WorldWideScience

Sample records for adaptive intrusion data systems

  1. Environmental data processor of the adaptive intrusion data system

    Energy Technology Data Exchange (ETDEWEB)

    Rogers, M.S.

    1977-06-01

    A data acquisition system oriented specifically toward collection and processing of various meteorological and environmental parameters has been designed around a National Semiconductor IMP-16 microprocessor, This system, called the Environmental Data Processor (EDP), was developed specifically for use with the Adaptive Intrusion Data System (AIDS) in a perimeter intrusion alarm evaluation, although its design is sufficiently general to permit use elsewhere. This report describes in general detail the design of the EDP and its interaction with other AIDS components.

  2. Data Mining and Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Zibusiso Dewa

    2016-01-01

    Full Text Available The rapid evolution of technology and the increased connectivity among its components, imposes new cyber-security challenges. To tackle this growing trend in computer attacks and respond threats, industry professionals and academics are joining forces in order to build Intrusion Detection Systems (IDS that combine high accuracy with low complexity and time efficiency. The present article gives an overview of existing Intrusion Detection Systems (IDS along with their main principles. Also this article argues whether data mining and its core feature which is knowledge discovery can help in creating Data mining based IDSs that can achieve higher accuracy to novel types of intrusion and demonstrate more robust behaviour compared to traditional IDSs.

  3. Intrusion Preventing System using Intrusion Detection System Decision Tree Data Mining

    Directory of Open Access Journals (Sweden)

    Syurahbil

    2009-01-01

    Full Text Available Problem statement: To distinguish the activities of the network traffic that the intrusion and normal is very difficult and to need much time consuming. An analyst must review all the data that large and wide to find the sequence of intrusion on the network connection. Therefore, it needs a way that can detect network intrusion to reflect the current network traffics. Approach: In this study, a novel method to find intrusion characteristic for IDS using decision tree machine learning of data mining technique was proposed. Method used to generate of rules is classification by ID3 algorithm of decision tree. Results: These rules can determine of intrusion characteristics then to implement in the firewall policy rules as prevention. Conclusion: Combination of IDS and firewall so-called the IPS, so that besides detecting the existence of intrusion also can execute by doing deny of intrusion as prevention.

  4. An Adaptive Hybrid Multi-level Intelligent Intrusion Detection System for Network Security

    Directory of Open Access Journals (Sweden)

    P. Ananthi

    2014-04-01

    Full Text Available Intrusion Detection System (IDS plays a vital factor in providing security to the networks through detecting malicious activities. Due to the extensive advancements in the computer networking, IDS has become an active area of research to determine various types of attacks in the networks. A large number of intrusion detection approaches are available in the literature using several traditional statistical and data mining approaches. Data mining techniques in IDS observed to provide significant results. Data mining approaches for misuse and anomaly-based intrusion detection generally include supervised, unsupervised and outlier approaches. It is important that the efficiency and potential of IDS be updated based on the criteria of new attacks. This study proposes a novel Adaptive Hybrid Multi-level Intelligent IDS (AHMIIDS system which is the combined version of anomaly and misuse detection techniques. The anomaly detection is based on Bayesian Networks and then the misuse detection is performed using Adaptive Neuro Fuzzy Inference System (ANFIS. The outputs of both anomaly detection and misuse detection modules are applied to Decision Table Majority (DTM to perform the final decision making. A rule-base approach is used in this system. It is observed from the results that the proposed AHMIIDS performs better than other conventional hybrid IDS.

  5. Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

    KAUST Repository

    Wang, Wei

    2014-06-22

    In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.

  6. Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Zahra Atashbar Orang

    2012-10-01

    Full Text Available By ever increase in using computer network and internet, using Intrusion Detection Systems (IDS has been more important. Main problems of IDS are the number of generated alerts, alert failure as well as identifying the attack type of alerts. In this paper a system is proposed that uses Adaptive Neuro-Fuzzy Inference System to classify IDS alerts reducing false positive alerts and also identifying attack types of true positive ones. By the experimental results on DARPA KDD cup 98, the system can classify alerts, leading a reduction of false positive alerts considerably and identifying attack types of alerts in low slice of time.

  7. Interior intrusion detection systems

    Energy Technology Data Exchange (ETDEWEB)

    Rodriguez, J.R.; Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States)); Dry, B. (BE, Inc., Barnwell, SC (United States))

    1991-10-01

    The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.

  8. Interior intrusion detection systems

    Energy Technology Data Exchange (ETDEWEB)

    Rodriguez, J.R.; Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States)); Dry, B. (BE, Inc., Barnwell, SC (United States))

    1991-10-01

    The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.

  9. MA- IDS: A Distributed Intrusion Detection System Based on Data Mining

    Institute of Scientific and Technical Information of China (English)

    SUN Jian-hua; JIN Hai; CHEN Hao; HAN Zong-fen

    2005-01-01

    Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields,we propose the MA-IDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detection system (AIDS) are combined. Data mining is applied to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network-based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architecture of the MA-IDS system, and discuss specific design and implementation issue.

  10. Anomaly-Based Intrusion Detection Systems Utilizing System Call Data

    Science.gov (United States)

    2012-03-01

    Functionality Description Persistence mechanism Mimicry technique Camouflage malware image: • renaming its image • appending its image to victim... Age ”, ACSAC 2007 21. Chien Eric, “Techniques of Adware and Spyware”, White paper: Symantec Security Response, in proceedings of VB2005, Dublin...Johnson R. “A practical mimicry attack against powerful system-call monitors” In Proc. ACM Symposium on Information, Computer and Communications

  11. Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection

    CERN Document Server

    Farid, Dewan Md; Rahman, Mohammad Zahidur; 10.5121/ijnsa.2010.2202

    2010-01-01

    In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learn...

  12. Adaptive Genetic Algorithm Model for Intrusion Detection

    Directory of Open Access Journals (Sweden)

    K. S. Anil Kumar

    2012-09-01

    Full Text Available Intrusion detection systems are intelligent systems designed to identify and prevent the misuse of computer networks and systems. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Thus the emerging network security systems need be part of the life system and this ispossible only by embedding knowledge into the network. The Adaptive Genetic Algorithm Model - IDS comprising of K-Means clustering Algorithm, Genetic Algorithm and Neural Network techniques. Thetechnique is tested using multitude of background knowledge sets in DARPA network traffic datasets.

  13. Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Dewan Md. Farid

    2010-04-01

    Full Text Available In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposedalgorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS. We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR andsignificant reduce false positives (FP for different types of network intrusions using limited computational resources

  14. RESEARCH PROPOSAL: AN INTRUSION DETECTION SYSTEM ALERT REDUCTION AND ASSESSMENT FRAMEWORK BASED ON DATA MINING

    Directory of Open Access Journals (Sweden)

    Karim Al-Saedi

    2013-01-01

    Full Text Available The Intrusion Detection System (IDS generates huge amounts of alerts that are mostly false positives. The abundance of false positive alerts makes it difficult for the security analyst to identify successful attacks and to take remedial actions. Such alerts to have not been classified in accordance with their degree of threats. They further need to be processed to ascertain the most serious alerts and the time of the reaction response. They may take a long time and considerable space to discuss thoroughly. Each IDS generates a huge amount of alerts where most of them are real while the others are not (i.e., false alert or are redundant alerts. The false alerts create a serious problem for intrusion detection systems. Alerts are defined based on source/destination IP and source/destination ports. However, one cannot know which of those IP/ports bring a threat to the network. The IDSs’ alerts are not classified depending on their degree of the threat. It is difficult for the security analyst to identify attacks and take remedial action for this threat. So it is necessary to assist in categorizing the degree of the threat, by using data mining techniques. The proposed framework for proposal is IDS Alert Reduction and Assessment Based on Data Mining (ARADMF. The proposed framework contains three systems: Traffic data retrieval and collection mechanism system, reduction IDS alert processes system and threat score process of IDS alert system. The traffic data retrieval and collection mechanism systems develops a mechanism to save IDS alerts, extract the standard features as intrusion detection message exchange format and save them in DB file (CSV-type. It contains the Intrusion Detection Message Exchange Format (IDMEF which works as procurement alerts and field reduction is used as data standardization to make the format of alert as standard as possible. As for Feature Extraction (FE system, it is designed to extract the features of alert by

  15. A Novel Control-flow based Intrusion Detection Technique for Big Data Systems

    OpenAIRE

    Aditham, Santosh; Ranganathan, Nagarajan

    2016-01-01

    Security and distributed infrastructure are two of the most common requirements for big data software. But the security features of the big data platforms are still premature. It is critical to identify, modify, test and execute some of the existing security mechanisms before using them in the big data world. In this paper, we propose a novel intrusion detection technique that understands and works according to the needs of big data systems. Our proposed technique identifies program level ano...

  16. A Data-Fusion-Based Method for Intrusion Detection System in Networks

    Directory of Open Access Journals (Sweden)

    Xiaofeng Zhao

    2009-10-01

    Full Text Available Hackers’ attacks are more and more intelligent, which makes it hard for single intrusion detection methods to attain favorable detection result. Therefore, many researches have carried out how to combine multiple security measures to provide the network system more effective protection. However, so far none of those methods can achieve the requirement of the practical application. A new computer information security protection system based on data fusion theory is proposed in this paper. Multiple detection measures are “fused” in this system, so that it has lower false negatives rate and false positive rate as well as better scalabilities and robust.

  17. Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS)

    Energy Technology Data Exchange (ETDEWEB)

    Jared Verba; Michael Milvich

    2008-05-01

    Current Intrusion Detection System (IDS) technology is not suited to be widely deployed inside a Supervisory, Control and Data Acquisition (SCADA) environment. Anomaly- and signature-based IDS technologies have developed methods to cover information technology-based networks activity and protocols effectively. However, these IDS technologies do not include the fine protocol granularity required to ensure network security inside an environment with weak protocols lacking authentication and encryption. By implementing a more specific and more intelligent packet inspection mechanism, tailored traffic flow analysis, and unique packet tampering detection, IDS technology developed specifically for SCADA environments can be deployed with confidence in detecting malicious activity.

  18. Wireless Intrusion Prevention Systems

    Directory of Open Access Journals (Sweden)

    Jack TIMOFTE

    2008-01-01

    Full Text Available The wireless networks have changed the way organizations work and offered a new range of possibilities, but at the same time they introduced new security threats. While an attacker needs physical access to a wired network in order to launch an attack, a wireless network allows anyone within its range to passively monitor the traffic or even start an attack. One of the countermeasures can be the use of Wireless Intrusion Prevention Systems.

  19. An Adaptive Clustering Algorithm for Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    QIU Juli

    2007-01-01

    In this paper,we introduce an adaptive clustering algorithm for intrusion detection based on wavecluster which was introduced by Gholamhosein in 1999 and used with success in image processing.Because of the non-stationary characteristic of network traffic,we extend and develop an adaptive wavecluster algorithm for intrusion detection.Using the multiresolution property of wavelet transforms,we can effectively identify arbitrarily shaped clusters at different scales and degrees of detail,moreover,applying wavelet transform removes the noise from the original feature space and make more accurate cluster found.Experimental results on KDD-99 intrusion detection dataset show the efficiency and accuracy of this algorithm.A detection rate above 96% and a false alarm rate below 3% are achieved.

  20. Adaptable data management for systems biology investigations

    Directory of Open Access Journals (Sweden)

    Burdick David

    2009-03-01

    Full Text Available Abstract Background Within research each experiment is different, the focus changes and the data is generated from a continually evolving barrage of technologies. There is a continual introduction of new techniques whose usage ranges from in-house protocols through to high-throughput instrumentation. To support these requirements data management systems are needed that can be rapidly built and readily adapted for new usage. Results The adaptable data management system discussed is designed to support the seamless mining and analysis of biological experiment data that is commonly used in systems biology (e.g. ChIP-chip, gene expression, proteomics, imaging, flow cytometry. We use different content graphs to represent different views upon the data. These views are designed for different roles: equipment specific views are used to gather instrumentation information; data processing oriented views are provided to enable the rapid development of analysis applications; and research project specific views are used to organize information for individual research experiments. This management system allows for both the rapid introduction of new types of information and the evolution of the knowledge it represents. Conclusion Data management is an important aspect of any research enterprise. It is the foundation on which most applications are built, and must be easily extended to serve new functionality for new scientific areas. We have found that adopting a three-tier architecture for data management, built around distributed standardized content repositories, allows us to rapidly develop new applications to support a diverse user community.

  1. ADAPTIVE ASSOCIATION RULE MINING BASED CROSS LAYER INTRUSION DETECTION SYSTEM FOR MANET

    Directory of Open Access Journals (Sweden)

    V. Anjana Devi

    2011-10-01

    Full Text Available Mobile ad-hoc wireless networks (MANET are a significant area of research with many applications.MANETs are more vulnerable to malicious attack. Authentication and encryption techniques can be usedas the first line of defense for reducing the possibilities of attacks. Alternatively, these approaches haveseveral demerits and designed for a set of well known attacks. This paper proposes a cross layer intrusiondetection architecture to discover the malicious nodes and different types of DoS attacks by exploiting theinformation available across different layers of protocol stack in order to improve the accuracy ofdetection. This approach uses a fixed width clustering algorithm for efficient detection of the anomalies inthe MANET traffic and also for detecting newer attacks generated . In the association process, theAdaptive Association Rule mining algorithm is utilized. This helps to overcome the more time taken forperforming the association process.

  2. A Comprehensive Study in Data Mining Frameworks for Intrusion Detection

    Directory of Open Access Journals (Sweden)

    R.Venkatesan

    2012-12-01

    Full Text Available Intrusions are the activities that violate the security policy of system. Intrusion Detection is the process used to identify intrusions. Network security is to be considered as a major issue in recent years, since the computer network keeps on expanding every day. An Intrusion Detection System (IDS is a system for detecting intrusions and reporting to the authority or to the network administration. Data mining techniques have been successfully applied in many fields like Network Management, Education, Science, Business, Manufacturing, Process control, and Fraud Detection. Data Mining for IDS is the technique which can be used mainly to identify unknown attacks and to raise alarms when security violations are detected. The purpose of this survey paper is to describe the methods/ techniques which are being used for Intrusion Detection based on Data mining concepts and the designed frame works for the same. We are also going to review the related works for intrusion detection.

  3. 一个基于数据挖掘的入侵检测系统模型%A Data Mining Based Intrusion Detection System Model

    Institute of Scientific and Technical Information of China (English)

    杨莘; 刘恒; 吕述望

    2003-01-01

    Applying data mining technique to intrusion detection and building a relevant model is the hotpot of studycurrently. This paper presents a typical data mining based IDS model, including data gathering and selection, datamining algorithm compare, system elements and model structure.

  4. Intrusion Detection System to Overcome a Novel Form of Replay Attack (Data Replay in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Yasmine Medjadba

    2017-07-01

    Full Text Available Wireless Sensor Networks (WSNs are widely and successfully employed in various application domains. They are easily deployed to collect valuable information and monitor potential environmental phenomena. However, the special nature of WSNs as well as their severe constraints and resource limitations make them vulnerable to various types of threats. Replay attack, is one example. According to this attack, the adversary intercepts and replays several times the same (old message leading either to missed alerts or to false alerts. Many solutions have been proposed to mitigate message replay attack. However, all these solutions are of cryptographic natures and consider only external attacks exercising a trivial scenario of replay attack. In fact, the attacker could be a lot smarter, and in this case, it replays only the data field in the message while keeping the remaining fields updated. This novel form of replay attack is much more dangerous and difficult to be detected. We call this attack variant by data replay attack. As sensor nodes may be easily captured and compromised, the worst scenario occurs if data replay attack is performed by an internal intruder. In this paper we propose an efficient intrusion detection framework to overcome data replay attack in WSNs. The proposed intrusion detection system is named DR-IDS (Data Replay Intrusion Detection System. The performance evaluations performed under NS2 simulator show that the proposed solution is sufficiently robust.

  5. Building Intrusion Tolerant Software System

    Institute of Scientific and Technical Information of China (English)

    PENG Wen-ling; WANG Li-na; ZHANG Huan-guo; CHEN Wei

    2005-01-01

    In this paper, we describe and analyze the hypothesis about intrusion tolerance software system, so that it can provide an intended server capability and deal with the impacts caused by the intruder exploiting the inherent security vulnerabilities. We present some intrusion tolerance technology by exploiting N-version module threshold method in constructing multilevel secure software architecture, by detecting with hash value, by placing an "antigen" word next to the return address on the stack that is similar to human immune system, and by adding "Honey code" nonfunctional code to disturb intruder, so that the security and the availability of the software system are ensured.

  6. Cluster based Intrusion Detection System for Manets

    Directory of Open Access Journals (Sweden)

    Nisha Dang

    2012-07-01

    Full Text Available Manets are the ad hoc networks that are build on demand or instantly when some mobile nodes come in the mobility range of each other and decide to cooperate for data transfer and communication. Therefore there is no defined topology for Manets. They communicate in dynamic topology which continuously changes as nodes are not stable. Due to this lack of infrastructure and distributed nature they are more vulnerable for attacks and provide a good scope to malicious users to become part of the network. To prevent the security of mobile ad hoc networks many security measures are designed such as encryption algorithms, firewalls etc. But still there is some scope of malicious actions. So, Intrusion detection systems are proposed to detect any intruder in the network and its malicious activities. Cluster based intrusion detection system is also designed to restrict the intruders activities in clusters of mobile nodes. In clusters each node run some intrusion detection code to detect local as well as global intrusion. In this paper we have taken insight of intrusion detection systems and different attacks on Manet security. Then we proposed how overhead involved in cluster based intrusion detection system can be reduced.

  7. Effective analysis of cloud based intrusion detection system

    Directory of Open Access Journals (Sweden)

    Sanjay Ram

    2012-08-01

    Full Text Available The goal of IDS is to analyze events on the network and identify attacks. The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS. People are paid more attention on intrusion detection which as an important computer network security technology. According to the development trend of intrusion detection, detecting all kinds of intrusions effectively requires a global view of the monitored network, Here, discuss about new intrusion detection mechanism based on cloud computing, which can make up for the deficiency of traditional intrusion detection, and proved to be great scalable.

  8. Enhanced Intrusion Detection System for Malicious Node Detection in Mobile Ad hoc Networks using Data Transmission Quality of Nodes

    Directory of Open Access Journals (Sweden)

    S. Mamatha

    2014-09-01

    Full Text Available Mobile Ad hoc NETworks (MANETs are the new generation of networks that offer unrestricted mobility without any underlying infrastructure. It relies on the cooperation of all the participating nodes. Due to their open nature and lack of infrastructure, security for MANETS has become an intricate problem than the security in other networks. The conventional security mechanisms of protecting a wired network are not sufficient for these networks. Hence a second level of defense to detect and respond to the security problem called an Intrusion detection system is required. Generally the malicious nodes demonstrate a different behavioral pattern of all the other normal nodes. So an Intrusion Detection System based on anomaly based intrusion detection that works by checking the behavior of the nodes was proposed. Here, in this paper to determine the behavior of the nodes as malicious or legitimate a Data Transmission Quality (DTQ function is used. The DTQ function is defined in such a way that it will be close to a constant or keep changing smoothly for genuine nodes and will keep on diminishing for malicious nodes.. The final decision of confirming nodes as malicious is determined by a group consensus method. The evaluation results show that the proposed method increases the detection rate as well as decreases the false positive rate.

  9. Research on IPv6 intrusion detection system Snort-based

    Science.gov (United States)

    Shen, Zihao; Wang, Hui

    2010-07-01

    This paper introduces the common intrusion detection technologies, discusses the work flow of Snort intrusion detection system, and analyzes IPv6 data packet encapsulation and protocol decoding technology. We propose the expanding Snort architecture to support IPv6 intrusion detection in accordance with CIDF standard combined with protocol analysis technology and pattern matching technology, and present its composition. The research indicates that the expanding Snort system can effectively detect various intrusion attacks; it is high in detection efficiency and detection accuracy and reduces false alarm and omission report, which effectively solves the problem of IPv6 intrusion detection.

  10. Coupling of hydrogeological models with hydrogeophysical data to characterize seawater intrusion and shallow geothermal systems

    Science.gov (United States)

    Beaujean, J.; Kemna, A.; Engesgaard, P. K.; Hermans, T.; Vandenbohede, A.; Nguyen, F.

    2013-12-01

    While coastal aquifers are being stressed due to climate changes and excessive groundwater withdrawals require characterizing efficiently seawater intrusion (SWI) dynamics, production of geothermal energy is increasingly being used to hinder global warming. To study these issues, we need both robust measuring technologies and reliable predictions based on numerical models. SWI models are currently calibrated using borehole observations. Similarly, geothermal models depend mainly on the temperature field at few locations. Electrical resistivity tomography (ERT) can be used to improve these models given its high sensitivity to TDS and temperature and its relatively high lateral resolution. Inherent geophysical limitations, such as the resolution loss, can affect the overall quality of the ERT images and also prevent the correct recovery of the desired hydrochemical property. We present an uncoupled and coupled hydrogeophysical inversion to calibrate SWI and thermohydrogeologic models using ERT. In the SWI models, we demonstrate with two synthetic benchmarks (homogeneous and heterogeneous coastal aquifers) the ability of cumulative sensitivity-filtered ERT images using surface-only data to recover the hydraulic conductivity. Filtering of ERT-derived data at depth, where resolution is poorer, and the model errors make the dispersivity more difficult to estimate. In the coupled approach, we showed that parameter estimation is significantly improved because regularization bias is replaced by forward modeling only. Our efforts are currently focusing on applying the uncoupled/coupled approaches on a real life case study using field data from the site of Almeria, SE Spain. In the thermohydrogeologic models, the most sensitive hydrologic parameters responsible for heat transport are estimated from surface ERT-derived temperatures and ERT resistance data. A real life geothermal experiment that took place on the Campus De Sterre of Ghent University, Belgium and a synthetic

  11. Novel Intrusion Detection using Probabilistic Neural Network and Adaptive Boosting

    CERN Document Server

    Tran, Tich Phuoc; Tran, Dat; Nguyen, Cuong Duc

    2009-01-01

    This article applies Machine Learning techniques to solve Intrusion Detection problems within computer networks. Due to complex and dynamic nature of computer networks and hacking techniques, detecting malicious activities remains a challenging task for security experts, that is, currently available defense systems suffer from low detection capability and high number of false alarms. To overcome such performance limitations, we propose a novel Machine Learning algorithm, namely Boosted Subspace Probabilistic Neural Network (BSPNN), which integrates an adaptive boosting technique and a semi parametric neural network to obtain good tradeoff between accuracy and generality. As the result, learning bias and generalization variance can be significantly minimized. Substantial experiments on KDD 99 intrusion benchmark indicate that our model outperforms other state of the art learning algorithms, with significantly improved detection accuracy, minimal false alarms and relatively small computational complexity.

  12. A Framework for an Adaptive Anomaly Detection System with Fuzzy Data Mining

    Institute of Scientific and Technical Information of China (English)

    GAO Xiang; WANG Min; ZHAO Rongchun

    2006-01-01

    In this paper, we present an adaptive anomaly detection framework that is applicable to network-based intrusion detection. Our framework employs fuzzy cluster algorithm to detect anomalies in an online, adaptive fashion without a priori knowledge of the underlying data. We evaluate our method by performing experiments over network records from the KDD CUP99 data set.

  13. Data Infrastructures for Asset Management Viewed as Complex Adaptive Systems

    NARCIS (Netherlands)

    Brous, P.A.; Overtoom, I.; Herder, P.M.; Versluis, A.; Janssen, M.F.W.H.A

    2014-01-01

    Data infrastructures represent information about physical reality. As reality changes, data infrastructures might also be subject to change. Researchers have increasingly approached physical infrastructures as being complex adaptive systems (CAS). Although physical infrastructures are often approach

  14. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

    Directory of Open Access Journals (Sweden)

    Nattawat Khamphakdee

    2015-07-01

    Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

  15. Classification and Importance of Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Rajasekaran K

    2012-08-01

    Full Text Available An intrusion detection system (IDS is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Due to a growing number of intrusion events and also because the Internet and local networks have become so ubiquitous, organizations are increasingly implementing various systems that monitor IT security breaches. This includes an overview of the classification of intrusion detection systems and introduces the reader to some fundamental concepts of IDS methodology: audit trail analysis and on-the-fly processing as well as anomaly detection and signature detection approaches. This research paper discusses the primary intrusion detection techniques and the classification of intrusion Detection system.

  16. Adaptive Data Stream Management System Using Learning Automata

    CERN Document Server

    Mohammadi, Shirin; Abdi, Fatemeh; Haghjoo, Mostafa S

    2011-01-01

    In many modern applications, data are received as infinite, rapid, unpredictable and time- variant data elements that are known as data streams. Systems which are able to process data streams with such properties are called Data Stream Management Systems (DSMS). Due to the unpredictable and time- variant properties of data streams as well as system, adaptivity of the DSMS is a major requirement for each DSMS. Accordingly, determining parameters which are effective on the most important performance metric of a DSMS (i.e., response time) and analysing them will affect on designing an adaptive DSMS. In this paper, effective parameters on response time of DSMS are studied and analysed and a solution is proposed for DSMSs' adaptivity. The proposed adaptive DSMS architecture includes a learning unit that frequently evaluates system to adjust the optimal value for each of tuneable effective. Learning Automata is used as the learning mechanism of the learning unit to adjust the value of tuneable effective parameters....

  17. Intrusion Detection System: Security Monitoring System

    Directory of Open Access Journals (Sweden)

    ShabnamNoorani,

    2015-10-01

    Full Text Available An intrusion detection system (IDS is an ad hoc security solution to protect flawed computer systems. It works like a burglar alarm that goes off if someone tampers with or manages to get past other security mechanisms such as authentication mechanisms and firewalls. An Intrusion Detection System (IDS is a device or a software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.Intrusion Detection System (IDS has been used as a vital instrument in defending the network from this malicious or abnormal activity..In this paper we are comparing host based and network based IDS and various types of attacks possible on IDS.

  18. Performance Enhancement of Intrusion Detection using Neuro - Fuzzy Intelligent System

    Directory of Open Access Journals (Sweden)

    Dr. K. S. Anil Kumar

    2014-10-01

    Full Text Available This research work aims at developing hybrid algorithms using data mining techniques for the effective enhancement of anomaly intrusion detection performance. Many proposed algorithms have not addressed their reliability with varying amount of malicious activity or their adaptability for real time use. The study incorporates a theoretical basis for improvement in performance of IDS using K-medoids Algorithm, Fuzzy Set Algorithm, Fuzzy Rule System and Neural Network techniques. Also statistical significance of estimates has been looked into for finalizing the best one using DARPA network traffic datasets.

  19. Spatial data infrastructures as complex adaptive systems

    NARCIS (Netherlands)

    Grus, L.; Crompvoets, J.W.H.C.; Bregt, A.K.

    2010-01-01

    Many researchers throughout the world have been struggling to better understand and describe spatial data infrastructures (SDIs). Our knowledge of the real forces and mechanisms behind SDIs is still very limited. The reason for this difficulty might lie in the complex, dynamic and multifaceted natur

  20. Data Mining Approaches for Intrusion Detection

    Science.gov (United States)

    2007-11-02

    In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques...two general data mining algorithms that we have implemented: the association rules algorithm and the frequent episodes algorithm. These algorithms can

  1. Abstracting audit data for lightweight intrusion detection

    KAUST Repository

    Wang, Wei

    2010-01-01

    High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010 Springer-Verlag.

  2. Intrusion-Tolerant Based Survivable Model of Database System

    Institute of Scientific and Technical Information of China (English)

    ZHUJianming; WANGChao; MAJianfeng

    2005-01-01

    Survivability has become increasingly important with society's increased dependence of critical infrastructures on computers. Intrusiontolerant systems extend traditional secure systems to be able to survive or operate through attacks, thus it is an approach for achieving survivability. This paper proposes survivable model of database system based on intrusion-tolerant mechanisms. The model is built on three layers security architecture, to defense intrusion at the outer layer, to detect intrusion at the middle layer, and to tolerate intrusion at the inner layer. We utilize the techniques of both redundancy and diversity and threshold secret sharing schemes to implement the survivability of database and to protect confidential data from compromised servers in the presence of intrusions. Comparing with the existing schemes, our approach has realized the security and robustness for the key functions of a database system by using the integration security strategy and multiple security measures.

  3. A Survey of Intrusion Detection System in Big Data%大数据环境下入侵检测系统概述

    Institute of Scientific and Technical Information of China (English)

    葛钊成; 彭凯

    2016-01-01

    入侵检测系统(Intrusion Detection System, IDS)为网络空间安全做出重大贡献。然而随着大数据时代的到来,IDS 暴露出效率低下、理念落后等系统性不足。本文结合大数据特征及传统 IDS 技术的不足,针对性地概述了分布式入侵检测系统(Districted Intrusion Detection System, DIDS),并在基本概念、系统分类和性能特点等方面对其做出重点解释。最后从深度学习、广度融合等角度展望了入侵检测技术的未来发展。%Intrusion detection system has made a great contribution for cyberspace security. However, with the approach of the age of big data, IDS has exposed certain structural defects, such as inefficiency and conservative ideas. Combining with the characteristic of big data and traditional IDS techniques, this paper provides a survey of distributed intrusion detection system (DIDS) and makes detailed explanations on concepts, classifications and performance. The paper also prospects the development of IDS from the perspective of deep learning, extensive integration, etc.

  4. Sensitive Data Protection Based on Intrusion Tolerance in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Jingyu Wang

    2011-02-01

    Full Text Available Service integration and supply on-demand coming from cloud computing can significantly improve the utilization of computing resources and reduce power consumption of per service, and effectively avoid the error of computing resources. However, cloud computing is still facing the problem of intrusion tolerance of the cloud computing platform and sensitive data of new enterprise data center. In order to address the problem of intrusion tolerance of cloud computing platform and sensitive data in new enterprise data center, this paper constructs a virtualization intrusion tolerance system based on cloud computing by researching on the existing virtualization technology, and then presents a method of intrusion tolerance to protect sensitive data in cloud data center based on virtual adversary structure by utilizing secret sharing. This system adopts the method of hybrid fault model, active and passive replicas, state update and transfer, proactive recovery and diversity, and initially implements to tolerate F faulty replicas in N=2F+1 replicas and ensure that only F+1 active replicas to execute during the intrusion-free stage. The remaining replicas are all put into passive mode, which significantly reduces the resource consuming in cloud platform. At last we prove the reconstruction and confidentiality property of sensitive data by utilizing secret sharing.

  5. A Subset Feature Elimination Mechanism for Intrusion Detection System

    OpenAIRE

    Herve Nkiama; Syed Zainudeen Mohd Said; Muhammad Saidu

    2016-01-01

    several studies have suggested that by selecting relevant features for intrusion detection system, it is possible to considerably improve the detection accuracy and performance of the detection engine. Nowadays with the emergence of new technologies such as Cloud Computing or Big Data, large amount of network traffic are generated and the intrusion detection system must dynamically collected and analyzed the data produce by the incoming traffic. However in a large dataset not all features con...

  6. A novel feature selection approach for intrusion detection data classification

    NARCIS (Netherlands)

    Ambusaidi, Mohammed A.; He, Xiangjian; Tan, Zhiyuan; Nanda, Priyadarsi; Lu, Liang Fu; Nagar, Upasana T.

    2014-01-01

    Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a

  7. Distributed intrusion detection system based on fuzzy rules

    Science.gov (United States)

    Qiao, Peili; Su, Jie; Liu, Yahui

    2006-04-01

    Computational Intelligence is the theory and method solving problems by simulating the intelligence of human using computer and it is the development of Artificial Intelligence. Fuzzy Technique is one of the most important theories of computational Intelligence. Genetic Fuzzy Technique and Neuro-Fuzzy Technique are the combination of Fuzzy Technique and novel techniques. This paper gives a distributed intrusion detection system based on fuzzy rules that has the characters of distributed parallel processing, self-organization, self-learning and self-adaptation by the using of Neuro-Fuzzy Technique and Genetic Fuzzy Technique. Specially, fuzzy decision technique can be used to reduce false detection. The results of the simulation experiment show that this intrusion detection system model has the characteristics of distributed, error tolerance, dynamic learning, and adaptation. It solves the problem of low identifying rate to new attacks and hidden attacks. The false detection rate is low. This approach is efficient to the distributed intrusion detection.

  8. Characterizing and Improving Distributed Intrusion Detection Systems.

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, Steven A; Proebstel, Elliot P.

    2007-11-01

    Due to ever-increasing quantities of information traversing networks, network administrators are developing greater reliance upon statistically sampled packet information as the source for their intrusion detection systems (IDS). Our research is aimed at understanding IDS performance when statistical packet sampling is used. Using the Snort IDS and a variety of data sets, we compared IDS results when an entire data set is used to the results when a statistically sampled subset of the data set is used. Generally speaking, IDS performance with statistically sampled information was shown to drop considerably even under fairly high sampling rates (such as 1:5). Characterizing and Improving Distributed Intrusion Detection Systems4AcknowledgementsThe authors wish to extend our gratitude to Matt Bishop and Chen-Nee Chuah of UC Davis for their guidance and support on this work. Our thanks are also extended to Jianning Mai of UC Davis and Tao Ye of Sprint Advanced Technology Labs for their generous assistance.We would also like to acknowledge our dataset sources, CRAWDAD and CAIDA, without which this work would not have been possible. Support for OC48 data collection is provided by DARPA, NSF, DHS, Cisco and CAIDA members.

  9. Intrusion Detection System Using Advanced Honeypots

    CERN Document Server

    Singh, Ram Kumar

    2009-01-01

    The exponential growth of Internet traffic has made public servers increasingly vulnerable to unauthorized accesses and intrusions. In addition to maintaining low latency for the client, filtering unauthorized accesses has become one of the major concerns of a server maintainer. This implementation of an Intrusion Detection System distinguishes between the traffic coming from clients and the traffic originated from the attackers, in an attempt to simultaneously mitigate the problems of both latency and security. We then present the results of a series of stress and scalability tests, and suggest a number of potential uses for such a system. As computer attacks are becoming more and more difficult to identify the need for better and more efficient intrusion detection systems increases. The main problem with current intrusion detection systems is high rate of false alarms. Using honeypots provides effective solution to increase the security.

  10. Signature Based Intrusion Detection System Using SNORT

    Directory of Open Access Journals (Sweden)

    Vinod Kumar

    2012-11-01

    Full Text Available Now a day’s Intrusion Detection systems plays very important role in Network security. As the use of internet is growing rapidly the possibility of attack is also increasing in that ratio. People are using signature based IDS’s. Snort is mostly used signature based IDS because of it is open source software. World widely it is used in intrusion detection and prevention domain. Basic analysis and security engine (BASE is also used to see the alerts generated by Snort. In the paper we have implementation the signature based intrusion detection using Snort. Our work will help to novel user to understand the concept of Snort based IDS.

  11. A system for distributed intrusion detection

    Energy Technology Data Exchange (ETDEWEB)

    Snapp, S.R.; Brentano, J.; Dias, G.V.; Goan, T.L.; Heberlein, L.T.; Ho, Che-Lin; Levitt, K.N.; Mukherjee, B. (California Univ., Davis, CA (USA). Div. of Computer Science); Grance, T. (Air Force Cryptologic Support Center, San Antonio, TX (USA)); Mansur, D.L.; Pon, K.L. (Lawrence Livermore National Lab., CA (USA)); Smaha, S.E. (Haystack Labs., Inc., Austin, TX (USA))

    1991-01-01

    The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the intrusion-detection concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion-detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of our present research is to extend our network intrusion-detection concept from the LAN environment to arbitarily wider areas with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager in each host; a LAN manager for monitoring each LAN in the system; and a central manager which is placed at a single secure location and which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions. 11 refs., 2 figs.

  12. Security Enrichment in Intrusion Detection System Using Classifier Ensemble

    Directory of Open Access Journals (Sweden)

    Uma R. Salunkhe

    2017-01-01

    Full Text Available In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

  13. Intrusion Detection System Based on Data Mining Research%基于数据挖掘的入侵检测系统研究

    Institute of Scientific and Technical Information of China (English)

    汪中才; 黎永碧

    2012-01-01

    随着计算机网络技术的不断发展,防火墙在应用上的不足引导人们探索新的防御技术,入侵检测系统[1](IDS)随之诞生.首先阐述了入侵检测技术概念和模型,然后分析了数据挖掘技术和Apriori算法,第三提出了一种在数据挖掘技术上的入侵检测系统,并将数据挖掘中的关联规则算法应用到实际中,得到了很好的效果.%with the development of computer network technology, the firewall in the application deficiency leads people to explore new defense technology, intrusion detection system ( IDS ) was born- First described the concept and model of intrusion detection technology, and then analyzed the data mining techniques and algorithms, and then proposed a kind of data mining technology in intrusion detection system, and data mining association rules algorithm in application to practice, obtain very good effect.

  14. Effectiveness of Intrusion Prevention Systems (IPS) in Fast Networks

    CERN Document Server

    Shafi, Muhammad Imran; Hayat, Sikandar; Sohail, Imran

    2010-01-01

    Computer systems are facing biggest threat in the form of malicious data which causing denial of service, information theft, financial and credibility loss etc. No defense technique has been proved successful in handling these threats. Intrusion Detection and Prevention Systems (IDPSs) being best of available solutions. These techniques are getting more and more attention. Although Intrusion Prevention Systems (IPSs) show a good level of success in detecting and preventing intrusion attempts to networks, they show a visible deficiency in their performance when they are employed on fast networks. In this paper we have presented a design including quantitative and qualitative methods to identify improvement areas in IPSs. Focus group is used for qualitative analysis and experiment is used for quantitative analysis. This paper also describes how to reduce the responding time for IPS when an intrusion occurs on network, and how can IPS be made to perform its tasks successfully without effecting network speed nega...

  15. Simulating spatial adaption of groundwater pumping on seawater intrusion in coastal regions

    Science.gov (United States)

    Grundmann, Jens; Ladwig, Robert; Schütze, Niels; Walther, Marc

    2016-04-01

    Coastal aquifer systems are used intensively to meet the growing demands for water in those regions. They are especially at risk for the intrusion of seawater due to aquifer overpumping, limited groundwater replenishment and unsustainable groundwater management which in turn also impacts the social and economical development of coastal regions. One example is the Al-Batinah coastal plain in northern Oman where irrigated agriculture is practiced by lots of small scaled farms in different distances from the sea, each of them pumping their water from coastal aquifer. Due to continuous overpumping and progressing saltwater intrusion farms near the coast had to close since water for irrigation got too saline. For investigating appropriate management options numerical density dependent groundwater modelling is required which should also portray the adaption of groundwater abstraction schemes on the water quality. For addressing this challenge a moving inner boundary condition is implemented in the numerical density dependent groundwater model which adjusts the locations for groundwater abstraction according to the position of the seawater intrusion front controlled by thresholds of relative chloride concentration. The adaption process is repeated for each management cycle within transient model simulations and allows for considering feedbacks with the consumers e.g. the agriculture by moving agricultural farms more inland or towards the sea if more fertile soils at the coast could be recovered. For finding optimal water management strategies efficiently, the behaviour of the numerical groundwater model for different extraction and replenishment scenarios is approximated by an artificial neural network using a novel approach for state space surrogate model development. Afterwards the derived surrogate is coupled with an agriculture module within a simulation based water management optimisation framework to achieve optimal cropping pattern and water abstraction schemes

  16. Intrusion Detection Approach Using Connectionist Expert System

    Institute of Scientific and Technical Information of China (English)

    MA Rui; LIU Yu-shu; DU Yan-hui

    2005-01-01

    In order to improve the detection efficiency of rule-based expert systems, an intrusion detection approach using connectionist expert system is proposed. The approach converts the AND/OR nodes into the corresponding neurons, adopts the three-layered feed forward network with full interconnection between layers,translates the feature values into the continuous values belong to the interval [0, 1 ], shows the confidence degree about intrusion detection rules using the weight values of the neural networks and makes uncertain inference with sigmoid function. Compared with the rule-based expert system, the neural network expert system improves the inference efficiency.

  17. Design of Secure Distributed Intrusion Detection Systems

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Intrusion Detection System (IDS) have received a great deal of attention because of their excellent ability of preventing network incidents. Recently, many efficient approaches have been proposed to improve detection ability of IDS. While the self-protection ability of IDS is relatively worse and easy to be exploited by attackers, this paper gives a scheme of Securely Distributed Intrusion Detection System (SDIDS). This system adopts special measurements to enforce the security of IDS components. A new secure mechanism combining role-based access control and attribute certificate is used to resist attack to communication.

  18. Intrusion Detection amp Prevention Systems - Sourcefire Snort

    Directory of Open Access Journals (Sweden)

    Rajesh Vuppala

    2015-08-01

    Full Text Available Information security is a challenging issue for all business organizations today amidst increasing cyber threats. While there are many alternative intrusion detection amp prevention systems available to choose from selecting the best solution to implement to detect amp prevent cyber-attacks is a difficult task. The best solution is of the one that gets the best reviews and suits the organizations needs amp budget. In this review paper we summarize various classes of intrusion detection and prevention systems compare features of alternative solutions and make recommendation for implementation of one as the best solution for business organization in Fiji.

  19. A Hybrid Approach Towards Intrusion Detection Based on Artificial Immune System and Soft Computing

    CERN Document Server

    Sanyal, Sugata

    2012-01-01

    A number of works in the field of intrusion detection have been based on Artificial Immune System and Soft Computing. Artificial Immune System based approaches attempt to leverage the adaptability, error tolerance, self- monitoring and distributed nature of Human Immune Systems. Whereas Soft Computing based approaches are instrumental in developing fuzzy rule based systems for detecting intrusions. They are computationally intensive and apply machine learning (both supervised and unsupervised) techniques to detect intrusions in a given system. A combination of these two approaches could provide significant advantages for intrusion detection. In this paper we attempt to leverage the adaptability of Artificial Immune System and the computation intensive nature of Soft Computing to develop a system that can effectively detect intrusions in a given network.

  20. Intrusion Detection System Visualization of Network Alerts

    Science.gov (United States)

    2010-07-01

    Intrusion Detection System Visualization of Network Alerts Dolores M. Zage and Wayne M. Zage Ball State University Final Report July 2010...contracts. Staff Wayne Zage, Director of the S2ERC and Professor, Department of Computer Science, Ball State University Dolores Zage, Research

  1. Implementation of Network Intrusion Detection System Based on Density-based Outliers Mining

    Institute of Scientific and Technical Information of China (English)

    Huang,Guangqiu; Peng,Xuyou; LV,Dingquan

    2005-01-01

    The paper puts forward a new method of densitybased anomaly data mining, the method is used to design the engine of network intrusion detection system (NIDS), thus a new NIDS is constructed based on the engine. The NIDS can find new unknown intrusion behaviors, which are used to updated the intrusion rule-base, based on which intrusion detections can be carried out online by the BM pattern match algorithm. Finally all modules of the NIDS are described by formalized language.

  2. Fast and Adaptive Lossless Onboard Hyperspectral Data Compression System

    Science.gov (United States)

    Aranki, Nazeeh I.; Keymeulen, Didier; Kimesh, Matthew A.

    2012-01-01

    Modern hyperspectral imaging systems are able to acquire far more data than can be downlinked from a spacecraft. Onboard data compression helps to alleviate this problem, but requires a system capable of power efficiency and high throughput. Software solutions have limited throughput performance and are power-hungry. Dedicated hardware solutions can provide both high throughput and power efficiency, while taking the load off of the main processor. Thus a hardware compression system was developed. The implementation uses a field-programmable gate array (FPGA). The implementation is based on the fast lossless (FL) compression algorithm reported in Fast Lossless Compression of Multispectral-Image Data (NPO-42517), NASA Tech Briefs, Vol. 30, No. 8 (August 2006), page 26, which achieves excellent compression performance and has low complexity. This algorithm performs predictive compression using an adaptive filtering method, and uses adaptive Golomb coding. The implementation also packetizes the coded data. The FL algorithm is well suited for implementation in hardware. In the FPGA implementation, one sample is compressed every clock cycle, which makes for a fast and practical realtime solution for space applications. Benefits of this implementation are: 1) The underlying algorithm achieves a combination of low complexity and compression effectiveness that exceeds that of techniques currently in use. 2) The algorithm requires no training data or other specific information about the nature of the spectral bands for a fixed instrument dynamic range. 3) Hardware acceleration provides a throughput improvement of 10 to 100 times vs. the software implementation. A prototype of the compressor is available in software, but it runs at a speed that does not meet spacecraft requirements. The hardware implementation targets the Xilinx Virtex IV FPGAs, and makes the use of this compressor practical for Earth satellites as well as beyond-Earth missions with hyperspectral instruments.

  3. Intrusion detection based on system calls and homogeneous Markov chains

    Institute of Scientific and Technical Information of China (English)

    Tian Xinguang; Duan Miyi; Sun Chunlai; Li Wenfa

    2008-01-01

    A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program's behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.

  4. An overview to Software Architecture in Intrusion Detection System

    CERN Document Server

    Bahrami, Mehdi

    2012-01-01

    Network intrusion detection systems provide proactive defense against security threats by detecting and blocking attack-related traffic. This task can be highly complex, and therefore, software based network intrusion detection systems have difficulty in handling high speed links. This paper reviews of many type of software architecture in intrusion detection systems and describes the design and implementation of a high-performance network intrusion detection system that combines the use of software-based network intrusion detection sensors and a network processor board. The network processor acts as a customized load balancing splitter that cooperates with a set of modified content-based network intrusion detection sensors in processing network traffic.

  5. Integrating Innate and Adaptive Immunity for Intrusion Detection

    CERN Document Server

    Tedesco, Gianni; Aickelin, Uwe

    2010-01-01

    Network Intrusion Detection Systems (NDIS) monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS's rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alters, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

  6. Poseidon: a 2-tier anomaly-based intrusion detection system

    NARCIS (Netherlands)

    Bolzoni, Damiano; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter

    2005-01-01

    We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection r

  7. Hybrid Intrusion Detection and Prediction multiAgent System HIDPAS

    CERN Document Server

    Jemili, Farah; Ahmed, Mohamed Ben

    2009-01-01

    This paper proposes an intrusion detection and prediction system based on uncertain and imprecise inference networks and its implementation. Giving a historic of sessions, it is about proposing a method of supervised learning doubled of a classifier permitting to extract the necessary knowledge in order to identify the presence or not of an intrusion in a session and in the positive case to recognize its type and to predict the possible intrusions that will follow it. The proposed system takes into account the uncertainty and imprecision that can affect the statistical data of the historic. The systematic utilization of an unique probability distribution to represent this type of knowledge supposes a too rich subjective information and risk to be in part arbitrary. One of the first objectives of this work was therefore to permit the consistency between the manner of which we represent information and information which we really dispose.

  8. A Review of Intrusion Detection Technique by Soft Computing and Data Mining Approach

    Directory of Open Access Journals (Sweden)

    Aditya Shrivastava

    2013-09-01

    Full Text Available The growth of internet technology spread a large amount of data communication. The communication of data compromised network threats and security issues. The network threats and security issues raised a problem of data integrity and loss of data. For the purpose of data integrity and loss of data before 20 year Anderson developed a model of intrusion detection system. Initially intrusion detection system work on process of satirical frequency of audit system logs. Latter on this system improved by various researchers and apply some other approach such as data mining technique, neural network and expert system. Now in current research trend of intrusion detection system used soft computing approach such as fuzzy logic, genetic algorithm and machine learning. In this paper discuss some method of data mining and soft computing for the purpose of intrusion detection. Here used KDDCUP99 dataset used for performance evaluation for this technique.

  9. In-situ trainable intrusion detection system

    Energy Technology Data Exchange (ETDEWEB)

    Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; Potok, Thomas E.

    2016-11-15

    A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.

  10. Neural Network Based Intrusion Detection System for Critical Infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Ondrej Linda; Milos Manic

    2009-07-01

    Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recorded from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.

  11. Neural Network Based Intrusion Detection System for Critical Infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Ondrej Linda; Milos Manic

    2009-07-01

    Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recorded from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.

  12. Mining Association Rules to Evade Network Intrusion in Network Audit Data

    Directory of Open Access Journals (Sweden)

    Kamini Nalavade

    2014-06-01

    Full Text Available With the growth of hacking and exploiting tools and invention of new ways of intrusion, intrusion detection and prevention is becoming the major challenge in the world of network security. The increasing network traffic and data on Internet is making this task more demanding. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. The false positive rates make it extremely hard to analyse and react to attacks. Intrusion detection systems using data mining approaches make it possible to search patterns and rules in large amount of audit data. In this paper, we represent a model to integrate association rules to intrusion detection to design and implement a network intrusion detection system. Our technique is used to generate attack rules that will detect the attacks in network audit data using anomaly detection. This shows that the modified association rules algorithm is capable of detecting network intrusions. The KDD dataset which is freely available online is used for our experimentation and results are compared. Our intrusion detection system using association rule mining is able to generate attack rules that will detect the attacks in network audit data using anomaly detection, while maintaining a low false positive rate.

  13. Efficiency of Svm and Pca to Enhance Intrusion Detection System

    OpenAIRE

    Soukaena Hassan Hashem

    2013-01-01

    Intrusion detection system (IDS) is a system that gathers and analyzes information from various areas within a computer or a network to identify attacks made against these components. This research proposed an Intrusion Detection Model (IDM) for detection intrusion attempts, the proposal is a hybrid IDM because it considers both features of network packets and host features that are sensitive to most intrusions. The dataset used to build the hybrid IDM is the proposed HybD (Hybrid Dataset) da...

  14. Network Intrusion Detection System Based On Machine Learning Algorithms

    Directory of Open Access Journals (Sweden)

    Vipin Das

    2010-12-01

    Full Text Available Network and system security is of paramount importance in the present data communication environment. Hackers and intruders can create many successful attempts to cause the crash of the networks and web services by unauthorized intrusion. New threats and associated solutions to prevent these threats are emerging together with the secured system evolution. Intrusion Detection Systems (IDS are one of these solutions. The main function of Intrusion Detection System is to protect the resources from threats. It analyzes and predicts the behaviours of users, and then these behaviours will be considered an attack or a normal behaviour. We use Rough Set Theory (RST and Support Vector Machine (SVM to detect network intrusions. First, packets are captured from the network, RST is used to pre-process the data and reduce the dimensions. The features selected by RST will be sent to SVM model to learn and test respectively. The method is effective to decrease the space density of data. The experiments compare the results with Principal Component Analysis (PCA and show RST and SVM schema could reduce the false positive rate and increase the accuracy.

  15. A Survey on VANET Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Mohammed ERRITALI

    2013-04-01

    Full Text Available In recent years, the security issues on Vehicular ad hoc networks (VANETs have become one of the primary concerns. The VANET is inherently very vulnerable to attacks than wired network because it is characterized by high mobility, shared wireless medium and the absence of centralized security services offered by dedicated equipment such as firewalls and authentication servers. Attackcountermeasures such as digital signature and encryption, can be used as the first line of defense for reducing the possibilities of attacks. However, these techniques have limited prevention in general, and they are designed for a set of known attacks. They are unlikely to avoid most recent attacks that are designed to circumvent existing security measures. For this reason, there is a need of second technique to “detect and notify” these newer attacks, i.e. “intrusion detection”. This article aims to present and classifycurrent techniques of Intrusion Detection System (IDS aware VANETs.

  16. Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

    Directory of Open Access Journals (Sweden)

    Chandrashekhar Azad

    2013-07-01

    Full Text Available In the era of information and communication technology, Security is an important issue. A lot of effort and finance are being invested in this sector. Intrusion detection is one of the most prominent fields in this area. Data mining in network intrusion detection can automate the network intrusion detection field with a greater efficiency. This paper presents a literature survey on intrusion detection system. The research papers taken in this literature survey are published from 2000 to 2012. We can see that almost 67 % of the research papers are focused on anomaly detection, 23 % on both anomaly and misuse detection and 10 % on misuse detection. In this literature survey statistics shows that 42 % KDD cup dataset, 20 % DARPA dataset and 38 % other datasets are used by the different researchers for testing the effectiveness of their proposed method for misuse detection, anomaly detection or both.

