for the first time the effects of spoofing attacks on silhouette-based gait biometric systems and showed that it was indeed possible to spoof gait biometric systems by clothing impersonation and the deliberate selection of a target that has a similar build to the attacker. To gain deeper insight into the performance of current gait biometric systems under spoofing attacks, we provide a thorough investigation on how clothing can be used to spoof a target and evaluate the performance of two state-of-the-art recognition methods on a gait spoofing database recorded at the University of Southampton. Furthermore, we describe and evaluate an initial solution coping with gait spoofing attacks. The obtained results are very promising and point out interesting findings which can be used for future investigations.

  10. Investigation of impingement attack mechanism of copper alloy condenser tubes

    International Nuclear Information System (INIS)

    Fukumura, Takuya; Nakajima, Nobuo; Arioka, Koji; Totsuka, Nobuo; Nakagawa, Tomokazu

    2001-01-01

    In order to investigate generation and growth mechanisms of impingement attacks of sea water against copper alloy condenser tubes used in condensers of nuclear power plants, we took out condenser tubes from actual condensers, cut them into several pieces and carried out several material tests mainly for impinged spots. In addition water flow inside of a pit was analyzed. From the results of the investigation, it was found that all of impingement attacks were found in the marks left by sessile organisms and none were found in downstream of the marks as frequently proposed so far. At the pits generated inside the marks, iron coating was striped and zinc content was deficient in some cases. Combining these data and the result of flow analysis, we considered the following mechanism of the impingement attacks: sessile organisms clinging to the surface of the condenser tube and growth, occlusion of the tube, extinction and decomposition of sessile organisms, pollution corrosion under the organisms and cavity formation, occlusion removal by the cleaning, generation of impingement attacks by flow collision inside the cavity, growth of the impingement attacks. (author)

  11. Antioxidant status in acute asthmatic attack in children

    International Nuclear Information System (INIS)

    Al-Abdulla, N.O.; Al-Naama, L.M.; Hassan, M.K.

    2010-01-01

    Objectives: To determine the oxidant - antioxidant imbalance in asthmatic children, by measuring the levels of malondialdehyde (MDA) as an oxidant marker of lipid peroxidation as well as antioxidant compounds like vitamin C, vitamin E and uric acid and to investigate whether their concentrations are associated with more severe asthma. Methods: This case controlled prospective study was conducted on 219 children aged 1-12 years, attending Basra Maternity and Children Hospital. Included were 98 asthmatic children during acute attack and 121 non asthmatic, apparently healthy children. Serum malondialdehyde (MDA) as an oxidant marker of lipid peroxidation, and vitamin C, vitamin E and uric acid (as antioxidants) were estimated in asthmatic children during acute attack and compared with non-asthmatic children. Results: Asthmatic children during exacerbation of their asthma have significant lower serum levels of antioxidant compounds like vitamin C, vitamin E and uric acid (p<0.001) and significantly high malondialdehyde as compared with the controls. MDA was significantly elevated (P< 0.001), while that of vitamin C, vitamin E and uric acid were significantly decreased with increasing severity of asthmatic attack (P<0.001). A significant negative correlation between MDA with vitamin C (P<0.05, r = - 0.44) was observed in severe asthmatic attacks. Conclusion: Asthmatic patients during acute attack suffer a high degree of reactive oxygen species formation causing considerable oxidative stress that is indicated by the high level of oxidants (MDA) and low level of antioxidants. (author)

  12. Protecting infrastructure networks from cost-based attacks

    International Nuclear Information System (INIS)

    Wang Xingang; Guan Shuguang; Lai, Choy Heng

    2009-01-01

    It is well known that heterogeneous networks are vulnerable to the intentional removal of a small fraction of highly connected or loaded nodes, implying that to protect the network effectively, the important nodes should be allocated more defense resource than the others. However, if too much resource is allocated to the few important nodes, the numerous less-important nodes will be less protected, which if attacked together can still lead to devastating damage. A natural question is therefore how to efficiently distribute the limited defense resource among the network nodes such that the network damage is minimized against any attack strategy. In this paper, taking into account the factor of attack cost, the problem of network security is reconsidered in terms of efficient network defense against cost-based attacks. The results show that, for a general complex network, there exists an optimal distribution of the defense resource with which the network is best protected from cost-based attacks. Furthermore, it is found that the configuration of the optimal defense is dependent on the network parameters. Specifically, networks of larger size, sparser connection and more heterogeneous structure will more likely benefit from the defense optimization.

  13. Deployable Overlay Network for Defense against Distributed SYN Flood Attacks

    Science.gov (United States)

    Ohsita, Yuichi; Ata, Shingo; Murata, Masayuki

    Distributed denial-of-service attacks on public servers have recently become more serious. Most of them are SYN flood attacks, since the malicious attackers can easily exploit the TCP specification to generate traffic making public servers unavailable. We need a defense method which can protect legitimate traffic so that end users can connect the target servers during such attacks. In this paper, we propose a new framework, in which all of the TCP connections to the victim servers from a domain are maintained at the gateways of the domain (i. e., near the clients). We call the nodes maintaining the TCP connection defense nodes. The defense nodes check whether arriving packets are legitimate or not by maintaining the TCP connection. That is, the defense nodes delegate reply packets to the received connection request packets and identify the legitimate packets by checking whether the clients reply to the reply packets. Then, only identified traffic are relayed via overlay networks. As a result, by deploying the defense nodes at the gateways of a domain, the legitimate packets from the domain are relayed apart from other packets including attack packets and protected. Our simulation results show that our method can protect legitimate traffic from the domain deploying our method. We also describe the deployment scenario of our defense mechanism.

  14. Adaptive Timer-Based Countermeasures against TCP SYN Flood Attacks

    Science.gov (United States)

    Tanabe, Masao; Akaike, Hirofumi; Aida, Masaki; Murata, Masayuki; Imase, Makoto

    As a result of the rapid development of the Internet in recent years, network security has become an urgent issue. Distributed denial of service (DDoS) attacks are one of the most serious security issues. In particular, 60 percent of the DDoS attacks found on the Internet are TCP attacks, including SYN flood attacks. In this paper, we propose adaptive timer-based countermeasures against SYN flood attacks. Our proposal utilizes the concept of soft-state protocols that are widely used for resource management on the Internet. In order to avoid deadlock, a server releases resources using a time-out mechanism without any explicit requests from its clients. If we change the value of the timer in accordance with the network conditions, we can add more flexibility to the soft-state protocols. The timer is used to manage the resources assigned to half-open connections in a TCP 3-way handshake mechanism, and its value is determined adaptively according to the network conditions. In addition, we report our simulation results to show the effectiveness of our approach.

