WorldWideScience

Sample records for anomaly detection system

  1. Detecting data anomalies methods in distributed systems

    Science.gov (United States)

    Mosiej, Lukasz

    2009-06-01

    Distributed systems became most popular systems in big companies. Nowadays many telecommunications companies want to hold large volumes of data about all customers. Obviously, those data cannot be stored in single database because of many technical difficulties, such as data access efficiency, security reasons, etc. On the other hand there is no need to hold all data in one place, because companies already have dedicated systems to perform specific tasks. In the distributed systems there is a redundancy of data and each system holds only interesting data in appropriate form. Data updated in one system should be also updated in the rest of systems, which hold that data. There are technical problems to update those data in all systems in transactional way. This article is about data anomalies in distributed systems. Avail data anomalies detection methods are shown. Furthermore, a new initial concept of new data anomalies detection methods is described on the last section.

  2. Detection of cardiovascular anomalies: Hybrid systems approach

    KAUST Repository

    Diaz Ledezma, Fernando

    2012-06-06

    In this paper, we propose a hybrid interpretation of the cardiovascular system. Based on a model proposed by Simaan et al. (2009), we study the problem of detecting cardiovascular anomalies that can be caused by variations in some physiological parameters, using an observerbased approach. We present the first numerical results obtained. © 2012 IFAC.

  3. Anomaly Detection for Complex Systems

    Data.gov (United States)

    National Aeronautics and Space Administration — In performance maintenance in large, complex systems, sensor information from sub-components tends to be readily available, and can be used to make predictions...

  4. An Immunity-Based Anomaly Detection System with Sensor Agents

    Directory of Open Access Journals (Sweden)

    Yoshiteru Ishida

    2009-11-01

    Full Text Available This paper proposes an immunity-based anomaly detection system with sensor agents based on the specificity and diversity of the immune system. Each agent is specialized to react to the behavior of a specific user. Multiple diverse agents decide whether the behavior is normal or abnormal. Conventional systems have used only a single sensor to detect anomalies, while the immunity-based system makes use of multiple sensors, which leads to improvements in detection accuracy. In addition, we propose an evaluation framework for the anomaly detection system, which is capable of evaluating the differences in detection accuracy between internal and external anomalies. This paper focuses on anomaly detection in user’s command sequences on UNIX-like systems. In experiments, the immunity-based system outperformed some of the best conventional systems.

  5. Fuzzy Based Anomaly Intrusion Detection System for Clustered WSN

    OpenAIRE

    Sumathy Murugan; Sundara Rajan, M.

    2015-01-01

    In Wireless Sensor Networks (WSN), the intrusion detection technique may result in increased computational cost, packet loss, performance degradation and so on. In order to overcome these issues, in this study, we propose a fuzzy based anomaly intrusion detection system for clustered WSN. Initially the cluster heads are selected based on the parameters such as link quality, residual energy and coverage. Then the anomaly intrusion is detected using fuzzy logic technique. This technique conside...

  6. Poseidon: a 2-tier anomaly-based intrusion detection system

    NARCIS (Netherlands)

    Bolzoni, Damiano; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter

    2005-01-01

    We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection r

  7. Probabilistic Anomaly Detection Based On System Calls Analysis

    Directory of Open Access Journals (Sweden)

    Przemysław Maciołek

    2007-01-01

    Full Text Available We present an application of probabilistic approach to the anomaly detection (PAD. Byanalyzing selected system calls (and their arguments, the chosen applications are monitoredin the Linux environment. This allows us to estimate “(abnormality” of their behavior (bycomparison to previously collected profiles. We’ve attached results of threat detection ina typical computer environment.

  8. Monitoring water supply systems for anomaly detection and response

    NARCIS (Netherlands)

    Bakker, M.; Lapikas, T.; Tangena, B.H.; Vreeburg, J.H.G.

    2012-01-01

    Water supply systems are vulnerable to damage caused by unintended or intended human actions, or due to aging of the system. In order to minimize the damages and the inconvenience for the customers, a software tool was developed to detect anomalies at an early stage, and to support the responsible s

  9. System for Anomaly and Failure Detection (SAFD) system development

    Science.gov (United States)

    Oreilly, D.

    1992-07-01

    This task specified developing the hardware and software necessary to implement the System for Anomaly and Failure Detection (SAFD) algorithm, developed under Technology Test Bed (TTB) Task 21, on the TTB engine stand. This effort involved building two units; one unit to be installed in the Block II Space Shuttle Main Engine (SSME) Hardware Simulation Lab (HSL) at Marshall Space Flight Center (MSFC), and one unit to be installed at the TTB engine stand. Rocketdyne personnel from the HSL performed the task. The SAFD algorithm was developed as an improvement over the current redline system used in the Space Shuttle Main Engine Controller (SSMEC). Simulation tests and execution against previous hot fire tests demonstrated that the SAFD algorithm can detect engine failure as much as tens of seconds before the redline system recognized the failure. Although the current algorithm only operates during steady state conditions (engine not throttling), work is underway to expand the algorithm to work during transient condition.

  10. Advanced Ground Systems Maintenance Anomaly Detection Project

    Data.gov (United States)

    National Aeronautics and Space Administration — This project will develop the capability to identify anomalous conditions (indications to potential impending system failure) in ground system operations before...

  11. Anomaly Detection in a Fleet of Systems

    Data.gov (United States)

    National Aeronautics and Space Administration — A fleet is a group of systems (e.g., cars, aircraft) that are designed and manufactured the same way and are intended to be used the same way. For example, a fleet...

  12. Extending TOPS: Knowledge Management System for Anomaly Detection and Analysis

    Science.gov (United States)

    Votava, P.; Nemani, R. R.; Michaelis, A.

    2009-12-01

    Terrestrial Observation and Prediction System (TOPS) is a flexible modeling software system that integrates ecosystem models with frequent satellite and surface weather observations to produce ecosystem nowcasts (assessments of current conditions) and forecasts useful in natural resources management, public health and disaster management. We have been extending the Terrestrial Observation and Prediction System (TOPS) to include capability for automated anomaly detection and analysis of both on-line (streaming) and off-line data. While there are large numbers of anomaly detection algorithms for multivariate datasets, we are extending this capability beyond the anomaly detection itself and towards an automated analysis that would discover the possible causes of the anomalies. There are often indirect connections between datasets that manifest themselves during occurrence of external events and rather than searching exhaustively throughout all the datasets, our goal is to capture this knowledge and provide it to the system during automated analysis. This results in more efficient processing. Since we don’t need to process all the datasets using the original anomaly detection algorithms, which is often compute intensive; we achieve data reduction as we don’t need to store all the datasets in order to search for possible connections but we can download selected data on-demand based on our analysis. For example, an anomaly observed in vegetation Net Primary Production (NPP) can relate to an anomaly in vegetation Leaf Area Index (LAI), which is a fairly direct connection, as LAI is one of the inputs for NPP, however the change in LAI could be caused by a fire event, which is not directly connected with NPP. Because we are able to capture this knowledge we can analyze fire datasets and if there is a match with the NPP anomaly, we can infer that a fire is a likely cause. The knowledge is captured using OWL ontology language, where connections are defined in a schema

  13. Log Summarization and Anomaly Detection for TroubleshootingDistributed Systems

    Energy Technology Data Exchange (ETDEWEB)

    Gunter, Dan; Tierney, Brian L.; Brown, Aaron; Swany, Martin; Bresnahan, John; Schopf, Jennifer M.

    2007-08-01

    Today's system monitoring tools are capable of detectingsystem failures such as host failures, OS errors, and network partitionsin near-real time. Unfortunately, the same cannot yet be said of theend-to-end distributed softwarestack. Any given action, for example,reliably transferring a directory of files, can involve a wide range ofcomplex and interrelated actions across multiple pieces of software:checking user certificates and permissions, getting details for allfiles, performing third-party transfers, understanding re-try policydecisions, etc. We present an infrastructure for troubleshooting complexmiddleware, a general purpose technique for configurable logsummarization, and an anomaly detection technique that works in near-realtime on running Grid middleware. We present results gathered using thisinfrastructure from instrumented Grid middleware and applications runningon the Emulab testbed. From these results, we analyze the effectivenessof several algorithms at accurately detecting a variety of performanceanomalies.

  14. Anomaly detection in an automated safeguards system using neural networks

    International Nuclear Information System (INIS)

    An automated safeguards system must be able to detect an anomalous event, identify the nature of the event, and recommend a corrective action. Neural networks represent a new way of thinking about basic computational mechanisms for intelligent information processing. In this paper, we discuss the issues involved in applying a neural network model to the first step of this process: anomaly detection in materials accounting systems. We extend our previous model to a 3-tank problem and compare different neural network architectures and algorithms. We evaluate the computational difficulties in training neural networks and explore how certain design principles affect the problems. The issues involved in building a neural network architecture include how the information flows, how the network is trained, how the neurons in a network are connected, how the neurons process information, and how the connections between neurons are modified. Our approach is based on the demonstrated ability of neural networks to model complex, nonlinear, real-time processes. By modeling the normal behavior of the processes, we can predict how a system should be behaving and, therefore, detect when an abnormality occurs

  15. A Result Fusion based Distributed Anomaly Detection System for Android Smartphones

    Directory of Open Access Journals (Sweden)

    Zhizhong Wu

    2013-02-01

    Full Text Available In this paper we present an information fusion based distributed anomaly detection system for Android mobile phones. The proposed framework realizes a clientserver architecture, the client continuously extracts various features and transfers to the server, and the server’s major task is to detect anomaly using state-of-art detection algorithms implemented as anomaly detectors. Multiple distributed servers simultaneously analyzing the feature vector using different detectors and information fusion is used to fuse the results of detectors. We also propose a cycle-based statistical approach for smartphone anomaly detection as the smartphone users usual follow regular patterns due to their periodical patterns of lives. Empirical results suggest that the proposed framework and novel anomaly detection algorithm are effective in detecting malware on Android devices.

  16. Design of Hybrid Network Anomalies Detection System (H-NADS Using IP Gray Space Analysis

    Directory of Open Access Journals (Sweden)

    Yogendra Kumar JAIN

    2009-01-01

    Full Text Available In Network Security, there is a major issue to secure the public or private network from abnormal users. It is because each network is made up of users, services and computers with a specific behavior that is also called as heterogeneous system. To detect abnormal users, anomaly detection system (ADS is used. In this paper, we present a novel and hybrid Anomaly Detection System with the uses of IP gray space analysis and dominant scanning port identification heuristics used to detect various anomalous users with their potential behaviors. This methodology is the combination of both statistical and rule based anomaly detection which detects five types of anomalies with their three types of potential behaviors and generates respective alarm messages to GUI.

  17. NADIR (Network Anomaly Detection and Intrusion Reporter): A prototype network intrusion detection system

    Energy Technology Data Exchange (ETDEWEB)

    Jackson, K.A.; DuBois, D.H.; Stallings, C.A.

    1990-01-01

    The Network Anomaly Detection and Intrusion Reporter (NADIR) is an expert system which is intended to provide real-time security auditing for intrusion and misuse detection at Los Alamos National Laboratory's Integrated Computing Network (ICN). It is based on three basic assumptions: that statistical analysis of computer system and user activities may be used to characterize normal system and user behavior, and that given the resulting statistical profiles, behavior which deviates beyond certain bounds can be detected, that expert system techniques can be applied to security auditing and intrusion detection, and that successful intrusion detection may take place while monitoring a limited set of network activities such as user authentication and access control, file movement and storage, and job scheduling. NADIR has been developed to employ these basic concepts while monitoring the audited activities of more than 8000 ICN users.

  18. Revisiting anomaly-based network intrusion detection systems

    NARCIS (Netherlands)

    Bolzoni, Damiano

    2009-01-01

    Intrusion detection systems (IDSs) are well-known and widely-deployed security tools to detect cyber-attacks and malicious activities in computer systems and networks. A signature-based IDS works similar to anti-virus software. It employs a signature database of known attacks, and a successful match

  19. Anomaly Detection in Sequences

    Data.gov (United States)

    National Aeronautics and Space Administration — We present a set of novel algorithms which we call sequenceMiner, that detect and characterize anomalies in large sets of high-dimensional symbol sequences that...

  20. Dynamic analysis methods for detecting anomalies in asynchronously interacting systems

    Energy Technology Data Exchange (ETDEWEB)

    Kumar, Akshat; Solis, John Hector; Matschke, Benjamin

    2014-01-01

    Detecting modifications to digital system designs, whether malicious or benign, is problematic due to the complexity of the systems being analyzed. Moreover, static analysis techniques and tools can only be used during the initial design and implementation phases to verify safety and liveness properties. It is computationally intractable to guarantee that any previously verified properties still hold after a system, or even a single component, has been produced by a third-party manufacturer. In this paper we explore new approaches for creating a robust system design by investigating highly-structured computational models that simplify verification and analysis. Our approach avoids the need to fully reconstruct the implemented system by incorporating a small verification component that dynamically detects for deviations from the design specification at run-time. The first approach encodes information extracted from the original system design algebraically into a verification component. During run-time this component randomly queries the implementation for trace information and verifies that no design-level properties have been violated. If any deviation is detected then a pre-specified fail-safe or notification behavior is triggered. Our second approach utilizes a partitioning methodology to view liveness and safety properties as a distributed decision task and the implementation as a proposed protocol that solves this task. Thus the problem of verifying safety and liveness properties is translated to that of verifying that the implementation solves the associated decision task. We develop upon results from distributed systems and algebraic topology to construct a learning mechanism for verifying safety and liveness properties from samples of run-time executions.

  1. Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

    NARCIS (Netherlands)

    Bolzoni, Damiano; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter

    2006-01-01

    We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection r

  2. Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Todd Vollmer; Milos Manic

    2012-08-01

    The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

  3. Anomaly Detection System Based on Principal Component Analysis and Support Vector Machine

    Institute of Scientific and Technical Information of China (English)

    LI Zhanchun; LI Zhitang; LIU Bin

    2006-01-01

    This article presents an anomaly detection system based on principal component analysis (PCA) and support vector machine (SVM). The system first creates a profile defining a normal behavior by frequency-based scheme, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is normal or anomaly. In order to avoid overfitting and reduce the computational burden, normal behavior principal features are extracted by the PCA method. SVM is used to distinguish normal or anomaly for user behavior after training procedure has been completed by learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 92.2% and a false detection rate equal to 2.8%.

  4. Theoretically Optimal Distributed Anomaly Detection

    Data.gov (United States)

    National Aeronautics and Space Administration — A novel general framework for distributed anomaly detection with theoretical performance guarantees is proposed. Our algorithmic approach combines existing anomaly...

  5. Space Shuttle Main Propulsion System Anomaly Detection: A Case Study

    Data.gov (United States)

    National Aeronautics and Space Administration — The space shuttle main engine (SSME) is part of the Main Propnlsion System (MPS) which is an extremely complex system containing several sub-systems and components,...

  6. ANOMALY NETWORK INTRUSION DETECTION SYSTEM BASED ON DISTRIBUTED TIME-DELAY NEURAL NETWORK (DTDNN)

    OpenAIRE

    LAHEEB MOHAMMAD IBRAHIM

    2010-01-01

    In this research, a hierarchical off-line anomaly network intrusion detection system based on Distributed Time-Delay Artificial Neural Network is introduced. This research aims to solve a hierarchical multi class problem in which the type of attack (DoS, U2R, R2L and Probe attack) detected by dynamic neural network. The results indicate that dynamic neural nets (Distributed Time-Delay Artificial Neural Network) can achieve a high detection rate, where the overall accuracy classification rate ...

  7. HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System

    Energy Technology Data Exchange (ETDEWEB)

    Chen, Yan [Northwesten University

    2013-12-05

    Identifying traffic anomalies and attacks rapidly and accurately is critical for large network operators. With the rapid growth of network bandwidth, such as the next generation DOE UltraScience Network, and fast emergence of new attacks/virus/worms, existing network intrusion detection systems (IDS) are insufficient because they: • Are mostly host-based and not scalable to high-performance networks; • Are mostly signature-based and unable to adaptively recognize flow-level unknown attacks; • Cannot differentiate malicious events from the unintentional anomalies. To address these challenges, we proposed and developed a new paradigm called high-performance network anomaly/intrustion detection and mitigation (HPNAIDM) system. The new paradigm is significantly different from existing IDSes with the following features (research thrusts). • Online traffic recording and analysis on high-speed networks; • Online adaptive flow-level anomaly/intrusion detection and mitigation; • Integrated approach for false positive reduction. Our research prototype and evaluation demonstrate that the HPNAIDM system is highly effective and economically feasible. Beyond satisfying the pre-set goals, we even exceed that significantly (see more details in the next section). Overall, our project harvested 23 publications (2 book chapters, 6 journal papers and 15 peer-reviewed conference/workshop papers). Besides, we built a website for technique dissemination, which hosts two system prototype release to the research community. We also filed a patent application and developed strong international and domestic collaborations which span both academia and industry.

  8. A Framework for an Adaptive Anomaly Detection System with Fuzzy Data Mining

    Institute of Scientific and Technical Information of China (English)

    GAO Xiang; WANG Min; ZHAO Rongchun

    2006-01-01

    In this paper, we present an adaptive anomaly detection framework that is applicable to network-based intrusion detection. Our framework employs fuzzy cluster algorithm to detect anomalies in an online, adaptive fashion without a priori knowledge of the underlying data. We evaluate our method by performing experiments over network records from the KDD CUP99 data set.

  9. Seasonal ARMA-based SPC charts for anomaly detection: Application to emergency department systems

    KAUST Repository

    Kadri, Farid

    2015-10-22

    Monitoring complex production systems is primordial to ensure management, reliability and safety as well as maintaining the desired product quality. Early detection of emergent abnormal behaviour in monitored systems allows pre-emptive action to prevent more serious consequences, to improve system operations and to reduce manufacturing and/or service costs. This study reports the design of a new methodology for the detection of abnormal situations based on the integration of time-series analysis models and statistical process control (SPC) tools for the joint development of a monitoring system to help supervising of the behaviour of emergency department services (EDs). The monitoring system developed is able to provide early alerts in the event of abnormal situations. The seasonal autoregressive moving average (SARMA)-based exponentially weighted moving average (EWMA) anomaly detection scheme proposed was successfully applied to the practical data collected from the database of the paediatric emergency department (PED) at Lille regional hospital centre, France. The method developed utilizes SARMA as a modelling framework and EWMA for anomaly detection. The EWMA control chart is applied to the uncorrelated residuals obtained from the SARMA model. The detection results of the EWMA chart are compared with two other commonly applied residual-based tests: a Shewhart individuals chart and a Cumulative Sum (CUSUM) control chart.

  10. Fetal Central Nervous System Anomalies Detected by Magnetic Resonance Imaging: A Two-Year Experience

    Directory of Open Access Journals (Sweden)

    Sepideh Sefidbakht

    2016-06-01

    Full Text Available Background Magnetic resonance imaging (MRI is gradually becoming more common for thorough visualization of the fetus than ultrasound (US, especially for neurological anomalies, which are the most common indications for fetal MRI and are a matter of concern for both families and society. Objectives We investigated fetal MRIs carried out in our center for frequency of central nervous system anomalies. This is the first such report in southern Iran. Materials and Methods One hundred and seven (107 pregnant women with suspicious fetal anomalies in prenatal ultrasound entered a cross-sectional retrospective study from 2011 to 2013. A 1.5 T Siemens Avanto scanner was employed for sequences, including T2 HASTE and Trufisp images in axial, coronal, and sagittal planes to mother’s body, T2 HASTE and Trufisp relative to the specific fetal body part being evaluated, and T1 flash images in at least one plane based on clinical indication. We investigated any abnormality in the central nervous system and performed descriptive analysis to achieve index of frequency. Results Mean gestational age ± standard deviation (SD for fetuses was 25.54 ± 5.22 weeks, and mean maternal age ± SD was 28.38 ± 5.80 years Eighty out of 107 (74.7% patients who were referred with initial impression of borderline ventriculomegaly. A total of 18 out of 107 (16.82% patients were found to have fetuses with CNS anomalies and the remainder were neurologically normal. Detected anomalies were as follow: 3 (16.6% fetuses each had the Dandy-Walker variant and Arnold-Chiari II (with myelomeningocele. Complete agenesis of corpus callosum, partial agenesis of corpus callosum, and aqueductal stenosis were each seen in 2 (11.1% fetuses. Arnold-Chiari II without myelomeningocele, anterior spina bifida associated with neurenteric cyst, arachnoid cyst, lissencephaly, and isolated enlarged cisterna magna each presented in one (5.5% fetus. One fetus had concomitant schizencephaly and complete

  11. Survey of Anomaly Detection Methods

    Energy Technology Data Exchange (ETDEWEB)

    Ng, B

    2006-10-12

    This survey defines the problem of anomaly detection and provides an overview of existing methods. The methods are categorized into two general classes: generative and discriminative. A generative approach involves building a model that represents the joint distribution of the input features and the output labels of system behavior (e.g., normal or anomalous) then applies the model to formulate a decision rule for detecting anomalies. On the other hand, a discriminative approach aims directly to find the decision rule, with the smallest error rate, that distinguishes between normal and anomalous behavior. For each approach, we will give an overview of popular techniques and provide references to state-of-the-art applications.

  12. Urinary System anomalies at birth

    Directory of Open Access Journals (Sweden)

    Sharada B. Menasinkai

    2015-06-01

    Full Text Available Background: Congenital anomalies of urinary system are common and are found in 3-4% of population, and lethal urinary anomalies account for 10% of termination of pregnancy. Methods: A study was done to know the incidence of congenital anomalies at birth for the period of 4 months from May 99 - Sept 99 at Cheluvamba hospital attached to Mysore medical college. Congenital anomalies in the still births, live births and aborted fetuses >20 weeks were studied along with the case history and ultrasound reports. Aborted fetuses and still born babies were collected for autopsy after the consent of parents. These babies were fixed in 10% formalin and autopsy was done after fixing, and anomalies were noted. Results: Total births during study period were 3000. There were 61 babies with congenital anomalies and 6 babies had anomalies of urinary system. Among the urinary system anomalies 1 baby had bilateral renal agenesis, 1 baby had unilateral renal agenesis with anophthalmia (Fraser syndrome, 2 babies had Multicystic dysplastic kidney disease (MCDK and 1 live baby had hydronephrosis due to obstruction at pelvi ureteric junction, and 1 live female baby had polycystic kidneys. Conclusion: Incidence of urinary system anomalies in the present study was 2 per 1000 births. U/S detection of urinary anomalies varies with period of gestation, amniotic fluid volume and visualisation of urinary bladder. Autopsy helps to detect renal agenesis. [Int J Res Med Sci 2015; 3(3.000: 743-748

  13. Seismic data fusion anomaly detection

    Science.gov (United States)

    Harrity, Kyle; Blasch, Erik; Alford, Mark; Ezekiel, Soundararajan; Ferris, David

    2014-06-01

    Detecting anomalies in non-stationary signals has valuable applications in many fields including medicine and meteorology. These include uses such as identifying possible heart conditions from an Electrocardiography (ECG) signals or predicting earthquakes via seismographic data. Over the many choices of anomaly detection algorithms, it is important to compare possible methods. In this paper, we examine and compare two approaches to anomaly detection and see how data fusion methods may improve performance. The first approach involves using an artificial neural network (ANN) to detect anomalies in a wavelet de-noised signal. The other method uses a perspective neural network (PNN) to analyze an arbitrary number of "perspectives" or transformations of the observed signal for anomalies. Possible perspectives may include wavelet de-noising, Fourier transform, peak-filtering, etc.. In order to evaluate these techniques via signal fusion metrics, we must apply signal preprocessing techniques such as de-noising methods to the original signal and then use a neural network to find anomalies in the generated signal. From this secondary result it is possible to use data fusion techniques that can be evaluated via existing data fusion metrics for single and multiple perspectives. The result will show which anomaly detection method, according to the metrics, is better suited overall for anomaly detection applications. The method used in this study could be applied to compare other signal processing algorithms.

  14. Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Chockalingam Karuppanchetty

    2015-09-01

    Full Text Available Attacks on web servers are becoming increasingly prevalent; the resulting social and economic impact of successful attacks is also exacerbated by our dependency on web-based applications. There are many existing attack detection and prevention schemes, which must be carefully configured to ensure their efficacy. In this paper, we present a study challenges that arise in training network payload anomaly detection schemes that utilize collected network traffic for tuning and configuration. The advantage of anomaly-based intrusion detection is in its potential for detecting zero day attacks. These types of schemes, however, require extensive training to properly model the normal characteristics of the system being protected. Usually, training is done through the use of real data collected by monitoring the activity of the system. In practice, network operators or administrators may run into cases where they have limited availability of such data. This issue can arise due to the system being newly deployed (or heavily modified or due to the content or behavior that leads to normal characterization having been changed. We show that artificially generated packet payloads can be used to effectively augment the training and tuning. We evaluate the method using real network traffic collected at a server site; We illustrate the problem at first (use of highly variable and unsuitable training data resulting in high false positives of 3.6∼10%, then show improvements using the augmented training method (false positives as low as 0.2%. We also measure the impact on network performance, and present a lookup based optimization that can be used to improve latency and throughput.

  15. Mining Building Energy Management System Data Using Fuzzy Anomaly Detection and Linguistic Descriptions

    Energy Technology Data Exchange (ETDEWEB)

    Dumidu Wijayasekara; Ondrej Linda; Milos Manic; Craig Rieger

    2014-08-01

    Building Energy Management Systems (BEMSs) are essential components of modern buildings that utilize digital control technologies to minimize energy consumption while maintaining high levels of occupant comfort. However, BEMSs can only achieve these energy savings when properly tuned and controlled. Since indoor environment is dependent on uncertain criteria such as weather, occupancy, and thermal state, performance of BEMS can be sub-optimal at times. Unfortunately, the complexity of BEMS control mechanism, the large amount of data available and inter-relations between the data can make identifying these sub-optimal behaviors difficult. This paper proposes a novel Fuzzy Anomaly Detection and Linguistic Description (Fuzzy-ADLD) based method for improving the understandability of BEMS behavior for improved state-awareness. The presented method is composed of two main parts: 1) detection of anomalous BEMS behavior and 2) linguistic representation of BEMS behavior. The first part utilizes modified nearest neighbor clustering algorithm and fuzzy logic rule extraction technique to build a model of normal BEMS behavior. The second part of the presented method computes the most relevant linguistic description of the identified anomalies. The presented Fuzzy-ADLD method was applied to real-world BEMS system and compared against a traditional alarm based BEMS. In six different scenarios, the Fuzzy-ADLD method identified anomalous behavior either as fast as or faster (an hour or more), that the alarm based BEMS. In addition, the Fuzzy-ADLD method identified cases that were missed by the alarm based system, demonstrating potential for increased state-awareness of abnormal building behavior.