  17. Intelligent Intrusion Detection System Model Using Rough Neural Network

    Institute of Scientific and Technical Information of China (English)

    YAN Huai-zhi; HU Chang-zhen; TAN Hui-min

    2005-01-01

    A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality,high convergence speed, easy upgrading and management.

  18. Simulation of network intrusion detection system with GPenSim

    OpenAIRE

    2011-01-01

    In recent years, network has penetrated into every aspect of our life with its rapid growth and popularization. More and more serious network security problems have occurred together with this process, especially network intrusion problem. It has seriously affected the normal use of network, so research of network intrusion detection has become one of the hottest research areas. This thesis simulated a network intrusion detection system based on particle filter to solve the network intrusion ...

  19. Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS to Zero-Day and Stealth Attacks

    Directory of Open Access Journals (Sweden)

    Waqas Haider

    2016-07-01

    Full Text Available The Windows Operating System (OS is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS. Unfortunately, a comprehensive data set that reflects the modern Windows OS’s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD; and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA. Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS design will be required.

  20. An adaptive neural swarm approach for intrusion defense in ad hoc networks

    Science.gov (United States)

    Cannady, James

    2011-06-01

    Wireless sensor networks (WSN) and mobile ad hoc networks (MANET) are being increasingly deployed in critical applications due to the flexibility and extensibility of the technology. While these networks possess numerous advantages over traditional wireless systems in dynamic environments they are still vulnerable to many of the same types of host-based and distributed attacks common to those systems. Unfortunately, the limited power and bandwidth available in WSNs and MANETs, combined with the dynamic connectivity that is a defining characteristic of the technology, makes it extremely difficult to utilize traditional intrusion detection techniques. This paper describes an approach to accurately and efficiently detect potentially damaging activity in WSNs and MANETs. It enables the network as a whole to recognize attacks, anomalies, and potential vulnerabilities in a distributive manner that reflects the autonomic processes of biological systems. Each component of the network recognizes activity in its local environment and then contributes to the overall situational awareness of the entire system. The approach utilizes agent-based swarm intelligence to adaptively identify potential data sources on each node and on adjacent nodes throughout the network. The swarm agents then self-organize into modular neural networks that utilize a reinforcement learning algorithm to identify relevant behavior patterns in the data without supervision. Once the modular neural networks have established interconnectivity both locally and with neighboring nodes the analysis of events within the network can be conducted collectively in real-time. The approach has been shown to be extremely effective in identifying distributed network attacks.

  1. Less is More: Data Processing with SVM for Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    XIAO Hai-jun; HONG Fan; WANG Ling

    2009-01-01

    To improve the detection rate and lower down the false positive rate in intrusion detection system,dimensionality reduction is widely used in the intrusion detection system.For this purpose,a data processing (DP) with support vector machine (SVM) was built.Different from traditionally identifying the redundant data before purging the audit data by expert knowledge or utilizing different kinds of subsets of the available 41-connection attributes to build a classifier,the proposed strategy first removes the attributes whose correlation with another attribute exceeds a threshold,and then classifies two sequence samples as one class while removing either of the two samples whose similarity exceeds a threshold.The results of performance experiments showed that the strategy of DP and SVM is superior to the other existing data reduction strategies (e.g.,audit reduction,rule extraction,and feature selection),and that the detection model based on DP and SVM outperforms those based on data mining,soft computing,and hierarchical principal component analysis neural networks.

  2. Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey

    OpenAIRE

    Hodo, Elike; Bellekens, Xavier; Hamilton, Andrew; Tachtatzis, Christos; Atkinson, Robert,

    2017-01-01

    Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on ...

  3. Detection and Protection Against Intrusions on Smart Grid Systems

    Directory of Open Access Journals (Sweden)

    Ata Arvani

    2015-05-01

    Full Text Available The wide area monitoring of power systems is implemented at a central control center to coordinate the actions of local controllers. Phasor measurement units (PMUs are used for the collection of data in real time for the smart grid energy systems. Intrusion detection and cyber security of network are important requirements for maintaining the integrity of wide area monitoring systems. The intrusion detection methods analyze the measurement data to detect any possible cyber attacks on the operation of smart grid systems. In this paper, the model-based and signal-based intrusion detection methods are investigated to detect the presence of malicious data. The chi-square test and discrete wavelet transform (DWT have been used for anomaly-based detection. The false data injection attack (FDIA can be detected using measurement residual. If the measurement residual is larger than expected detection threshold, then an alarm is triggered and bad data can be identified. Avoiding such alarms in the residual test is referred to as stealth attack. There are two protection strategies for stealth attack: (1 Select a subset of meters to be protected from the attacker (2 Place secure phasor measurement units in the power grid. An IEEE 14-bus system is simulated using real time digital simulator (RTDS hardware platform for implementing attack and detection schemes.

  4. The use of data-mining techniques for developing effective decisionsupport systems: A case study of simulating the effects ofclimate change on coastal salinity intrusion

    Science.gov (United States)

    Conrads, Paul A.; Edwin Roehl, Jr.

    2017-01-01

    Natural-resource managers and stakeholders face difficult challenges when managing interactions between natural and societal systems. Potential changes in climate could alter interactions between environmental and societal systems and adversely affect the availability of water resources in many coastal communities. The availability of freshwater in coastal streams can be threatened by saltwater intrusion. Even though the collective interests and computer skills of the community of managers, scientists and other stakeholders are quite varied, there is an overarching need for equal access by all to the scientific knowledge needed to make the best possible decisions. This paper describes a decision support system, PRISM-2, developed to evaluate salinity intrusion due to potential climate change along the South Carolina coast in southeastern USA. The decision support system is disseminated as a spreadsheet application and integrates the output of global circulation models, watershed models and salinity intrusion models with real-time databases for simulation, graphical user interfaces, and streaming displays of results. The results from PRISM-2 showed that a 31-cm and 62-cm increase in sea level reduced the daily availability of freshwater supply to a coastal municipal intake by 4% and 12% of the time, respectively. Future climate change projections by a global circulation model showed a seasonal change in salinity intrusion events from the summer to the fall for the majority of events.

  5. A Bayesian Networks in Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    M. Mehdi

    2007-01-01

    Full Text Available Intrusion detection systems (IDSs have been widely used to overcome security threats in computer networks. Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behaviour which may result in a large number of false alarms caused by incorrect classification of events in current systems. We propose a new approach of an anomaly Intrusion detection system (IDS. It consists of building a reference behaviour model and the use of a Bayesian classification procedure associated to unsupervised learning algorithm to evaluate the deviation between current and reference behaviour. Continuous re-estimation of model parameters allows for real time operation. The use of recursive Log-likelihood and entropy estimation as a measure for monitoring model degradation related with behavior changes and the associated model update show that the accuracy of the event classification process is significantly improved using our proposed approach for reducing the missing-alarm.

  6. Managing Temporal and Spatial Variability in Vapor Intrusion Data

    Science.gov (United States)

    2012-03-28

    Managing Temporal and Spatial Variability in Vapor Intrusion Data Todd McAlary, M.Sc., P.Eng., P.G. Geosyntec Consultants, Inc...TITLE AND SUBTITLE Managing Temporal and Spatial Variability in Vapor Intrusion Data 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER...Koc (mL/g) OSWER indoor conc. at 10-6 risk (ppb) Vapour pressure (atm) Water solubility (g/l) 1,1,1-Trichloroethane 110 400

  7. NADIR (Network Anomaly Detection and Intrusion Reporter): A prototype network intrusion detection system

    Energy Technology Data Exchange (ETDEWEB)

    Jackson, K.A.; DuBois, D.H.; Stallings, C.A.

    1990-01-01

    The Network Anomaly Detection and Intrusion Reporter (NADIR) is an expert system which is intended to provide real-time security auditing for intrusion and misuse detection at Los Alamos National Laboratory's Integrated Computing Network (ICN). It is based on three basic assumptions: that statistical analysis of computer system and user activities may be used to characterize normal system and user behavior, and that given the resulting statistical profiles, behavior which deviates beyond certain bounds can be detected, that expert system techniques can be applied to security auditing and intrusion detection, and that successful intrusion detection may take place while monitoring a limited set of network activities such as user authentication and access control, file movement and storage, and job scheduling. NADIR has been developed to employ these basic concepts while monitoring the audited activities of more than 8000 ICN users.

  8. Provide a model to improve the performance of intrusion detection systems in the cloud

    Directory of Open Access Journals (Sweden)

    Foroogh Sedighi

    2016-12-01

    Full Text Available High availability of tools and service providers in cloud computing and the fact that cloud computing services are provided by internet and deal with public, have caused important challenges for new computing model. Cloud computing faces problems and challenges such as user privacy, data security, data ownership, availability of services, and recovery after breaking down, performance, scalability, programmability. So far, many different methods are presented for detection of intrusion in cloud computing. There are two important factors that differentarticlesand researches are presented based on them. These factors are location of establishing intrusion detection systems in cloud computing systems and also algorithms that are used in intrusion detection. Their final goal is maximum coverage of intrusions, increasing the speed and accuracy of intrusion detection, and decreasing of wrong alarms. Our goal in this article is to increase intrusion detection in cloud computing and decrease the rate of generatingfalsealarmsby presenting a combined method.

  9. An evaluation of fiber optic intrusion detection systems in interior applications

    Energy Technology Data Exchange (ETDEWEB)

    Vigil, J.T.

    1994-03-01

    This report discusses the testing and evaluation of four commercially available fiber optic intrusion detection systems. The systems were tested under carpet-type matting and in a vaulted ceiling application. This report will focus on nuisance alarm data and intrusion detection results. Tests were conducted in a mobile office building and in a bunker.

  10. RePIDS: a multi tier real-time payload-based intrusion detection system

    NARCIS (Netherlands)

    Jamdagni, Aruna; Tan, Zhiyuan; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping

    2013-01-01

    Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative

  11. Intrusion Detection in Computer Networks using a Fuzzy-Heuristic Data Mining Technique

    Directory of Open Access Journals (Sweden)

    Hamid Saadi

    2015-12-01

    Full Text Available In this article the use of Simulated Annealing (SA algorithm for creating a consistent intrusion detection system is presented. The ability of fuzzy systems to solve different types of problems has been demonstrated in several previous studies. Simulated Annealing based Fuzzy Intrusion Detection System (SAF-IDS crosses the estimated cognitive method of fuzzy systems with the learning capability of SA. The objective of this paper is to prove the ability of SAF-IDS to deal with intrusion detection classification problem as a new real-world application area which is not previously undertook with SA-based fuzzy system. Here, the use of SA is an effort to efficiently explore and exploit the large examines space usually related with the intrusion detection problem, and finds the optimum set of fuzzy if-then rules. The proposed SAF-IDS would be capable of extracting precise fuzzy classification rules from network traffic data and relates them to detect normal and invasive actions in computer networks. Tests were performed with KDD-Cup99 intrusion detection benchmark which is widely used to calculate intrusion detection algorithms. Results indicate that SAF-IDS provides more accurate intrusion detection system than several well-known and new classification algorithms.

  12. An Isolation Intrusion Detection System for Hierarchical Wireless Sensor Networks

    OpenAIRE

    Rung-Ching Chen; Chia-Fen Hsieh; Yung-Fa Huang

    2010-01-01

    A wireless sensor network (WSN) is a wireless network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor environmental conditions, such as battlefield data and personal health information, and some environment limited resources. To avoid malicious damage is important while information is transmitted in wireless network. Thus, Wireless Intrusion Detection Systems are crucial to safe operation in wireless sensor networks. Wireless networks are subject ...

  13. A Simulated Multiagent-Based Architecture for Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Onashoga S. Adebukola

    2013-04-01

    Full Text Available In this work, a Multiagent-based architecture for Intrusion Detection System (MIDS is proposed to overcome the shortcoming of current Mobile Agent-based Intrusion Detection System. MIDS is divided into three major phases namely: Data gathering, Detection and the Response phases. The data gathering stage involves data collection based on the features in the distributed system and profiling. The data collection components are distributed on both host and network. Closed Pattern Mining (CPM algorithm is introduced for profiling users’ activities in network database. The CPM algorithm is built on the concept of Frequent Pattern-growth algorithm by mining a prefix-tree called CPM-tree, which contains only the closed itemsets and its associated support count. According to the administrator’s specified thresholds, CPM-tree maintains only closed patterns online and incrementally outputs the current closed frequent pattern of users’ activities in real time. MIDS makes use of mobile and static agents to carry out the functions of intrusion detection. Each of these agents is built with rule-based reasoning to autonomously detect intrusions. Java 1.1.8 is chosen as the implementation language and IBM’s Java based mobile agent framework, Aglet 1.0.3 as the platform for running the mobile and static agents. In order to test the robustness of the system, a real-time simulation is carried out on University of Agriculture, Abeokuta (UNAAB network dataset and the results showed an accuracy of 99.94%, False Positive Rate (FPR of 0.13% and False Negative Rate (FNR of 0.04%. This shows an improved performance of MIDS when compared with other known MA-IDSs.

  14. A survey on RBF Neural Network for Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Henali Sheth

    2014-12-01

    Full Text Available Network security is a hot burning issue nowadays. With the help of technology advancement intruders or hackers are adopting new methods to create different attacks in order to harm network security. Intrusion detection system (IDS is a kind of security software which inspects all incoming and outgoing network traffic and it will generate alerts if any attack or unusual behavior is found in a network. Various approaches are used for IDS such as data mining, neural network, genetic and statistical approach. Among this Neural Network is more suitable approach for IDS. This paper describes RBF neural network approach for Intrusion detection system. RBF is a feed forward and supervise technique of neural network.RBF approach has good classification ability but its performance depends on its parameters. Based on survey we find that RBF approach has some short comings. In order to overcome this we need to do proper optimization of RBF parameters.

  15. 网络入侵检测数据采样策略研究%Research on Data Sampling Strategy Based on Network Intrusion Detection System

    Institute of Scientific and Technical Information of China (English)

    穆俊

    2015-01-01

    研究网络入侵检测数据采样策略,对入侵检测的定义、分类以及基本结构进行了分析,并从数据挖掘、数据采集等方面讨论了网络入侵检测数据采样的技术基础,构建了入侵检测数据采样模型,进行风险识别判断定价,并对扩展策略进行了讨论。%This paper mainly studied data sampling strategy on network intrusion detection. It analyzed the definition, classification and basic structure of the intrusion detection, discussed technical basis of data sampling from data mining and data acquisition. It built an intrusion detection model of data sampling, recognized the risk identification pricing and involved the extension strategy.

  16. Introduction To Intrusion Detection System Review

    Directory of Open Access Journals (Sweden)

    Rajni Tewatia

    2015-05-01

    Full Text Available Abstract Security of a network is always an important issue. With the continuously growing network the basic security such as firewall virus scanner is easily deceived by modern attackers who are experts in using software vulnerabilities to achieve their goals. For preventing such attacks we need even smarter security mechanism which act proactively and intelligently. Intrusion Detection System is the solution of such requirement. Many techniques have been used to implement IDS. These technique basically used in the detector part of IDS such as Neural Network Clustering Pattern Matching Rule Based Fuzzy Logic Genetic Algorithms and many more. To improve the performance of an IDS these approaches may be used in combination to build a hybrid IDS so that benefits of two o more approaches may be combined.

  17. An adaptive semantic based mediation system for data interoperability among Health Information Systems.

    Science.gov (United States)

    Khan, Wajahat Ali; Khattak, Asad Masood; Hussain, Maqbool; Amin, Muhammad Bilal; Afzal, Muhammad; Nugent, Christopher; Lee, Sungyoung

    2014-08-01

    Heterogeneity in the management of the complex medical data, obstructs the attainment of data level interoperability among Health Information Systems (HIS). This diversity is dependent on the compliance of HISs with different healthcare standards. Its solution demands a mediation system for the accurate interpretation of data in different heterogeneous formats for achieving data interoperability. We propose an adaptive AdapteR Interoperability ENgine mediation system called ARIEN, that arbitrates between HISs compliant to different healthcare standards for accurate and seamless information exchange to achieve data interoperability. ARIEN stores the semantic mapping information between different standards in the Mediation Bridge Ontology (MBO) using ontology matching techniques. These mappings are provided by our System for Parallel Heterogeneity (SPHeRe) matching system and Personalized-Detailed Clinical Model (P-DCM) approach to guarantee accuracy of mappings. The realization of the effectiveness of the mappings stored in the MBO is evaluation of the accuracy in transformation process among different standard formats. We evaluated our proposed system with the transformation process of medical records between Clinical Document Architecture (CDA) and Virtual Medical Record (vMR) standards. The transformation process achieved over 90 % of accuracy level in conversion process between CDA and vMR standards using pattern oriented approach from the MBO. The proposed mediation system improves the overall communication process between HISs. It provides an accurate and seamless medical information exchange to ensure data interoperability and timely healthcare services to patients.

  18. Intrusion Detection System Using Hierarchical GMM and Dimensionality Reduction

    Directory of Open Access Journals (Sweden)

    L. Maria Michael

    2012-07-01

    Full Text Available The focus of this chapter is to provide the effective intrusion detection technique to protect Web server. The IDS protects an server from malicious attacks from the Internet if someone tries to break in through the firewall and tries to have access on any system in the trusted side and alerts the system administrator in case there is a breach in security. Gaussian Mixture Models (GMMs are among the most statistically mature methods for clustering the data. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection model is to collect behavioral features of non-normal operation and establish related feature library. In the existing system of anomaly based Intrusion Detection System, the work is based on the number of attacks on the network and using decision tree analysis for rule matching and grading. We are proposing an IDS approach that will use signature based and anomaly based identification scheme. And we are also proposing the rule pruning scheme with GMM(Gaussian Mixture Model. It does facilitate efficient way of handling large amount of rules. And we are planned to compare the performance of the IDS on different models. The Dimension Reduction focuses on using information obtained KDD Cup 99 data set for the selection of attributes to identify the type of attacks. The dimensionality reduction is performed on 41 attributes to 14 and 7 attributes based on Best First Search method and then apply the two classifying Algorithms ID3 and J48 Keywords-Intrusion detection, reliable networks, malicious routers, internet dependability, tolerance.

  19. A Subset Feature Elimination Mechanism for Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Herve Nkiama

    2016-04-01

    Full Text Available several studies have suggested that by selecting relevant features for intrusion detection system, it is possible to considerably improve the detection accuracy and performance of the detection engine. Nowadays with the emergence of new technologies such as Cloud Computing or Big Data, large amount of network traffic are generated and the intrusion detection system must dynamically collected and analyzed the data produce by the incoming traffic. However in a large dataset not all features contribute to represent the traffic, therefore reducing and selecting a number of adequate features may improve the speed and accuracy of the intrusion detection system. In this study, a feature selection mechanism has been proposed which aims to eliminate non-relevant features as well as identify the features which will contribute to improve the detection rate, based on the score each features have established during the selection process. To achieve that objective, a recursive feature elimination process was employed and associated with a decision tree based classifier and later on, the suitable relevant features were identified. This approach was applied on the NSL-KDD dataset which is an improved version of the previous KDD 1999 Dataset, scikit-learn that is a machine learning library written in python was used in this paper. Using this approach, relevant features were identified inside the dataset and the accuracy rate was improved. These results lend to support the idea that features selection improve significantly the classifier performance. Understanding the factors that help identify relevant features will allow the design of a better intrusion detection system.

  20. Specification Mining for Intrusion Detection in Networked Control Systems

    NARCIS (Netherlands)

    Caselli, Marco; Zambon, Emmanuele; Amann, Johanna; Sommer, Robin; Kargl, Frank

    2016-01-01

    This paper discusses a novel approach to specification-based intrusion detection in the field of networked control systems. Our approach reduces the substantial human effort required to deploy a specification-based intrusion detection system by automating the development of its specification rules.

  1. Intrusion Awareness Based on Data Fusion and SVM Classification

    Directory of Open Access Journals (Sweden)

    Ramnaresh Sharma

    2012-06-01

    Full Text Available Network intrusion awareness is important factor for risk analysis of network security. In the current decade various method and framework are available for intrusion detection and security awareness. Some method based on knowledge discovery process and some framework based on neural network. These entire model take rule based decision for the generation of security alerts. In this paper we proposed a novel method for intrusion awareness using data fusion and SVM classification. Data fusion work on the biases of features gathering of event. Support vector machine is super classifier of data. Here we used SVM for the detection of closed item of ruled based technique. Our proposed method simulate on KDD1999 DARPA data set and get better empirical evaluation result in comparison of rule based technique and neural network model.

  2. Attribute selection using information gain for a fuzzy logic intrusion detection system

    Science.gov (United States)

    González-Pino, Jesús; Edmonds, Janica; Papa, Mauricio

    2006-04-01

    In the modern realm of information technology, data mining and fuzzy logic are often used as effective tools in the development of novel intrusion detection systems. This paper describes an intrusion detection system that effectively deploys both techniques and uses the concept of information gain to guide the attribute selection process. The advantage of this approach is that it provides a computationally efficient solution that helps reduce the overhead associated with the data mining process. Experimental results obtained with a prototype system implementation show promising opportunities for improving the overall detection performance of our intrusion detection system.

  3. Multi-channel holographic birfurcative neural network system for real-time adaptive EOS data analysis

    Science.gov (United States)

    Liu, Hua-Kuang; Diep, J.; Huang, K.

    1991-01-01

    Viewgraphs on multi-channel holographic bifurcative neural network system for real-time adaptive Earth Observing System (EOS) data analysis are presented. The objective is to research and develop an optical bifurcating neuromorphic pattern recognition system for making optical data array comparisons and to evaluate the use of the system for EOS data classification, reduction, analysis, and other applications.

  4. HYBRID FEATURE SELECTION ALGORITHM FOR INTRUSION DETECTION SYSTEM

    Directory of Open Access Journals (Sweden)

    Seyed Reza Hasani

    2014-01-01

    Full Text Available Network security is a serious global concern. Usefulness Intrusion Detection Systems (IDS are increasing incredibly in Information Security research using Soft computing techniques. In the previous researches having irrelevant and redundant features are recognized causes of increasing the processing speed of evaluating the known intrusive patterns. In addition, an efficient feature selection method eliminates dimension of data and reduce redundancy and ambiguity caused by none important attributes. Therefore, feature selection methods are well-known methods to overcome this problem. There are various approaches being utilized in intrusion detections, they are able to perform their method and relatively they are achieved with some improvements. This work is based on the enhancement of the highest Detection Rate (DR algorithm which is Linear Genetic Programming (LGP reducing the False Alarm Rate (FAR incorporates with Bees Algorithm. Finally, Support Vector Machine (SVM is one of the best candidate solutions to settle IDSs problems. In this study four sample dataset containing 4000 random records are excluded randomly from this dataset for training and testing purposes. Experimental results show that the LGP_BA method improves the accuracy and efficiency compared with the previous related research and the feature subcategory offered by LGP_BA gives a superior representation of data.

  5. Intrusion Awareness Based on Data Fusion and SVM Classification

    Directory of Open Access Journals (Sweden)

    Ramnaresh Sharma

    2012-06-01

    Full Text Available Network intrusion awareness is important factor forrisk analysis of network security. In the currentdecade various method and framework are availablefor intrusion detection and security awareness.Some method based on knowledge discovery processand some framework based on neural network.These entire model take rule based decision for thegeneration of security alerts. In this paper weproposed a novel method for intrusion awarenessusing data fusion and SVM classification. Datafusion work on the biases of features gathering ofevent. Support vector machine is super classifier ofdata. Here we used SVM for the detection of closeditem of ruled based technique. Our proposedmethod simulate on KDD1999 DARPA data set andget better empirical evaluation result in comparisonof rule based technique and neural network model.

  6. Network Security using Linux Intrusion Detection System / IJORCS

    Directory of Open Access Journals (Sweden)

    Arul Anitha

    2011-12-01

    Full Text Available Attacks on the nation’s computer infrastructures are becoming an increasingly serious problem. Firewalls provide a certain amount of security, but can be fooled at times by attacks like IP spoofing and the so called authorized users. So an intelligent system that can detect attacks and intrusions is required. The tool GRANT (Global Real-time Analysis of Network Traffic being a Linux based Intrusion Detection System(LIDs, takes the advantage of the security of a Linux box and secures the other nodes in the perimeter of the network. It is capable of detecting intrusions and probes as and when they occur and capable of responding to “already” successful attacks, thus causing minimal or no damage to the entire network. For better performance, this Linux Intrusion Detection System should be part of a defense in depth strategy such as Firewall and Intrusion Prevention.

  7. Reconfigurable Hardware Architecture for Network Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    A. Kaleel Rahuman

    2012-01-01

    Full Text Available Intrusion rule processing in reconfigurable hardware enables intrusion detection and prevention. The use of reconfigurable hardware for network security applications has great strides as Field Programmable Gate Array (FPGA devices have provided larger and faster resources. This proposes architecture called “BV-TCAM” is presented, which is implemented for an FPGA-based Network Intrusion Detection Systems (NIDS. The BV-TCAM architecture combines the Ternary Content Addressable Memory (TCAM and Bit Vector (BV algorithm to effectively compress the data representation and throughput. A tree bitmap implementation of the BV algorithm is used for source and destination port lookup while a TCAM performs lookup for other header fields, which can be represented as a prefix or exact value. With the aid of small embedded TCAM, packet classification can be implemented in relatively small part of the available logic of an FPGA. The BV-TCAM architecture has been modelled by VHDL. Simulations were performed by MODELSIM. This architecture have to be synthesized and implement our design using Xilinx FPGA device."

  8. An Adaptive Fuzzy Framework based on Optimized Fuzzy Contexts for Detecting Network Intrusions

    Directory of Open Access Journals (Sweden)

    Habib Ullah Baig

    2010-10-01

    Full Text Available Anomaly based Intrusion Detection System (AIDS is one of the key component of a reliable security infrastructure. Working at second line of defense, detection accuracy is the key objective that largely depends upon the precision of its normal profile. Due to existence of vague boundaries between normal and anomalous classes and dynamic network behavior, building accurate and generalize normal profile is very difficult. Based on the assumption that intruder?s behavior can be grouped into different phases active at different times, this article proposes to evolve and use ?short-term fuzzy profiles/contexts? for each such individual intrusion phase resulting in enhanced detection accuracy for low-level attacks. The result is a context-driven, adaptable implementation framework based on a double layer hierarchy of fuzzy sensors. The framework adapts to network conditions by switching between different contexts, according to network traffic patterns, anomaly conditions and organization?s security policies. These contexts are evolved in incremental fashion with genetic algorithm using real-time network traces. The framework is tested using DARPA 98/99 dataset showing accurate detection of low-level DoS attack.

  9. 自适应型主机入侵防御系统的设计与实现%Design and Implementation of the Adaptive Host Intrusion Prevention System

    Institute of Scientific and Technical Information of China (English)

    吕滨; 关双城; 刘晓红; 张艳艳

    2013-01-01

    The system intercepts the API cal information using Hooking technology, according to the design principle of streamlined, in view of the characteristics of individual hosts with limited resources and relatively stable application , based on the principle of API monitoring. In the behavior analysis model the system simplifies the decision rules and execution logic, does not need the complex behavior analysis algorithm and process. The system has an advantage function of automotive learning, through adaptive training early, it can adapt to the user system quickly and have enough intrusion defense capability, and it is very effective for the defense of frequent ilegal access and pop-up window.%系统基于 API 监控原理,针对个人主机资源有限和系统应用相对稳定的特点,按照精简的设计原则,利用Hooking 技术截获 API 调用信息。在行为分析模式上,简化判定规则和执行逻辑,不需要复杂的行为分析算法和过程。系统的优势是具备动态的自动学习功能,通过前期的适应性训练,可以很快地适应用户系统并具备足够的入侵防御能力,对于防御频繁出现的非法访问和各种弹出窗口非常有效。

  10. A Retroactive-Burst Framework for Automated Intrusion Response System

    Directory of Open Access Journals (Sweden)

    Alireza Shameli-Sendi

    2013-01-01

    Full Text Available The aim of this paper is to present an adaptive and cost-sensitive model to prevent security intrusions. In most automated intrusion response systems, response selection is performed locally based on current threat without using the knowledge of attacks history. Another challenge is that a group of responses are applied without any feedback mechanism to measure the response effect. We address these problems through retroactive-burst execution of responses and a Response Coordinator (RC mechanism, the main contributions of this work. The retroactive-burst execution consists of several burst executions of responses with, at the end of each burst, a mechanism for measuring the effectiveness of the applied responses by the risk assessment component. The appropriate combination of responses must be considered for each burst execution to mitigate the progress of the attack without necessarily running the next round of responses, because of the impact on legitimate users. In the proposed model, there is a multilevel response mechanism. To indicate which level is appropriate to apply based on the retroactive-burst execution, we get help from a Response Coordinator mechanism. The applied responses can improve the health of Applications, Kernel, Local Services, Network Services, and Physical Status. Based on these indexes, the RC gives a general overview of an attacker’s goal in a distributed environment.

  11. Abstracting massive data for lightweight intrusion detection in computer networks

    KAUST Repository

    Wang, Wei

    2016-10-15

    Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional . k-means, are employed to find the exemplars from the audit data. . k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD\\'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.

  12. 浅谈数据融合技术在入侵检测系统中的作用%A Simple Analysis of The Function of Multi-Source Data Fusion Technology in Intrusion Detection System

    Institute of Scientific and Technical Information of China (English)

    祝亚楠

    2015-01-01

    A distributed network intrusion detection system, need to collect data, integration of the terminal from every agency network, so that the global data on the network space through the situation to master, and the contrast the rule base to go on feature matching, attack detection, to prevent all kinds of attacks using network. Data fusion technology is a network intrusion detection system, which is indispensable in the basic part, and will be shown its importance with the increasing popularity of the network intrusion detection products. This paper starts with the definition and the working process of data fusion, making a simple statement of the data fusion technology in intrusion detection system.%分布式网络入侵检测系统,需要从网络终端的各个代理上采集、融合数据,以便对网络空间的全局数据流经情况做以掌握,从而对照规则库,进行特征匹配,成功检测、阻止各种利用网络进行的协同攻击.数据融合技术是网络入侵检测系统中的不可或缺的基础组成部分,而且会伴随着网络入侵检测产品的日益普及,更显其重要性.本文从数据融合的定义及工作流程入手,简单陈述了数据融合技术在入侵检测系统中的作用.

  13. Intrusion Detection System Inside Grid Computing Environment (IDS-IGCE

    Directory of Open Access Journals (Sweden)

    Basappa B. Kodada

    2012-01-01

    Full Text Available Grid Computing is a kind of important information technology which enables resource sharing globally to solve the large scale problem. It is based on networks and able to enable large scale aggregation and sharing of computational, data, sensors and other resources across institutional boundaries. Integrated Globus Tool Kit with Web services is to present OGSA (Open Grid Services Architecture as the standardservice grid architecture. In OGSA, everything is abstracted as a service, including computers, applications, data as well as instruments. The services and resources in Grid are heterogeneous and dynamic, and they also belong to different domains. Grid Services are still new to business system & asmore systems are being attached to it, any threat to it could bring collapse and huge harm. May be intruder come with a new form of attack. Grid Computing is a Global Infrastructure on the internet has led to asecurity attacks on the Computing Infrastructure. The wide varieties of IDS (Intrusion Detection System are available which are designed to handle the specific types of attacks. The technique of [27] will protect future attacks in Service Grid Computing Environment at the Grid Infrastructure but there is no technique can protect these types of attacks inside the grid at the node level. So this paper proposes the Architecture of IDS-IGCE (Intrusion Detection System – Inside Grid Computing Environment which can provide the protection against the complete threats inside the Grid Environment.

  14. An expert system application for network intrusion detection

    Energy Technology Data Exchange (ETDEWEB)

    Jackson, K.A.; Dubois, D.H.; Stallings, C.A.

    1991-01-01

    The paper describes the design of a prototype intrusion detection system for the Los Alamos National Laboratory's Integrated Computing Network (ICN). The Network Anomaly Detection and Intrusion Reporter (NADIR) differs in one respect from most intrusion detection systems. It tries to address the intrusion detection problem on a network, as opposed to a single operating system. NADIR design intent was to copy and improve the audit record review activities normally done by security auditors. We wished to replace the manual review of audit logs with a near realtime expert system. NADIR compares network activity, as summarized in user profiles, against expert rules that define network security policy, improper or suspicious network activities, and normal network and user activity. When it detects deviant (anomalous) behavior, NADIR alerts operators in near realtime, and provides tools to aid in the investigation of the anomalous event. 15 refs., 2 figs.

  15. Novel Non-Intrusive Vibration Monitoring System for Turbopumps Project

    Data.gov (United States)

    National Aeronautics and Space Administration — AI Signal Research, Inc. proposes to develop a Non-Intrusive Vibration Measurement System (NI-VMS) for turbopumps which will provide effective on-board/off-board...

  16. Novel Non-Intrusive Vibration Monitoring System for Turbopumps Project

    Data.gov (United States)

    National Aeronautics and Space Administration — ASRI proposes to develop an advanced and commercially viable Non-Intrusive Vibration Monitoring System (NI-VMS) which can provide effective on-line/off-line engine...

  17. Intrusion Detection Systems with Live Knowledge System

    Science.gov (United States)

    2016-05-31

    node. Figure 3 describes the result of modified nodes from the original RDR rule tree. Red - coloured ‘X’ sign represents the stopping rule, and the...RDR rule tree, where red -circled nodes indicate those nodes with poor prediction of accuracy. DISTRIBUTION A. Approved for public release...green- coloured boxes describe the refined rule. However, when human knowledge is applied to those incorrectly classified data, not all of the

  18. Novel Hybrid Intrusion Detection System For Clustered Wireless Sensor Network

    Directory of Open Access Journals (Sweden)

    Hichem Sedjelmaci

    2011-08-01

    Full Text Available Wireless sensor network (WSN is regularly deployed in unattended and hostile environments. The WSN isvulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network. It is widely known, that the intrusion detection is one of the mostefficient security mechanisms to protect the network against malicious attacks or unauthorized access. In this paper, we propose a hybrid intrusion detection system for clustered WSN. Our intrusion framework uses a combination between the Anomaly Detection based on support vector machine (SVM and the Misuse Detection. Experiments results show that most of routing attacks can be detected with low falsealarm.

  19. Fair and adaptive data dissemination for traffic information systems

    NARCIS (Netherlands)

    Schwartz, Ramon S.; Ohazulike, Anthony E.; Sommer, Christoph; Scholten, Hans; Dressler, Falko; Havinga, Paul

    2012-01-01

    Vehicular Ad-hoc Networks (VANETs) are expected to serve as support to the development of not only safety applications but also information-rich applications that disseminate relevant data to vehicles. Due to the continuous collection, processing, and dissemination of data, one crucial requirement i

  20. Network Intrusion Detection System – A Novel Approach

    Directory of Open Access Journals (Sweden)

    Krish Pillai

    2013-08-01

    Full Text Available Network intrusion starts off with a series of unsuccessful breakin attempts and results eventually with the permanent or transient failure of an authentication or authorization system. Due to the current complexity of authentication systems, clandestine attempts at intrusion generally take considerable time before the system gets compromised or damaging change is affected to the system giving administrators a window of opportunity to proactively detect and prevent intrusion. Therefore maintaining a high level of sensitivity to abnormal access patterns is a very effective way of preventing possible break-ins. Under normal circumstances, gross errors on the part of the user can cause authentication and authorization failures on all systems. A normal distribution of failed attempts should be tolerated while abnormal attempts should be recognized as such and flagged. But one cannot manage what one cannot measure. This paper proposes a method that can efficiently quantify the behaviour of users on a network so that transient changes in usage can be detected, categorized based on severity, and closely investigated for possible intrusion. The author proposes the identification of patterns in protocol usage within a network to categorize it for surveillance. Statistical anomaly detection, under which category this approach falls, generally uses simple statistical tests such as mean and standard deviation to detect behavioural changes. The author proposes a novel approach using spectral density as opposed to using time domain data, allowing a clear separation or access patterns based on periodicity. Once a spectral profile has been identified for network, deviations from this profile can be used as an indication of a destabilized or compromised network. Spectral analysis of access patterns is done using the Fast Fourier Transform (FFT, which can be computed in Θ(N log N operations. The paper justifies the use of this approach and presents preliminary

  1. Quantitative simulation of the hydrothermal systems of crystallizing magmas on the basis of transport theory and oxygen isotope data: an analysis of the Skaergaard intrusion

    Energy Technology Data Exchange (ETDEWEB)

    Norton, D. (Univ. of Arizona, Tucson); Taylor, H.P. Jr.

    1979-08-01

    Application of the principles of transport theory to studies of magma-hydrothermal systems permits quantitative predictions to be made of the consequences of magma intruding into permeable rocks. Transport processes which redistribute energy, mass, and momentum in these environments can be represented by a set of partial differential equations involving the rate of change of extensive properties in the system. Numerical approximation and computer evaluation of the transport equations effectively simulate the crystallization of magma, cooling of the igneous rocks, advection of chemical components, and chemical and isotopic mass transfer between minerals and aqueous solution. Numerical modeling of the deep portions of the Skaergaard magma-hydrothermal system has produced detailed maps of the temperature, pressure, fluid velocity, integrated fluid flux, delta/sup 18/O-values in rock and fluid, and extent of nonequilibrium exchange reactions between fluid and rock as a function of time for a two-dimensional cross-section through the pluton. An excellent match was made between calculated delta/sup 18/O-values and the measured delta/sup 18/O-values in the three principal rock units, basalt, gabbro, and gneiss, as well as in xenoliths of roof rocks that are now embedded in Layered Series; the latter were evidently depleted in /sup 18/O early in the system's cooling history, prior to falling to the bottom of the magma chamber. The best match was realized for a system in which the bulk rock permeabilities were 10/sup -13/ cm/sup 2/ for the intrusion, 10/sup 11/ cm/sup 2/ for basalt, and 10/sup -16/ cm/sup 2/ for gneiss; reaction domain sizes were 0.2 cm in the intrusion and gneiss and 0.01 cm in the basalts, and activation energy for the isotope exchange reaction between fluid and plagioclase was 30 kcal/ mole.

  2. A Multi-Dimensional approach towards Intrusion Detection System

    CERN Document Server

    Thakur, Manoj Rameshchandra

    2012-01-01

    In this paper, we suggest a multi-dimensional approach towards intrusion detection. Network and system usage parameters like source and destination IP addresses; source and destination ports; incoming and outgoing network traffic data rate and number of CPU cycles per request are divided into multiple dimensions. Rather than analyzing raw bytes of data corresponding to the values of the network parameters, a mature function is inferred during the training phase for each dimension. This mature function takes a dimension value as an input and returns a value that represents the level of abnormality in the system usage with respect to that dimension. This mature function is referred to as Individual Anomaly Indicator. Individual Anomaly Indicators recorded for each of the dimensions are then used to generate a Global Anomaly Indicator, a function with n variables (n is the number of dimensions) that provides the Global Anomaly Factor, an indicator of anomaly in the system usage based on all the dimensions consid...

  3. Fortification of Hybrid Intrusion Detection System Using Variants of Neural Networks and Support Vector Machines

    Directory of Open Access Journals (Sweden)

    A. M. Chandrashekhar

    2013-02-01

    Full Text Available Intrusion Detection Systems (IDS form a key part of system defence, where it identifies abnormalactivities happening in a computer system. In recent years different soft computing based techniques havebeen proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfecttechnology. This has provided an opportunity for data mining to make quite a lot of importantcontributions in the field of intrusion detection. In this paper we have proposed a new hybrid techniqueby utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzyand radial basis function(RBF SVM for fortification of the intrusion detection system. Theproposed technique has five major steps in which, first step is to perform the relevance analysis, and theninput data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that eachof the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.Subsequently, a vector for SVM classification is formed and in the last step, classification using RBFSVMis performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 datasetand we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Ourtechnique could achieve better accuracy for all types of intrusions. The results of proposed technique arecompared with the other existing techniques. These comparisons proved the effectiveness of ourtechnique.

  4. Intrusive versus domiciliated triatomines and the challenge of adapting vector control practices against Chagas disease

    Science.gov (United States)

    Waleckx, Etienne; Gourbière, Sébastien; Dumonteil, Eric

    2015-01-01

    Chagas disease prevention remains mostly based on triatomine vector control to reduce or eliminate house infestation with these bugs. The level of adaptation of triatomines to human housing is a key part of vector competence and needs to be precisely evaluated to allow for the design of effective vector control strategies. In this review, we examine how the domiciliation/intrusion level of different triatomine species/populations has been defined and measured and discuss how these concepts may be improved for a better understanding of their ecology and evolution, as well as for the design of more effective control strategies against a large variety of triatomine species. We suggest that a major limitation of current criteria for classifying triatomines into sylvatic, intrusive, domiciliary and domestic species is that these are essentially qualitative and do not rely on quantitative variables measuring population sustainability and fitness in their different habitats. However, such assessments may be derived from further analysis and modelling of field data. Such approaches can shed new light on the domiciliation process of triatomines and may represent a key tool for decision-making and the design of vector control interventions. PMID:25993504

  5. Fuzzy logic based Adaptive Modulation Using Non Data Aided SNR Estimation for OFDM system

    Directory of Open Access Journals (Sweden)

    K.SESHADRI SASTRY

    2010-06-01

    Full Text Available As demand for high quality transmission increases increase of spectrum efficiency and an improvement of error performance in wireless communication systems are important . One of the promising approaches to 4G is adaptive OFDM (AOFDM . Fixed modulation systems uses only one type of modulation scheme (or order, so that either performance or capacity should be compromised Adaptive modulated systems are superior to fixed modulated systems, since they change modulation order depending on present SNR. In an adaptive modulation system SNR estimation is important since performance of adaptive modulated system depends of estimated SNR. Non-data-Aided (NDA SNR estimation systems are gaining importance in recent days since they estimate SNR range and requires less data as input .In this paper we propose an adaptive modulated OFDM system which uses NDA(Non-data Aided SNR estimation using fuzzy logic interface.The proposed system is simulated in Matlab 7.4 and The results of computer simulation show the improvement in system capacity .

  6. Distributed reinforcement learning for adaptive and robust network intrusion response

    Science.gov (United States)

    Malialis, Kleanthis; Devlin, Sam; Kudenko, Daniel

    2015-07-01

    Distributed denial of service (DDoS) attacks constitute a rapidly evolving threat in the current Internet. Multiagent Router Throttling is a novel approach to defend against DDoS attacks where multiple reinforcement learning agents are installed on a set of routers and learn to rate-limit or throttle traffic towards a victim server. The focus of this paper is on online learning and scalability. We propose an approach that incorporates task decomposition, team rewards and a form of reward shaping called difference rewards. One of the novel characteristics of the proposed system is that it provides a decentralised coordinated response to the DDoS problem, thus being resilient to DDoS attacks themselves. The proposed system learns remarkably fast, thus being suitable for online learning. Furthermore, its scalability is successfully demonstrated in experiments involving 1000 learning agents. We compare our approach against a baseline and a popular state-of-the-art throttling technique from the network security literature and show that the proposed approach is more effective, adaptive to sophisticated attack rate dynamics and robust to agent failures.

  7. Intrusion problematic during water supply systems' operation

    Energy Technology Data Exchange (ETDEWEB)

    Mora-Rodriguez, Jesus; Lopez-Jimenez, P. Amparo [Departamento de Ingenieria Hidraulica y Medio Ambiente, Universidad Politecnica de Valencia, Camino de Vera, s/n, 46022, Valencia (Spain); Ramos, Helena M. [Civil Engineering Department and CEHIDRO, Instituto Superior Tecnico, Technical University of Lisbon, Av. Rovisco Pais, 1049-001, Lisbon (Portugal)

    2011-07-01

    Intrusion through leaks occurrence is a phenomenon when external fluid comes into water pipe systems. This phenomenon can cause contamination problems in drinking pipe systems. Hence, this paper focuses on the entry of external fluids across small leaks during normal operation conditions. This situation is especially important in elevated points of the pipe profile. Pressure variations can origin water volume losses and intrusion of contaminants into the drinking water pipes. This work focuses in obtaining up the physical representation on a specific case intrusion in a pipe water system. The combination of two factors is required to generate this kind of intrusion in a water supply system: on one hand the existence of at least a leak in the system; on the other hand, a pressure variation could occur during the operation of the system due to consumption variation, pump start-up or shutdown. The potential of intrusion during a dynamic or transient event is here analyzed. To obtain this objective an experimental case study of pressure transient scenario is analyzed with a small leak located nearby the transient source.

  8. Semantic intrusion detection with multisensor data fusion using complex event processing

    Indian Academy of Sciences (India)

    R Bhargavi; V Vaidehi

    2013-04-01

    Complex Event Processing (CEP) is an emerging technology for processing and identifying patterns of interest from multiple streams of events in real/near real time. Sensor network-based security and surveillance is a topic of recent research where events generated from distributed sensors at an unpredictable rate need to be analysed for possible threats and respond in a timely manner. Traditional software architectures like client/server architecture where the interactions are pull-based (DBMS) do not target the efficient processing of streams of events in real time. CEP which is a push-based system can process streaming data to identify the intrusion patterns in near real time and respond to the threats. An Intrusion Detection System (IDS) based on single sensor may fail to give accurate identification of intrusion. Hence there is a need for multisensor based IDS. A multisensor-based IDS enables identification of the intrusion patterns semantically by correlating the events and context information provided by multiple sensors. JDL multisource data fusion model is a well-known research model first established by the Joint Directorate Laboratories. This paper proposes JDL fusion framework-based CEP for semantic intrusion detection. The events generated from heterogeneous sensors are collected, aggregated using logical and spatiotemporal relations to form complex events which model the intrusion patterns. The proposed system is implemented and the results show that the proposed system out performs the pull-based solutions in terms of detection accuracy and detection time.

  9. Fuzzy Aided Application Layer Semantic Intrusion Detection System - FASIDS

    CERN Document Server

    Sangeetha, S; 10.5121/ijnsa.2010.2204

    2010-01-01

    The objective of this is to develop a Fuzzy aided Application layer Semantic Intrusion Detection System (FASIDS) which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time interval. For detecting such malicious activities, FASIDS is proposed in this paper. At application layer, HTTP traffic's header and payload are analyzed for possible intrusion. In the proposed misuse detection module, the semantic intrusion detection system works on the basis of rules that define various application layer misuses that are found in the network. An attack identified by the IDS is based on a corresponding rule in the rule-base. An event that doesn't make a 'hit' on the rule-base is given to a Fuzzy Intrusion Detection System (FIDS) for further analysis.

  10. Intrusion Prevention/Intrusion Detection System (IPS/IDS for Wifi Networks

    Directory of Open Access Journals (Sweden)

    Michal Korcak

    2014-07-01

    Full Text Available The nature of wireless networks itself created new vulnerabilities that in the classical wired network s do not exist. This results in an evolutional requireme nt to implement new sophisticated security mechanis m in form of Intrusion Detection and Prevention Systems. This paper deals with security issues of small off ice and home office wireless networks. The goal of our work is to design and evaluate wireless IDPS with u se of packet injection method. Decrease of attacker’s traffic by 95% was observed when compared to attacker’s traffic without deployment of proposed I DPS system.

  11. Protecting coastal abstraction boreholes from seawater intrusion using self-potential data

    Science.gov (United States)

    Graham, Malcolm; Butler, Adrian; MacAllister, Donald John; Vinogradov, Jan; Ijioma, Amadi; Jackson, Matthew

    2016-04-01

    We investigate whether the presence and transport of seawater can influence self-potentials (SPs) measured within coastal groundwater boreholes, with a view to using SP monitoring as part of an early warning system for saline intrusion. SP data were collected over a period of 18 months from a coastal groundwater borehole in the fractured Chalk of England. Spectral analysis of the results shows semi-diurnal fluctuations that are several orders of magnitude higher than those observed from monitoring of the Chalk more than 60 km inland, indicating a strong influence from oceanic tides. Hydrodynamic and geoelectric modelling of the coastal aquifer suggests that observed pressure changes (giving rise to the streaming potential) are not sufficient to explain the magnitude of the observed SP fluctuations. Simulation of the exclusion-diffusion potential, produced by changes in concentration across the saline front, is required to match the SP data from the borehole, despite the front being located some distance away. In late summer of 2013 and 2014, seawater intrusion occurred in the coastal monitoring borehole. When referenced to the shallowest borehole electrode, there was a characteristic increase in SP within the array, several days before any measurable increase in salinity. The size of this precursor increased steadily with depth, typically reaching values close to 0.3 mV in the deepest electrode. Numerical modelling suggests that the exclusion-diffusion potential can explain the magnitude of the precursor, but that the polarity of the change in SP cannot be replicated assuming a homogeneous aquifer. Small-scale models of idealised Chalk blocks were used to simulate the effects of discrete fractures on the distribution of SP. Initial results suggest that comparatively large reductions in voltage can develop in the matrix ahead of the front, in conjunction with a reduced or absent precursor in the vicinity of a fracture. Geophysical logging indicates the presence of a

  12. Cyclone, Salinity Intrusion and Adaptation and Coping Measures in Coastal Bangladesh

    Directory of Open Access Journals (Sweden)

    Sebak Kumar Saha

    2017-06-01

    Full Text Available Although households in the coastal areas of Bangladesh undertake various adaptation and coping measures to minimise their vulnerability to cyclone hazards and salinity intrusion, these autonomous measures have received little attention in the past. However, the Government of Bangladesh has recently emphasised the importance of understanding these measures so that necessary interventions to make households more resilient to natural hazards and the adverse impacts of climate change can be introduced. This paper, based on secondary sources, explores adaptation and coping measures that households in the coastal areas of Bangladesh undertake to minimise their vulnerability to cyclone hazards and salinity intrusion. This paper shows that many of the adaptation and coping measures contribute to making households less vulnerable and more resilient to cyclone hazards and salinity intrusion, although some coping measures do the opposite as they reduce households’ adaptive capacities instead of improving them. This paper argues that the adaptation and coping measures that contribute to reducing households’ vulnerability to natural hazards need to be supported and guided by the government and NGOs to make them more effective. Additionally, measures that make households more vulnerable also need to be addressed by the government and NGOs, as most of these measures are related to and constrained by both poverty, and because the households have little or no access to economic opportunities.

  13. Revisiting anomaly-based network intrusion detection systems

    NARCIS (Netherlands)

    Bolzoni, Damiano

    2009-01-01

    Intrusion detection systems (IDSs) are well-known and widely-deployed security tools to detect cyber-attacks and malicious activities in computer systems and networks. A signature-based IDS works similar to anti-virus software. It employs a signature database of known attacks, and a successful match

  14. A Fiber-Optical Intrusion Alarm System Based on Quasi-Distributed Fiber Bragg Grating Sensors

    Institute of Scientific and Technical Information of China (English)

    Qi Jiang; Yun-Jiang Rao; De-Hong Zeng

    2008-01-01

    A fiber-optical intrusion alarm system based on quasi-distributed fiber Bragg grating (FBG) sensors is demonstrated in this paper. The algorithms of empirical mode decomposition (EMD) and wavelet packet characteristic entropy are adopted to determine the intrusion location. The intrusion alarm software based on the Labview is developed, and it is also proved by the experiments. The results show that such a fiber-optical intrusion alarm system can offer the automatic intrusion alarm in real-time.

  15. A new data normalization method for unsupervised anomaly intrusion detection

    Institute of Scientific and Technical Information of China (English)

    Long-zheng CAI; Jian CHEN; Yun KE; Tao CHEN; Zhi-gang LI

    2010-01-01

    Unsupervised anomaly detection can detect attacks without the need for clean or labeled training data.This paper studies the application of clustering to unsupervised anomaly detection(ACUAD).Data records are mapped to a feature space.Anomalies are detected by determining which points lie in the sparse regions of the feature space.A critical element for this method to be effective is the definition of the distance function between data records.We propose a unified normalization distance framework for records with numeric and nominal features mixed data.A heuristic method that computes the distance for nominal features is proposed,taking advantage of an important characteristic of nominal features-their probability distribution.Then,robust methods are proposed for mapping numeric features and computing their distance,these being able to tolerate the impact of the value difference in scale and diversification among features,and outliers introduced by intrusions.Empirical experiments with the KDD 1999 dataset showed that ACUAD can detect intrusions with relatively low false alarm rates compared with other approaches.