  15. Research Note on the Energy Infrastructure Attack Database (EIAD

    Directory of Open Access Journals (Sweden)

    Jennifer Giroux

    2013-12-01

    Full Text Available The January 2013 attack on the In Amenas natural gas facility drew international attention. However this attack is part of a portrait of energy infrastructure targeting by non-state actors that spans the globe. Data drawn from the Energy Infrastructure Attack Database (EIAD shows that in the last decade there were, on average, nearly 400 annual attacks carried out by armed non-state actors on energy infrastructure worldwide, a figure that was well under 200 prior to 1999. This data reveals a global picture whereby violent non-state actors target energy infrastructures to air grievances, communicate to governments, impact state economic interests, or capture revenue in the form of hijacking, kidnapping ransoms, theft. And, for politically motivated groups, such as those engaged in insurgencies, attacking industry assets garners media coverage serving as a facilitator for international attention. This research note will introduce EIAD and position its utility within various research areas where the targeting of energy infrastructure, or more broadly energy infrastructure vulnerability, has been addressed, either directly or indirectly. We also provide a snapshot of the initial analysis of the data between 1980-2011, noting specific temporal and spatial trends, and then conclude with a brief discussion on the contribution of EIAD, highlighting future research trajectories. 

  16. Assessing risk from intelligent attacks: A perspective on approaches

    International Nuclear Information System (INIS)

    Guikema, Seth D.; Aven, Terje

    2010-01-01

    Assessing the uncertainties in and severity of the consequences of intelligent attacks are fundamentally different from risk assessment for accidental events and other phenomena with inherently random failures. Intelligent attacks against a system involve adaptation on the part of the adversary. The probabilities of the initiating events depend on the risk management actions taken, and they may be more difficult to assess due to high degrees of epistemic uncertainty about the motivations and future actions of adversaries. Several fundamentally different frameworks have been proposed for assessing risk from intelligent attacks. These include basing risk assessment and management on game theoretic modelling of attacker actions, using a probabilistic risk analysis (PRA) approach based on eliciting probabilities of different initiating events from appropriate experts, assessing uncertainties beyond probabilities and expected values, and ignoring the probabilities of the attacks and choosing to protect highest valued targets. In this paper we discuss and compare the fundamental assumptions that underlie each of these approaches. We then suggest a new framework that makes the fundamental assumptions underlying the approaches clear to decision makers and presents them with a suite of results from conditional risk analysis methods. Each of the conditional methods presents the risk from a specified set of fundamental assumptions, allowing the decision maker to see the impacts of these assumptions on the risk management strategies considered and to weight the different conditional results with their assessments of the relative likelihood of the different sets of assumptions.

  17. Comparison of acute phase response during attack and attack-free period in children with Familial Mediterranean Fever

    Directory of Open Access Journals (Sweden)

    Erdal Çakmak

    2013-06-01

    Full Text Available Objective: The aim of this study was to compare acutephase reactant (AFR levels at attack period and attackfreeperiod under colchicine treatment in children with FamilialMediterranean Fever (FMF.Methods: The diagnosis of FMF was done based on clinicalcriteria and patients were prospectively followed upfor average of 1.2 years. Symptom-onset age, age at diagnosis,clinical symptoms and features of FMF attackswere recorded. MEFV gene mutations were detected byreverse hybridization (strip assay method. Peripheralblood leukocyte count, erythrocyte sedimentation rate(ESR, C-reactive protein (CRP and blood fibrinogen levelswere measured by standard methods, both at attackperiod and during attack-free period.Results: Totally 105 (55 girls, 50 boys children with FMFwere included. The mean age was 8.9±3.2 years, meansymptom onset age was 5.9 years and mean age at diagnosiswas 8.1 years. MEFV gene mutations were asfollows: E148Q (29.2%, M694V (24.8%, R761H (15.3%and V726A (13.1%. The mean AFR values were overnormal values in attack period and there was at least onehigh AFR level in 80.0% of patients. In attack-free period,although the mean values of all AFRs were within normallimits, 31.4% of patients had at least one high AFR level.Conclusion: Based on these data, one-third of FMF childrenhad a high AFR level, which may be a marker of subclinicalinflammation. In children with continuous inflammationduring attack-free period, a new anti-inflammatorydrug additional to colchicine can be considered in order toprevent complications of chronic inflammation. J Clin ExpInvest 2013; 4 (2: 213-218Key words: Familial Mediterranean Fever, acute phasereactants, children, attack period, attack-free period

  18. RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks

    Science.gov (United States)

    Kim, Chong Hee; Avoine, Gildas

    RFID systems suffer from different location-based attacks such as distance fraud, mafia fraud and terrorist fraud attacks. Among them mafia fraud attack is the most serious since this attack can be mounted without the notice of both the reader and the tag. An adversary performs a kind of man-in-the-middle attack between the reader and the tag. It is very difficult to prevent this attack since the adversary does not change any data between the reader and the tag. Recently distance bounding protocols measuring the round-trip time between the reader and the tag have been researched to prevent this attack.

  19. Breakthrough attacks in patients with hereditary angioedema receiving long-term prophylaxis are responsive to icatibant

    DEFF Research Database (Denmark)

    Aberer, Werner; Maurer, Marcus; Bouillet, Laurence

    2017-01-01

    BACKGROUND: Patients with hereditary angioedema (HAE) due to C1-inhibitor deficiency (C1-INH-HAE) experience recurrent attacks of cutaneous or submucosal edema that may be frequent and severe; prophylactic treatments can be prescribed to prevent attacks. However, despite the use of long......-term prophylaxis (LTP), breakthrough attacks are known to occur. We used data from the Icatibant Outcome Survey (IOS) to evaluate the characteristics of breakthrough attacks and the effectiveness of icatibant as a treatment option. METHODS: Data on LTP use, attacks, and treatments were recorded. Attack...... characteristics, treatment characteristics, and outcomes (time to treatment, time to resolution, and duration of attack) were compared for attacks that occurred with versus without LTP. RESULTS: Data on 3228 icatibant-treated attacks from 448 patients with C1-INH-HAE were analyzed; 30.1% of attacks occurred while...

  20. Impact of Cyber Attacks on High Voltage DC Transmission Damping Control

    Directory of Open Access Journals (Sweden)

    Rui Fan

    2018-04-01

    Full Text Available Hybrid AC/HVDC (AC-HVDC grids have evolved to become huge cyber-physical systems that are vulnerable to cyber attacks because of the wide attack surface and increasing dependence on intelligent electronic devices, computing resources and communication networks. This paper, for the first time, studies the impact of cyber attacks on HVDC transmission oscillation damping control.Three kinds of cyber attack models are considered: timing attack, replay attack and false data injection attack. Followed by a brief introduction of the HVDC model and conventional oscillation damping control method, the design of three attack models is described in the paper. These attacks are tested on a modified IEEE New England 39-Bus AC-HVDC system. Simulation results have shown that all three kinds of attacks are capable of driving the AC-HVDC system into large oscillations or even unstable conditions.