  16. Realization and detection of Weyl semimetals and the chiral anomaly in cold atomic systems

    Science.gov (United States)

    He, Wen-Yu; Zhang, Shizhong; Law, K. T.

    2016-07-01

    In this work, we describe a method to realize a three-dimensional Weyl semimetal by coupling multilayers of a honeycomb optical lattice in the presence of a pair of Raman lasers. The Raman lasers render each isolated honeycomb layer a Chern insulator. With finite interlayer coupling, the bulk gap of the system closes at certain out-of-plane momenta due to Raman assisted tunneling and results in the Weyl semimetal phase. Using experimentally relevant parameters, we show that both one pair and two pairs of Weyl points can be realized by tuning the interlayer coupling strength. We suggest that Landau-Zener tunneling can be used to detect Weyl points and show that the transition probability increases dramatically when the Weyl point emerges. The realization of chiral anomaly by using a magnetic-field gradient is also discussed.

  17. Accuracy of Ultrasound in Detection of Gross Prenatal Central Nervous System Anomalies after the Eighteenth Week of Gestation

    Directory of Open Access Journals (Sweden)

    M. Tahmasebi

    2007-10-01

    Full Text Available Background/Objective: Ultrasound (US detection of prenatal central nervous system (CNS anatomic anomalies is very important in making decision about therapeutic termination. In the present study, the accuracy of US in detection of gross prenatal CNS anatomic anomalies has been investigated."nPatients and Methods: 3012 pregnant women were scanned after 18 weeks of gestation by an expert operator in a referring center. All delivered fetuses were followed after birth through clinical examination and sonography."nResults: In this study, the accuracy of US in detection of gross CNS anatomic anomalies of fetuses after 18 weeks gestation was found to be 100%. The sensitivity, specificity, positive and negative predictive values of US were 100%. In sonographic examination of these 3012 pregnant women, 36 fetuses were detected with CNS anomalies, some of whom had more than one anomaly. Gross CNS anomalies observed included microcephaly, hydrocephaly, anencephaly, holoprosencephaly, ventriculomegaly, meningocele, encephalocele, lissencephaly, agenesis of corpus callosum, bilateral choroid plexus cysts and hypoplastic cerebellum."nConclusion: US is highly operator dependent and operator experience may be the most determinant affecting the results. Sonographic scanning after 18 weeks of gestation is associated with the best results.

  18. Improved detection of incipient anomalies via multivariate memory monitoring charts: Application to an air flow heating system

    KAUST Repository

    Harrou, Fouzi

    2016-08-11

    Detecting anomalies is important for reliable operation of several engineering systems. Multivariate statistical monitoring charts are an efficient tool for checking the quality of a process by identifying abnormalities. Principal component analysis (PCA) was shown effective in monitoring processes with highly correlated data. Traditional PCA-based methods, nevertheless, often are relatively inefficient at detecting incipient anomalies. Here, we propose a statistical approach that exploits the advantages of PCA and those of multivariate memory monitoring schemes, like the multivariate cumulative sum (MCUSUM) and multivariate exponentially weighted moving average (MEWMA) monitoring schemes to better detect incipient anomalies. Memory monitoring charts are sensitive to incipient anomalies in process mean, which significantly improve the performance of PCA method and enlarge its profitability, and to utilize these improvements in various applications. The performance of PCA-based MEWMA and MCUSUM control techniques are demonstrated and compared with traditional PCA-based monitoring methods. Using practical data gathered from a heating air-flow system, we demonstrate the greater sensitivity and efficiency of the developed method over the traditional PCA-based methods. Results indicate that the proposed techniques have potential for detecting incipient anomalies in multivariate data. © 2016 Elsevier Ltd

  19. Data Mining for Anomaly Detection

    Science.gov (United States)

    Biswas, Gautam; Mack, Daniel; Mylaraswamy, Dinkar; Bharadwaj, Raj

    2013-01-01

    The Vehicle Integrated Prognostics Reasoner (VIPR) program describes methods for enhanced diagnostics as well as a prognostic extension to current state of art Aircraft Diagnostic and Maintenance System (ADMS). VIPR introduced a new anomaly detection function for discovering previously undetected and undocumented situations, where there are clear deviations from nominal behavior. Once a baseline (nominal model of operations) is established, the detection and analysis is split between on-aircraft outlier generation and off-aircraft expert analysis to characterize and classify events that may not have been anticipated by individual system providers. Offline expert analysis is supported by data curation and data mining algorithms that can be applied in the contexts of supervised learning methods and unsupervised learning. In this report, we discuss efficient methods to implement the Kolmogorov complexity measure using compression algorithms, and run a systematic empirical analysis to determine the best compression measure. Our experiments established that the combination of the DZIP compression algorithm and CiDM distance measure provides the best results for capturing relevant properties of time series data encountered in aircraft operations. This combination was used as the basis for developing an unsupervised learning algorithm to define "nominal" flight segments using historical flight segments.

  20. Anomaly-based Network Intrusion Detection Methods

    Directory of Open Access Journals (Sweden)

    Pavel Nevlud

    2013-01-01

    Full Text Available The article deals with detection of network anomalies. Network anomalies include everything that is quite different from the normal operation. For detection of anomalies were used machine learning systems. Machine learning can be considered as a support or a limited type of artificial intelligence. A machine learning system usually starts with some knowledge and a corresponding knowledge organization so that it can interpret, analyse, and test the knowledge acquired. There are several machine learning techniques available. We tested Decision tree learning and Bayesian networks. The open source data-mining framework WEKA was the tool we used for testing the classify, cluster, association algorithms and for visualization of our results. The WEKA is a collection of machine learning algorithms for data mining tasks.

  1. Network Anomaly Detection Based on Wavelet Analysis

    Science.gov (United States)

    Lu, Wei; Ghorbani, Ali A.

    2008-12-01

    Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.

  2. Network Anomaly Detection Based on Wavelet Analysis

    Directory of Open Access Journals (Sweden)

    Ali A. Ghorbani

    2008-11-01

    Full Text Available Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.

  3. System and method for the detection of anomalies in an image

    Science.gov (United States)

    Prasad, Lakshman; Swaminarayan, Sriram

    2013-09-03

    Preferred aspects of the present invention can include receiving a digital image at a processor; segmenting the digital image into a hierarchy of feature layers comprising one or more fine-scale features defining a foreground object embedded in one or more coarser-scale features defining a background to the one or more fine-scale features in the segmentation hierarchy; detecting a first fine-scale foreground feature as an anomaly with respect to a first background feature within which it is embedded; and constructing an anomalous feature layer by synthesizing spatially contiguous anomalous fine-scale features. Additional preferred aspects of the present invention can include detecting non-pervasive changes between sets of images in response at least in part to one or more difference images between the sets of images.

  4. Astrometric solar system anomalies

    Energy Technology Data Exchange (ETDEWEB)

    Nieto, Michael Martin [Los Alamos National Laboratory; Anderson, John D [PROPULSION LABORATORY

    2009-01-01

    There are at least four unexplained anomalies connected with astrometric data. perhaps the most disturbing is the fact that when a spacecraft on a flyby trajectory approaches the Earth within 2000 km or less, it often experiences a change in total orbital energy per unit mass. next, a secular change in the astronomical unit AU is definitely a concern. It is increasing by about 15 cm yr{sup -1}. The other two anomalies are perhaps less disturbing because of known sources of nongravitational acceleration. The first is an apparent slowing of the two Pioneer spacecraft as they exit the solar system in opposite directions. Some astronomers and physicists are convinced this effect is of concern, but many others are convinced it is produced by a nearly identical thermal emission from both spacecraft, in a direction away from the Sun, thereby producing acceleration toward the Sun. The fourth anomaly is a measured increase in the eccentricity of the Moon's orbit. Here again, an increase is expected from tidal friction in both the Earth and Moon. However, there is a reported unexplained increase that is significant at the three-sigma level. It is produent to suspect that all four anomalies have mundane explanations, or that one or more anomalies are a result of systematic error. Yet they might eventually be explained by new physics. For example, a slightly modified theory of gravitation is not ruled out, perhaps analogous to Einstein's 1916 explanation for the excess precession of Mercury's perihelion.

  5. Anomaly detection in online social networks

    CERN Document Server

    Savage, David; Yu, Xinghuo; Chou, Pauline; Wang, Qingmai

    2016-01-01

    Anomalies in online social networks can signify irregular, and often illegal behaviour. Anomalies in online social networks can signify irregular, and often illegal behaviour. Detection of such anomalies has been used to identify malicious individuals, including spammers, sexual predators, and online fraudsters. In this paper we survey existing computational techniques for detecting anomalies in online social networks. We characterise anomalies as being either static or dynamic, and as being labelled or unlabelled, and survey methods for detecting these different types of anomalies. We suggest that the detection of anomalies in online social networks is composed of two sub-processes; the selection and calculation of network features, and the classification of observations from this feature space. In addition, this paper provides an overview of the types of problems that anomaly detection can address and identifies key areas of future research.

  6. Detection of a thin sheet magnetic anomaly by squid-gradiometer systems: possibility of hydrofracture azimuth determination

    Energy Technology Data Exchange (ETDEWEB)

    Overton, W.C. Jr.

    1978-12-01

    A study of the signal physics of magnetic anomaly detection was carried out by superconducting gradiometer and magnetometer loop systems with SQUID sensors for possible application to the LASL geothermal energy program. In particular, the crack produced by hydrofracture of a deep HDR geothermal borehole would be filled with a magnetic material such as ferrofluid. When polarized by the earth's field, this material would produce a localized crack magnetic anomaly which is characteristic of the azimuth of the vertical crack with respect to magnetic north. Signatures of the anomaly would be determined by taking rotation data before and after filling the crack with magnetic material. A mathematical description was found for these signatures. To test the theory and the feasibility of the idea, the deep borehole vertical cracks were simulated by using panels to define sheets 1.5 mm thick, 1.2 m wide, and 2.5 m high. When filled with ferrofluid of suitable magnetic permeability, the local anomaly develops. Signatures were measured with a horizontal axial gradiometer rotated about a vertical axis. Good agreement was found between theory and experiment for aximuths in the east and west quadrants but only fair agreement in the north and south quadrants.

  7. Network anomaly detection a machine learning perspective

    CERN Document Server

    Bhattacharyya, Dhruba Kumar

    2013-01-01

    With the rapid rise in the ubiquity and sophistication of Internet technology and the accompanying growth in the number of network attacks, network intrusion detection has become increasingly important. Anomaly-based network intrusion detection refers to finding exceptional or nonconforming patterns in network traffic data compared to normal behavior. Finding these anomalies has extensive applications in areas such as cyber security, credit card and insurance fraud detection, and military surveillance for enemy activities. Network Anomaly Detection: A Machine Learning Perspective presents mach

  8. Anomaly detection for internet surveillance

    Science.gov (United States)

    Bouma, Henri; Raaijmakers, Stephan; Halma, Arvid; Wedemeijer, Harry

    2012-06-01

    Many threats in the real world can be related to activity of persons on the internet. Internet surveillance aims to predict and prevent attacks and to assist in finding suspects based on information from the web. However, the amount of data on the internet rapidly increases and it is time consuming to monitor many websites. In this paper, we present a novel method to automatically monitor trends and find anomalies on the internet. The system was tested on Twitter data. The results showed that it can successfully recognize abnormal changes in activity or emotion.

  9. ADRISYA: A Flow Based Anomaly Detection System for Slow and Fast Scan

    Directory of Open Access Journals (Sweden)

    Muraleedharan N

    2010-10-01

    Full Text Available Attackers perform port scan to find reachability, liveness and running services in a system or network.Current day scanning tools provide different scanning options and capable of evading various securitytools like firewall, IDS and IPS. So in order to detect and prevent attacks in the early stages, an accuratedetection of scanning activity in real time is very much essential. In this paper we present a flow basedprotocol behaviour analysis system to detect TCP based slow and fast scan. This system providesscalable, accurate and generic solution to TCP based scanning by means of automatic behaviour analysisof the network traffic. Detection capability of proposed system is compared with SNORT and resultproves the high detection rate of the system over SNORT.

  10. Anomaly Detection in Dynamic Networks

    Energy Technology Data Exchange (ETDEWEB)

    Turcotte, Melissa [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2014-10-14

    Anomaly detection in dynamic communication networks has many important security applications. These networks can be extremely large and so detecting any changes in their structure can be computationally challenging; hence, computationally fast, parallelisable methods for monitoring the network are paramount. For this reason the methods presented here use independent node and edge based models to detect locally anomalous substructures within communication networks. As a first stage, the aim is to detect changes in the data streams arising from node or edge communications. Throughout the thesis simple, conjugate Bayesian models for counting processes are used to model these data streams. A second stage of analysis can then be performed on a much reduced subset of the network comprising nodes and edges which have been identified as potentially anomalous in the first stage. The first method assumes communications in a network arise from an inhomogeneous Poisson process with piecewise constant intensity. Anomaly detection is then treated as a changepoint problem on the intensities. The changepoint model is extended to incorporate seasonal behavior inherent in communication networks. This seasonal behavior is also viewed as a changepoint problem acting on a piecewise constant Poisson process. In a static time frame, inference is made on this extended model via a Gibbs sampling strategy. In a sequential time frame, where the data arrive as a stream, a novel, fast Sequential Monte Carlo (SMC) algorithm is introduced to sample from the sequence of posterior distributions of the change points over time. A second method is considered for monitoring communications in a large scale computer network. The usage patterns in these types of networks are very bursty in nature and don’t fit a Poisson process model. For tractable inference, discrete time models are considered, where the data are aggregated into discrete time periods and probability models are fitted to the

  11. Trusted Anomaly Detection with Context Dependency

    Institute of Scientific and Technical Information of China (English)

    PENG Xin-guang; YAN Mei-feng

    2006-01-01

    Anomaly detection of privileged processes is one of the most important means to safeguard the host and system security. The key problem for improving detection performance is to identify local behavior of the short sequences in traces of system calls accurately. An alternative modeling method was proposed based on the typical pattern matching of short sequences, which builds upon the concepts of short sequences with context dependency and the specially designed aggregation algorithm. The experimental results indicate that the modeling method considering the context dependency improves clearly the sensitive decision threshold as compared with the previous modeling method.

  12. Dendritic Cells for Anomaly Detection

    CERN Document Server

    Greensmith, Julie; Aickelin, Uwe

    2010-01-01

    Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human signals from the host tissue and correlate these signals with proteins know as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.

  13. A survey on anomaly and signature based intrusion detection system (IDS

    Directory of Open Access Journals (Sweden)

    Mrs.Anshu Gangwar

    2014-04-01

    Full Text Available Security is considered as one of the most critical parameter for the acceptance of any networking technology. Information in transit must be protected from unauthorized release and modification, and the connection itself must be established and maintained securely malicious users have taken advantage of this to achieve financial gain or accomplish some corporate or personal agenda. Denial of Service (DoS and distributed DoS (DDoS attacks are evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money. Combination of Intrusion detection System and Firewall is used by Business Organizations to detect and p revent Organizations‟ network from these attacks. Signatures to detect them are not available. This paper presents a light-Weight mechanism to detect novel DoS/DDoS (Resource Consumption attacks and automatic signature generation process to represent them in real time. Experimental results are provided to support the proposed mechanism.

  14. Online Anomaly Energy Consumption Detection Using Lambda Architecture

    DEFF Research Database (Denmark)

    Liu, Xiufeng; Iftikhar, Nadeem; Nielsen, Per Sieverts;

    2016-01-01

    With the widely use of smart meters in the energy sector, anomaly detection becomes a crucial mean to study the unusual consumption behaviors of customers, and to discover unexpected events of using energy promptly. Detecting consumption anomalies is, essentially, a real-time big data analytics...... problem, which does data mining on a large amount of parallel data streams from smart meters. In this paper, we propose a supervised learning and statistical-based anomaly detection method, and implement a Lambda system using the in-memory distributed computing framework, Spark and its extension Spark...... Streaming. The system supports not only iterative refreshing the detection models from scalable data sets, but also real-time anomaly detection on scalable live data streams. This paper empirically evaluates the system and the detection algorithm, and the results show the effectiveness and the scalability...

  15. Efficient Accurate Context-Sensitive Anomaly Detection

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    For program behavior-based anomaly detection, the only way to ensure accurate monitoring is to construct an efficient and precise program behavior model. A new program behavior-based anomaly detection model,called combined pushdown automaton (CPDA) model was proposed, which is based on static binary executable analysis. The CPDA model incorporates the optimized call stack walk and code instrumentation technique to gain complete context information. Thereby the proposed method can detect more attacks, while retaining good performance.

  16. Improved prenatal detection of chromosomal anomalies

    DEFF Research Database (Denmark)

    Frøslev-Friis, Christina; Hjort-Pedersen, Karina; Henriques, Carsten U;

    2011-01-01

    Prenatal screening for karyotype anomalies takes place in most European countries. In Denmark, the screening method was changed in 2005. The aim of this study was to study the trends in prevalence and prenatal detection rates of chromosome anomalies and Down syndrome (DS) over a 22-year period....

  17. Residual generator for cardiovascular anomalies detection

    KAUST Repository

    Belkhatir, Zehor

    2014-06-01

    This paper discusses the possibility of using observer-based approaches for cardiovascular anomalies detection and isolation. We consider a lumped parameter model of the cardiovascular system that can be written in a form of nonlinear state-space representation. We show that residuals that are sensitive to variations in some cardiovascular parameters and to abnormal opening and closure of the valves, can be generated. Since the whole state is not easily available for measurement, we propose to associate the residual generator to a robust extended kalman filter. Numerical results performed on synthetic data are provided.

  18. Comparison of Unsupervised Anomaly Detection Methods

    Data.gov (United States)

    National Aeronautics and Space Administration — Several different unsupervised anomaly detection algorithms have been applied to Space Shuttle Main Engine (SSME) data to serve the purpose of developing a...

  19. Anomaly Detection from ASRS Databases of Textual Reports

    Data.gov (United States)

    National Aeronautics and Space Administration — Our primary goal is to automatically analyze textual reports from the Aviation Safety Reporting System (ASRS) database to detect/discover the anomaly categories...

  20. Anomaly detection in GPS data based on visual analytics

    OpenAIRE

    Yu, Y.; Liao, Z; Chen, B

    2010-01-01

    Modern machine learning techniques provide robust approaches for data-driven modeling and critical information extraction, while human experts hold the advantage of possessing high-level intelligence and domain-specific expertise. We combine the power of the two for anomaly detection in GPS data by integrating them through a visualization and human-computer interaction interface. In this paper we introduce GPSvas (GPS Visual Analytics System), a system that detects anomalies in GPS data using...

  1. Online Anomaly Energy Consumption Detection Using Lambda Architecture

    DEFF Research Database (Denmark)

    Liu, Xiufeng; Iftikhar, Nadeem; Nielsen, Per Sieverts;

    2016-01-01

    With the widely use of smart meters in the energy sector, anomaly detection becomes a crucial mean to study the unusual consumption behaviors of customers, and to discover unexpected events of using energy promptly. Detecting consumption anomalies is, essentially, a real-time big data analytics...... problem, which does data mining on a large amount of parallel data streams from smart meters. In this paper, we propose a supervised learning and statistical-based anomaly detection method, and implement a Lambda system using the in-memory distributed computing framework, Spark and its extension Spark...

  2. An enhanced stream mining approach for network anomaly detection

    Science.gov (United States)

    Bellaachia, Abdelghani; Bhatt, Rajat

    2005-03-01

    Network anomaly detection is one of the hot topics in the market today. Currently, researchers are trying to find a way in which machines could automatically learn both normal and anomalous behavior and thus detect anomalies if and when they occur. Most important applications which could spring out of these systems is intrusion detection and spam mail detection. In this paper, the primary focus on the problem and solution of "real time" network intrusion detection although the underlying theory discussed may be used for other applications of anomaly detection (like spam detection or spy-ware detection) too. Since a machine needs a learning process on its own, data mining has been chosen as a preferred technique. The object of this paper is to present a real time clustering system; we call Enhanced Stream Mining (ESM) which could analyze packet information (headers, and data) to determine intrusions.

  3. Anomaly Detection Using Metaheuristic Firefly Harmonic Clustering

    OpenAIRE

    Mario H. A. C. Adaniya; Taufik Abr˜ao; Mario Lemes Proenc¸a Jr.

    2013-01-01

    The performance of communication networks can be affected by a number of factors including misconfiguration, equipments outages, attacks originated from legitimate behavior or not, software errors, among many other causes. These factors may cause an unexpected change in the traffic behavior and create what we call anomalies that may represent a loss of performance or breach of network security. Knowing the behavior pattern of the network is essential to detect and characterize an anomaly. The...

  4. Anomaly Detection for Resilient Control Systems Using Fuzzy-Neural Data Fusion Engine

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Milos Manic; Timothy R. McJunkin

    2011-08-01

    Resilient control systems in critical infrastructures require increased cyber-security and state-awareness. One of the necessary conditions for achieving the desired high level of resiliency is timely reporting and understanding of the status and behavioral trends of the control system. This paper describes the design and development of a neural-network based data-fusion system for increased state-awareness of resilient control systems. The proposed system consists of a dedicated data-fusion engine for each component of the control system. Each data-fusion engine implements three-layered alarm system consisting of: (1) conventional threshold-based alarms, (2) anomalous behavior detector using self-organizing maps, and (3) prediction error based alarms using neural network based signal forecasting. The proposed system was integrated with a model of the Idaho National Laboratory Hytest facility, which is a testing facility for hybrid energy systems. Experimental results demonstrate that the implemented data fusion system provides timely plant performance monitoring and cyber-state reporting.

  5. Condition Parameter Modeling for Anomaly Detection in Wind Turbines

    Directory of Open Access Journals (Sweden)

    Yonglong Yan

    2014-05-01

    Full Text Available Data collected from the supervisory control and data acquisition (SCADA system, used widely in wind farms to obtain operational and condition information about wind turbines (WTs, is of important significance for anomaly detection in wind turbines. The paper presents a novel model for wind turbine anomaly detection mainly based on SCADA data and a back-propagation neural network (BPNN for automatic selection of the condition parameters. The SCADA data sets are determined through analysis of the cumulative probability distribution of wind speed and the relationship between output power and wind speed. The automatic BPNN-based parameter selection is for reduction of redundant parameters for anomaly detection in wind turbines. Through investigation of cases of WT faults, the validity of the automatic parameter selection-based model for WT anomaly detection is verified.

  6. Bio-Inspired Autonomous Communications Systems with Anomaly Detection Monitoring Project

    Data.gov (United States)

    National Aeronautics and Space Administration — We propose to develop and demonstrate BioComm, a bio-inspired autonomous communications system (ACS) aimed at dynamically reconfiguring and redeploying autonomous...

  7. Online Sensing Techniques for Detection of Aircraft Electrical System Anomalies Project

    Data.gov (United States)

    National Aeronautics and Space Administration — As 'fly-by-wire' technologies become more prevalent in the aerospace systems, the need to develop innovative monitoring, diagnostic and fault tolerant techniques...

  8. Artificial immune system via Euclidean Distance Minimization for anomaly detection in bearings

    Science.gov (United States)

    Montechiesi, L.; Cocconcelli, M.; Rubini, R.

    2016-08-01

    In recent years new diagnostics methodologies have emerged, with particular interest into machinery operating in non-stationary conditions. In fact continuous speed changes and variable loads make non-trivial the spectrum analysis. A variable speed means a variable characteristic fault frequency related to the damage that is no more recognizable in the spectrum. To overcome this problem the scientific community proposed different approaches listed in two main categories: model-based approaches and expert systems. In this context the paper aims to present a simple expert system derived from the mechanisms of the immune system called Euclidean Distance Minimization, and its application in a real case of bearing faults recognition. The proposed method is a simplification of the original process, adapted by the class of Artificial Immune Systems, which proved to be useful and promising in different application fields. Comparative results are provided, with a complete explanation of the algorithm and its functioning aspects.

  9. Predictability in space launch vehicle anomaly detection using intelligent neuro-fuzzy systems

    Science.gov (United States)

    Gulati, Sandeep; Toomarian, Nikzad; Barhen, Jacob; Maccalla, Ayanna; Tawel, Raoul; Thakoor, Anil; Daud, Taher

    1994-01-01

    Included in this viewgraph presentation on intelligent neuroprocessors for launch vehicle health management systems (HMS) are the following: where the flight failures have been in launch vehicles; cumulative delay time; breakdown of operations hours; failure of Mars Probe; vehicle health management (VHM) cost optimizing curve; target HMS-STS auxiliary power unit location; APU monitoring and diagnosis; and integration of neural networks and fuzzy logic.

  10. Development of a Computer Architecture to Support the Optical Plume Anomaly Detection (OPAD) System

    Science.gov (United States)

    Katsinis, Constantine

    1996-01-01

    The NASA OPAD spectrometer system relies heavily on extensive software which repetitively extracts spectral information from the engine plume and reports the amounts of metals which are present in the plume. The development of this software is at a sufficiently advanced stage where it can be used in actual engine tests to provide valuable data on engine operation and health. This activity will continue and, in addition, the OPAD system is planned to be used in flight aboard space vehicles. The two implementations, test-stand and in-flight, may have some differing requirements. For example, the data stored during a test-stand experiment are much more extensive than in the in-flight case. In both cases though, the majority of the requirements are similar. New data from the spectrograph is generated at a rate of once every 0.5 sec or faster. All processing must be completed within this period of time to maintain real-time performance. Every 0.5 sec, the OPAD system must report the amounts of specific metals within the engine plume, given the spectral data. At present, the software in the OPAD system performs this function by solving the inverse problem. It uses powerful physics-based computational models (the SPECTRA code), which receive amounts of metals as inputs to produce the spectral data that would have been observed, had the same metal amounts been present in the engine plume. During the experiment, for every spectrum that is observed, an initial approximation is performed using neural networks to establish an initial metal composition which approximates as accurately as possible the real one. Then, using optimization techniques, the SPECTRA code is repetitively used to produce a fit to the data, by adjusting the metal input amounts until the produced spectrum matches the observed one to within a given level of tolerance. This iterative solution to the original problem of determining the metal composition in the plume requires a relatively long period of time

  11. Hyperspectral Anomaly Detection in Urban Scenarios

    Science.gov (United States)

    Rejas Ayuga, J. G.; Martínez Marín, R.; Marchamalo Sacristán, M.; Bonatti, J.; Ojeda, J. C.