  16. Intrusion Detection Systems Based On Packet Sniffing

    Directory of Open Access Journals (Sweden)

    Ushus Maria Joseph

    2013-01-01

    Full Text Available In the present era of networks, security of network systems is becoming increasingly important, as more and more sensitive information is being stored and manipulated online. The paper entitled ’Packet Sniffing’ is a IDS where it monitors packets on the network wire and attempts to the discovery of hacker/cracker who is attempting to break into system. Packet Sniffing also finds the contents and tracks the data packet in the network system. This sniffing is being performed by comparing the captured packet with the intruder details stored in the database .If the packet is found to be an intruder it is then forwarded to the firewall with the respective message for blocking. The Emotional Ants module contains the sender and receiver .The sender will inform all the other Ants running in other machines about the detection of intruder through his pheromone (Messages. The receiver in Ants will listen for the messages from other Ants

  17. An adaptive structure data acquisition system using a graphical-based programming language

    Science.gov (United States)

    Baroth, Edmund C.; Clark, Douglas J.; Losey, Robert W.

    1992-01-01

    An example of the implementation of data fusion using a PC and a graphical programming language is discussed. A schematic of the data acquisition system and user interface panel for an adaptive structure test are presented. The computer programs (a series of icons 'wired' together) are also discussed. The way in which using graphical-based programming software to control a data acquisition system can simplify analysis of data, promote multidisciplinary interaction, and provide users a more visual key to understanding their data are shown.

  18. Accumulo/Hadoop, MongoDB, and Elasticsearch Performance for Semi Structured Intrusion Detection (IDS) Data

    Science.gov (United States)

    2016-11-01

    including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the...board analytics and surgical queries must be supported. 15. SUBJECT TERMS NoSQL performance, intrusion detection system, data storage, Hadoop...NoSQL solution. Although all offer excellent scalability and performance, the correct one that will maximize performance over the long term for our

  19. HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NETWORK

    Directory of Open Access Journals (Sweden)

    Seyedeh Yasaman Rashida

    2013-06-01

    Full Text Available In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.

  20. Data reduction in the ITMS system through a data acquisition model with self-adaptive sampling rate

    Energy Technology Data Exchange (ETDEWEB)

    Ruiz, M. [Grupo de Investigacion en Instrumentacion y Acustica Aplicada, Universidad Politecnica de Madrid (UPM), Crta. Valencia Km-7, Madrid 28031 (Spain)], E-mail: mariano.ruiz@upm.es; Lopez, JM.; Arcas, G. de [Grupo de Investigacion en Instrumentacion y Acustica Aplicada, Universidad Politecnica de Madrid (UPM), Crta. Valencia Km-7, Madrid 28031 (Spain); Barrera, E. [Departamento de Sistemas Electronicos y de Control, Universidad Politecnica de Madrid (UPM), Crta. Valencia Km-7, Madrid 28031 (Spain); Melendez, R. [Grupo de Investigacion en Instrumentacion y Acustica Aplicada, Universidad Politecnica de Madrid (UPM), Crta. Valencia Km-7, Madrid 28031 (Spain); Vega, J. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain)

    2008-04-15

    Long pulse or steady state operation of fusion experiments require data acquisition and processing systems that reduce the volume of data involved. The availability of self-adaptive sampling rate systems and the use of real-time lossless data compression techniques can help solve these problems. The former is important for continuous adaptation of sampling frequency for experimental requirements. The latter allows the maintenance of continuous digitization under limited memory conditions. This can be achieved by permanent transmission of compressed data to other systems. The compacted transfer ensures the use of minimum bandwidth. This paper presents an implementation based on intelligent test and measurement system (ITMS), a data acquisition system architecture with multiprocessing capabilities that permits it to adapt the system's sampling frequency throughout the experiment. The sampling rate can be controlled depending on the experiment's specific requirements by using an external dc voltage signal or by defining user events through software. The system takes advantage of the high processing capabilities of the ITMS platform to implement a data reduction mechanism based in lossless data compression algorithms which are themselves based in periodic deltas.

  1. Preventing Point-of-Sale System Intrusions

    Science.gov (United States)

    2014-06-01

    with certain digits (e.g., a 4 for a Visa or a 5 for a MasterCard). This in fact is the premise behind memory scraping malicious code. Venter et al...beneficial due to the fact that some point-of-sale system users conduct non-business Internet activities (e.g., checking email or browsing Web sites) on... scraping ,” which refers to the act of capturing card data as it briefly enters an unencrypted state in a point- of-sale terminal’s random access

  2. SSHCure: a flow-based SSH intrusion detection system

    NARCIS (Netherlands)

    Hellemons, Laurens; Hendriks, Luuk; Hofstede, Rick; Sperotto, Anna; Sadre, Ramin; Pras, Aiko

    2012-01-01

    SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the

  3. Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system

    OpenAIRE

    Kokkonen, Tero

    2016-01-01

    Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same time it offers many possible attack vectors that can be abused for cyber vandalism, cyber crime, cyber espionage or cyber terrorism. Those threats produce requirements for cyber security situational awareness and intrusion detection capability. This dissertation conc...

  4. Intelligent Intrusion Detection System%智能型入侵检测系统的研究

    Institute of Scientific and Technical Information of China (English)

    陆立峥; 陈金山

    2012-01-01

    In view of the current existing intrusion detection system to identify intrusion behavior accurately and the new attack behavior detection efficiency is high, the shortcomings of poor adaptability and flexibility, the neural network with intrusion detection system combined with neural network, selflearning, adaptive ability to solve intrusion detection system intelligent problem, and construct ANN intelligent intrusion detection system, the system has higher detection accuracy and recognition of intrusion behavior ability.%针对目前现有的入侵检测系统在识别入侵行为的准确性和对新的攻击行为的检测方面效率不高,适应性和灵活性较差的缺点,项目组将神经网络与入侵检测系统相结合,利用神经网络的自学习、自适应能力解决入侵检测系统的智能化问题,构建了智能型入侵检测系统。该系统具有较高的检测正确率和识别入侵行为的能力。

  5. Nuclear data needs for non-intrusive inspection.

    Energy Technology Data Exchange (ETDEWEB)

    Smith, D. L.; Michlich, B. J.

    2000-11-29

    Various nuclear-based techniques are being explored for use in non-intrusive inspection. Their development is motivated by the need to prevent the proliferation of nuclear weapons, to thwart trafficking in illicit narcotics, to stop the transport of explosives by terrorist organizations, to characterize nuclear waste, and to deal with various other societal concerns. Non-intrusive methods are sought in order to optimize inspection speed, to minimize damage to packages and containers, to satisfy environmental, health and safety requirements, to adhere to legal requirements, and to avoid inconveniencing the innocent. These inspection techniques can be grouped into two major categories: active and passive. They almost always require the use of highly penetrating radiation and therefore are generally limited to neutrons and gamma rays. Although x-rays are widely employed for these purposes, their use does not constitute nuclear technology and therefore is not discussed here. This paper examines briefly the basic concepts associated with nuclear inspection and investigates the related nuclear data needs. These needs are illustrated by considering four of the methods currently being developed and tested.

  6. Rule Generalisation in Intrusion Detection Systems using Snort

    CERN Document Server

    Aickelin, Uwe; Hesketh-Roberts, Thomas

    2008-01-01

    Intrusion Detection Systems (ids)provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An ids responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of ids use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source ids that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard d...

  7. Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

    NARCIS (Netherlands)

    Bolzoni, Damiano; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter

    2006-01-01

    We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection r

  8. Weaknesses, Vulnerabilities And Elusion Strategies Against Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Hossein Jadidoleslamy

    2012-09-01

    Full Text Available One of most important existent issues in information security application domain is Intrusion Detection System (IDS; IDS is a defensive-aggressive system to protect information, verifying and responding tooccurring attacks on computer systems and networks. This paper discusses different topics including presenting some strategies against IDSs to passing from them; this leads to improving detection level and performance of IDS; also, this paper considers some intrusion tools, new attacks patterns and trackingprevention techniques. In addition, it discusses vulnerabilities, security holes and IDSs' structural and systemic problems to eliminating defects, reducing penetrates and correcting their behavior. Finally, it leads to increasing the functionality coefficient of IDSs, promoting the security level of computer systems and networks, increasing the trust of authorized users. So, the proposed methods in this paper can apply to improving the IDSs by using inverse engineering methods.

  9. Security Policy Based on Firewall and Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Hemdeep Kaur Bimbraw

    2014-11-01

    Full Text Available Firewalls are usually the first component of network security. They separate networks in different security levels by utilizing network access control policies. The major function of the firewall is to protect the private network from non-legitimate traffic. The main purpose of a firewall system is to control access to or from a protected network. It implements a network access policy by forcing connections to pass through the firewall, where they can be examined and evaluated. Intrusion detection is the process of monitoring and searching networks of computers and systems for security policy violations. Intrusion Detection Systems (IDSs are software or hardware products that automate this monitoring and analysis process. An IDS inspects all inbound and outbound network activity, system logs and events, and identifies suspicious patterns or events that may indicate a network or system attack from someone attempting to break into or compromise a system. The network security in today’s world is a major concern because of increasing threats from malicious users. Therefore, designing a correct network security policy is a challenging task. To design filtering rules to formulate a sound firewall security policy and implement intrusion detection system to capture network packets and detect attacks to fulfill this gap

  10. Distributed Intrusion Detection System for Ad hoc Mobile Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Nawaz Khan

    2012-01-01

    Full Text Available In mobile ad hoc network resource restrictions on bandwidth, processing capabilities, battery life and memory of mobile devices lead tradeoff between security and resources consumption. Due to some unique properties of MANETs, proactive security mechanism like authentication, confidentiality, access control and non-repudiation are hard to put into practice. While some additional security requirements are also needed, like cooperation fairness, location confidentiality, data freshness and absence of traffic diversion. Traditional security mechanism i.e. authentication and encryption, provide a security beach to MANETs. But some reactive security mechanism is required who analyze the routing packets and also check the overall network behavior of MANETs. Here we propose a local-distributed intrusion detection system for ad hoc mobile networks. In the proposed distributed-ID, each mobile node works as a smart agent. Data collect by node locally and it analyze that data for malicious activity. If any abnormal activity discover, it informs the surrounding nodes as well as the base station. It works like a Client-Server model, each node works in collaboration with server, updating its database each time by server using Markov process. The proposed local distributed- IDS shows a balance between false positive and false negative rate. Re-active security mechanism is very useful in finding abnormal activities although proactive security mechanism present there. Distributed local-IDS useful for deep level inspection and is suited with the varying nature of the MANETs.

  11. Predicting Packet Transmission Data over IP Networks Using Adaptive Neuro-Fuzzy Inference Systems

    Directory of Open Access Journals (Sweden)

    Samira Chabaa

    2009-01-01

    Full Text Available Problem statement: The statistical modeling for predicting network traffic has now become a major tool used for network and is of significant interest in many domains: Adaptive application, congestion and admission control, wireless, network management and network anomalies. To comprehend the properties of IP-network traffic and system conditions, many kinds of reports based on measured network traffic data have been reported by several researchers. The goal of the present contribution was to complement these previous researches by predicting network traffic data. Approach: The Adaptive Neuro-Fuzzy Inference System (ANFIS was realized by an appropriate combination of fuzzy systems and neural networks. It was applied in different applications which have been increased in recent years and have multidisciplinary in several domains with a high accuracy. For this reason, we used a set of input and output data of packet transmission over Internet Protocol (IP networks as input and output of ANFIS to develop a model for predicting data. Results: ANFIS was compared with some existing model based on Volterra system with Laguerre functions. The obtained results demonstrate that the sequences of generated values have the same statistical characteristics as those really observed. Furthermore, the relative error using ANFIS model was better than this obtained by Volterra system model. Conclusion: The developed model fits well real data and can be used for predicting purpose with a high accuracy.

  12. Detecting network intrusions by data mining and variable-length sequence pattern matching

    Institute of Scientific and Technical Information of China (English)

    Tian Xinguang; Duan Miyi; Sun Chunlai; Liu Xin

    2009-01-01

    Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux systems. The method uses the data mining technique to model the normal behavior of a privileged program and uses a variable-length pattern matching algorithm to perform the comparison of the current behavior and historic normal behavior, which is more suitable for this problem than the fixed-length pattern matching algorithm proposed by Forrest et al. At the detection stage, the particularity of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy and is especially applicable for on-line detection. The performance of the method is evaluated using the typical testing data set, and the results show that it is significantly better than the anomaly detection method based on hidden Markov models proposed by Yan et al. and the method based on fixed-length patterns proposed by Forrest and Hofmeyr. The novel method has been applied to practical hosted-based intrusion detection systems and achieved high detection performance.

  13. A methodical and adaptive framework for Data Warehouse of Salary Management System

    Directory of Open Access Journals (Sweden)

    Manzoor Ahmad

    2015-11-01

    Full Text Available Years of experience as an employee of University of Kashmir has always desired us to have a typical solution where most of the activities related to salary are fully automated without checking across the files whenever there is a need e.g. individual month‟s salary report , web based information submission, filing of returns , increment information etc. After thorough analysis , taking employee satisfaction , sensitivity and security of data , a long term solution was to develop a centralized University salary management system and its data warehouse . In this paper the design and implementation of an adaptive data warehouse is presented which supports large volume of data and saves the cost effectively. It also enable decision makers pose queries and question to the system. However decision support systems only support a set of queries and operations that are to be performed.

  14. A methodical and adaptive framework for Data Warehouse of Salary Management System

    Directory of Open Access Journals (Sweden)

    Manzoor Ahmad

    2014-06-01

    Full Text Available Years of experience as an employee of University of Kashmir has always desired us to have a typical solution where most of the activities related to salary are fully automated without checking across the files whenever there is a need e.g. individual month‟s salary report , web based information submission, filing of returns , increment information etc. After thorough analysis , taking employee satisfaction , sensitivity and security of data , a long term solution was to develop a centralized University salary management system and its data warehouse . In this paper the design and implementation of an adaptive data warehouse is presented which supports large volume of data and saves the cost effectively. It also enable decision makers pose queries and question to the system. However decision support systems only support a set of queries and operations that are to be performed.

  15. Intrusion Correlation Using Ontologies and Multi-agent Systems

    Science.gov (United States)

    Isaza, Gustavo; Castillo, Andrés; López, Marcelo; Castillo, Luis; López, Manuel

    This paper proposes an ontology model for representing intrusion detection events and prevention rules, integrating multiagent systems based on unsupervised and supervised techniques for classification, correlation and pattern recognition. The semantic model describes attacks signatures, reaction tasks, axioms with alerts communication and correlation; nevertheless we have developed the prevention architecture integrated with another security tools. This article focuses on the approach to incorporate semantic operations that facilitate alerts correlation process and providing the inference and reasoning to the ontology model.

  16. Internet Intrusion Detection System Service in a Cloud

    Directory of Open Access Journals (Sweden)

    Amirreza Zarrabi

    2012-09-01

    Full Text Available Intrusion Detection Systems (IDS have been used widely to detect malicious behaviors in network communication and hosts. It is defined as a computer network system to collect information on a number of key points, and analyze this information to see whether there are violations of network security policy behavior and signs of attack. IDS aroused the concern of users as an important computer network security technology. In recent times, with the advent of Cloud Computing, the concepts of Software as a Service (SaaS, where vendors provide key software products as services over the internet that can be accessed by users to perform complex tasks, have become increasingly popular. Cloud Computing is a method to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. We introduce a Cloud Intrusion Detection System Services (CIDSS which is developed based on Cloud Computing and can make up for the deficiency of traditional intrusion detection, and proved to be great scalable. CIDSS can be utilized to overcome the critical challenge of keeping the client secure from cyber attacks while benefit the features which are presented by Cloud Computing technology.

  17. Evaluating the Strengths and Weaknesses of Mining Audit Data for Automated Models for Intrusion Detection in Tcpdump and Basic Security Module Data

    Directory of Open Access Journals (Sweden)

    A. Arul Lawrence Selvakumar

    2012-01-01

    Full Text Available Problem statement: Intrusion Detection System (IDS have become an important component of infrastructure protection mechanism to secure the current and emerging networks, its services and applications by detecting, alerting and taking necessary actions against the malicious activities. The network size, technology diversities and security policies make networks more challenging and hence there is a requirement for IDS which should be very accurate, adaptive, extensible and more reliable. Although there exists the novel framework for this requirement namely Mining Audit Data for Automated Models for Intrusion Detection (MADAM ID, it is having some performance shortfalls in processing the audit data. Approach: Few experiments were conducted on tcpdump data of DARPA and BCM audit files by applying the algorithms and tools of MADAM ID in the processing of audit data, mine patterns, construct features and build RIPPER classifiers. By putting it all together, four main categories of attacks namely DOS, R2L, U2R and PROBING attacks were simulated. Results: This study outlines the experimentation results of MADAM ID in testing the DARPA and BSM data on a simulated network environment. Conclusion: The strengths and weakness of MADAM ID has been identified thru the experiments conducted on tcpdump data and also on Pascal based audit files of Basic Security Module (BSM. This study also gives some additional directions about the future applications of MADAM ID.

  18. Acquisition of an Integrated System for Laser-Assisted Non-Intrusive Experimentation and Data-Driven Reduced-Order Modeling

    Science.gov (United States)

    2015-05-13

    experimental fluid dynamics ; and (iii) a 3D scanner for computational mesh data. All these three components have been acquired and installed...structural vibration tests; (ii) a 3D particle image velocimetry (PIV) system for experimental fluid dynamics ; and (iii) a 3D scanner for...Vibrometer, LaVision 3D PIV System, and COMET L3D Laser Scanner System, respectively installed in the Aerospace Structural Dynamics Laboratory, the Wind

  19. Multi-layer holographic bifurcative neural network system for real-time adaptive EOS data analysis

    Science.gov (United States)

    Liu, Hua-Kuang; Huang, K. S.; Diep, J.

    1993-01-01

    Optical data processing techniques have the inherent advantage of high data throughout, low weight and low power requirements. These features are particularly desirable for onboard spacecraft in-situ real-time data analysis and data compression applications. the proposed multi-layer optical holographic neural net pattern recognition technique will utilize the nonlinear photorefractive devices for real-time adaptive learning to classify input data content and recognize unexpected features. Information can be stored either in analog or digital form in a nonlinear photofractive device. The recording can be accomplished in time scales ranging from milliseconds to microseconds. When a system consisting of these devices is organized in a multi-layer structure, a feedforward neural net with bifurcating data classification capability is formed. The interdisciplinary research will involve the collaboration with top digital computer architecture experts at the University of Southern California.

  20. Clustering of tethered satellite system simulation data by an adaptive neuro-fuzzy algorithm

    Science.gov (United States)

    Mitra, Sunanda; Pemmaraju, Surya

    1992-01-01

    Recent developments in neuro-fuzzy systems indicate that the concepts of adaptive pattern recognition, when used to identify appropriate control actions corresponding to clusters of patterns representing system states in dynamic nonlinear control systems, may result in innovative designs. A modular, unsupervised neural network architecture, in which fuzzy learning rules have been embedded is used for on-line identification of similar states. The architecture and control rules involved in Adaptive Fuzzy Leader Clustering (AFLC) allow this system to be incorporated in control systems for identification of system states corresponding to specific control actions. We have used this algorithm to cluster the simulation data of Tethered Satellite System (TSS) to estimate the range of delta voltages necessary to maintain the desired length rate of the tether. The AFLC algorithm is capable of on-line estimation of the appropriate control voltages from the corresponding length error and length rate error without a priori knowledge of their membership functions and familarity with the behavior of the Tethered Satellite System.

  1. Network Threat Characterization in Multiple Intrusion Perspectives using Data Mining Technique

    Directory of Open Access Journals (Sweden)

    Oluwafemi Oriola

    2012-12-01

    Full Text Available For effective security incidence response on the network, a reputable approach must be in place at bothprotected and unprotected region of the network. This is because compromise in the demilitarized zonecould be precursor to threat inside the network. The improved complexity of attacks in present times andvulnerability of system are motivations for this work. Past and present approaches to intrusion detectionand prevention have neglected victim and attacker properties despite the fact that for intrusion to occur,an overt act by an attacker and a manifestation, observable by the intended victim, which results fromthat act are required. Therefore, this paper presents a threat characterization model for attacks from thevictim and the attacker perspective of intrusion using data mining technique. The data mining techniquecombines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Miningalgorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System wasused to rate exploits. The results of the experiment show that accurate threat characterization in multipleintrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved thatsequence of exploits could be used to rate threat and are motivated by victim properties and attackerobjectives.

  2. Lithologic mapping of mafic intrusions in East Greenland using Landsat Thematic Mapper data

    Science.gov (United States)

    Naslund, H. Richard; Birnie, R. W.; Parr, J. T.

    1989-01-01

    The East Greenland Tertiary Igneous Province contains a variety of intrusive and extrusive rock types. The Skaergaard complex is the most well known of the intrusive centers. Landsat thematic mapping (TM) was used in conjunction with field spectrometer data to map these mafic intrusions. These intrusions are of interest as possible precious metal ore deposits. They are spectrally distinct from the surrounding Precambrian gneisses. However, subpixel contamination by snow, oxide surface coatings, lichen cover and severe topography limit the discrimination of lithologic units within the gabbro. Imagery of the Skaergaard and surrounding vicinity, and image processing and enhancement techniques are presented. Student theses and other publications resulting from this work are also listed.

  3. A Frame of Intrusion Detection Learning System Utilizing Radial Basis Function

    Directory of Open Access Journals (Sweden)

    S.Selvakani Kandeeban

    2012-02-01

    Full Text Available The process of monitoring the events that occur in a computer system or network and analyzing them for signs of intrusion is known as Intrusion Detection System (IDS. Detection ability of most of the IDS are limited to known attack patterns; hence new signatures for novel attacks can be troublesome, time consuming and has high false alarm rate. To achieve this, system was trained and tested with known and unknown patterns with the help of Radial Basis Functions (RBF. KDD 99 IDE (Knowledge Discovery in Databases Intrusion Detection Evaluation data set was used for training and testing. The IDS is supposed to distinguish normal traffic from intrusions and to classify them into four classes: DoS, probe, R2L and U2R. The dataset is quite unbalanced, with 79% of the traffic belonging to the DoS category, 19% is normal traffic and less than 2% constitute the other three categories. The usefulness of the data set used for experimental evaluation has been demonstrated. The different metrics available for the evaluation of IDS were also introduced. Experimental evaluations were shown that the proposed methods were having the capacity of detecting a significant percentage ofrate and new attacks.

  4. Hybrid Adaptive Intrusion Prevention%自适应混合入侵防御

    Institute of Scientific and Technical Information of China (English)

    乔佩利; 韩伟

    2011-01-01

    This paper proposed a model of Intrusion Prevent System, which has the adaptive ability and apply a hybrid approach to host security that prevents binary code injection attacks. It incorporates three major components: an anomaly-based classifier, a signature-based filtering scheme, and a supervision framework that employs Instruction Set Randomization ( ISR ). ISR can precisely identify the injected code, the classifier and the filter via a learning mechanism based on this feedback can be tuned. Capturing the injected code allows FLIPS to construct signatures for zero-day exploits. Experimental results show that the model can discard input that is anomalous matches or malicious input, protecting the application from attack effectively.%提出一个应用混合的方法来阻止破坏主机安全的二进制代码注入式攻击并具有自适应能力的入侵防御系统模型(Feedback Leaming IPS,FLIPS).它包括三个主要组成部分:基于异常的分类器,基于签名的过滤系统,和采用指令集随机化(Instruction Set Randomization,ISR)的监管框架.ISR可以准确识别注入的代码,以这种反馈为基础对分类器和过滤器进行调整,并允许FLIPS对捕捉到的注入代码构建零日攻击签名.经试验表明,该模型能够丢弃那些匹配异常或已知的恶意输入,从而有效地保护应用程序免受攻击.

  5. A Comprehensive Study on Classification of Passive Intrusion and Extrusion Detection System

    Directory of Open Access Journals (Sweden)

    A.Kalaivani

    2013-05-01

    Full Text Available Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems namely Intrusion Prevention Systems (IPS, Intrusion Detection Systems (IDS. Intrusion Detection System (IDS monitors only inbound traffic which is insufficient to prevent botnet systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS. Therefore a hybrid system should be designed to handle both inbound and outbound traffic. Due to the increased false alarms preventive systems do not suite to an organizational network. The goal of this paper is to devise a taxonomy for cyber security and study the existing methods of Intrusion and Extrusion Detection systems based on three primary characteristics. The metrics used to evaluate IDS and EDS are also presented.

  6. A Pattern Matching Algorithm for Reducing False Positive in Signature Based Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    T. Sree Kala,

    2016-04-01

    Full Text Available Nowadays the organizations are facing the number of threats every day in the form of viruses and attack etc. Since many different mechanisms were preferred by organizations in the form of intrusion detection and prevention system to protect its organizations from these kinds of attacks. Intrusion Detection System (IDS is considered as a system integrated with intelligent subsystems. In this paper the signature based intrusion detection system is discussed. There are different pattern matching algorithms available to detect intrusion. Brute force and Knuth-Morris-Pratt are the single keyword pattern matching algorithms. If one or more occurrence of pattern present in the input text, then there is an intrusion and the intrusion alarm will be sent. The occurrence of false alarm will be high in intrusion detection. In this paper the string matching algorithm to reduce the percentage of false alarm will be discussed.

  7. Data-Driven Multiagent Systems Consensus Tracking Using Model Free Adaptive Control.

    Science.gov (United States)

    Bu, Xuhui; Hou, Zhongsheng; Zhang, Hongwei

    2017-03-14

    This paper investigates the data-driven consensus tracking problem for multiagent systems with both fixed communication topology and switching topology by utilizing a distributed model free adaptive control (MFAC) method. Here, agent's dynamics are described by unknown nonlinear systems and only a subset of followers can access the desired trajectory. The dynamical linearization technique is applied to each agent based on the pseudo partial derivative, and then, a distributed MFAC algorithm is proposed to ensure that all agents can track the desired trajectory. It is shown that the consensus error can be reduced for both time invariable and time varying desired trajectories. The main feature of this design is that consensus tracking can be achieved using only input-output data of each agent. The effectiveness of the proposed design is verified by simulation examples.

  8. Adaptive Learning Management System

    Directory of Open Access Journals (Sweden)

    Violeta Moisa

    2013-06-01

    Full Text Available This article is an introduction to a new model for an adaptive Learning Management System. It presents the current e-learning standards and describes the elements that can be used to create the system: the sequencing control modes, sequencing rules, navigation controls, learning records and learning record stores. The model is based on artificial intelligent algorithms that analyze the data captured for each user and creates an adaptive navigation path through the learning content of the system, allowing each user to experience the content in different ways

  9. Hybrid Intrusion Detection System for DDoS Attacks

    Directory of Open Access Journals (Sweden)

    Özge Cepheli

    2016-01-01

    Full Text Available Distributed denial-of-service (DDoS attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS, for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

  10. Network Analysis of Reconnaissance and Intrusion of an Industrial Control System

    Science.gov (United States)

    2016-09-01

    gateway was not configured on any host and only the engineering workstation was configured for DNS with address 10.10.10.250/24. 2.1.1 Security ... security configurations in order to increase the amount of security for an industrial control system (ICS). The first objective was to evaluate how network...15. SUBJECT TERMS industrial control system, ICS, supervisory control and data acquisition, SCADA, intrusion detection, network security , Modbus 16

  11. Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection.

    Science.gov (United States)

    Al-Jarrah, Omar Y; Alhussein, Omar; Yoo, Paul D; Muhaidat, Sami; Taha, Kamal; Kim, Kwangjo

    2016-08-01

    Botnets, which consist of remotely controlled compromised machines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient countermeasure against botnets. It continually monitors and analyzes network traffic for potential vulnerabilities and possible existence of active attacks. A payload-inspection-based IDS (PI-IDS) identifies active intrusion attempts by inspecting transmission control protocol and user datagram protocol packet's payload and comparing it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated by packet encryption. Traffic-based IDS (T-IDS) alleviates the shortcomings of PI-IDS, as it does not inspect packet payload; however, it analyzes packet header to identify intrusions. As the network's traffic grows rapidly, not only the detection-rate is critical, but also the efficiency and the scalability of IDS become more significant. In this paper, we propose a state-of-the-art T-IDS built on a novel randomized data partitioned learning model (RDPLM), relying on a compact network feature set and feature selection techniques, simplified subspacing and a multiple randomized meta-learning technique. The proposed model has achieved 99.984% accuracy and 21.38 s training time on a well-known benchmark botnet dataset. Experiment results demonstrate that the proposed methodology outperforms other well-known machine-learning models used in the same detection task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, and randomTree.

  12. Cross-layer design for intrusion detection and data security in wireless ad hoc sensor networks

    Science.gov (United States)

    Hortos, William S.

    2007-09-01

    and trust neighborhood, collecting parametric information and executing assigned decision tasks. The communications overhead due to security mechanisms and the latency in network response are thus minimized by reducing the need to move large amounts of audit data through resource-limited nodes and by locating detection/identification programs closer to audit data. If network partitioning occurs due to uncoordinated node exhaustion, data compromise or other effects of the attacks, the mobile agents can continue to operate, thereby increasing fault tolerance in the network response to intrusions. Since the mobile agents behave like an ant colony in securing the WSN, published ant colony optimization (ACO) routines and other evolutionary algorithms are adapted to protect network security, using data at and through nodes to create audit records to detect and respond to denial-of-service attacks. Performance evaluations of algorithms are performed by simulation of a few intrusion attacks, such as black hole, flooding, Sybil and others, to validate the ability of the cross-layer algorithms to enable WSNs to survive the attacks. Results are compared for the different algorithms.

  13. Hydrodynamic modeling of the intrusion phenomenon in water distribution systems; Modelacion hidrodinamica del fenomeno de intrusion en tuberia de abastecimiento

    Energy Technology Data Exchange (ETDEWEB)

    Lopez-Jimenez, Petra Amparo; Mora-Rodriguez, Jose de Jesus; Perez-Garcia, Rafael; Martinez-Solano, F. Javier [Universidad Politecnica de Valencia (Spain)

    2008-10-15

    This paper describes a strategy for the hydrodynamic modeling of the pathogen intrusion phenomenon in water distribution systems by the combination of a breakage with a depression situation. This scenario will be modeled computationally and experimentally. The phenomenon to be represented by both simulations is the same: the entrance of an external volume into the circulation of a main volume, known as a pathogen intrusion, as long as the main volume is potable water. To this end, a prototype and a computational model based on Computational Fluid Dynamics (CFD) are used, which allow visualizing the fields of speeds and pressures in a simulated form. With the comparison of the results of both models, conclusions will be drawn on the detail of the studied pathogen intrusion phenomenon. [Spanish] En el presente documento se describe una estrategia de modelacion del fenomeno hidrodinamico de la intrusion patogena en redes de distribucion de agua por combinacion de una rotura con una situacion de depresion. Este escenario sera modelado computacional y experimentalmente. El fenomeno que se desea representar con ambas simulaciones es el mismo: la entrada de un caudal externo a una conduccion para la que circula un caudal principal, denominado intrusion patogena, siempre y cuando el caudal principal sea agua potable. Para ello se dispone de un prototipo y un modelo computacional basado en la Dinamica de Fluidos Computacional (DFC de aqui en adelante), que permite visualizar los campos de velocidades y presiones de forma simulada. Con la comparacion de los resultados de ambos modelos se extraeran conclusiones sobre el detalle del fenomeno de la intrusion patogena estudiado.

  14. Nuclear-power-plant perimeter-intrusion alarm systems

    Energy Technology Data Exchange (ETDEWEB)

    Halsey, D.J.

    1982-04-01

    Timely intercept of an intruder requires the examination of perimeter barriers and sensors in terms of reliable detection, immediate assessment and prompt response provisions. Perimeter security equipment and operations must at the same time meet the requirements of the Code of Federal Regulations, 10 CFR 73.55 with some attention to the performance and testing figures of Nuclear Regulatory Guide 5.44, Revision 2, May 1980. A baseline system is defined which recommends a general approach to implementing perimeter security elements: barriers, lighting, intrusion detection, alarm assessment. The baseline approach emphasizes cost/effectiveness achieved by detector layering and logic processing of alarm signals to produce reliable alarms and low nuisance alarm rates. A cost benefit of layering along with video assessment is reduction in operating expense. The concept of layering is also shown to minimize testing costs where detectability performance as suggested by Regulatory Guide 5.44 is to be performed. Synthesis of the perimeter intrusion alarm system and limited testing of CCTV and Video Motion Detectors (VMD), were performed at E-Systems, Greenville Division, Greenville, Texas during 1981.

  15. Intrusion Detection System with Hierarchical Different Parallel Classification

    Directory of Open Access Journals (Sweden)

    Behrouz Safaiezadeh

    2015-12-01

    Full Text Available Todays, lives integrated to networks and internet. The needed information is transmitted through networks. So, someone may attempt to abuse the information and attack and make changes by weakness of networks. Intrusion Detection System is a system capable to detect some attacks. The system detects attacks through classifier construction and considering IP in network. The recent researches showed that a fundamental classification cannot be effective lonely and due to its errors, but mixing some classifications provide better efficiency. So, the current study attempt to design three classes of support vector machine, the neural network of multilayer perceptron and parallel fuzzy system in which there are trained dataset and capability to detect two classes. Finally, decisions made by an intermediate network due to type of attack. In the present research, suggested system tested through dataset of KDD99 and results indicated appropriate efficiency 99.71% in average.

  16. Immune System Approaches to Intrusion Detection - A Review

    CERN Document Server

    Kim, Jungwon; Aickelin, Uwe; Greensmith, Julie; Tedesco, Gianni; Twycross, Jamie

    2008-01-01

    The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

  17. An Intrusion Detection System for Kaminsky DNS Cache poisoning

    Directory of Open Access Journals (Sweden)

    Dhrubajyoti Pathak, Kaushik Baruah

    2013-09-01

    Full Text Available Domain Name System (DNS is the largest and most actively distributed, hierarchical and scalable database system which plays an incredibly inevitable role behind the functioning of the Internet as we know it today. A DNS translates human readable and meaningful domain names such as www.iitg.ernet.in into an Internet Protocol (IP address such as 202.141.80.6. It is used for locating a resource on the World Wide Web. Without a DNS, the Internet services as we know it, would come to a halt. In our thesis, we proposed an Intrusion Detection System(IDS for Kaminsky cache poisoning attacks. Our system relies on the existing properties of the DNS protocol.

  18. Evolution of optically nondestructive and data-non-intrusive credit card verifiers

    Science.gov (United States)

    Sumriddetchkajorn, Sarun; Intaravanne, Yuttana

    2010-04-01

    Since the deployment of the credit card, the number of credit card fraud cases has grown rapidly with a huge amount of loss in millions of US dollars. Instead of asking more information from the credit card's holder or taking risk through payment approval, a nondestructive and data-non-intrusive credit card verifier is highly desirable before transaction begins. In this paper, we review optical techniques that have been proposed and invented in order to make the genuine credit card more distinguishable than the counterfeit credit card. Several optical approaches for the implementation of credit card verifiers are also included. In particular, we highlight our invention on a hyperspectral-imaging based portable credit card verifier structure that offers a very low false error rate of 0.79%. Other key features include low cost, simplicity in design and implementation, no moving part, no need of an additional decoding key, and adaptive learning.

  19. Thermal Error Modelling of the Spindle Using Data Transformation and Adaptive Neurofuzzy Inference System

    Directory of Open Access Journals (Sweden)

    Yanlei Li

    2015-01-01

    Full Text Available This paper proposes a new method for predicting spindle deformation based on temperature data. The method introduces the adaptive neurofuzzy inference system (ANFIS, which is a neurofuzzy modeling approach that integrates the kernel and geometrical transformations. By utilizing data transformation, the number of ANFIS rules can be effectively reduced and the predictive model structure can be simplified. To build the predictive model, we first map the original temperature data to a feature space with Gaussian kernels. We then process the mapped data with the geometrical transformation and make the data gather in the square region. Finally, the transformed data are used as input to train the ANFIS. A verification experiment is conducted to evaluate the performance of the proposed method. Six Pt100 thermal resistances are used to monitor the spindle temperature, and a laser displacement sensor is used to detect the spindle deformation. Experimental results show that the proposed method can precisely predict the spindle deformation and greatly improve the thermal performance of the spindle. Compared with back propagation (BP networks, the proposed method is more suitable for complex working conditions in practical applications.

  20. The Use of Adaptive Traffic Signal Systems Based on Floating Car Data

    Directory of Open Access Journals (Sweden)

    Vittorio Astarita

    2017-01-01

    Full Text Available This paper presents a simple concept which has not been, up to now, thoroughly explored in scientific research: the use of information coming from the network of Internet connected mobile devices (on vehicles to regulate traffic light systems. Three large-scale changes are going to shape the future of transportation and could lead to the regulation of traffic signal system based on floating car data (FCD: (i the implementation of Internet connected cars with global navigation satellite (GNSS system receivers and the autonomous car revolution; (ii the spreading of mobile cooperative Web 2.0 and the extension to connected vehicles; (iii an increasing need for sustainability of transportation in terms of energy efficiency, traffic safety, and environmental issues. Up to now, the concept of floating car data (FCD has only been extensively used to obtain traffic information and estimate traffic parameters. Traffic lights regulation based on FCD technology has not been fully researched since the implementation requires new ideas and algorithms. This paper intends to provide a seminal insight into the important issue of adaptive traffic light based on FCD by presenting ideas that can be useful to researchers and engineers in the long-term task of developing new algorithms and systems that may revolutionize the way traffic lights are regulated.

  1. HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System

    Energy Technology Data Exchange (ETDEWEB)

    Chen, Yan [Northwesten University

    2013-12-05

    Identifying traffic anomalies and attacks rapidly and accurately is critical for large network operators. With the rapid growth of network bandwidth, such as the next generation DOE UltraScience Network, and fast emergence of new attacks/virus/worms, existing network intrusion detection systems (IDS) are insufficient because they: • Are mostly host-based and not scalable to high-performance networks; • Are mostly signature-based and unable to adaptively recognize flow-level unknown attacks; • Cannot differentiate malicious events from the unintentional anomalies. To address these challenges, we proposed and developed a new paradigm called high-performance network anomaly/intrustion detection and mitigation (HPNAIDM) system. The new paradigm is significantly different from existing IDSes with the following features (research thrusts). • Online traffic recording and analysis on high-speed networks; • Online adaptive flow-level anomaly/intrusion detection and mitigation; • Integrated approach for false positive reduction. Our research prototype and evaluation demonstrate that the HPNAIDM system is highly effective and economically feasible. Beyond satisfying the pre-set goals, we even exceed that significantly (see more details in the next section). Overall, our project harvested 23 publications (2 book chapters, 6 journal papers and 15 peer-reviewed conference/workshop papers). Besides, we built a website for technique dissemination, which hosts two system prototype release to the research community. We also filed a patent application and developed strong international and domestic collaborations which span both academia and industry.

  2. RESEARCH ON SECURITY PROTOCOL FOR COLLABORATING MOBILE AGENTS IN NETWORK INTRUSION DETECTION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Olumide Simeon Ogunnusi

    2013-01-01

    Full Text Available Despite the popularity of mobile agents in academic and commercial arena, the security issues associated with them have hindered their adoption on large scale distributed applications. However, researchers are making relentless effort to overcome the security impediments so that the interesting properties inherent in mobile agent application, especially in the field of intrusion detection, can be harnessed. Such properties include: adaptability, autonomous nature, low bandwidth utilization, latency eradication, mobility and intelligence. A number of protocols have been developed by researchers for different key distribution techniques to enhance their performance and to protect communicating entities against malicious attacks that can hinder their activities. However, they do not take into account the availability and fault tolerance of the protocols in case of any possible attack despite the authentication methods offered by encryption. This study therefore, proposes a fault-tolerant key distribution protocol for distributed mobile agents (communicating entities in network intrusion detection system to facilitate hitch-free collaboration geared towards intrusive packets detection in Wireless Local Area Network (WLAN.

  3. Cloud Computing for Network Security Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Jin Yang

    2013-01-01

    Full Text Available In recent years, as a new distributed computing model, cloud computing has developed rapidly and become the focus of academia and industry. But now the security issue of cloud computing is a main critical problem of most enterprise customers faced. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. This paper analyzes the characteristics of current cloud computing, and then proposes a comprehensive real-time network risk evaluation model for cloud computing based on the correspondence between the artificial immune system antibody and pathogen invasion intensity. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that this model improves the ability of intrusion detection and can support for the security of current cloud computing.

  4. A Scalable Intrusion Detection System for IPv6

    Institute of Scientific and Technical Information of China (English)

    LIU Bin; LI Zhitang; LI Zhanchun

    2006-01-01

    The next generation protocol IPv6 brings the new challenges to the information security. This paper presents the design and implementation of a network-based intrusion detection system that support both IPv6 protocol and IPv4 protocol. This system's architecture is focused on performance, simplicity, and scalability. There are four primary subsystems that make it up: the packet capture, the packet decoder, the detection engine, and the logging and alerting subsystem. This paper further describes a new approach to packet capture whose goal is to improve the performance of the capture process at high speeds. The evaluation shows that the system has a good performance to detect IPv6 attacks and IPv4 attacks, and achieves 61% correct detection rate with 20% false detection rate at the speed of 100 Mb·s-1.

  5. An Immune Inspired Network Intrusion Detection System Utilising Correlation Context

    CERN Document Server

    Tedesco, Gianni

    2009-01-01

    Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

  6. Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    A. Chaudhary

    2014-01-01

    Full Text Available Due to the advancement in wireless technologies, many of new paradigms have opened for communications. Among these technologies, mobile ad hoc networks play a prominent role for providing communication in many areas because of its independent nature of predefined infrastructure. But in terms of security, these networks are more vulnerable than the conventional networks because firewall and gateway based security mechanisms cannot be applied on it. That’s why intrusion detection systems are used as keystone in these networks. Many number of intrusion detection systems have been discovered to handle the uncertain activity in mobile ad hoc networks. This paper emphasized on proposed fuzzy based intrusion detection systems in mobile ad hoc networks and presented their effectiveness to identify the intrusions. This paper also examines the drawbacks of fuzzy based intrusion detection systems and discussed the future directions in the field of intrusion detection for mobile ad hoc networks.

  7. A Study of Various Intrusion Detection Model Based on Data Fusion, Neural Network and D-S Theory

    Directory of Open Access Journals (Sweden)

    Ramnaresh Sharma

    2012-06-01

    Full Text Available Network security and awareness of network attack are hot pots in current research area. Now in days various model and method are available for intrusion detection and awareness of cyber-attack. Such as Application of the integrated Network Security Situation Awareness system (Net-SSA shows that the proposed framework supports for the accurate modeling and effective generation of network security situation. In this paper we have discuss various approach for intrusion detection technique such as data fusion, neural network and D-S Theory and fuzzy logic.

  8. Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

    Science.gov (United States)

    Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

    2017-01-01

    The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

  9. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

    Directory of Open Access Journals (Sweden)

    Jayakumar Kaliappan

    2015-01-01

    Full Text Available An intrusion detection system (IDS helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU, there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

  10. A Survey of Artificial Immune System Based Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Hua Yang

    2014-01-01

    Full Text Available In the area of computer security, Intrusion Detection (ID is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS. The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs. This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

  11. Energy Efficient Cluster-Based Intrusion Detection System for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Manal Abdullah

    2014-09-01

    Full Text Available Wireless sensor networks (WSNs are network type where sensors are used to collect physical measurements. It has many application areas such as healthcare, weather monitoring and even military applications. Security in this kind of networks is a big concern especially in the applications that required confidentiality and privacy. Therefore, providing a WSN with an intrusion detection system is essential to protect its security from different types of intrusions, cyber-attacks and random faults. Clustering has proven its efficiency in prolong the node as well as the whole WSN lifetime. In this paper we have designed an Intrusion Detection (ID system based on Stable Election Protocol (SEP for clustered heterogeneous WSNs. The benefit of using SEP is that it is a heterogeneous-aware protocol to prolong the time interval before the death of the first node. KDD Cup’99 data set is used as the training data and test data. After normalizing our dataset, we trained the system to detect four types of attacks which are Probe, Dos, U2R and R2L, using 18 features out of the 42 features available in KDD Cup'99 dataset. The research used the K-nearest neighbour (KNN classifier for anomaly detection. The experiments determine K = 5 for best classification and this reveals recognition rate of attacks as 75%. Results are compared with KNN classifier for anomaly detection without using a clustering algorithm.

  12. HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENSOR NETWORK

    Directory of Open Access Journals (Sweden)

    Mohammad Saiful Islam Mamun

    2010-07-01

    Full Text Available In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs.However, security is one of the significant challenges for sensor network because of their deploymentin open and unprotected environment. As cryptographic mechanism is not enough to protect sensornetwork from external attacks, intrusion detection system needs to be introduced. Though intrusionprevention mechanism is one of the major and efficient methods against attacks, but there might besome attacks for which prevention method is not known. Besides preventing the system from someknown attacks, intrusion detection system gather necessary information related to attack technique andhelp in the development of intrusion prevention system. In addition to reviewing the present attacksavailable in wireless sensor network this paper examines the current efforts to intrusion detectionsystem against wireless sensor network. In this paper we propose a hierarchical architectural designbased intrusion detection system that fits the current demands and restrictions of wireless ad hocsensor network. In this proposed intrusion detection system architecture we followed clusteringmechanism to build a four level hierarchical network which enhances network scalability to largegeographical area and use both anomaly and misuse detection techniques for intrusion detection. Weintroduce policy based detection mechanism as well as intrusion response together with GSM cellconcept for intrusion detection architecture.

  13. Memory Efficient String Matching Algorithm for Network Intrusion Management System

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    As the core algorithm and the most time consuming part of almost every modern network intrusion management system (NIMS), string matching is essential for the inspection of network flows at the line speed. This paper presents a memory and time efficient string matching algorithm specifically designed for NIMS on commodity processors. Modifications of the Aho-Corasick (AC) algorithm based on the distribution characteristics of NIMS patterns drastically reduce the memory usage without sacrificing speed in software implementations. In tests on the Snort pattern set and traces that represent typical NIMS workloads, the Snort performance was enhanced 1.48%-20% compared to other well-known alternatives with an automaton size reduction of 4.86-6.11 compared to the standard AC implementation. The results show that special characteristics of the NIMS can be used into a very effective method to optimize the algorithm design.

  14. A Frequency-Based Approach to Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Mian Zhou

    2004-06-01

    Full Text Available Research on network security and intrusion detection strategies presents many challenging issues to both theoreticians and practitioners. Hackers apply an array of intrusion and exploit techniques to cause disruption of normal system operations, but on the defense, firewalls and intrusion detection systems (IDS are typically only effective in defending known intrusion types using their signatures, and are far less than mature when faced with novel attacks. In this paper, we adapt the frequency analysis techniques such as the Discrete Fourier Transform (DFT used in signal processing to the design of intrusion detection algorithms. We demonstrate the effectiveness of the frequency-based detection strategy by running synthetic network intrusion data in simulated networks using the OPNET software. The simulation results indicate that the proposed intrusion detection strategy is effective in detecting anomalous traffic data that exhibit patterns over time, which include several types of DOS and probe attacks. The significance of this new strategy is that it does not depend on the prior knowledge of attack signatures, thus it has the potential to be a useful supplement to existing signature-based IDS and firewalls.

  15. Design And Efficient Deployment Of Honeypot And Dynamic Rule Based Live Network Intrusion Collaborative System

    Directory of Open Access Journals (Sweden)

    Renuka Prasad.B

    2011-03-01

    Full Text Available The continuously emerging, operationally and managerially independent, geographically distributedcomputer networks deployable in an evolutionarily manner have created greater challenges in securingthem. Several research works and experiments have convinced the security expert that Network IntrusionDetection Systems (NIDS or Network Intrusion Prevention Systems (NIPS alone are not capable ofsecuring the Computer Networks from internal and external threats completely. In this paper we presentthe design of Intrusion Collaborative System which is a combination of NIDS,NIPS, Honeypots, softwaretools like nmap, iptables etc. Our Design is tested against existing attacks based on Snort Rules andseveral customized DDOS , remote and guest attacks. Dynamic rules are generated during every unusualbehavior that helps Intrusion Collaborative System to continuously learn about new attacks. Also aformal approach to deploy Live Intrusion Collaboration Systems based on System of Systems Concept isProposed.

  16. A Neuro-genetic Based Short-term Forecasting Framework for Network Intrusion Prediction System

    Institute of Scientific and Technical Information of China (English)

    Siva S. Sivatha Sindhu; S. Geetha; M. Marikannan; A. Kannan

    2009-01-01

    Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system (IDS) is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference (KDD 2009) intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS (NGIDS) involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this

  17. An Agent-Based Intrusion Detection System for Local Area Networks

    CERN Document Server

    Sen, Jaydip

    2010-01-01

    Since it is impossible to predict and identify all the vulnerabilities of a network beforehand, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities to ensure the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days’ networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network the...

  18. Novel Model for Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    Li Jia-chun; Li Zhi-tang

    2003-01-01

    It's very difficult that the traditional intrusion detection methods based on accurate match adapt to the blur and uncertainty of user information and expert knowledge, it results in failing to report the variations of attack signature. In addition security itself includes fuzziness, the judgment standard of confidentiality, integrity and availability of system resource is uncertain. In this paper fuzzy intrusion detection based on partial match is presented to detect some types of attacks availably and alleviate some of the difficulties of above approaches, the architecture of fuzzy intrusion detection system(FIDS) is introduced and its performance is analyzed.

  19. Novel Model for Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    Li; Jia-chun; Li; Zhi-tang

    2003-01-01

    It's very difficult that the traditional intrusion detection methods based on accurate match adapt to the blur and uncertainty of user information and expert knowledge, it results in failing to report the variation of attack signature.In addition security itself includes fuzziness, the judgment standard of confidentiality, integrity and availability of system resource is uncertain. In this paper fuzzy intrusion detection based on partial match is presented to detect some types of attacks availably and alleviate some of the difficulties of above approaches, the architecture of fuzzy intrusion detection system(FIDS) is introduced and its performance is analyzed.

  20. The 2001 Mt. Etna eruption: new constraints on the intrusive mechanism from ground deformation data

    Science.gov (United States)

    Palano, Mimmo; González, Pablo J.

    2013-04-01

    The occurrence of seismic swarms beneath the SW flank of Mt. Etna, often observed just a few months before an eruption, has been considered as the fragile response to a magma intrusion (Bonanno et al., 2011 and reference therein). These intrusions and/or pressurization of deep magmatic bodies, have been able to significantly affect the seismic pattern within the volcano edifice, leading to a changes in the local stress field. For example, during the months preceding the 1991-1993 Mt. Etna eruption, shallow intense seismic swarms (4-6 km deep) occurring in the SW flank (e.g. Cocina et al., 1998), related to the magma intrusion before the eruption onset, were observed contemporaneously with a rotation of stress field of about 90°. A similar scenario was observed during January 1998, when a magma recharging phases induced a local rotation of stress tensor, forcing a buried fault zone located beneath the SW flank of Mt. Etna to slip as a right-lateral strike-slip fault (Bonanno et al., 2011). This fault system was forced to slip again, during late April 2001 (more than 200 events in less than 5 days; maximum Magnitude = 3.6) by the pressurization of the magmatic bodies feeding the July-August 2001 Mt. Etna eruption. Here we analyzed in detail the July-August 2001 Mt. Etna eruption as well as the dynamics preceding this event, by using a large dataset of geodetic data (GPS and synthetic aperture radar interferometry) collected between July 2000 and August 2001. References Cocina, O., Neri, G., Privitera, E. and Spampinato S., 1998. Seismogenic stress field beneath Mt. Etna South Italy and possible relationships with volcano-tectonic features. J. Volcanol. Geotherm. Res., 83, 335-348. Bonanno A., Palano M., Privitera E., Gresta S., Puglisi G., 2011. Magma intrusion mechanisms and redistribution of seismogenic stress at Mt. Etna volcano (1997-1998). Terra Nova, 23, 339-348, doi: 10.1111/j.1365-3121.2011.01019.x, 2011.