  1. Network resilience against intelligent attacks constrained by the degree-dependent node removal cost

    International Nuclear Information System (INIS)

    Annibale, A; Coolen, A C C; Bianconi, G

    2010-01-01

    We study the resilience of complex networks against attacks in which nodes are targeted intelligently, but where disabling a node has a cost to the attacker which depends on its degree. Attackers have to meet these costs with limited resources, which constrains their actions. A network's integrity is quantified in terms of the efficacy of the process that it supports. We calculate how the optimal attack strategy and the most attack-resistant network degree statistics depend on the node removal cost function and the attack resources. The resilience of networks against intelligent attacks is found to depend strongly on the node removal cost function faced by the attacker. In particular, if node removal costs increase sufficiently fast with the node degree, power law networks are found to be more resilient than Poissonian ones, even against optimized intelligent attacks. For cost functions increasing quadratically in the node degrees, intelligent attackers cannot damage the network more than random damages would.

  2. Cyber Attacks and Terrorism: A Twenty-First Century Conundrum.

    Science.gov (United States)

    Albahar, Marwan

    2017-01-05

    In the recent years, an alarming rise in the incidence of cyber attacks has made cyber security a major concern for nations across the globe. Given the current volatile socio-political environment and the massive increase in the incidence of terrorism, it is imperative that government agencies rapidly realize the possibility of cyber space exploitation by terrorist organizations and state players to disrupt the normal way of life. The threat level of cyber terrorism has never been as high as it is today, and this has created a lot of insecurity and fear. This study has focused on different aspects of cyber attacks and explored the reasons behind their increasing popularity among the terrorist organizations and state players. This study proposes an empirical model that can be used to estimate the risk levels associated with different types of cyber attacks and thereby provide a road map to conceptualize and formulate highly effective counter measures and cyber security policies.

  3. Angle-of-attack estimation for analysis of CAT encounters

    Science.gov (United States)

    Bach, R. E., Jr.; Parks, E. K.

    1985-01-01

    Recent studies of clear-air turbulence (CAT) encounters involving wide-body airliners have been based upon flight-path wind estimates made by analyzing digital flight-data-recorder (DFDR) records and radar records. Such estimates require a time history of the aircraft angle of attack, a record that is not usually included in the DFDR measurement set. This paper describes a method for reconstructing angle of attack that utilizes available flight record and aircraft-specific information associated with an aerodynamic model of the lift coefficient. Results from two wide-body incidents in which vane measurements of angle of attack were recorded show good agreement between measured and calculated time histories. This research has been performed in cooperation with the National Transportation Safety Board to provide a better understanding of the CAT phenomenon.

  4. Conservation biology: lion attacks on humans in Tanzania.

    Science.gov (United States)

    Packer, Craig; Ikanda, Dennis; Kissui, Bernard; Kushnir, Hadas

    2005-08-18

    Large carnivores inspire opposition to conservation efforts owing to their impact on livestock and human safety. Here we analyse the pattern of lion attacks over the past 15 years on humans in Tanzania, which has the largest population of lions in Africa, and find that they have killed more than 563 Tanzanians since 1990 and injured at least 308. Attacks have increased dramatically during this time: they peak at harvest time each year and are most frequent in areas with few prey apart from bush pigs (Potamochoerus larvatus), the most common nocturnal crop pest. Our findings provide an important starting point for devising strategies to reduce the risk to rural Tanzanians of lion attacks.

  5. Trojan horse attacks on counterfactual quantum key distribution

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Xiuqing, E-mail: xqqyang@163.com [School of Science, Beijing Jiaotong University, Beijing 100044 (China); College of Science, Inner Mongolia University of Technology, 010051 Hohhot (China); Wei, Kejin; Ma, Haiqiang [School of Science, Beijing University of Posts and Telecommunications, Beijing 100876 (China); Sun, Shihai, E-mail: shsun@nudt.edu.cn [Department of Physics, National University of Defense Technology, Changsha 410073 (China); Du, Yungang [College of Science, Inner Mongolia University of Technology, 010051 Hohhot (China); Wu, Lingan [Laboratory of Optical Physics, Institute of Physics, Chinese Academy of Sciences, Beijing 100080 (China)

    2016-04-22

    There has been much interest in “counterfactual quantum cryptography” (T.-G. Noh, 2009 [10]). It seems that the counterfactual quantum key distribution protocol without any photon carrier through the quantum channel provides practical security advantages. However, we show that it is easy to break counterfactual quantum key distribution systems in practical situations. We introduce the two types of Trojan horse attacks that are available for the two-way protocol and become possible for practical counterfactual systems with our eavesdropping schemes. - Highlights: • We find the attacks available for the two-way protocol become possible for the practical counterfactual systems. • It does not require the assumption that it works on the counterfactual systems only in a finite key scenario. • Compared to the other attack models, our scheme is relatively simple for an eavesdropper.

  6. Computing Preferred Extensions for Argumentation Systems with Sets of Attacking

    DEFF Research Database (Denmark)

    Nielsen, Søren Holbech; Parsons, Simon

    2006-01-01

    The hitherto most abstract, and hence general, argumentation system, is the one described by Dung in a paper from 1995. This framework does not allow for joint attacks on arguments, but in a recent paper we adapted it to support such attacks, and proved that this adapted framework enjoyed the same...... formal properties as that of Dung. One problem posed by Dung's original framework, which was neglected for some time, is how to compute preferred extensions of the argumentation systems. However, in 2001, in a paper by Doutre and Mengin, a procedure was given for enumerating preferred extensions...... for these systems. In this paper we propose a method for enumerating preferred extensions of the potentially more complex systems, where joint attacks are allowed. The method is inspired by the one given by Doutre and Mengin....

  7. A video-polygraphic analysis of the cataplectic attack

    DEFF Research Database (Denmark)

    Rubboli, G; d'Orsi, G; Zaniboni, A

    2000-01-01

    OBJECTIVES AND METHODS: To perform a video-polygraphic analysis of 11 cataplectic attacks in a 39-year-old narcoleptic patient, correlating clinical manifestations with polygraphic findings. Polygraphic recordings monitored EEG, EMG activity from several cranial, trunk, upper and lower limbs...... muscles, eye movements, EKG, thoracic respiration. RESULTS: Eleven attacks were recorded, all of them lasting less than 1 min and ending with the fall of the patient to the ground. We identified, based on the video-polygraphic analysis of the episodes, 3 phases: initial phase, characterized essentially...... with bradycardia, that was maximal during the atonic phase. CONCLUSIONS: Analysis of the muscular phenomena that characterize cataplectic attacks in a standing patient suggests that the cataplectic fall occurs with a pattern that might result from the interaction between neuronal networks mediating muscular atonia...