    2016-06-01

    We have studied the spectral features of reflectance and emissivity in the pattern recognition of urban materials in several single hyperspectral scenes through a comparative analysis of anomaly detection methods and their relationship with city surfaces with the aim to improve information extraction processes. Spectral ranges of the visible-near infrared (VNIR), shortwave infrared (SWIR) and thermal infrared (TIR) from hyperspectral data cubes of AHS sensor and HyMAP and MASTER of two cities, Alcalá de Henares (Spain) and San José (Costa Rica) respectively, have been used. In this research it is assumed no prior knowledge of the targets, thus, the pixels are automatically separated according to their spectral information, significantly differentiated with respect to a background, either globally for the full scene, or locally by image segmentation. Several experiments on urban scenarios and semi-urban have been designed, analyzing the behaviour of the standard RX anomaly detector and different methods based on subspace, image projection and segmentation-based anomaly detection methods. A new technique for anomaly detection in hyperspectral data called DATB (Detector of Anomalies from Thermal Background) based on dimensionality reduction by projecting targets with unknown spectral signatures to a background calculated from thermal spectrum wavelengths is presented. First results and their consequences in non-supervised classification and extraction information processes are discussed.

  12. Anomaly detection using classified eigenblocks in GPR image

    Science.gov (United States)

    Kim, Min Ju; Kim, Seong Dae; Lee, Seung-eui

    2016-05-01

    Automatic landmine detection system using ground penetrating radar has been widely researched. For the automatic mine detection system, system speed is an important factor. Many techniques for mine detection have been developed based on statistical background. Among them, a detection technique employing the Principal Component Analysis(PCA) has been used for clutter reduction and anomaly detection. However, the PCA technique can retard the entire process, because of large basis dimension and a numerous number of inner product operations. In order to overcome this problem, we propose a fast anomaly detection system using 2D DCT and PCA. Our experiments use a set of data obtained from a test site where the anti-tank and anti- personnel mines are buried. We evaluate the proposed system in terms of the ROC curve. The result shows that the proposed system performs much better than the conventional PCA systems from the viewpoint of speed and false alarm rate.

  13. Hyperspectral anomaly detection using enhanced global factors

    Science.gov (United States)

    Paciencia, Todd J.; Bauer, Kenneth W.

    2016-05-01

    Dimension reduction techniques have become one popular unsupervised approach used towards detecting anomalies in hyperspectral imagery. Although demonstrating promising results in the literature on specific images, these methods can become difficult to directly interpret and often require tuning of their parameters to achieve high performance on a specific set of images. This lack of generality is also compounded by the need to remove noise and atmospheric absorption spectral bands from the image prior to detection. Without a process for this band selection and to make the methods adaptable to different image compositions, performance becomes difficult to maintain across a wider variety of images. Here, we present a framework that uses factor analysis to provide a robust band selection and more meaningful dimension reduction with which to detect anomalies in the imagery. Measurable characteristics of the image are used to create an automated decision process that allows the algorithm to adjust to a particular image, while maintaining high detection performance. The framework and its algorithms are detailed, and results are shown for forest, desert, sea, rural, urban, anomaly-sparse, and anomaly-dense imagery types from different sensors. Additionally, the method is compared to current state-of-the-art methods and is shown to be computationally efficient.

  14. Anomaly Detection with Text Mining

    Data.gov (United States)

    National Aeronautics and Space Administration — Many existing complex space systems have a significant amount of historical maintenance and problem data bases that are stored in unstructured text forms. The...

  15. Amalgamation of Anomaly-Detection Indices for Enhanced Process Monitoring

    KAUST Repository

    Harrou, Fouzi

    2016-01-29

    Accurate and effective anomaly detection and diagnosis of modern industrial systems are crucial for ensuring reliability and safety and for maintaining desired product quality. Anomaly detection based on principal component analysis (PCA) has been studied intensively and largely applied to multivariate processes with highly cross-correlated process variables; howver conventional PCA-based methods often fail to detect small or moderate anomalies. In this paper, the proposed approach integrates two popular process-monitoring detection tools, the conventional PCA-based monitoring indices Hotelling’s T2 and Q and the exponentially weighted moving average (EWMA). We develop two EWMA tools based on the Q and T2 statistics, T2-EWMA and Q-EWMA, to detect anomalies in the process mean. The performances of the proposed methods were compared with that of conventional PCA-based anomaly-detection methods by applying each method to two examples: a synthetic data set and experimental data collected from a flow heating system. The results clearly show the benefits and effectiveness of the proposed methods over conventional PCA-based methods.

  16. Detection Range of Airborne Magnetometers in Magnetic Anomaly Detection

    Directory of Open Access Journals (Sweden)

    Chengjing Li

    2015-11-01

    Full Text Available Airborne magnetometers are utilized for the small-range search, precise positioning, and identification of the ferromagnetic properties of underwater targets. As an important performance parameter of sensors, the detection range of airborne magnetometers is commonly set as a fixed value in references regardless of the influences of environment noise, target magnetic properties, and platform features in a classical model to detect airborne magnetic anomalies. As a consequence, deviation in detection ability analysis is observed. In this study, a novel detection range model is proposed on the basis of classic detection range models of airborne magnetometers. In this model, probability distribution is applied, and the magnetic properties of targets and the environment noise properties of a moving submarine are considered. The detection range model is also constructed by considering the distribution of the moving submarine during detection. A cell-averaging greatest-of-constant false alarm rate test method is also used to calculate the detection range of the model at a desired false alarm rate. The detection range model is then used to establish typical submarine search probabilistic models. Results show that the model can be used to evaluate not only the effects of ambient magnetic noise but also the moving and geomagnetic features of the target and airborne detection platform. The model can also be utilized to display the actual operating range of sensor systems.

  17. Multiple-Instance Learning for Anomaly Detection in Digital Mammography.

    Science.gov (United States)

    Quellec, Gwenole; Lamard, Mathieu; Cozic, Michel; Coatrieux, Gouenou; Cazuguel, Guy

    2016-07-01

    This paper describes a computer-aided detection and diagnosis system for breast cancer, the most common form of cancer among women, using mammography. The system relies on the Multiple-Instance Learning (MIL) paradigm, which has proven useful for medical decision support in previous works from our team. In the proposed framework, breasts are first partitioned adaptively into regions. Then, features derived from the detection of lesions (masses and microcalcifications) as well as textural features, are extracted from each region and combined in order to classify mammography examinations as "normal" or "abnormal". Whenever an abnormal examination record is detected, the regions that induced that automated diagnosis can be highlighted. Two strategies are evaluated to define this anomaly detector. In a first scenario, manual segmentations of lesions are used to train an SVM that assigns an anomaly index to each region; local anomaly indices are then combined into a global anomaly index. In a second scenario, the local and global anomaly detectors are trained simultaneously, without manual segmentations, using various MIL algorithms (DD, APR, mi-SVM, MI-SVM and MILBoost). Experiments on the DDSM dataset show that the second approach, which is only weakly-supervised, surprisingly outperforms the first approach, even though it is strongly-supervised. This suggests that anomaly detectors can be advantageously trained on large medical image archives, without the need for manual segmentation. PMID:26829783

  18. Outlier Detection Method Use for the Network Flow Anomaly Detection

    Directory of Open Access Journals (Sweden)

    Rimas Ciplinskas

    2016-06-01

    Full Text Available New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure.

  19. Anomaly Detection with Artificial Immune Network

    Institute of Scientific and Technical Information of China (English)

    PENG Lingxi; LI Tao; LIU Xiaojie; CHEN Yuefeng; LIU Caiming; LIU Sunjun

    2007-01-01

    Inspired by the immune network theory, an adaptive anomaly detection paradigm based on artificial immune network,referred as APAI, is proposed. The implementation of the paradigm includes: initially, the first is to create the initial antibody network; then, through the learning of each training antigen, the antibody network is evolved and updated by the optimal antibodies. Finally, anomaly detection process is accomplished by majority vote of the k nearest neighbor antibodies in the network. The experiments used the famous Sonar Benchmark dataset in our study, which is taken from the UCI machine learning database.The obtained detection accuracy of APAI was 97.7%, which was very promising with regard to the other classification applications in the literature for this problem. In addition to its nonlinear classification properties, APAI possesses biological immune networkproperties such as clonal selection, immune network, and immune memory, which can be applied to pattern recognition, classification, and etc.

  20. Anomaly Detection using the "Isolation Forest" algorithm

    CERN Document Server

    CERN. Geneva

    2015-01-01

    Anomaly detection can provide clues about an outlying minority class in your data: hackers in a set of network events, fraudsters in a set of credit card transactions, or exotic particles in a set of high-energy collisions. In this talk, we analyze a real dataset of breast tissue biopsies, with malignant results forming the minority class. The "Isolation Forest" algorithm finds anomalies by deliberately “overfitting” models that memorize each data point. Since outliers have more empty space around them, they take fewer steps to memorize. Intuitively, a house in the country can be identified simply as “that house out by the farm”, while a house in the city needs a longer description like “that house in Brooklyn, near Prospect Park, on Union Street, between the firehouse and the library, not far from the French restaurant”. We first use anomaly detection to find outliers in the biopsy data, then apply traditional predictive modeling to discover rules that separate anomalies from normal data...

  1. Anomaly Detection in Power Quality at Data Centers

    Science.gov (United States)

    Grichine, Art; Solano, Wanda M.

    2015-01-01

    The goal during my internship at the National Center for Critical Information Processing and Storage (NCCIPS) is to implement an anomaly detection method through the StruxureWare SCADA Power Monitoring system. The benefit of the anomaly detection mechanism is to provide the capability to detect and anticipate equipment degradation by monitoring power quality prior to equipment failure. First, a study is conducted that examines the existing techniques of power quality management. Based on these findings, and the capabilities of the existing SCADA resources, recommendations are presented for implementing effective anomaly detection. Since voltage, current, and total harmonic distortion demonstrate Gaussian distributions, effective set-points are computed using this model, while maintaining a low false positive count.

  2. HYPERSPECTRAL ANOMALY DETECTION IN URBAN SCENARIOS

    OpenAIRE

    Rejas Ayuga, J. G.; Martínez Marín, R.; Marchamalo Sacristán, M.; Bonatti, J.; Ojeda, J. C.

    2016-01-01

    We have studied the spectral features of reflectance and emissivity in the pattern recognition of urban materials in several single hyperspectral scenes through a comparative analysis of anomaly detection methods and their relationship with city surfaces with the aim to improve information extraction processes. Spectral ranges of the visible-near infrared (VNIR), shortwave infrared (SWIR) and thermal infrared (TIR) from hyperspectral data cubes of AHS sensor and HyMAP and MASTER of t...

  3. Anomaly Detection Using Metaheuristic Firefly Harmonic Clustering

    Directory of Open Access Journals (Sweden)

    Mario H. A. C. Adaniya

    2013-01-01

    Full Text Available The performance of communication networks can be affected by a number of factors including misconfiguration, equipments outages, attacks originated from legitimate behavior or not, software errors, among many other causes. These factors may cause an unexpected change in the traffic behavior and create what we call anomalies that may represent a loss of performance or breach of network security. Knowing the behavior pattern of the network is essential to detect and characterize an anomaly. Therefore, this paper presents an algorithm based on the use of Digital Signature of Network Segment (DSNS, used to model the traffic behavior pattern. We propose a clustering algorithm, K-Harmonic means (KHM, combined with a new heuristic approach, named Firefly Algorithm (FA, for network volume anomaly detection. The KHM calculate the weighting function of each point to calculate new centroids and circumventing the initialization problem present in most center based clustering algorithm and exploits the search capability of FA from escaping local optima. Processing the DSNS data and real traffic data is possible to detect and classify intervals considered anomalous with a trade-off between the 80% true-positive rate and 20% false-positive rate.

  4. A hybrid approach for efficient anomaly detection using metaheuristic methods

    Directory of Open Access Journals (Sweden)

    Tamer F. Ghanem

    2015-07-01

    Full Text Available Network intrusion detection based on anomaly detection techniques has a significant role in protecting networks and systems against harmful activities. Different metaheuristic techniques have been used for anomaly detector generation. Yet, reported literature has not studied the use of the multi-start metaheuristic method for detector generation. This paper proposes a hybrid approach for anomaly detection in large scale datasets using detectors generated based on multi-start metaheuristic method and genetic algorithms. The proposed approach has taken some inspiration of negative selection-based detector generation. The evaluation of this approach is performed using NSL-KDD dataset which is a modified version of the widely used KDD CUP 99 dataset. The results show its effectiveness in generating a suitable number of detectors with an accuracy of 96.1% compared to other competitors of machine learning algorithms.

  5. Tiresias: Online Anomaly Detection for Hierarchical Operational Network Data

    OpenAIRE

    Hong, Chi-Yao; Caesar, Matthew; Duffield, Nick; Wang, Jia

    2012-01-01

    Operational network data, management data such as customer care call logs and equipment system logs, is a very important source of information for network operators to detect problems in their networks. Unfortunately, there is lack of efficient tools to automatically track and detect anomalous events on operational data, causing ISP operators to rely on manual inspection of this data. While anomaly detection has been widely studied in the context of network data, operational data presents sev...

  6. Anomaly Detection Based on Sensor Data in Petroleum Industry Applications

    Directory of Open Access Journals (Sweden)

    Luis Martí

    2015-01-01

    Full Text Available Anomaly detection is the problem of finding patterns in data that do not conform to an a priori expected behavior. This is related to the problem in which some samples are distant, in terms of a given metric, from the rest of the dataset, where these anomalous samples are indicated as outliers. Anomaly detection has recently attracted the attention of the research community, because of its relevance in real-world applications, like intrusion detection, fraud detection, fault detection and system health monitoring, among many others. Anomalies themselves can have a positive or negative nature, depending on their context and interpretation. However, in either case, it is important for decision makers to be able to detect them in order to take appropriate actions. The petroleum industry is one of the application contexts where these problems are present. The correct detection of such types of unusual information empowers the decision maker with the capacity to act on the system in order to correctly avoid, correct or react to the situations associated with them. In that application context, heavy extraction machines for pumping and generation operations, like turbomachines, are intensively monitored by hundreds of sensors each that send measurements with a high frequency for damage prevention. In this paper, we propose a combination of yet another segmentation algorithm (YASA, a novel fast and high quality segmentation algorithm, with a one-class support vector machine approach for efficient anomaly detection in turbomachines. The proposal is meant for dealing with the aforementioned task and to cope with the lack of labeled training data. As a result, we perform a series of empirical studies comparing our approach to other methods applied to benchmark problems and a real-life application related to oil platform turbomachinery anomaly detection.

  7. Detection of data taking anomalies for the ATLAS experiment

    CERN Document Server

    De Castro Vargas Fernandes, Julio; The ATLAS collaboration; Lehmann Miotto, Giovanna

    2015-01-01

    The physics signals produced by the ATLAS detector at the Large Hadron Collider (LHC) at CERN are acquired and selected by a distributed Trigger and Data AcQuistition (TDAQ) system, comprising a large number of hardware devices and software components. In this work, we focus on the problem of online detection of anomalies along the data taking period. Anomalies, in this context, are defined as an unexpected behaviour of the TDAQ system that result in a loss of data taking efficiency: the causes for those anomalies may come from the TDAQ itself or from external sources. While the TDAQ system operates, it publishes several useful information (trigger rates, dead times, memory usage…). Such information over time creates a set of time series that can be monitored in order to detect (and react to) problems (or anomalies). Here, we approach TDAQ operation monitoring through a data quality perspective, i.e, an anomaly is seen as a loss of quality (an outlier) and it is reported: this information can be used to rea...

  8. Method for Real-Time Model Based Structural Anomaly Detection

    Science.gov (United States)

    Smith, Timothy A. (Inventor); Urnes, James M., Sr. (Inventor); Reichenbach, Eric Y. (Inventor)

    2015-01-01

    A system and methods for real-time model based vehicle structural anomaly detection are disclosed. A real-time measurement corresponding to a location on a vehicle structure during an operation of the vehicle is received, and the real-time measurement is compared to expected operation data for the location to provide a modeling error signal. A statistical significance of the modeling error signal to provide an error significance is calculated, and a persistence of the error significance is determined. A structural anomaly is indicated, if the persistence exceeds a persistence threshold value.

  9. Anomaly Detection for Next-Generation Space Launch Ground Operations

    Science.gov (United States)

    Spirkovska, Lilly; Iverson, David L.; Hall, David R.; Taylor, William M.; Patterson-Hine, Ann; Brown, Barbara; Ferrell, Bob A.; Waterman, Robert D.

    2010-01-01

    NASA is developing new capabilities that will enable future human exploration missions while reducing mission risk and cost. The Fault Detection, Isolation, and Recovery (FDIR) project aims to demonstrate the utility of integrated vehicle health management (IVHM) tools in the domain of ground support equipment (GSE) to be used for the next generation launch vehicles. In addition to demonstrating the utility of IVHM tools for GSE, FDIR aims to mature promising tools for use on future missions and document the level of effort - and hence cost - required to implement an application with each selected tool. One of the FDIR capabilities is anomaly detection, i.e., detecting off-nominal behavior. The tool we selected for this task uses a data-driven approach. Unlike rule-based and model-based systems that require manual extraction of system knowledge, data-driven systems take a radically different approach to reasoning. At the basic level, they start with data that represent nominal functioning of the system and automatically learn expected system behavior. The behavior is encoded in a knowledge base that represents "in-family" system operations. During real-time system monitoring or during post-flight analysis, incoming data is compared to that nominal system operating behavior knowledge base; a distance representing deviation from nominal is computed, providing a measure of how far "out of family" current behavior is. We describe the selected tool for FDIR anomaly detection - Inductive Monitoring System (IMS), how it fits into the FDIR architecture, the operations concept for the GSE anomaly monitoring, and some preliminary results of applying IMS to a Space Shuttle GSE anomaly.

  10. Firewall policy anomaly detection and resolution

    Directory of Open Access Journals (Sweden)

    Ms. R.V.Darade

    2014-06-01

    Full Text Available Security of all private networks in businesses and institutions is achieved by firewall. Firewall provides protection by the quality of policy configured. Lack of Systematic analysis mechanism and Tools, Complex firewall configuration makes designing and managing firewall policies difficult. With help of segmentation rule, anomaly management framework is designed for accurate detection and effective resolution of anomalies. Using this technique, packets of network can be divided into set of disjoint packet space segments. Every segment is associated with unique set of firewall rules which specify an overlap relation among all firewall rules whic h could be conflicting or redundant. Flexible conflict resolution method is provided which has many resolution stra tegies for risk assessment of protected networks and its policy definition. Firewall logs are maintained by using association rule mining on these logs to find frequent logs, which in turned filtered to find malicious packets. Apriori algorithm is used to find frequent element from above logs. In each round, it computes the support for all candidate-item-sets. Candidate-item-sets with frequency above the minimum support parameter are selected at the end of each round; these frequent item-sets of round are used in the next round to construct candidate -item-sets. The algorithm halts when item-sets with desired frequency not found .

  11. MRI of central nervous system anomalies

    Energy Technology Data Exchange (ETDEWEB)

    Izawa, M.; Oikawa, A.; Matoba, A.

    1987-05-01

    MRI was very useful in the evaluation of congenital anomalies of central nervous system as well as other nervous system disease with three-dimensional spatial resolution. We had experienced MRI of central nervous system anomalies, demonstrated characterisitic findings in each anomaly. MRI is useful to observe the coronal, horizontal and sagittal images of the brain and spinal cord in order to discuss the etiological mechanisms of spinal dysraphysm and its associated anomalies. In case of spina bifida cystica MRI was available to decide operative indication for radical operation and tetherd cord developed from postoperative scar or accompanied intraspinal lesions.

  12. MRI of central nervous system anomalies

    International Nuclear Information System (INIS)

    MRI was very useful in the evaluation of congenital anomalies of central nervous system as well as other nervous system disease with three-dimensional spatial resolution. We had experienced MRI of central nervous system anomalies, demonstrated characterisitic findings in each anomaly. MRI is useful to observe the coronal, horizontal and sagittal images of the brain and spinal cord in order to discuss the etiological mechanisms of spinal dysraphysm and its associated anomalies. In case of spina bifida cystica MRI was available to decide operative indication for radical operation and tetherd cord developed from postoperative scar or accompanied intraspinal lesions. (author)

  13. FLEAD: online frequency likelihood estimation anomaly detection for mobile sensing

    OpenAIRE

    LE, Viet-Duc; Scholten, Hans; Havinga, Paul

    2013-01-01

    With the rise of smartphone platforms, adaptive sensing becomes an predominant key to overcome intricate constraints such as smartphone's capabilities and dynamic data. One way to do this is estimating the event probability based on anomaly detection to invoke heavy processes, such as switching on more sensors or retrieving information. However, most conventional anomaly detection methods are power hungry and computation consuming. This paper proposes a new online anomaly detection algorithm ...

  14. Method for detecting software anomalies based on recurrence plot analysis

    Directory of Open Access Journals (Sweden)

    Michał Mosdorf

    2012-03-01

    Full Text Available Presented paper evaluates method for detecting software anomalies based on recurrence plot analysis of trace log generated by software execution. Described method for detecting software anomalies is based on windowed recurrence quantification analysis for selected measures (e.g. Recurrence rate - RR or Determinism - DET. Initial results show that proposed method is useful in detecting silent software anomalies that do not result in typical crashes (e.g. exceptions.

  15. Mobile gamma-ray scanning system for detecting radiation anomalies associated with 226Ra-bearing materials

    International Nuclear Information System (INIS)

    A mobile gamma-ray scanning system has been developed by Oak Ridge National Laboratory for use in the Department of Energy's remedial action survey programs. The unit consists of a NaI(T1) detection system housed in a specially-equipped van. The system is operator controlled through an on-board mini-computer, with data output provided on the computer video screen, strip chart recorders, and an on-line printer. Data storage is provided by a floppy disk system. Multichannel analysis capabilities are included for qualitative radionuclide identification. A 226Ra-specific algorithm is employed to identify locations containing residual radium-bearing materials. This report presents the details of the system description, software development, and scanning methods utilized with the ORNL system. Laboratory calibration and field testing have established the system sensitivity, field of view, and other performance characteristics, the results of which are also presented. Documentation of the instrumentation and computer programs are included

  16. Unsupervised Anomaly Detection for Liquid-Fueled Rocket Prop...

    Data.gov (United States)

    National Aeronautics and Space Administration — Title: Unsupervised Anomaly Detection for Liquid-Fueled Rocket Propulsion Health Monitoring. Abstract: This article describes the results of applying four...

  17. DISTRIBUTED ANOMALY DETECTION USING SATELLITE DATA FROM MULTIPLE MODALITIES

    Data.gov (United States)

    National Aeronautics and Space Administration — DISTRIBUTED ANOMALY DETECTION USING SATELLITE DATA FROM MULTIPLE MODALITIES KANISHKA BHADURI*, KAMALIKA DAS, AND PETR VOTAVA* Abstract. There has been a tremendous...

  18. ANOMALY DETECTION AND ATTRIBUTION USING AUTO FORECAST AND DIRECTED GRAPHS

    Directory of Open Access Journals (Sweden)

    Vivek Sankar

    2016-03-01

    Full Text Available In the business world, decision makers rely heavily on data to back their decisions. With the quantum of data increasing rapidly, traditional methods used to generate insights from reports and dashboards will soon become intractable. This creates a need for efficient systems which can substitute human intelligence and reduce time latency in decision making. This paper describes an approach to process time series data with multiple dimensions such as geographies, verticals, products, efficiently, and to detect anomalies in the data and further, to explain potential reasons for the occurrence of the anomalies. The algorithm implements auto selection of forecast models to make reliable forecasts and detect such anomalies. Depth First Search (DFS is applied to analyse each of these anomalies and find its root causes. The algorithm filters the redundant causes and reports the insights to the stakeholders. Apart from being a hair-trigger KPI tracking mechanism, this algorithm can also be customized for problems lke A/B testing, campaign tracking and product evaluations.

  19. Evaluating Real-time Anomaly Detection Algorithms - the Numenta Anomaly Benchmark

    OpenAIRE

    Lavin, Alexander; Ahmad, Subutai

    2015-01-01

    Much of the world's data is streaming, time-series data, where anomalies give significant information in critical situations; examples abound in domains such as finance, IT, security, medical, and energy. Yet detecting anomalies in streaming data is a difficult task, requiring detectors to process data in real-time, not batches, and learn while simultaneously making predictions. There are no benchmarks to adequately test and score the efficacy of real-time anomaly detectors. Here we propose t...

  20. Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection

    Directory of Open Access Journals (Sweden)

    Shaimaa Ezzat Salama

    2012-03-01

    Full Text Available Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks. In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. The main idea of this framework is to create a profile for legitimate database behavior extracted from applying association rules on XML file containing queries submitted from application to the database. As a second step in the detection process, the structure of the query under observation will be compared against the legitimate queries stored in the XML file thus minimizing false positive alarms

  1. Detection of Cardiovascular Anomalies: An Observer-Based Approach

    KAUST Repository

    Ledezma, Fernando

    2012-07-01

    In this thesis, a methodology for the detection of anomalies in the cardiovascular system is presented. The cardiovascular system is one of the most fascinating and complex physiological systems. Nowadays, cardiovascular diseases constitute one of the most important causes of mortality in the world. For instance, an estimate of 17.3 million people died in 2008 from cardiovascular diseases. Therefore, many studies have been devoted to modeling the cardiovascular system in order to better understand its behavior and find new reliable diagnosis techniques. The lumped parameter model of the cardiovascular system proposed in [1] is restructured using a hybrid systems approach in order to include a discrete input vector that represents the influence of the mitral and aortic valves in the different phases of the cardiac cycle. Parting from this model, a Taylor expansion around the nominal values of a vector of parameters is conducted. This expansion serves as the foundation for a component fault detection process to detect changes in the physiological parameters of the cardiovascular system which could be associated with cardiovascular anomalies such as atherosclerosis, aneurysm, high blood pressure, etc. An Extended Kalman Filter is used in order to achieve a joint estimation of the state vector and the changes in the considered parameters. Finally, a bank of filters is, as in [2], used in order to detect the appearance of heart valve diseases, particularly stenosis and regurgitation. The first numerical results obtained are presented.