  1. Intrusion Detection System using Self Organizing Map: A Survey

    Directory of Open Access Journals (Sweden)

    Kruti Choksi

    2014-12-01

    Full Text Available Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate.

  2. System using data compression and hashing adapted for use for multimedia encryption

    Science.gov (United States)

    Coffland, Douglas R.

    2011-07-12

    A system and method is disclosed for multimedia encryption. Within the system of the present invention, a data compression module receives and compresses a media signal into a compressed data stream. A data acquisition module receives and selects a set of data from the compressed data stream. And, a hashing module receives and hashes the set of data into a keyword. The method of the present invention includes the steps of compressing a media signal into a compressed data stream; selecting a set of data from the compressed data stream; and hashing the set of data into a keyword.

  3. A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network

    Directory of Open Access Journals (Sweden)

    Wenchao Li

    2014-01-01

    abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV. Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.

  4. A self-sensing magnetorheological elastomer-based adaptive bridge bearing with a wireless data monitoring system

    Science.gov (United States)

    Behrooz, Majid; Yarra, Siddaiah; Mar, David; Pinuelas, Nathan; Muzinich, Blake; Publicover, Nelson G.; Pekcan, Gokhan; Itani, Ahmad; Gordaninejad, Faramarz

    2016-04-01

    This study presents an adaptive bridge bearing that can sense structural loads and tune its properties to mitigate structural vibrations. The bearing utilizes magnetorheological elastomer (MRE) layers which allow for an increased stiffness induced with a magnetic field. The system also features a MRE-based sensing system for sensing the structural wind and traffic load. The sensing system is capable of transmitting data wirelessly to a central logging computer for monitoring bridge performance and sending alerts in the case of a major event. The capability of the MRE-based sensing system for sensing structural loads and wireless transmission of data were investigated. The adaptive bridge bearing incorporates a closed-loop magnetic circuit that results in an enhanced magnetic field in the MRE layers. Results show the sensitivity of the MRE-based sensors and the performance of the wireless system, as well as the design and analysis of the tunable bridge bearing.

  5. INTRUSION DETECTION SYSTEM IN SECURE SHELL TRAFFIC IN CLOUD ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    Mehdi Barati

    2014-01-01

    Full Text Available Due to growth of Cloud computing usage, the need to apply encrypted protocols to provide confidentiality and integrity of data increases dramatically. Attacker can take advantage of these protocols to hide the intrusion and evade detection. Many traditional attack detection techniques have been proposed to provide security in the networks but none of them can be implemented properly in encrypted networks. This study investigates a popular attack in Secure Shell (SSH, known as brute force attack and provides an efficient method to detect this attack. Brute force attack is launched by implementing a client-server SSH model in a private Cloud environment and the traffics regarding attack and normal are captured on the server. Then, representative features of traffic are extracted and used by the Multi-Layer Perceptron model of Artificial Neural Network to classify the attack and normal traffic. Results gained by this method show that the proposed model is successfully capable to detect this attack with high accuracy and low false alarm.

  6. Design and implementation of self-protection agent for network-based intrusion detection system

    Institute of Scientific and Technical Information of China (English)

    朱树人; 李伟琴

    2003-01-01

    Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection agents were designed, which have the distributed architecture,cooperate with the agents in intrusion detection in a loose-coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self-protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network-based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network-based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks exist ing in some system service process and back-door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.

  7. 基于数字属性和符号属性混合数据的网络异常入侵检测方法%Network-based anomaly intrusion detection with numeric-and-nominal mixed data

    Institute of Scientific and Technical Information of China (English)

    蔡龙征; 余胜生; 王晓峰; 周敬利

    2006-01-01

    Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or connections, often contain both numeric and nominal features. Both of these features contain important information for intrusion detection. These two features, on the other hand, have different characteristics. This paper presents a new network based anomaly intrusion detection approach that works well by building profiles for numeric and nominal features in different ways. During training, for each numeric feature, a normal profile is build through statistical distribution inference and parameter estimation, while for each nominal feature, a normal profile is setup through statistical method. These profiles are used as detection models during testing to judge whether a data being tested is benign or malicious. Experiments with the data set of 1999 DARPA (defense advanced research project agency) intrusion detection evaluation show that this approach can detect attacks effectively.

  8. Developing a Cooperative Intrusion Detection System for Wireless Sensor Networks

    Science.gov (United States)

    2010-11-01

    needs for WSNs and can be integrated into sensor network applications. The protocols must be adapted to use these frameworks. TinySec [11], ZigBee [12...conference on Embedded Networked Sensor Systems, November 2004. [12] ZigBee Alliance: ZigBee Specification. Technical Report Document 053474r06, June 2005

  9. HYBRID OF FUZZY CLUSTERING NEURAL NETWORK OVER NSL DATASET FOR INTRUSION DETECTION SYSTEM

    OpenAIRE

    2013-01-01

    Intrusion Detection System (IDS) is one of the component that take part in the system defence, to identify abnormal activities happening in the computer system. Nowadays, IDS facing composite demands to defeat modern attack activities from damaging the computer systems. Anomaly-Based IDS examines ongoing traffic, activity, transactions and behavior in order to identify intrusions by detecting anomalies. These technique identifies activities which degenerates from the normal behaviours. In rec...

  10. Analysis of Host-Based and Network-Based Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Amrit Pal Singh

    2014-07-01

    Full Text Available Intrusion-detection systems (IDS aim at de-tecting attacks against computer systems and networks or, in general, against information systems. Its basic aim is to protect the system against malwares and unauthorized access of a network or a system. Intrusion Detection is of two types Network-IDS and Host Based- IDS. This paper covers the scope of both the types and their result analysis along with their comparison as stated. OSSEC (HIDS is a free, open source host-base intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. While Snort (NIDS is a lightweight intrusion detection system that can log packets coming across your network and can alert the user regarding any attack. Both are efficient in their own distinct fields.

  11. A Hybrid Data Mining Approach for Intrusion Detection on Imbalanced NSL-KDD Dataset

    Directory of Open Access Journals (Sweden)

    Mohammad Reza Parsaei

    2016-06-01

    Full Text Available Intrusion detection systems aim to detect malicious viruses from computer and network traffic, which is not possible using common firewall. Most intrusion detection systems are developed based on machine learning techniques. Since datasets which used in intrusion detection are imbalanced, in the previous methods, the accuracy of detecting two attack classes, R2L and U2R, is lower than that of the normal and other attack classes. In order to overcome this issue, this study employs a hybrid approach. This hybrid approach is a combination of synthetic minority oversampling technique (SMOTE and cluster center and nearest neighbor (CANN. Important features are selected using leave one out method (LOO. Moreover, this study employs NSL KDD dataset. Results indicate that the proposed method improves the accuracy of detecting U2R and R2L attacks in comparison to the baseline paper by 94% and 50%, respectively.

  12. Improving Bee Algorithm Based Feature Selection in Intrusion Detection System Using Membrane Computing

    Directory of Open Access Journals (Sweden)

    Kazeem I. Rufai

    2014-03-01

    Full Text Available Despite the great benefits accruable from the debut of computer and the internet, efforts are constantly being put up by fraudulent and mischievous individuals to compromise the integrity, confidentiality or availability of electronic information systems. In Cyber-security parlance, this is termed ‘intrusion’. Hence, this has necessitated the introduction of Intrusion Detection Systems (IDS to help detect and curb different types of attack. However, based on the high volume of data traffic involved in a network system, effects of redundant and irrelevant data should be minimized if a qualitative intrusion detection mechanism is genuinely desirous. Several attempts, especially feature subset selection approach using Bee Algorithm (BA, Linear Genetic Programming (LGP, Support Vector Decision Function Ranking (SVDF, Rough, Rough-DPSO, and Mutivariate Regression Splines (MARS have been advanced in the past to measure the dependability and quality of a typical IDS. The observed problem among these approaches has to do with their general performance. This has therefore motivated this research work. We hereby propose a new but robust algorithm called membrane algorithm to improve the Bee Algorithm based feature subset selection technique. This Membrane computing paradigm is a class of parallel computing devices. Data used were taken from KDD-Cup 99 Dataset which is the acceptable standard benchmark for intrusion detection. When the final results were compared to those of the existing approaches, using the three standard IDS measurements-Attack Detection, False Alarm and Classification Accuracy Rates, it was discovered that Bee Algorithm-Membrane Computing (BA-MC approach is a better technique. This is because our approach produced very high attack detection rate of 89.11%, classification accuracy of 95.60% and also generated a reasonable decrease in false alarm rate of 0.004. Receiver Operating Characteristic (ROC curve was used for results

  13. HYBRID OF FUZZY CLUSTERING NEURAL NETWORK OVER NSL DATASET FOR INTRUSION DETECTION SYSTEM

    Directory of Open Access Journals (Sweden)

    Dahlia Asyiqin Ahmad Zainaddin

    2013-01-01

    Full Text Available Intrusion Detection System (IDS is one of the component that take part in the system defence, to identify abnormal activities happening in the computer system. Nowadays, IDS facing composite demands to defeat modern attack activities from damaging the computer systems. Anomaly-Based IDS examines ongoing traffic, activity, transactions and behavior in order to identify intrusions by detecting anomalies. These technique identifies activities which degenerates from the normal behaviours. In recent years, data mining approach for intrusion detection have been advised and used. The approach such as Genetic Algorithms , Support Vector Machines, Neural Networks as well as clustering has resulted in high accuracy and good detection rates but with moderate false alarm on novel attacks. Many researchers also have proposed hybrid data mining techniques. The previous resechers has intoduced the combination of Fuzzy Clustering and Artificial Neural Network. However, it was tested only on randomn selection of KDDCup 1999 dataset. In this study the framework experiment introduced, has been used over the NSL dataset to test the stability and reliability of the technique. The result of precision, recall and f-value rate is compared with previous experiment. Both dataset covers four types of main attacks, which are Derial of Services (DoS, User to Root (U2R, Remote to Local (R2L and Probe. Results had guarenteed that the hybrid approach performed better detection especially for low frequent over NSL datataset compared to original KDD dataset, due to the removal of redundancy and uncomplete elements in the original dataset. This electronic document is a “live” template. The various components of your paper [title, text, tables, figures and references] are already defined on the style sheet, as illustrated by the portions given in this document.

  14. Mapping faults and intrusions onshore Disko Island by use of Vibroseismic data, shallow marine seismic data and electromagnetic observations

    Science.gov (United States)

    Clausen, Ole R.; Nørmark, Egon; Gulbrandsen, Pelle; Sabra, Henrik

    2014-05-01

    The west Greenland margin is characterized by sedimentary basins containing high density of intrusions (dikes and sills) originating from the Cenozoic breakup and separation of Greenland and North American. The magmatic rocks have lately attracted interest due to observations of hydrocarbons associated to the intrusions but here due to the ore potential associated to the same intrusions. In 2000 a marine seismic campaign by GEUS in the coastal areas of West Greenland showed that it is possible to identify magmatic intrusions in the sedimentary succession as well as map normal faults, and that the intrusions are heterogeneous distributed and probably related to the normal faults. The presence of normal faults is known from the regional onshore geological mapping campaigns performed by GEUS. However, the marine seismic data indicate a much more complicated structural pattern than presented in the onshore maps, which is a well-known phenomenon (Marcussen et al., 2002). In 2012 and 2013 seismic data were acquired onshore on the northern coast of Disko as part of a research project funded by Avannaa Resources . The objective was initially to test whether it is possible to acquire data of a quality enabling the observation and mapping of intrusions in the subsurface. Later it was followed by a more extensive survey where it was attempted to map the depth to and geometry of the intrusions. The relatively dense seismic grid onshore -compared to the marine seismic data offshore west Greenland- enable the identification and more important the mapping of several intrusions. They show some of the same characteristics as intrusions observed at e.q. the Norwegian margin of the North Atlantic (Hansen et al., 2004). The preliminary results which integrate both marine and onshore seismic data revise the structural understanding of the area and indicate a close relation between the intrusions and the rift related normal faults. The results are consistent with remote sensing methods

  15. Intrusion detection: a novel approach that combines boosting genetic fuzzy classifier and data mining techniques

    Science.gov (United States)

    Ozyer, Tansel; Alhajj, Reda; Barker, Ken

    2005-03-01

    This paper proposes an intelligent intrusion detection system (IDS) which is an integrated approach that employs fuzziness and two of the well-known data mining techniques: namely classification and association rule mining. By using these two techniques, we adopted the idea of using an iterative rule learning that extracts out rules from the data set. Our final intention is to predict different behaviors in networked computers. To achieve this, we propose to use a fuzzy rule based genetic classifier. Our approach has two main stages. First, fuzzy association rule mining is applied and a large number of candidate rules are generated for each class. Then the rules pass through pre-screening mechanism in order to reduce the fuzzy rule search space. Candidate rules obtained after pre-screening are used in genetic fuzzy classifier to generate rules for the specified classes. Classes are defined as Normal, PRB-probe, DOS-denial of service, U2R-user to root and R2L- remote to local. Second, an iterative rule learning mechanism is employed for each class to find its fuzzy rules required to classify data each time a fuzzy rule is extracted and included in the system. A Boosting mechanism evaluates the weight of each data item in order to help the rule extraction mechanism focus more on data having relatively higher weight. Finally, extracted fuzzy rules having the corresponding weight values are aggregated on class basis to find the vote of each class label for each data item.

  16. Architecture for Intrusion Detection System with Fault Tolerance Using Mobile Agent

    Directory of Open Access Journals (Sweden)

    Chintan Bhatt

    2011-10-01

    Full Text Available This paper is a survey of the work, done for making an IDS fault tolerant.Architecture of IDS that usesmobile Agent provides higher scalability. Mobile Agent uses Platform for detecting Intrusions using filterAgent, co-relater agent, Interpreter agent and rule database. When server (IDS Monitor goes down,other hosts based on priority takes Ownership. This architecture uses decentralized collection andanalysis for identifying Intrusion. Rule sets are fed based on user-behaviour or applicationbehaviour.This paper suggests that intrusion detection system (IDS must be fault tolerant; otherwise, theintruder may first subvert the IDS then attack the target system at will.

  17. Algorithm of Intrusion Detection Based on Data Mining and Its Implementation

    Institute of Scientific and Technical Information of China (English)

    SUN Hai-bin; XU Liang-xian; CHEN Yan-hua

    2004-01-01

    Intrusion detection is regarded as classification in data mining field. However instead of directly mining the classification rules, class association rules, which are then used to construct a classifier, are mined from audit logs. Some attributes in audit logs are important for detecting intrusion but their values are distributed skewedly. A relative support concept is proposed to deal with such situation. To mine class association rules effectively, an algorithms based on FP-tree is exploited. Experiment result proves that this method has better performance.

  18. Fast and Adaptive Lossless On-Board Hyperspectral Data Compression System for Space Applications

    Science.gov (United States)

    Aranki, Nazeeh; Bakhshi, Alireza; Keymeulen, Didier; Klimesh, Matthew

    2009-01-01

    Efficient on-board lossless hyperspectral data compression reduces the data volume necessary to meet NASA and DoD limited downlink capabilities. The techniques also improves signature extraction, object recognition and feature classification capabilities by providing exact reconstructed data on constrained downlink resources. At JPL a novel, adaptive and predictive technique for lossless compression of hyperspectral data was recently developed. This technique uses an adaptive filtering method and achieves a combination of low complexity and compression effectiveness that far exceeds state-of-the-art techniques currently in use. The JPL-developed 'Fast Lossless' algorithm requires no training data or other specific information about the nature of the spectral bands for a fixed instrument dynamic range. It is of low computational complexity and thus well-suited for implementation in hardware, which makes it practical for flight implementations of pushbroom instruments. A prototype of the compressor (and decompressor) of the algorithm is available in software, but this implementation may not meet speed and real-time requirements of some space applications. Hardware acceleration provides performance improvements of 10x-100x vs. the software implementation (about 1M samples/sec on a Pentium IV machine). This paper describes a hardware implementation of the JPL-developed 'Fast Lossless' compression algorithm on a Field Programmable Gate Array (FPGA). The FPGA implementation targets the current state of the art FPGAs (Xilinx Virtex IV and V families) and compresses one sample every clock cycle to provide a fast and practical real-time solution for Space applications.

  19. Volcano monitoring using GPS: Developing data analysis strategies based on the June 2007 Kīlauea Volcano intrusion and eruption

    Science.gov (United States)

    Larson, Kristine M.; Poland, Michael; Miklius, Asta

    2010-01-01

    The global positioning system (GPS) is one of the most common techniques, and the current state of the art, used to monitor volcano deformation. In addition to slow (several centimeters per year) displacement rates, GPS can be used to study eruptions and intrusions that result in much larger (tens of centimeters over hours-days) displacements. It is challenging to resolve precise positions using GPS at subdaily time intervals because of error sources such as multipath and atmospheric refraction. In this paper, the impact of errors due to multipath and atmospheric refraction at subdaily periods is examined using data from the GPS network on Kīlauea Volcano, Hawai'i. Methods for filtering position estimates to enhance precision are both simulated and tested on data collected during the June 2007 intrusion and eruption. Comparisons with tiltmeter records show that GPS instruments can precisely recover the timing of the activity.

  20. Multi-Use Non-Intrusive Flow Characterization System (FCS) Project

    Data.gov (United States)

    National Aeronautics and Space Administration — The product of the Phase II effort will be a Multi-Use Non-Intrusive Flow Characterization System (FCS) for densified, normal boiling point, and two-phase cryogenic...

  1. Multi-Use Non-Intrusive Flow Characterization System (FCS) Project

    Data.gov (United States)

    National Aeronautics and Space Administration — The innovation is a Multi-Use Non-Intrusive Flow Characterization System (FCS) for densified, normal boiling point, and two-phase cryogenic flows, capable of...

  2. Tracking salinity intrusions in a coastal forested freshwater wetland system

    Science.gov (United States)

    Anand D. Jayakaran; Thomas M. Williams; William H. Conner

    2016-01-01

    Coastal forested freshwater wetlands are sentinel sites for salinity intrusions associated with large, tidally influenced, storm-driven or drought-induced incursions of estuarine waters into freshwater ecosystems. These incursions may also be exacerbated by rising sea levels associated with climate change.

  3. Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, Sandro

    2008-01-01

    We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the

  4. Scalable High-Performance Parallel Design for Network Intrusion Detection Systems on Many-Core Processors

    OpenAIRE

    Jiang, Hayang; Xie, Gaogang; Salamatian, Kavé; Mathy, Laurent

    2013-01-01

    Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. ...

  5. Three-dimensional hydrostratigraphical modelling to support evaluation of recharge and saltwater intrusion in a coastal groundwater system in Vietnam

    OpenAIRE

    2014-01-01

    Saltwater intrusion is generally related to seawater-level rise or induced intrusion due to excessive groundwater extraction in coastal aquifers. However, the hydrogeological heterogeneity of the subsurface plays an important role in (non-)intrusion as well. Local hydrogeological conditions for recharge and saltwater intrusion are studied in a coastal groundwater system in Vietnam where geological formations exhibit highly heterogeneous lithologies. A three-dimensional (3D) hydrostratigraphic...

  6. A Recent Survey on Bloom Filters in Network Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    K.Saravanan,

    2011-03-01

    Full Text Available Computer networks are prone to hacking, viruses and other malware; a Network Intrusion Detection System (NIDS is needed to protect the end-user machines from threats. An effective NIDS is therefore anetwork security system capable of protecting the end user machines well before a threat or intruder affects. NIDS requires a space efficient data base for detection of threats in high speed conditions. A bloom filter is a space efficient randomized data structure for representing a set in order to support membership queries. These Bloom filters allow false positive results (FPR but the space saving capability often outweigh this drawback provided the probability of FPR is controlled. Research is being done to reduce FPR by modifying the structure of bloom filters and enabling it to operate in the increasing network speeds, thus variant bloom filters are being introduced. The aim of this paper is to survey the ways in which Bloom filters have been used and modified to be used in high speed Network Intrusion Detection Systems with their merits and demerits.

  7. Adapted Framework for Data Mining Technique to Improve Decision Support System in an Uncertain Situation

    Directory of Open Access Journals (Sweden)

    Ahmed Bahgat El Seddawy

    2012-05-01

    Full Text Available Decision Support System (DSS is equivalent synonym as management information systems (MIS. Most of imported data are being used in solutions like data mining (DM. Decision supporting systems include also decisions made upon individual data from external sources, management feeling, and various other data sources not included in business intelligence. Successfully supporting managerial decision-making is critically dependent upon the availability of integrated, high quality information organized and presented in a timely and easily understood manner. Data mining have emerged to meet this need. They serve as anintegrated repository for internal and external data-intelligence critical to understanding and evaluating the business within its environmental context. With the addition of models, analytic tools, and user interfaces, they have the potential to provide actionable information that supports effective problem and opportunity identification, critical decision-making, and strategy formulation, implementation, and evaluation. The proposed system will support top level management to make a good decision in any time under any uncertain environment.

  8. Adapted Framework for Data Mining Technique to Improve Decision Support System in an Uncertain Situation

    Directory of Open Access Journals (Sweden)

    hmed Bahgat El Seddawy

    2012-09-01

    Full Text Available Decision Support System (DSS is equivalent synonym as management information systems (MIS. Most of imported data are being used in solutions like data mining (DM. Decision supporting systems include also decisions made upon individual data from external sources, management feeling, and various other data sources not included in business intelligence. Successfully supporting managerial decision-making is critically dependent upon the availability of integrated, high quality information organized and presented in a timely and easily understood manner. Data mining have emerged to meet this need. They serve as anintegrated repository for internal and external data-intelligence critical to understanding and evaluating the business within its environmental context. With the addition of models, analytic tools, and user interfaces, they have the potential to provide actionable information that supports effective problem and opportunity identification, critical decision-making, and strategy formulation, implementation, and evaluation. The proposed system will support top level management to make a good decision in any time under any uncertain environment.

  9. Energy Efficient Cluster-Based Intrusion Detection System for Wireless Sensor Networks

    OpenAIRE

    Manal Abdullah; Ebtesam Alsanee; Nada Alseheymi

    2014-01-01

    Wireless sensor networks (WSNs) are network type where sensors are used to collect physical measurements. It has many application areas such as healthcare, weather monitoring and even military applications. Security in this kind of networks is a big concern especially in the applications that required confidentiality and privacy. Therefore, providing a WSN with an intrusion detection system is essential to protect its security from different types of intrusions, cyber-attacks and random fault...

  10. 澳大利亚造山型金矿和侵入岩有关金矿系统流体包裹体资料和矿化过程的比较%Comparison of fluid inclusion data and mineralization processes for Australian orogenic gold and intrusion-related gold systems

    Institute of Scientific and Technical Information of China (English)

    T.P.Memagh; E.N.Bastrakov; Khin Zaw; A.S.Wygralak; L.A.I.Wybom

    2007-01-01

    We have examined the fluid inclusion data and fluid chemistry of Australian orogenic and intrusion-related gold deposits to determine if similar mineralization processes apply to both styles of deposits. The fluid inclusion data from the Yilgarn craton, the western subprovince of the Lachlan orogen, the Tanami, Tennant Creek and Pine Creek regions, and the Telfer gold mine show that mineralization involved fluids with broadly similar major chemical components ( i. e. H2O + NsCl + CO2 ± CH4 ± N2 ). These deposits formed over a wide range of temperature-pressure conditions ( < 200 to > 500℃, < 100 ~ 400MPa ). Low salinity, CO2-bearing inclusions and low salinity aqueous inclusions occur in both systems but the main difference between these two types of deposits is that most intrusion-related gold deposits also contain at least one population of high-salinity aqueous brine. Oxygen and hydrogen isotope data for both styles of deposit usually cannot distinguish between a magmatic or metamorphic source for the ore-bearing fluids. However, sulfur and lead isotope data for the intrusion-related gold deposits generally indicate either a magmatic source or mixing between magmatic and sedimentary sources of fluid. The metamorphic geothermal gradients associated with intrusion-related gold deposits are characterized by low pressure, high temperature metamorphism and high crustal geothermal gradients of > 30/km. Where amphibole breakdown occurs in a granite source region, the spatially related deposits are more commonly associated with Cu-Au deposits rather than Au-only deposits that are associated with lower temperature granites. The dominant processes thought to cause gold precipitation in both types of deposits are fluid-rock interaction ( e. g. desulfidation) or phase separation. Consideration of the physical and chemical properties of the H2O-NaCl-CO2 system on the nature of gold precipitation mechanisms at different crustal levels infers different roles of

  11. Evaluation of Empirical Data and Modeling Studies to Support Soil Vapor Intrusion Screening Criteria for Petroleum Hydrocarbon Compounds

    Science.gov (United States)

    This study is an evaluation of empirical data and select modeling studies of the behavior of petroleum hydrocarbon (PHC) vapors in subsurface soils and how they can affect subsurface-to-indoor air vapor intrusion (VI), henceforth referred to as petroleum vapor intrusion or “PVI” ...

  12. Composite synvolcanic intrusions associated with Precambrian VMS-related hydrothermal systems

    Science.gov (United States)

    Galley, Alan G.

    2003-06-01

    trondhjemite phases. The trondhjemite phases contain numerous internal contacts indicating emplacement as composite sills. Common structural features of the composite intrusions include early xenolith phases, abundant small comagmatic dikes, fractures and veins and, in places, columnar jointing. Internal phases may differ greatly in texture from fine- to coarse-grained, aphyric and granophyric through seriate to porphyritic. Mineralogical and isotopic evidence indicates that early phases of each composite intrusion are affected by pervasive to fracture-controlled high-temperature (350-450 °C) alteration reflecting seawater-rock interaction. Trondhjemite phases contain hydrothermal-magmatic alteration assemblages within miarolitic cavities, hydrothermal breccias and veins. This hydrothermal-magmatic alteration may, in part, be inherited from previously altered wall rocks. Two of the four intrusions are host to Cu-Mo-rich intrusive breccias and porphyry-type mineralization which formed as much as 14 Ma after the main subvolcanic magmatic activity. The recognition of these Precambrian, subvolcanic composite intrusions is important for greenfields VMS exploration, as they define the location of thermal corridors within extensional oceanic-arc regimes which have the greatest potential for significant VMS mineralization. The VMS mineralization may occur for 2,000 m above the intrusions. In some cases, VMS mineralization has been truncated or enveloped by late trondhjemite phases of the composite intrusions. Evidence that much of the trondhjemitic magmatism postdates the principal VMS activity is a critical factor when developing heat and fluid flow models for these subseafloor magmatic-hydrothermal systems.

  13. Secured UAV based on multi-agent systems and embedded Intrusion Detection and Prevention Systems

    Directory of Open Access Journals (Sweden)

    K.Boukhdir

    2015-08-01

    Full Text Available Unmanned aerial vehicles, or drones, are a relatively recent area of research and in full effervescence with more and more amateur and academic projects. Initially associated to the military, these vehicles are way to be used in many other areas. In effect, demand is growing for various applications within of this type of technology. Inspection of buildings, search and rescue of missing or in distress people are some examples. This research paper highlights a lightweight intrusion detection system with the objective to secure UAVs. Our IDP(Intrusion and Prevention System uses real-time architecture, based on the multi-agent systems so it can be autonomous and distributed between the ground control station(GCS and the UAV is more suited to be embedded in low computation resources devices in general and especially UAVs

  14. Alerts Analysis and Visualization in Network-based Intrusion Detection Systems

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Dr. Li [University of Tennessee

    2010-08-01

    The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. The second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker s behaviors.

  15. Adaptable Embedded Systems

    CERN Document Server

    Lisbôa, Carlos; Carro, Luigi

    2013-01-01

    As embedded systems become more complex, designers face a number of challenges at different levels: they need to boost performance, while keeping energy consumption as low as possible, they need to reuse existent software code, and at the same time they need to take advantage of the extra logic available in the chip, represented by multiple processors working together.  This book describes several strategies to achieve such different and interrelated goals, by the use of adaptability. Coverage includes reconfigurable systems, dynamic optimization techniques such as binary translation and trace reuse, new memory architectures including homogeneous and heterogeneous multiprocessor systems, communication issues and NOCs, fault tolerance against fabrication defects and soft errors, and finally, how one can combine several of these techniques together to achieve higher levels of performance and adaptability.  The discussion also includes how to employ specialized software to improve this new adaptive system, and...

  16. The adaptive approach for storage assignment by mining data of warehouse management system for distribution centres

    Science.gov (United States)

    Ming-Huang Chiang, David; Lin, Chia-Ping; Chen, Mu-Chen

    2011-05-01

    Among distribution centre operations, order picking has been reported to be the most labour-intensive activity. Sophisticated storage assignment policies adopted to reduce the travel distance of order picking have been explored in the literature. Unfortunately, previous research has been devoted to locating entire products from scratch. Instead, this study intends to propose an adaptive approach, a Data Mining-based Storage Assignment approach (DMSA), to find the optimal storage assignment for newly delivered products that need to be put away when there is vacant shelf space in a distribution centre. In the DMSA, a new association index (AIX) is developed to evaluate the fitness between the put away products and the unassigned storage locations by applying association rule mining. With AIX, the storage location assignment problem (SLAP) can be formulated and solved as a binary integer programming. To evaluate the performance of DMSA, a real-world order database of a distribution centre is obtained and used to compare the results from DMSA with a random assignment approach. It turns out that DMSA outperforms random assignment as the number of put away products and the proportion of put away products with high turnover rates increase.

  17. Adaptive security systems -- Combining expert systems with adaptive technologies

    Energy Technology Data Exchange (ETDEWEB)

    Argo, P.; Loveland, R.; Anderson, K. [and others

    1997-09-01

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting.

  18. A modeling study of saltwater intrusion in the Andarax delta area using multiple data sources

    DEFF Research Database (Denmark)

    Antonsson, Arni Valur; Engesgaard, Peter Knudegaard; Jorreto, Sara;

    In groundwater model development, construction of the conceptual model is one of the (initial and) critical aspects that determines the model reliability and applicability in terms of e.g. system (hydrogeological) understanding, groundwater quality predictions, and general use in water resources...... the understanding of the investigated system. A density dependent saltwater intrusion model has been established for the coastal zone of the Andarax aquifer, SE Spain, with the aim of obtaining a coherent (conceptual) understanding of the area. Recently drilled deep boreholes in  the Andarax delta revealed a far...... reaching saltwater intrusion in the area. Furthermore, the geological information obtained from these boreholes laid a foundation for a new hydrogeological conceptual model of the area, which we aim to assess in this simulation study.Appraisal of the conceptual model of the Andarax delta area is conducted...

  19. STUDYING COMPLEX ADAPTIVE SYSTEMS

    Institute of Scientific and Technical Information of China (English)

    John H. Holland

    2006-01-01

    Complex adaptive systems (cas) - systems that involve many components that adapt or learn as they interact - are at the heart of important contemporary problems. The study of cas poses unique challenges: Some of our most powerful mathematical tools, particularly methods involving fixed points, attractors, and the like, are of limited help in understanding the development of cas. This paper suggests ways to modify research methods and tools, with an emphasis on the role of computer-based models, to increase our understanding of cas.

  20. Smart container UWB sensor system for situational awareness of intrusion alarms

    Science.gov (United States)

    Romero, Carlos E.; Haugen, Peter C.; Zumstein, James M.; Leach, Jr., Richard R.; Vigars, Mark L.

    2013-06-11

    An in-container monitoring sensor system is based on an UWB radar intrusion detector positioned in a container and having a range gate set to the farthest wall of the container from the detector. Multipath reflections within the container make every point on or in the container appear to be at the range gate, allowing intrusion detection anywhere in the container. The system also includes other sensors to provide false alarm discrimination, and may include other sensors to monitor other parameters, e.g. radiation. The sensor system also includes a control subsystem for controlling system operation. Communications and information extraction capability may also be included. A method of detecting intrusion into a container uses UWB radar, and may also include false alarm discrimination. A secure container has an UWB based monitoring system

  1. Research of Intrusion Detection System%入侵检测系统的研究

    Institute of Scientific and Technical Information of China (English)

    隋新; 杨喜权; 陈棉书; 侯刚

    2012-01-01

    入侵检测系统是采用主动的防御技术保护系统、信息安全的重要网络安全措施.对入侵检测系统的研究进展进行了详细的介绍、分析,并进行了全面的总结.重点介绍了入侵检测系统的模型、分类;以及入侵检测系统的新技术及比较成熟的IDS产品.最后展望了入侵检测系统的发展前景.%Intrusion detection system is an important safety measure that uses the active defense technology to protect information security. Firstly, the research progress of intrusion detection system in details is summarized, introduced the intrusion detection system model and classification. Secondly, the new technology of intrusion detection system and mature IDS products are introduced. Finally, the development of intrusion detection system is prospected.

  2. A Novel Distributed Intrusion Detection System for Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Leandros A. Maglaras

    2015-04-01

    Full Text Available In the new interconnected world, we need to secure vehicular cyber-physical systems (VCPS using sophisticated intrusion detection systems. In this article, we present a novel distributed intrusion detection system (DIDS designed for a vehicular ad hoc network (VANET. By combining static and dynamic detection agents, that can be mounted on central vehicles, and a control center where the alarms about possible attacks on the system are communicated, the proposed DIDS can be used in both urban and highway environments for real time anomaly detection with good accuracy and response time.

  3. An Intrusion Detection System Model Based on Immune Principle and Performance Analysis

    Institute of Scientific and Technical Information of China (English)

    CHEN Zhi-xian; WANG Ru-chuan; WANG Shao-di; SUN Zhi-xin

    2005-01-01

    The study of security in computer networks is a key issue,which is a rapidly growing area of interest because of its importance.Main network security problems are analyzed in this paper above all,which currently are confronted with network systems and existing works in intrusion detection.And then an intrusion detection system model based on Immune Principle(IPIDS)is presented.Meanwhile,it expatiates detailed implementation of the methods how to reduce the high false positive and negative alarms of the traditional Intrusion Detection System(IDS).At last a simple simulation is performed on this model just using string match algorithm as binding mechanism.The simulation results indicate that the model can detect malicious activity effectively,and consequently the security and steadiness of the whole network system are improved also.

  4. Towards Multi-Stage Intrusion Detection using IP Flow Records

    OpenAIRE

    Muhammad Fahad Umer; Muhammad Sher; Imran Khan

    2016-01-01

    Traditional network-based intrusion detection sys-tems using deep packet inspection are not feasible for modern high-speed networks due to slow processing and inability to read encrypted packet content. As an alternative to packet-based intrusion detection, researchers have focused on flow-based intrusion detection techniques. Flow-based intrusion detection systems analyze IP flow records for attack detection. IP flow records contain summarized traffic information. However, flow data is very ...

  5. Data-driven robust approximate optimal tracking control for unknown general nonlinear systems using adaptive dynamic programming method.

    Science.gov (United States)

    Zhang, Huaguang; Cui, Lili; Zhang, Xin; Luo, Yanhong

    2011-12-01

    In this paper, a novel data-driven robust approximate optimal tracking control scheme is proposed for unknown general nonlinear systems by using the adaptive dynamic programming (ADP) method. In the design of the controller, only available input-output data is required instead of known system dynamics. A data-driven model is established by a recurrent neural network (NN) to reconstruct the unknown system dynamics using available input-output data. By adding a novel adjustable term related to the modeling error, the resultant modeling error is first guaranteed to converge to zero. Then, based on the obtained data-driven model, the ADP method is utilized to design the approximate optimal tracking controller, which consists of the steady-state controller and the optimal feedback controller. Further, a robustifying term is developed to compensate for the NN approximation errors introduced by implementing the ADP method. Based on Lyapunov approach, stability analysis of the closed-loop system is performed to show that the proposed controller guarantees the system state asymptotically tracking the desired trajectory. Additionally, the obtained control input is proven to be close to the optimal control input within a small bound. Finally, two numerical examples are used to demonstrate the effectiveness of the proposed control scheme.

  6. Harmful intrusion detection algorithm of optical fiber pre-warning system based on correlation of orthogonal polarization signals

    Science.gov (United States)

    Bi, Fukun; Feng, Chong; Qu, Hongquan; Zheng, Tong; Wang, Chonglei

    2017-09-01

    At present, advanced researches of optical fiber intrusion measurement are based on the constant false alarm rate (CFAR) algorithm. Although these conventional methods overcome the interference of non-stationary random signals, there are still a large number of false alarms in practical applications. This is because there is no specific study on orthogonal polarization signals of false alarm and intrusion. In order to further reduce false alarms, we analyze the correlation of optical fiber signals using birefringence of single-mode fiber. This paper proposes the harmful intrusion detection algorithm based on the correlation of two orthogonal polarization signals. The proposed method uses correlation coefficient to distinguish false alarms and intrusions, which can decrease false alarms. Experiments on real data, which are collected from the practical environment, demonstrate that the difference in correlation is a robust feature. Furthermore, the results show that the proposed algorithm can reduce the false alarms and ensure the detection performance when it is used in optical fiber pre-warning system (OFPS).

  7. Service-oriented architecture of adaptive, intelligent data acquisition and processing systems for long-pulse fusion experiments

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, J. [Grupo de Investigacion en Instrumentacion y Acustica Aplicada. Universidad Politecnica de Madrid, Crta. Valencia Km-7 Madrid 28031 (Spain); Ruiz, M., E-mail: mariano.ruiz@upm.e [Grupo de Investigacion en Instrumentacion y Acustica Aplicada. Universidad Politecnica de Madrid, Crta. Valencia Km-7 Madrid 28031 (Spain); Barrera, E.; Lopez, J.M.; Arcas, G. de [Grupo de Investigacion en Instrumentacion y Acustica Aplicada. Universidad Politecnica de Madrid, Crta. Valencia Km-7 Madrid 28031 (Spain); Vega, J. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain)

    2010-07-15

    The data acquisition systems used in long-pulse fusion experiments need to implement data reduction and pattern recognition algorithms in real time. In order to accomplish these operations, it is essential to employ software tools that allow for hot swap capabilities throughout the temporal evolution of the experiments. This is very important because processing needs are not equal during different phases of the experiment. The intelligent test and measurement system (ITMS) developed by UPM and CIEMAT is an example of a technology for implementing scalable data acquisition and processing systems based on PXI and CompactPCI hardware. In the ITMS platform, a set of software tools allows the user to define the processing algorithms associated with the different experimental phases using state machines driven by software events. These state machines are specified using the State Chart XML (SCXML) language. The software tools are developed using JAVA, JINI, an SCXML engine and several LabVIEW applications. Within this schema, it is possible to execute data acquisition and processing applications in an adaptive way. The power of SCXML semantics and the ability to work with XML user-defined data types allow for very easy programming of the ITMS platform. With this approach, the ITMS platform is a suitable solution for implementing scalable data acquisition and processing systems based on a service-oriented model with the ability to easily implement remote participation applications.

  8. RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks

    Directory of Open Access Journals (Sweden)

    Sungwon Lee

    2009-05-01

    Full Text Available TheIP-based Ubiquitous Sensor Network (IP-USN is an effort to build the “Internet of things”. By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System called RIDES (Robust Intrusion DEtection System for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.

  9. Implementing and testing a fiber-optic polarization-based intrusion detection system

    Science.gov (United States)

    Hajj, Rasha El; MacDonald, Gregory; Verma, Pramode; Huck, Robert

    2015-09-01

    We describe a layer-1-based intrusion detection system for fiber-optic-based networks. Layer-1-based intrusion detection represents a significant elevation in security as it prohibits an adversary from obtaining information in the first place (no cryptanalysis is possible). We describe the experimental setup of the intrusion detection system, which is based on monitoring the behavior of certain attributes of light both in unperturbed and perturbed optical fiber links. The system was tested with optical fiber links of various lengths and types, under different environmental conditions, and under changes in fiber geometry similar to what is experienced during tapping activity. Comparison of the results for perturbed and unperturbed links has shown that the state of polarization is more sensitive to intrusion activity than the degree of polarization or power of the received light. The testing was conducted in a simulated telecommunication network environment that included both underground and aerial links. The links were monitored for intrusion activity. Attempts to tap the link were easily detected with no apparent degradation in the visual quality of the real-time surveillance video.

  10. PERFORMANCE COMPARISON FOR INTRUSION DETECTION SYSTEM USING NEURAL NETWORK WITH KDD DATASET

    Directory of Open Access Journals (Sweden)

    S. Devaraju

    2014-04-01

    Full Text Available Intrusion Detection Systems are challenging task for finding the user as normal user or attack user in any organizational information systems or IT Industry. The Intrusion Detection System is an effective method to deal with the kinds of problem in networks. Different classifiers are used to detect the different kinds of attacks in networks. In this paper, the performance of intrusion detection is compared with various neural network classifiers. In the proposed research the four types of classifiers used are Feed Forward Neural Network (FFNN, Generalized Regression Neural Network (GRNN, Probabilistic Neural Network (PNN and Radial Basis Neural Network (RBNN. The performance of the full featured KDD Cup 1999 dataset is compared with that of the reduced featured KDD Cup 1999 dataset. The MATLAB software is used to train and test the dataset and the efficiency and False Alarm Rate is measured. It is proved that the reduced dataset is performing better than the full featured dataset.

  11. Identifying seawater intrusion in coastal areas by means of 1D and quasi-2D joint inversion of TDEM and VES data

    Science.gov (United States)

    Martínez-Moreno, F. J.; Monteiro-Santos, F. A.; Bernardo, I.; Farzamian, M.; Nascimento, C.; Fernandes, J.; Casal, B.; Ribeiro, J. A.

    2017-09-01

    Seawater intrusion is an increasingly widespread problem in coastal aquifers caused by climate changes -sea-level rise, extreme phenomena like flooding and droughts- and groundwater depletion near to the coastline. To evaluate and mitigate the environmental risks of this phenomenon it is necessary to characterize the coastal aquifer and the salt intrusion. Geophysical methods are the most appropriate tool to address these researches. Among all geophysical techniques, electrical methods are able to detect seawater intrusions due to the high resistivity contrast between saltwater, freshwater and geological layers. The combination of two or more geophysical methods is recommended and they are more efficient when both data are inverted jointly because the final model encompasses the physical properties measured for each methods. In this investigation, joint inversion of vertical electric and time domain soundings has been performed to examine seawater intrusion in an area within the Ferragudo-Albufeira aquifer system (Algarve, South of Portugal). For this purpose two profiles combining electrical resistivity tomography (ERT) and time domain electromagnetic (TDEM) methods were measured and the results were compared with the information obtained from exploration drilling. Three different inversions have been carried out: single inversion of the ERT and TDEM data, 1D joint inversion and quasi-2D joint inversion. Single inversion results identify seawater intrusion, although the sedimentary layers detected in exploration drilling were not well differentiated. The models obtained with 1D joint inversion improve the previous inversion due to better detection of sedimentary layer and the seawater intrusion appear to be better defined. Finally, the quasi-2D joint inversion reveals a more realistic shape of the seawater intrusion and it is able to distinguish more sedimentary layers recognised in the exploration drilling. This study demonstrates that the quasi-2D joint

  12. A robust data fusion scheme for integrated navigation systems employing fault detection methodology augmented with fuzzy adaptive filtering

    Science.gov (United States)

    Ushaq, Muhammad; Fang, Jiancheng

    2013-10-01

    Integrated navigation systems for various applications, generally employs the centralized Kalman filter (CKF) wherein all measured sensor data are communicated to a single central Kalman filter. The advantage of CKF is that there is a minimal loss of information and high precision under benign conditions. But CKF may suffer computational overloading, and poor fault tolerance. The alternative is the federated Kalman filter (FKF) wherein the local estimates can deliver optimal or suboptimal state estimate as per certain information fusion criterion. FKF has enhanced throughput and multiple level fault detection capability. The Standard CKF or FKF require that the system noise and the measurement noise are zero-mean and Gaussian. Moreover it is assumed that covariance of system and measurement noises remain constant. But if the theoretical and actual statistical features employed in Kalman filter are not compatible, the Kalman filter does not render satisfactory solutions and divergence problems also occur. To resolve such problems, in this paper, an adaptive Kalman filter scheme strengthened with fuzzy inference system (FIS) is employed to adapt the statistical features of contributing sensors, online, in the light of real system dynamics and varying measurement noises. The excessive faults are detected and isolated by employing Chi Square test method. As a case study, the presented scheme has been implemented on Strapdown Inertial Navigation System (SINS) integrated with the Celestial Navigation System (CNS), GPS and Doppler radar using FKF. Collectively the overall system can be termed as SINS/CNS/GPS/Doppler integrated navigation system. The simulation results have validated the effectiveness of the presented scheme with significantly enhanced precision, reliability and fault tolerance. Effectiveness of the scheme has been tested against simulated abnormal errors/noises during different time segments of flight. It is believed that the presented scheme can be

  13. Event-based knowledge elicitation of operating room management decision-making using scenarios adapted from information systems data

    Directory of Open Access Journals (Sweden)

    Epstein Richard H

    2011-01-01

    Full Text Available Abstract Background No systematic process has previously been described for a needs assessment that identifies the operating room (OR management decisions made by the anesthesiologists and nurse managers at a facility that do not maximize the efficiency of use of OR time. We evaluated whether event-based knowledge elicitation can be used practically for rapid assessment of OR management decision-making at facilities, whether scenarios can be adapted automatically from information systems data, and the usefulness of the approach. Methods A process of event-based knowledge elicitation was developed to assess OR management decision-making that may reduce the efficiency of use of OR time. Hypothetical scenarios addressing every OR management decision influencing OR efficiency were created from published examples. Scenarios are adapted, so that cues about conditions are accurate and appropriate for each facility (e.g., if OR 1 is used as an example in a scenario, the listed procedure is a type of procedure performed at the facility in OR 1. Adaptation is performed automatically using the facility's OR information system or anesthesia information management system (AIMS data for most scenarios (43 of 45. Performing the needs assessment takes approximately 1 hour of local managers' time while they decide if their decisions are consistent with the described scenarios. A table of contents of the indexed scenarios is created automatically, providing a simple version of problem solving using case-based reasoning. For example, a new OR manager wanting to know the best way to decide whether to move a case can look in the chapter on "Moving Cases on the Day of Surgery" to find a scenario that describes the situation being encountered. Results Scenarios have been adapted and used at 22 hospitals. Few changes in decisions were needed to increase the efficiency of use of OR time. The few changes were heterogeneous among hospitals, showing the usefulness of

  14. A Study of Various Intrusion Detection Model Based on Data Fusion, Neural Network and D-S Theory

    Directory of Open Access Journals (Sweden)

    Ramnaresh Sharma

    2012-06-01

    Full Text Available Network security and awareness of network attackare hot pots in current research area. Now in daysvarious model and method are available forintrusion detection and awareness of cyber-attack.Such as Application of the integrated NetworkSecurity Situation Awareness system (Net-SSAshows that the proposed framework supports for theaccurate modeling and effective generation ofnetwork security situation. In this paper we havediscuss various approach for intrusion detectiontechnique such as data fusion, neural network andD-S Theory and fuzzy logic.

  15. 关于入侵检测系统和入侵防御系统的探讨%Discussion of Intrusion Detection and Intrusion Prevention System

    Institute of Scientific and Technical Information of China (English)

    丁志芳; 徐孟春; 汪淼; 殷石昌

    2006-01-01

    本文简要介绍了入侵检测系统(Intrusion Detection System,IDS)的优势和不足,分析入侵防御系统(Intrusion Prevention System,IPS)的原理和特点.IPS与IDS各有其优点和不足,应该充分发挥各自的优势,使双方达到互补,相辅相成,共同建立现实的网络与信息安全体系.

  16. Link Adaptation for Framed Multimedia Data Transmission over a DS-CDMA Communication System

    Directory of Open Access Journals (Sweden)

    David Declercq

    2005-02-01

    Full Text Available In the context of frame-based multimedia wireless transmission, a link adaptation strategy is proposed, assuming that the source decoder may accept some remaining errors at the output of the channel decoder. Based on a target mean bit error rate for erroneous frames, a minimum bit-energy-to-equivalent-noise ratio is chosen. Under this constraint, a new link adaptation criterion is proposed: the maximization of the minimum user's information rate through dynamic spreading gain and power control, allowing to guarantee a transmission for each and every user. An analytical solution to this constrained optimization problem is proposed and its performance is studied in a Rayleigh-fading environment.

  17. Technologies, Methodologies and Challenges in Network Intrusion Detection and Prevention Systems

    Directory of Open Access Journals (Sweden)

    Nicoleta STANCIU

    2013-01-01

    Full Text Available This paper presents an overview of the technologies and the methodologies used in Network Intrusion Detection and Prevention Systems (NIDPS. Intrusion Detection and Prevention System (IDPS technologies are differentiated by types of events that IDPSs can recognize, by types of devices that IDPSs monitor and by activity. NIDPSs monitor and analyze the streams of network packets in order to detect security incidents. The main methodology used by NIDPSs is protocol analysis. Protocol analysis requires good knowledge of the theory of the main protocols, their definition, how each protocol works.

  18. Application of Machine Learning Approaches in Intrusion Detection System: A Survey

    Directory of Open Access Journals (Sweden)

    Nutan Farah Haq

    2015-03-01

    Full Text Available Network security is one of the major concerns of the modern era. With the rapid development and massive usage of internet over the past decade, the vulnerabilities of network security have become an important issue. Intrusion detection system is used to identify unauthorized access and unusual attacks over the secured networks. Over the past years, many studies have been conducted on the intrusion detection system. However, in order to understand the current status of implementation of machine learning techniques for solving the intrusion detection problems this survey paper enlisted the 49 related studies in the time frame between 2009 and 2014 focusing on the architecture of the single, hybrid and ensemble classifier design. This survey paper also includes a statistical comparison of classifier algorithms, datasets being used and some other experimental setups as well as consideration of feature selection step.

  19. A fuzzy logic based network intrusion detection system for predicting the TCP SYN flooding attack

    CSIR Research Space (South Africa)

    Mkuzangwe, Nenekazi NP

    2017-04-01

    Full Text Available presents a fuzzy logic based network intrusion detection system to predict neptune which is a type of a Transmission Control Protocol Synchronized (TCP SYN) flooding attack. The performance of the proposed fuzzy logic based system is compared to that of a...

  20. A gray-box DPDA-based intrusion detection technique using system-call monitoring

    NARCIS (Netherlands)

    Jafarian, Jafar Haadi; Abbasi, Ali; Safaei Sheikhabadi, Siavash

    2011-01-01

    In this paper, we present a novel technique for automatic and efficient intrusion detection based on learning program behaviors. Program behavior is captured in terms of issued system calls augmented with point-of-system-call information, and is modeled according to an efficient deterministic

  1. A new approach to adaptive data models

    Directory of Open Access Journals (Sweden)

    Ion LUNGU

    2016-12-01

    Full Text Available Over the last decade, there has been a substantial increase in the volume and complexity of data we collect, store and process. We are now aware of the increasing demand for real time data processing in every continuous business process that evolves within the organization. We witness a shift from a traditional static data approach to a more adaptive model approach. This article aims to extend understanding in the field of data models used in information systems by examining how an adaptive data model approach for managing business processes can help organizations accommodate on the fly and build dynamic capabilities to react in a dynamic environment.