  8. Gray Matter Is Targeted in First-Attack Multiple Sclerosis

    Energy Technology Data Exchange (ETDEWEB)

    Schutzer, Steven E.; Angel, Thomas E.; Liu, Tao; Schepmoes, Athena A.; Xie, Fang; Bergquist, Jonas P.; Vecsei, Lazlo' ; Zadori, Denes; Camp, David G.; Holland, Bart K.; Smith, Richard D.; Coyle, Patricia K.

    2013-09-10

    The cause of multiple sclerosis (MS), its driving pathogenesis at the earliest stages, and what factors allow the first clinical attack to manifest remain unknown. Some imaging studies suggest gray rather than white matter may be involved early, and some postulate this may be predictive of developing MS. Other imaging studies are in conflict. To determine if there was objective molecular evidence of gray matter involvement in early MS we used high-resolution mass spectrometry to identify proteins in the cerebrospinal fluid (CSF) of first-attack MS patients (two independent groups) compared to established relapsing remitting (RR) MS and controls. We found that the CSF proteins in first-attack patients were differentially enriched for gray matter components (axon, neuron, synapse). Myelin components did not distinguish these groups. The results support that gray matter dysfunction is involved early in MS, and also may be integral for the initial clinical presentation.

  9. A robust color image watermarking algorithm against rotation attacks

    Science.gov (United States)

    Han, Shao-cheng; Yang, Jin-feng; Wang, Rui; Jia, Gui-min

    2018-01-01

    A robust digital watermarking algorithm is proposed based on quaternion wavelet transform (QWT) and discrete cosine transform (DCT) for copyright protection of color images. The luminance component Y of a host color image in YIQ space is decomposed by QWT, and then the coefficients of four low-frequency subbands are transformed by DCT. An original binary watermark scrambled by Arnold map and iterated sine chaotic system is embedded into the mid-frequency DCT coefficients of the subbands. In order to improve the performance of the proposed algorithm against rotation attacks, a rotation detection scheme is implemented before watermark extracting. The experimental results demonstrate that the proposed watermarking scheme shows strong robustness not only against common image processing attacks but also against arbitrary rotation attacks.

  10. Mapping the Most Significant Computer Hacking Events to a Temporal Computer Attack Model

    OpenAIRE

    Heerden , Renier ,; Pieterse , Heloise; Irwin , Barry

    2012-01-01

    Part 4: Section 3: ICT for Peace and War; International audience; This paper presents eight of the most significant computer hacking events (also known as computer attacks). These events were selected because of their unique impact, methodology, or other properties. A temporal computer attack model is presented that can be used to model computer based attacks. This model consists of the following stages: Target Identification, Reconnaissance, Attack, and Post-Attack Reconnaissance stages. The...

  11. Quick Reference: Cyber Attacks Awareness and Prevention Method for Home Users

    OpenAIRE

    Haydar Teymourlouei

    2015-01-01

    It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such t...

  12. Lead exposure potentiates predatory attack behavior in the cat

    International Nuclear Information System (INIS)

    Li Wenjie; Han Shenggao; Gregg, T.R.; Kemp, F.W.Francis W.; Davidow, A.L.; Louria, D.B.; Siegel, Allan; Bogden, J.D.

    2003-01-01

    Epidemiologic studies have demonstrated that environmental lead exposure is associated with aggressive behavior in children; however, numerous confounding variables limit the ability of these studies to establish a causal relationship. The study of aggressive behavior using a validated animal model was used to test the hypothesis that there is a causal relationship between lead exposure and aggression in the absence of confounding variables. We studied the effects of lead exposure on a feline model of aggression: predatory (quiet biting) attack of an anesthetized rat. Five cats were stimulated with a precisely controlled electrical current via electrodes inserted into the lateral hypothalamus. The response measure was the predatory attack threshold current (i.e., the current required to elicit an attack response on 50% of the trials). Blocks of trials were administered in which predatory attack threshold currents were measured three times a week for a total of 6-10 weeks, including before, during, and after lead exposure. Lead was incorporated into cat food 'treats' at doses of 50-150 mg/kg/day. Two of the five cats received a second period of lead exposure. Blood lead concentrations were measured twice a week and were <1, 21-77, and <20 μg/dL prior to, during, and after lead exposure, respectively. The predatory attack threshold decreased significantly during initial lead exposure in three of five cats and increased after the cessation of lead exposure in four of the five cats (P<0.01). The predatory attack thresholds and blood lead concentrations for each cat were inversely correlated (r=-0.35 to -0.74). A random-effects mixed model demonstrated a significant (P=0.0019) negative association between threshold current and blood lead concentration. The data of this study demonstrate that lead exposure enhances predatory aggression in the cat and provide experimental support for a causal relationship between lead exposure and aggressive behavior in humans

  13. VoIP attacks detection engine based on neural network

    Science.gov (United States)

    Safarik, Jakub; Slachta, Jiri

    2015-05-01

    The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

  14. Securing SQL Server Protecting Your Database from Attackers

    CERN Document Server

    Cherry, Denny

    2012-01-01

    Written by Denny Cherry, a Microsoft MVP for the SQL Server product, a Microsoft Certified Master for SQL Server 2008, and one of the biggest names in SQL Server today, Securing SQL Server, Second Edition explores the potential attack vectors someone can use to break into your SQL Server database as well as how to protect your database from these attacks. In this book, you will learn how to properly secure your database from both internal and external threats using best practices and specific tricks the author uses in his role as an independent consultant while working on some of the largest

  15. Command injection attacks, continuations, and the Lambek calculus

    Directory of Open Access Journals (Sweden)

    Hayo Thielecke

    2016-06-01

    Full Text Available This paper shows connections between command injection attacks, continuations, and the Lambek calculus: certain command injections, such as the tautology attack on SQL, are shown to be a form of control effect that can be typed using the Lambek calculus, generalizing the double-negation typing of continuations. Lambek's syntactic calculus is a logic with two implicational connectives taking their arguments from the left and right, respectively. These connectives describe how strings interact with their left and right contexts when building up syntactic structures. The calculus is a form of propositional logic without structural rules, and so a forerunner of substructural logics like Linear Logic and Separation Logic.