  2. Profile-based adaptive anomaly detection for network security.

    Energy Technology Data Exchange (ETDEWEB)

    Zhang, Pengchu C. (Sandia National Laboratories, Albuquerque, NM); Durgin, Nancy Ann

    2005-11-01

    As information systems become increasingly complex and pervasive, they become inextricably intertwined with the critical infrastructure of national, public, and private organizations. The problem of recognizing and evaluating threats against these complex, heterogeneous networks of cyber and physical components is a difficult one, yet a solution is vital to ensuring security. In this paper we investigate profile-based anomaly detection techniques that can be used to address this problem. We focus primarily on the area of network anomaly detection, but the approach could be extended to other problem domains. We investigate using several data analysis techniques to create profiles of network hosts and perform anomaly detection using those profiles. The ''profiles'' reduce multi-dimensional vectors representing ''normal behavior'' into fewer dimensions, thus allowing pattern and cluster discovery. New events are compared against the profiles, producing a quantitative measure of how ''anomalous'' the event is. Most network intrusion detection systems (IDSs) detect malicious behavior by searching for known patterns in the network traffic. This approach suffers from several weaknesses, including a lack of generalizability, an inability to detect stealthy or novel attacks, and lack of flexibility regarding alarm thresholds. Our research focuses on enhancing current IDS capabilities by addressing some of these shortcomings. We identify and evaluate promising techniques for data mining and machine-learning. The algorithms are ''trained'' by providing them with a series of data-points from ''normal'' network traffic. A successful algorithm can be trained automatically and efficiently, will have a low error rate (low false alarm and miss rates), and will be able to identify anomalies in ''pseudo real-time'' (i.e., while the intrusion is still in progress

  3. Anomaly detection enhanced classification in computer intrusion detection

    Energy Technology Data Exchange (ETDEWEB)

    Fugate, M. L. (Michael L.); Gattiker, J. R. (James R.)

    2002-01-01

    This report describes work with the goal of enhancing capabilities in computer intrusion detection. The work builds upon a study of classification performance, that compared various methods of classifying information derived from computer network packets into attack versus normal categories, based on a labeled training dataset. This previous work validates our classification methods, and clears the ground for studying whether and how anomaly detection can be used to enhance this performance, The DARPA project that initiated the dataset used here concluded that anomaly detection should be examined to boost the performance of machine learning in the computer intrusion detection task. This report investigates the data set for aspects that will be valuable for anomaly detection application, and supports these results with models constructed from the data. In this report, the term anomaly detection means learning a model from unlabeled data, and using this to make some inference about future data. Our data is a feature vector derived from network packets: an 'example' or 'sample'. On the other hand, classification means building a model from labeled data, and using that model to classify unlabeled (future) examples. There is some precedent in the literature for combining these methods. One approach is to stage the two techniques, using anomaly detection to segment data into two sets for classification. An interpretation of this is a method to combat nonstationarity in the data. In our previous work, we demonstrated that the data has substantial temporal nonstationarity. With classification methods that can be thought of as learning a decision surface between two statistical distributions, performance is expected to degrade significantly when classifying examples that are from regions not well represented in the training set. Anomaly detection can be seen as a problem of learning the density (landscape) or the support (boundary) of a statistical

  4. Anomaly Detection in Clutter using Spectrally Enhanced Ladar

    CERN Document Server

    Chhabra, Puneet S; Hopgood, James R

    2016-01-01

    Discrete return (DR) Laser Detection and Ranging (Ladar) systems provide a series of echoes that reflect from objects in a scene. These can be first, last or multi-echo returns. In contrast, Full-Waveform (FW)-Ladar systems measure the intensity of light reflected from objects continuously over a period of time. In a camouflaged scenario, e.g., objects hidden behind dense foliage, a FW-Ladar penetrates such foliage and returns a sequence of echoes including buried faint echoes. The aim of this paper is to learn local-patterns of co-occurring echoes characterised by their measured spectra. A deviation from such patterns defines an abnormal event in a forest/tree depth profile. As far as the authors know, neither DR or FW-Ladar, along with several spectral measurements, has not been applied to anomaly detection. This work presents an algorithm that allows detection of spectral and temporal anomalies in FW-Multi Spectral Ladar (FW-MSL) data samples. An anomaly is defined as a full waveform temporal and spectral ...

  5. Thermal and TEC anomalies detection using an intelligent hybrid system around the time of the Saravan, Iran, (Mw = 7.7) earthquake of 16 April 2013

    Science.gov (United States)

    Akhoondzadeh, M.

    2014-02-01

    A powerful earthquake of Mw = 7.7 struck the Saravan region (28.107° N, 62.053° E) in Iran on 16 April 2013. Up to now nomination of an automated anomaly detection method in a non linear time series of earthquake precursor has been an attractive and challenging task. Artificial Neural Network (ANN) and Particle Swarm Optimization (PSO) have revealed strong potentials in accurate time series prediction. This paper presents the first study of an integration of ANN and PSO method in the research of earthquake precursors to detect the unusual variations of the thermal and total electron content (TEC) seismo-ionospheric anomalies induced by the strong earthquake of Saravan. In this study, to overcome the stagnation in local minimum during the ANN training, PSO as an optimization method is used instead of traditional algorithms for training the ANN method. The proposed hybrid method detected a considerable number of anomalies 4 and 8 days preceding the earthquake. Since, in this case study, ionospheric TEC anomalies induced by seismic activity is confused with background fluctuations due to solar activity, a multi-resolution time series processing technique based on wavelet transform has been applied on TEC signal variations. In view of the fact that the accordance in the final results deduced from some robust methods is a convincing indication for the efficiency of the method, therefore the detected thermal and TEC anomalies using the ANN + PSO method were compared to the results with regard to the observed anomalies by implementing the mean, median, Wavelet, Kalman filter, Auto-Regressive Integrated Moving Average (ARIMA), Support Vector Machine (SVM) and Genetic Algorithm (GA) methods. The results indicate that the ANN + PSO method is quite promising and deserves serious attention as a new tool for thermal and TEC seismo anomalies detection.

  6. Multicriteria Similarity-Based Anomaly Detection Using Pareto Depth Analysis.

    Science.gov (United States)

    Hsiao, Ko-Jen; Xu, Kevin S; Calder, Jeff; Hero, Alfred O

    2016-06-01

    We consider the problem of identifying patterns in a data set that exhibits anomalous behavior, often referred to as anomaly detection. Similarity-based anomaly detection algorithms detect abnormally large amounts of similarity or dissimilarity, e.g., as measured by the nearest neighbor Euclidean distances between a test sample and the training samples. In many application domains, there may not exist a single dissimilarity measure that captures all possible anomalous patterns. In such cases, multiple dissimilarity measures can be defined, including nonmetric measures, and one can test for anomalies by scalarizing using a nonnegative linear combination of them. If the relative importance of the different dissimilarity measures are not known in advance, as in many anomaly detection applications, the anomaly detection algorithm may need to be executed multiple times with different choices of weights in the linear combination. In this paper, we propose a method for similarity-based anomaly detection using a novel multicriteria dissimilarity measure, the Pareto depth. The proposed Pareto depth analysis (PDA) anomaly detection algorithm uses the concept of Pareto optimality to detect anomalies under multiple criteria without having to run an algorithm multiple times with different choices of weights. The proposed PDA approach is provably better than using linear combinations of the criteria, and shows superior performance on experiments with synthetic and real data sets.

  7. Online Anomaly Energy Consumption Detection Using Lambda Architecture

    DEFF Research Database (Denmark)

    Liu, Xiufeng; Iftikhar, Nadeem; Nielsen, Per Sieverts;

    2016-01-01

    With the widely use of smart meters in the energy sector, anomaly detection becomes a crucial mean to study the unusual consumption behaviors of customers, and to discover unexpected events of using energy promptly. Detecting consumption anomalies is, essentially, a real-time big data analytics p...

  8. Automated Network Anomaly Detection with Learning, Control and Mitigation

    Science.gov (United States)

    Ippoliti, Dennis

    2014-01-01

    Anomaly detection is a challenging problem that has been researched within a variety of application domains. In network intrusion detection, anomaly based techniques are particularly attractive because of their ability to identify previously unknown attacks without the need to be programmed with the specific signatures of every possible attack.…

  9. Multicriteria Similarity-Based Anomaly Detection Using Pareto Depth Analysis.

    Science.gov (United States)

    Hsiao, Ko-Jen; Xu, Kevin S; Calder, Jeff; Hero, Alfred O

    2016-06-01

    We consider the problem of identifying patterns in a data set that exhibits anomalous behavior, often referred to as anomaly detection. Similarity-based anomaly detection algorithms detect abnormally large amounts of similarity or dissimilarity, e.g., as measured by the nearest neighbor Euclidean distances between a test sample and the training samples. In many application domains, there may not exist a single dissimilarity measure that captures all possible anomalous patterns. In such cases, multiple dissimilarity measures can be defined, including nonmetric measures, and one can test for anomalies by scalarizing using a nonnegative linear combination of them. If the relative importance of the different dissimilarity measures are not known in advance, as in many anomaly detection applications, the anomaly detection algorithm may need to be executed multiple times with different choices of weights in the linear combination. In this paper, we propose a method for similarity-based anomaly detection using a novel multicriteria dissimilarity measure, the Pareto depth. The proposed Pareto depth analysis (PDA) anomaly detection algorithm uses the concept of Pareto optimality to detect anomalies under multiple criteria without having to run an algorithm multiple times with different choices of weights. The proposed PDA approach is provably better than using linear combinations of the criteria, and shows superior performance on experiments with synthetic and real data sets. PMID:26336154

  10. Generalization of GLRT-Based Magnetic Anomaly Detection

    OpenAIRE

    Pepe, Pascal; Zozor, Steeve; Rouve, Laure-Line; Coulomb, Jean-Louis; Servière, Christine; Muley, Jean

    2015-01-01

    International audience Magnetic anomaly detection (MAD) refers to a passive method used to reveal hidden magnetic masses and is most commonly based on a dipolar target model. This paper proposes a generalization of the MAD through a multipolar model that provides a more precise description of the anomaly and serves a twofold objective: to improve the detection performance , and to widen the variety of detectable targets. The dipole detection strategy – namely an orthonormal decomposition o...

  11. A Neural Network Approach for Misuse and Anomaly Intrusion Detection

    Institute of Scientific and Technical Information of China (English)

    YAO Yu; YU Ge; GAO Fu-xiang

    2005-01-01

    An MLP(Multi-Layer Perceptron)/Elman neural network is proposed in this paper, which realizes classification with memory of past events using the real-time classification of MLP and the memorial functionality of Elman. The system's sensitivity for the memory of past events can be easily reconfigured without retraining the whole network. This approach can be used for both misuse and anomaly detection system. The intrusion detection systems(IDSs) using the hybrid MLP/Elman neural network are evaluated by the intrusion detection evaluation data sponsored by U. S. Defense Advanced Research Projects Agency (DARPA). The results of experiment are presented in Receiver Operating Characteristic (ROC) curves. The capabilites of these IDSs to identify Deny of Service(DOS) and probing attacks are enhanced.

  12. Tiresias: Online Anomaly Detection for Hierarchical Operational Network Data

    CERN Document Server

    Hong, Chi-Yao; Duffield, Nick; Wang, Jia

    2012-01-01

    Operational network data, management data such as customer care call logs and equipment system logs, is a very important source of information for network operators to detect problems in their networks. Unfortunately, there is lack of efficient tools to automatically track and detect anomalous events on operational data, causing ISP operators to rely on manual inspection of this data. While anomaly detection has been widely studied in the context of network data, operational data presents several new challenges, including the volatility and sparseness of data, and the need to perform fast detection (complicating application of schemes that require offline processing or large/stable data sets to converge). To address these challenges, we propose Tiresias, an automated approach to locating anomalous events on hierarchical operational data. Tiresias leverages the hierarchical structure of operational data to identify high-impact aggregates (e.g., locations in the network, failure modes) likely to be associated w...

  13. EUROCAT website data on prenatal detection rates of congenital anomalies

    DEFF Research Database (Denmark)

    Garne, Ester; Dolk, Helen; Loane, Maria;

    2010-01-01

    The EUROCAT website www.eurocat-network.eu publishes prenatal detection rates for major congenital anomalies using data from European population-based congenital anomaly registers, covering 28% of the EU population as well as non-EU countries. Data are updated annually. This information can...

  14. Towards Reliable Evaluation of Anomaly-Based Intrusion Detection Performance

    Science.gov (United States)

    Viswanathan, Arun

    2012-01-01

    This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this

  15. Network Traffic Anomalies Detection and Identification with Flow Monitoring

    CERN Document Server

    Nguyen, Huy; Kim, Dong Il; Choi, Deokjai

    2010-01-01

    Network management and security is currently one of the most vibrant research areas, among which, research on detecting and identifying anomalies has attracted a lot of interest. Researchers are still struggling to find an effective and lightweight method for anomaly detection purpose. In this paper, we propose a simple, robust method that detects network anomalous traffic data based on flow monitoring. Our method works based on monitoring the four predefined metrics that capture the flow statistics of the network. In order to prove the power of the new method, we did build an application that detects network anomalies using our method. And the result of the experiments proves that by using the four simple metrics from the flow data, we do not only effectively detect but can also identify the network traffic anomalies.

  16. On the Utility of Anonymized Flow Traces for Anomaly Detection

    CERN Document Server

    Burkhart, Martin; May, Martin

    2008-01-01

    The sharing of network traces is an important prerequisite for the development and evaluation of efficient anomaly detection mechanisms. Unfortunately, privacy concerns and data protection laws prevent network operators from sharing these data. Anonymization is a promising solution in this context; however, it is unclear if the sanitization of data preserves the traffic characteristics or introduces artifacts that may falsify traffic analysis results. In this paper, we examine the utility of anonymized flow traces for anomaly detection. We quantitatively evaluate the impact of IP address anonymization, namely variations of permutation and truncation, on the detectability of large-scale anomalies. Specifically, we analyze three weeks of un-sampled and non-anonymized network traces from a medium-sized backbone network. We find that all anonymization techniques, except prefix-preserving permutation, degrade the utility of data for anomaly detection. We show that the degree of degradation depends to a large exten...

  17. Solving a prisoner's dilemma in distributed anomaly detection

    Data.gov (United States)

    National Aeronautics and Space Administration — Anomaly detection has recently become an important problem in many industrial and financial applications. In several instances, the data to be analyzed for possible...

  18. In-Flight Diagnosis and Anomaly Detection Project

    Data.gov (United States)

    National Aeronautics and Space Administration — In flight diagnosis and anomaly detection is a difficult challenge that requires sufficient observation and real-time processing of health information. Our approach...

  19. Anomaly Detection and Diagnosis Algorithms for Discrete Symbols

    Data.gov (United States)

    National Aeronautics and Space Administration — We present a set of novel algorithms which we call sequenceMiner that detect and characterize anomalies in large sets of high-dimensional symbol sequences that...

  20. Comparative Analysis of Data-Driven Anomaly Detection Methods

    Data.gov (United States)

    National Aeronautics and Space Administration — This paper provides a review of three different advanced machine learning algorithms for anomaly detection in continuous data streams from a ground-test firing of a...

  1. Fetal central nervous system anomalies: fast MRI vs ultrasonography

    International Nuclear Information System (INIS)

    Objective: To evaluate the ability of fast MRI to detect fetal central nervous system (CNS) anomalies and to compare its performance with that of prenatal ultrasonography (US). Methods Forty-eight pregnant women were detected by conventional prenatal US and MRI. Twenty-two fetuses with CNS anomalies were conformed by autopsy and follow-up. The MR and US appearances of fetal CNS structure were compared to each other and to that of autopsy. Results: A total of 26 CNS anomalies were identified by autopsy (n=17) and follow-up (n=9) including anencephaly (n=6), rachischisis (n=2), encephalocele (n=3), congenital hydrocephalus (n=7), alobar holoprosencephaly (n=1), porencephalia (n=3), arachnoid cyst (n=2) and choroids plexus cyst (n=2). US diagnosed 24 CNS anomalies, the correct diagnostic rate was 92.3%, the false-positive rate was 3.8%, the missed-diagnostic rate was 3.8%. MRI diagnosed 23 CNS anomalies, the correct-diagnostic rate was 88.5%, the false-positive rate was 3.8% ,the missed-diagnostic rate was 7.7%. There was no difference between US and MRI (P>0.05), but MRI have larger FOV, higher tissues resolution, and can demonstrate gray-white matter in detail. Conclusions: MR imaging has a similar sensitivity to that of US in the detection of fetal CNS anomalies. (authors)

  2. Anomaly detection using magnetic flux leakage technology

    Energy Technology Data Exchange (ETDEWEB)

    Rempel, Raymond G. [BJ Pipeline Inspection Services, Alberta (Canada)

    2005-07-01

    There are many aspects to properly assessing the integrity of a pipeline. In-line-Inspection (ILI) tools, in particular those that employ the advanced use of Magnetic Flux Leakage (MFL) technology, provide a valuable means of achieving required up-to-date knowledge of a pipeline. More prevalent use of High Resolution MFL In-Line-Inspection tools is growing the knowledge base that leads to more reliable and accurate identification of anomalies in a pipeline, thus, minimizing the need for expensive verification excavations. Accurate assessment of pipeline anomalies can improve the decision making process within an Integrity Management Program and excavation programs can then focus on required repairs instead of calibration or exploratory digs. Utilizing the information from an MFL ILI inspection is not only cost effective but, as well, can also prove to be an extremely valuable building block of a Pipeline Integrity Management Program. (author)

  3. Detecting Traffic Anomalies in Urban Areas Using Taxi GPS Data

    Directory of Open Access Journals (Sweden)

    Weiming Kuang

    2015-01-01

    Full Text Available Large-scale GPS data contain hidden information and provide us with the opportunity to discover knowledge that may be useful for transportation systems using advanced data mining techniques. In major metropolitan cities, many taxicabs are equipped with GPS devices. Because taxies operate continuously for nearly 24 hours per day, they can be used as reliable sensors for the perceived traffic state. In this paper, the entire city was divided into subregions by roads, and taxi GPS data were transformed into traffic flow data to build a traffic flow matrix. In addition, a highly efficient anomaly detection method was proposed based on wavelet transform and PCA (principal component analysis for detecting anomalous traffic events in urban regions. The traffic anomaly is considered to occur in a subregion when the values of the corresponding indicators deviate significantly from the expected values. This method was evaluated using a GPS dataset that was generated by more than 15,000 taxies over a period of half a year in Harbin, China. The results show that this detection method is effective and efficient.

  4. Lidar detection algorithm for time and range anomalies

    Science.gov (United States)

    Ben-David, Avishai; Davidson, Charles E.; Vanderbeek, Richard G.

    2007-10-01

    A new detection algorithm for lidar applications has been developed. The detection is based on hyperspectral anomaly detection that is implemented for time anomaly where the question "is a target (aerosol cloud) present at range R within time t1 to t2" is addressed, and for range anomaly where the question "is a target present at time t within ranges R1 and R2" is addressed. A detection score significantly different in magnitude from the detection scores for background measurements suggests that an anomaly (interpreted as the presence of a target signal in space/time) exists. The algorithm employs an option for a preprocessing stage where undesired oscillations and artifacts are filtered out with a low-rank orthogonal projection technique. The filtering technique adaptively removes the one over range-squared dependence of the background contribution of the lidar signal and also aids visualization of features in the data when the signal-to-noise ratio is low. A Gaussian-mixture probability model for two hypotheses (anomaly present or absent) is computed with an expectation-maximization algorithm to produce a detection threshold and probabilities of detection and false alarm. Results of the algorithm for CO2 lidar measurements of bioaerosol clouds Bacillus atrophaeus (formerly known as Bacillus subtilis niger, BG) and Pantoea agglomerans, Pa (formerly known as Erwinia herbicola, Eh) are shown and discussed.

  5. A New Methodology for Early Anomaly Detection of BWR Instabilities

    Energy Technology Data Exchange (ETDEWEB)

    Ivanov, K. N.

    2005-11-27

    The objective of the performed research is to develop an early anomaly detection methodology so as to enhance safety, availability, and operational flexibility of Boiling Water Reactor (BWR) nuclear power plants. The technical approach relies on suppression of potential power oscillations in BWRs by detecting small anomalies at an early stage and taking appropriate prognostic actions based on an anticipated operation schedule. The research utilizes a model of coupled (two-phase) thermal-hydraulic and neutron flux dynamics, which is used as a generator of time series data for anomaly detection at an early stage. The model captures critical nonlinear features of coupled thermal-hydraulic and nuclear reactor dynamics and (slow time-scale) evolution of the anomalies as non-stationary parameters. The time series data derived from this nonlinear non-stationary model serves as the source of information for generating the symbolic dynamics for characterization of model parameter changes that quantitatively represent small anomalies. The major focus of the presented research activity was on developing and qualifying algorithms of pattern recognition for power instability based on anomaly detection from time series data, which later can be used to formulate real-time decision and control algorithms for suppression of power oscillations for a variety of anticipated operating conditions. The research being performed in the framework of this project is essential to make significant improvement in the capability of thermal instability analyses for enhancing safety, availability, and operational flexibility of currently operating and next generation BWRs.

  6. A New Method for Early Anomaly Detection of BWR Instabilities

    International Nuclear Information System (INIS)

    The objective of the performed research is to develop an early anomaly detection methodology so as to enhance safety, availability, and operational flexibility of Boiling Water Reactor (BWR) nuclear power plants. The technical approach relies on suppression of potential power oscillations in BWRs by detecting small anomalies at an early stage and taking appropriate prognostic actions based on an anticipated operation schedule. The research utilizes a model of coupled (two-phase) thermal-hydraulic and neutron flux dynamics, which is used as a generator of time series data for anomaly detection at an early stage. The model captures critical nonlinear features of coupled thermal-hydraulic and nuclear reactor dynamics and (slow time-scale) evolution of the anomalies as non-stationary parameters. The time series data derived from this nonlinear non-stationary model serves as the source of information for generating the symbolic dynamics for characterization of model parameter changes that quantitatively represent small anomalies. The major focus of the presented research activity was on developing and qualifying algorithms of pattern recognition for power instability based on anomaly detection from time series data, which later can be used to formulate real-time decision and control algorithms for suppression of power oscillations for a variety of anticipated operating conditions. The research being performed in the framework of this project is essential to make significant improvement in the capability of thermal instability analyses for enhancing safety, availability, and operational flexibility of currently operating and next generation BWRs.

  7. A first approach on fault detection and isolation for cardiovascular anomalies detection

    KAUST Repository

    Diaz Ledezma, F.

    2015-07-01

    In this paper, we use an extended version of the cardiovascular system\\'s state space model presented by [1] and propose a fault detection and isolation methodology to study the problem of detecting cardiovascular anomalies that can originate from variations in physiological parameters and deviations in the performance of the heart\\'s mitral and aortic valves. An observer-based approach is discussed as the basis of the method. The approach contemplates a bank of Extended Kalman Filters to achieve joint estimation of the model\\'s states and parameters and to detect malfunctions in the valves\\' performance. © 2015 American Automatic Control Council.

  8. Discovering Emerging Topics in Social Streams via Link Anomaly Detection

    CERN Document Server

    Takahashi, Toshimitsu; Yamanishi, Kenji

    2011-01-01

    Detection of emerging topics are now receiving renewed interest motivated by the rapid growth of social networks. Conventional term-frequency-based approaches may not be appropriate in this context, because the information exchanged are not only texts but also images, URLs, and videos. We focus on the social aspects of theses networks. That is, the links between users that are generated dynamically intentionally or unintentionally through replies, mentions, and retweets. We propose a probability model of the mentioning behaviour of a social network user, and propose to detect the emergence of a new topic from the anomaly measured through the model. We combine the proposed mention anomaly score with a recently proposed change-point detection technique based on the Sequentially Discounting Normalized Maximum Likelihood (SDNML), or with Kleinberg's burst model. Aggregating anomaly scores from hundreds of users, we show that we can detect emerging topics only based on the reply/mention relationships in social net...

  9. On Anomalies in Annotation Systems

    CERN Document Server

    Brust, Matthias R

    2007-01-01

    Today's computer-based annotation systems implement a wide range of functionalities that often go beyond those available in traditional paper-and-pencil annotations. Conceptually, annotation systems are based on thoroughly investigated psycho-sociological and pedagogical learning theories. They offer a huge diversity of annotation types that can be placed in textual as well as in multimedia format. Additionally, annotations can be published or shared with a group of interested parties via well-organized repositories. Although highly sophisticated annotation systems exist both conceptually as well as technologically, we still observe that their acceptance is somewhat limited. In this paper, we argue that nowadays annotation systems suffer from several fundamental problems that are inherent in the traditional paper-and-pencil annotation paradigm. As a solution, we propose to shift the annotation paradigm for the implementation of annotation system.

  10. Table of hyperfine anomaly in atomic systems

    OpenAIRE

    Persson, Jonas R.

    2011-01-01

    This table is a compilation of experimental values of magnetic hyperfine anomaly in atomic and ionic systems. The last extensive compilation was published in 1984 by Buttgenbach (Hyperfine Interactions 20, (1984) p 1) and the aim here is to make an up to date compilation. The literature search covers the period to January 2011.

  11. Visual analytics of anomaly detection in large data streams

    Science.gov (United States)

    Hao, Ming C.; Dayal, Umeshwar; Keim, Daniel A.; Sharma, Ratnesh K.; Mehta, Abhay

    2009-01-01

    Most data streams usually are multi-dimensional, high-speed, and contain massive volumes of continuous information. They are seen in daily applications, such as telephone calls, retail sales, data center performance, and oil production operations. Many analysts want insight into the behavior of this data. They want to catch the exceptions in flight to reveal the causes of the anomalies and to take immediate action. To guide the user in finding the anomalies in the large data stream quickly, we derive a new automated neighborhood threshold marking technique, called AnomalyMarker. This technique is built on cell-based data streams and user-defined thresholds. We extend the scope of the data points around the threshold to include the surrounding areas. The idea is to define a focus area (marked area) which enables users to (1) visually group the interesting data points related to the anomalies (i.e., problems that occur persistently or occasionally) for observing their behavior; (2) discover the factors related to the anomaly by visualizing the correlations between the problem attribute with the attributes of the nearby data items from the entire multi-dimensional data stream. Mining results are quickly presented in graphical representations (i.e., tooltip) for the user to zoom into the problem regions. Different algorithms are introduced which try to optimize the size and extent of the anomaly markers. We have successfully applied this technique to detect data stream anomalies in large real-world enterprise server performance and data center energy management.