  2. Automated Signature Creator for a Signature Based Intrusion Detection System with Network Attack Detection Capabilities (Pancakes

    Directory of Open Access Journals (Sweden)

    Frances Bernadette C. De Ocampo

    2015-05-01

    Full Text Available Signature-based Intrusion Detection System (IDS helps in maintaining the integrity of data in a network controlled environment. Unfortunately, this type of IDS depends on predetermined intrusion patterns that are manually created. If the signature database of the Signature-based IDS is not updated, network attacks just pass through this type of IDS without being noticed. To avoid this, an Anomaly-based IDS is used in order to countercheck if a network traffic that is not detected by Signature-based IDS is a true malicious traffic or not. In doing so, the Anomaly-based IDS might come up with several numbers of logs containing numerous network attacks which could possibly be a false positive. This is the reason why the Anomaly-based IDS is not perfect, it would readily alarm the system that a network traffic is an attack just because it is not on its baseline. In order to resolve the problem between these two IDSs, the goal is to correlate data between the logs of the Anomaly-based IDS and the packet that has been captured in order to determine if a network traffic is really malicious or not. With the supervision of a security expert, the malicious network traffic would be verified as malicious. Using machine learning, the researchers can identify which algorithm is better than the other algorithms in classifying if a certain network traffic is really malicious. Upon doing so, the creation of signatures would follow by basing the automated creation of signatures from the detected malicious traffic.

  3. Network intrusion detection

    Institute of Scientific and Technical Information of China (English)

    Oboile Tirelo; YANG Chun-hua

    2003-01-01

    Nowadays, network computer systems play an increasingly important role in society and economy. They have become the targets of a wide array of malicious attacks that invariably turn into actual intrusions. This is why the computer security has become an essential concern for network administrators. Too often, intrusions wreak havoc inside LANs and the time and cost to repair the damage can grow to extreme proportions. Instead of using passive measures to fix and patch security holes once they have been exploited, it is more effective to adopt a protective approach to intrusions. In addition to the well-established intrusion prevention techniques such as data encryption and message integrity, user authentication and user authorization, as well as the avoidance of security flaws inherent to many off-the-shelf applications, intrusion detection techniques can be viewed as an addition safeguard for network computers. The paper discusses traditional and new security designs, the approach to implementing best-practice security measures and the method to trace the malicious computer attackers.

  4. Adaptive Noise Reduction System

    Directory of Open Access Journals (Sweden)

    Ivana Ropuš

    2013-01-01

    Full Text Available Noise is an all-present environment pollutant, considered to be one of the greatest contemporary pollutants. World-wide, co-ordinated actions are conducted in order to develop systems which minimise the noise influence onto society.In this article we argue that novel approach to suppression of influence of noise is useful. Furthermore, we argue that the efficient approach is formulation of the efficient, broadly applicable, ubiquituous, adaptive noise-protection system. The approach combines the natural noise-protection form based on plants with the artificially formed coatings.Elements of the system are discussed, its formation and maintenance analysed and perspectives conjectured.

  5. Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems.

    Science.gov (United States)

    Laftah Al-Yaseen, Wathiq; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree

    2015-01-01

    Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

  6. Data-Driven Tracking Control With Adaptive Dynamic Programming for a Class of Continuous-Time Nonlinear Systems.

    Science.gov (United States)

    Mu, Chaoxu; Ni, Zhen; Sun, Changyin; He, Haibo

    2016-04-22

    A data-driven adaptive tracking control approach is proposed for a class of continuous-time nonlinear systems using a recent developed goal representation heuristic dynamic programming (GrHDP) architecture. The major focus of this paper is on designing a multivariable tracking scheme, including the filter-based action network (FAN) architecture, and the stability analysis in continuous-time fashion. In this design, the FAN is used to observe the system function, and then generates the corresponding control action together with the reference signals. The goal network will provide an internal reward signal adaptively based on the current system states and the control action. This internal reward signal is assigned as the input for the critic network, which approximates the cost function over time. We demonstrate its improved tracking performance in comparison with the existing heuristic dynamic programming (HDP) approach under the same parameter and environment settings. The simulation results of the multivariable tracking control on two examples have been presented to show that the proposed scheme can achieve better control in terms of learning speed and overall performance.

  7. Enforcing positivity in intrusive PC-UQ methods for reactive ODE systems

    Science.gov (United States)

    Najm, Habib N.; Valorani, Mauro

    2014-08-01

    We explore the relation between the development of a non-negligible probability of negative states and the instability of numerical integration of the intrusive Galerkin ordinary differential equation system describing uncertain chemical ignition. To prevent this instability without resorting to either multi-element local polynomial chaos (PC) methods or increasing the order of the PC representation in time, we propose a procedure aimed at modifying the amplitude of the PC modes to bring the probability of negative state values below a user-defined threshold. This modification can be effectively described as a filtering procedure of the spectral PC coefficients, which is applied on-the-fly during the numerical integration when the current value of the probability of negative states exceeds the prescribed threshold. We demonstrate the filtering procedure using a simple model of an ignition process in a batch reactor. This is carried out by comparing different observables and error measures as obtained by non-intrusive Monte Carlo and Gauss-quadrature integration and the filtered intrusive procedure. The filtering procedure has been shown to effectively stabilize divergent intrusive solutions, and also to improve the accuracy of stable intrusive solutions which are close to the stability limits.

  8. Calibrating a Salt Water Intrusion Model with Time-Domain Electromagnetic Data

    DEFF Research Database (Denmark)

    Herckenrath, Daan; Odlum, Nick; Nenna, Vanessa

    2013-01-01

    Salt water intrusion models are commonly used to support groundwater resource management in coastal aquifers. Concentration data used for model calibration are often sparse and limited in spatial extent. With airborne and ground-based electromagnetic surveys, electrical resistivity models can...... are transformed to an electrical resistivity model, after which a geophysical forward response is calculated and compared with the measured geophysical data. This approach was applied for a field site in Santa Cruz County, California, where a time-domain electromagnetic (TDEM) dataset was collected...

  9. Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems

    CERN Document Server

    Greensmith, Julie; Twycross, Jamie

    2010-01-01

    In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, anti-virus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological parad...

  10. Building Real-Time Network Intrusion Detection System Based on Parallel Time-Series Mining Techniques

    Institute of Scientific and Technical Information of China (English)

    Zhao Feng; Li Qinghua

    2005-01-01

    A new real-time model based on parallel time-series mining is proposed to improve the accuracy and efficiency of the network intrusion detection systems. In this model, multidimensional dataset is constructed to describe network events, and sliding window updating algorithm is used to maintain network stream. Moreover, parallel frequent patterns and frequent episodes mining algorithms are applied to implement parallel time-series mining engineer which can intelligently generate rules to distinguish intrusions from normal activities. Analysis and study on the basis of DAWNING 3000 indicate that this parallel time-series mining-based model provides a more accurate and efficient way to building real-time NIDS.

  11. Calibrating a salt water intrusion model with time-domain electromagnetic data.

    Science.gov (United States)

    Herckenrath, Daan; Odlum, Nick; Nenna, Vanessa; Knight, Rosemary; Auken, Esben; Bauer-Gottwein, Peter

    2013-01-01

    Salt water intrusion models are commonly used to support groundwater resource management in coastal aquifers. Concentration data used for model calibration are often sparse and limited in spatial extent. With airborne and ground-based electromagnetic surveys, electrical resistivity models can be obtained to provide high-resolution three-dimensional models of subsurface resistivity variations that can be related to geology and salt concentrations on a regional scale. Several previous studies have calibrated salt water intrusion models with geophysical data, but are typically limited to the use of the inverted electrical resistivity models without considering the measured geophysical data directly. This induces a number of errors related to inconsistent scales between the geophysical and hydrologic models and the applied regularization constraints in the geophysical inversion. To overcome these errors, we perform a coupled hydrogeophysical inversion (CHI) in which we use a salt water intrusion model to interpret the geophysical data and guide the geophysical inversion. We refer to this methodology as a Coupled Hydrogeophysical Inversion-State (CHI-S), in which simulated salt concentrations are transformed to an electrical resistivity model, after which a geophysical forward response is calculated and compared with the measured geophysical data. This approach was applied for a field site in Santa Cruz County, California, where a time-domain electromagnetic (TDEM) dataset was collected. For this location, a simple two-dimensional cross-sectional salt water intrusion model was developed, for which we estimated five uniform aquifer properties, incorporating the porosity that was also part of the employed petrophysical relationship. In addition, one geophysical parameter was estimated. The six parameters could be resolved well by fitting more than 300 apparent resistivities that were comprised by the TDEM dataset. Except for three sounding locations, all the TDEM data

  12. Ku-Band Data-Communication Adapter

    Science.gov (United States)

    Schadelbauer, Steve

    1995-01-01

    Data-communication adapter circuit on single printed-circuit board serves as general-purpose interface between personal computer and satellite communication system. Designed as direct interface with Ku-band data-communication system for payloads on space shuttle, also used with any radio-frequency transmission systems. Readily installed in almost any personal computer via widely used Industry Standard Architecture (ISA) bus.

  13. Adaptive CT scanning system

    Energy Technology Data Exchange (ETDEWEB)

    Sampayan, Stephen E.

    2016-11-22

    Apparatus, systems, and methods that provide an X-ray interrogation system having a plurality of stationary X-ray point sources arranged to substantially encircle an area or space to be interrogated. A plurality of stationary detectors are arranged to substantially encircle the area or space to be interrogated, A controller is adapted to control the stationary X-ray point sources to emit X-rays one at a time, and to control the stationary detectors to detect the X-rays emitted by the stationary X-ray point sources.

  14. 基于Snort入侵检测系统的改进优化%An Improved Intrusion Detection System Based on Snort

    Institute of Scientific and Technical Information of China (English)

    杨海峰; 陈明锐

    2012-01-01

    在深入研究和分析Snort入侵检测系统的基础上,对原有系统提出了新的改进设计方案,解决了Snort系统不能及时检测未知入侵行为的问题.同时,根据Snort流出数据的特征,统计了其出现频率,将存在威胁的数据特征动态加入到Snort异常特征库中,实现了对未知入侵的拦截.改进后的系统可有效防止未知的入侵事件,降低了丢包率,提高了系统的全面检测能力.%Based on the analysis of the Snort intrusion detection system, a new improved scheme was put forward to solve the problem that Snort system can' t detect unknown intrusion events timely. According to the characteristics of data outflow from Snort, its frequency was counted, and the characteristics of threaten data were added into the Snort abnormal feature library, and the unknown intrusion interception were realized. The improved system prevents the unknown intrusion events effectively, reduces the loss rate of the data packets and improves the comprehensive detection ability of intrusion detection system.

  15. Field data and numerical modeling: A multiple lines of evidence approach for assessing vapor intrusion exposure risks.

    Science.gov (United States)

    Pennell, Kelly G; Scammell, Madeleine K; McClean, Michael D; Suuberg, Eric M; Moradi, Ali; Roghani, Mohammadyousef; Ames, Jennifer; Friguglietti, Leigh; Indeglia, Paul A; Shen, Rui; Yao, Yijun; Heiger-Bernays, Wendy J

    2016-06-15

    USEPA recommends a multiple lines of evidence approach to make informed decisions at vapor intrusion sites because the vapor intrusion pathway is notoriously difficult to characterize. Our study uses this approach by incorporating groundwater, soil gas, indoor air field measurements and numerical models to evaluate vapor intrusion exposure risks in a Metro-Boston neighborhood known to exhibit lower than anticipated indoor air concentrations based on groundwater concentrations. We collected and evaluated five rounds of field sampling data over the period of one year. Field data results show a steep gradient in soil gas concentrations near the groundwater surface; however as the depth decreases, soil gas concentration gradients also decrease. Together, the field data and the numerical model results suggest that a subsurface feature is limiting vapor transport into indoor air spaces at the study site and that groundwater concentrations are not appropriate indicators of vapor intrusion exposure risks in this neighborhood. This research also reveals the importance of including relevant physical models when evaluating vapor intrusion exposure risks using the multiple lines of evidence approach. Overall, the findings provide insight about how the multiple lines of evidence approach can be used to inform decisions by using field data collected using regulatory-relevant sampling techniques, and a well-established 3-D vapor intrusion model.

  16. On the applicability of fair and adaptive data dissemination in traffic information systems

    NARCIS (Netherlands)

    Schwartz, Ramon S.; Ohazulike, Anthony E.; Sommer, Christoph; Scholten, Hans; Dressler, Falko; Havinga, Paul

    2014-01-01

    Vehicular Ad hoc Networks (VANETs) are expected to serve as support to the development of not only safety applications but also information-rich applications that disseminate relevant data to vehicles. Due to the continuous collection, processing, and dissemination of data, one crucial requirement i

  17. Heterogeneous VM Replication: A New Approach to Intrusion Detection, Active Response and Recovery in Cloud Data Centers

    Science.gov (United States)

    2015-08-17

    operations and security is to conduct research to develop new approaches to detection on intrusion, forensics , and active response and recovery from...One of the goals of AFOSR in information operations and security is to conduct research to develop new approaches to detection on intrusion, forensics ... Scientific Progress * System Call Redirection: A Practical Approach to Meeting Real-world Virtual Machine Introspection Needs Existing VMI

  18. An Enhanced Intrusion Detection System for Multitier Dynamic Web Applications

    Directory of Open Access Journals (Sweden)

    S.Sasireka

    2014-05-01

    Full Text Available We present an efficient approach, a system used to detect attacks in multitiered web services and classify through Hierarchal clustering Algorithm. Our approach can create normality models of isolated user sessions that include both the web front-end (HTTP and back-end (File or SQL network transactions with respect to Data volumes and Classify them. Implements a lightweight virtualization technique to assign each user’s web session to a dedicated container, an isolated virtual computing environment. We use the cluster algorithm to accurately associate the web request with the subsequent DB queries. DoubleGuard can build a causal mapping profile by taking both the webserver and DB traffic into account. Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multitiered design wherein the webserver runs the application front-end logic and data are outsourced to a database or file server. In this paper, we present DoubleGuard, an IDS system that models the network behavior of user sessions across both the front-end webserver and the back-end database. By monitoring both web and subsequent database requests, we are able to ferret out attacks that an independent IDS would not be able to identify. Furthermore, we quantify the limitations of any multitier IDS in terms of training sessions and functionality coverage. We implemented DoubleGuard using an Apache webserver with MySQL and lightweight virtualization.

  19. Conjunctive Management of Multi-Aquifer System for Saltwater Intrusion Mitigation

    Science.gov (United States)

    Tsai, F. T. C.; Pham, H. V.

    2015-12-01

    Due to excessive groundwater withdrawals, many water wells in Baton Rouge, Louisiana experience undesirable chloride concentration because of saltwater intrusion. The study goal is to develop a conjunctive management framework that takes advantage of the Baton Rouge multi-aquifer system to mitigate saltwater intrusion. The conjunctive management framework utilizes several hydraulic control techniques to mitigate saltwater encroachment. These hydraulic control approaches include pumping well relocation, freshwater injection, saltwater scavenging, and their combinations. Specific objectives of the study are: (1) constructing scientific geologic architectures of the "800-foot" sand, the "1,000-foot" sand, the "1,200-foot" sand, the "1,500-foot" sand, the "1,700-foot" sand, and the "2,000-foot" sand, (2) developing scientific saltwater intrusion models for these sands. (3) using connector wells to draw native groundwater from one sand and inject to another sand to create hydraulic barriers to halt saltwater intrusion, (4) using scavenger wells or well couples to impede saltwater intrusion progress and reduce chloride concentration in pumping wells, and (5) reducing cones of depression by relocating and dispersing pumping wells to different sands. The study utilizes optimization techniques and newest LSU high performance computing (HPC) facilities to derive solutions. The conjunctive management framework serves as a scientific tool to assist policy makers to solve the urgent saltwater encroachment issue in the Baton Rouge area. The research results will help water companies as well as industries in East Baton Rouge Parish and neighboring parishes by reducing their saltwater intrusion threats, which in turn would sustain Capital Area economic development.

  20. On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Wei Gao

    2014-03-01

    Full Text Available Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks.  Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services.  This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

  1. Model-Data Fusion and Adaptive Sensing for Large Scale Systems: Applications to Atmospheric Release Incidents

    Science.gov (United States)

    Madankan, Reza

    All across the world, toxic material clouds are emitted from sources, such as industrial plants, vehicular traffic, and volcanic eruptions can contain chemical, biological or radiological material. With the growing fear of natural, accidental or deliberate release of toxic agents, there is tremendous interest in precise source characterization and generating accurate hazard maps of toxic material dispersion for appropriate disaster management. In this dissertation, an end-to-end framework has been developed for probabilistic source characterization and forecasting of atmospheric release incidents. The proposed methodology consists of three major components which are combined together to perform the task of source characterization and forecasting. These components include Uncertainty Quantification, Optimal Information Collection, and Data Assimilation. Precise approximation of prior statistics is crucial to ensure performance of the source characterization process. In this work, an efficient quadrature based method has been utilized for quantification of uncertainty in plume dispersion models that are subject to uncertain source parameters. In addition, a fast and accurate approach is utilized for the approximation of probabilistic hazard maps, based on combination of polynomial chaos theory and the method of quadrature points. Besides precise quantification of uncertainty, having useful measurement data is also highly important to warranty accurate source parameter estimation. The performance of source characterization is highly affected by applied sensor orientation for data observation. Hence, a general framework has been developed for the optimal allocation of data observation sensors, to improve performance of the source characterization process. The key goal of this framework is to optimally locate a set of mobile sensors such that measurement of textit{better} data is guaranteed. This is achieved by maximizing the mutual information between model predictions

  2. Adaptive Data Processing Technique for Lidar-Assisted Control to Bridge the Gap between Lidar Systems and Wind Turbines: Preprint

    Energy Technology Data Exchange (ETDEWEB)

    Schlipf, David; Raach, Steffen; Haizmann, Florian; Cheng, Po Wen; Fleming, Paul; Scholbrock, Andrew, Krishnamurthy, Raghu; Boquet, Mathieu

    2015-12-14

    This paper presents first steps toward an adaptive lidar data processing technique crucial for lidar-assisted control in wind turbines. The prediction time and the quality of the wind preview from lidar measurements depend on several factors and are not constant. If the data processing is not continually adjusted, the benefit of lidar-assisted control cannot be fully exploited, or can even result in harmful control action. An online analysis of the lidar and turbine data are necessary to continually reassess the prediction time and lidar data quality. In this work, a structured process to develop an analysis tool for the prediction time and a new hardware setup for lidar-assisted control are presented. The tool consists of an online estimation of the rotor effective wind speed from lidar and turbine data and the implementation of an online cross correlation to determine the time shift between both signals. Further, initial results from an ongoing campaign in which this system was employed for providing lidar preview for feed-forward pitch control are presented.

  3. Optimized Robust Adaptive Networks in Supervisory Control and Data Acquisition Systems

    Science.gov (United States)

    2009-03-01

    daughter for their unconditional support in order for me to reach my goal. Familia , thank you for taking care of me throughout these challenging times...connection- oriented protocol since before one application 21 process can begin to send data to another, the two processes must first “handshake

  4. Complex adaptive systems ecology

    DEFF Research Database (Denmark)

    Sommerlund, Julie

    2003-01-01

    In the following, I will analyze two articles called Complex Adaptive Systems EcologyI & II (Molin & Molin, 1997 & 2000). The CASE-articles are some of the more quirkyarticles that have come out of the Molecular Microbial Ecology Group - a groupwhere I am currently making observational studies....... They are the result of acooperation between Søren Molin, professor in the group, and his brother, JanMolin, professor at Department of Organization and Industrial Sociology atCopenhagen Business School. The cooperation arises from the recognition that bothmicrobial ecology and sociology/organization theory works...

  5. A HYBRID INTRUSION PREVENTION SYSTEM (HIPS FOR WEB DATABASE SECURITY

    Directory of Open Access Journals (Sweden)

    Eslam Mohsin Hassib

    2010-07-01

    Full Text Available Web database security is a challenging issue that should be taken into consideration when designing and building business based web applications. Those applications usually include critical processes such as electronic-commerce web applications that include money transfer via visa or master cards. Security is a critical issue in other web based application such as sites for military weapons companies and national security of countries. The main contributionof this paper is to introduce a new web database security model that includes a combination of triple system ; (i Host Identity protocol(HIP in a new authentication method called DSUC (Data Security Unique Code, (ii a strong filtering rules that detects intruders with high accuracy, and (iii a real time monitoring system that employs the Uncertainty Degree Model (UDM using fuzzy sets theory. It was shown that the combination of those three powerful security issues results in very strong security model. Accordingly, the proposed web database security model has the ability to detect and provide a real time prevention of intruder access with high precision. Experimental results have shown that the proposed model introduces satisfactory web database protection levels which reach in some cases to detect and prevent more that 93% of the intruders.

  6. Dynamic Modeling of a Reformed Methanol Fuel Cell System using Empirical Data and Adaptive Neuro-Fuzzy Inference System Models

    DEFF Research Database (Denmark)

    Justesen, Kristian Kjær; Andreasen, Søren Juhl; Shaker, Hamid Reza

    2014-01-01

    In this work, a dynamic MATLAB Simulink model of a H3-350 Reformed Methanol Fuel Cell (RMFC) stand-alone battery charger produced by Serenergy is developed on the basis of theoretical and empirical methods. The advantage of RMFC systems is that they use liquid methanol as a fuel instead of gaseous...... of the reforming process are implemented. Models of the cooling flow of the blowers for the fuel cell and the burner which supplies process heat for the reformer are made. The two blowers have a common exhaust, which means that the two blowers influence each other’s output. The models take this into account using...... an empirical approach. Fin efficiency models for the cooling effect of the air are also developed using empirical methods. A fuel cell model is also implemented based on a standard model which is adapted to fit the measured performance of the H3-350 module. All the individual parts of the model are verified...

  7. Dynamic Modeling of a Reformed Methanol Fuel Cell System using Empirical Data and Adaptive Neuro-Fuzzy Inference System Models

    DEFF Research Database (Denmark)

    Justesen, Kristian Kjær; Andreasen, Søren Juhl; Shaker, Hamid Reza

    2013-01-01

    In this work, a dynamic MATLAB Simulink model of a H3-350 Reformed Methanol Fuel Cell (RMFC) stand-alone battery charger produced by Serenergy is developed on the basis of theoretical and empirical methods. The advantage of RMFC systems is that they use liquid methanol as a fuel instead of gaseous...... of the reforming process are implemented. Models of the cooling flow of the blowers for the fuel cell and the burner which supplies process heat for the reformer are made. The two blowers have a common exhaust, which means that the two blowers influence each other’s output. The models take this into account using...... an empirical approach. Fin efficiency models for the cooling effect of the air are also developed using empirical methods. A fuel cell model is also implemented based on a standard model which is adapted to fit the measured performance of the H3-350 module. All the individual parts of the model are verified...

  8. Adaptable Web Modules to Stimulate Active Learning in Engineering Hydrology using Data and Model Simulations of Three Regional Hydrologic Systems

    Science.gov (United States)

    Habib, E. H.; Tarboton, D. G.; Lall, U.; Bodin, M.; Rahill-Marier, B.; Chimmula, S.; Meselhe, E. A.; Ali, A.; Williams, D.; Ma, Y.

    2013-12-01

    server-based system. Open source web technologies and community-based tools are used to facilitate wide dissemination and adaptation by diverse, independent institutions. The new hydrologic learning modules are based on recent developments in hydrologic modeling, data, and resources. The modules are embedded in three regional-scale ecosystems, Coastal Louisiana, Florida Everglades, and Utah Great Salt Lake Basin. These sites provide a wealth of hydrologic concepts and scenarios that can be used in most water resource and hydrology curricula. The study develops several learning modules based on the three hydro-systems covering subjects such as: water-budget analysis, effects of human and natural changes, climate-hydrology teleconnections, and water-resource management scenarios. The new developments include an instructional interface to give critical guidance and support to the learner and an instructor's guide containing adaptation and implementation procedures to assist instructors in adopting and integrating the material into courses and provide a consistent experience. The design of the new hydrologic education developments will be transferable to independent institutions and adaptable both instructionally and technically through a server system capable of supporting additional developments by the educational community.

  9. NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE

    Directory of Open Access Journals (Sweden)

    Hemanta Kumar Kalita

    2011-07-01

    Full Text Available Non-intrusive remote monitoring of data centre services should be such that it does not require (or minimal modification of legacy code and standard practices. Also, allowing third party agent to sit on every server in a data centre is a risk from security perspective. Hence, use of standard such as SNMPv3 is advocated in this kind of environment. There are many tools (open source or commercial available which uses SNMP; but we observe that most of the tools do not have an essential feature for auto-discovery of network. In this paper we present an algorithm for remote monitoring of services in a data centre. The algorithm has two stages: 1 auto discovery of network topology and 2 data collection from remote machine. Further, we compare SNMP with WBEM and identify some other options for remote monitoring of services and their advantages and disadvantages.

  10. Non-Intrusive Magneto-Optic Detecting System for Investigations of Air Switching Arcs

    Science.gov (United States)

    Zhang, Pengfei; Zhang, Guogang; Dong, Jinlong; Liu, Wanying; Geng, Yingsan

    2014-07-01

    In current investigations of electric arc plasmas, experiments based on modern testing technology play an important role. To enrich the testing methods and contribute to the understanding and grasping of the inherent mechanism of air switching arcs, in this paper, a non-intrusive detecting system is described that combines the magneto-optic imaging (MOI) technique with the solution to inverse electromagnetic problems. The detecting system works in a sequence of main steps as follows: MOI of the variation of the arc flux density over a plane, magnetic field information extracted from the magneto-optic (MO) images, arc current density distribution and spatial pattern reconstruction by inverting the resulting field data. Correspondingly, in the system, an MOI set-up is designed based on the Faraday effect and the polarization properties of light, and an intelligent inversion algorithm is proposed that involves simulated annealing (SA). Experiments were carried out for high current (2 kA RMS) discharge cases in a typical low-voltage switchgear. The results show that the MO detection system possesses the advantages of visualization, high resolution and response, and electrical insulation, which provides a novel diagnostics tool for further studies of the arc.

  11. Design and adaptation of ocean observing systems at coastal scales, the role of data assimilation in the optimization of measures.

    Science.gov (United States)

    Brandini, Carlo; Taddei, Stefano; Fattorini, Maria; Doronzo, Bartolomeo; Lapucci, Chiara; Ortolani, Alberto; Poulain, Pierre Marie

    2015-04-01

    The design and the implementation of observation systems, in the current view, are not limited to the capability to observe some phenomena of particular interest in a given sea area, but must ensure maximum benefits to the analysis/prediction systems that are based on numerical models. The design of these experimental systems takes great advantage from the use of synthetic data, whose characteristics are as close as possible to the observed data (e.g. in-situ), in terms of spatial and temporal variability, particularly when the power spectrum of the observed signal is close to that reproduced by a numerical model. This method, usually referred to as OSSE (Observing System Simulation Experiment), is a preferred way to test numerical data for assimilation into models as if they were real data, with the advantage of defining different datasets for data assimilation at almost no cost. This applies both to the design of fixed networks (such as buoys or coastal radars), and to the improvement of the performance of mobile platforms, such as autonomous marine vehicles, floats or mobile radars, through the optimization of parameters for vehicle guidance, coverage, trajectories or localization of sampling points, according to the adaptive observation concept. In this work we present the results of some experimental activities recently undertaken in the coastal area between the Ligurian and Northern Tyrrhenian seas, that have shown a great vulnerability in recent years, due to a number of marine accidents and environmental issues. In this cross-border area an observation and forecasting system is being installed as part of the SICOMAR project (PO maritime Italy-France), in order to provide real time data at high spatial and time resolution, and to design interoperable, expandable and flexible observing platforms, that can be quickly adapted to the needs of local problems (e.g. accidents at sea). The starting SICOMAR network includes HF coastal radars, FerryBoxes onboard ships

  12. Modeling message sequences for intrusion detection in industrial control systems

    NARCIS (Netherlands)

    Caselli, Marco; Zambon, Emmanuele; Petit, Jonathan; Kargl, Frank; Rice, Mason; Shenoi, Sujeet

    2015-01-01

    Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment fa

  13. Sequence-aware intrusion detection in industrial control systems

    NARCIS (Netherlands)

    Caselli, Marco; Zambon, Emmanuele; Kargl, Frank; Zhou, Jianying; Jones, D.

    2015-01-01

    Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but als

  14. Sequence-aware intrusion detection in industrial control systems

    NARCIS (Netherlands)

    Caselli, M.; Zambon, Emmanuele; Kargl, Frank; Zhou, Jianying; Jones, D.

    Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but

  15. Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

    Science.gov (United States)

    2016-08-01

    sectors of the global economy . ICSs can be found in manufacturing plants, transportation systems, food and medicine production, and critical infrastructure... manufacturing process being closed. Step 1. Using a text editor, create a text file with name test-case-2-rule.json and enter this rule: Approved...ARL-TR-7767 ● AUG 2016 US Army Research Laboratory Industrial Control System Process-Oriented Intrusion Detection (iPoid

  16. PERFORMANCE COMPARISON OF INTRUSION DETECTION SYSTEM USING VARIOUS TECHNIQUES – A REVIEW

    Directory of Open Access Journals (Sweden)

    S. Devaraju

    2013-09-01

    Full Text Available Nowadays, the security has become a critical part of any organization or industry information systems. The Intrusion Detection System is an effective method to deal with the new kind of threats such as DoS, Porbe, R2L and U2R. In this paper, we analyze the various approaches such as Hidden Semi Markov Model, Conditional Random Fields and Layered Approach, Bayesian classification, Data Mining techniques, Clustering Algorithms such as K-Means and Fuzzy c-Means, Back Propagation Neural Network, SOM Neural Network, Rough Set Neural Network Algorithm, Genetic Algorithm, Pattern Matching, Principle Component Analysis, Linear Discriminant Analysis, Independent Component Analysis, Multivariate Statistical Analysis, SOM/PSO algorithm etc. The performance is measured for two different datasets using various approaches. The datasets are trained and tested for identifying the new attacks that will affect the hosts or networks. The well known KDD Cup 1999 or DARPA 1999 dataset has been used to improve the accuracy and performance. The four groups of attacks are identified as Probe, DoS, U2R and R2L. The dataset used for training set is 494,021 and testing set is 311,028. The aim is to improve the detection rate and performance of the proposed system.

  17. Intrusion Detection System%IDS入侵检测系统研究

    Institute of Scientific and Technical Information of China (English)

    李镇江; 戴英侠; 陈越

    2001-01-01

    在分布式计算环境中,信息系统首先需要考虑的就是保护数据和资源免遭未授权的非法访问、操作,甚至恶意入侵和破坏,因此安全管理日益成为人们关注的焦点.在诸多的新兴技术中,IDS(入侵检测系统)以它新颖的思路和广阔的应用前景而倍受青睐.介绍IDS的历史和现状,说明现有IDS的不足以及今后ID技术的发展趋势.%Resources and data need be protected by a mechanism which prevents system from unauthorized accesses, misuses and malicious intrusious in today's distributed computing environment. SSOs (System Security Officer) demands an intelligent system to support them to care about these issues. Thus, a challenging but fascinating technology, IDS had been deeply investigated during last 20 years and is gaining more and more attention recently. IDS can identify intrusions and misuses and then trigger corresponding response and recovery processing. in this thesis, author first reviews the history and status quo of IDS, then discusses the future trends in the development of IDS Technologies.

  18. User-Centered Evaluation of Adaptive and Adaptable Systems

    NARCIS (Netherlands)

    Velsen, van Lex; Geest, van der Thea M.; Klaassen, Rob F.

    2009-01-01

    Adaptive and adaptable systems provide tailored output to various users in various contexts. While adaptive systems base their output on implicit inferences, adaptable systems use explicitly provided information. Since the presentation or output of these systems is adapted, standard user-centered ev

  19. A distributed signature detection method for detecting intrusions in sensor systems.

    Science.gov (United States)

    Kim, Ilkyu; Oh, Doohwan; Yoon, Myung Kuk; Yi, Kyueun; Ro, Won Woo

    2013-03-25

    Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

  20. P2PRPIPS: A P2P and Reverse Proxy Based Web Intrusion Protection System

    Directory of Open Access Journals (Sweden)

    Qian He

    2013-03-01

    Full Text Available In order to protect web sites with various program languages and high throughput efficiently, a web Intrusion Protection System (IPS based on P2P and reverse proxy architecture was designed and implemented. The P2P based web intrusion protection system has multi web firewall nodes and nodes with same program cooperate with each other under P2P architecture. Some nodes work as net flow allocator and some work as detector and they can convert to each other according to the requirements dynamically. The WAF program has the characteristics of session keeping and load balancing and it can detect messages by using expert library and many plug-in components. The technology of reverse proxy is used for response the web request. Experiments show that the system can effectively prevent attacks form application layer. It is proved more efficient and stable than single node.

  1. An intrusion prevention system as a proactive security mechanism in network infrastructure

    Directory of Open Access Journals (Sweden)

    Dulanović Nenad

    2008-01-01

    Full Text Available A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS, proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.

  2. An adapter-aware, non-intrusive dependency injection framework for Java

    NARCIS (Netherlands)

    Roemers, Arnout; Hatun, Kardelen; Bockisch, Christoph

    In strongly typed Object-Oriented Programming languages, it is common to encounter type incompatibilities between separately developed software components one desires to compose. Using the Adapter pattern to overcome these type incompatibilities is only an option if changing the source code of the

  3. An adapter-aware, non-intrusive dependency injection framework for Java

    NARCIS (Netherlands)

    Roemers, Arnout; Hatun, Kardelen; Bockisch, Christoph

    2013-01-01

    In strongly typed Object-Oriented Programming languages, it is common to encounter type incompatibilities between separately developed software components one desires to compose. Using the Adapter pattern to overcome these type incompatibilities is only an option if changing the source code of the s

  4. MULTI SCALE TIME SERIES PREDICTION FOR INTRUSION DETECTION

    Directory of Open Access Journals (Sweden)

    G. Palanivel

    2014-01-01

    Full Text Available We propose an anomaly-based network intrusion detection system, which analyzes traffic features to detect anomalies. The proposed system can be used both in online as well as off-line mode for detecting deviations from the expected behavior. Although our approach uses network packet or flow data, it is general enough to be adaptable for use with any other network variable, which may be used as a signal for anomaly detection. It differs from most existing approaches in its use of wavelet transform for generating different time scales for a signal and using these scales as an input to a two-stage neural network predictor. The predictor predicts the expected signal value and labels considerable deviations from this value as anomalies. The primary contribution of our work would be to empirically evaluate the effectiveness of multi resolution analysis as an input to neural network prediction engine specifically for the purpose of intrusion detection. The role of Intrusion Detection Systems (IDSs, as special-purpose devices to detect anomalies and attacks in a network, is becoming more important. First, anomaly-based methods cannot achieve an outstanding performance without a comprehensive labeled and up-to-date training set with all different attack types, which is very costly and time-consuming to create if not impossible. Second, efficient and effective fusion of several detection technologies becomes a big challenge for building an operational hybrid intrusion detection system.

  5. The role of genetic structure in the adaptive divergence of populations experiencing saltwater intrusion due to relative sea-level rise.

    Science.gov (United States)

    Purcell, K M; Hitch, A; Martin, S; Klerks, P L; Leberg, P L

    2012-12-01

    Saltwater intrusion into estuaries creates stressful conditions for nektonic species. Previous studies have shown that Gambusia affinis populations with exposure to saline environments develop genetic adaptations for increased survival during salinity stress. Here, we evaluate the genetic structure of G. affinis populations, previously shown to have adaptations for increased salinity tolerance, and determine the impact of selection and gene flow on structure of these populations. We found that gene flow was higher between populations experiencing different salinity regimes within an estuary than between similar marsh types in different estuaries, suggesting the development of saline-tolerant phenotypes due to local adaptation. There was limited evidence of genetic structure along a salinity gradient, and only some of the genetic variation among sites was correlated with salinity. Our results suggest limited structure, combined with selection to saltwater intrusion, results in phenotypic divergence in spite of a lack of physical barriers to gene flow.

  6. How to secure web servers by the intrusion prevention system (IPS?

    Directory of Open Access Journals (Sweden)

    Yousef Farhaoui

    2016-03-01

    Full Text Available Information technology and especially the Internet are playing an increasing role in our society. Approaches by signature show limits on intrusion detection / attacks by the fact that most web vulnerabilities are specifically for specific applications may be developed in-house by companies. Behavioral methods are therefore an interesting approach in this area. An IPS (Intrusion Prevention System is a tool that is used to enhance the security level. We present here the secure IPS architecture web server. We will also discuss measures that define the effectiveness of our IPS and very recent work of standardization and homogenization of our IPS platform. The approach relies on preventive mechanisms: it is then to develop devices capable of preventing any action that would result in a violation of the security policy. However, experienceand results shows that it is impossible to build a fully secure system for technical or practical reasons.

  7. Implementation of Karp-Rabin string matching algorithm in reconfigurable hardware for network intrusion prevention system

    Science.gov (United States)

    Botwicz, Jakub; Buciak, Piotr; Sapiecha, Piotr

    2006-03-01

    Intrusion Prevention Systems (IPSs) have become widely recognized as a powerful tool and an important element of IT security safeguards. The essential feature of network IPSs is searching through network packets and matching multiple strings, that are fingerprints of known attacks. String matching is highly resource consuming and also the most significant bottleneck of IPSs. In this article an extension of the classical Karp-Rabin algorithm and its implementation architectures were examined. The result is a software, which generates a source code of a string matching module in hardware description language, that could be easily used to create an Intrusion Prevention System implemented in reconfigurable hardware. The prepared module matches the complete set of Snort IPS signatures achieving throughput of over 2 Gbps on an Altera Stratix I1 evaluation board. The most significant advantage of the proposed architecture is that the update of the patterns database does not require reconfiguration of the circuitry.

  8. H2-optimal control of an adaptive optics system: part I, data-driven modeling of the wavefront disturbance

    NARCIS (Netherlands)

    Hinnen, K.; Verhaegen, M.; Doelman, N.

    2005-01-01

    Even though the wavefront distortion introduced by atmospheric turbulence is a dynamic process, its temporal evolution is usually neglected in the adaptive optics (AO) control design. Most AO control systems consider only the spatial correlation in a separate wavefront reconstruction step. By accoun

  9. Evaluating Machine Learning Classifiers for Hybrid Network Intrusion Detection Systems

    Science.gov (United States)

    2015-03-26

    5 2.2.1 Snort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.2 Bro ...Snort Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3. Structure of Bro System [34...103 x List of Tables Table Page 2.1. Bro conn.log Fields [2] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

  10. MFIRE-2: A Multi Agent System for Flow-Based Intrusion Detection Using Stochastic Search

    Science.gov (United States)

    2012-03-01

    environments are naturally modeled as societies of agents, either cooperating with each other to solve complex prob- lems, or else competing with one-another...the intrusion detection problem are encouraging [42]. 2.6 Multiagent Systems A common design question for any IDS is how to maximize the benefits and...developed [25, 96, 79, 74, 43]. In all cases, electronics personas are created, which reflect the specific forum under evaluation ( ecommerce , social

  11. Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor Networks

    OpenAIRE

    2013-01-01

    Intrusion detection system (IDS) is regarded as the second line of defense against network anomalies and threats. IDS plays an important role in network security. There are many techniques which are used to design IDSs for specific scenario and applications. Artificial intelligence techniques are widely used for threats detection. This paper presents a critical study on genetic algorithm, artificial immune, and artificial neural network (ANN) based IDSs techniques used in wireless sensor netw...

  12. Web Prior Architecture to Avoid Threats and Enhance Intrusion Response System

    OpenAIRE

    K.S. Ravichandran; R. Baby Akila; T. Durga Laxmi

    2012-01-01

    Web is hierarchically composed of entities such as domains, Web sites and documents distributed over Web sites and linked together by hyperlinks. The response component of the intrusion detection system issues the response to the jarring requests. In this paper, the intension is to allow the legitimate user to access the target website and perform the selective operations on the database to avoid threats and protect the database from unauthorized users. The designed Web Prior Architecture (WP...

  13. An Analysis of Security System for Intrusion in Smartphone Environment

    Directory of Open Access Journals (Sweden)

    Maya Louk

    2014-01-01

    Full Text Available There are many malware applications in Smartphone. Smartphone’s users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone—whether for business or personal use—may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecting Smartphone and isolating malware and sending warning in the form of notification to the user about the danger in progress. In particular, (a MDTN process is possible and will be enabled for Smartphone environment. (b The methods are shown to be an advanced security for private sensitive data of the Smartphone user.

  14. An Adaptable Seismic Data Format

    Science.gov (United States)

    Krischer, Lion; Smith, James; Lei, Wenjie; Lefebvre, Matthieu; Ruan, Youyi; de Andrade, Elliott Sales; Podhorszki, Norbert; Bozdağ, Ebru; Tromp, Jeroen

    2016-11-01

    We present ASDF, the Adaptable Seismic Data Format, a modern and practical data format for all branches of seismology and beyond. The growing volume of freely available data coupled with ever expanding computational power opens avenues to tackle larger and more complex problems. Current bottlenecks include inefficient resource usage and insufficient data organization. Properly scaling a problem requires the resolution of both these challenges, and existing data formats are no longer up to the task. ASDF stores any number of synthetic, processed or unaltered waveforms in a single file. A key improvement compared to existing formats is the inclusion of comprehensive meta information, such as event or station information, in the same file. Additionally, it is also usable for any non-waveform data, for example, cross-correlations, adjoint sources or receiver functions. Last but not least, full provenance information can be stored alongside each item of data, thereby enhancing reproducibility and accountability. Any data set in our proposed format is self-describing and can be readily exchanged with others, facilitating collaboration. The utilization of the HDF5 container format grants efficient and parallel I/O operations, integrated compression algorithms and check sums to guard against data corruption. To not reinvent the wheel and to build upon past developments, we use existing standards like QuakeML, StationXML, W3C PROV and HDF5 wherever feasible. Usability and tool support are crucial for any new format to gain acceptance. We developed mature C/Fortran and Python based APIs coupling ASDF to the widely used SPECFEM3D_GLOBE and ObsPy toolkits.

  15. Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Chockalingam Karuppanchetty

    2015-09-01

    Full Text Available Attacks on web servers are becoming increasingly prevalent; the resulting social and economic impact of successful attacks is also exacerbated by our dependency on web-based applications. There are many existing attack detection and prevention schemes, which must be carefully configured to ensure their efficacy. In this paper, we present a study challenges that arise in training network payload anomaly detection schemes that utilize collected network traffic for tuning and configuration. The advantage of anomaly-based intrusion detection is in its potential for detecting zero day attacks. These types of schemes, however, require extensive training to properly model the normal characteristics of the system being protected. Usually, training is done through the use of real data collected by monitoring the activity of the system. In practice, network operators or administrators may run into cases where they have limited availability of such data. This issue can arise due to the system being newly deployed (or heavily modified or due to the content or behavior that leads to normal characterization having been changed. We show that artificially generated packet payloads can be used to effectively augment the training and tuning. We evaluate the method using real network traffic collected at a server site; We illustrate the problem at first (use of highly variable and unsuitable training data resulting in high false positives of 3.6∼10%, then show improvements using the augmented training method (false positives as low as 0.2%. We also measure the impact on network performance, and present a lookup based optimization that can be used to improve latency and throughput.

  16. Instant OSSEC host-based intrusion detection system

    CERN Document Server

    Lhotsky, Brad

    2013-01-01

    Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. A fast-paced, practical guide to OSSEC-HIDS that will help you solve host-based security problems.This book is great for anyone concerned about the security of their servers-whether you are a system administrator, programmer, or security analyst, this book will provide you with tips to better utilize OSSEC-HIDS. Whether you're new to OSSEC-HIDS or a seasoned veteran, you'll find something in this book you can apply today!This book assumes some knowledge of basic security concepts an

  17. Cybersecurity managing systems, conducting testing, and investigating intrusions

    CERN Document Server

    Mowbray, Thomas J

    2013-01-01

    A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a usef

  18. Integrated Adaptive Analysis and Visualization of Satellite Network Data Project

    Data.gov (United States)

    National Aeronautics and Space Administration — We propose to develop a system that enables integrated and adaptive analysis and visualization of satellite network management data. Integrated analysis and...

  19. Towards Adaptive Educational Assessments: Predicting Student Performance using Temporal Stability and Data Analytics in Learning Management Systems

    Energy Technology Data Exchange (ETDEWEB)

    Thakur, Gautam [ORNL; Olama, Mohammed M [ORNL; McNair, Wade [ORNL; Sukumar, Sreenivas R [ORNL

    2014-01-01

    Data-driven assessments and adaptive feedback are becoming a cornerstone research in educational data analytics and involve developing methods for exploring the unique types of data that come from the educational context. For example, predicting college student performance is crucial for both the students and educational institutions. It can support timely intervention to prevent students from failing a course, increasing efficacy of advising functions, and improving course completion rate. In this paper, we present our efforts in using data analytics that enable educationists to design novel data-driven assessment and feedback mechanisms. In order to achieve this objective, we investigate temporal stability of students grades and perform predictive analytics on academic data collected from 2009 through 2013 in one of the most commonly used learning management systems, called Moodle. First, we have identified the data features useful for assessments and predicting student outcomes such as students scores in homework assignments, quizzes, exams, in addition to their activities in discussion forums and their total Grade Point Average(GPA) at the same term they enrolled in the course. Second, time series models in both frequency and time domains are applied to characterize the progression as well as overall projections of the grades. In particular, the model analyzed the stability as well as fluctuation of grades among students during the collegiate years (from freshman to senior) and disciplines. Third, Logistic Regression and Neural Network predictive models are used to identify students as early as possible who are in danger of failing the course they are currently enrolled in. These models compute the likelihood of any given student failing (or passing) the current course. The time series analysis indicates that assessments and continuous feedback are critical for freshman and sophomores (even with easy courses) than for seniors, and those assessments may be

  20. 一种高性能入侵防御系统的设计与实现%Design and Implementation of a High Performance Intrusion Prevention System

    Institute of Scientific and Technical Information of China (English)

    谢大斌; 梁刚

    2013-01-01

      随着高速网络的普及,传统的入侵防御系统在数据包的高速捕获和实时处理方面,已经不能满足性能上的要求.设计并实现了一种高性能入侵防御系统,PF_RING DNA Intrusion Prevention System: PDIPS.PDIPS运行在通用多核平台,采用PF_RING的DNA技术,实现对数据包的线速捕获,同时采用多线程和CPU绑定技术并行地处理数据包,提高了系统的整体性能.试验结果表明,在相同的测试环境下,本系统与传统的入侵防御方案相比,在性能上有较好的提升,可以适应千兆环境的需求.%With the popularization of high-speed network, the traditional intrusion prevention system in high speed packet capture and real-time processing, has already can't meet the requirements of the performance. The paper proposed a kind of high performance intrusion prevention system, PF_RING DNA Intrusion Prevention System: PDIPS. PDIPS run on general multi-core platform, it used the PF_RING DNA technology to realize the packet capture in wire speed, at the same time, multithreading and CPU binding technology is used for parallel packets processing, to improve the overall performance. The test results show that under the same test environ- ment, PDIPS compared to traditional intrusion prevention scheme in performance has preferably improved, can adapt to the needs of the gigabit environment.

  1. On-line detection of Escherichia coli intrusion in a pilot-scale drinking water distribution system.

    Science.gov (United States)

    Ikonen, Jenni; Pitkänen, Tarja; Kosse, Pascal; Ciszek, Robert; Kolehmainen, Mikko; Miettinen, Ilkka T

    2017-08-01

    Improvements in microbial drinking water quality monitoring are needed for the better control of drinking water distribution systems and for public health protection. Conventional water quality monitoring programmes are not always able to detect a microbial contamination of drinking water. In the drinking water production chain, in addition to the vulnerability of source waters, the distribution networks are prone to contamination. In this study, a pilot-scale drinking-water distribution network with an on-line monitoring system was utilized for detecting bacterial intrusion. During the experimental Escherichia coli intrusions, the contaminant was measured by applying a set of on-line sensors for electric conductivity (EC), pH, temperature (T), turbidity, UV-absorbance at 254 nm (UVAS SC) and with a device for particle counting. Monitored parameters were compared with the measured E. coli counts using the integral calculations of the detected peaks. EC measurement gave the strongest signal compared with the measured baseline during the E. coli intrusion. Integral calculations showed that the peaks in the EC, pH, T, turbidity and UVAS SC data were detected corresponding to the time predicted. However, the pH and temperature peaks detected were barely above the measured baseline and could easily be mixed with the background noise. The results indicate that on-line monitoring can be utilized for the rapid detection of microbial contaminants in the drinking water distribution system although the peak interpretation has to be performed carefully to avoid being mixed up with normal variations in the measurement data. Copyright © 2017 Elsevier Ltd. All rights reserved.

  2. Development of Embedded Based System to Monitor Elephant Intrusion in Forest Border Areas Using Internet of Things

    Directory of Open Access Journals (Sweden)

    R. K. Vigneshwar

    2016-07-01

    Full Text Available The new era of computing technology is emerging as it will encompass every aspects of our lives with amazing potentials and it can be termed as Internet of Things (IOT. The IOT generally comprised of smart machines interacting and interactive with other machines, objects, environments and infrastructures. In embedded computing system each thing is uniquely identifiable but it is able to be interoperable within the existing internet infrastructure in IOT. As a result, massive volumes of data are being created, and that data is being processed into useful actions that can “command and control” things to make our living much comfortable and safer—and to ease our impact on the environment. In this paper we have proposed a elephant intrusion monitoring system using IOT. The various drawbacks in already existing system using embedded systems can be overcome as we have cloud based services, low cost and advanced miniaturization in packaging technology. Here we are developing a prototype model for real time interaction of elephant intrusion in forest border areas that allows a persistent monitoring by making use of an On board computer and cloud services.

  3. A survey on anomaly and signature based intrusion detection system (IDS

    Directory of Open Access Journals (Sweden)

    Mrs.Anshu Gangwar

    2014-04-01

    Full Text Available Security is considered as one of the most critical parameter for the acceptance of any networking technology. Information in transit must be protected from unauthorized release and modification, and the connection itself must be established and maintained securely malicious users have taken advantage of this to achieve financial gain or accomplish some corporate or personal agenda. Denial of Service (DoS and distributed DoS (DDoS attacks are evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money. Combination of Intrusion detection System and Firewall is used by Business Organizations to detect and p revent Organizations‟ network from these attacks. Signatures to detect them are not available. This paper presents a light-Weight mechanism to detect novel DoS/DDoS (Resource Consumption attacks and automatic signature generation process to represent them in real time. Experimental results are provided to support the proposed mechanism.

  4. Space-time adaptive decision feedback neural receivers with data selection for high-data-rate users in DS-CDMA systems.

    Science.gov (United States)

    de Lamare, Rodrigo C; Sampaio-Neto, Raimundo

    2008-11-01

    A space-time adaptive decision feedback (DF) receiver using recurrent neural networks (RNNs) is proposed for joint equalization and interference suppression in direct-sequence code-division multiple-access (DS-CDMA) systems equipped with antenna arrays. The proposed receiver structure employs dynamically driven RNNs in the feedforward section for equalization and multiaccess interference (MAI) suppression and a finite impulse response (FIR) linear filter in the feedback section for performing interference cancellation. A data selective gradient algorithm, based upon the set-membership (SM) design framework, is proposed for the estimation of the coefficients of RNN structures and is applied to the estimation of the parameters of the proposed neural receiver structure. Simulation results show that the proposed techniques achieve significant performance gains over existing schemes.

  5. Co-operative Wireless Intrusion Detection System Using MIBs From SNMP

    Directory of Open Access Journals (Sweden)

    Ashvini Vyavhare

    2012-03-01

    Full Text Available In emerging technology of Internet, security issues are becoming more challenging. In case of wired LAN it is somewhat in control, but in case of wireless networks due to exponential growth in attacks, it has made difficult to detect such security loopholes. Wireless network security is being addressed using firewalls, encryption techniques and wired IDS (Intrusion Detection System methods. But the approaches which were used in wired network were not successful in producing effective results for wireless networks. It is so because of features of wireless network such as open medium, dynamic changing topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense etc. So, there is need for new approach which will efficiently detect intrusion in wireless network. Efficiency can be achieved by implementing distributive, co-operative based, multi-agent IDS. The proposed system supports all these three features. It includes mobile agents for intrusion detection which uses SNMP (Simple network Management Protocol and MIB (Management Information Base variables for mobile wireless networks

  6. Intrusion Detection System for Mobile Ad - Hoc Network Using Cluster-Based Approach

    Directory of Open Access Journals (Sweden)

    Nisha Dang

    2012-06-01

    Full Text Available Today Mobile Ad-hoc Networks have wide spread use in normal as well as mission critical applications. Mobile ad hoc networks are more likely to be attacked due to lack of infrastructure and no central management. To secure Manets many traditional security solutions like encryption are used but not find to be promising. Intrusion detection system is one of the technologies that provide some goodsecurity solutions. IDS provide monitoring and auditing capabilities to detect any abnormality in security of the system. IDS can be used with clustering algorithms to protect entire cluster from malicious code. Existing clustering algorithms have a drawback of consuming more power and they are associated with routes. The routeestablishment and route renewal affects the clusters and asa consequence, the processing and traffic overhead increases due to instability of clusters. The ad hoc networks are battery and power constraint, and therefore IDS cannot be run on all the nodes. A trusted monitoring node can be deployed to detect and respond against intrusions in time. The proposed simplified clustering scheme has been used to detect intrusions, resulting in high detection rates and low processing and memory overhead irrespective of the routes, connections, traffic types and mobility of nodes inthe network.