  16. Securing SQL Server Protecting Your Database from Attackers

    CERN Document Server

    Cherry, Denny

    2011-01-01

    There is a lot at stake for administrators taking care of servers, since they house sensitive data like credit cards, social security numbers, medical records, and much more. In Securing SQL Server you will learn about the potential attack vectors that can be used to break into your SQL Server database, and how to protect yourself from these attacks. Written by a Microsoft SQL Server MVP, you will learn how to properly secure your database, from both internal and external threats. Best practices and specific tricks employed by the author will also be revealed. Learn expert techniques to protec

  17. Iron supplementation for breath-holding attacks in children.

    Science.gov (United States)

    Zehetner, Anthony A; Orr, Nigel; Buckmaster, Adam; Williams, Katrina; Wheeler, Danielle M

    2010-05-12

    Breath-holding attacks are common during childhood. Iron supplementation has been claimed to reduce the frequency or severity, or both, of breath-holding attacks in children. To assess the effect of iron supplementation on the frequency and severity of breath-holding attacks in children. We searched the Cochrane Central Register of Controlled Trials (CENTRAL) (The Cochrane Library), MEDLINE, EMBASE, PsycINFO, CINAHL and the metaRegister of Controlled Trials (up to April 2009). We scanned references of included trials. Pharmaceutical companies manufacturing oral iron supplements and some trial authors were contacted for any unpublished data or trials. Randomised and quasi-randomised controlled trials comparing iron supplementation with placebo or no therapy in children breath-holding episodes. These were reported by an observer. The primary outcome was reduction in the frequency (number over time) or severity (leading to cessation of loss of consciousness or convulsive movements), or both, of breath-holding attacks. Two authors (AZ and NO) independently selected studies and extracted data. Study authors were contacted for missing data, where necessary. Risk of bias was assessed using domain-based evaluation. In the presence of low heterogeneity, a fixed-effect meta-analysis was performed with pooled results presented as odds ratios (OR) and 95% confidence intervals (CIs). Two trials (87 children) fulfilled the inclusion criteria. In these trials, iron supplementation significantly reduced the frequency of breath-holding attacks in children (OR 76.48; 95% CI 15.65 to 373.72; P breath-holding attacks maintained this significance (OR 53.43; 95% CI 6.57 to 434.57; P = 0.0002). Iron supplementation (at 5 mg/kg/day of elemental iron for 16 weeks) appears to be useful in reducing the frequency and severity of breath-holding attacks. Supplementation is of particular benefit in children with iron deficiency anaemia, responses correlating with the improvements in haemoglobin

  18. Patrol Detection for Replica Attacks on Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Yang Shi

    2011-02-01

    Full Text Available Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by discussing and comparing the communication cost and detection probability with some existing methods.

  19. Quantum Encryption Minimising Key Leakage under Known Plaintext Attacks

    DEFF Research Database (Denmark)

    Pedersen, Thomas Brochmann

    2006-01-01

    In this dissertation we show how, by using a quantum channel, we can get more unconditionally secret communication with a symmetric key under known plaintext attacks. In unconditionally secret encryption schemes the key is necessarily an expensive resource since it cannot safely be reused for more......, or interactive encryption schemes, where the interaction does not need to occur online. In our model we show that the amount of key leaked under a known plaintext attack can be made arbitrarily small even in non-interactive encryption schemes. We also give an encryption scheme where eavesdropping can be detected...

  20. Performance analysis of DoS LAND attack detection

    Directory of Open Access Journals (Sweden)

    Deepak Kshirsagar

    2016-09-01

    This paper proposes the intrusion detection mechanism for DoS detection such as Local Area Network Denial (LAND, which classified into the Network Traffic Analyzer, Traffic Features Identification and Extraction, IP spoofing based attack detection and Intruder Information. This system efficiently detects DoS LAND based on IP spoofing. This system analyzes the network resources consumed by an attacker. The system is implemented and tested using open source tools. The experimental result shows that, the proposed system produces better performance in comparison with state-of-art existing system and result into a low level of memory and CPU usage.

  1. Attacks to Cryptography Protocols of Wireless Industrial Communication Systems

    Directory of Open Access Journals (Sweden)

    Tomas Ondrasina

    2010-01-01

    Full Text Available The paper deals with problems of safety and security principles within wireless industrial communication systems. First safety requirements to wireless industrial communication system, summarisation of attack methods and the available measures for risks elimination are described with orientation to safety critical applications. The mainly part is oriented to identification of risks and summarisation of defensive methods of wireless communication based on cryptographic techniques. Practical part the cryptoanalytic’s attacks to COTS (Commercial Off-The-Shelf wireless communications are mentioned based on the IEEE 802.11 standards.

  2. Mitigating Drive-By Download Attacks: Challenges and Open Problems

    Science.gov (United States)

    Egele, Manuel; Kirda, Engin; Kruegel, Christopher

    Malicious web sites perform drive-by download attacks to infect their visitors with malware. Current protection approaches rely on black- or white-listing techniques that are difficult to keep up-to-date. As todays drive-by attacks already employ encryption to evade network level detection we propose a series of techniques that can be implemented in web browsers to protect the user from such threats. In addition, we discuss challenges and open problems that these mechanisms face in order to be effective and efficient.

  3. Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

    Energy Technology Data Exchange (ETDEWEB)

    Bri Rolston

    2005-06-01

    Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills, and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between

  4. Sleep Deprivation Attack Detection in Wireless Sensor Network

    Science.gov (United States)

    Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

    2012-02-01

    Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maximize the power consumption of sensor nodes, so that their lifetime is minimized. Most of the existing works on sleep deprivation attack detection involve a lot of overhead, leading to poor throughput. The need of the day is to design a model for detecting intrusions accurately in an energy efficient manner. This paper proposes a hierarchical framework based on distributed collaborative mechanism for detecting sleep deprivation torture in wireless sensor network efficiently. Proposed model uses anomaly detection technique in two steps to reduce the probability of false intrusion.

  5. Xenophobic Attacks And Other Violence In South Africa: A ...

    African Journals Online (AJOL)

    This is also noted in Article three (3) of the Human Rights Laws: “Everyone has the right to life, liberty and security of person.” This paper is interested therefore in showing xenophobic attacks and other violence in South Africa as barriers or obstacles to achieving peace in the world. It recommended religious preaching and ...

  6. Protecting water and wastewater infrastructure from cyber attacks

    Science.gov (United States)

    Panguluri, Srinivas; Phillips, William; Cusimano, John

    2011-12-01

    Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

  7. Auricular electroacupuncture reduces frequency and severity of Raynaud attacks.

    Science.gov (United States)

    Schlager, Oliver; Gschwandtner, Michael E; Mlekusch, Irene; Herberg, Karin; Frohner, Tanja; Schillinger, Martin; Koppensteiner, Renate; Mlekusch, Wolfgang

    2011-02-01

    Acupuncture has been shown to influence skin perfusion and the subjective cold perception threshold. Therefore, we hypothesized that auricular electroacupuncture (EA) might reduce symptoms in primary Raynaud's phenomenon (PRP). Twenty-six patients with PRP received 6 cycles of auricular EA. After 3, 6 and 24 weeks attack frequency and severity were reevaluated using standardized questionnaires and a visual analogue scale (VAS). Skin temperature was assessed by infrared thermography and laser Doppler perfusion imaging was used to determine skin perfusion. Compared to baseline we found a significant reduction of attack frequency after 3 (p = 0.001) and 6 weeks (p < 0.001) of auricular EA. This improvement sustained following cessation of EA, after 24 weeks (p < 0.001). Furthermore, attack associated pain was reduced after 3 (p = 0.003), 6 (p = 0.003) and 24 weeks (p = 0.001) of treatment, while skin temperature and skin perfusion did not change significantly throughout the study period. Auricular EA reduces symptoms by means of frequency and severity of attacks in PRP but has no influence on skin perfusion and skin temperature.