  12. Effective Sensor Selection and Data Anomaly Detection for Condition Monitoring of Aircraft Engines.

    Science.gov (United States)

    Liu, Liansheng; Liu, Datong; Zhang, Yujie; Peng, Yu

    2016-01-01

    In a complex system, condition monitoring (CM) can collect the system working status. The condition is mainly sensed by the pre-deployed sensors in/on the system. Most existing works study how to utilize the condition information to predict the upcoming anomalies, faults, or failures. There is also some research which focuses on the faults or anomalies of the sensing element (i.e., sensor) to enhance the system reliability. However, existing approaches ignore the correlation between sensor selecting strategy and data anomaly detection, which can also improve the system reliability. To address this issue, we study a new scheme which includes sensor selection strategy and data anomaly detection by utilizing information theory and Gaussian Process Regression (GPR). The sensors that are more appropriate for the system CM are first selected. Then, mutual information is utilized to weight the correlation among different sensors. The anomaly detection is carried out by using the correlation of sensor data. The sensor data sets that are utilized to carry out the evaluation are provided by National Aeronautics and Space Administration (NASA) Ames Research Center and have been used as Prognostics and Health Management (PHM) challenge data in 2008. By comparing the two different sensor selection strategies, the effectiveness of selection method on data anomaly detection is proved. PMID:27136561

  13. Effective Sensor Selection and Data Anomaly Detection for Condition Monitoring of Aircraft Engines.

    Science.gov (United States)

    Liu, Liansheng; Liu, Datong; Zhang, Yujie; Peng, Yu

    2016-04-29

    In a complex system, condition monitoring (CM) can collect the system working status. The condition is mainly sensed by the pre-deployed sensors in/on the system. Most existing works study how to utilize the condition information to predict the upcoming anomalies, faults, or failures. There is also some research which focuses on the faults or anomalies of the sensing element (i.e., sensor) to enhance the system reliability. However, existing approaches ignore the correlation between sensor selecting strategy and data anomaly detection, which can also improve the system reliability. To address this issue, we study a new scheme which includes sensor selection strategy and data anomaly detection by utilizing information theory and Gaussian Process Regression (GPR). The sensors that are more appropriate for the system CM are first selected. Then, mutual information is utilized to weight the correlation among different sensors. The anomaly detection is carried out by using the correlation of sensor data. The sensor data sets that are utilized to carry out the evaluation are provided by National Aeronautics and Space Administration (NASA) Ames Research Center and have been used as Prognostics and Health Management (PHM) challenge data in 2008. By comparing the two different sensor selection strategies, the effectiveness of selection method on data anomaly detection is proved.

  14. Effective Sensor Selection and Data Anomaly Detection for Condition Monitoring of Aircraft Engines

    Directory of Open Access Journals (Sweden)

    Liansheng Liu

    2016-04-01

    Full Text Available In a complex system, condition monitoring (CM can collect the system working status. The condition is mainly sensed by the pre-deployed sensors in/on the system. Most existing works study how to utilize the condition information to predict the upcoming anomalies, faults, or failures. There is also some research which focuses on the faults or anomalies of the sensing element (i.e., sensor to enhance the system reliability. However, existing approaches ignore the correlation between sensor selecting strategy and data anomaly detection, which can also improve the system reliability. To address this issue, we study a new scheme which includes sensor selection strategy and data anomaly detection by utilizing information theory and Gaussian Process Regression (GPR. The sensors that are more appropriate for the system CM are first selected. Then, mutual information is utilized to weight the correlation among different sensors. The anomaly detection is carried out by using the correlation of sensor data. The sensor data sets that are utilized to carry out the evaluation are provided by National Aeronautics and Space Administration (NASA Ames Research Center and have been used as Prognostics and Health Management (PHM challenge data in 2008. By comparing the two different sensor selection strategies, the effectiveness of selection method on data anomaly detection is proved.

  15. Anomaly Detection In Additively Manufactured Parts Using Laser Doppler Vibrometery

    Energy Technology Data Exchange (ETDEWEB)

    Hernandez, Carlos A. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

    2015-09-29

    Additively manufactured parts are susceptible to non-uniform structure caused by the unique manufacturing process. This can lead to structural weakness or catastrophic failure. Using laser Doppler vibrometry and frequency response analysis, non-contact detection of anomalies in additively manufactured parts may be possible. Preliminary tests show promise for small scale detection, but more future work is necessary.

  16. Anomalies.

    Science.gov (United States)

    Online-Offline, 1999

    1999-01-01

    This theme issue on anomalies includes Web sites, CD-ROMs and software, videos, books, and additional resources for elementary and junior high school students. Pertinent activities are suggested, and sidebars discuss UFOs, animal anomalies, and anomalies from nature; and resources covering unexplained phenonmenas like crop circles, Easter Island,…

  17. Improved Principal Component Analysis for Anomaly Detection: Application to an Emergency Department

    KAUST Repository

    Harrou, Fouzi

    2015-07-03

    Monitoring of production systems, such as those in hospitals, is primordial for ensuring the best management and maintenance desired product quality. Detection of emergent abnormalities allows preemptive actions that can prevent more serious consequences. Principal component analysis (PCA)-based anomaly-detection approach has been used successfully for monitoring systems with highly correlated variables. However, conventional PCA-based detection indices, such as the Hotelling’s T2T2 and the Q statistics, are ill suited to detect small abnormalities because they use only information from the most recent observations. Other multivariate statistical metrics, such as the multivariate cumulative sum (MCUSUM) control scheme, are more suitable for detection small anomalies. In this paper, a generic anomaly detection scheme based on PCA is proposed to monitor demands to an emergency department. In such a framework, the MCUSUM control chart is applied to the uncorrelated residuals obtained from the PCA model. The proposed PCA-based MCUSUM anomaly detection strategy is successfully applied to the practical data collected from the database of the pediatric emergency department in the Lille Regional Hospital Centre, France. The detection results evidence that the proposed method is more effective than the conventional PCA-based anomaly-detection methods.

  18. Near-Real Time Anomaly Detection for Scientific Sensor Data

    Science.gov (United States)

    Gallegos, I.; Gates, A.; Tweedie, C. E.; goswami, S.; Jaimes, A.; Gamon, J. A.

    2011-12-01

    Environmental scientists use advanced sensor technology such as meteorological towers, wireless sensor networks and robotic trams equipped with sensors to perform data collection at remote research sites. Because the amount of environmental sensor data acquired in real time by such instruments is increasing, both the ability to evaluate the accuracy of the data at near-real time and check that the instrumentation is operating correctly are critical in order to not lose valuable time and information. The goal of the research is to define a software engineering-based solution that provides the foundation to define reusable templates for formally specifying data properties and automatically generate programming code that can monitor data streams to identify anomalies at near real-time. The research effort has resulted in a data property categorization that is based on a literature survey of 15 projects that collected environmental data from sensors and a case study conducted in the Arctic. More than 500 published data properties were manually extracted and analyzed from the surveyed projects. The data property categorization revealed recurrent data patterns. Using these patterns and the Specification and Pattern System (SPS) from the software-engineering community as a model, we developed the Data Specification and Pattern System (D-SPS) to capture data properties. D-SPS is the foundation for the Data Property Specification (DaProS) prototype tool that assists scientists in specification of sensor data properties. A series of experiments have been conducted in collaboration with experts working with Eddy covariance (EC) data from the Jornada Basin Experimental Range (JER) and with hyper-spectral data collected using robotic tram systems from the Arctic. The goal of the experiments were to determine if the approach for specifying data properties is effective for specifying data properties and identifying anomalies in sensor data. A complementary Sensor Data

  19. On-line intermittent connector anomaly detection

    Data.gov (United States)

    National Aeronautics and Space Administration — This paper investigates a non-traditional use of differential current sensor and current sensor to detect intermittent disconnection problems in connectors. An...

  20. Novel anomaly detection approach for telecommunication network proactive performance monitoring

    Institute of Scientific and Technical Information of China (English)

    Yanhua YU; Jun WANG; Xiaosu ZHAN; Junde SONG

    2009-01-01

    The mode of telecommunication network management is changing from "network oriented" to "subscriber oriented". Aimed at enhancing subscribers'feeling, proactive performance monitoring (PPM) can enable a fast fault correction by detecting anomalies designating performance degradation. In this paper, a novel anomaly detection approach is the proposed taking advantage of time series prediction and the associated confidence interval based on multiplicative autoregressive integrated moving average (ARIMA). Furthermore, under the assumption that the training residual is a white noise process following a normal distribution, the associated confidence interval of prediction can be figured out under any given confidence degree 1-α by constructing random variables satisfying t distribution. Experimental results verify the method's effectiveness.

  1. Handling Web and Database Requests Using Fuzzy Rules for Anomaly Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Selvamani Kadirvelu

    2011-01-01

    Full Text Available Problem statement: It is necessary to propose suitable detection and prevention mechanisms to provide security for the information contents used by the web application. Many prevention mechanisms which are currently available are not able to classify anomalous, random and normal request. This leads to the problem of false positives which is classifying a normal request as anomalous and denying access to information. Approach: In this study, we propose an anomaly detection system which will act as a Web based anomaly detector called intelligent SQL Anomaly detector and it uses decision tree algorithm and a feedback mechanism for effective classification. Results: This newly proposed and implemented technique has higher probability for reducing false positives which are the drawbacks in the earlier systems. Hence, our system proves that it detects all anomalies and shows better results when compared with the existing system. Conclusion: A refreshing technique to improve the detection rate of web-based intrusion detection systems by serially framing a web request anomaly detector using fuzzy rules has been proposed and implemented and this system proves to be more efficient then the existing earlier system when compared with the obtained results.

  2. DYNAMIC NETWORK ANOMALY INTRUSION DETECTION USING MODIFIED SOM

    Directory of Open Access Journals (Sweden)

    Aneetha.A.S

    2012-05-01

    Full Text Available Detection of unexpected and emerging new threats has become a necessity for secured internet communication with absolute data confidentiality, integrity and availability. Design and development of such a detection system shall not only be new, accurate and fast but also effective in a dynamic environment encompassing the surrounding network. In this paper, an algorithm is proposed for anomaly detection through modifying the Self – Organizing Map (SOM, by including new neighbourhood updating rules and learning rate dynamically in order to overcome the fixed architecture and random weight vector assignment. The algorithm initially starts with null network and grows with the original data space as initial weight vectors. New nodes are created using distance threshold parameter and their neighbourhood is identified using connection strength. Employing learning rule, the weight vector updation is carried out for neighbourhood nodes. Performance of the new algorithm is evaluated for using standard bench mark dataset. The result is compared with other neural network methods, shows 98% detection rate and 2% false alarm rate.

  3. Anomaly detection for machine learning redshifts applied to SDSS galaxies

    CERN Document Server

    Hoyle, Ben; Paech, Kerstin; Bonnett, Christopher; Seitz, Stella; Weller, Jochen

    2015-01-01

    We present an analysis of anomaly detection for machine learning redshift estimation. Anomaly detection allows the removal of poor training examples, which can adversely influence redshift estimates. Anomalous training examples may be photometric galaxies with incorrect spectroscopic redshifts, or galaxies with one or more poorly measured photometric quantity. We select 2.5 million 'clean' SDSS DR12 galaxies with reliable spectroscopic redshifts, and 6730 'anomalous' galaxies with spectroscopic redshift measurements which are flagged as unreliable. We contaminate the clean base galaxy sample with galaxies with unreliable redshifts and attempt to recover the contaminating galaxies using the Elliptical Envelope technique. We then train four machine learning architectures for redshift analysis on both the contaminated sample and on the preprocessed 'anomaly-removed' sample and measure redshift statistics on a clean validation sample generated without any preprocessing. We find an improvement on all measured stat...

  4. Software Tool Support to Specify and Verify Scientific Sensor Data Properties to Improve Anomaly Detection

    Science.gov (United States)

    Gallegos, I.; Gates, A. Q.; Tweedie, C.; Cybershare

    2010-12-01

    Advancements in scientific sensor data acquisition technologies, such as wireless sensor networks and robotic trams equipped with sensors, are increasing the amount of data being collected at field sites . This elevates the challenges of verifying the quality of streamed data and monitoring the correct operation of the instrumentation. Without the ability to evaluate the data collection process at near real-time, scientists can lose valuable time and data. In addition, scientists have to rely on their knowledge and experience in the field to evaluate data quality. Such knowledge is rarely shared or reused by other scientists mostly because of the lack of a well-defined methodology and tool support. Numerous scientific projects address anomaly detection, mostly as part of the verification system’s source code; however, anomaly detection properties, which often are embedded or hard-coded in the source code, are difficult to refine. In addition, a software developer is required to modify the source code every time a new anomaly detection property or a modification to an existing property is needed. This poster describes the tool support that has been developed, based on software engineering techniques, to address these challenges. The overall tool support allows scientists to specify and reuse anomaly detection properties generated using the specification tool and to use the specified properties to conduct automated anomaly detection at near-real time. The anomaly-detection mechanism is independent of the system used to collect the sensor data. With guidance provided by a classification and categorization of anomaly-detection properties, the user specifies properties on scientific sensor data. The properties, which can be associated with particular field sites or instrumentation, document knowledge about data anomalies that otherwise would have limited availability to the scientific community.

  5. The use of Compton scattering in detecting anomaly in soil-possible use in pyromaterial detection

    Science.gov (United States)

    Abedin, Ahmad Firdaus Zainal; Ibrahim, Noorddin; Zabidi, Noriza Ahmad; Demon, Siti Zulaikha Ngah

    2016-01-01

    The Compton scattering is able to determine the signature of land mine detection based on dependency of density anomaly and energy change of scattered photons. In this study, 4.43 MeV gamma of the Am-Be source was used to perform Compton scattering. Two detectors were placed between source with distance of 8 cm and radius of 1.9 cm. Detectors of thallium-doped sodium iodide NaI(TI) was used for detecting gamma ray. There are 9 anomalies used in this simulation. The physical of anomaly is in cylinder form with radius of 10 cm and 8.9 cm height. The anomaly is buried 5 cm deep in the bed soil measured 80 cm radius and 53.5 cm height. Monte Carlo methods indicated the scattering of photons is directly proportional to density of anomalies. The difference between detector response with anomaly and without anomaly namely contrast ratio values are in a linear relationship with density of anomalies. Anomalies of air, wood and water give positive contrast ratio values whereas explosive, sand, concrete, graphite, limestone and polyethylene give negative contrast ratio values. Overall, the contrast ratio values are greater than 2 % for all anomalies. The strong contrast ratios result a good detection capability and distinction between anomalies.

  6. The use of Compton scattering in detecting anomaly in soil-possible use in pyromaterial detection

    Energy Technology Data Exchange (ETDEWEB)

    Abedin, Ahmad Firdaus Zainal; Ibrahim, Noorddin [Department of Defence Science, Universiti Pertahanan Nasional Malaysia, Kem Sungai Besi, Kuala Lumpur 57000 (Malaysia); Zabidi, Noriza Ahmad; Demon, Siti Zulaikha Ngah [Centre for Foundation Studies, Universiti Pertahanan Nasional Malaysia, Kem Sungai Besi, Kuala Lumpur 57000 (Malaysia)

    2016-01-22

    The Compton scattering is able to determine the signature of land mine detection based on dependency of density anomaly and energy change of scattered photons. In this study, 4.43 MeV gamma of the Am-Be source was used to perform Compton scattering. Two detectors were placed between source with distance of 8 cm and radius of 1.9 cm. Detectors of thallium-doped sodium iodide NaI(TI) was used for detecting gamma ray. There are 9 anomalies used in this simulation. The physical of anomaly is in cylinder form with radius of 10 cm and 8.9 cm height. The anomaly is buried 5 cm deep in the bed soil measured 80 cm radius and 53.5 cm height. Monte Carlo methods indicated the scattering of photons is directly proportional to density of anomalies. The difference between detector response with anomaly and without anomaly namely contrast ratio values are in a linear relationship with density of anomalies. Anomalies of air, wood and water give positive contrast ratio values whereas explosive, sand, concrete, graphite, limestone and polyethylene give negative contrast ratio values. Overall, the contrast ratio values are greater than 2 % for all anomalies. The strong contrast ratios result a good detection capability and distinction between anomalies.

  7. FLEAD: online frequency likelihood estimation anomaly detection for mobile sensing

    NARCIS (Netherlands)

    Le, Viet-Duc; Scholten, Hans; Havinga, Paul

    2013-01-01

    With the rise of smartphone platforms, adaptive sensing becomes an predominant key to overcome intricate constraints such as smartphone's capabilities and dynamic data. One way to do this is estimating the event probability based on anomaly detection to invoke heavy processes, such as switching on m

  8. Anomaly Detection and Degradation Prediction of MOSFET

    OpenAIRE

    Li-Feng Wu; Yong Guan; Xiao-Juan Li; Jie Ma

    2015-01-01

    The MOSFET is an important power electronic transistor widely used in electrical systems. Its reliability has an effect on the performance of systems. In this paper, the failure models and mechanisms of MOSFETs are briefly analyzed. The on-resistance Ron is the key failure precursor parameter representing the degree of degradation. Based on the experimental data, a nonlinear dual-exponential degradation model for MOSFETs is obtained. Then, we present an approach for MOSFET degradation state p...

  9. SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013

    Energy Technology Data Exchange (ETDEWEB)

    Gordon Rueff; Lyle Roybal; Denis Vollmer

    2013-01-01

    There is a significant need to protect the nation’s energy infrastructures from malicious actors using cyber methods. Supervisory, Control, and Data Acquisition (SCADA) systems may be vulnerable due to the insufficient security implemented during the design and deployment of these control systems. This is particularly true in older legacy SCADA systems that are still commonly in use. The purpose of INL’s research on the SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) project was to determine if and how data compression techniques could be used to identify and protect SCADA systems from cyber attacks. Initially, the concept was centered on how to train a compression algorithm to recognize normal control system traffic versus hostile network traffic. Because large portions of the TCP/IP message traffic (called packets) are repetitive, the concept of using compression techniques to differentiate “non-normal” traffic was proposed. In this manner, malicious SCADA traffic could be identified at the packet level prior to completing its payload. Previous research has shown that SCADA network traffic has traits desirable for compression analysis. This work investigated three different approaches to identify malicious SCADA network traffic using compression techniques. The preliminary analyses and results presented herein are clearly able to differentiate normal from malicious network traffic at the packet level at a very high confidence level for the conditions tested. Additionally, the master dictionary approach used in this research appears to initially provide a meaningful way to categorize and compare packets within a communication channel.

  10. SYSTEMS OF REMOVING NETWORK ANOMALIES AND METHODS OF CREATION THEIR ARCHITECTURE

    Directory of Open Access Journals (Sweden)

    Kucher V. A.

    2015-06-01

    Full Text Available Different stages of designing architecture of detection systems and opposition to network anomalies are analyzed in this article. It is pointed that common classification can be to determine state of network: “normal”, “critical”, “faulted”. Bases for building architecture of detection and removing anomalies are offered

  11. Limitations of Aneuploidy and Anomaly Detection in the Obese Patient

    Directory of Open Access Journals (Sweden)

    Paula Zozzaro-Smith

    2014-07-01

    Full Text Available Obesity is a worldwide epidemic and can have a profound effect on pregnancy risks. Obese patients tend to be older and are at increased risk for structural fetal anomalies and aneuploidy, making screening options critically important for these women. Failure rates for first-trimester nuchal translucency (NT screening increase with obesity, while the ability to detect soft-markers declines, limiting ultrasound-based screening options. Obesity also decreases the chances of completing the anatomy survey and increases the residual risk of undetected anomalies. Additionally, non-invasive prenatal testing (NIPT is less likely to provide an informative result in obese patients. Understanding the limitations and diagnostic accuracy of aneuploidy and anomaly screening in obese patients can help guide clinicians in counseling patients on the screening options.

  12. Immunity Based Worm Detection System

    Institute of Scientific and Technical Information of China (English)

    HONG Zheng; WU Li-fa; WANG Yuan-yuan

    2007-01-01

    Current worm detection methods are unable to detect multi-vector polymorphic worms effectively.Based on negative selection mechanism of the immune system,a local network worm detection system that detects worms was proposed.Normal network service requests were represented by self-strings,and the detection system used self-strings to monitor the network for anomaly.According to the properties of worm propagation,a control center correlated the anomalies detected in the form of binary trees to ensure the accuracy of worm detection.Experiments show the system to be effective in detecting the traditional as well as multi-vector polymorphic worms.

  13. A new data normalization method for unsupervised anomaly intrusion detection

    Institute of Scientific and Technical Information of China (English)

    Long-zheng CAI; Jian CHEN; Yun KE; Tao CHEN; Zhi-gang LI

    2010-01-01

    Unsupervised anomaly detection can detect attacks without the need for clean or labeled training data.This paper studies the application of clustering to unsupervised anomaly detection(ACUAD).Data records are mapped to a feature space.Anomalies are detected by determining which points lie in the sparse regions of the feature space.A critical element for this method to be effective is the definition of the distance function between data records.We propose a unified normalization distance framework for records with numeric and nominal features mixed data.A heuristic method that computes the distance for nominal features is proposed,taking advantage of an important characteristic of nominal features-their probability distribution.Then,robust methods are proposed for mapping numeric features and computing their distance,these being able to tolerate the impact of the value difference in scale and diversification among features,and outliers introduced by intrusions.Empirical experiments with the KDD 1999 dataset showed that ACUAD can detect intrusions with relatively low false alarm rates compared with other approaches.

  14. Stochastic pattern recognition techniques and artificial intelligence for nuclear power plant surveillance and anomaly detection

    International Nuclear Information System (INIS)

    In this paper a theoretical and system conceptual model is outlined for the instrumentation, core assessment and surveillance and anomaly detection of a nuclear power plant. The system specified is based on the statistical on-line analysis of optimally placed instrumentation sensed fluctuating signals in terms of such variates as coherence, correlation function, zero-crossing and spectral density

  15. Towards Periodicity Based Anomaly Detection in SCADA Networks

    OpenAIRE

    Barbosa, Rafael Ramos Regis; Sadre, Ramin; Pras, Aiko

    2012-01-01

    Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities. The polling mechanism used to retrieve data from field devices causes the data transmission to be highly periodic. In this paper, we propose an approach that exploits traffic periodicity to detect traffic anomalies, which represent potential intrusion attempts. We present a proof of concept to show the feasibility of our approach.

  16. Deep Structured Energy Based Models for Anomaly Detection

    OpenAIRE

    Zhai, Shuangfei; Cheng, Yu; Lu, Weining; Zhang, Zhongfei

    2016-01-01

    In this paper, we attack the anomaly detection problem by directly modeling the data distribution with deep architectures. We propose deep structured energy based models (DSEBMs), where the energy function is the output of a deterministic deep neural network with structure. We develop novel model architectures to integrate EBMs with different types of data such as static data, sequential data, and spatial data, and apply appropriate model architectures to adapt to the data structure. Our trai...

  17. Detecting Anomaly in Traffic Flow from Road Similarity Analysis

    KAUST Repository

    Liu, Xinran

    2016-06-02

    Taxies equipped with GPS devices are considered as 24-hour moving sensors widely distributed in urban road networks. Plenty of accurate and realtime trajectories of taxi are recorded by GPS devices and are commonly studied for understanding traffic dynamics. This paper focuses on anomaly detection in traffic volume, especially the non-recurrent traffic anomaly caused by unexpected or transient incidents, such as traffic accidents, celebrations and disasters. It is important to detect such sharp changes of traffic status for sensing abnormal events and planning their impact on the smooth volume of traffic. Unlike existing anomaly detection approaches that mainly monitor the derivation of current traffic status from history in the past, the proposed method in this paper evaluates the abnormal score of traffic on one road by comparing its current traffic volume with not only its historical data but also its neighbors. We define the neighbors as the roads that are close in sense of both geo-location and traffic patterns, which are extracted by matrix factorization. The evaluation results on trajectories data of 12,286 taxies over four weeks in Beijing show that our approach outperforms other baseline methods with higher precision and recall.

  18. Real-time anomaly detection in full motion video

    Science.gov (United States)

    Konowicz, Glenn; Li, Jiang

    2012-06-01

    Improvement in sensor technology such as charge-coupled devices (CCD) as well as constant incremental improvements in storage space has enabled the recording and storage of video more prevalent and lower cost than ever before. However, the improvements in the ability to capture and store a wide array of video have required additional manpower to translate these raw data sources into useful information. We propose an algorithm for automatically detecting anomalous movement patterns within full motion video thus reducing the amount of human intervention required to make use of these new data sources. The proposed algorithm tracks all of the objects within a video sequence and attempts to cluster each object's trajectory into a database of existing trajectories. Objects are tracked by first differentiating them from a Gaussian background model and then tracked over subsequent frames based on a combination of size and color. Once an object is tracked over several frames, its trajectory is calculated and compared with other trajectories earlier in the video sequence. Anomalous trajectories are differentiated by their failure to cluster with other well-known movement patterns. Adding the proposed algorithm to an existing surveillance system could increase the likelihood of identifying an anomaly and allow for more efficient collection of intelligence data. Additionally, by operating in real-time, our algorithm allows for the reallocation of sensing equipment to those areas most likely to contain movement that is valuable for situational awareness.

  19. An ECG T-wave Anomalies Detection Using a Lightweight Classification Model for Wireless Body Sensors

    OpenAIRE

    Hadjem, Medina; Naït-Abdesselam, Farid

    2015-01-01

    International audience Various wearable devices are foreseen to be the key components in the future for vital signs monitoring as they offer a non-invasive, remote and real-time medical monitoring means. Among those, Wireless Body Sensors (WBS) for cardiac monitoring are of prominent help to early detect cardioVascular Diseases (CVD) by analyzing 24/24 and 7/7 collected cardiac data. Today, most of these WBS systems for CVD detection, includeonly limited automatic anomalies detection, part...