  7. Geophysical characterization of hydrothermal systems and intrusive bodies, El Chichón volcano (Mexico)

    Science.gov (United States)

    Jutzeler, Martin; Varley, Nick; Roach, Michael

    2011-04-01

    The 1982 explosive eruptions of El Chichón volcano (Chiapas, Mexico) destroyed the inner dome and created a 1-km-wide and 180-m-deep crater within the somma crater. A shallow hydrothermal system was exposed to the surface of the new crater floor and is characterized by an acid crater lake, a geyser-like Cl-rich spring (soap pool), and numerous fumarole fields. Multiple geophysical surveys were performed to define the internal structure of the volcanic edifice and its hydrothermal system. We carried out a high-resolution ground-based geomagnetic survey in the 1982 crater and its surroundings and 38 very low frequency (VLF) transects around the crater lake. A 3-D inversion of the ground-based magnetic data set highlighted three high-susceptibility isosurfaces, interpreted as highly magnetized bodies beneath the 1982 crater floor. Inversion of a digitized regional aeromagnetic map highlighted four major deeply rooted cryptodomes, corresponding to major topographic highs and massive lava dome outcrops outside and on the somma rim. The intracrater magnetic bodies correspond closely to the active hydrothermal vents and their modeled maximum basal depth matches the elevation of the springs on the flanks of the volcano. Position, dip, and vertical extent of active and extinct hydrothermal vents identified by VLF-EM surveys match the magnetic data set. We interpret the shallow lake spring hydrothermal system to be mostly associated with buried remnants of the 550 BP dome, but the Cl-rich soap pool may be connected to a small intrusion emplaced at shallow depth during the 1982 eruption.

  8. Isotopic data for Late Cretaceous intrusions and associated altered and mineralized rocks in the Big Belt Mountains, Montana

    Science.gov (United States)

    du Bray, Edward A.; Unruh, Daniel M.; Hofstra, Albert H.

    2017-03-07

    The quartz monzodiorite of Mount Edith and the concentrically zoned intrusive suite of Boulder Baldy constitute the principal Late Cretaceous igneous intrusions hosted by Mesoproterozoic sedimentary rocks of the Newland Formation in the Big Belt Mountains, Montana. These calc-alkaline plutonic masses are manifestations of subduction-related magmatism that prevailed along the western edge of North America during the Cretaceous. Radiogenic isotope data for neodymium, strontium, and lead indicate that the petrogenesis of the associated magmas involved a combination of (1) sources that were compositionally heterogeneous at the scale of the geographically restricted intrusive rocks in the Big Belt Mountains and (2) variable contamination by crustal assimilants also having diverse isotopic compositions. Altered and mineralized rocks temporally, spatially, and genetically related to these intrusions manifest at least two isotopically distinct mineralizing events, both of which involve major inputs from spatially associated Late Cretaceous igneous rocks. Alteration and mineralization of rock associated with the intrusive suite of Boulder Baldy requires a component characterized by significantly more radiogenic strontium than that characteristic of the associated igneous rocks. However, the source of such a component was not identified in the Big Belt Mountains. Similarly, altered and mineralized rocks associated with the quartz monzodiorite of Mount Edith include a component characterized by significantly more radiogenic strontium and lead, particularly as defined by 207Pb/204Pb values. The source of this component appears to be fluids that equilibrated with proximal Newland Formation rocks. Oxygen isotope data for rocks of the intrusive suite of Boulder Baldy are similar to those of subduction-related magmatism that include mantle-derived components; oxygen isotope data for altered and mineralized equivalents are slightly lighter.

  9. Sm-Nd and Rb-Sr isotopic data on the sanukitoid intrusions of the Karelia, Baltic Shield

    Science.gov (United States)

    Kovalenko, A. V.; Savatenkov, V. M.

    2003-04-01

    Sanukitoid intrusions from the Baltic Shield form post-tectonic differentiated intrusions 2.74-2.72 Ga old (Chekulaev, 1999, Lobach-Zhuchenko et al., 2000). They are represented by alkaline and calc-alkaline types which have high mg# (up to 0.6), strong LREE enrichment (Ce(N)=80-150, Yb(N)=4-7, Ce(N)/Yb(N)>20), high Sr, Ba (>1000 ppm), P2O5 (up to 1.5%) and Cr, Ni concentrations. Some intrusions contain rocks varying from ultramafite to quartz syenite. All sanukitoids are intruded by lamprophyre dykes having similar geochemical signatures. In this study we focus on the Karelian greenstone terrain within the Baltic Shield, in which sanukitoids are restricted to the younger western and central domains (2.7-2.9 Ga). Sanukitoids appear to be absent from the older Vodlozero domain (>3.0 Ga) in eastern Karelia (Lobach-Zhuchenko et al., 2000, Lobach-Zhuchenko et al., in press). About 70 Sm-Nd isotopic data on the sanukitoids of the Karelia were obtained. There is the regional distinction of the isotope composition of the rocks between the Central and West Karelian domains. The initial Epsilon Nd values and TDM range from +1.1 to +2.0 and 2.70-2.85 Ga accordingly in the youngest Central Karelian domain. The West Karelian intrusions yield an initial Epsilon Nd of -0.3- +0.7 and give the older TDM of about 2.82-2.92 Ga. It is to be noted that some intrusions of the Central Karelia domain, occurred closely to the ancient Vodlozero domain, also exhibit a similar range of initial Epsilon Nd and TDM to the intrusions of the West Karelia. There are narrow Nd isotopic compositional ranges within the individual intrusions. Rb-Sr isotopic system was studied in sanukitoids and lamprophyres of differentiated Panozero intrusion, Central Karelia. The initial 87Sr/86Sr isotope ratios range from 0.7000 to 0.7021 in these rocks indicating the derivation of these magmas from depleted mantle. Very low initial 87Sr/86Sr isotope ratios of the sanukitoids confirm the Nd isotopic characteristics

  10. Adapting bioinformatics curricula for big data.

    Science.gov (United States)

    Greene, Anna C; Giffin, Kristine A; Greene, Casey S; Moore, Jason H

    2016-01-01

    Modern technologies are capable of generating enormous amounts of data that measure complex biological systems. Computational biologists and bioinformatics scientists are increasingly being asked to use these data to reveal key systems-level properties. We review the extent to which curricula are changing in the era of big data. We identify key competencies that scientists dealing with big data are expected to possess across fields, and we use this information to propose courses to meet these growing needs. While bioinformatics programs have traditionally trained students in data-intensive science, we identify areas of particular biological, computational and statistical emphasis important for this era that can be incorporated into existing curricula. For each area, we propose a course structured around these topics, which can be adapted in whole or in parts into existing curricula. In summary, specific challenges associated with big data provide an important opportunity to update existing curricula, but we do not foresee a wholesale redesign of bioinformatics training programs.

  11. Application of a Hidden Bayes Naive Multiclass Classifier in Network Intrusion Detection

    Science.gov (United States)

    Koc, Levent

    2013-01-01

    With increasing Internet connectivity and traffic volume, recent intrusion incidents have reemphasized the importance of network intrusion detection systems for combating increasingly sophisticated network attacks. Techniques such as pattern recognition and the data mining of network events are often used by intrusion detection systems to classify…

  12. A Novel Immune System Model and Its Application to Network Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    Ling Jun; Cao Yang; Yin Jian-hua; Huang Tian-xi

    2003-01-01

    Based on analyzing the techniques and architec-ture of existing network Intrusion Detection System (IDS),and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS,which is helpful to design an effective IDS. Besides, this pa-per suggests a scheme to represent the self profile of network.And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model.

  13. A Novel Immune System Model and Its Application to Network Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    LingJun; CaoYang; YinJian-hua; HuangTian-xi

    2003-01-01

    Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS),and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS,which is helpful to design an effective IDS. Besides, this paper suggests a scheme to represent the self profile of network.And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model.

  14. Design of Intrusion Detection System Based on Improved K-means Algorithm%基于改进K均值算法的入侵检测系统设计

    Institute of Scientific and Technical Information of China (English)

    刘华春; 候向宁; 杨忠

    2016-01-01

    Traditional intrusion detection system is matched to the rule base and network packet one by one. When the network is the huge increase in the amount of data,detection efficiency significantly reduces,even in the face of enormous challenges not immediately detec-ted. Data mining is a technology finds a variety of valuable information from the mass of data,data mining technology into the intrusion detection system will greatly improve efficiency and intelligence of this IDS. Focus on researching the K -means clustering algorithm in data mining for application to intrusion detection system. The K -means algorithm has some shortcomings,such as to be affected by the in-itial K value and outlier,difficulty of determining K value,highly depending on the initial center point. To overcome these disadvantages, an improved K -means clustering algorithm is proposed. And an intrusion detection system based on this is designed. The results show that the improved clustering algorithm is applied to intrusion detection,it can significantly improve the abnormality detection efficiency,and a-daptively establish the abnormal pattern database of intrusion detection,and effectively prevent the unknown intrusion and greatly reduce the false detection rate.%传统的入侵检测系统是将规则库与网络数据包逐一匹配,进行检测,当网络数据量巨增时,检测效率显著降低,甚至面临不能即时检测的巨大挑战。数据挖掘是从海量的数据中挖掘发现需要的各种有价值信息的技术,入侵检测系统中植入数据挖掘技术,将极大提高入侵检测系统的检测效率和智能性。研究了数据挖掘中 K - means 聚类算法应用于入侵检测领域中的难点问题。 K - means 算法具有易受初始 K 值和孤立点影响,难以确定 K 值,对初始质心依赖程度高等不足问题。针对上述缺点,提出了改进的 K - means 聚类算法。设计了基于改进 K - means 的入侵检测系统并

  15. Grey-theory based intrusion detection model

    Institute of Scientific and Technical Information of China (English)

    Qin Boping; Zhou Xianwei; Yang Jun; Song Cunyi

    2006-01-01

    To solve the problem that current intrusion detection model needs large-scale data in formulating the model in real-time use, an intrusion detection system model based on grey theory (GTIDS) is presented. Grey theory has merits of fewer requirements on original data scale, less limitation of the distribution pattern and simpler algorithm in modeling.With these merits GTIDS constructs model according to partial time sequence for rapid detect on intrusive act in secure system. In this detection model rate of false drop and false retrieval are effectively reduced through twice modeling and repeated detect on target data. Furthermore, GTIDS framework and specific process of modeling algorithm are presented. The affectivity of GTIDS is proved through emulated experiments comparing snort and next-generation intrusion detection expert system (NIDES) in SRI international.

  16. Three-dimensional hydrostratigraphical modelling to support evaluation of recharge and saltwater intrusion in a coastal groundwater system in Vietnam

    Science.gov (United States)

    Tam, Vu Thanh; Batelaan, Okke; Le, Tran Thanh; Nhan, Pham Quy

    2014-12-01

    Saltwater intrusion is generally related to seawater-level rise or induced intrusion due to excessive groundwater extraction in coastal aquifers. However, the hydrogeological heterogeneity of the subsurface plays an important role in (non-)intrusion as well. Local hydrogeological conditions for recharge and saltwater intrusion are studied in a coastal groundwater system in Vietnam where geological formations exhibit highly heterogeneous lithologies. A three-dimensional (3D) hydrostratigraphical solid model of the study area is constructed by way of a recursive classification procedure. The procedure includes a cluster analysis which uses as parameters geological formation, lithological composition, distribution depth and thickness of each lithologically distinctive drilling interval of 47 boreholes, to distinguish and map well-log intervals of similar lithological properties in different geological formations. A 3D hydrostratigraphical fence diagram is then generated from the constructed solid model and is used as a tool to evaluate recharge paths and saltwater intrusion to the groundwater system. Groundwater level and chemistry, and geophysical direct current (DC) resistivity measurements, are used to support the hydrostratigraphical model. Results of this research contribute to the explanation of why the aquifer system of the study area is almost uninfluenced by saltwater intrusion, which is otherwise relatively common in coastal aquifers of Vietnam.

  17. Multi-kernel intrusion detection system based on KPCA and BP neural network%一种基于KPCA和BP神经网络的多核入侵检测分类系统的研究

    Institute of Scientific and Technical Information of China (English)

    刘继清; 徐明

    2011-01-01

    In view of the weakness of current intrusion detection system, a new intrusion detection system model based on the combination of KPCA technology and BP Neural Network is put forward. Against the high dimensions problem of complicated network data, KPCA technology as a method of characteristics extraction is used to decrease the dimensions and simplifie the size of neutral network and reduces the operations work. A large a-mount of experiments with KDD99 dataset have been conducted and the results show that the new system is with higher adaptable ability and higher speed detection rate in nowadays complicated network circumstances than the intrusion detection system only uses BP neural network.%针对当前入侵检测系统的弱点,将KPCA技术和BP神经网络相结合,提出了一种多核入侵检测分类系统的设想.该系统针对一些复杂网络数据维数较高的特点,引入核主成分分析技术对其进行降维处理,从而简化了神经网络规模,降低了神经网络的运算量.通过对KDD99数据集进行仿真实验表明,与仅使用BP神经网络的入侵检测系统相比,该系统具有很强的泛化能力和较高的检测效率.

  18. An Intrusion Alarming System Based on Self- Similarity of Network Traffic

    Institute of Scientific and Technical Information of China (English)

    YU Fei; ZHU Miao-liang; CHEN Yu-feng; LI Ren-fa; XU Cheng

    2005-01-01

    Intrusion detection system can make effective alarm for illegality of network users, which is absolutely necessarily and important to build security environment of communication base service. According to the principle that the number of network traffic can affect the degree of self-similar traffic, the paper investigates the variety of self-similarity resulted from unconventional network traffic. A network traffic model based on normal behaviors of user is proposed and the Hurst parameter of this model can be calculated. By comparing the Hurst parameter of normal traffic and the self-similar parameter, we can judge whether the network is normal or not and alarm in time.

  19. Classification Model with High Deviation for Intrusion Detection on System Call Traces

    Institute of Scientific and Technical Information of China (English)

    2005-01-01

    A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks.

  20. 入侵防护系统IPS探讨%Research of the Intrusion Prevention System

    Institute of Scientific and Technical Information of China (English)

    黄金莲; 高会生

    2005-01-01

    入侵防护系统IPS(Intrusion Prevention System)作为一门新兴的安全技术,日益受到人们的关注.基于入侵检测系统的不足,本文详细介绍了入侵防护系统的分类和原理,讨论了它的技术特点、检测机制以及目前存在的问题.最后总结了IPS的发展前景.

  1. An Useful Communication Mechanism for Distributed Agents-Based Intrusion Detection System

    Institute of Scientific and Technical Information of China (English)

    DU Ye

    2006-01-01

    The communication mechanism plays an important role in an intrusion detection system, while it has not been paid enough attention. Based on analyzing the actual facts and expatiating upon the requirements a communication mechanism needs to meet, a message driven communication mechanism is proposed in this paper. The protocol presented here is divided into three layers: entity level, host level, and network level. The communication processes are also designed in detail. Experiments illustrate that cooperative entities can detect distributed sophisticated attacks accurately. Furthermore, this mechanism has the advantages like high reliability, low time delay and expenses.

  2. A Proposal of Protocol and Policy-Based Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Tatsuya Baba

    2004-06-01

    Full Text Available Currently, intrusion detection systems (IDSs are widely deployed in enterprise networks for detecting network attacks. Most existing commercial IDSs are based on misuse detection model. In misuse detection, although known attacks can be detected, unknown ones cannot be detected because attack signatures for unknown attacks cannot be generated. In this paper, we propose a method for detecting network attacks including unknown ones against servers such as web servers, mail servers, FTP servers, and DNS servers, using protocol specifications and site access policy. Furthermore, we propose a method to predict damage from detected attacks using neural networks.

  3. Effects of saltwater intrusion on pinewood vegetation using satellite ASTER data: the case study of Ravenna (Italy).

    Science.gov (United States)

    Barbarella, M; De Giglio, M; Greggio, N

    2015-04-01

    The San Vitale pinewood (Ravenna, Italy) is part of the remaining wooded areas within the southeastern Po Valley. Several studies demonstrated a widespread saltwater intrusion in the phreatic aquifer caused by natural and human factors in this area as the whole complex coastal system. Groundwater salinization affects soils and vegetation, which takes up water from the shallow aquifer. Changes in groundwater salinity induce variations of the leaf properties and vegetation cover, recognizable by satellite sensors as a response to different spectral bands. A procedure to identify stressed areas from satellite remote sensing data, reducing the expensive and time-consuming ground monitoring campaign, was developed. Multispectral Advanced Spaceborne Thermal Emission and Reflection Radiometer (ASTER) data, acquired between May 2005 and August 2005, were used to calculate Normalized Difference Vegetation Index (NDVI). Within the same vegetation type (thermophilic deciduous forest), the areas with the higher vegetation index were taken as reference to identify the most stressed areas using a statistical approach. To confirm the findings, a comparison was conducted using contemporary groundwater salinity data. The results were coherent in the areas with highest and lowest average NDVI values. Instead, to better understand the behavior of the intermediate areas, other parameters influencing vegetation (meteorological data, water table depth, and tree density) were added for the interpretation of the results.

  4. A WSN-Based Intrusion Alarm System to Improve Safety in Road Work Zones

    Directory of Open Access Journals (Sweden)

    Jose Martin

    2016-01-01

    Full Text Available Road traffic accidents are one of the main causes of death and disability worldwide. Workers responsible for maintaining and repairing roadways are especially prone to suffer these events, given their exceptional exposure to traffic. Since these actuations usually coexist with regular traffic, an errant driver can easily intrude the work area and provoke a collision. Some authors have proposed mechanisms aimed at detecting breaches in the work zone perimeter and alerting workers, which are collectively called intrusion alarm systems. However, they have several limitations and have not yet fulfilled the necessities of these scenarios. In this paper, we propose a new intrusion alarm system based on a Wireless Sensor Network (WSN. Our system is comprised of two main elements: vehicle detectors that form a virtual barrier and detect perimeter breaches by means of an ultrasonic beam and individual warning devices that transmit alerts to the workers. All these elements have a wireless communication interface and form a network that covers the whole work area. This network is in charge of transmitting and routing the alarms and coordinates the behavior of the system. We have tested our solution under real conditions with satisfactory results.

  5. A Novel Method for Intrusion Detection System to Enhance Security in Ad hoc Network

    CERN Document Server

    Bathla, Himani

    2010-01-01

    The notion of an ad hoc network is a new paradigm that allows mobile hosts (nodes) to communicate without relying on a predefined infrastructure to keep the network connected. Most nodes are assumed to be mobile and communication is assumed to be wireless. The mobility of nodes in an ad-hoc network means that both the population and the topology of the network are highly dynamic. It is very difficult to design a once-for-all intrusion detection system. A secure protocol should atleast include mechanisms against known attack types. In addition, it should provide a scheme to easily add new security features in the future. The paper includes the detailed description of Proposed Intrusion Detection System based on Local Reputation Scheme. The proposed System also includes concept of Redemption and Fading these are mechanism that allow nodes previously considered malicious to become a part of the network again. The simulation of the proposed system is to be done using NS-2 simulator.

  6. Adaptive protection algorithm and system

    Science.gov (United States)

    Hedrick, Paul [Pittsburgh, PA; Toms, Helen L [Irwin, PA; Miller, Roger M [Mars, PA

    2009-04-28

    An adaptive protection algorithm and system for protecting electrical distribution systems traces the flow of power through a distribution system, assigns a value (or rank) to each circuit breaker in the system and then determines the appropriate trip set points based on the assigned rank.

  7. WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Iman Almomani

    2016-01-01

    Full Text Available Wireless Sensor Networks (WSN have become increasingly one of the hottest research areas in computer science due to their wide range of applications including critical military and civilian applications. Such applications have created various security threats, especially in unattended environments. To ensure the security and dependability of WSN services, an Intrusion Detection System (IDS should be in place. This IDS has to be compatible with the characteristics of WSNs and capable of detecting the largest possible number of security threats. In this paper a specialized dataset for WSN is developed to help better detect and classify four types of Denial of Service (DoS attacks: Blackhole, Grayhole, Flooding, and Scheduling attacks. This paper considers the use of LEACH protocol which is one of the most popular hierarchical routing protocols in WSNs. A scheme has been defined to collect data from Network Simulator 2 (NS-2 and then processed to produce 23 features. The collected dataset is called WSN-DS. Artificial Neural Network (ANN has been trained on the dataset to detect and classify different DoS attacks. The results show that WSN-DS improved the ability of IDS to achieve higher classification accuracy rate. WEKA toolbox was used with holdout and 10-Fold Cross Validation methods. The best results were achieved with 10-Fold Cross Validation with one hidden layer. The classification accuracies of attacks were 92.8%, 99.4%, 92.2%, 75.6%, and 99.8% for Blackhole, Flooding, Scheduling, and Grayhole attacks, in addition to the normal case (without attacks, respectively.

  8. Confidentiality Protection of User Data and Adaptive Resource Allocation for Managing Multiple Workflow Performance in Service-Based Systems

    Science.gov (United States)

    An, Ho

    2012-01-01

    In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in…

  9. Confidentiality Protection of User Data and Adaptive Resource Allocation for Managing Multiple Workflow Performance in Service-Based Systems

    Science.gov (United States)

    An, Ho

    2012-01-01

    In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in…

  10. Adaptive web data extraction policies

    Directory of Open Access Journals (Sweden)

    Provetti, Alessandro

    2008-12-01

    Full Text Available Web data extraction is concerned, among other things, with routine data accessing and downloading from continuously-updated dynamic Web pages. There is a relevant trade-off between the rate at which the external Web sites are accessed and the computational burden on the accessing client. We address the problem by proposing a predictive model, typical of the Operating Systems literature, of the rate-of-update of each Web source. The presented model has been implemented into a new version of the Dynamo project: a middleware that assists in generating informative RSS feeds out of traditional HTML Web sites. To be effective, i.e., make RSS feeds be timely and informative and to be scalable, Dynamo needs a careful tuning and customization of its polling policies, which are described in detail.

  11. A Secure & Hybrid Authentication Protocol of Intrusion Detection System for MANET

    Directory of Open Access Journals (Sweden)

    M.CHARLES AROCKIARAJ

    2015-06-01

    Full Text Available In MANET, security is the toughest and very challenging area, because nodes are without any predefined framework. This is due to the high mobility of outstanding vulnerabilities and attacks of the malicious nodes in the intrusion detection system of Mobile Ad Hoc Networks (MANET. A secure & hybrid protocol design has been proposed, in order to improve the detection efficiency and also to improvise the performance of Intrusion Detection Systems for MANET. Based on the hybrid techniques with the aid of key management authentication and combining with a fuzzy based decision model for detecting the misbehaving attacks. Identifying group of physical attacker and finding its probabilities and its side effects are evaluated. To discover the misbehaving attackers and predicting it effects by using Fuzzy based model. In the proposed hybrid authentication protocol for malicious node detection system and for avoiding problems related to missing packet, delay in the nodes and false misbehavior reports. Secure hybrid authentication protocol is used to detect various attacks in MANETs by incorporating hybrid techniques such as fuzzy schemes and key organization method. Hence the different ratio of all the parameter were experimented and analyzed, in terms of the attack prediction rate, attack precision, packet drop ratio and end to end delivery ratio. The schemes were compared with the existing mechanisms and results show that proposed hybrid authentication has superior improvement in the performance.

  12. An Intrusion Detection System for the Protection of Railway Assets Using Fiber Bragg Grating Sensors

    Directory of Open Access Journals (Sweden)

    Angelo Catalano

    2014-09-01

    Full Text Available We demonstrate the ability of Fiber Bragg Gratings (FBGs sensors to protect large areas from unauthorized activities in railway scenarios such as stations or tunnels. We report on the technological strategy adopted to protect a specific depot, representative of a common scenario for security applications in the railway environment. One of the concerns in the protection of a railway area centers on the presence of rail-tracks, which cannot be obstructed with physical barriers. We propose an integrated optical fiber system composed of FBG strain sensors that can detect human intrusion for protection of the perimeter combined with FBG accelerometer sensors for protection of rail-track access. Several trials were carried out in indoor and outdoor environments. The results demonstrate that FBG strain sensors bonded under a ribbed rubber mat enable the detection of intruder break-in via the pressure induced on the mat, whereas the FBG accelerometers installed under the rails enable the detection of intruders walking close to the railroad tracks via the acoustic surface waves generated by footsteps. Based on a single enabling technology, this integrated system represents a valuable intrusion detection system for railway security and could be integrated with other sensing functionalities in the railway field using fiber optic technology.

  13. An intrusion detection system for the protection of railway assets using Fiber Bragg Grating sensors.

    Science.gov (United States)

    Catalano, Angelo; Bruno, Francesco Antonio; Pisco, Marco; Cutolo, Antonello; Cusano, Andrea

    2014-09-29

    We demonstrate the ability of Fiber Bragg Gratings (FBGs) sensors to protect large areas from unauthorized activities in railway scenarios such as stations or tunnels. We report on the technological strategy adopted to protect a specific depot, representative of a common scenario for security applications in the railway environment. One of the concerns in the protection of a railway area centers on the presence of rail-tracks, which cannot be obstructed with physical barriers. We propose an integrated optical fiber system composed of FBG strain sensors that can detect human intrusion for protection of the perimeter combined with FBG accelerometer sensors for protection of rail-track access. Several trials were carried out in indoor and outdoor environments. The results demonstrate that FBG strain sensors bonded under a ribbed rubber mat enable the detection of intruder break-in via the pressure induced on the mat, whereas the FBG accelerometers installed under the rails enable the detection of intruders walking close to the railroad tracks via the acoustic surface waves generated by footsteps. Based on a single enabling technology, this integrated system represents a valuable intrusion detection system for railway security and could be integrated with other sensing functionalities in the railway field using fiber optic technology.

  14. MULTI SCALE TIME SERIES PREDICTION FOR INTRUSION DETECTION

    OpenAIRE

    G. Palanivel; K. Duraiswamy

    2014-01-01

    We propose an anomaly-based network intrusion detection system, which analyzes traffic features to detect anomalies. The proposed system can be used both in online as well as off-line mode for detecting deviations from the expected behavior. Although our approach uses network packet or flow data, it is general enough to be adaptable for use with any other network variable, which may be used as a signal for anomaly detection. It differs from most existing approaches in its use of wavelet trans...

  15. Non-intrusive appliance load monitoring system based on a modern kWh-meter

    Energy Technology Data Exchange (ETDEWEB)

    Pihala, H. [VTT Energy, Espoo (Finland). Energy Systems

    1998-12-01

    Non-intrusive appliance load monitoring (NIALM) is a fairly new method to estimate load profiles of individual electric appliances in a small building, like a household, by monitoring the whole load at a single point with one recording device without sub-meters. Appliances have special electrical characteristics, the positive and negative active and reactive power changes during the time they are switched on or off. These changes are called events and are detected with a monitoring device called an event recorder. Different NIALM-concepts developed in Europe and in the United States are generally discussed. The NIALM-concept developed in this study is based on a 3-phase, power quality monitoring kWh-meter and unique load identification algorithms. This modern kWh-meter with a serial data bus to a laptop personal computer is used as die event recorder. The NIALM-concept of this presentation shows for the first time how a kWh-meter can be used at the same time for billing, power quality and appliance end-use monitoring. An essential part of the developed NIALM-system prototype is the software of load identification algorithms which runs in an off-line personal computer. These algorithms are able to identify, with a certain accuracy, both two-state and multi-state appliances. This prototype requires manual-setup in which the naming of appliances is performed. The results of the prototype NIALMS were verified in a large, single family detached house and they were compared to the results of other prototypes in France and the United States, although this comparison is difficult because of different supply systems, appliance stock and number of tested sites. Different applications of NIALM are discussed. Gathering of load research data, verification of DSM-programs, home automation, failure analysis of appliances and security surveillance of buildings are interesting areas of NIALM. Both utilities and customers can benefit from these applications. It is possible to

  16. Web Prior Architecture to Avoid Threats and Enhance Intrusion Response System

    Directory of Open Access Journals (Sweden)

    K.S. Ravichandran

    2012-09-01

    Full Text Available Web is hierarchically composed of entities such as domains, Web sites and documents distributed over Web sites and linked together by hyperlinks. The response component of the intrusion detection system issues the response to the jarring requests. In this paper, the intension is to allow the legitimate user to access the target website and perform the selective operations on the database to avoid threats and protect the database from unauthorized users. The designed Web Prior Architecture (WPA permits the legal client to obtain the privilege license by clicking on an authority link provided by the referrer. Using this license, the client can get the liberty to perform the operations on the target website. In that website, database can be accessed by the client with the selective permissions. These can be performed by the two methods, namely strategy toning and strategy management. By this way, the database is accessed in a highly securable manner. The massive scale of this study specifies the method to avoid the threats from the unauthorized users and augment the intrusion response system. This will protect the target website and its database from the unconstitutional users. Our pragmatic study demonstrates that Web Prior Architecture enables the legitimate user to connect to the target website and perform selective database operations.

  17. A Survey of Recent Intrusion Detection Systems for Wireless Sensor Network

    CERN Document Server

    Bhattasali, Tapalina

    2012-01-01

    Security of Wireless sensor network (WSN) becomes a very important issue with the rapid development of WSN that is vulnerable to a wide range of attacks due to deployment in the hostile environment and having limited resources. Intrusion detection system is one of the major and efficient defensive methods against attacks in WSN. A particularly devastating attack is the sleep deprivation attack, where a malicious node forces legitimate nodes to waste their energy by resisting the sensor nodes from going into low power sleep mode. The goal of this attack is to maximize the power consumption of the target node, thereby decreasing its battery life. Existing works on sleep deprivation attack have mainly focused on mitigation using MAC based protocols, such as S-MAC, T-MAC, B-MAC, etc. In this article, a brief review of some of the recent intrusion detection systems in wireless sensor network environment is presented. Finally, we propose a framework of cluster based layered countermeasure that can efficiently mitig...

  18. Sensitivity analysis on chaotic dynamical system by Non-Intrusive Least Square Shadowing (NILSS)

    CERN Document Server

    Ni, Angxiu

    2016-01-01

    This paper develops the tangent Non-Intrusive Least Square Shadowing (NILSS) method, which computes sensitivity for chaotic dynamical systems. In NILSS, a tangent solution is represented as a linear combination of a inhomogeneous tangent solution and some homogeneous tangent solutions. Then we solve a least square problem under this new representation. As a result, this new variant is easier to implement with existing solvers. For chaotic systems with large degrees of freedom but low dimensional attractors, NILSS has low computation cost. NILSS is applied to two chaotic PDE systems: the Lorenz 63 system, and a CFD simulation of a backward-facing step. The results show that NILSS computes the correct derivative with a lower cost than the conventional Least Square Shadowing method and the conventional finite difference method.

  19. A Semi-distributed Reputation Based Intrusion Detection System for Mobile Adhoc Networks

    CERN Document Server

    Trivedi, Animesh Kr; Kapoor, Rishi; Sanyal, Sudip; Sanyal, Sugata

    2010-01-01

    A Mobile Adhoc Network (MANET) is a cooperative engagement of a collection of mobile nodes without any centralized access point or infrastructure to coordinate among the peers. The underlying concept of coordination among nodes in a cooperative MANET has induced in them a vulnerability to attacks due to issues like lack of fixed infrastructure, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. We propose a semi-distributed approach towards Reputation Based Intrusion Detection System (IDS) that combines with the DSR routing protocol for strengthening the defense of a MANET. Our system inherits the features of reputation from human behavior, hence making the IDS socially inspired. It has a semi-distributed architecture as the critical observation results of the system are neither spread globally nor restricted locally. The system assigns maximum weightage to self observation by nodes for updating any reputatio...

  20. Research on regional intrusion prevention and control system based on target tracking

    Science.gov (United States)

    Liu, Yanfei; Wang, Jieling; Jiang, Ke; He, Yanhui; Wu, Zhilin

    2017-08-01

    In view of the fact that China’s border is very long and the border prevention and control measures are single, we designed a regional intrusion prevention and control system which based on target-tracking. The system consists of four parts: solar panel, radar, electro-optical equipment, unmanned aerial vehicle and intelligent tracking platform. The solar panel provides independent power for the entire system. The radar detects the target in real time and realizes the high precision positioning of suspicious targets, then through the linkage of electro-optical equipment, it can achieve full-time automatic precise tracking of targets. When the target appears within the range of detection, the drone will be launched to continue the tracking. The system is mainly to realize the full time, full coverage, whole process integration and active realtime control of the border area.

  1. Query Adaptive Image Retrieval System

    Directory of Open Access Journals (Sweden)

    Amruta Dubewar

    2014-03-01

    Full Text Available Images play a crucial role in various fields such as art gallery, medical, journalism and entertainment. Increasing use of image acquisition and data storage technologies have enabled the creation of large database. So, it is necessary to develop appropriate information management system to efficiently manage these collections and needed a system to retrieve required images from these collections. This paper proposed query adaptive image retrieval system (QAIRS to retrieve images similar to the query image specified by user from database. The goal of this system is to support image retrieval based on content properties such as colour and texture, usually encoded into feature vectors. In this system, colour feature extracted by various techniques such as colour moment, colour histogram and autocorrelogram and texture feature extracted by using gabor wavelet. Hashing technique is used to embed high dimensional image features into hamming space, where search can be performed by hamming distance of compact hash codes. Depending upon minimum hamming distance it returns the similar image to query image.

  2. 基于轻负载代理的协同分布式入侵检测系统%Lightweight Agent for Collaborative Distribution Intrusion Detection System

    Institute of Scientific and Technical Information of China (English)

    张琨; 刘凤玉

    2003-01-01

    The LAFCDIDS (Lightweight Agent for Collaborative Distnbution Intrusion Detection System) presented in this paper is a distributed intrusion detection system with the ability of collaborative detection in real time. The hierarchy architecture of agents and the ability of collaborative detection in real time are evident characteristics of the LAFCDIDS. Lightweight agent and agent sensitivity are LAFCDIDS's new concepts, which can reduce the overload of protected system, shorten the period of intrusion detection, and are suitable for monitoring the distributed collaborating attacks.

  3. Cyber-intrusion Auto-response and Policy Management System (CAPMS)

    Energy Technology Data Exchange (ETDEWEB)

    Lusk, Steve [ViaSat Inc., Boston, MA (United States); Lawrence, David [Duke Energy, Charlotte, NC (United States); Suvana, Prakash [Southern California Edison, Rosemead, CA (United States)

    2015-11-11

    The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and value of the system for the future.

  4. Cyber-intrusion Auto-response and Policy Management System (CAPMS)

    Energy Technology Data Exchange (ETDEWEB)

    Energy, Duke; Sat, Via; Edison, Southern California

    2015-09-30

    The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and value of the system for the future.

  5. An Ontology for Identifying Cyber Intrusion Induced Faults in Process Control Systems

    Science.gov (United States)

    Hieb, Jeffrey; Graham, James; Guan, Jian

    This paper presents an ontological framework that permits formal representations of process control systems, including elements of the process being controlled and the control system itself. A fault diagnosis algorithm based on the ontological model is also presented. The algorithm can identify traditional process elements as well as control system elements (e.g., IP network and SCADA protocol) as fault sources. When these elements are identified as a likely fault source, the possibility exists that the process fault is induced by a cyber intrusion. A laboratory-scale distillation column is used to illustrate the model and the algorithm. Coupled with a well-defined statistical process model, this fault diagnosis approach provides cyber security enhanced fault diagnosis information to plant operators and can help identify that a cyber attack is underway before a major process failure is experienced.

  6. Monitoring and Assessment of Saltwater Intrusion using Geographic Information Systems (GIS), Remote Sensing and Geophysical measurements of Guimaras Island, Philippines

    Science.gov (United States)

    Hernandez, B. C. B.

    2015-12-01

    Degrading groundwater quality due to saltwater intrusion is one of the key challenges affecting many island aquifers. These islands hold limited capacity for groundwater storage and highly dependent on recharge due to precipitation. But its ease of use, natural storage and accessibility make it more vulnerable to exploitation and more susceptible to encroachment from its surrounding oceanic waters. Estimating the extent of saltwater intrusion and the state of groundwater resources are important in predicting and managing water supply options for the community. In Guimaras island, central Philippines, increasing settlements, agriculture and tourism are causing stresses on its groundwater resource. Indications of saltwater intrusion have already been found at various coastal areas in the island. A Geographic Information Systems (GIS)-based approach using the GALDIT index was carried out. This includes six parameters assessing the seawater intrusion vulnerability of each hydrogeologic setting: Groundwater occurrence, Aquifer hydraulic conductivity, Groundwater Level above sea, Distance to shore, Impact of existing intrusion and Thickness of Aquifer. To further determine the extent of intrusion, Landsat images of various thematic layers were stacked and processed for unsupervised classification and electrical resistivity tomography using a 28-electrode system with array lengths of 150 and 300 meters was conducted. The GIS index showed where the vulnerable areas are located, while the geophysical measurements and images revealed extent of seawater encroachment along the monitoring wells. These results are further confirmed by the measurements collected from the monitoring wells. This study presents baseline information on the state of groundwater resources and increase understanding of saltwater intrusion dynamics in island ecosystems by providing a guideline for better water resource management in the Philippines.

  7. Mobile Agent Based Hierarchical Intrusion Detection System in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Surraya Khanum

    2012-01-01

    Full Text Available Security mechanism is a fundamental requirement of wireless networks in general and Wireless Sensor Networks (WSN in particular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. WSN needs strong security mechanism as it is usually deployed in a critical, hostile and sensitive environment where human labour is usually not involved. However, due to inbuilt resource and computing restriction, security in WSN needs a special consideration. Traditional security techniques such as encryption, VPN, authentication and firewalls cannot be directly applied to WSN as it provides defence only against external threats. The existing literature shows that there seems an inverse relationship between strong security mechanism and efficient network resource utilization. In this research article, we have proposed a Mobile Agent Based Hierarchical Intrusion Detection System (MABHIDS for WSN. The Proposed scheme performs two levels of intrusion detection by utilizing minimum possible network resources. Our proposed idea enhance network lifetime by reducing the work load on Cluster Head (CH and it also provide enhanced level of security in WSN.

  8. Using Conventional Monitoring Wells to Collect Data Necessary to Understand Petroleum Vapor Intrusion (PVI)

    Science.gov (United States)

    Recent work has clearly established that the possibility for vapor intrusion of petroleum hydrocarbons is greatly reduced by aerobic biodegradation of the hydrocarbons in unsaturated soil. The rate and extent of aerobic biodegradation of benzene (or any other fuel hydrocarbon) in...

  9. Using Conventional Monitoring Wells to Collect Data Necessary to Understand Petroleum Vapor Intrusion (PVI)

    Science.gov (United States)

    Recent work has clearly established that the possibility for vapor intrusion of petroleum hydrocarbons is greatly reduced by aerobic biodegradation of the hydrocarbons in unsaturated soil. The rate and extent of aerobic biodegradation of benzene (or any other fuel hydrocarbon) in...

  10. A Survey to Scalable Distributed Intrusion Detection Methods%规模分布式网络入侵检测方法研究

    Institute of Scientific and Technical Information of China (English)

    闫映松; 王志坚; 周晓峰

    2003-01-01

    With the rapid development of Internet,network security becomes more serious problem. Traditional technology can not meet the demand of scalable distributed network security ,and distributed intrusion detection architecture can solve the problems. However ,present intrusion detection systems still have many problems such as accuracy,reliability and adaptability. This paper discusses the present situation of intrusion detection and analyzes the problems that distributed intrusion detection exists and propose some technology and researches in point.

  11. Adaptive ophthalmologic system

    Science.gov (United States)

    Olivier, Scot S.; Thompson, Charles A.; Bauman, Brian J.; Jones, Steve M.; Gavel, Don T.; Awwal, Abdul A.; Eisenbies, Stephen K.; Haney, Steven J.

    2007-03-27

    A system for improving vision that can diagnose monochromatic aberrations within a subject's eyes, apply the wavefront correction, and then enable the patient to view the results of the correction. The system utilizes a laser for producing a beam of light; a corrector; a wavefront sensor; a testing unit; an optic device for directing the beam of light to the corrector, to the retina, from the retina to the wavefront sensor, and to the testing unit; and a computer operatively connected to the wavefront sensor and the corrector.

  12. Web interactive non intrusive load disaggregation system for active demand in smart grids

    Directory of Open Access Journals (Sweden)

    G.M. Tina

    2014-12-01

    Full Text Available A Smart Grid combines the use of traditional technology with innovative digital solutions, making the management of the electricity grid more flexible. It allows for monitoring, analysis, control and communication within the supply chain to improve efficiency, reduce the energy consumption and cost, and maximize the transparency and reliability of the energy supply chain. The optimization of energy consumption in Smart Grids is possible by using an innovative system based on Non Intrusive Appliance Load Monitoring (NIALM algorithms, in which individual appliance power consumption information is disaggregated from single-point measurements, that provide a feedback in such a way to make energy more visible and more amenable to understanding and control. We contribute with an approach for monitoring consumption of electric power in households based on both a NILM algorithm, that uses a simple load signatures, and a web interactive systems that allows an active role played by users.

  13. Non-intrusive gesture recognition system combining with face detection based on Hidden Markov Model

    Science.gov (United States)

    Jin, Jing; Wang, Yuanqing; Xu, Liujing; Cao, Liqun; Han, Lei; Zhou, Biye; Li, Minggao

    2014-11-01

    A non-intrusive gesture recognition human-machine interaction system is proposed in this paper. In order to solve the hand positioning problem which is a difficulty in current algorithms, face detection is used for the pre-processing to narrow the search area and find user's hand quickly and accurately. Hidden Markov Model (HMM) is used for gesture recognition. A certain number of basic gesture units are trained as HMM models. At the same time, an improved 8-direction feature vector is proposed and used to quantify characteristics in order to improve the detection accuracy. The proposed system can be applied in interaction equipments without special training for users, such as household interactive television

  14. Enhanced Intrusion Detection System for Input Validation Attacks in Web Application

    Directory of Open Access Journals (Sweden)

    Puspendra Kumar

    2013-01-01

    Full Text Available Internet continues to expand exponentially and access to the Internet become more prevalent in our daily life but at the same time web application are becoming most attractive targets for hacker and cyber criminals. This paper presents an enhanced intrusion detection system approach for detecting input validation attacks in the web application. The existing IDS for Input validation attacks are language dependent. The proposed IDS is language independent i.e. it works for any web application developed with the aid of java, php, dot net etc. In addition the proposed system detects directory traversal attacks, command injection attacks, cross site scripting attacks and SQL injection attacks, those were not detected in the existing IDS. This is an automatic technique for detection vulnerabilities over the internet. Our technique is based on the web application parameter which is in form of POST and GET which has generalized structure and values. This technique reduces analysis time of input validation attacks.

  15. Driver Adaptive Warning Systems

    Science.gov (United States)

    1998-03-01

    corrective measures are being taken, such as: • A high steering wheel rate, indicating a correction. • A turn signal being active. • Brake being...fields include lane position, road curvature, steering angle, turn signal state, velocity, and system uncertainty. See Figure 3 for examples of these... turn signal when changing lanes. I am present in the van during the test run, sitting in the passenger seat. The touch screen that displays the RALPH

  16. 基于网络的入侵防御系统%Network-based intrusion prevention system

    Institute of Scientific and Technical Information of China (English)

    张立秋; 常会友; 刘翔

    2005-01-01

    基于网络的入侵检测系统(Network-Based Intrusion Detection System,IDS)存在着策略维护困难、防止攻击能力差、攻击响应不及时等局限性.网络入侵防御系统(Intrusion Prevention System,IPS)采用串联工作方式,能有效地防御网络攻击,抑制网络蠕虫病毒的传播,最终对关键网段的保护起重要作用.

  17. Fractal analysis of SEM images and mercury intrusion porosimetry data for the microstructural characterization of microcrystalline cellulose-based pellets

    Energy Technology Data Exchange (ETDEWEB)

    Gomez-Carracedo, A.; Alvarez-Lorenzo, C.; Coca, R.; Martinez-Pacheco, R.; Concheiro, A. [Departamento de Farmacia y Tecnologia Farmaceutica, Universidad de Santiago de Compostela, Santiago de Compostela 15782 (Spain); Gomez-Amoza, J.L. [Departamento de Farmacia y Tecnologia Farmaceutica, Universidad de Santiago de Compostela, Santiago de Compostela 15782 (Spain)], E-mail: joseluis.gomez.amoza@usc.es

    2009-01-15

    The microstructure of theophylline pellets prepared from microcrystalline cellulose, carbopol and dicalcium phosphate dihydrate, according to a mixture design, was characterized using textural analysis of gray-level scanning electron microscopy (SEM) images and thermodynamic analysis of the cumulative pore volume distribution obtained by mercury intrusion porosimetry. Surface roughness evaluated in terms of gray-level non-uniformity and fractal dimension of pellet surface depended on agglomeration phenomena during extrusion/spheronization. Pores at the surface, mainly 1-15 {mu}m in diameter, determined both the mechanism and the rate of theophylline release, and a strong negative correlation between the fractal geometry and the b parameter of the Weibull function was found for pellets containing >60% carbopol. Theophylline mean dissolution time from these pellets was about two to four times greater. Textural analysis of SEM micrographs and fractal analysis of mercury intrusion data are complementary techniques that enable complete characterization of multiparticulate drug dosage forms.

  18. Adaptive Instructional Systems

    Science.gov (United States)

    2005-09-01

    planning stage, which used the infbrmation obtained from the Phase I research to develop a plan for utilizing the tecnolog in the proposed system. 1.4...signifying that the trainee should push it, would be an example of a visul prompt. Auditory learners arc likened to having a tape recorder inside...they pushed on it too hard, The student would als be ale to query the simulator wth vera commands like "R’peat instrumtions" or "Rotor pedal descrition

  19. Cascading of C4.5 Decision Tree and Support Vector Machine for Rule Based Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Jashan Koshal

    2012-08-01

    Full Text Available Main reason for the attack being introduced to the system is because of popularity of the internet. Information security has now become a vital subject. Hence, there is an immediate need to recognize and detect the attacks. Intrusion Detection is defined as a method of diagnosing the attack and the sign of malicious activity in a computer network by evaluating the system continuously. The software that performs such task can be defined as Intrusion Detection Systems (IDS. System developed with the individual algorithms like classification, neural networks, clustering etc. gives good detection rate and less false alarm rate. Recent studies show that the cascading of multiple algorithm yields much better performance than the system developed with the single algorithm. Intrusion detection systems that uses single algorithm, the accuracy and detection rate were not up to mark. Rise in the false alarm rate was also encountered. Cascading of algorithm is performed to solve this problem. This paper represents two hybrid algorithms for developing the intrusion detection system. C4.5 decision tree and Support Vector Machine (SVM are combined to maximize the accuracy, which is the advantage of C4.5 and diminish the wrong alarm rate which is the advantage of SVM. Results show the increase in the accuracy and detection rate and less false alarm rate.

  20. A Real Time Intrusion Aggregation And Prevention Technique

    Directory of Open Access Journals (Sweden)

    Fouzia Sultana

    2013-03-01

    Full Text Available Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts produced by low-level intrusion detection systems, firewalls, etc. belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts can be reduced substantially. Meta-alerts may then be the basis for reporting to security experts or for communication within a distributed intrusion detection system. We propose a novel technique for online alert aggregation which is based on a dynamic, probabilistic model of the current attack situation. Basically, it can be regarded as a data stream version of a maximum likelihood approach for the estimation of the model parameters. With three benchmark data sets, we demonstrate that it is possible to achieve reduction rates of up to 99.96 percent while the number of missing meta-alerts is extremely low. In addition, meta-alerts are generated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance. Two types of intrusions are detected in this work: Firstly a spam attack is detected based on the blacklisted IP addresses from Stop Forum Spam and secondly packet level intrusion is detected based on KDDcup data. A packet sniffer is designed which keeps sniffing and extracting all the packets that are exchanged over internet interface. The packets are filtered and the headers are extracted. The headers are further subdivided into TCP, IP and UDP headers. ICMP packets are then separated. The data is matched with the database intrusion entries using fast string matching techniques and possible attack entries are marked with different color codes. An attack signature may be visible in any header of the same packet. In such cases, the alerts are aggregated and a single

  1. Petrogenesis of postcollisional magmatism at Scheelite Dome, Yukon, Canada: Evidence for a lithospheric mantle source for magmas associated with intrusion-related gold systems

    Science.gov (United States)

    Mair, John L.; Farmer, G. Lang; Groves, David I.; Hart, Craig J.R.; Goldfarb, Richard J.

    2011-01-01

    The type examples for the class of deposits termed intrusion-related gold systems occur in the Tombstone-Tungsten belt of Alaska and Yukon, on the eastern side of the Tintina gold province. In this part of the northern Cordillera, extensive mid-Cretaceous postcollisional plutonism took place following the accretion of exotic terranes to the continental margin. The most cratonward of the resulting plutonic belts comprises small isolated intrusive centers, with compositionally diverse, dominantly potassic rocks, as exemplified at Scheelite Dome, located in central Yukon. Similar to other spatially and temporally related intrusive centers, the Scheelite Dome intrusions are genetically associated with intrusion-related gold deposits. Intrusions have exceptional variability, ranging from volumetrically dominant clinopyroxene-bearing monzogranites, to calc-alkaline minettes and spessartites, with an intervening range of intermediate to felsic stocks and dikes, including leucominettes, quartz monzonites, quartz monzodiorites, and granodiorites. All rock types are potassic, are strongly enriched in LILEs and LREEs, and feature high LILE/HFSE ratios. Clinopyroxene is common to all rock types and ranges from salite in felsic rocks to high Mg augite and Cr-rich diopside in lamprophyres. Less common, calcic amphibole ranges from actinolitic hornblende to pargasite. The rocks have strongly radiogenic Sr (initial 87Sr/86Sr from 0.711-0.714) and Pb isotope ratios (206Pb/204Pb from 19.2-19.7), and negative initial εNd values (-8.06 to -11.26). Whole-rock major and trace element, radiogenic isotope, and mineralogical data suggest that the felsic to intermediate rocks were derived from mafic potassic magmas sourced from the lithospheric mantle via fractional crystallization and minor assimilation of metasedimentary crust. Mainly unmodified minettes and spessartites represent the most primitive and final phases emplaced. Metasomatic enrichments in the underlying lithospheric mantle

  2. Implementation of Multipattern String Matching Accelerated with GPU for Intrusion Detection System

    Science.gov (United States)

    Nehemia, Rangga; Lim, Charles; Galinium, Maulahikmah; Rinaldi Widianto, Ahmad

    2017-04-01

    As Internet-related security threats continue to increase in terms of volume and sophistication, existing Intrusion Detection System is also being challenged to cope with the current Internet development. Multi Pattern String Matching algorithm accelerated with Graphical Processing Unit is being utilized to improve the packet scanning performance of the IDS. This paper implements a Multi Pattern String Matching algorithm, also called Parallel Failureless Aho Corasick accelerated with GPU to improve the performance of IDS. OpenCL library is used to allow the IDS to support various GPU, including popular GPU such as NVIDIA and AMD, used in our research. The experiment result shows that the application of Multi Pattern String Matching using GPU accelerated platform provides a speed up, by up to 141% in term of throughput compared to the previous research.