  8. Combined measures against SQL-Injection attacks | Mac'Odo ...

    African Journals Online (AJOL)

    In today's world, we see continuous increase in security threats of web-based napplication as our dependence on these applications increase through our integration of them into our everyday activities. Virtually everything is done on the web. SQL injection is one of the most serious attacks against web applications.

  9. Possibility of spoof attack against robustness of multibiometric authentication systems

    Science.gov (United States)

    Hariri, Mahdi; Shokouhi, Shahriar Baradaran

    2011-07-01

    Multibiometric systems have been recently developed in order to overcome some weaknesses of single biometric authentication systems, but security of these systems against spoofing has not received enough attention. In this paper, we propose a novel practical method for simulation of possibilities of spoof attacks against a biometric authentication system. Using this method, we model matching scores from standard to completely spoofed genuine samples. Sum, product, and Bayes fusion rules are applied for score level combination. The security of multimodal authentication systems are examined and compared with the single systems against various spoof possibilities. However, vulnerability of fused systems is considerably increased against spoofing, but their robustness is generally higher than single matcher systems. In this paper we show that robustness of a combined system is not always higher than a single system against spoof attack. We propose empirical methods for upgrading the security of multibiometric systems, which contain how to organize and select biometric traits and matchers against various possibilities of spoof attack. These methods provide considerable robustness and present an appropriate reason for using combined systems against spoof attacks.

  10. Sleep attacks in patients taking dopamine agonists: review.

    Science.gov (United States)

    Homann, Carl Nikolaus; Wenzel, Karoline; Suppan, Klaudia; Ivanic, Gerd; Kriechbaum, Norbert; Crevenna, Richard; Ott, Erwin

    2002-06-22

    To assess the evidence for the existence and prevalence of sleep attacks in patients taking dopamine agonists for Parkinson's disease, the type of drugs implicated, and strategies for prevention and treatment. Review of publications between July 1999 and May 2001 in which sleep attacks or narcoleptic-like attacks were discussed in patients with Parkinson's disease. 124 patients with sleep events were found in 20 publications. Overall, 6.6% of patients taking dopamine agonists who attended movement disorder centres had sleep events. Men were over-represented. Sleep events occurred at both high and low doses of the drugs, with different durations of treatment (0-20 years), and with or without preceding signs of tiredness. Sleep attacks are a class effect, having been found in patients taking the following dopamine agonists: levodopa (monotherapy in 8 patients), ergot agonists (apomorphine in 2 patients, bromocriptine in 13, cabergoline in 1, lisuride or piribedil in 23, pergolide in 5,) and non-ergot agonists (pramipexole in 32, ropinirole in 38). Reports suggest two distinct types of events: those of sudden onset without warning and those of slow onset with prodrome drowsiness. Insufficient data are available to provide effective guidelines for prevention and treatment of sleep events in patients taking dopamine agonists for Parkinson's disease. Prospective population based studies are needed to provide this information.

  11. Biometric Authentication Systems Attacks: Liveness Detection to the ...

    African Journals Online (AJOL)

    PROF. OLIVER OSUAGWA

    2014-12-01

    Dec 1, 2014 ... Keywords: Liveness, Biometrics, Biometric Systems, Authentication, Verification,. Vulnerabilities, attacks, Threats. 1.0 Introduction. Informaton security is the profession that protects the Confidentiality,. Integrity and Availability (CIA) of information systems and information services. The CIA triad is the pillar of.

  12. Prevalence of eating disorders and eating attacks in narcolepsy

    Directory of Open Access Journals (Sweden)

    Norbert Dahmen

    2008-03-01

    Full Text Available Norbert Dahmen, Julia Becht, Alice Engel, Monika Thommes, Peter TonnPsychiatry Department, University of Mainz, GermanyAbstract: Narcoleptic patients suffer frequently from obesity and type II diabetes. Most patients show a deficit in the energy balance regulating orexinergic system. Nevertheless, it is not known, why narcoleptic patients tend to be obese. We examined 116 narcoleptic patients and 80 controls with the structured interview for anorectic and bulimic eating disorders (SIAB to test the hypothesis that typical or atypical eating attacks or eating disorders may be more frequent in narcoleptic patients. No difference in the current prevalence of eating disorders bulimia nervosa, binge eating disorder, or anorexia nervosa was found, nor was the frequency of eating attacks higher in the narcolepsy group. We conclude that present eating disorders and eating attacks as defined in DSM IV are not the reason for the observed differences in body composition. Additional factors, such as basal metabolic rates and lifestyle factors need to be considered.Keywords: narcolepsy, eating disorder, SIAB, bulimia, anorexia, eating attack

  13. Non-linear Flight Dynamics at High Angles of Attack

    DEFF Research Database (Denmark)

    Granasy, P.; Sørensen, C.B.; Mosekilde, Erik

    1998-01-01

    The methods of nonlinear dynamics are applied to the longitudinal motion of a vectored thrust aircraft, in particular the behavior at high angles of attack. Our model contains analytic nonlinear aerodynamical coefficients based on NASA windtunnel experiments on the F-18 high-alpha research vehicl...

  14. Practical Attacks on AES-like Cryptographic Hash Functions

    DEFF Research Database (Denmark)

    Kölbl, Stefan; Rechberger, Christian

    2015-01-01

    Despite the great interest in rebound attacks on AES-like hash functions since 2009, we report on a rather generic, albeit keyschedule-dependent, algorithmic improvement: A new message modification technique to extend the inbound phase, which even for large internal states makes it possible...

  15. Exercise Following a Heart Attack: Some Special Considerations.

    Science.gov (United States)

    Fardy, Paul S.

    This paper presents information on the effectiveness of exercise programs for heart attack victims. Some of the observations come from unpublished results of a two year experiment of the National Exercise and Heart Disease Project. The paper first establishes that a group exercise program with trained supervision is advantageous for people with…

  16. Carotid endarterectomy after intravenous thrombolysis for acute cerebral ischaemic attack

    DEFF Research Database (Denmark)

    Rathenborg, Lisbet Knudsen; Jensen, L P; Baekgaard, N

    2013-01-01

    Intravenous thrombolysis (IVT) has proven effective in the treatment of acute cerebral ischaemic attack in selected cases. In the presence of a carotid artery stenosis, such patients may be candidates for carotid endarterectomy (CEA). Few studies have been made on the safety of CEA performed after...