  20. Modular Approach for Expert System toward Anomaly: N-Layers

    OpenAIRE

    Pardo, Etienne; Espes, David; Le Parc, Philippe

    2016-01-01

    International audience —Smart cities and smart homes are booming fields of development of pervasive systems. With the high stakes these systems have to manage, and their sheer complexity, anomalies have to be considered. In these complex systems are many connected components with computing capacities. They can manage anomalies, even if partially, and can act as some kind of expert systems. These expert systems can be relied upon to provide anomaly management. The complexity to manage gener...

  1. Cluster Based Cost Efficient Intrusion Detection System For Manet

    OpenAIRE

    Kumarasamy, Saravanan; B, Hemalatha; P, Hashini

    2013-01-01

    Mobile ad-hoc networks are temporary wireless networks. Network resources are abnormally consumed by intruders. Anomaly and signature based techniques are used for intrusion detection. Classification techniques are used in anomaly based techniques. Intrusion detection techniques are used for the network attack detection process. Two types of intrusion detection systems are available. They are anomaly detection and signature based detection model. The anomaly detection model uses the historica...

  2. Anomaly depth detection in trans-admittance mammography: a formula independent of anomaly size or admittivity contrast

    International Nuclear Information System (INIS)

    Trans-admittance mammography (TAM) is a bioimpedance technique for breast cancer detection. It is based on the comparison of tissue conductivity: cancerous tissue is identified by its higher conductivity in comparison with the surrounding normal tissue. In TAM, the breast is compressed between two electrical plates (in a similar architecture to x-ray mammography). The bottom plate has many sensing point electrodes that provide two-dimensional images (trans-admittance maps) that are induced by voltage differences between the two plates. Multi-frequency admittance data (Neumann data) are measured over the range 50 Hz–500 kHz. TAM aims to determine the location and size of any anomaly from the multi-frequency admittance data. Various anomaly detection algorithms can be used to process TAM data to determine the transverse positions of anomalies. However, existing methods cannot reliably determine the depth or size of an anomaly. Breast cancer detection using TAM would be improved if the depth or size of an anomaly could also be estimated, properties that are independent of the admittivity contrast. A formula is proposed here that can estimate the depth of an anomaly independent of its size and the admittivity contrast. This depth estimation can also be used to derive an estimation of the size of the anomaly. The proposed estimations are verified rigorously under a simplified model. Numerical simulation shows that the proposed method also works well in general settings. (paper)

  3. A self-adaptive negative selection algorithm used for anomaly detection

    Institute of Scientific and Technical Information of China (English)

    Jinquan Zeng; Xiaojie Liu; Tao Li; Caiming Liu; Lingxi Peng; Feixian Sun

    2009-01-01

    A novel negative selection algorithm (NSA), which is referred to as ANSA, is presented. In many actual anomaly detection systems, the training data are just partially composed of the normal elements, and the seif/nonself space often varies over time. Therefore, anom-aly detection system has to build the profile of the system based on a part of self elements and adjust itself to adapt those variables. However, previous NSAs need a large number of self elements to build the profile of the system, and lack adaptability. In order to over-come these limitations, the proposed approach uses a novel technique to adjust the self radius and evolve the nonself-covering detectors to build an appropriate profile of the system. To determine the performance of the approach, the experiments with the well-known data-set were performed. Results exhibited that our proposed approach outperforms the previous techniques.

  4. Detecting errors and anomalies in computerized materials control and accountability databases

    Energy Technology Data Exchange (ETDEWEB)

    Whiteson, R.; Hench, K.; Yarbro, T. [Los Alamos National Lab., NM (United States); Baumgart, C. [Dept. of Energy, Albuquerque, NM (United States). Kansas City Plant

    1998-12-31

    The Automated MC and A Database Assessment project is aimed at improving anomaly and error detection in materials control and accountability (MC and A) databases and increasing confidence in the data that they contain. Anomalous data resulting in poor categorization of nuclear material inventories greatly reduces the value of the database information to users. Therefore it is essential that MC and A data be assessed periodically for anomalies or errors. Anomaly detection can identify errors in databases and thus provide assurance of the integrity of data. An expert system has been developed at Los Alamos National Laboratory that examines these large databases for anomalous or erroneous data. For several years, MC and A subject matter experts at Los Alamos have been using this automated system to examine the large amounts of accountability data that the Los Alamos Plutonium Facility generates. These data are collected and managed by the Material Accountability and Safeguards System, a near-real-time computerized nuclear material accountability and safeguards system. This year they have expanded the user base, customizing the anomaly detector for the varying requirements of different groups of users. This paper describes the progress in customizing the expert systems to the needs of the users of the data and reports on their results.

  5. Gravitational Anomalies in the Solar System?

    CERN Document Server

    Iorio, Lorenzo

    2014-01-01

    Mindful of the anomalous perihelion precession of Mercury discovered by U. Le Verrier in the second half of the nineteenth century and its successful explanation by A. Einstein with his General Theory of Relativity in the early years of the twentieth century, discrepancies among observed effects in our Solar system and their theoretical predictions on the basis of the currently accepted laws of gravitation applied to known bodies have the potential of paving the way for remarkable advances in fundamental physics. This is particularly important now more than ever, given that most of the Universe seems to be made of unknown substances dubbed Dark Matter and Dark Energy. Should this not be directly the case, Solar system's anomalies could anyhow lead to advancements in cumulative science, as shown to us by the discovery of Neptune in the first half of the nineteenth century. Moreover, investigations in one of such directions can serendipitously enrich the other one as well. The current status of some alleged gra...

  6. Structural Anomaly Detection Using Fiber Optic Sensors and Inverse Finite Element Method

    Science.gov (United States)

    Quach, Cuong C.; Vazquez, Sixto L.; Tessler, Alex; Moore, Jason P.; Cooper, Eric G.; Spangler, Jan. L.

    2005-01-01

    NASA Langley Research Center is investigating a variety of techniques for mitigating aircraft accidents due to structural component failure. One technique under consideration combines distributed fiber optic strain sensing with an inverse finite element method for detecting and characterizing structural anomalies anomalies that may provide early indication of airframe structure degradation. The technique identifies structural anomalies that result in observable changes in localized strain but do not impact the overall surface shape. Surface shape information is provided by an Inverse Finite Element Method that computes full-field displacements and internal loads using strain data from in-situ fiberoptic sensors. This paper describes a prototype of such a system and reports results from a series of laboratory tests conducted on a test coupon subjected to increasing levels of damage.

  7. Anomaly Event Detection Method Based on Compressive Sensing and Iteration in Wireless Sensor Networks

    OpenAIRE

    Shihua Cao; Qihui Wang; Yaping Yuan; Junyang Yu

    2014-01-01

    Anomaly event detection is one of the research hotspots in wireless sensor networks. Aiming at the disadvantages of current detection solutions, a novel anomaly event detection algorithm based on compressed sensing and iteration is proposed. Firstly, a measured value can be sensed in each node, based on the compressed sensing. Then the problem of anomaly event detection is modeled as the minimization problem of weighted l1 norm, and OMP algorithm is adopted for solving the problem iteratively...

  8. Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM

    Science.gov (United States)

    Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Kwon, Yongjin

    Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it is unable to detect unknown attacks, i.e., 0-day attacks, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack by an automated manner. Over the past few years, several studies on solving these problems have been made on anomaly detection using unsupervised learning techniques such as clustering, one-class support vector machine (SVM), etc. Although they enable one to construct intrusion detection models at low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we propose a new anomaly detection method based on clustering and multiple one-class SVM in order to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that our approach outperforms the existing algorithms reported in the literature; especially in detection of unknown attacks.

  9. Support vector machines for TEC seismo-ionospheric anomalies detection

    Directory of Open Access Journals (Sweden)

    M. Akhoondzadeh

    2013-02-01

    Full Text Available Using time series prediction methods, it is possible to pursue the behaviors of earthquake precursors in the future and to announce early warnings when the differences between the predicted value and the observed value exceed the predefined threshold value. Support Vector Machines (SVMs are widely used due to their many advantages for classification and regression tasks. This study is concerned with investigating the Total Electron Content (TEC time series by using a SVM to detect seismo-ionospheric anomalous variations induced by the three powerful earthquakes of Tohoku (11 March 2011, Haiti (12 January 2010 and Samoa (29 September 2009. The duration of TEC time series dataset is 49, 46 and 71 days, for Tohoku, Haiti and Samoa earthquakes, respectively, with each at time resolution of 2 h. In the case of Tohoku earthquake, the results show that the difference between the predicted value obtained from the SVM method and the observed value reaches the maximum value (i.e., 129.31 TECU at earthquake time in a period of high geomagnetic activities. The SVM method detected a considerable number of anomalous occurrences 1 and 2 days prior to the Haiti earthquake and also 1 and 5 days before the Samoa earthquake in a period of low geomagnetic activities. In order to show that the method is acting sensibly with regard to the results extracted during nonevent and event TEC data, i.e., to perform some null-hypothesis tests in which the methods would also be calibrated, the same period of data from the previous year of the Samoa earthquake date has been taken into the account. Further to this, in this study, the detected TEC anomalies using the SVM method were compared to the previous results (Akhoondzadeh and Saradjian, 2011; Akhoondzadeh, 2012 obtained from the mean, median, wavelet and Kalman filter methods. The SVM detected anomalies are similar to those detected using the previous methods. It can be concluded that SVM can be a suitable learning method

  10. A Dynamic Approach for Anomaly Detection in AODV

    Directory of Open Access Journals (Sweden)

    P.Vigneshwaran

    2011-02-01

    Full Text Available Mobile ad hoc networks (MANETs are relatively vuln erable to malicious network attacks, and therefore, security is a more significant issue than infrastru cture-based wire-less networks. In MANETs, it is di fficult to identify malicious hosts as the topology of the network dynamically changes. A malicious host can e asily interrupt a route for which it is one of the formin g nodes in the communication path. Since the topolo gy of a MANET dynamically changes, the mere use of a stat ic baseline profile is not efficient. We proposed a new anomaly-detection scheme based on a dynamic learnin g process that allows the training data to be updat ed at particular time intervals. Our dynamic learning process involves calculating the projection distanc es based on multidimensional statistics using weighted coefficients and a forgetting curve.

  11. Extending TOPS: A Prototype MODIS Anomaly Detection Architecture

    Science.gov (United States)

    Votava, P.; Nemani, R. R.; Srivastava, A. N.

    2008-12-01

    The management and processing of Earth science data has been gaining importance over the last decade due to higher data volumes generated by a larger number of instruments, and due to the increase in complexity of Earth science models that use this data. The volume of data itself is often a limiting factor in obtaining the information needed by the scientists; without more sophisticated data volume reduction technologies, possible key information may not be discovered. We are especially interested in automatic identification of disturbances within the ecosystems (e,g, wildfires, droughts, floods, insect/pest damage, wind damage, logging), and focusing our analysis efforts on the identified areas. There are dozens of variables that define the health of our ecosystem and both long-term and short-term changes in these variables can serve as early indicators of natural disasters and shifts in climate and ecosystem health. These changes can have profound socio-economic impacts and we need to develop capabilities for identification, analysis and response to these changes in a timely manner. Because the ecosystem consists of a large number of variables, there can be a disturbance that is only apparent when we examine relationships among multiple variables despite the fact that none of them is by itself alarming. We have to be able to extract information from multiple sensors and observations and discover these underlying relationships. As the data volumes increase, there is also potential for large number of anomalies to "flood" the system, so we need to provide ability to automatically select the most likely ones and the most important ones and the ability to analyze the anomaly with minimal involvement of scientists. We describe a prototype architecture for anomaly driven data reduction for both near-real-time and archived surface reflectance data from the MODIS instrument collected over Central California and test it using Orca and One-Class Support Vector Machines

  12. Feasibility of anomaly detection and characterization using trans-admittance mammography with 60 × 60 electrode array

    Science.gov (United States)

    Zhao, Mingkang; Wi, Hun; Lee, Eun Jung; Woo, Eung Je; In Oh, Tong

    2014-10-01

    Electrical impedance imaging has the potential to detect an early stage of breast cancer due to higher admittivity values compared with those of normal breast tissues. The tumor size and extent of axillary lymph node involvement are important parameters to evaluate the breast cancer survival rate. Additionally, the anomaly characterization is required to distinguish a malignant tumor from a benign tumor. In order to overcome the limitation of breast cancer detection using impedance measurement probes, we developed the high density trans-admittance mammography (TAM) system with 60 × 60 electrode array and produced trans-admittance maps obtained at several frequency pairs. We applied the anomaly detection algorithm to the high density TAM system for estimating the volume and position of breast tumor. We tested four different sizes of anomaly with three different conductivity contrasts at four different depths. From multifrequency trans-admittance maps, we can readily observe the transversal position and estimate its volume and depth. Specially, the depth estimated values were obtained accurately, which were independent to the size and conductivity contrast when applying the new formula using Laplacian of trans-admittance map. The volume estimation was dependent on the conductivity contrast between anomaly and background in the breast phantom. We characterized two testing anomalies using frequency difference trans-admittance data to eliminate the dependency of anomaly position and size. We confirmed the anomaly detection and characterization algorithm with the high density TAM system on bovine breast tissue. Both results showed the feasibility of detecting the size and position of anomaly and tissue characterization for screening the breast cancer.

  13. Detection of motifs in anomalies from nuclear power plant data using data mining techniques

    International Nuclear Information System (INIS)

    Anomaly detection deals with the discovery of abnormal behaviour from the given data. In the recent times, there has been great research interest towards anomaly detection using data mining techniques. The reason being that in many real world applications, extraction of abnormalities is much more important than detection and analysis of normal behaviour. This is specifically significant in those applications wherein timely maintenance of anomalies is costly and very crucial to the application. In certain cases, it is also possible that there exist some pattern in the anomalies. In the present work, the focus is on detection of patterns in anomalies from Nuclear Power Plant (NPP) data. Further, an analysis has been done to identify the different types of patterns from the NPP data. These different types of patterns have been denoted as 'motifs' to signify the repetitive nature of various types of patterns in anomalies. Such analysis has been done for predictive maintenance in nuclear power plants. (author)

  14. Systematic review of central nervous system anomalies in incontinentia pigmenti

    Directory of Open Access Journals (Sweden)

    Minić Snežana

    2013-02-01

    Full Text Available Abstract The objective of this study was to present a systematic review of the central nervous system (CNS types of anomalies and to consider the possibility to include CNS anomalies in Incontinentia pigmenti (IP criteria. The analyzed literature data from 1,393 IP cases were from the period 1993–2012. CNS anomalies were diagnosed for 30.44% of the investigated IP patients. The total number of CNS types of anomalies per patient was 1.62. In the present study there was no significantly higher number of anomalies per patient in females than males. The most frequent CNS types of anomalies were seizures, motor impairment, mental retardation, and microcephaly. The most frequently registered CNS lesions found using brain imaging methods were brain infarcts or necrosis, brain atrophies, and corpus callosum lesions. IKBKG exon 4–10 deletion was present in 86.00% of genetically confirmed IP patients. The frequency of CNS anomalies, similar to the frequency of retinal anomalies in IP patients, concurrent with their severity, supports their recognition in the list of IP minor criteria.

  15. Diagnosis of Fetal Central Nervous System Anomalies by Ultrasonography

    Directory of Open Access Journals (Sweden)

    F. Tuncay Ozgunen

    2003-04-01

    Full Text Available During the last 30 years, one of the most important instruments in diagnosis is ultrasonograph. It has an indispensible place in obstetrics. Its it possible to evaluate normal fetal anatomy, to follow-up fetal growth and to diagnose fetal congenital anomalies by ultrasonography. Central nervous system anomalies is the one of the most commonly seen and the best time for screening is between 18- and 22-week of pregnancy. In this paper, it is presented the sonographic features of some outstanding Central Nervous System anomalies. [Archives Medical Review Journal 2003; 12(2.000: 77-89

  16. A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data

    Science.gov (United States)

    Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Inoue, Daisuke; Eto, Masashi; Nakao, Koji

    Intrusion Detection Systems (IDS) have been received considerable attention among the network security researchers as one of the most promising countermeasures to defend our crucial computer systems or networks against attackers on the Internet. Over the past few years, many machine learning techniques have been applied to IDSs so as to improve their performance and to construct them with low cost and effort. Especially, unsupervised anomaly detection techniques have a significant advantage in their capability to identify unforeseen attacks, i.e., 0-day attacks, and to build intrusion detection models without any labeled (i.e., pre-classified) training data in an automated manner. In this paper, we conduct a set of experiments to evaluate and analyze performance of the major unsupervised anomaly detection techniques using real traffic data which are obtained at our honeypots deployed inside and outside of the campus network of Kyoto University, and using various evaluation criteria, i.e., performance evaluation by similarity measurements and the size of training data, overall performance, detection ability for unknown attacks, and time complexity. Our experimental results give some practical and useful guidelines to IDS researchers and operators, so that they can acquire insight to apply these techniques to the area of intrusion detection, and devise more effective intrusion detection models.

  17. A new morphological anomaly detection algorithm for hyperspectral images and its GPU implementation

    Science.gov (United States)

    Paz, Abel; Plaza, Antonio

    2011-10-01

    Anomaly detection is considered a very important task for hyperspectral data exploitation. It is now routinely applied in many application domains, including defence and intelligence, public safety, precision agriculture, geology, or forestry. Many of these applications require timely responses for swift decisions which depend upon high computing performance of algorithm analysis. However, with the recent explosion in the amount and dimensionality of hyperspectral imagery, this problem calls for the incorporation of parallel computing techniques. In the past, clusters of computers have offered an attractive solution for fast anomaly detection in hyperspectral data sets already transmitted to Earth. However, these systems are expensive and difficult to adapt to on-board data processing scenarios, in which low-weight and low-power integrated components are essential to reduce mission payload and obtain analysis results in (near) real-time, i.e., at the same time as the data is collected by the sensor. An exciting new development in the field of commodity computing is the emergence of commodity graphics processing units (GPUs), which can now bridge the gap towards on-board processing of remotely sensed hyperspectral data. In this paper, we develop a new morphological algorithm for anomaly detection in hyperspectral images along with an efficient GPU implementation of the algorithm. The algorithm is implemented on latest-generation GPU architectures, and evaluated with regards to other anomaly detection algorithms using hyperspectral data collected by NASA's Airborne Visible Infra-Red Imaging Spectrometer (AVIRIS) over the World Trade Center (WTC) in New York, five days after the terrorist attacks that collapsed the two main towers in the WTC complex. The proposed GPU implementation achieves real-time performance in the considered case study.

  18. Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

    KAUST Repository

    Wang, Wei

    2014-06-22

    In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.

  19. A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data.

    Science.gov (United States)

    Goldstein, Markus; Uchida, Seiichi

    2016-01-01

    Anomaly detection is the process of identifying unexpected items or events in datasets, which differ from the norm. In contrast to standard classification tasks, anomaly detection is often applied on unlabeled data, taking only the internal structure of the dataset into account. This challenge is known as unsupervised anomaly detection and is addressed in many practical applications, for example in network intrusion detection, fraud detection as well as in the life science and medical domain. Dozens of algorithms have been proposed in this area, but unfortunately the research community still lacks a comparative universal evaluation as well as common publicly available datasets. These shortcomings are addressed in this study, where 19 different unsupervised anomaly detection algorithms are evaluated on 10 different datasets from multiple application domains. By publishing the source code and the datasets, this paper aims to be a new well-funded basis for unsupervised anomaly detection research. Additionally, this evaluation reveals the strengths and weaknesses of the different approaches for the first time. Besides the anomaly detection performance, computational effort, the impact of parameter settings as well as the global/local anomaly detection behavior is outlined. As a conclusion, we give an advise on algorithm selection for typical real-world tasks.

  20. A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data.

    Directory of Open Access Journals (Sweden)

    Markus Goldstein

    Full Text Available Anomaly detection is the process of identifying unexpected items or events in datasets, which differ from the norm. In contrast to standard classification tasks, anomaly detection is often applied on unlabeled data, taking only the internal structure of the dataset into account. This challenge is known as unsupervised anomaly detection and is addressed in many practical applications, for example in network intrusion detection, fraud detection as well as in the life science and medical domain. Dozens of algorithms have been proposed in this area, but unfortunately the research community still lacks a comparative universal evaluation as well as common publicly available datasets. These shortcomings are addressed in this study, where 19 different unsupervised anomaly detection algorithms are evaluated on 10 different datasets from multiple application domains. By publishing the source code and the datasets, this paper aims to be a new well-funded basis for unsupervised anomaly detection research. Additionally, this evaluation reveals the strengths and weaknesses of the different approaches for the first time. Besides the anomaly detection performance, computational effort, the impact of parameter settings as well as the global/local anomaly detection behavior is outlined. As a conclusion, we give an advise on algorithm selection for typical real-world tasks.

  1. Multiple Kernel Learning for Heterogeneous Anomaly Detection: Algorithm and Aviation Safety Case Study

    Science.gov (United States)

    Das, Santanu; Srivastava, Ashok N.; Matthews, Bryan L.; Oza, Nikunj C.

    2010-01-01

    The world-wide aviation system is one of the most complex dynamical systems ever developed and is generating data at an extremely rapid rate. Most modern commercial aircraft record several hundred flight parameters including information from the guidance, navigation, and control systems, the avionics and propulsion systems, and the pilot inputs into the aircraft. These parameters may be continuous measurements or binary or categorical measurements recorded in one second intervals for the duration of the flight. Currently, most approaches to aviation safety are reactive, meaning that they are designed to react to an aviation safety incident or accident. In this paper, we discuss a novel approach based on the theory of multiple kernel learning to detect potential safety anomalies in very large data bases of discrete and continuous data from world-wide operations of commercial fleets. We pose a general anomaly detection problem which includes both discrete and continuous data streams, where we assume that the discrete streams have a causal influence on the continuous streams. We also assume that atypical sequence of events in the discrete streams can lead to off-nominal system performance. We discuss the application domain, novel algorithms, and also discuss results on real-world data sets. Our algorithm uncovers operationally significant events in high dimensional data streams in the aviation industry which are not detectable using state of the art methods

  2. Accumulating pyramid spatial-spectral collaborative coding divergence for hyperspectral anomaly detection

    Science.gov (United States)

    Sun, Hao; Zou, Huanxin; Zhou, Shilin

    2016-03-01

    Detection of anomalous targets of various sizes in hyperspectral data has received a lot of attention in reconnaissance and surveillance applications. Many anomaly detectors have been proposed in literature. However, current methods are susceptible to anomalies in the processing window range and often make critical assumptions about the distribution of the background data. Motivated by the fact that anomaly pixels are often distinctive from their local background, in this letter, we proposed a novel hyperspectral anomaly detection framework for real-time remote sensing applications. The proposed framework consists of four major components, sparse feature learning, pyramid grid window selection, joint spatial-spectral collaborative coding and multi-level divergence fusion. It exploits the collaborative representation difference in the feature space to locate potential anomalies and is totally unsupervised without any prior assumptions. Experimental results on airborne recorded hyperspectral data demonstrate that the proposed methods adaptive to anomalies in a large range of sizes and is well suited for parallel processing.

  3. A Mobile Device System for Early Warning of ECG Anomalies

    Directory of Open Access Journals (Sweden)

    Adam Szczepański

    2014-06-01

    Full Text Available With the rapid increase in computational power of mobile devices the amount of ambient intelligence-based smart environment systems has increased greatly in recent years. A proposition of such a solution is described in this paper, namely real time monitoring of an electrocardiogram (ECG signal during everyday activities for identification of life threatening situations. The paper, being both research and review, describes previous work of the authors, current state of the art in the context of the authors’ work and the proposed aforementioned system. Although parts of the solution were described in earlier publications of the authors, the whole concept is presented completely for the first time along with the prototype implementation on mobile device—a Windows 8 tablet with Modern UI. The system has three main purposes. The first goal is the detection of sudden rapid cardiac malfunctions and informing the people in the patient’s surroundings, family and friends and the nearest emergency station about the deteriorating health of the monitored person. The second goal is a monitoring of ECG signals under non-clinical conditions to detect anomalies that are typically not found during diagnostic tests. The third goal is to register and analyze repeatable, long-term disturbances in the regular signal and finding their patterns.

  4. A program to compute magnetic anomaly detection probabilities

    OpenAIRE

    Forrest, R. N.

    1988-01-01

    Approved for public release, distribution unlimited This report was prepared in conjunction with research conducted for the Chief of Naval Operations and funded by the Naval Postgraduate School Second Revision The report contains user instructions, a listing and documentation for a microcomputer BASIC program that can be used to compute an estimate of the probability that a magnetic anamoly detection (MAD) system such as the AN/ASQ-81 will detect a submarine during an encounter. (rh)

  5. On-road anomaly detection by multimodal sensor analysis and multimedia processing

    Science.gov (United States)

    Orhan, Fatih; Eren, P. E.

    2014-03-01

    The use of smartphones in Intelligent Transportation Systems is gaining popularity, yet many challenges exist in developing functional applications. Due to the dynamic nature of transportation, vehicular social applications face complexities such as developing robust sensor management, performing signal and image processing tasks, and sharing information among users. This study utilizes a multimodal sensor analysis framework which enables the analysis of sensors in multimodal aspect. It also provides plugin-based analyzing interfaces to develop sensor and image processing based applications, and connects its users via a centralized application as well as to social networks to facilitate communication and socialization. With the usage of this framework, an on-road anomaly detector is being developed and tested. The detector utilizes the sensors of a mobile device and is able to identify anomalies such as hard brake, pothole crossing, and speed bump crossing. Upon such detection, the video portion containing the anomaly is automatically extracted in order to enable further image processing analysis. The detection results are shared on a central portal application for online traffic condition monitoring.

  6. Behavior Based Anomaly Detection Technique to Mitigate the Routing Misbehavior in MANET

    Directory of Open Access Journals (Sweden)

    T.V.P.Sundararajan

    2009-05-01

    Full Text Available Mobile ad hoc network does not have traffic concentration points such as gateway or access points which perform behavior monitoring of individual nodes. Therefore, maintaining the network function for normal nodes when other nodes do not route and forward correctly is a big challenge. This paper, address the behavior based anomaly detection technique inspired by the biological immune system to enhance the performance of MANET to operate despite the presence of misbehaving nodes. Due to its reliance on overhearing, the existing watchdog technique may fail to detect misbehavior or raise false alarms in the presence of ambiguous collisions, receiver collisions, and limited transmission power. Our proposed scheme uses intelligent machine learning techniques that learns and detects each node by false alarm and negative selection approach. We consider DSR, AODV and DSDV [24],[25] as underlying routing protocol which are highly vulnerable to routing misbehavior. Analytical and simulation results are presented to evaluate the performance of the proposed scheme. Keywords: intrusion detection, anomaly detection, mobile ad hoc network, security.