  3. Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

    Directory of Open Access Journals (Sweden)

    Min-Joo Kang

    Full Text Available A novel intrusion detection system (IDS using a deep neural network (DNN is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN, therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN bus.

  4. 入侵防御系统研究%Research on Intrusion Prevention System

    Institute of Scientific and Technical Information of China (English)

    黎利辉

    2008-01-01

    为了澄清人们对入侵防御系统(Intrusion Prevention System,IPS)的认识,该文在分析了传统防火墙和入侵检测系统(JDS)不足的基础上,介绍了入侵防御系统的产生原因,比较了入侵检测系统和入侵防御系统,详细分析了入侵防御系统的工作原理.根据当前安全行业及相关行业的现状和发展趋势,重点预测了入侵防御系统未来的发展趋势.

  5. An Intrusion Detection System Against UDP Flood Attack and Ping of Death Attack (DDOS in MANET

    Directory of Open Access Journals (Sweden)

    Ankur Ashok Acharya

    2016-04-01

    Full Text Available DDoS is one of the serious attacks in the ad hoc network. Among lot many DDoS attacks, UDP flood attack and Ping of death attack are considered to be important as these two attacks may cause severe damage to the network. To provide better security to the network, efficient intrusion detection (IDS system is required to monitor the network continuously, keeping track of malicious activities and policy violations and produce report to the network administrator. UDP flood attack and ping of death attack are given importance in this paper as they are not well addressed in the existing research works. Packet capture and packet decoder is used to identify the packets and retrieve the packet details. A threshold is set for each node that is connected to the network. If the packet flow into the node exceeds the threshold that is set then the administrator is notified about the same.

  6. Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

    Science.gov (United States)

    Kang, Min-Joo; Kang, Je-Won

    2016-01-01

    A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus.

  7. BLACK HOLE ATTACK IN AODV & FRIEND FEATURES UNIQUE EXTRACTION TO DESIGN DETECTION ENGINE FOR INTRUSION DETECTION SYSTEM IN MOBILE ADHOC NETWORK

    Directory of Open Access Journals (Sweden)

    HUSAIN SHAHNAWAZ

    2012-10-01

    Full Text Available Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS. Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system.

  8. Vapor intrusion attenuation factors relative to subslab and source, reconsidered in light of background data

    OpenAIRE

    Yao, Yijun; Wu, Yun; Suuberg, Eric M.; Provoost, Jeroen; Shen, Rui; Ma, Jianqing; Jing LIU

    2015-01-01

    The basis upon which recommended attenuation factors for vapor intrusion (VI) have been derived are reconsidered. By making a fitting curve to the plot showing the dependence of observed indoor air concentration (cin) on subslab concentration (css) for residences in EPA database, an analytical equation is obtained to identify the relationship among cin, css and the averaged background level. The new relationship indicates that subslab measurements may serve as a useful guide only if css is ab...

  9. An improved unsupervised clustering-based intrusion detection method

    Science.gov (United States)

    Hai, Yong J.; Wu, Yu; Wang, Guo Y.

    2005-03-01

    Practical Intrusion Detection Systems (IDSs) based on data mining are facing two key problems, discovering intrusion knowledge from real-time network data, and automatically updating them when new intrusions appear. Most data mining algorithms work on labeled data. In order to set up basic data set for mining, huge volumes of network data need to be collected and labeled manually. In fact, it is rather difficult and impractical to label intrusions, which has been a big restrict for current IDSs and has led to limited ability of identifying all kinds of intrusion types. An improved unsupervised clustering-based intrusion model working on unlabeled training data is introduced. In this model, center of a cluster is defined and used as substitution of this cluster. Then all cluster centers are adopted to detect intrusions. Testing on data sets of KDDCUP"99, experimental results demonstrate that our method has good performance in detection rate. Furthermore, the incremental-learning method is adopted to detect those unknown-type intrusions and it decreases false positive rate.

  10. Response-Adaptive Allocation for Circular Data.

    Science.gov (United States)

    Biswas, Atanu; Dutta, Somak; Laha, Arnab Kumar; Bakshi, Partho K

    2015-01-01

    Response-adaptive designs are used in phase III clinical trials to allocate a larger proportion of patients to the better treatment. Circular data is a natural outcome in many clinical trial setup, e.g., some measurements in opthalmologic studies, degrees of rotation of hand or waist, etc. There is no available work on response-adaptive designs for circular data. With reference to a dataset on cataract surgery we provide some response-adaptive designs where the responses are of circular nature and propose some test statistics for treatment comparison under adaptive data allocation procedure. Detailed simulation study and the analysis of the dataset, including redesigning the cataract surgery data, are carried out.

  11. EARLY WARNING MODEL OF NETWORK INTRUSION BASED ON D-S EVIDENCE THEORY

    Institute of Scientific and Technical Information of China (English)

    Tian Junfeng; Zhai Jianqiang; Du Ruizhong; Huang Jiancai

    2005-01-01

    Application of data fusion technique in intrusion detection is the trend of nextgeneration Intrusion Detection System (IDS). In network security, adopting security early warning technique is feasible to effectively defend against attacks and attackers. To do this, correlative information provided by IDS must be gathered and the current intrusion characteristics and situation must be analyzed and estimated. This paper applies D-S evidence theory to distributed intrusion detection system for fusing information from detection centers, making clear intrusion situation, and improving the early warning capability and detection efficiency of the IDS accordingly.

  12. A web-based non-intrusive ambient system to measure and classify activities of daily living.

    Science.gov (United States)

    Stucki, Reto A; Urwyler, Prabitha; Rampa, Luca; Müri, René; Mosimann, Urs P; Nef, Tobias

    2014-07-21

    The number of older adults in the global population is increasing. This demographic shift leads to an increasing prevalence of age-associated disorders, such as Alzheimer's disease and other types of dementia. With the progression of the disease, the risk for institutional care increases, which contrasts with the desire of most patients to stay in their home environment. Despite doctors' and caregivers' awareness of the patient's cognitive status, they are often uncertain about its consequences on activities of daily living (ADL). To provide effective care, they need to know how patients cope with ADL, in particular, the estimation of risks associated with the cognitive decline. The occurrence, performance, and duration of different ADL are important indicators of functional ability. The patient's ability to cope with these activities is traditionally assessed with questionnaires, which has disadvantages (eg, lack of reliability and sensitivity). Several groups have proposed sensor-based systems to recognize and quantify these activities in the patient's home. Combined with Web technology, these systems can inform caregivers about their patients in real-time (e.g., via smartphone). We hypothesize that a non-intrusive system, which does not use body-mounted sensors, video-based imaging, and microphone recordings would be better suited for use in dementia patients. Since it does not require patient's attention and compliance, such a system might be well accepted by patients. We present a passive, Web-based, non-intrusive, assistive technology system that recognizes and classifies ADL. The components of this novel assistive technology system were wireless sensors distributed in every room of the participant's home and a central computer unit (CCU). The environmental data were acquired for 20 days (per participant) and then stored and processed on the CCU. In consultation with medical experts, eight ADL were classified. In this study, 10 healthy participants (6 women

  13. Lazy-Learning-Based Data-Driven Model-Free Adaptive Predictive Control for a Class of Discrete-Time Nonlinear Systems.

    Science.gov (United States)

    Hou, Zhongsheng; Liu, Shida; Tian, Taotao

    2016-05-18

    In this paper, a novel data-driven model-free adaptive predictive control method based on lazy learning technique is proposed for a class of discrete-time single-input and single-output nonlinear systems. The feature of the proposed approach is that the controller is designed only using the input-output (I/O) measurement data of the system by means of a novel dynamic linearization technique with a new concept termed pseudogradient (PG). Moreover, the predictive function is implemented in the controller using a lazy-learning (LL)-based PG predictive algorithm, such that the controller not only shows good robustness but also can realize the effect of model-free adaptive prediction for the sudden change of the desired signal. Further, since the LL technique has the characteristic of database queries, both the online and offline I/O measurement data are fully and simultaneously utilized to real-time adjust the controller parameters during the control process. Moreover, the stability of the proposed method is guaranteed by rigorous mathematical analysis. Meanwhile, the numerical simulations and the laboratory experiments implemented on a practical three-tank water level control system both verify the effectiveness of the proposed approach.

  14. Adaptive, dynamic, and resilient systems

    CERN Document Server

    Suri, Niranjan

    2015-01-01

    As the complexity of today's networked computer systems grows, they become increasingly difficult to understand, predict, and control. Addressing these challenges requires new approaches to building these systems. Adaptive, Dynamic, and Resilient Systems supplies readers with various perspectives of the critical infrastructure that systems of networked computers rely on. It introduces the key issues, describes their interrelationships, and presents new research in support of these areas.The book presents the insights of a different group of international experts in each chapter. Reporting on r

  15. A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

    Directory of Open Access Journals (Sweden)

    Imdadul Karim

    2017-02-01

    Full Text Available As one of the most reliable technologies, network intrusion detection system (NIDS allows the monitoring of incoming and outgoing traffic to identify unauthorised usage and mishandling of attackers in computer network systems. To this extent, this paper investigates the experimental performance of Snort-based NIDS (S-NIDS in a practical network with the latest technology in various network scenarios including high data speed and/or heavy traffic and/or large packet size. An effective testbed is designed based on Snort using different muti-core processors, e.g., i5 and i7, with different operating systems, e.g., Windows 7, Windows Server and Linux. Furthermore, considering an enterprise network consisting of multiple virtual local area networks (VLANs, a centralised parallel S-NIDS (CPS-NIDS is proposed with the support of a centralised database server to deal with high data speed and heavy traffic. Experimental evaluation is carried out for each network configuration to evaluate the performance of the S-NIDS in different network scenarios as well as validating the effectiveness of the proposed CPS-NIDS. In particular, by analysing packet analysis efficiency, an improved performance of up to 10% is shown to be achieved with Linux over other operating systems, while up to 8% of improved performance can be achieved with i7 over i5 processors.

  16. Cross-bandwidth adaptation for ASR systems

    CSIR Research Space (South Africa)

    Kleynhans, N

    2013-12-01

    Full Text Available not be feasible for resource-scarce environments. Utilising limited amounts of in-domain data and a combination of feature normalisation and acoustic model adaptation techniques has therefore found wide use in ASR systems. Various approaches have been proposed...

  17. Managing risks from virus intrusion into water distribution systems due to pressure transients.

    Science.gov (United States)

    Yang, Jian; LeChevallier, Mark W; Teunis, Peter F M; Xu, Minhua

    2011-06-01

    Low or negative pressure transients in water distribution systems, caused by unexpected events (e.g. power outages) or routine operation/maintenance activities, are usually brief and thus are rarely monitored or alarmed. Previous studies have shown connections between negative pressure events in water distribution systems and potential public health consequences. Using a quantitative microbial risk assessment (QMRA) model previously developed, various factors driving the risk of viral infection from intrusion were evaluated, including virus concentrations external to the distribution system, maintenance of a disinfectant residual, leak orifice sizes, the duration and the number of nodes drawing negative pressures. The most sensitive factors were the duration and the number of nodes drawing negative pressures, indicating that mitigation practices should be targeted to alleviate the severity of low/negative pressure transients. Maintaining a free chlorine residual of 0.2 mg/L or above is the last defense against the risk of viral infection due to negative pressure transients. Maintaining a chloramine residual did not appear to significantly reduce the risk. The effectiveness of ensuring separation distances from sewer mains to reduce the risk of infection may be system-specific. Leak detection/repair and cross-connection control should be prioritized in areas vulnerable to negative pressure transients.

  18. Three sided complex adaptative systems

    CERN Document Server

    D'Hulst, R

    1999-01-01

    We introduce two three sided adaptative systems as toy models to mimic the exchange of commodities between buyers and sellers. These models are simple extensions of the minority game, exhibiting similar behaviour as well as some new features. The main difference between our two models is that in the first the three sides are equivalent while in the second, one choice appears as a compromise between the two other sides. Both models are investigated numerically and compared with the original minority game.

  19. Electrical Resistivity Imaging of Seawater Intrusion into the Monterey Bay Aquifer System.

    Science.gov (United States)

    Pidlisecky, A; Moran, T; Hansen, B; Knight, R

    2016-03-01

    We use electrical resistivity tomography to obtain a 6.8-km electrical resistivity image to a depth of approximately 150 m.b.s.l. along the coast of Monterey Bay. The resulting image is used to determine the subsurface distribution of saltwater- and freshwater-saturated sediments and the geologic controls on fluid distributions in the region. Data acquisition took place over two field seasons in 2011 and 2012. To maximize our ability to image both vertical and horizontal variations in the subsurface, a combination of dipole-dipole, Wenner, Wenner-gamma, and gradient measurements were made, resulting in a large final dataset of approximately 139,000 data points. The resulting resistivity section extends to a depth of 150 m.b.s.l., and is used, in conjunction with the gamma logs from four coastal monitoring wells to identify four dominant lithologic units. From these data, we are able to infer the existence of a contiguous clay layer in the southern portion of our transect, which prevents downward migration of the saltwater observed in the upper 25 m of the subsurface to the underlying freshwater aquifer. The saltwater and brackish water in the northern portion of the transect introduce the potential for seawater intrusion into the hydraulically connected freshwater aquifer to the south, not just from the ocean, but also laterally from north to south.

  20. Data-Driven Adaptive Observer for Fault Diagnosis

    OpenAIRE

    Shen Yin; Xuebo Yang; Hamid Reza Karimi

    2012-01-01

    This paper presents an approach for data-driven design of fault diagnosis system. The proposed fault diagnosis scheme consists of an adaptive residual generator and a bank of isolation observers, whose parameters are directly identified from the process data without identification of complete process model. To deal with normal variations in the process, the parameters of residual generator are online updated by standard adaptive technique to achieve reliable fault detection performance. After...

  1. EFFECT OF CLUSTERING IN DESIGNING A FUZZY BASED HYBRID INTRUSION DETECTION SYSTEM FOR MOBILE AD HOC NETWORKS

    Directory of Open Access Journals (Sweden)

    D. Vydeki

    2013-01-01

    Full Text Available Intrusion Detection System (IDS provides additional security for the most vulnerable Mobile Adhoc Networks (MANET. Use of Fuzzy Inference System (FIS in the design of IDS is proven to be efficient in detecting routing attacks in MANETs. Clustering is a vital means in the detection process of FIS based hybrid IDS. This study describes the design of such a system to detect black hole attack in MANET that uses Adhoc On-Demand Distance Vector (AODV routing protocol. It analyses the effect of two clustering algorithms and also prescribes the suitable clustering algorithm for the above-mentioned IDS. MANETs with various traffic scenarios were simulated and the data set required for the IDS is extracted. A hybrid IDS is designed using Sugeno type-2 FIS to detect black hole attack. From the experimental results, it is derived that the subtractive clustering algorithm produces 97% efficient detection while FCM offers 91%. It has been found that the subtractive clustering algorithm is more fit and efficient than the Fuzzy C-Means clustering (FCM for the FIS based detection system.

  2. Certification Considerations for Adaptive Systems

    Science.gov (United States)

    Bhattacharyya, Siddhartha; Cofer, Darren; Musliner, David J.; Mueller, Joseph; Engstrom, Eric

    2015-01-01

    Advanced capabilities planned for the next generation of aircraft, including those that will operate within the Next Generation Air Transportation System (NextGen), will necessarily include complex new algorithms and non-traditional software elements. These aircraft will likely incorporate adaptive control algorithms that will provide enhanced safety, autonomy, and robustness during adverse conditions. Unmanned aircraft will operate alongside manned aircraft in the National Airspace (NAS), with intelligent software performing the high-level decision-making functions normally performed by human pilots. Even human-piloted aircraft will necessarily include more autonomy. However, there are serious barriers to the deployment of new capabilities, especially for those based upon software including adaptive control (AC) and artificial intelligence (AI) algorithms. Current civil aviation certification processes are based on the idea that the correct behavior of a system must be completely specified and verified prior to operation. This report by Rockwell Collins and SIFT documents our comprehensive study of the state of the art in intelligent and adaptive algorithms for the civil aviation domain, categorizing the approaches used and identifying gaps and challenges associated with certification of each approach.

  3. Statistical Inference for Data Adaptive Target Parameters.

    Science.gov (United States)

    Hubbard, Alan E; Kherad-Pajouh, Sara; van der Laan, Mark J

    2016-05-01

    Consider one observes n i.i.d. copies of a random variable with a probability distribution that is known to be an element of a particular statistical model. In order to define our statistical target we partition the sample in V equal size sub-samples, and use this partitioning to define V splits in an estimation sample (one of the V subsamples) and corresponding complementary parameter-generating sample. For each of the V parameter-generating samples, we apply an algorithm that maps the sample to a statistical target parameter. We define our sample-split data adaptive statistical target parameter as the average of these V-sample specific target parameters. We present an estimator (and corresponding central limit theorem) of this type of data adaptive target parameter. This general methodology for generating data adaptive target parameters is demonstrated with a number of practical examples that highlight new opportunities for statistical learning from data. This new framework provides a rigorous statistical methodology for both exploratory and confirmatory analysis within the same data. Given that more research is becoming "data-driven", the theory developed within this paper provides a new impetus for a greater involvement of statistical inference into problems that are being increasingly addressed by clever, yet ad hoc pattern finding methods. To suggest such potential, and to verify the predictions of the theory, extensive simulation studies, along with a data analysis based on adaptively determined intervention rules are shown and give insight into how to structure such an approach. The results show that the data adaptive target parameter approach provides a general framework and resulting methodology for data-driven science.

  4. Seawater intrusion mapping using electrical resistivity tomography and hydrochemical data. An application in the coastal area of eastern Thermaikos Gulf, Greece

    Energy Technology Data Exchange (ETDEWEB)

    Kazakis, N., E-mail: kazanera@yahoo.com [Aristotle University of Thessaloniki, Department of Geology, Lab. of Engineering Geology & Hydrogeology, 54124 Thessaloniki (Greece); Pavlou, A. [Aristotle University of Thessaloniki, Department of Geology, Lab. of Engineering Geology & Hydrogeology, 54124 Thessaloniki (Greece); Vargemezis, G. [Aristotle University of Thessaloniki, Department of Geology, Lab. of Applied Geophysics, 54124 Thessaloniki (Greece); Voudouris, K.S.; Soulios, G. [Aristotle University of Thessaloniki, Department of Geology, Lab. of Engineering Geology & Hydrogeology, 54124 Thessaloniki (Greece); Pliakas, F. [Democritus University of Thrace, Department of Civil Engineering, Xanthi 67100 (Greece); Tsokas, G. [Aristotle University of Thessaloniki, Department of Geology, Lab. of Applied Geophysics, 54124 Thessaloniki (Greece)

    2016-02-01

    The aim of this study was to determine the extent and geometrical characteristics of seawater intrusion in the coastal aquifer of the eastern Thermaikos Gulf, Greece. Hydrochemical data and geoelectrical measurements were combined and supplemented to determine the hydrochemical regime of the study site in regard to seawater phenomena. Chemical analysis of groundwater was performed in 126 boreholes and fifteen electrical resistivity tomographies (ERT) were measured, whereas in two sites the ERT measurements were repeated following the wet season. The Cl{sup −} concentrations recorded reached 2240 mg/L indicating seawater intrusion which was also verified by ionic ratios. The ionic ratios were overlapped and a seawater intrusion map (SWIM) was produced. A significant part of the coastal aquifer (up to 150 km{sup 2}) is influenced by seawater intrusion. The areas with the most intensive salinization are located between Nea Kallikratia–Epanomi and Aggelochori–Peraia. According to the ERTs, in the influenced areas the salinization of the aquifer exceeds 1 km toward the mainland and its depth reaches 200 m. In the area surrounding Thessaloniki airport, the ERTs revealed salinization of the upper aquifer to depths of up to 40 m, whereas the lower aquifer is uninfluenced. This abnormal distribution of seawater intrusion demonstrates the value of geoelectrical methods in the study of seawater intrusion especially in areas with limited available hydrochemical data. - Highlights: • ERTs determined the geometrical characteristics of the saline aquifer. • An abnormal distribution of seawater intrusion was recorded. • Four ionic ratios overlapped and a seawater intrusion map was produced. • Cl{sup −} concentrations increased significantly from 2005 to 2010 by up to 1800 mg/L.

  5. Self-adaptive change detection in streaming data with non-stationary distribution

    KAUST Repository

    Zhang, Xiangliang

    2010-01-01

    Non-stationary distribution, in which the data distribution evolves over time, is a common issue in many application fields, e.g., intrusion detection and grid computing. Detecting the changes in massive streaming data with a non-stationary distribution helps to alarm the anomalies, to clean the noises, and to report the new patterns. In this paper, we employ a novel approach for detecting changes in streaming data with the purpose of improving the quality of modeling the data streams. Through observing the outliers, this approach of change detection uses a weighted standard deviation to monitor the evolution of the distribution of data streams. A cumulative statistical test, Page-Hinkley, is employed to collect the evidence of changes in distribution. The parameter used for reporting the changes is self-adaptively adjusted according to the distribution of data streams, rather than set by a fixed empirical value. The self-adaptability of the novel approach enhances the effectiveness of modeling data streams by timely catching the changes of distributions. We validated the approach on an online clustering framework with a benchmark KDDcup 1999 intrusion detection data set as well as with a real-world grid data set. The validation results demonstrate its better performance on achieving higher accuracy and lower percentage of outliers comparing to the other change detection approaches. © 2010 Springer-Verlag.

  6. Processing and Linguistics Properties of Adaptable Systems

    Directory of Open Access Journals (Sweden)

    Dumitru TODOROI

    2006-01-01

    Full Text Available Continuation and development of the research in Adaptable Programming Initialization [Tod-05.1,2,3] is presented. As continuation of [Tod-05.2,3] in this paper metalinguistic tools used in the process of introduction of new constructions (data, operations, instructions and controls are developed. The generalization schemes of evaluation of adaptable languages and systems are discussed. These results analogically with [Tod-05.2,3] are obtained by the team, composed from the researchers D. Todoroi [Tod-05.4], Z. Todoroi [ZTod-05], and D. Micusa [Mic-03]. Presented results will be included in the book [Tod-06].

  7. System design for distributed adaptive observation systems

    NARCIS (Netherlands)

    Ditzel, M.; Kester, L.J.H.M.; Broek, S.P. van den

    2011-01-01

    Currently, there is no clear-cut approach or design methodology available for designing distributed adaptive observation systems, partly due to the necessity to combine elements and approaches from several technological and scientific communities. Recently, an effort was made addressing this issue

  8. Fuzzy Based Advanced Hybrid Intrusion Detection System to Detect Malicious Nodes in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Rupinder Singh

    2017-01-01

    Full Text Available In this paper, an Advanced Hybrid Intrusion Detection System (AHIDS that automatically detects the WSNs attacks is proposed. AHIDS makes use of cluster-based architecture with enhanced LEACH protocol that intends to reduce the level of energy consumption by the sensor nodes. AHIDS uses anomaly detection and misuse detection based on fuzzy rule sets along with the Multilayer Perceptron Neural Network. The Feed Forward Neural Network along with the Backpropagation Neural Network are utilized to integrate the detection results and indicate the different types of attackers (i.e., Sybil attack, wormhole attack, and hello flood attack. For detection of Sybil attack, Advanced Sybil Attack Detection Algorithm is developed while the detection of wormhole attack is done by Wormhole Resistant Hybrid Technique. The detection of hello flood attack is done by using signal strength and distance. An experimental analysis is carried out in a set of nodes; 13.33% of the nodes are determined as misbehaving nodes, which classified attackers along with a detection rate of the true positive rate and false positive rate. Sybil attack is detected at a rate of 99,40%; hello flood attack has a detection rate of 98, 20%; and wormhole attack has a detection rate of 99, 20%.

  9. ERIS adaptive optics system design

    Science.gov (United States)

    Marchetti, Enrico; Le Louarn, Miska; Soenke, Christian; Fedrigo, Enrico; Madec, Pierre-Yves; Hubin, Norbert

    2012-07-01

    The Enhanced Resolution Imager and Spectrograph (ERIS) is the next-generation instrument planned for the Very Large Telescope (VLT) and the Adaptive Optics facility (AOF). It is an AO assisted instrument that will make use of the Deformable Secondary Mirror and the new Laser Guide Star Facility (4LGSF), and it is planned for the Cassegrain focus of the telescope UT4. The project is currently in its Phase A awaiting for approval to continue to the next phases. The Adaptive Optics system of ERIS will include two wavefront sensors (WFS) to maximize the coverage of the proposed sciences cases. The first is a high order 40x40 Pyramid WFS (PWFS) for on axis Natural Guide Star (NGS) observations. The second is a high order 40x40 Shack-Hartmann WFS for single Laser Guide Stars (LGS) observations. The PWFS, with appropriate sub-aperture binning, will serve also as low order NGS WFS in support to the LGS mode with a field of view patrolling capability of 2 arcmin diameter. Both WFSs will be equipped with the very low read-out noise CCD220 based camera developed for the AOF. The real-time reconstruction and control is provided by a SPARTA real-time platform adapted to support both WFS modes. In this paper we will present the ERIS AO system in all its main aspects: opto-mechanical design, real-time computer design, control and calibrations strategy. Particular emphasis will be given to the system performance obtained via dedicated numerical simulations.

  10. Performance Analysis of Hierarchical Group Key Management Integrated with Adaptive Intrusion Detection in Mobile ad hoc Networks

    Science.gov (United States)

    2016-04-05

    applications in wireless networks such as military battlefields, emergency response, mobile commerce , online gaming, and collaborative work are based on the...represents that important data are compromised. The second condition represents that the mobile group is unable to function correctly and is compromised as a...include mobile computing, wireless systems, dependable and secure computing, multimedia, sensor networks, data and service management, trust management

  11. Towards Adaptive Spoken Dialog Systems

    CERN Document Server

    Schmitt, Alexander

    2013-01-01

    In Monitoring Adaptive Spoken Dialog Systems, authors Alexander Schmitt and Wolfgang Minker investigate statistical approaches that allow for recognition of negative dialog patterns in Spoken Dialog Systems (SDS). The presented stochastic methods allow a flexible, portable and  accurate use.  Beginning with the foundations of machine learning and pattern recognition, this monograph examines how frequently users show negative emotions in spoken dialog systems and develop novel approaches to speech-based emotion recognition using hybrid approach to model emotions. The authors make use of statistical methods based on acoustic, linguistic and contextual features to examine the relationship between the interaction flow and the occurrence of emotions using non-acted  recordings several thousand real users from commercial and non-commercial SDS. Additionally, the authors present novel statistical methods that spot problems within a dialog based on interaction patterns. The approaches enable future SDS to offer m...

  12. Intrusion Detection Techniques in Wireless Sensor Network using Data Mining Algorithms: Comparative Evaluation Based on Attacks Detection

    Directory of Open Access Journals (Sweden)

    YOUSEF EL MOURABIT

    2015-09-01

    Full Text Available Wireless sensor network (WSN consists of sensor nodes. Deployed in the open area, and characterized by constrained resources, WSN suffers from several attacks, intrusion and security vulnerabilities. Intrusion detection system (IDS is one of the essential security mechanism against attacks in WSN. In this paper we present a comparative evaluation of the most performant detection techniques in IDS for WSNs, the analyzes and comparisons of the approaches are represented technically, followed by a brief. Attacks in WSN also are presented and classified into several criteria. To implement and measure the performance of detection techniques we prepare our dataset, based on KDD'99, into five step, after normalizing our dataset, we determined normal class and 4 types of attacks, and used the most relevant attributes for the classification process. We propose applying CfsSubsetEval with BestFirst approach as an attribute selection algorithm for removing the redundant attributes. The experimental results show that the random forest methods provide high detection rate and reduce false alarm rate. Finally, a set of principles is concluded, which have to be satisfied in future research for implementing IDS in WSNs. To help researchers in the selection of IDS for WSNs, several recommendations are provided with future directions for this research.

  13. Non-Intrusive Demand Monitoring and Load Identification for Energy Management Systems Based on Transient Feature Analyses

    Directory of Open Access Journals (Sweden)

    Hsueh-Hsien Chang

    2012-11-01

    Full Text Available Energy management systems strive to use energy resources efficiently, save energy, and reduce carbon output. This study proposes transient feature analyses of the transient response time and transient energy on the power signatures of non-intrusive demand monitoring and load identification to detect the power demand and load operation. This study uses the wavelet transform (WT of the time-frequency domain to analyze and detect the transient physical behavior of loads during the load identification. The experimental results show the transient response time and transient energy are better than the steady-state features to improve the recognition accuracy and reduces computation requirements in non-intrusive load monitoring (NILM systems. The discrete wavelet transform (DWT is more suitable than short-time Fourier transform (STFT for transient load analyses.

  14. A MOBILE AGENT BASED INTRUSION DETECTION SYSTEM ARCHITECTURE FOR MOBILE AD HOC NETWORKS

    Directory of Open Access Journals (Sweden)

    Binod Kumar Pattanayak

    2014-01-01

    Full Text Available Applications of Mobile Ad Hoc Networks (MANETs have become extensively popular over the years among the researchers. However, the dynamic nature of MANETs imposes a set of challenges to its efficient implementation in practice. One of such challenges represents intrusion detection and prevention procedures that are intended to provide secured performance of ad hoc applications. In this study, we introduce a mobile agent based intrusion detection and prevention architecture for a clustered MANET. Here, a mobile agent resides in each cluster of the ad hoc network and each cluster runs a specific application at any point of time. This application specific approach makes the network more robust to external intrusions directed at the nodes in an ad hoc network.

  15. Model-Free Adaptive Control Algorithm with Data Dropout Compensation

    OpenAIRE

    Xuhui Bu; Fashan Yu; Zhongsheng Hou; Hongwei Zhang

    2012-01-01

    The convergence of model-free adaptive control (MFAC) algorithm can be guaranteed when the system is subject to measurement data dropout. The system output convergent speed gets slower as dropout rate increases. This paper proposes a MFAC algorithm with data compensation. The missing data is first estimated using the dynamical linearization method, and then the estimated value is introduced to update control input. The convergence analysis of the proposed MFAC algorithm is given, and the effe...

  16. Vapor intrusion attenuation factors relative to subslab and source, reconsidered in light of background data.

    Science.gov (United States)

    Yao, Yijun; Wu, Yun; Suuberg, Eric M; Provoost, Jeroen; Shen, Rui; Ma, Jianqing; Liu, Jing

    2015-04-09

    The basis upon which recommended attenuation factors for vapor intrusion (VI) have been derived are reconsidered. By making a fitting curve to the plot showing the dependence of observed indoor air concentration (c(in)) on subslab concentration (c(ss)) for residences in EPA database, an analytical equation is obtained to identify the relationship among c(in), css and the averaged background level. The new relationship indicates that subslab measurements may serve as a useful guide only if c(ss) is above 500 μg/m(3). Otherwise, c(in) is independent of c(ss), with a distribution in good agreements with other studies of background levels. Therefore, employing this screening value (500 μg/m(3)), new contaminant concentration attenuation factors are proposed for VI, and the values for groundwater-to-indoor and subslab-to-indoor air concentration attenuation factors are 0.004 and 0.02, respectively. The former is applied to examining the reported temporal variations of c(in) obtained during a long-term monitoring study. The results show that using this new groundwater-to-indoor air concentration attenuation factor also provides a reasonably conservative estimate of c(in).

  17. Vapor intrusion attenuation factors relative to subslab and source, reconsidered in light of background data

    Science.gov (United States)

    Yao, Yijun; Wu, Yun; Suuberg, Eric M.; Provoost, Jeroen; shen, Rui; Ma, Jianqing; Liu, Jing

    2016-01-01

    The basis upon which recommended attenuation factors for vapor intrusion (VI) have been derived are reconsidered. By making a fitting curve to the plot showing the dependence of observed indoor air concentration (cin) on subslab concentration (css) for residences in EPA database, an analytical equation is obtained to identify the relationship among cin, css and the averaged background level. The new relationship indicates that subslab measurements may serve as a useful guide only if css is above 500 μg / m3. Otherwise, cin is independent of css, with a distribution in good agreements with other studies of background levels. Therefore, employing this screening value (500 μg / m3), new contaminant concentration attenuation factors are proposed for VI, and the values for groundwater-to-indoor and subslab-to-indoor air concentration attenuation factors are 0.004 and 0.02, respectively. The former is applied to examining the reported temporal variations of cin obtained during a long-term monitoring study. The results show that using this new groundwater-to-indoor air concentration attenuation factor also provides a reasonably conservative estimate of cin. PMID:25618001

  18. Operational data of the Star City rainwater harvesting system and its role as a climate change adaptation and a social influence.

    Science.gov (United States)

    Han, M Y; Mun, J S

    2011-01-01

    The Star City rainwater harvesting system (RWHS) was featured in the December, 2008, issue of Water 21. The article highlighted that the RWHS has a 3,000 m3 rainwater tank used in water saving, flood mitigation, and emergency response. Since then, many news media, public officials, and people from both South Korea and abroad have visited the RWHS. In this paper, two years of the system's operational data are presented and its role in short- and long-term climate change adaptation is investigated. The downstream sewer system has become safe for a 50-year rainfall without upgrading the existing sewer system, which was designed for a 10-year period. The 26,000 m3 of water saved has reduced the energy requirement of transferring water from a distant area. The success of the Star City RWHS has influenced 47 cities across South Korea, including Seoul, to enact regulations on rainwater management. It has shown that decentralized rainwater management can supplement the existing centralized system to ensure its safety.

  19. Semantic models for adaptive interactive systems

    CERN Document Server

    Hussein, Tim; Lukosch, Stephan; Ziegler, Jürgen; Calvary, Gaëlle

    2013-01-01

    Providing insights into methodologies for designing adaptive systems based on semantic data, and introducing semantic models that can be used for building interactive systems, this book showcases many of the applications made possible by the use of semantic models.Ontologies may enhance the functional coverage of an interactive system as well as its visualization and interaction capabilities in various ways. Semantic models can also contribute to bridging gaps; for example, between user models, context-aware interfaces, and model-driven UI generation. There is considerable potential for using

  20. Novel Link Adaptation Schemes for OFDM System

    Institute of Scientific and Technical Information of China (English)

    LEI Ming; CAI Peng; XU Yue-shan; ZHANG Ping

    2003-01-01

    Orthogonal Frequency Division Multiplexing (OFDM) is the most promising technique supporting the high data rate transmission. The combination of the link adaptation and OFDM can further increase the spectral efficiency. In this paper, we put forward two link adaptation schemes for OFDM system which have the advantages of both flexibility and practicability. Both of the two novel link adaptation schemes are based on the iterative mechanism to allocate the bit and power to subcarriers according to their channel gains and noisy levels which are assumed to be already known at the transmitter. The candidate modulation modes are determined freely before the link adaptation schemes are performed. The distinction between the two novel link adaptation schemes is that in the novel scheme A, the modulation mode is upgraded to the neighboring higher-order mode, while in the novel scheme B the modulation is upgraded to the genuine optimal mode. Therefore, the novel scheme A has the advantage of lower complexity and the novel scheme B has the advantage of higher spectral efficiency.

  1. Diagnosing and Reconstructing Real-World Hydroclimatic Dynamics from Time Sequenced Data: The Case of Saltwater Intrusion into Coastal Wetlands in Everglades National Park

    Science.gov (United States)

    Huffaker, R.; Munoz-Carpena, R.

    2016-12-01

    There are increasing calls to audit decision-support models used for environmental policy to ensure that they correspond with the reality facing policy makers. Modelers can establish correspondence by providing empirical evidence of real-world dynamic behavior that their models skillfully simulate. We present a pre-modeling diagnostic framework—based on nonlinear dynamic analysis—for detecting and reconstructing real-world environmental dynamics from observed time-sequenced data. Phenomenological (data-driven) modeling—based on machine learning regression techniques—extracts a set of ordinary differential equations governing empirically-diagnosed system dynamics from a single time series, or from multiple time series on causally-interacting variables. We apply the framework to investigate saltwater intrusion into coastal wetlands in Everglades National Park, Florida, USA. We test the following hypotheses posed in the literature linking regional hydrologic variables with global climatic teleconnections: (1) Sea level in Florida Bay drives well level and well salinity in the coastal Everglades; (2) Atlantic Multidecadal Oscillation (AMO) drives sea level, well level and well salinity; and (3) AMO and (El Niño Southern Oscillation) ENSO bi-causally interact. The thinking is that salt water intrusion links ocean-surface salinity with salinity of inland water sources, and sea level with inland water; that AMO and ENSO share a teleconnective relationship (perhaps through the atmosphere); and that AMO and ENSO both influence inland precipitation and thus well levels. Our results support these hypotheses, and we successfully construct a parsimonious phenomenological model that reproduces diagnosed nonlinear dynamics and system interactions. We propose that reconstructed data dynamics be used, along with other expert information, as a rigorous benchmark to guide specification and testing of hydrologic decision support models corresponding with real-world behavior.

  2. Geochemical signature variation of pre-, syn-, and post-shearing intrusives within the Najd Fault System of western Saudi Arabia

    Science.gov (United States)

    Hassan, M.; Abu-Alam, T. S.; Hauzenberger, C.; Stüwe, K.

    2016-10-01

    Late Precambrian intrusive rocks in the Arabian-Nubian Shield emplaced within and around the Najd Fault System of Saudi Arabia feature a great compositional diversity and a variety of degrees of deformation (i.e. pre-shearing deformed, sheared mylonitized, and post-shearing undeformed) that allows placing them into a relative time order. It is shown here that the degree of deformation is related to compositional variations where early, usually pre-shearing deformed rocks are of dioritic, tonalitic to granodioritic, and later, mainly post-shearing undeformed rocks are mostly of granitic composition. Correlation of the geochemical signature and time of emplacement is interpreted in terms of changes in the source region of the produced melts due to the change of the stress regime during the tectonic evolution of the Arabian-Nubian Shield. The magma of the pre-shearing rocks has tholeiitic and calc-alkaline affinity indicating island arc or continental arc affinity. In contrast, the syn- and post-shearing rocks are mainly potassium rich peraluminous granites which are typically associated with post-orogenic uplift and collapse. This variation in geochemical signature is interpreted to reflect the change of the tectonic regime from a compressional volcanic arc nature to extensional within-plate setting of the Arabian-Nubian Shield. Within the context of published geochronological data, this change is likely to have occurred around 605-580 Ma.

  3. Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

    Directory of Open Access Journals (Sweden)

    Andrew Carlin

    2015-06-01

    Full Text Available Clouds are distributed Internet-based platforms that provide highly resilient and scalable environments to be used by enterprises in a multitude of ways. Cloud computing offers enterprises technology innovation that business leaders and IT infrastructure managers can choose to apply based on how and to what extent it helps them fulfil their business requirements. It is crucial that all technical consultants have a rigorous understanding of the ramifications of cloud computing as its influence is likely to spread the complete IT landscape. Security is one of the major concerns that is of practical interest to decision makers when they are making critical strategic operational decisions. Distributed Denial of Service (DDoS attacks are becoming more frequent and effective over the past few years, since the widely publicised DDoS attacks on the financial services industry that came to light in September and October 2012 and resurfaced in the past two years. In this paper, we introduce advanced cloud security technologies and practices as a series of concepts and technology architectures, from an industry-centric point of view. This is followed by classification of intrusion detection and prevention mechanisms that can be part of an overall strategy to help understand, identify and mitigate potential DDoS attacks on business networks. The paper establishes solid coverage of security issues related to DDoS and virtualisation with a focus on structure, clarity, and well-defined blocks for mainstream cloud computing security solutions and platforms. In doing so, we aim to provide industry technologists, who may not be necessarily cloud or security experts, with an effective tool to help them understand the security implications associated with cloud adoption in their transition towards more knowledge-based systems.

  4. Non-intrusive schemes for speed and axle identification in bridge-weigh-in-motion systems

    Science.gov (United States)

    Kalhori, Hamed; Makki Alamdari, Mehrisadat; Zhu, Xinqun; Samali, Bijan; Mustapha, Samir

    2017-02-01

    Bridge weigh-in-motion (BWIM) is an approach through which the axle and gross weight of trucks travelling at normal highway speed are identified using the response of an instrumented bridge. The vehicle speed, the number of axles, and the axle spacing are crucial parameters, and are required to be determined in the majority of BWIM algorithms. Nothing-on-the-road (NOR) strategy suggests using the strain signals measured at some particular positions underneath the deck or girders of a bridge to obtain this information. The objective of this research is to present a concise overview of the challenges of the current non-intrusive schemes for speed and axle determination through bending-strain and shear-strain based approaches. The problem associated with the global bending-strain responses measured at quarter points of span is discussed and a new sensor arrangement is proposed as an alternative. As for measurement of local responses rather than the global responses, the advantage of shear strains over bending strains is presented. However, it is illustrated that shear strains at quarter points of span can only provide accurate speed estimation but fail to detect the correct number of axles. As a remedy, it is demonstrated that, even for closely-spaced axles, the shear strain at the beginning of the bridge is capable of reliably identifying the number of axles. In order to provide a fully automated speed and axle identification system, appropriate signal processing including low-pass filtering and wavelet transforms are applied to the raw time signals. As case studies, the results of experimental testing in laboratory and on a real bridge are presented.

  5. Design of a new type of integrated classifier for network intrusion detection systems

    Institute of Scientific and Technical Information of China (English)

    ZHU You-chan; WANG Jian; SHANG Li-biao

    2006-01-01

    Based on the analysis of the network intrusion detection model,a new design scheme for the integrated classifier is proposed.The attribute reduction algorithm of the discernibility matrix is used for the optimization design of reducing nodes of input and hidden layers.The experimental test result shows that this design is valid.

  6. Anomaly based intrusion detection for a biometric identification system using neural networks

    CSIR Research Space (South Africa)

    Mgabile, T

    2012-10-01

    Full Text Available detection technique that analyses the fingerprint biometric network traffic for evidence of intrusion. The neural network algorithm that imitates the way a human brain works is used in this study to classify normal traffic and learn the correct traffic...

  7. 76 FR 5370 - Potential Addition of Vapor Intrusion Component to the Hazard Ranking System

    Science.gov (United States)

    2011-01-31

    ... vapor intrusion contamination to be evaluated for placement on the NPL. EPA is accepting public feedback.... Listening Session: Oral and written comments on the topics in the SUPPLEMENTARY INFORMATION section of this... Notice to allow interested parties to present feedback on the potential HRS addition. EPA welcomes...

  8. Sampled-Data Kalman Filtering and Multiple Model Adaptive Estimation for Infinite-Dimensional Continuous-Time Systems

    Science.gov (United States)

    2007-03-01

    1-22 systems theory to functional differential equations, as reported in [103]. Addition- ally, the semigroup theory has been steadily developed to...distributor operator, F(t), generates a semigroup of two-parameter state transition operators, Φ(t, s), a time-invariant state distribu- tor operator, F...generates a semigroup of one-parameter state transition operators, Φ(t − s) [38, 160, 39, 48, 115]. The single parameter is denoted by the “time” dif

  9. Framework of Combined Adaptive and Non-adaptive Attitude Control System for a Helicopter Experimental System

    Institute of Scientific and Technical Information of China (English)

    Akira Inoue; Ming-Cong Deng

    2006-01-01

    This paper presents a framework of a combined adaptive and non-adaptive attitude control system for a helicopter experimental system. The design method is based on a combination of adaptive nonlinear control and non-adaptive nonlinear control. With regard to detailed attitude control system design, two schemes are shown for different application cases.

  10. Adaptive Embedded Digital System for Plasma Diagnostics

    Science.gov (United States)

    González, Angel; Rodríguez, Othoniel; Mangual, Osvaldo; Ponce, Eduardo; Vélez, Xavier

    2014-05-01

    An Adaptive Embedded Digital System to perform plasma diagnostics using electrostatic probes was developed at the Plasma Engineering Laboratory at Polytechnic University of Puerto Rico. The system will replace the existing instrumentation at the Laboratory, using reconfigurable hardware to minimize the equipment and software needed to perform diagnostics. The adaptability of the design resides on the possibility of replacing the computational algorithm on the fly, allowing to use the same hardware for different probes. The system was prototyped using Very High Speed Integrated Circuits Hardware Description Language (VHDL) into an Field Programmable Gate Array (FPGA) board. The design of the Embedded Digital System includes a Zero Phase Digital Filter, a Derivative Unit, and a Computational Unit designed using the VHDL-2008 Support Library. The prototype is able to compute the Plasma Electron Temperature and Density from a Single Langmuir probe. The system was tested using real data previously acquired from a single Langmuir probe. The plasma parameters obtained from the embedded system were compared with results computed using matlab yielding excellent matching. The new embedded system operates on 4096 samples versus 500 on the previous system, and completes its computations in 26 milliseconds compared with about 15 seconds on the previous system.

  11. An immune based dynamic intrusion detection model

    Institute of Scientific and Technical Information of China (English)

    LI Tao

    2005-01-01

    With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection model (Idid) is proposed. In Idid, the dynamic models and the corresponding recursive equations of the lifecycle of mature lymphocytes, and the immune memory are built. Therefore, the problem of the dynamic description of self and nonself in computer immune systems is solved, and the defect of the low efficiency of mature lymphocyte generating in traditional computer immune systems is overcome. Simulations of this model are performed, and the comparison experiment results show that the proposed dynamic intrusion detection model has a better adaptability than the traditional methods.

  12. Mapping the 3-D extent of the Northern Lobe of the Bushveld layered mafic intrusion from geophysical data

    Science.gov (United States)

    Finn, Carol A.; Bedrosian, Paul A.; Cole, Janine; Khoza, Tshepo David; Webb, Susan J.

    2015-01-01

    Geophysical models image the 3D geometry of the mafic portion of the Bushveld Complex north of the Thabazimbi-Murchison Lineament (TML), critical for understanding the origin of the world's largest layered mafic intrusion and platinum group element deposits. The combination of the gravity and magnetic data with recent seismic, MT, borehole and rock property measurements powerfully constrains the models. The intrusion north of the TML is generally shallowly buried (generally modeled area of ∼160 km × ∼125 km. The modeled thicknesses are not well constrained but vary from ∼12,000 m, averaging ∼4000 m. A feeder, suggested by a large modeled thickness (>10,000 m) and funnel shape, for Lower Zone magmas could have originated near the intersection of NS and NE trending TML faults under Mokopane. The TML has been thought to be the feeder zone for the entire Bushveld Complex but the identification of local feeders and/or dikes in the TML in the models is complicated by uncertainties on the syn- and post-Bushveld deformation history. However, modeled moderately thick high density material near the intersection of faults within the central and western TML may represent feeders for parts of the Bushveld Complex if deformation was minimal. The correspondence of flat, high resistivity and density regions reflect the sill-like geometry of the Bushveld Complex without evidence for feeders north of Mokopane. Magnetotelluric models indicate that the Transvaal sedimentary basin underlies much of the Bushveld Complex north of the TML, further than previously thought and important because the degree of reaction and assimilation of the Transvaal rocks with the mafic magmas resulted in a variety of mineralization zones.

  13. Is Echo a complex adaptive system?

    Science.gov (United States)

    Smith, R M; Bedau, M A

    2000-01-01

    We evaluate whether John Holland's Echo model exemplifies his theory of complex adaptive systems. After reviewing Holland's theory of complex adaptive systems and describing his Escho model, we describe and explain the characteristic evolutionary behavior observed in a series of Echo model runs. We conclude that Echo lacks the diversity of hierarchically organized aggregates that typify complex adaptive systems, and we explore possible explanations for this failure.

  14. Minimally Intrusive and Nonintrusive Supersonic Injectors for LANTR and RBCC/Scramjet Propulsion Systems

    Science.gov (United States)

    Buggele, Alvin E.; Gallagher, John R.

    2002-10-01

    A family of supersonic injectors for use on spaceplanes, rockets and missiles and the like is disclosed and claimed. Each injector maintains a specific constant (uniform) Mach number along its length when used while being minimally intrusive at significantly higher injectant pressure than combuster freestream total pressure. Each injector is substantially non-intrusive when it is not being used. The injectors may be used individually or in a group. Different orientations of the injectors in a group promotes greater penetration and mixing of fuel or oxidizer into a supersonic combustor. The injectors can be made from single piece of Aluminum, investment cast metal, or ceramic or they can be made from starboard and port blocks strapped together to accurately control the throat area. Each injector includes an elongated body having an opening which in cross section is an hour glass (venturi shaped) and the opening diverges in width and depth from the bow section to the stem section of the opening.

  15. SECURITY IN VEHICULAR AD HOC NETWORK BASED ON INTRUSION DETECTION SYSTEM

    Directory of Open Access Journals (Sweden)

    Omkar Pattnaik

    2014-01-01

    Full Text Available Implementation of mobile ad hoc networks has eventually captured practically most of the parts of day-to-day life. One variation of such networks represents the Vehicular Ad Hoc Networks (VANETs, widely implemented in order to control day-to-day road traffic. The major concern of VANETs is oriented around providing security to moving vehicles that makes it possible to reduce accidents and traffic jam and moreover to establish communication among different vehicles. In this study, we analyze a number of possible attacks that may pertain to VANETs. Intrusion detection imposes various challenges to efficient implementation of VANETs. To overcome it, several intrusion detection measures have been proposed. The Watchdog technique is one of them. We detail this technique so as to make it convenient to implement it in our future investigations.

  16. 新一代入侵防御系统应用%The New Generation of Intrusion Prevention System

    Institute of Scientific and Technical Information of China (English)

    王晓东

    2013-01-01

      IPS入侵防御系统目前已经得到大规模的应用,本文对迪普IPS2000型入侵防御系统的性能特性进行了详细研究,并在实际网络中部署了该系统。%IPS has been widely applied. The performance of Depp IPS2000 Intrusion Prevention System characteristics were studied in detail in this paper, and this system was deployed in actual network.

  17. A FEATURE SELECTION ALGORITHM DESIGN AND ITS IMPLEMENTATION IN INTRUSION DETECTION SYSTEM

    Institute of Scientific and Technical Information of China (English)

    杨向荣; 沈钧毅

    2003-01-01

    Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub-dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset's quantity is reduced significantly.

  18. 基于神经网络集成的入侵检测系统%An Intrusion Detection System Based on Neural Network Ensembles

    Institute of Scientific and Technical Information of China (English)

    徐敏; 沈晓红; 顾颀

    2011-01-01

    With the problems of the low detection rate and the insufficient sensitivity to the new intrusion, the current intrusion detection systems affect the functions of the entre system. Based on the very deep research, this paper proposes a new neural network ensembles method for intrusion detection. The method is used to train the individual networks on the basis of data reduction. Neural network techniques are used to combine the different classification results. Theory and experiment show that the model is effective.%目前,较为成熟的入侵检测系统普遍存在检测率偏低、对新的入侵不够敏感等问题,影响了系统的整体性能.在深入研究的基础上,本文提出了一种基于神经网络集成的入侵检测方法.该方法采用神经网络集成分类技术,在去除冗余数据的基础上对成员网络进行训练,并通过动态的方法确定成员网络的个数,最终通过神经网络对成员网络结果进行融合,以提高系统的整体性能.理论和实验表明,该方法能在保证成员网络差异性的同时提高入侵的检测率,具有较好的应用前景.

  19. Zircon Recycling in Arc Intrusions

    Science.gov (United States)

    Miller, J.; Barth, A.; Matzel, J.; Wooden, J.; Burgess, S.