  17. Robust Image Watermarking Algorithm Based on ASIFT against Geometric Attacks

    Directory of Open Access Journals (Sweden)

    Chengyou Wang

    2018-03-01

    Full Text Available Image processing technology has been developed rapidly in recent years, and altering the content of an image is easy for everyone, but may be illegal for an attacker. Thus, it is urgent and necessary to overcome this problem to protect the integrity and authenticity of images. Watermarking is a powerful technique proposed to solve this problem. This paper introduces a robust image watermarking algorithm working in the wavelet domain, embedding the watermark information into the third level low frequency coefficients after the three-level discrete wavelet transform (DWT and singular value decomposition (SVD. Additionally, to improve the robustness to geometric attacks, the affine-scale-invariant feature transform (ASIFT is applied to obtain feature points which are invariant to geometric attacks. Then, features of acquired points between the watermarked image and the received image are used to realize the resynchronization to improve the robustness. Experimental results show that the proposed algorithm achieves great balance between robustness and imperceptibility, and is robust against geometric attacks, JPEG compression, noise addition, cropping, median filters, and so on.

  18. Lowering virus attack with improved yield and fiber quality in ...

    African Journals Online (AJOL)

    A three year study with the objective of exploring the possible role of different sowing dates and cotton genotypes on seed cotton yield, fiber quality and virus attack was conducted at the Cotton Research Station (CRS), Multan, Pakistan during three consecutive years (2006, 2007 and 2008). Two cotton genotypes namely: ...

  19. Pitfalls in management of acute gouty attack, a qualitative research ...

    African Journals Online (AJOL)

    Hamid Mustafa

    2014-05-17

    May 17, 2014 ... Abstract Objective: To probe doctors' attitudes and reveal wrong perception in the management of acute gouty attacks. Design: A descriptive study using a designed questionnaire that was completed through face to face interviews in hospitals, health units and polyclinics in the Makah Region. Method: This ...

  20. Vulnerabilities in GSM technology and feasibility of selected attacks

    Science.gov (United States)

    Voznak, M.; Prokes, M.; Sevcik, L.; Frnda, J.; Toral-Cruz, Homer; Jakovlev, Sergej; Fazio, Peppino; Mehic, M.; Mikulec, M.

    2015-05-01

    Global System for Mobile communication (GSM) is the most widespread technology for mobile communications in the world and serving over 7 billion users. Since first publication of system documentation there has been notified a potential safety problem's occurrence. Selected types of attacks, based on the analysis of the technical feasibility and the degree of risk of these weaknesses, were implemented and demonstrated in laboratory of the VSB-Technical University of Ostrava, Czech Republic. These vulnerabilities were analyzed and afterwards possible attacks were described. These attacks were implemented using open-source tools, software programmable radio USRP (Universal Software RadioPeripheral) and DVB-T (Digital Video Broadcasting - Terrestrial) receiver. GSM security architecture is being scrutinized since first public releases of its specification mainly pointing out weaknesses in authentication and ciphering mechanisms. This contribution also summarizes practically proofed and used scenarios that are performed using opensource software tools and variety of scripts mostly written in Python. Main goal of this paper is in analyzing security issues in GSM network and practical demonstration of selected attacks.

  1. Predatory mites avoid ovipositing near counter-attacking prey

    NARCIS (Netherlands)

    Faraji, F.; Janssen, A.; Sabelis, M.W.

    2001-01-01

    Attacking prey is not without risk; predators may endure counterattackby the prey. Here, we study the oviposition behaviour of a predatory mite(Iphiseius degenerans) in relation to its prey, thewesternflower thrips (Frankliniella occidentalis). This thrips iscapable of killing the eggs of the

  2. Nursery Pest Management of Phytolyma lata Walker (Scott) Attack ...

    African Journals Online (AJOL)

    The establishment of plantations of Milicia excelsa has been constrained by the gall-forming psyllid Phytolyma lata Walker (Scott) that causes extensive damage to young plants. We present findings of an experiment aimed at preventing Phytolyma attack on Milicia seedlings in the nursery using chemical control and ...

  3. Detection and isolation of routing attacks through sensor watermarking

    NARCIS (Netherlands)

    Ferrari, R.; Herdeiro Teixeira, A.M.; Sun, J; Jiang, Z-P

    2017-01-01

    In networked control systems, leveraging the peculiarities of the cyber-physical domains and their interactions may lead to novel detection and defense mechanisms against malicious cyber-attacks. In this paper, we propose a multiplicative sensor watermarking scheme, where each sensor's output is

  4. [Limbic ictus as a condition for anxiety attacks].

    Science.gov (United States)

    Gallinat, J; Hegerl, U

    1999-03-01

    Episodes of anxiety have been reported to be the most common psychological symptoms in patients with partial seizures. They may occur before, during and after seizures and can also appear in isolation without any convulsive symptoms. The epileptic anxiety syndrome is strikingly similar to panic attacks, and panic disorder is an important differential diagnosis. The close relationship between epileptic seizures and panic attacks is of special interest for a better pathophysiological understanding of panic attacks. In the literature an epileptiform neuronal activity is discussed as a possible underlying mechanism for panic disorder. The finding that anxiety was the most common experiential phenomenon produced by electrical stimulation of amygdala and hippocampus with depth electrodes points in this direction. PET has demonstrated abnormalities of hippocampal structures during the nonpanic state of patients with panic disorder. In addition, some EEG studies have demonstrated a high incidence of epileptiform EEG patterns in patients with panic disorder with or without agoraphobia. This was the reason why several investigators proposed that a subset of panic attacks may be related to abnormal epileptiform neuronal activity in the limbic system. The size of this subset is difficult to determine because discharges in the depth of the limbic system often cannot be seen in the scalp EEG. Concerning the hypothetical pathophysiological mechanism of panic disorder therapeutic measures were taken with antiepileptic agents. The best results were obtained for valproic acid. It seems to be reasonable to make a therapeutic trial with antiepileptic medication after nonresponse to standard pharmacotherapy.

  5. Toward Exposing Timing-Based Probing Attacks in Web Applications

    Directory of Open Access Journals (Sweden)

    Jian Mao

    2017-02-01

    Full Text Available Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach.

  6. Ictal panic and interictal panic attacks: diagnostic and therapeutic principles.

    Science.gov (United States)

    Kanner, Andres M

    2011-02-01

    Ictal and postictal panic and interictal and primary panic attacks share common symptoms but differ with respect to duration and association with other symptoms. A careful history is often sufficient to distinguish these events. When necessary, electroencephalography and neuroimaging studies, estimation of prolactin levels can be a helpful tool in establishing an accurate diagnosis. Copyright © 2011 Elsevier Inc. All rights reserved.