  7. Adaptive cancellation of geomagnetic background noise for magnetic anomaly detection using coherence

    International Nuclear Information System (INIS)

    Magnetic anomaly detection (MAD) is an effective method for the detection of ferromagnetic targets against background magnetic fields. Currently, the performance of MAD systems is mainly limited by the background geomagnetic noise. Several techniques have been developed to detect target signatures, such as the synchronous reference subtraction (SRS) method. In this paper, we propose an adaptive coherent noise suppression (ACNS) method. The proposed method is capable of evaluating and detecting weak anomaly signals buried in background geomagnetic noise. Tests with real-world recorded magnetic signals show that the ACNS method can excellently remove the background geomagnetic noise by about 21 dB or more in high background geomagnetic field environments. Additionally, as a general form of the SRS method, the ACNS method offers appreciable advantages over the existing algorithms. Compared to the SRS method, the ACNS algorithm can eliminate the false target signals and represents a noise suppressing capability improvement of 6.4 dB. The positive outcomes in terms of intelligibility make this method a potential candidate for application in MAD systems. (paper)

  8. Robust and Accurate Anomaly Detection in ECG Artifacts Using Time Series Motif Discovery

    OpenAIRE

    Haemwaan Sivaraks; Chotirat Ann Ratanamahatana

    2015-01-01

    Electrocardiogram (ECG) anomaly detection is an important technique for detecting dissimilar heartbeats which helps identify abnormal ECGs before the diagnosis process. Currently available ECG anomaly detection methods, ranging from academic research to commercial ECG machines, still suffer from a high false alarm rate because these methods are not able to differentiate ECG artifacts from real ECG signal, especially, in ECG artifacts that are similar to ECG signals in terms of shape and/or fr...

  9. Smartphone-Based Pedestrian’s Avoidance Behavior Recognition towards Opportunistic Road Anomaly Detection

    Directory of Open Access Journals (Sweden)

    Tsuyoshi Ishikawa

    2016-10-01

    Full Text Available Road anomalies, such as cracks, pits and puddles, have generally been identified by citizen reports made by e-mail or telephone; however, it is difficult for administrative entities to locate the anomaly for repair. An advanced smartphone-based solution that sends text and/or image reports with location information is not a long-lasting solution, because it depends on people’s active reporting. In this article, we show an opportunistic sensing-based system that uses a smartphone for road anomaly detection without any active user involvement. To detect road anomalies, we focus on pedestrians’ avoidance behaviors, which are characterized by changing azimuth patterns. Three typical avoidance behaviors are defined, and random forest is chosen as the classifier. Twenty-nine features are defined, in which features calculated by splitting a segment into the first half and the second half and considering the monotonicity of change were proven to be effective in recognition. Experiments were carried out under an ideal and controlled environment. Ten-fold cross-validation shows an average classification performance with an F-measure of 0.89 for six activities. The proposed recognition method was proven to be robust against the size of obstacles, and the dependency on the storing position of a smartphone can be handled by an appropriate classifier per storing position. Furthermore, an analysis implies that the classification of data from an “unknown” person can be improved by taking into account the compatibility of a classifier.

  10. Aircraft Anomaly Detection Using Performance Models Trained on Fleet Data

    Science.gov (United States)

    Gorinevsky, Dimitry; Matthews, Bryan L.; Martin, Rodney

    2012-01-01

    This paper describes an application of data mining technology called Distributed Fleet Monitoring (DFM) to Flight Operational Quality Assurance (FOQA) data collected from a fleet of commercial aircraft. DFM transforms the data into aircraft performance models, flight-to-flight trends, and individual flight anomalies by fitting a multi-level regression model to the data. The model represents aircraft flight performance and takes into account fixed effects: flight-to-flight and vehicle-to-vehicle variability. The regression parameters include aerodynamic coefficients and other aircraft performance parameters that are usually identified by aircraft manufacturers in flight tests. Using DFM, the multi-terabyte FOQA data set with half-million flights was processed in a few hours. The anomalies found include wrong values of competed variables, (e.g., aircraft weight), sensor failures and baises, failures, biases, and trends in flight actuators. These anomalies were missed by the existing airline monitoring of FOQA data exceedances.

  11. Network-Wide Traffic Anomaly Detection and Localization Based on Robust Multivariate Probabilistic Calibration Model

    Directory of Open Access Journals (Sweden)

    Yuchong Li

    2015-01-01

    Full Text Available Network anomaly detection and localization are of great significance to network security. Compared with the traditional methods of host computer, single link and single path, the network-wide anomaly detection approaches have distinctive advantages with respect to detection precision and range. However, when facing the actual problems of noise interference or data loss, the network-wide anomaly detection approaches also suffer significant performance reduction or may even become unavailable. Besides, researches on anomaly localization are rare. In order to solve the mentioned problems, this paper presents a robust multivariate probabilistic calibration model for network-wide anomaly detection and localization. It applies the latent variable probability theory with multivariate t-distribution to establish the normal traffic model. Not only does the algorithm implement network anomaly detection by judging whether the sample’s Mahalanobis distance exceeds the threshold, but also it locates anomalies by contribution analysis. Both theoretical analysis and experimental results demonstrate its robustness and wider use. The algorithm is applicable when dealing with both data integrity and loss. It also has a stronger resistance over noise interference and lower sensitivity to the change of parameters, all of which indicate its performance stability.

  12. Detecting Anomaly Regions in Satellite Image Time Series Based on Sesaonal Autocorrelation Analysis

    Science.gov (United States)

    Zhou, Z.-G.; Tang, P.; Zhou, M.

    2016-06-01

    Anomaly regions in satellite images can reflect unexpected changes of land cover caused by flood, fire, landslide, etc. Detecting anomaly regions in satellite image time series is important for studying the dynamic processes of land cover changes as well as for disaster monitoring. Although several methods have been developed to detect land cover changes using satellite image time series, they are generally designed for detecting inter-annual or abrupt land cover changes, but are not focusing on detecting spatial-temporal changes in continuous images. In order to identify spatial-temporal dynamic processes of unexpected changes of land cover, this study proposes a method for detecting anomaly regions in each image of satellite image time series based on seasonal autocorrelation analysis. The method was validated with a case study to detect spatial-temporal processes of a severe flooding using Terra/MODIS image time series. Experiments demonstrated the advantages of the method that (1) it can effectively detect anomaly regions in each of satellite image time series, showing spatial-temporal varying process of anomaly regions, (2) it is flexible to meet some requirement (e.g., z-value or significance level) of detection accuracies with overall accuracy being up to 89% and precision above than 90%, and (3) it does not need time series smoothing and can detect anomaly regions in noisy satellite images with a high reliability.

  13. Anomaly detection in homogenous populations: A sparse multiple kernel-based regularization method

    DEFF Research Database (Denmark)

    Chen, Tianshi; Andersen, Martin S.; Chiuso, Alessandro;

    2014-01-01

    A problem of anomaly detection in homogenous populations consisting of linear stable systems is studied. The recently introduced sparse multiple kernel based regularization method is applied to solve the problem. A common problem with the existing regularization methods is that there lacks...... an efficient and systematic way to tune the involved regularization parameters. In contrast, the hyper-parameters (some of them can be interpreted as regularization parameters) involved in the proposed method are tuned in an automatic way, and in fact estimated by using the empirical Bayes method. What's more...

  14. Modeling Stochastic Anomalies in an SIS and SIRS System

    OpenAIRE

    Vlasic, Andrew

    2012-01-01

    I propose a stochastic SIS and SIRS system to include a Poisson measure term to model anomalies in the dynamics. In particular the positive integrand in the Poisson term is intended to model quarantine. Conditions are given for the stability of the disease free equilibrium for both systems.

  15. Lunar magnetic anomalies detected by the Apollo subsatellite magnetometers

    Science.gov (United States)

    Hood, L. L.; Coleman, P. J., Jr.; Russell, C. T.; Wilhelms, D. E.

    1979-01-01

    Properties of lunar crustal magnetization thus far deduced from Apollo subsatellite magnetometer data are reviewed using two of the most accurate available magnetic anomaly maps, one covering a portion of the lunar near side and the other a part of the far side. The largest single anomaly found within the region of coverage on the near-side map correlates exactly with a conspicuous light-colored marking in western Oceanus Procellarum called Reiner Gamma. This feature is interpreted as an unusual deposit of ejecta from secondary craters of the large nearby primary impact crater Cavalerius. The mean altitude of the far-side anomaly gap is much higher than that of the near side map and the surface geology is more complex; individual anomaly sources have therefore not yet been identified. The mechanism of magnetization and the origin of the magnetizing field remain unresolved, but the uniformity with which the Reiner Gamma deposit is apparently magnetized, and the north-south depletion of magnetization intensity across a substantial portion of the far side, seem to require the existence of an ambient field, perhaps of global or larger extent.

  16. ADAPTIVE SUBSYSTEM FOR DETECTING AND PREVENTING ANOMALIES AS A PROTECTION MEANS AGAINST NETWORK ATTACKS

    Directory of Open Access Journals (Sweden)

    Simankov V. S.

    2015-06-01

    Full Text Available This article describes the results of networks anomalies detection system based on modular adaptive approach practical implementation. The list of specific modules used in the practical implementation of IPS, their architecture, algorithms, software, organizational and technical support determined at technical working design based on the results of the audit, evaluation and risk analysis. In the general list of modules (subsystems we may include: intrusion detection and prevention (IPS / IDS subsystems; monitoring, data collection, and event correlation, administration and management subsystem and others. We have demonstrated the specificity of formation requirements for the basic mechanisms of the subsystems in terms of development and implementation of specific architecture with some examples, plus practically implemented structure of system modules, as well as organizational and technical support system functioning

  17. GPU implementation of target and anomaly detection algorithms for remotely sensed hyperspectral image analysis

    Science.gov (United States)

    Paz, Abel; Plaza, Antonio

    2010-08-01

    Automatic target and anomaly detection are considered very important tasks for hyperspectral data exploitation. These techniques are now routinely applied in many application domains, including defence and intelligence, public safety, precision agriculture, geology, or forestry. Many of these applications require timely responses for swift decisions which depend upon high computing performance of algorithm analysis. However, with the recent explosion in the amount and dimensionality of hyperspectral imagery, this problem calls for the incorporation of parallel computing techniques. In the past, clusters of computers have offered an attractive solution for fast anomaly and target detection in hyperspectral data sets already transmitted to Earth. However, these systems are expensive and difficult to adapt to on-board data processing scenarios, in which low-weight and low-power integrated components are essential to reduce mission payload and obtain analysis results in (near) real-time, i.e., at the same time as the data is collected by the sensor. An exciting new development in the field of commodity computing is the emergence of commodity graphics processing units (GPUs), which can now bridge the gap towards on-board processing of remotely sensed hyperspectral data. In this paper, we describe several new GPU-based implementations of target and anomaly detection algorithms for hyperspectral data exploitation. The parallel algorithms are implemented on latest-generation Tesla C1060 GPU architectures, and quantitatively evaluated using hyperspectral data collected by NASA's AVIRIS system over the World Trade Center (WTC) in New York, five days after the terrorist attacks that collapsed the two main towers in the WTC complex.

  18. Enabling the Discovery of Recurring Anomalies in Aerospace System Problem Reports using High-Dimensional Clustering Techniques

    Science.gov (United States)

    Srivastava, Ashok, N.; Akella, Ram; Diev, Vesselin; Kumaresan, Sakthi Preethi; McIntosh, Dawn M.; Pontikakis, Emmanuel D.; Xu, Zuobing; Zhang, Yi

    2006-01-01

    This paper describes the results of a significant research and development effort conducted at NASA Ames Research Center to develop new text mining techniques to discover anomalies in free-text reports regarding system health and safety of two aerospace systems. We discuss two problems of significant importance in the aviation industry. The first problem is that of automatic anomaly discovery about an aerospace system through the analysis of tens of thousands of free-text problem reports that are written about the system. The second problem that we address is that of automatic discovery of recurring anomalies, i.e., anomalies that may be described m different ways by different authors, at varying times and under varying conditions, but that are truly about the same part of the system. The intent of recurring anomaly identification is to determine project or system weakness or high-risk issues. The discovery of recurring anomalies is a key goal in building safe, reliable, and cost-effective aerospace systems. We address the anomaly discovery problem on thousands of free-text reports using two strategies: (1) as an unsupervised learning problem where an algorithm takes free-text reports as input and automatically groups them into different bins, where each bin corresponds to a different unknown anomaly category; and (2) as a supervised learning problem where the algorithm classifies the free-text reports into one of a number of known anomaly categories. We then discuss the application of these methods to the problem of discovering recurring anomalies. In fact the special nature of recurring anomalies (very small cluster sizes) requires incorporating new methods and measures to enhance the original approach for anomaly detection. ?& pant 0-

  19. nu-Anomica: A Fast Support Vector Based Anomaly Detection Technique

    Data.gov (United States)

    National Aeronautics and Space Administration — In this paper we propose $nu$-Anomica, a novel anomaly detection technique that can be trained on huge data sets with much reduced running time compared to the...

  20. Extracting Hidden Anomalies using Sketch and Non Gaussian Multiresolution Statistical Detection Procedures

    OpenAIRE

    Dewaele, Guillaume; Fukuda, Kensuke; Borgnat, Pierre; Abry, Patrice; Cho, Kenjiro

    2007-01-01

    International audience A new profile-based anomaly detection and characterization procedure is proposed. It aims at performing prompt and accurate detection of both short-lived and long-lasting low-intensity anomalies, without the recourse of any prior knowledge of the targetted traffic. Key features of the algorithm lie in the joint use of random projection techniques (sketches) and of a multiresolution non Gaussian marginal distribution modeling. The former enables both a reduction in th...

  1. Applying static code analysis to firewall policies for the purpose of anomaly detection

    OpenAIRE

    Zaliva, Vadim

    2011-01-01

    Treating modern firewall policy languages as imperative, special purpose programming languages, in this article we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this work are: 1. An analysis of various control flow instructions in popular firewall policy languages ...

  2. Detecting and modeling persistent self-potential anomalies from underground nuclear explosions at the Nevada Test Site

    International Nuclear Information System (INIS)

    Self-potential anomalies are naturally occurring, nearly stationary electric fields that are detected by measuring the potential difference between two points on (or in) the ground. SP anomalies arise from a number of causes: principally electrochemical reactions, and heat and fluid flows. SP is routinely used to locate mineral deposits, geothermal systems, and zones of seepage. This paper is a progress report on our work toward detecting explosion-related SP signals at the Nevada Test Site (NTS) and in understanding the physics of these anomalies that persist and continue changing over periods of time that range from months to years. As background, we also include a brief description of how SP signals arise, and we mention their use in other areas such as exploring for geothermal resources and locating seepage through dams. Between the years 1988 and 1991, we surveyed the areas around seven underground nuclear tests for persistent SP anomalies. We not only detected anomalies, but we also found that various phenomena could be contributing to them and that we did not know which of these were actually occurring. We analyzed our new data with existing steady state codes and with a newly developed time-dependent thermal modeling code. Our results with the new code showed that the conductive decay of the thermal pulse from an underground nuclear test could produce many of the observed signals, and that others are probably caused by movement of fluid induced by the explosion. 25 refs

  3. Estimation of fuzzy anomalies in Water Distribution Systems

    CERN Document Server

    Izquierdo, J; Pérez, R; Martinez, F J

    2007-01-01

    State estimation is necessary in diagnosing anomalies in Water Demand Systems (WDS). In this paper we present a neural network performing such a task. State estimation is performed by using optimization, which tries to reconcile all the available information. Quantification of the uncertainty of the input data (telemetry measures and demand predictions) can be achieved by means of robust estate estimation. Using a mathematical model of the network, fuzzy estimated states for anomalous states of the network can be obtained. They are used to train a neural network capable of assessing WDS anomalies associated with particular sets of measurements.

  4. Multi-level anomaly detection: Relevance of big data analytics in networks

    Indian Academy of Sciences (India)

    Saad Y Sait; Akshay Bhandari; Shreya Khare; Cyriac James; Hema A Murthy

    2015-09-01

    The Internet has become a vital source of information; internal and external attacks threaten the integrity of the LAN connected to the Internet. In this work, several techniques have been described for detection of such threats. We have focussed on anomaly-based intrusion detection in the campus environment at the network edge. A campus LAN consisting of more than 9000 users with a 90 Mbps internet access link is a large network. Therefore, efficient techniques are required to handle such big data and to model user behaviour. Proxy server logs of a campus LAN and edge router traces have been used for anomalies like abusive Internet access, systematic downloading (internal threats) and DDoS attacks (external threat); our techniques involve machine learning and time series analysis applied at different layers in TCP/IP stack. Accuracy of our techniques has been demonstrated through extensive experimentation on huge and varied datasets. All the techniques are applicable at the edge and can be integrated into a Network Intrusion Detection System.

  5. Isotopic anomalies and proton irradiation in the early solar system

    Science.gov (United States)

    Clayton, D. D.; Dwek, E.; Woosley, S. E.

    1977-01-01

    Nuclear cross sections relevant to the various isotopic-abundance anomalies found in solar-system objects are evaluated in an attempt to set constraints on the hypothesized mechanism of irradiation of forming planetesimals by energetic protons from the young sun. A power-law proton spectrum is adopted, attention is restricted to proton energies less than about 20 MeV, and average cross sections are calculated for several reactions that might be expected to lead to the observed anomalies. The following specific anomalies are examined in detail: Al-26, Na-22, Xe-126, I-129, Kr-80, V-50, Nb-92, La-138, Ta-180, Hg-196, K-40, Ar-36, O-17, O-18, N-15, C-13, Li, Be, and B. It is suggested that the picture of presolar-grain carriers accounts for the facts more naturally than do irradiation models.

  6. Comparison of Ultrasound and MRI in Detecting Fetal Anomalies

    OpenAIRE

    R Abdi; H. Majidi

    2005-01-01

    Introduction & Background: Ultrasound (US) and MRI are considered complementary technologies, and MRI is utilized as an adjunct to US in the evaluation of fetal anomalies. Overall ultrasound remains the prime mo-dality for evaluating disorders of the fetus and pregnancy. Ultrasound continues to have several obvious advan-tages over MRI. It is safe and relatively inexpensive and is widely available It also allows for real-time imaging. However, US does have important limitations. First, it...

  7. Anomaly Detection Algorithm for Stay Cable Monitoring Data Based on Data Fusion

    Institute of Scientific and Technical Information of China (English)

    Xiaoling Liu,Qiao Huang∗; Yuan Ren

    2016-01-01

    In order to improve the accuracy and consistency of data in health monitoring system, an anomaly detection algorithm for stay cables based on data fusion is proposed. The monitoring data of Nanjing No. 3 Yangtze River Bridge is used as the basis of study. Firstly, an adaptive processing framework with feedback control is established based on the concept of data fusion. The data processing contains four steps: data specification, data cleaning, data conversion and data fusion. Data processing information offers feedback to the original data system, which further gives guidance for the sensor maintenance or replacement. Subsequently, the algorithm steps based on the continuous data distortion is investigated,which integrates the inspection data and the distribution test method. Finally, a group of cable force data is utilized as an example to verify the established framework and algorithm. Experimental results show that the proposed algorithm can achieve high detection accuracy, providing a valuable reference for other monitoring data processing.

  8. Anomaly Detection Techniques with Real Test Data from a Spinning Turbine Engine-Like Rotor

    Science.gov (United States)

    Abdul-Aziz, Ali; Woike, Mark R.; Oza, Nikunj C.; Matthews, Bryan L.

    2012-01-01

    Online detection techniques to monitor the health of rotating engine components are becoming increasingly attractive to aircraft engine manufacturers in order to increase safety of operation and lower maintenance costs. Health monitoring remains a challenge to easily implement, especially in the presence of scattered loading conditions, crack size, component geometry, and materials properties. The current trend, however, is to utilize noninvasive types of health monitoring or nondestructive techniques to detect hidden flaws and mini-cracks before any catastrophic event occurs. These techniques go further to evaluate material discontinuities and other anomalies that have grown to the level of critical defects that can lead to failure. Generally, health monitoring is highly dependent on sensor systems capable of performing in various engine environmental conditions and able to transmit a signal upon a predetermined crack length, while acting in a neutral form upon the overall performance of the engine system.

  9. Lunar magnetic anomalies detected by the Apollo substatellite magnetometers

    Science.gov (United States)

    Hood, L.L.; Coleman, P.J., Jr.; Russell, C.T.; Wilhelms, D.E.

    1979-01-01

    Properties of lunar crustal magnetization thus far deduced from Apollo subsatellite magnetometer data are reviewed using two of the most accurate presently available magnetic anomaly maps - one covering a portion of the lunar near side and the other a part of the far side. The largest single anomaly found within the region of coverage on the near-side map correlates exactly with a conspicuous, light-colored marking in western Oceanus Procellarum called Reiner Gamma. This feature is interpreted as an unusual deposit of ejecta from secondary craters of the large nearby primary impact crater Cavalerius. An age for Cavalerius (and, by implication, for Reiner Gamma) of 3.2 ?? 0.2 ?? 109 y is estimated. The main (30 ?? 60 km) Reiner Gamma deposit is nearly uniformly magnetized in a single direction, with a minimum mean magnetization intensity of ???7 ?? 10-2 G cm3/g (assuming a density of 3 g/cm3), or about 700 times the stable magnetization component of the most magnetic returned samples. Additional medium-amplitude anomalies exist over the Fra Mauro Formation (Imbrium basin ejecta emplaced ???3.9 ?? 109 y ago) where it has not been flooded by mare basalt flows, but are nearly absent over the maria and over the craters Copernicus, Kepler, and Reiner and their encircling ejecta mantles. The mean altitude of the far-side anomaly gap is much higher than that of the near-side map and the surface geology is more complex, so individual anomaly sources have not yet been identified. However, it is clear that a concentration of especially strong sources exists in the vicinity of the craters Van de Graaff and Aitken. Numerical modeling of the associated fields reveals that the source locations do not correspond with the larger primary impact craters of the region and, by analogy with Reiner Gamma, may be less conspicuous secondary crater ejecta deposits. The reason for a special concentration of strong sources in the Van de Graaff-Aitken region is unknown, but may be indirectly

  10. Recurring Anomaly Detection System (ReADS)

    Data.gov (United States)

    National Aeronautics and Space Administration — Overview: ReADS can analyze text reports, such as aviation reports and problem or maintenance records. ReADS uses text clustering algorithms to group loosely...

  11. Duplicated Renal System with H Shaped Ureter: An Extraordinary Anomaly

    Directory of Open Access Journals (Sweden)

    Fatih Akbulut

    2016-01-01

    Full Text Available Duplex collecting systems are the most commonly encountered anomaly of the urinary system. Complete duplex system with an H shaped ureter is a very rare situation. There are only two reported H ureter cases in the literature. Herein, we aimed to present an H shaped ureter case, which was identified while performing ureterorenoscopy to a 48-year-old female patient due to a right distal ureteral stone.

  12. Dielectric anomaly in coupled rotor systems

    OpenAIRE

    Shima, Hiroyuki; Nakayama, Tsuneyoshi

    2004-01-01

    The correlated dynamics of coupled quantum rotors carrying electric dipole moment is theoretically investigated. The energy spectra of coupled rotors as a function of dipolar interaction energy is analytically solved. The calculated dielectric susceptibilities of the system show the peculiar temperature dependence different from that of isolated rotors.

  13. Dielectric anomaly in coupled rotor systems

    OpenAIRE

    Shima, Hiroyuki; Nakayama, Tsuneyoshi

    2004-01-01

    The correlated dynamics of coupled quantum rotors carrying electric dipole moment is theoretically investigated. The energy spectra of coupled rotors as a function of dipolar interaction energy are analytically solved. The calculated dielectric susceptibilities of the system show a peculiar temperature dependence different from that of isolated rotors.

  14. Multi-Level Anomaly Detection on Time-Varying Graph Data

    Energy Technology Data Exchange (ETDEWEB)

    Bridges, Robert A [ORNL; Collins, John P [ORNL; Ferragut, Erik M [ORNL; Laska, Jason A [ORNL; Sullivan, Blair D [ORNL

    2015-01-01

    This work presents a novel modeling and analysis framework for graph sequences which addresses the challenge of detecting and contextualizing anomalies in labelled, streaming graph data. We introduce a generalization of the BTER model of Seshadhri et al. by adding flexibility to community structure, and use this model to perform multi-scale graph anomaly detection. Specifically, probability models describing coarse subgraphs are built by aggregating probabilities at finer levels, and these closely related hierarchical models simultaneously detect deviations from expectation. This technique provides insight into a graph's structure and internal context that may shed light on a detected event. Additionally, this multi-scale analysis facilitates intuitive visualizations by allowing users to narrow focus from an anomalous graph to particular subgraphs or nodes causing the anomaly. For evaluation, two hierarchical anomaly detectors are tested against a baseline Gaussian method on a series of sampled graphs. We demonstrate that our graph statistics-based approach outperforms both a distribution-based detector and the baseline in a labeled setting with community structure, and it accurately detects anomalies in synthetic and real-world datasets at the node, subgraph, and graph levels. To illustrate the accessibility of information made possible via this technique, the anomaly detector and an associated interactive visualization tool are tested on NCAA football data, where teams and conferences that moved within the league are identified with perfect recall, and precision greater than 0.786.