    2008-12-01

    Recycling of zircon has been well established in arc intrusions and arc volcanoes, but a better understanding of where and how zircons are recycled can help illuminate how arc magma systems are constructed. To that end, we are conducting age, trace element (including Ti-in-zircon temperatures; TzrnTi) and isotopic studies of zircons from the Late Cretaceous (95-85 Ma) Tuolumne Intrusive Suite (TIS) in the Sierra Nevada Batholith (CA). Within the TIS zircons inherited from ancient basement sources and/or distinctly older host rocks are uncommon, but recycled zircon antecrysts from earlier periods of TIS-related magmatism are common and conspicuous in the inner and two most voluminous units of the TIS, the Half Dome and Cathedral Peak Granodiorites. All TIS units have low bulk Zr ([Zr]825°C), [Zr] in the TIS is a factor of 2 to 3 lower than saturation values. Low [Zr] in TIS rocks might be attributed to a very limited supply of zircon in the source, by disequilibrium melting and rapid melt extraction [1], by melting reactions involving formation of other phases that can incorporate appreciable Zr [2], or by removal of zircon at an earlier stage of magma evolution. Based on a preliminary compilation of literature data, low [Zr] is common to Late Cretaceous N.A. Cordilleran granodioritic/tonalitic intrusions (typically Tzrnsat [3]. A corollary is that slightly older zircon antecrysts that are common in the inner units of the TIS could be considered inherited if they are derived from remelting of slightly older intrusions. Remelting at such low temperatures in the arc would require a source of external water. Refs: [1] Sawyer, J.Pet 32:701-738; [2] Fraser et al, Geology 25:607-610; [3] Harrison et al, Geology 35:635- 638

  20. A fast ionised wind in a Star Forming-Quasar system at z~1.5 resolved through Adaptive Optics assisted near-infrared data

    CERN Document Server

    Brusa, M; Cresci, G; Schramm, M; Delvecchio, I; Lanzuisi, G; Mainieri, V; Mignoli, M; Zamorani, G; Berta, S; Bongiorno, A; Comastri, A; Fiore, F; Kakkad, D; Marconi, A; Rosario, D; Contini, T; Lamareille, F

    2016-01-01

    Outflows are invoked in co-evolutionary models to link the growth of SMBH and galaxies through feedback phenomena, and from the analysis of both galaxies and Active Galactic Nuclei (AGN) samples at z$\\sim1-3$, it is becoming clear that powerful winds are quite common in AGN hosts. High-resolution and high S/N observations are needed in order to uncover the physical properties of the wind through kinematics analysis. We exploited VIMOS, SINFONI and Subaru/IRCS Adaptive Optics data to study the kinematics properties on the scale the host galaxy of XID5395, a luminous, X-ray obscured Starburst/Quasar merging system at z$\\sim1.5$ detected in the XMM-COSMOS field, and associated with an extreme [O II] emitter (EW$\\sim200$ \\AA). We mapped, for the first time, at high resolution the kinematics of the [O III] and H$\\alpha$ line complexes and linked them with the [O II] emission. The high spatial resolution achieved allowed us to resolve all the components of the SB-QSO system. Our analysis with a resolution of few kp...

  1. From Automatic to Adaptive Data Acquisition

    DEFF Research Database (Denmark)

    Chang, Marcus

    2009-01-01

    Sensornets have been used for ecological monitoring the past decade, yet the main driving force behind these deployments are still computer scien- tists. The denser sampling and added modalities oered by sensornets could drive these elds in new directions, but not until the domain scientists be...... the exibility of sensornets and reduce the complexity for the domain scientist, we developed an AI-based controller to act as a proxy between the scientist and sensornet. This controller is driven by the scientist's requirements to the collected data, and uses adaptive sampling in order to reach these goals....

  2. Modeling Power Systems as Complex Adaptive Systems

    Energy Technology Data Exchange (ETDEWEB)

    Chassin, David P.; Malard, Joel M.; Posse, Christian; Gangopadhyaya, Asim; Lu, Ning; Katipamula, Srinivas; Mallow, J V.

    2004-12-30

    Physical analogs have shown considerable promise for understanding the behavior of complex adaptive systems, including macroeconomics, biological systems, social networks, and electric power markets. Many of today's most challenging technical and policy questions can be reduced to a distributed economic control problem. Indeed, economically based control of large-scale systems is founded on the conjecture that the price-based regulation (e.g., auctions, markets) results in an optimal allocation of resources and emergent optimal system control. This report explores the state-of-the-art physical analogs for understanding the behavior of some econophysical systems and deriving stable and robust control strategies for using them. We review and discuss applications of some analytic methods based on a thermodynamic metaphor, according to which the interplay between system entropy and conservation laws gives rise to intuitive and governing global properties of complex systems that cannot be otherwise understood. We apply these methods to the question of how power markets can be expected to behave under a variety of conditions.

  3. Implementation and Analysis of EFRS Technique for Intrusion Tolerance in Distributed Systems

    Directory of Open Access Journals (Sweden)

    A B Chougule

    2011-07-01

    Full Text Available This paper includes designing and implementing a system that uses encryption-fragmentationreplication- scattering for the purpose of developing secure and dependable data storage within a distributed system. The system will consist of one central node which is assumed to be trusted and multiple storage nodes. Data is collected at the central node, which is then encrypted followed by fragmentation. Data fragments then undergo a hash function to give unique hash value of each fragment. These fragments are then replicated and scattered over the network. Thus, the system continues to provide service even in case of failure of some storage nodes.

  4. Model-Free Adaptive Control Algorithm with Data Dropout Compensation

    Directory of Open Access Journals (Sweden)

    Xuhui Bu

    2012-01-01

    Full Text Available The convergence of model-free adaptive control (MFAC algorithm can be guaranteed when the system is subject to measurement data dropout. The system output convergent speed gets slower as dropout rate increases. This paper proposes a MFAC algorithm with data compensation. The missing data is first estimated using the dynamical linearization method, and then the estimated value is introduced to update control input. The convergence analysis of the proposed MFAC algorithm is given, and the effectiveness is also validated by simulations. It is shown that the proposed algorithm can compensate the effect of the data dropout, and the better output performance can be obtained.

  5. Adaptive Data Collection Mechanisms for Smart Monitoring of Distribution Grids

    DEFF Research Database (Denmark)

    Kemal, Mohammed Seifu; Olsen, Rasmus Løvenstein

    Smart Grid systems not only transport electric energy but also information which will be active part of the electricity supply system. This has led to the introduction of intelligent components on all layers of the electrical grid in power generation, transmission, distribution and consumption...... units. For electric distribution systems, Information from Smart Meters can be utilized to monitor and control the state of the grid. Hence, it is indeed inherent that data from Smart Meters should be collected in a resilient, reliable, secure and timely manner fulfilling all the communication...... requirements and standards. This paper presents a proposal for smart data collection mechanisms to monitor electrical grids with adaptive smart metering infrastructures. A general overview of a platform is given for testing, evaluating and implementing mechanisms to adapt Smart Meter data aggregation. Three...

  6. Adaptive Data Collection Mechanisms for Smart Monitoring of Distribution Grids

    DEFF Research Database (Denmark)

    Kemal, Mohammed Seifu; Olsen, Rasmus Løvenstein

    2016-01-01

    Smart Grid systems not only transport electric energy but also information which will be active part of the electricity supply system. This has led to the introduction of intelligent components on all layers of the electrical grid in power generation, transmission, distribution and consumption...... units. For electric distribution systems, Information from Smart Meters can be utilized to monitor and control the state of the grid. Hence, it is indeed inherent that data from Smart Meters should be collected in a resilient, reliable, secure and timely manner fulfilling all the communication...... requirements and standards. This paper presents a proposal for smart data collection mechanisms to monitor electrical grids with adaptive smart metering infrastructures. A general overview of a platform is given for testing, evaluating and implementing mechanisms to adapt Smart Meter data aggregation. Three...

  7. A Novel Broadband MIMO/OFDM System Using Adaptive Modulation and Adaptive Diversity

    Institute of Scientific and Technical Information of China (English)

    PANYahan; KhaledBenLetaief; CAOZhigang; QIUYonghong

    2005-01-01

    OFDM (Orthogonal frequency division multiplexing) has been widely regarded as an effective modulation technique for mitigating the effects of ISI in a frequency selective fading channel and for providing reliable high-data transmission over wireless links. Adaptive modulation combined with adaptive transmit and receive diversity can achieve further increases in system's capacity and bandwidth efficiency, as well as in QoS improvement in conventional OFDM systems. In this paper, we propose a novel broadband MIMO/OFDM system using adaptive modulation and adaptive transmit and receive diversity. By applying an EVD on each sub-carrier channel matrix, joint optimal transmit and receive antenna weights as well as maximal SNR on each sub-carrier are obtained. Then, by employing adaptive modulation on each sub-carrier, the maximal SNR on each sub-carrier obtained by adaptive transmit and receive diversity is further maximized through adaptive bit assignment and power assignment on each sub-carrier under the constraint of power and overall bit rate. Simulation results show that the proposed system can achieve better performance than an adaptive antenna array based OFDM system without adaptive modulation over multipath fading channels.

  8. Data Warehouse Schema Evolution and Adaptation Framework Using Ontology

    Directory of Open Access Journals (Sweden)

    M.Thenmozhi

    2014-07-01

    Full Text Available Data Warehouse systems aim at integrating data from multiple heterogeneous, distributed, autonomous data sources. Due to changing business needs the data warehouse systems are never meant to be static. Changes in the data source structure or business requirements would result in the evolution of data warehouse schema structure. When data warehouse schema evolves the dependent modules such as its mappings, queries and views gets affected. The existing works on data warehouse evolution focus only on schema evolution at the physical level. As ontology seems to be a promising solution in data warehouse research, the proposed framework handles data warehouse schema evolution at ontological level. Moreover, it analyses the impact of the dependent modules and proposes methods to automatically adapt to changes.

  9. Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security

    NARCIS (Netherlands)

    Caselli, Marco

    2016-01-01

    “Networked control system” (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing essent

  10. Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

    Science.gov (United States)

    Hu, Haibin

    2017-05-01

    Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

  11. Progress with the lick adaptive optics system

    Energy Technology Data Exchange (ETDEWEB)

    Gavel, D T; Olivier, S S; Bauman, B; Max, C E; Macintosh, B

    2000-03-01

    Progress and results of observations with the Lick Observatory Laser Guide Star Adaptive Optics System are presented. This system is optimized for diffraction-limited imaging in the near infrared, 1-2 micron wavelength bands. We describe our development efforts in a number of component areas including, a redesign of the optical bench layout, the commissioning of a new infrared science camera, and improvements to the software and user interface. There is also an ongoing effort to characterize the system performance with both natural and laser guide stars and to fold this data into a refined system model. Such a model can be used to help plan future observations, for example, predicting the point-spread function as a function of seeing and guide star magnitude.

  12. Saltwater intrusion in the surficial aquifer system of the Big Cypress Basin, southwest Florida, and a proposed plan for improved salinity monitoring

    Science.gov (United States)

    Prinos, Scott T.

    2013-01-01

    The installation of drainage canals, poorly cased wells, and water-supply withdrawals have led to saltwater intrusion in the primary water-use aquifers in southwest Florida. Increasing population and water use have exacerbated this problem. Installation of water-control structures, well-plugging projects, and regulation of water use have slowed saltwater intrusion, but the chloride concentration of samples from some of the monitoring wells in this area indicates that saltwater intrusion continues to occur. In addition, rising sea level could increase the rate and extent of saltwater intrusion. The existing saltwater intrusion monitoring network was examined and found to lack the necessary organization, spatial distribution, and design to properly evaluate saltwater intrusion. The most recent hydrogeologic framework of southwest Florida indicates that some wells may be open to multiple aquifers or have an incorrect aquifer designation. Some of the sampling methods being used could result in poor-quality data. Some older wells are badly corroded, obstructed, or damaged and may not yield useable samples. Saltwater in some of the canals is in close proximity to coastal well fields. In some instances, saltwater occasionally occurs upstream from coastal salinity control structures. These factors lead to an incomplete understanding of the extent and threat of saltwater intrusion in southwest Florida. A proposed plan to improve the saltwater intrusion monitoring network in the South Florida Water Management District’s Big Cypress Basin describes improvements in (1) network management, (2) quality assurance, (3) documentation, (4) training, and (5) data accessibility. The plan describes improvements to hydrostratigraphic and geospatial network coverage that can be accomplished using additional monitoring, surface geophysical surveys, and borehole geophysical logging. Sampling methods and improvements to monitoring well design are described in detail. Geochemical analyses

  13. Adaptive passive equivalence of uncertain Lü system

    Institute of Scientific and Technical Information of China (English)

    Qi Dong-Lian

    2006-01-01

    An adaptive passive strategy for controlling uncertain Lü system is proposed. Since the uncertain Lü system is minimum phase and the uncertain parameters are from a bounded compact set, the essential conditions are studied by which uncertain Lü system could be equivalent to a passive system, and the adaptive control law is given. Using passive theory, the uncertain Lü system could be globally asymptotically stabilized at different equilibria by the smooth state feedback.

  14. Development and Simulation of Early-Warning and Predicting System for Saltwater Intrusion%咸潮入侵预警预报信息系统的设计与仿真

    Institute of Scientific and Technical Information of China (English)

    沈萍萍; 方立刚

    2011-01-01

    The online warning and forecasting of saltwater intrusion are studied. Currently, saltwater intrusion model can only display the measured data, and the timely warning and forecast can not be achieved. To solve the above problem, this paper presents a variable estuarine salinity simulation model, and gives the iterative algorithm of early warning. As long as accessing parameters, such as estuarine salinity and runoff etc. , accurate early warning of the salinity of local saltwater intrusion and the largest local saltwater intrusion distance can be rapidly realized, which solves the technical problems of local saltwater intrusion forecasting. Experimental results show that the propesed simulation iteration variable salinity estuary warning algorithm has relatively low error, and can accurately monitor saltwater intrusion. The saltwater intrusion forecasting information system developed basedon the algorithm has visual online early warning pattern. Using this system, the early-warning of saltwater intrusion can be electronized.%研究咸潮入侵实时、准确预警预报问题.目前咸潮入侵多为实测数据,没有相应的预警预报系统,无法实时、准确地预警咸情.为解决上述问题,提出可变河口盐度仿真迭代预警模型并给出实现算法.只要获取河口盐度和径流量等几个参数就能快速准确预警当地咸潮入侵盐度和入侵距离,解决了当地咸潮入侵预警预报实时性和准确性的技术难题.经过仿真证明.可变河口盐度模拟迭代预警算法误差较小,能快速、准确地监测预警咸潮入侵情况;基于算法开发设计的咸潮入侵预警预报信息系统在线预警形式直观,实现了珠三角地区成情的实时、准确预警,证明了预报系统的有效性.

  15. From Automatic to Adaptive Data Acquisition

    DEFF Research Database (Denmark)

    Chang, Marcus

    2009-01-01

    Sensornets have been used for ecological monitoring the past decade, yet the main driving force behind these deployments are still computer scien- tists. The denser sampling and added modalities oered by sensornets could drive these elds in new directions, but not until the domain scientists be......- come familiar with sensornets and use them as any other instrument in their toolbox. We explore three dierent directions in which sensornets can become easier to deploy, collect data of higher quality, and oer more exibility, and we postulate that sensornets should be instruments for domain scientists...... the exibility of sensornets and reduce the complexity for the domain scientist, we developed an AI-based controller to act as a proxy between the scientist and sensornet. This controller is driven by the scientist's requirements to the collected data, and uses adaptive sampling in order to reach these goals....

  16. Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security

    OpenAIRE

    Caselli, Marco

    2016-01-01

    “Networked control system” (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing essential services such as en- ergy and water (e.g., critical infrastructures) to monitoring the increasingly smart environments that surround us (e.g., the Internet of Things). Over the years, NCS techn...

  17. A Comparative Analysis of the Snort and Suricata Intrusion-Detection Systems

    Science.gov (United States)

    2011-09-01

    Martin Roesch and is based on the Libpcap library ( Roesch , 2005). The current modular design of Snort in today’s version was settled on in 1999 with...Lococo, 2011). That is because the current Snort engine is a single-threaded multi-stage design ( Roesch , 2010) and does not perform as well as...blog.ivanristic.com/2009/11/http-parser-for-intrusion- detection-and-web-application-firewalls.html Roesch , M. (2005). The story of snort: Past, present and future

  18. Big data based intrusion detection method of smart meters%基于大数据的智能电表入侵检测方法

    Institute of Scientific and Technical Information of China (English)

    李志强; 高大兵; 苏盛; 王建城; 陈丹丹; 曾祥君

    2016-01-01

    Big data based Intrusion Detection System (IDS)of Advanced Meter Infrastructure (AMI)was proposed in this paper.Since malicious intrusion is usually characterized by a higher CPU utilization rate and heavier communication loads.Smart meters were proposed to calculate and record these data for security analysis and upload them to utility meter data management sys-tems together with electricity consumption information.Thereafter,suspicious meters with ab-normal higher CPU utilization rate and heavier communication loads could be singled out for fur-ther inspection based on statistical analysis of security data for homotype meters.There is no need to install and upload virus detection software.The proposed method can meet the require-ments of data security in power gird under limited calculation method and communication band-width of smart meter.%智能装置感染病毒软件的征兆一般是CPU利用率和网络通信流量异常上升,提出AMI中基于大数据的入侵检测方法.由各智能电表记录其CPU负荷率及网络通信流量,将此数据与电量功率数据一起上传到用电管理中心数据服务器,再由异常甄别系统对相同型号智能电表的CPU负荷率及网络通信流量进行对比,即可利用大量表计数据的统计特性,识别出CPU负荷率和通信流量明显偏高的异常电表.所提方法无需在智能电表上安装和更新病毒检测软件,可在智能电表有限的计算能力和通信带宽约束下满足信息安全防护的基本需求.

  19. The Federated Data System DataFed: Experiences in Data Homogenization and Networking.

    Science.gov (United States)

    Husar, R. B.; Hoijarvi, K.; Falke, S.; Robinson, E. M.; Leptoukh, G.

    2008-05-01

    DataFed is a federated information system for accessing, processing and visualization of heterogeneous, distributed Earth Science data. The distributed data sources are federated by applying a universal, multi- dimensional data model based on physical coordinates, latitude, longitude (bounding box), and time range. The physical and semantic homogenization is accomplished by non-intrusive wrapper services. The inputs to the wrappers are instance-specific datasets that are web-accessible, but without formal, structured data access procedures. The output of the wrappers are formal, standards-based data access interfaces. In other words, data wrappers turn loosely structured data into web services. In DataFed, the OGC web services have been adapted as a standard protocol for Air Quality data access. The experiences in the preparation of data wrapper components will be presented. In DataFed, data processing and visualization services are performed through SOAP-based web services, which themselves can be distributed. Data processing, visualization and browsing applications are created by the composition of the distributed service components. Interoperability experiments have been used to establish compatability of the service components. The results of our group's participation in the GALEON (Geo-interface to Atmosphere, Land, Earth, Ocean netCDF) Interoperability Experiment will be presented. This includes the experience with WCS test servers to deliver a wide variety of point, grid and image coverage data. An evaluation of the WCS protocol for accessing coverages of different data types arising from a variety of Earth observation and modeling systems will be given. The GEOSS Services Network (GSN) is a persistent network of a publicly accessible OpenGIS-accessible services. The IEEE, ISPRS, OGC and other participating organization and members of GEO have also sponsored a series of workshops entitled "The User and the GEOSS Architecture", each workshop having a region

  20. Dynamic and adaptive data-management in ATLAS

    Energy Technology Data Exchange (ETDEWEB)

    Lassnig, Mario; Garonne, Vincent; Branco, Miguel; Molfetas, Angelos, E-mail: mario.lassnig@cern.c, E-mail: vincent.garonne@cern.c, E-mail: miguel.branco@cern.c, E-mail: angelos.molfetas@cern.c [CERN PH-ADP/DDM, 1211 Geneva (Switzerland); Faculty of Mathematics, Computer Science and Physics, University of Innsbruck (Austria)

    2010-04-01

    Distributed data-management on the grid is subject to huge uncertainties yet static policies govern its usage. Due to the unpredictability of user behaviour, the high-latency and the heterogeneous nature of the environment, distributed data-management on the grid is challenging. In this paper we present the first steps towards a future dynamic data-management system that adapts to the changing conditions and environment. Such a system would eliminate the number of manual interventions and remove unnecessary software layers, thereby providing a higher quality of service to the collaboration.

  1. Dynamic and adaptive data-management in ATLAS

    CERN Document Server

    Lassnig, M; Branco, M; Molfetas, A

    2010-01-01

    Distributed data-management on the grid is subject to huge uncertainties yet static policies govern its usage. Due to the unpredictability of user behaviour, the high-latency and the heterogeneous nature of the environment, distributed data-management on the grid is challenging. In this paper we present the first steps towards a future dynamic data-management system that adapts to the changing conditions and environment. Such a system would eliminate the number of manual interventions and remove unnecessary software layers, thereby providing a higher quality of service to the collaboration.

  2. Intelligent Multimodal Signal Adaptation System Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Micro Analysis and Design (MA&D) is pleased to submit this proposal to design an Intelligent Multimodal Signal Adaptation System. This system will dynamically...

  3. Geochemical and petrographic data for intrusions peripheral to the Big Timber Stock, Crazy Mountains, Montana

    Science.gov (United States)

    du Bray, Edward A.; Van Gosen, Bradley S.

    2015-01-01

    The Paleocene Fort Union Formation hosts a compositionally diverse array of Eocene plugs, dikes, and sills arrayed around the Eocene Big Timber stock in the Crazy Mountains of south-central Montana. The geochemistry and petrography of the sills have not previously been characterized or interpreted. The purpose of this report is (1) to present available geochemical and petrographic data for several dozen samples of these rocks and (2) to provide a basic interpretive synthesis of these data.

  4. Research on artificial neural network intrusion detection photochemistry based on the improved wavelet analysis and transformation

    Science.gov (United States)

    Li, Hong; Ding, Xue

    2017-03-01

    This paper combines wavelet analysis and wavelet transform theory with artificial neural network, through the pretreatment on point feature attributes before in intrusion detection, to make them suitable for improvement of wavelet neural network. The whole intrusion classification model gets the better adaptability, self-learning ability, greatly enhances the wavelet neural network for solving the problem of field detection invasion, reduces storage space, contributes to improve the performance of the constructed neural network, and reduces the training time. Finally the results of the KDDCup99 data set simulation experiment shows that, this method reduces the complexity of constructing wavelet neural network, but also ensures the accuracy of the intrusion classification.

  5. Passenger compartment intrusion as a predictor of significant injury for children in motor vehicle crashes.

    Science.gov (United States)

    Evans, Susan L; Nance, Michael L; Arbogast, Kristy B; Elliott, Michael R; Winston, Flaura K

    2009-02-01

    Passenger compartment intrusion, loss of integrity of the vehicle occupant compartment due to a motor vehicle crash, has frequently been used as a triage criterion. Data to support intrusion as a proxy for injury severity in child occupants are lacking. The purpose of this study was to examine the association between intrusion and injury to children in motor vehicle crashes. Crash investigation data were reviewed from the partners for child passenger safety database, a large, child-focused crash surveillance system. Data included: intrusion (centimeters), direction of impact, age of occupant, and Abbreviated Injury Scale (AIS) score. Analyses examined the relationship between the amount of intrusion and the risk of any AIS > or = 2, or > or = 3 injury. Data were available on 880 children, age 0 year to 15 years. AIS > or = 2 and > or = 3 injuries occurred in 40.3% and 12.6% of child occupants, respectively. Intrusion was strongly and positively associated with the odds of both an AIS > or = 2 and > or = 3 injury (p or = 2, or > or = 3 injury increased on average by 2.9% (95% CI = 1.9-3.8%), or 4.0% (95% CI = 2.7-5.2%), respectively, for each additional centimeter of intrusion, adjusting for age, restraint use, seating row, and direction of impact. The association between passenger compartment intrusion and injury in children supports its application in triage, and usefulness in injury predictive models. Future studies should determine methods for providing valid field information on intrusion to the trauma team.

  6. Operator adaptation to changes in system reliability under adaptable automation.

    Science.gov (United States)

    Chavaillaz, Alain; Sauer, Juergen

    2016-11-25

    This experiment examined how operators coped with a change in system reliability between training and testing. Forty participants were trained for 3 h on a complex process control simulation modelling six levels of automation (LOA). In training, participants either experienced a high- (100%) or low-reliability system (50%). The impact of training experience on operator behaviour was examined during a 2.5 h testing session, in which participants either experienced a high- (100%) or low-reliability system (60%). The results showed that most operators did not often switch between LOA. Most chose an LOA that relieved them of most tasks but maintained their decision authority. Training experience did not have a strong impact on the outcome measures (e.g. performance, complacency). Low system reliability led to decreased performance and self-confidence. Furthermore, complacency was observed under high system reliability. Overall, the findings suggest benefits of adaptable automation because it accommodates different operator preferences for LOA. Practitioner Summary: The present research shows that operators can adapt to changes in system reliability between training and testing sessions. Furthermore, it provides evidence that each operator has his/her preferred automation level. Since this preference varies strongly between operators, adaptable automation seems to be suitable to accommodate these large differences.

  7. Adaptive, multiresolution visualization of large data sets using parallel octrees.

    Energy Technology Data Exchange (ETDEWEB)

    Freitag, L. A.; Loy, R. M.

    1999-06-10

    The interactive visualization and exploration of large scientific data sets is a challenging and difficult task; their size often far exceeds the performance and memory capacity of even the most powerful graphics work-stations. To address this problem, we have created a technique that combines hierarchical data reduction methods with parallel computing to allow interactive exploration of large data sets while retaining full-resolution capability. The hierarchical representation is built in parallel by strategically inserting field data into an octree data structure. We provide functionality that allows the user to interactively adapt the resolution of the reduced data sets so that resolution is increased in regions of interest without sacrificing local graphics performance. We describe the creation of the reduced data sets using a parallel octree, the software architecture of the system, and the performance of this system on the data from a Rayleigh-Taylor instability simulation.

  8. RESEARCH ON IRBF-BASED INTRUSION DETECTION SYSTEM%基于 IRBF 的入侵检测系统的研究

    Institute of Scientific and Technical Information of China (English)

    彭义春; 牛熠; 胡琦伟

    2013-01-01

    入侵检测是一种积极、动态的网络安全防护技术,能够对网络内外攻击进行防御,在保障网络安全方面起着重要的作用。研究一种将基于克隆选择原理的免疫识别算法应用于RBF( Radial Basis Function )神经网络的学习算法。该算法将输入数据作为抗原,抗体作为RBF神经网络的隐层中心,采用最小二乘递推法确定权值,提高了RBF神经网络收敛速度和精度。该算法被成功地运用到入侵检测系统中。理论与实验表明该算法具有较好的检测能力,可以较好地提高入侵检测的效率,降低误报率。%As an active and dynamic networks security-defense technique , intrusion detection can resist the attacks from inside and outside the networks , and plays an important role in assuring the networks security .We study a learning algorithm which applies the clonal selection principle-based immune recognition algorithm to radial basis function ( RBF) neural network .This algorithm uses input data as the antigens and antibodies as the hidden layer centres of RBF neural network , adopts recursive least square method to determine the weights , improves the convergence speed and precision of RBF neural network .This algorithm has been successfully applied to the intrusion detection systems . Theory and experiment show that this algorithm has better ability in intrusion detection , and can be used to improve the efficiency of intrusion detection, reduce the false alarm rate .

  9. Adaptive information filtering for dynamic recommender systems

    CERN Document Server

    Jin, Ci-Hang; Zhang, Yi-Cheng; Zhou, Tao

    2009-01-01

    The dynamic environment in the real world calls for the adaptive techniques for information filtering, namely to provide real-time responses to the changes of system data. Where many incremental algorithms are designed for this purpose, they are usually challenged by the worse and worse performance resulted from the cumulative errors over time. In this Letter, we propose two incremental diffusion-based algorithms for the personalized recommendations, which integrate some pieces of local and fast updatings to achieve the approximate results. In addition to the fast responses, the errors of the proposed algorithms do not cumulate over time, that is to say, the global recomputing is unnecessary. This remarkable advantage is demonstrated by several metrics on algorithmic accuracy for two movie recommender systems and a social bookmarking system.

  10. Sulfide intrusion and detoxification in Zostera marina

    DEFF Research Database (Denmark)

    Hasler-Sheetal, Harald; Holmer, Marianne

    2014-01-01

    nutrition in general. By a global review of sulfide intrusion, coupled with a series of field studies and in situ experiments we elucidate sulfide intrusion and different strategies of seagrasses to sustain sulfide intrusion. Using stable isotope tracing, scanning electron microscopy with x-ray analysis...... indicating a possible role of sulfide in the sulfur nutrition beside the detoxification function. Our results suggest different adaptations of Z. marina to reduced sediments and sulfide intrusion ranging from bacterial and chemical reoxidation of sulfide to sulfate to incorporation of sulfide into organic...

  11. Self-Adaptive Systems for Machine Intelligence

    CERN Document Server

    He, Haibo

    2011-01-01

    This book will advance the understanding and application of self-adaptive intelligent systems; therefore it will potentially benefit the long-term goal of replicating certain levels of brain-like intelligence in complex and networked engineering systems. It will provide new approaches for adaptive systems within uncertain environments. This will provide an opportunity to evaluate the strengths and weaknesses of the current state-of-the-art of knowledge, give rise to new research directions, and educate future professionals in this domain. Self-adaptive intelligent systems have wide application

  12. Privilege Flow Oriented Intrusion Detection Based on Hidden Semi- Markov Model

    Institute of Scientific and Technical Information of China (English)

    ZHONG An-ming; JIA Chun-fu

    2005-01-01

    A privilege flow oriented intrusion detection method based on HSMM (Hidden semi-Markov Model) is discussed. The privilege flow model and HSMM are incorporated in the implementation of an anomaly detection IDS (Intrusion Detection System). Using the data set of DARPA 1998, our experiment results reveal good detection performance and acceptable computation cost.

  13. Web-Based Adaptive Testing System

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    Due to the maturing of Internet technology, the adaptive testing can be utilized in the web-based environment and the examinee can take the test anywhere and any time. The purpose of the research is to apply item response theory (IRT), adaptive testing theory and web-service technique to construct an XML format itembank and a system of web-based adaptive testing (WAT) by the framework of three-tiered client server distance testing.

  14. Filtering Intrusion Forensic Data Based on Attack Signatures%基于攻击特征的自动证据筛选技术

    Institute of Scientific and Technical Information of China (English)

    伏晓; 谢立

    2011-01-01

    Computer forensics is a new field on computer evidences process.This field is very important and practical, so it has drawn more and more attention in recent years.Intrusion forensics is a specific area of computer forensics, and has been applied to computer intrusion activities.It is a hot area because a large proportion of the computer crimes are intrusion activities.When investigating intrusion activities, one key step is obtaining intrusion evidences.In order to get this kind of evidences automatically, an attack-signature-based method for filtering intrusion forensic data is proposed.It mainly includes the following steps: Firstly, the detail behaviors of the attack being investigated are reconstructed based on its attack signatures; Then the attack features which are required by the filter are extracted from these details; Finally, according to the similarity between attack features and candidate data, all evidences related to the attack being investigated can be gotobtained.The experiment results on DARPA 2000 have proved that our method has high accuracy and its completeness is almost 100%.Compared with current methods, our method shows more advantages.For example it needs little manual work and can process more complex intrusion scenarios.Moreover,it has higher performance and can find more types of evidences.%为了自动获得入侵证据,提出一种基于攻击特征的自动证据筛选方法.其原理是首先根据被调查攻击的特征重构出攻击行为细节,并从中抽取筛选证据需要的"特征信息".然后,再根据候选数据与这些特征信息的匹配程度筛选出该攻击相关的证据.基于DARPA 2000的实验表明这种方法具有很高的准确率,其完备性更是接近100%.而与现有方法的比较则显示出这种方法能克服现有方法人工干预较多、效率低下、仅能筛选特定证据类型、不适合处理复杂攻击等诸多缺陷.

  15. An Intrusive Analyzer for Hadoop Systems Based on Wireless Sensor Networks

    OpenAIRE

    Byoung-Jin Bae; Young-Joo Kim; Young-Kuk Kim; Ok-Kyoon Ha; Yong-Kee Jun

    2014-01-01

    Owing to the acceleration of IoT- (Internet of Things-) based wireless sensor networks, cloud-computing services using Big Data are rapidly growing. In order to manage and analyze Big Data efficiently, Hadoop frameworks have been used in a variety of fields. Hadoop processes Big Data as record values by using MapReduce programming in a distributed environment. Through MapReduce, data are stored in a Hadoop file system, and that form is not structured but unstructured. For this, it is not easy...

  16. An Adaptive Nonlinear Filter for System Identification

    Directory of Open Access Journals (Sweden)

    Tokunbo Ogunfunmi

    2009-01-01

    Full Text Available The primary difficulty in the identification of Hammerstein nonlinear systems (a static memoryless nonlinear system in series with a dynamic linear system is that the output of the nonlinear system (input to the linear system is unknown. By employing the theory of affine projection, we propose a gradient-based adaptive Hammerstein algorithm with variable step-size which estimates the Hammerstein nonlinear system parameters. The adaptive Hammerstein nonlinear system parameter estimation algorithm proposed is accomplished without linearizing the systems nonlinearity. To reduce the effects of eigenvalue spread as a result of the Hammerstein system nonlinearity, a new criterion that provides a measure of how close the Hammerstein filter is to optimum performance was used to update the step-size. Experimental results are presented to validate our proposed variable step-size adaptive Hammerstein algorithm given a real life system and a hypothetical case.

  17. ADAPTIVE REGULATION OF HIGH ORDER NONHOLONOMIC SYSTEMS

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    The problem of adaptive regulation of a class of high-order parametric nonholonomic systems in chained-form was discussed. Using adding a power integrator technique and state scaling with discontinuous projection technique, a discontinuous adaptive dynamic controller was constructed. The controller guarantees the estimated value of unknown parameter is in the prescribed extent.

  18. Data Systems vs. Information Systems

    OpenAIRE

    Amatayakul, Margret K.

    1982-01-01

    This paper examines the current status of “hospital information systems” with respect to the distinction between data systems and information systems. It is proposed that the systems currently existing are incomplete data dystems resulting in ineffective information systems.

  19. Data Systems vs. Information Systems

    OpenAIRE

    Amatayakul, Margret K.

    1982-01-01

    This paper examines the current status of “hospital information systems” with respect to the distinction between data systems and information systems. It is proposed that the systems currently existing are incomplete data dystems resulting in ineffective information systems.

  20. An Agent Based Intrusion Detection Model for Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    B. M. Reshmi

    2006-01-01

    Full Text Available Intrusion detection has over the last few years, assumed paramount importance within the broad realm of network security, more so in case of wireless mobile ad hoc networks. The inherently vulnerable characteristics of wireless mobile ad hoc networks make them susceptible to attacks in-spite of some security measures, and it may be too late before any counter action can take effect. As such, there is a need to complement traditional security mechanisms with efficient intrusion detection and response systems. This paper proposes an agent-based model to address the aspect of intrusion detection in cluster based mobile wireless ad hoc network environment. The model comprises of a set of static and mobile agents, which are used to detect intrusions, respond to intrusions, and distribute selected and aggregated intrusion information to all other nodes in the network in an intelligent manner. The model is simulated to test its operation effectiveness by considering the performance parameters such as, detection rate, false positives, agent overheads, and intrusion information distribution time. Agent based approach facilitates flexible and adaptable security services. Also, it supports component based software engineering components such as maintainability, reachability, reusability, adaptability, flexibility, and customization.

  1. High Temperature Metamorphism In The Conductive Boundary Layer Of An Intrusion Of Rhyolite Magma In The Krafla Geothermal System, Iceland

    Science.gov (United States)

    Schiffman, P.; Zierenberg, R. A.; Fridleifsson, G. O.; Elders, W. A.; Mortensen, A. K.

    2011-12-01

    A rhyolite magma body within the Krafla geothermal system- encountered at a depth of 2.1 km during drilling of the Iceland Deep Drilling Project's IDDP-1 borehole - is producing high temperature metamorphism within adjacent country rocks. Cuttings recovered during drilling within a few meters of the intrusive contact are undergoing recrystallization into granoblastic, pyroxene hornfelses. In mafic rocks, clinopyroxene-orthopyroxene-plagioclase-magnetite-ilmenite assemblages record temperatures in the range of 800-950°C. Silicic lithologies - mainly older felsitic intrusions -contain pockets of rhyolite melt, quenched to glass during drilling, amongst alkali feldspar, plagioclase, quartz, clinopyroxene, and magnetite. Curiously, no lower grade metamorphic assemblages have been identified in the drill cuttings, and country rocks at distances beyond 30 m of the contact are essentially unaltered. These findings suggest that the intruding rhyolite magma body has created a thin conductive boundary layer above it, but that a contact metamorphic aureole has not as yet developed beyond this. The heat flow across the boundary layer is calculated to be a minimum of 23 W m-2. This flux is capable of supplying steam to a geothermal power plant that can produce approximately 40 MW of electrical generation from a single well that has a measured well-head temperature of up to 415°C.

  2. Intelligent detection and identification in fiber-optical perimeter intrusion monitoring system based on the FBG sensor network

    Science.gov (United States)

    Wu, Huijuan; Qian, Ya; Zhang, Wei; Li, Hanyu; Xie, Xin

    2015-12-01

    A real-time intelligent fiber-optic perimeter intrusion detection system (PIDS) based on the fiber Bragg grating (FBG) sensor network is presented in this paper. To distinguish the effects of different intrusion events, a novel real-time behavior impact classification method is proposed based on the essential statistical characteristics of signal's profile in the time domain. The features are extracted by the principal component analysis (PCA), which are then used to identify the event with a K-nearest neighbor classifier. Simulation and field tests are both carried out to validate its effectiveness. The average identification rate (IR) for five sample signals in the simulation test is as high as 96.67%, and the recognition rate for eight typical signals in the field test can also be achieved up to 96.52%, which includes both the fence-mounted and the ground-buried sensing signals. Besides, critically high detection rate (DR) and low false alarm rate (FAR) can be simultaneously obtained based on the autocorrelation characteristics analysis and a hierarchical detection and identification flow.

  3. 网络入侵检测系统研究%Network Intrusion Detection System Study

    Institute of Scientific and Technical Information of China (English)

    张博宇

    2011-01-01

    Intrusion detection technology is the emergence of a pro-active the past two decades to protect your computer from intruders new network security technology.It can provide internal attacks and external attacks and misuse in real-time detection,network security technology is extremely important part.%入侵检测技术是近二十年来出现的一种主动保护计算机免受入侵者攻击的新型网络安全技术。它能够提供对内部攻击,外部攻击和误操作的实时检测,是网络安全技术极其重要的组成部分。

  4. Design of an Acoustic Target Intrusion Detection System Based on Small-Aperture Microphone Array

    Science.gov (United States)

    Zu, Xingshui; Guo, Feng; Huang, Jingchang; Zhao, Qin; Liu, Huawei; Li, Baoqing; Yuan, Xiaobing

    2017-01-01

    Automated surveillance of remote locations in a wireless sensor network is dominated by the detection algorithm because actual intrusions in such locations are a rare event. Therefore, a detection method with low power consumption is crucial for persistent surveillance to ensure longevity of the sensor networks. A simple and effective two-stage algorithm composed of energy detector (ED) and delay detector (DD) with all its operations in time-domain using small-aperture microphone array (SAMA) is proposed. The algorithm analyzes the quite different velocities between wind noise and sound waves to improve the detection capability of ED in the surveillance area. Experiments in four different fields with three types of vehicles show that the algorithm is robust to wind noise and the probability of detection and false alarm are 96.67% and 2.857%, respectively. PMID:28273838

  5. Research on Network Security Based on Intrusion Prevention System%基于入侵防护系统的网络安全研究

    Institute of Scientific and Technical Information of China (English)

    郑丽生; 陈金聪

    2011-01-01

    Intrusion Prevention System is a network security system which is different from the firewall and intrusion detection system.It can defense the intrusion activities and aggression actively and implement real-time blocking.It has changed the traditional pa%入侵防护系统(IPS)是一种不同于防火墙和入侵检测系统IDS的网络安全防范系统,它能对入侵活动和攻击行为实施主动防御和实时阻断,改变了传统网络安全防护体系被动防守的局面,使网络安全防护变得更积极、主动。介绍了有关IPS的防护原理、技术特征及存在的问题和解决方案。

  6. Using Jquery with Snort to Visualize Intrusion

    Directory of Open Access Journals (Sweden)

    Alaa El - Din Riad

    2012-01-01

    Full Text Available The explosive growth of malicious activities on worldwide communication networks, such as the Internet, has highlighted the need for efficient intrusion detection systems. The efficiency of traditional intrusion detection systems is limited by their inability to effectively relay relevant information due to their lack of interactive / immersive technologies. Visualized information is a technique that can encode large amounts of complex interrelated data, being at the same time easily quantified, manipulated, and processed by a human user. Authors have found that the representations can be quite effective at conveying the needed information and resolving the relationships extremely rapidly. To facilitate the creation of novel visualizations this paper presents a new framework that is designed with using data visualization technique by using Jquery Php for analysis and visualizes snort result data for user.

  7. Towards Multi-Stage Intrusion Detection using IP Flow Records

    Directory of Open Access Journals (Sweden)

    Muhammad Fahad Umer

    2016-10-01

    Full Text Available Traditional network-based intrusion detection sys-tems using deep packet inspection are not feasible for modern high-speed networks due to slow processing and inability to read encrypted packet content. As an alternative to packet-based intrusion detection, researchers have focused on flow-based intrusion detection techniques. Flow-based intrusion detection systems analyze IP flow records for attack detection. IP flow records contain summarized traffic information. However, flow data is very large in high-speed networks and cannot be processed in real-time by the intrusion detection system. In this paper, an efficient multi-stage model for intrusion detection using IP flows records is proposed. The first stage in the model classifies the traffic as normal or malicious. The malicious flows are further analyzed by a second stage. The second stage associates an attack type with malicious IP flows. The proposed multi-stage model is efficient because the majority of IP flows are discarded in the first stage and only malicious flows are examined in detail. We also describe the implementation of our model using machine learning techniques.

  8. Managing Software Complexity of Adaptive Systems

    NARCIS (Netherlands)

    de Roo, Arjan

    2012-01-01

    To survive under competitive pressure, embedded system companies build systems that can deal with changing customer needs and operating conditions, and deterioration of the hardware over the lifetime of the embedded system. Engineers face the challenge to design such adaptive systems, while keeping

  9. Adaptation in CRISPR-Cas Systems.

    Science.gov (United States)

    Sternberg, Samuel H; Richter, Hagen; Charpentier, Emmanuelle; Qimron, Udi

    2016-03-17

    Clustered regularly interspaced short palindromic repeats (CRISPR) and CRISPR-associated (Cas) proteins constitute an adaptive immune system in prokaryotes. The system preserves memories of prior infections by integrating short segments of foreign DNA, termed spacers, into the CRISPR array in a process termed adaptation. During the past 3 years, significant progress has been made on the genetic requirements and molecular mechanisms of adaptation. Here we review these recent advances, with a focus on the experimental approaches that have been developed, the insights they generated, and a proposed mechanism for self- versus non-self-discrimination during the process of spacer selection. We further describe the regulation of adaptation and the protein players involved in this fascinating process that allows bacteria and archaea to harbor adaptive immunity. Copyright © 2016 Elsevier Inc. All rights reserved.

  10. The Research of Intrusion Detection System Based on Improved Apriori Algorithm of Data Mining Association Rules%基于数据挖掘关联规则Apriori改进算法的入侵检测系统的研究

    Institute of Scientific and Technical Information of China (English)

    张浩; 景凤宣; 谢晓尧

    2011-01-01

    在众多的关联规则挖掘算法中,Apriori算法是最为经典的一个,但Apriori算法有以下缺陷:需要扫描多次数据库、生成大量候选集以及迭代求解频繁项集。因而提出了一种新方法,使Apriori算法产生的候选项集再通过数据库查找是否为频繁项集,从而提高算法的效率。最后针对入侵检测系统形成关联规则。实验结果表明,改进后的算法能有效地提高关联规则挖掘的效率。%Among a large number of association rule mining algorithms, Apriori algorithm is the most classic one ,but it has three deficiencies,including scanning databases many times, senerating a large number of candidate anthology, and mining frequent itemsets iteratively. This paper presented a method, Apriori algorithm to generate the candidate itemsets and then finds whether it is the frequent item- sets through the database, thereby enhancing the efficiency of the algorithm. Finally, intrusion detection system for the formation of association rules (IDS). The experimental results show that the optimized algorithm can effectively improve the efficiency of mining association rules.

  11. A Distributed Network Intrusion Prevention System%一种分布式网络入侵防御系统

    Institute of Scientific and Technical Information of China (English)

    薛辉; 邓军; 叶柏龙; 陆兰

    2011-01-01

    为了改进当前IPS面临性能瓶颈、误报、漏报和攻击速度等问题,提出了一种分布式"分析与检测十集中控制十升级服务"架构的网络入侵防御系统.分析与检测主要采用协议识别和分析、协议异常检测、流量异常检测及响应方式等,集中控制主要用于监测控制入侵检测与防御系统的运行及其系统配置,升级服务负责定期提供攻击特征库的升级更新,使系统提供最前沿的安全保障.同时兼容其他安全产品,形成深度防御体系,最大限度地保护企业和组织的网络安全.%In order to improve the current performance bottlenecks facing IPS, false positive, false negative and attack speed issue etc, this paper presents a distributed "analysis and testing+centralized control+upgrade services"Architecture for Network Intrusion Detection and Prevention System. Analysis and testing can be achieved mainly through protocol identification and analysis, protocol anomaly detection, traffic anomaly detection and response methods. Centralized control is primarily used for intrusion detection and prevention monitoring and control system operation and system configuration. Upgrade Service is responsible for regular upgrades attack signature updates to make sure that the system provides the most cutting-edge security. Compatible with other security products, this system forms the depth of defense, to protect businesses and organizations to maximize network security.

  12. Sharing Knowledge in Adaptive Learning Systems

    NARCIS (Netherlands)

    Kravcik, Milos; Gasevic, Dragan

    2006-01-01

    Please, cite this publication as: Kravcik, M. & Gasevic, D. (2006). Sharing Knowledge in Adaptive Learning Systems. Proceedings of ICALT2006. July, Kerkrade, The Netherlands: IEEE. Retrieved July 30th, 2006, from http://dspace.learningnetworks.org

  13. A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks

    Directory of Open Access Journals (Sweden)

    Tao Ma

    2016-10-01

    Full Text Available The development of intrusion detection systems (IDS that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC and deep neural network (DNN algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN, support vector machine (SVM, random forest (RF and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

  14. A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks.

    Science.gov (United States)

    Ma, Tao; Wang, Fen; Cheng, Jianjun; Yu, Yang; Chen, Xiaoyun

    2016-10-13

    The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

  15. ADAPTIVE GENERALIZED PREDICTIVE CONTROL OF SWITCHED SYSTEMS

    Institute of Scientific and Technical Information of China (English)

    WANG Yi-jing; WANG Long

    2005-01-01

    The problem of adaptive generalized predictive control which consists of output prediction errors for a class of switched systems is studied. The switching law is determined by the output predictive errors of a finite number of subsystems. For the single subsystem and multiple subsystems cases, it is proved that the given direct algorithm of generalized predictive control guarantees the global convergence of the system. This algorithm overcomes the inherent drawbacks of the slow convergence and large transient errors for the conventional adaptive control.

  16. 入侵检测系统发展的研究综述%A Survey on the Development of Intrusion Detection System

    Institute of Scientific and Technical Information of China (English)

    张相锋; 孙玉芳

    2003-01-01

    With the fast development of Internet ,more and more computer security affairs appear. Researchers havedeveloped many security mechanisms to improve computer security,including intrusion detection (ID). This paper re-views the history of intrusion detection systems (IDS)and mainstream techniques used in IDS,showing that IDS couldimprove security only provided that it is devised based on the architecture of the target system. From this ,we couldsee the trend of integration of host-oriented,network-oriented and application-oriented IDSs.

  17. An Instance-Learning-Based Intrusion-Detection System for Wireless Sensor Networks

    Institute of Scientific and Technical Information of China (English)

    Shuai Fu; Xiaoyan Wang; Jie Li

    2015-01-01

    This paper proposes an instance⁃learning⁃based intrusion⁃detection system (IL⁃IDS) for wireless sensor networks (WSNs). The goal of the proposed system is to detect routing attacks on a WSN. Taking an existing instance⁃learning algorithm for wired networks as our basis, we propose IL⁃IDS for handling routing security problems in a WSN. Attacks on a routing protocol for a WSN include black hole attack and sinkhole attack. The basic idea of our system is to differentiate the changes between secure instances and attack instances. Considering the limited resources of sensor nodes, the existing algorithm cannot be used directly in a WSN. Our system mainly comprises four parts: feature vector selection, threshold selection, instance data processing, and instance determina⁃tion. We create a feature vector form composed of the attributes that changes obviously when an attack occurs within the network. For the data processing in resource⁃constrained sensor nodes, we propose a data⁃reduction scheme based on the clustering algo⁃rithm. For instance determination, we provide a threshold⁃selection scheme and describe the concrete⁃instance⁃determination mechanism of the system. Finally, we simulate and evaluate the proposed IL⁃IDS for different types of attacks.

  18. Applications of Landsat Thematic Mapper and ground-based spectrometer data to a study of the Skaergaard and other mafic intrusions of East Greenland

    Science.gov (United States)

    Birnie, Richard W.; Naslund, H. Richard; Nichols, Jennifer D.; Turner, Patricia A.; Parr, J. Thomas

    1989-01-01

    Landsat TM data have been used in conjunction with field spectrometer data to map the lithologic units associated with a series of gabbroic intrusions in the East Greenland Tertiary Igneous Province. The general lack of vegetation combined with the difficulty of access to these intrusions make them ideal candidates for lithologic mapping using remote sensing techniques. In addition, these bodies are of interest as possible precious metal ore deposits. The intrusions are spectrally distinct from the surrounding Precambrian gneisses; however, subpixel contamination by snow, oxide surface coatings, and lichen cover and severe topography limit the discrimination of lithologic units within the gabbro. The spectral nature of the surface contaminants was evaluated with a Barringer Hand Held Ratioing Radiometer (HHRR). These HHRR data indicate that bare rock exposures have distinct TM signatures for each lithologic unit but that even small amounts of subpixel contamination are enough to mask these differences because of the large differences between the TM signatures of the rocks and the contaminants.

  19. Adaptive Radiation: Contrasting Theory with Data

    National Research Council Canada - National Science Library

    Sergey Gavrilets; Jonathan B. Losos

    2009-01-01

    .... Adaptive radiation in such clades is not only spectacular, but is also an extremely complex process influenced by a variety of ecological, genetic, and developmental factors and strongly dependent...

  20. CONSTRUCTIVE MODEL OF ADAPTATION OF DATA STRUCTURES IN RAM. PART II. CONSTRUCTORS OF SCENARIOS AND ADAPTATION PROCESSES

    Directory of Open Access Journals (Sweden)

    V. I. Shynkarenko

    2016-04-01

    Full Text Available Purpose.The second part of the paper completes presentation of constructive and the productive structures (CPS, modeling adaptation of data structures in memory (RAM. The purpose of the second part in the research is to develop a model of process of adaptation data in a RAM functioning in different hardware and software environments and scenarios of data processing. Methodology. The methodology of mathematical and algorithmic constructionism was applied. In this part of the paper, changes were developed the constructors of scenarios and adaptation processes based on a generalized CPS through its transformational conversions. Constructors are interpreted, specialized CPS. Were highlighted the terminal alphabets of the constructor scenarios in the form of data processing algorithms and the constructor of adaptation – in the form of algorithmic components of the adaptation process. The methodology involves the development of substitution rules that determine the output process of the relevant structures. Findings. In the second part of the paper, system is represented by CPS modeling adaptation data placement in the RAM, namely, constructors of scenarios and of adaptation processes. The result of the implementation of constructor of scenarios is a set of data processing operations in the form of text in the language of programming C#, constructor of the adaptation processes – a process of adaptation, and the result the process of adaptation – the adapted binary code of processing data structures. Originality. For the first time proposed the constructive model of data processing – the scenario that takes into account the order and number of calls to the various elements of data structures and adaptation of data structures to the different hardware and software environments. At the same the placement of data in RAM and processing algorithms are adapted. Constructionism application in modeling allows to link data models and algorithms for