  7. Assessing Sexual Abuse/Attack Histories with Bariatric Surgery Patients

    Science.gov (United States)

    Mahony, David

    2010-01-01

    This study assessed sexual abuse/attack histories in 537 bariatric surgery patients using the PsyBari. The prevalence rates found were lower (15.5%, 19.3% of women, 5.2% of men) than other studies that used bariatric surgery patients but consistent with studies that used nonbariatric obese subjects. Furthermore, bariatric surgery patients who…

  8. Analysing initial attack on wildland fires using stochastic simulation.

    Science.gov (United States)

    Jeremy S. Fried; J. Keith Gilless; James. Spero

    2006-01-01

    Stochastic simulation models of initial attack on wildland fire can be designed to reflect the complexity of the environmental, administrative, and institutional context in which wildland fire protection agencies operate, but such complexity may come at the cost of a considerable investment in data acquisition and management. This cost may be well justified when it...

  9. On the Estimation of the k-RSA Attack

    Directory of Open Access Journals (Sweden)

    Anatoliy Sergeyevich Makeyev

    2016-03-01

    Full Text Available In this paper, we discuss the attack on the RSA cryptosystem with  modules (≥2. We also provide estimation of the attacks’s complexity. Finally, we give the experimental results for different modules and open exponents.

  10. Bark beetle management after a mass attack - some Swiss experiences

    Science.gov (United States)

    B. Forster; F. Meier; R. Gall

    2003-01-01

    In 1990 and 1999, heavy storms accompanied by the worst gales ever recorded in Switzerland, struck Europe and left millions of cubic metres of windthrown Norway spruce trees; this provided breeding material for the eight-toothed spruce bark beetle (Ips typographus L.) and led to mass attacks in subsequent years which resulted in the additional loss...

  11. Big News: The Indian Media and Student Attacks in Australia

    Directory of Open Access Journals (Sweden)

    Matt Wade

    2016-05-01

    Full Text Available By any measure, 2009 was a big year for news in India. And yet the safety of Indian students in Australia ranked among the major news events in India that year. The India-Australia Poll 2013 found 65 per cent of respondents believed the Indian media had accurately reported the problems faced by Indian students in Australia in 2009-10. That implies two-thirds of Indians accepted the Indian media’s mostly negative depictions of Australia. Those who believed the media reporting about Australia had been accurate were more likely to be from large cities, be tertiary educated and have relatively high-incomes. The poll found 62 per cent of respondents thought Australia was a dangerous place for Indian students and that 61 per cent believed attacks on Indian students were motivated by racism. The results suggest negative perceptions about Australia created by the media’s portrayal of the student attacks linger in the Indian community. The timing of the initial attacks, and the imagery associated with them, helped attract and sustain media attention on the issue. The diplomatic tensions created by the crisis highlighted the growing influence of the broadcast media on India’s foreign relations. But the episode also exposed a deep lack of understanding about India in Australia. Governments were slow to comprehend how much damage media coverage of student attacks could do to Australia’s reputation in India.

  12. Optimality of Gaussian attacks in continuous-variable quantum cryptography.

    Science.gov (United States)

    Navascués, Miguel; Grosshans, Frédéric; Acín, Antonio

    2006-11-10

    We analyze the asymptotic security of the family of Gaussian modulated quantum key distribution protocols for continuous-variables systems. We prove that the Gaussian unitary attack is optimal for all the considered bounds on the key rate when the first and second momenta of the canonical variables involved are known by the honest parties.

  13. Smart grid data integrity attacks: characterizations and countermeasuresπ

    KAUST Repository

    Giani, Annarita

    2011-10-01

    Coordinated cyberattacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm in the power system state estimation process. These unobservable attacks present a potentially serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of line power meters is presented. This requires O(n 2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known-secure phasor measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyberattacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyberattacks. © 2011 IEEE.

  14. From control system security indices to attack identifiability

    NARCIS (Netherlands)

    Herdeiro Teixeira, A.M.; Sandberg, H

    2016-01-01

    In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The index exactly quantifies the resources

  15. Evaluation of susceptibility of some elite cowpea cultivars to attack ...

    African Journals Online (AJOL)

    Fifteen elite cowpea cultivars were evaluated for their susceptibility to attack and damage by the most destructive storage pest, Callosobruchus maculatus (F.), based on the number of eggs laid, total developmental time, percentage adult emergence, seed weight loss, and growth index. Significantly, more eggs were laid on ...

  16. Efficacy of nebulized furosemide in children with moderate attack of ...

    African Journals Online (AJOL)

    Efficacy of nebulized furosemide in children with moderate attack of asthma. M Alshehri, T Almegamesi, A Alfrayh. Abstract. No Abstract. West African Journal of Medicine Vol. 24(3) 2005: 246-251. Full Text: EMAIL FREE FULL TEXT EMAIL FREE FULL TEXT · DOWNLOAD FULL TEXT DOWNLOAD FULL TEXT.

  17. 10 CFR 52.10 - Attacks and destructive acts.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Attacks and destructive acts. 52.10 Section 52.10 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) LICENSES, CERTIFICATIONS, AND APPROVALS FOR NUCLEAR POWER PLANTS... deployment of weapons incident to U.S. defense activities. ...

  18. High brain serotonin levels in migraine between attacks

    DEFF Research Database (Denmark)

    Deen, Marie; Hansen, Hanne D.; Hougaard, Anders

    2017-01-01

    Objectives To investigate brain 5-HT4-receptor binding with positron emission tomography (PET) as a proxy of serotonin (5-hydroxytryptamine, 5-HT) levels in migraine patients between attacks. Methods Brain 5-HT4-receptor binding, assessed with PET imaging of the specific 5-HT4-receptor radioligand...

  19. Noninvasive positive pressure ventilation in acute asthmatic attack

    Directory of Open Access Journals (Sweden)

    A. Soroksky

    2010-03-01

    Full Text Available Asthma is characterised by reversible airway obstruction. In most patients, control of disease activity is easily achieved. However, in a small minority, asthma may be fatal. Between the two extremes lie patients with severe asthmatic attacks, refractory to standard treatment. These patients are at an increased risk of recurrent severe attacks, with respiratory failure, and mechanical ventilation. Invasive mechanical ventilation of the asthmatic patient is associated with a higher risk of complications and, therefore, is a measure of last resort. Noninvasive positive pressure ventilation (NPPV is another treatment modality that may be beneficial in patients with severe asthmatic attack who are at an increased risk of developing respiratory failure. These patients have the potential to benefit from early respiratory support in the form of NPPV. However, reports of NPPV in asthmatic patients are scarce, and its usage in asthmatic attacks is, therefore, still controversial. Only a few reports of NPPV in asthma have been published over the last decade. These studies mostly involve small numbers of patients and those who have problematic methodology. In this article we review the available evidence for NPPV in asthma and try to formulate our recommendations for NPPV application in asthma based on the available evidence and reports.

  20. Severe asthma and acute attacks: diagnosis and management in ...

    African Journals Online (AJOL)

    Patients who continue to have symptoms with frequent attacks of asthma despite being adherent to treatment with multiple asthma medications, have severe asthma. Severe asthma has significant implications for the affected individual and utilise a disproportionate share of the health care costs associated with asthma.