  15. A hyperspectral imagery anomaly detection algorithm based on local three-dimensional orthogonal subspace projection

    Science.gov (United States)

    Zhang, Xing; Wen, Gongjian

    2015-10-01

    Anomaly detection (AD) becomes increasingly important in hyperspectral imagery analysis with many practical applications. Local orthogonal subspace projection (LOSP) detector is a popular anomaly detector which exploits local endmembers/eigenvectors around the pixel under test (PUT) to construct background subspace. However, this subspace only takes advantage of the spectral information, but the spatial correlat ion of the background clutter is neglected, which leads to the anomaly detection result sensitive to the accuracy of the estimated subspace. In this paper, a local three dimensional orthogonal subspace projection (3D-LOSP) algorithm is proposed. Firstly, under the jointly use of both spectral and spatial information, three directional background subspaces are created along the image height direction, the image width direction and the spectral direction, respectively. Then, the three corresponding orthogonal subspaces are calculated. After that, each vector along three direction of the local cube is projected onto the corresponding orthogonal subspace. Finally, a composite score is given through the three direction operators. In 3D-LOSP, the anomalies are redefined as the target not only spectrally different to the background, but also spatially distinct. Thanks to the addition of the spatial information, the robustness of the anomaly detection result has been improved greatly by the proposed 3D-LOSP algorithm. It is noteworthy that the proposed algorithm is an expansion of LOSP and this ideology can inspire many other spectral-based anomaly detection methods. Experiments with real hyperspectral images have proved the stability of the detection result.

  16. Nonlinear Supersymmetry, Quantum Anomaly and Quasi-Exactly Solvable Systems

    CERN Document Server

    Klishevich, S M; Klishevich, Sergey; Plyushchay, Mikhail

    2001-01-01

    The nonlinear supersymmetry of one-dimensional systems is investigated in the context of the quantum anomaly problem. Any classical supersymmetric system characterized by the nonlinear in the Hamiltonian superalgebra is symplectomorphic to a supersymmetric canonical system with the holomorphic form of the supercharges. Depending on the behaviour of the superpotential, the canonical supersymmetric systems are separated into the three classes. In one of them the parameter specifying the supersymmetry order is subject to some sort of classical quantization, whereas the supersymmetry of another extreme class has a rather fictive nature since its fermion degrees of freedom are decoupled completely by a canonical transformation. The nonlinear supersymmetry with polynomial in momentum supercharges is analysed, and the most general one-parametric Calogero-like solution with the second order supercharges is found. Quantization of the systems of the canonical form reveals the two anomaly-free classes, one of which give...

  17. The Anomaly Detection in SMTP Traffic Based on Leaky Integrate-and-Fire Model

    Institute of Scientific and Technical Information of China (English)

    LUO Hao; FANG Bin-xing; YUN Xiao-chun

    2006-01-01

    This paper investigated an effective and robust mechanism for detecting simple mail transfer protocol(SMTP) traffic anomaly. The detection method cumulates the deviation of current delivering status from history behavior based on a weighted sum method called the leaky integrate-and-fire model to detect anomaly. The simplicity of the detection method is that the method need not store history profile and low computation overhead, which makes the detection method itself immunes to attacks. The performance is investigated in terms of detection probability, the false alarm ratio, and the detection delay. The results show that leaky integrate-and-fire method is quite effective at detecting constant intensity attacks and increasing intensity attacks. Compared with the non-parametric cumulative sum method, the evaluation results show that the proposed detection method has shorter detection latency and higher detection probability.

  18. Temperature anomaly detection and estimation using microwave radiometry and anatomical information

    Science.gov (United States)

    Kelly, Patrick; Sobers, Tamara; St. Peter, Benjamin; Siqueira, Paul; Capraro, Geoffrey

    2011-03-01

    Many medically significant conditions (e.g., ischemia, carcinoma and inflammation) involve localized anomalies in physiological parameters such as the metabolic and blood perfusion rates. These in turn lead to deviations from normal tissue temperature patterns. Microwave radiometry is a passive system for sensing the radiation that objects emit naturally in the microwave frequency band. Since the emitted power depends on temperature, and since radiation at low microwave frequencies can propagate through several centimeters of tissue, microwave radiometry has the potential to provide valuable information about subcutaneous anomalies. The radiometric temperature measurement for a tissue region can be modeled as the inner product of the temperature pattern and a weighting function that depends on tissue properties and the radiometer's antenna. In the absence of knowledge of the weighting functions, it can be difficult to extract specific information about tissue temperature patterns (or the underlying physiological parameters) from the measurements. In this paper, we consider a scenario in which microwave radiometry works in conjunction with another imaging modality (e.g., 3D-CT or MRI) that provides detailed anatomical information. This information is used along with sensor properties in electromagnetic simulation software to generate weighting functions. It also is used in bio-heat equations to generate nominal tissue temperature patterns. We then develop a hypothesis testing framework that makes use of the weighting functions, nominal temperature patterns, and maximum likelihood estimates to detect anomalies. Simulation results are presented to illustrate the proposed detection procedures. The design and performance of an S-band (2-4 GHz) radiometer, and some of the challenges in using such a radiometer for temperature measurements deep in tissue, are also discussed.

  19. Improved K-means Algorithm for Manufacturing Process Anomaly Detection and Recognition

    Institute of Scientific and Technical Information of China (English)

    ZHOU Xiaomin; PENG Wei; SHI Haibo

    2006-01-01

    Anomaly detection and recognition are of prime importance in process industries. Faults are usually rare, and, therefore, predicting them is difficult. In this paper, a new greedy initialization method for the K-means algorithm is proposed to improve traditional K-means clustering techniques. The new initialization method tries to choose suitable initial points, which are well separated and have the potential to form high-quality clusters. Based on the clustering result of historical disqualification product data in manufacturing process which generated by the Improved-K-means algorithm, a prediction model which is used to detect and recognize the abnormal trend of the quality problems is constructed. This simple and robust alarm-system architecture for predicting incoming faults realizes the transition of quality problems from diagnosis afterward to prevention beforehand indeed. In the end, the alarm model was applied for prediction and avoidance of gear-wheel assembly faults at a gear-plant.

  20. Superconducting gap anomaly in heavy fermion systems

    Indian Academy of Sciences (India)

    G C Rout; M S Ojha; S N Behera

    2008-04-01

    The heavy fermion system (HFS) is described by the periodic Anderson model (PAM), treating the Coulomb correlation between the -electrons in the mean-field Hartree-Fock approximation. Superconductivity is introduced by a BCS-type pairing term among the conduction electrons. Within this approximation the equation for the superconducting gap is derived, which depends on the effective position of the energy level of the -electrons relative to the Fermi level. The latter in turn depends on the occupation probability f of the -electrons. The gap equation is solved self-consistently with the equation for f; and their temperature dependences are studied for different positions of the bare -electron energy level, with respect to the Fermi level. The dependence of the superconducting gap on the hybridization leads to a re-entrant behaviour with increasing strength. The induced pairing between the -electrons and the pairing of mixed conduction and -electrons due to hybridization are also determined. The temperature dependence of the hybridization parameter, which characterizes the number of electrons with mixed character and represents the number of heavy electrons is studied. This number is shown to be small. The quasi-particle density of states (DOS) shows the existence of a pseudo-gap due to superconductivity and the signature of a hybridization gap at the Fermi level. For the choice of the model parameters, the DOS shows that the HFS is a metal and undergoes a transition to the gap-less superconducting state.

  1. Advancements of Data Anomaly Detection Research in Wireless Sensor Networks: A Survey and Open Issues

    Directory of Open Access Journals (Sweden)

    Mohd Aizaini Maarof

    2013-08-01

    Full Text Available Wireless Sensor Networks (WSNs are important and necessary platforms for the future as the concept “Internet of Things” has emerged lately. They are used for monitoring, tracking, or controlling of many applications in industry, health care, habitat, and military. However, the quality of data collected by sensor nodes is affected by anomalies that occur due to various reasons, such as node failures, reading errors, unusual events, and malicious attacks. Therefore, anomaly detection is a necessary process to ensure the quality of sensor data before it is utilized for making decisions. In this review, we present the challenges of anomaly detection in WSNs and state the requirements to design efficient and effective anomaly detection models. We then review the latest advancements of data anomaly detection research in WSNs and classify current detection approaches in five main classes based on the detection methods used to design these approaches. Varieties of the state-of-the-art models for each class are covered and their limitations are highlighted to provide ideas for potential future works. Furthermore, the reviewed approaches are compared and evaluated based on how well they meet the stated requirements. Finally, the general limitations of current approaches are mentioned and further research opportunities are suggested and discussed.

  2. Advanced Unsupervised Classification Methods to Detect Anomalies on Earthen Levees Using Polarimetric SAR Imagery

    OpenAIRE

    Ramakalavathi Marapareddy; James V. Aanstoos; Nicolas H. Younan

    2016-01-01

    Fully polarimetric Synthetic Aperture Radar (polSAR) data analysis has wide applications for terrain and ground cover classification. The dynamics of surface and subsurface water events can lead to slope instability resulting in slough slides on earthen levees. Early detection of these anomalies by a remote sensing approach could save time versus direct assessment. We used L-band Synthetic Aperture Radar (SAR) to screen levees for anomalies. SAR technology, due to its high spatial resolution ...

  3. A Statistical Detection of an Anomaly from a Few Noisy Tomographic Projections

    Directory of Open Access Journals (Sweden)

    Fillatre Lionel

    2005-01-01

    Full Text Available The problem of detecting an anomaly/target from a very limited number of noisy tomographic projections is addressed from the statistical point of view. The imaged object is composed of an environment, considered as a nuisance parameter, with a possibly hidden anomaly/target. The GLR test is used to solve the problem. When the projection linearly depends on the nuisance parameters, the GLR test coincides with an optimal statistical invariant test.

  4. An Economic Analysis of Prenatal Cytogenetic Technologies for Sonographically-Detected Fetal Anomalies

    OpenAIRE

    HARPER, Lorie M.; Sutton, Amelia L. M.; LONGMAN, Ryan E.; Odibo, Anthony O.

    2014-01-01

    When congenital anomalies are diagnosed on prenatal ultrasound, the current standard of care is to perform G-banded karyotyping on cultured amniotic cells. Chromosomal microarray (CMA) can detect smaller genomic deletions and duplications than traditional karyotype analysis. CMA is the first-tier test in postnatal evaluation of children with multiple congenital anomalies. Recent studies have demonstrated the utility of CMA in the prenatal setting and have advocated for widespread implementati...

  5. Automated Anomaly Detection in Distribution Grids Using $\\mu$PMU Measurements

    CERN Document Server

    Jamei, Mahdi; Roberts, Ciaran; Stewart, Emma; Peisert, Sean; McParland, Chuck; McEachern, Alex

    2016-01-01

    The impact of Phasor Measurement Units (PMUs) for providing situational awareness to transmission system operators has been widely documented. Micro-PMUs ($\\mu$PMUs) are an emerging sensing technology that can provide similar benefits to Distribution System Operators (DSOs), enabling a level of visibility into the distribution grid that was previously unattainable. In order to support the deployment of these high resolution sensors, the automation of data analysis and prioritizing communication to the DSO becomes crucial. In this paper, we explore the use of $\\mu$PMUs to detect anomalies on the distribution grid. Our methodology is motivated by growing concern about failures and attacks to distribution automation equipment. The effectiveness of our approach is demonstrated through both real and simulated data.

  6. Anomaly matching condition in two-dimensional systems

    CERN Document Server

    Dubinkin, O; Gubankova, E

    2016-01-01

    Based on Son-Yamamoto relation obtained for transverse part of triangle axial anomaly in ${\\rm QCD}_4$, we derive its analog in two-dimensional system. It connects the transverse part of mixed vector-axial current two-point function with diagonal vector and axial current two-point functions. Being fully non-perturbative, this relation may be regarded as anomaly matching for conductivities or certain transport coefficients depending on the system. We consider the holographic RG flows in holographic Yang-Mills-Chern-Simons theory via the Hamilton-Jacobi equation with respect to the radial coordinate. Within this holographic model it is found that the RG flows for the following relations are diagonal: Son-Yamamoto relation and the left-right polarization operator. Thus the Son-Yamamoto relation holds at wide range of energy scales.

  7. Anomaly Event Detection Method Based on Compressive Sensing and Iteration in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Shihua Cao

    2014-03-01

    Full Text Available Anomaly event detection is one of the research hotspots in wireless sensor networks. Aiming at the disadvantages of current detection solutions, a novel anomaly event detection algorithm based on compressed sensing and iteration is proposed. Firstly, a measured value can be sensed in each node, based on the compressed sensing. Then the problem of anomaly event detection is modeled as the minimization problem of weighted l1 norm, and OMP algorithm is adopted for solving the problem iteratively. And then the result of problem solving is judged according to detection functions. Finally, in the light of the judgment results, the weight value is updated for beginning a new round iteration. The loop won't stop until all the anomaly events are detected in wireless sensor networks. Simulation experimental results show the proposed algorithm has a better omission detection rate and false alarm rate in different noisy environments. In addition, the detection quality of this algorithm is higher than those of the traditional ones.

  8. GLRT Based Anomaly Detection for Sensor Network Monitoring

    KAUST Repository

    Harrou, Fouzi

    2015-12-07

    Proper operation of antenna arrays requires continuously monitoring their performances. When a fault occurs in an antenna array, the radiation pattern changes and can significantly deviate from the desired design performance specifications. In this paper, the problem of fault detection in linear antenna arrays is addressed within a statistical framework. Specifically, a statistical fault detection method based on the generalized likelihood ratio (GLR) principle is utilized for detecting potential faults in linear antenna arrays. The proposed method relies on detecting deviations in the radiation pattern of the monitored array with respect to a reference (fault-free) one. To assess the abilities of the GLR based fault detection method, three case studies involving different types of faults have been performed. The simulation results clearly illustrate the effectiveness of the GLR-based fault detection method in monitoring the performance of linear antenna arrays.

  9. Comparison of Ultrasound and MRI in Detecting Fetal Anomalies

    Directory of Open Access Journals (Sweden)

    R. Abdi

    2005-08-01

    Full Text Available Introduction & Background: Ultrasound (US and MRI are considered complementary technologies, and MRI is utilized as an adjunct to US in the evaluation of fetal anomalies. Overall ultrasound remains the prime mo-dality for evaluating disorders of the fetus and pregnancy. Ultrasound continues to have several obvious advan-tages over MRI. It is safe and relatively inexpensive and is widely available It also allows for real-time imaging. However, US does have important limitations. First, it is uniquely operator-and interpreter-dependent. In ad-dition, compared to MRI, US provides a smaller field-of-view, and the resolution of US images is restricted by penetration through soft tissues and bone. Thus, the sensitivity of US in evaluating the fetus is reduced in obese patients and in women whose pregnancies are complicated by low amniotic fluid volume. There is a growing body of literature on the use of MRI and has documented its usefulness in confirming or expanding upon US findings. On the contrary, MRI visualization of the fetus is not significantly limited by maternal obe-sity, fetal position, or oligohydramnios, and visualization of the brain is not restricted by the ossified skull. It provides superior soft-tissue contrast resolution and the ability to distinguish individual structures such as lung, liver, kidney, bowel, and gray and white matter. Patients & Methods: In this study, patients in the second and third trimesters of pregnancy were recruited on the basis of abnormal fetal US results within 2 days of MR imaging by another radiologist. Results: In some cases such as anencephaly which is associated with polyhydraminous or in multicystic dys-plastic kidney disease, MRI added no more information to ultrasonography; but in the following cases MRI had more data. In a fetus with bilateral hydronephrosis, MRI could differentiate PUV from UPJ stenosis by visualizing distention of the ureters. MRI allowed better depiction of complex anomalies

  10. Detection of Seismic Anomalies Linked to Emanations of Hydrocarbons in the Cuban Northwest Coast

    Directory of Open Access Journals (Sweden)

    Guillermo Miró Pagés

    2014-11-01

    Full Text Available The exploration of hydrocarbons to international scale constitutes a very complex and expensive task. Traditionally in the coast areas like the ones in the present work, the location of the exploration wells has been based on derived structural and stratigraphic information of geophysical data, mainly seismic; however it is well-known that in several regions similar of the world, the detection of superficial seeps of hydrocarbons confirm the existence of oil systems, has contributed to achieve a bigger dependability of the carried out prospectings, what has great importance considering the millionaire character of the financial expenditures who demands. For that reason, the main objective was to try to identify seismic anomalies typically associate with existences of hydrocarbons in Cuban coastareas. The main conclusion of this article is that the identification of seismic anomalies similar to those observed in the course of the present work can constitute a valuable additional informative element for the prospecting of hydrocarbons in areas of the Cuban coast.

  11. Using Statistical Process Control for detecting anomalies in multivariate spatiotemporal Earth Observations

    Science.gov (United States)

    Flach, Milan; Mahecha, Miguel; Gans, Fabian; Rodner, Erik; Bodesheim, Paul; Guanche-Garcia, Yanira; Brenning, Alexander; Denzler, Joachim; Reichstein, Markus

    2016-04-01

    The number of available Earth observations (EOs) is currently substantially increasing. Detecting anomalous patterns in these multivariate time series is an important step in identifying changes in the underlying dynamical system. Likewise, data quality issues might result in anomalous multivariate data constellations and have to be identified before corrupting subsequent analyses. In industrial application a common strategy is to monitor production chains with several sensors coupled to some statistical process control (SPC) algorithm. The basic idea is to raise an alarm when these sensor data depict some anomalous pattern according to the SPC, i.e. the production chain is considered 'out of control'. In fact, the industrial applications are conceptually similar to the on-line monitoring of EOs. However, algorithms used in the context of SPC or process monitoring are rarely considered for supervising multivariate spatio-temporal Earth observations. The objective of this study is to exploit the potential and transferability of SPC concepts to Earth system applications. We compare a range of different algorithms typically applied by SPC systems and evaluate their capability to detect e.g. known extreme events in land surface processes. Specifically two main issues are addressed: (1) identifying the most suitable combination of data pre-processing and detection algorithm for a specific type of event and (2) analyzing the limits of the individual approaches with respect to the magnitude, spatio-temporal size of the event as well as the data's signal to noise ratio. Extensive artificial data sets that represent the typical properties of Earth observations are used in this study. Our results show that the majority of the algorithms used can be considered for the detection of multivariate spatiotemporal events and directly transferred to real Earth observation data as currently assembled in different projects at the European scale, e.g. http://baci-h2020.eu

  12. Anomaly detection in random heterogeneous media Feynman-Kac formulae, stochastic homogenization and statistical inversion

    CERN Document Server

    Simon, Martin

    2015-01-01

    This monograph is concerned with the analysis and numerical solution of a stochastic inverse anomaly detection problem in electrical impedance tomography (EIT). Martin Simon studies the problem of detecting a parameterized anomaly in an isotropic, stationary and ergodic conductivity random field whose realizations are rapidly oscillating. For this purpose, he derives Feynman-Kac formulae to rigorously justify stochastic homogenization in the case of the underlying stochastic boundary value problem. The author combines techniques from the theory of partial differential equations and functional analysis with probabilistic ideas, paving the way to new mathematical theorems which may be fruitfully used in the treatment of the problem at hand. Moreover, the author proposes an efficient numerical method in the framework of Bayesian inversion for the practical solution of the stochastic inverse anomaly detection problem.   Contents Feynman-Kac formulae Stochastic homogenization Statistical inverse problems  Targe...

  13. RFID-Based Human Behavior Modeling and Anomaly Detection for Elderly Care

    Directory of Open Access Journals (Sweden)

    Hui-Huang Hsu

    2010-01-01

    Full Text Available This research aimed at building an intelligent system that can detect abnormal behavior for the elderly at home. Active RFID tags can be deployed at home to help collect daily movement data of the elderly who carries an RFID reader. When the reader detects the signals from the tags, RSSI values that represent signal strength are obtained. The RSSI values are reversely related to the distance between the tags and the reader and they are recorded following the movement of the user. The movement patterns, not the exact locations, of the user are the major concern. With the movement data (RSSI values, the clustering technique is then used to build a personalized model of normal behavior. After the model is built, any incoming datum outside the model can be viewed as abnormal and an alarm can be raised by the system. In this paper, we present the system architecture for RFID data collection and preprocessing, clustering for anomaly detection, and experimental results. The results show that this novel approach is promising.

  14. Stillbirth Risk Among Fetuses With Ultrasound-Detected Isolated Congenital Anomalies

    Science.gov (United States)

    Frey, Heather A.; Odibo, Anthony O.; Dicke, Jeffrey M.; Shanks, Anthony L.; Macones, George A.; Cahill, Alison G.

    2014-01-01

    Objective To estimate the risk of stillbirth among pregnancies complicated by a major isolated congenital anomaly detected by antenatal ultrasound, and the influence of incidental growth restriction. Methods A retrospective cohort study of all consecutive singleton pregnancies undergoing routine anatomic survey between 1990 and 2009 was performed. Stillbirth rates among fetuses with an ultrasound-detected isolated major congenital anomaly were compared to fetuses without major anomalies. Stillbirth rates were calculated per 1,000 ongoing pregnancies. Exclusion criteria included delivery prior to 24 weeks of gestation, multiple fetal anomalies, minor anomalies and chromosomal abnormalities. Analyses were stratified by gestational age at delivery (prior to 32 weeks vs. 32 weeks of gestation or after) and birth weight less than the 10th percentile. We adjusted for confounders using logistic regression. Results Among 65,308 singleton pregnancies delivered at 24 weeks of gestation or after, 873 pregnancies with an isolated major congenital anomaly (1.3%) were identified. The overall stillbirth rate among fetuses with a major anomaly was 55/1,000 compared to 4/1,000 in nonanomalous fetuses (aOR 15.17, 95% CI 11.03–20.86). Stillbirth risk in anomalous fetuses was similar prior to 32 weeks of gestation (26/1,000) and 32 weeks of gestation or after (31/1,000). Among growth-restricted fetuses, the stillbirth rate increased among anomalous (127/1,000) and nonanomalous fetuses (18/1,000), and congenital anomalies remained associated with higher rates of stillbirth (aOR 8.20, 95% CI 5.27–12.74). Conclusion The stillbirth rate is increased in anomalous fetuses regardless of incidental growth restriction. These risks can assist practitioners designing care plans for anomalous fetuses who have elevated and competing risks of stillbirth and neonatal death. PMID:24901272

  15. Scalable Algorithms for Unsupervised Classification and Anomaly Detection in Large Geospatiotemporal Data Sets

    Science.gov (United States)

    Mills, R. T.; Hoffman, F. M.; Kumar, J.

    2015-12-01

    The increasing availability of high-resolution geospatiotemporal datasets from sources such as observatory networks, remote sensing platforms, and computational Earth system models has opened new possibilities for knowledge discovery and mining of ecological data sets fused from disparate sources. Traditional algorithms and computing platforms are impractical for the analysis and synthesis of data sets of this size; however, new algorithmic approaches that can effectively utilize the complex memory hierarchies and the extremely high levels of available parallelism in state-of-the-art high-performance computing platforms can enable such analysis. We describe some unsupervised knowledge discovery and anomaly detection approaches based on highly scalable parallel algorithms for k-means clustering and singular value decomposition, consider a few practical applications thereof to the analysis of climatic and remotely-sensed vegetation phenology data sets, and speculate on some of the new applications that such scalable analysis methods may enable.

  16. Robust and Accurate Anomaly Detection in ECG Artifacts Using Time Series Motif Discovery

    Directory of Open Access Journals (Sweden)

    Haemwaan Sivaraks

    2015-01-01

    Full Text Available Electrocardiogram (ECG anomaly detection is an important technique for detecting dissimilar heartbeats which helps identify abnormal ECGs before the diagnosis process. Currently available ECG anomaly detection methods, ranging from academic research to commercial ECG machines, still suffer from a high false alarm rate because these methods are not able to differentiate ECG artifacts from real ECG signal, especially, in ECG artifacts that are similar to ECG signals in terms of shape and/or frequency. The problem leads to high vigilance for physicians and misinterpretation risk for nonspecialists. Therefore, this work proposes a novel anomaly detection technique that is highly robust and accurate in the presence of ECG artifacts which can effectively reduce the false alarm rate. Expert knowledge from cardiologists and motif discovery technique is utilized in our design. In addition, every step of the algorithm conforms to the interpretation of cardiologists. Our method can be utilized to both single-lead ECGs and multilead ECGs. Our experiment results on real ECG datasets are interpreted and evaluated by cardiologists. Our proposed algorithm can mostly achieve 100% of accuracy on detection (AoD, sensitivity, specificity, and positive predictive value with 0% false alarm rate. The results demonstrate that our proposed method is highly accurate and robust to artifacts, compared with competitive anomaly detection methods.

  17. Anomaly Detection in Host Signaling Pathways for the Early Prognosis of Acute Infection

    Science.gov (United States)

    O’Hern, Corey S.; Shattuck, Mark D.; Ogle, Serenity; Forero, Adriana; Morrison, Juliet; Slayden, Richard; Katze, Michael G.

    2016-01-01

    diagnostic tools to distinguish between acute viral and bacterial respiratory infections is critical to improve patient care and limit the overuse of antibiotics in the medical community. The identification of prognostic respiratory virus biomarkers provides an early warning system that is capable of predicting which subjects will become symptomatic to expand our medical diagnostic capabilities and treatment options for acute infectious diseases. The host response to acute infection may be viewed as a deterministic signaling network responsible for maintaining the health of the host organism. We identify pathway signatures that reflect the very earliest perturbations in the host response to acute infection. These pathways provide a monitor the health state of the host using anomaly detection to quantify and predict health outcomes to pathogens. PMID:27532264

  18. Improvements in the method of radiation anomaly detection by spectral comparison ratios.

    Science.gov (United States)

    Pfund, D M; Anderson, K K; Detwiler, R S; Jarman, K D; McDonald, B S; Milbrath, B D; Myjak, M J; Paradis, N C; Robinson, S M; Woodring, M L

    2016-04-01

    We present a new procedure for configuring the Nuisance-rejection Spectral Comparison Ratio Anomaly Detection (N-SCRAD) method. The procedure minimizes detectable count rates of source spectra at a specified false positive rate using simulated annealing. We also present a new method for correcting the estimates of background variability used in N-SCRAD to current conditions of the total count rate. The correction lowers detection thresholds for a specified false positive rate, enabling greater sensitivity to targets. PMID:26807839

  19. Low frequency of Y anomaly detected in Australian Brahman cow-herds

    Directory of Open Access Journals (Sweden)

    Gregório M.F. de Camargo

    2015-02-01

    Full Text Available Indicine cattle have lower reproductive performance in comparison to taurine. A chromosomal anomaly characterized by the presence Y markers in females was reported and associated with infertility in cattle. The aim of this study was to investigate the occurrence of the anomaly in Brahman cows. Brahman cows (n = 929 were genotyped for a Y chromosome specific region using real time-PCR. Only six out of 929 cows had the anomaly (0.6%. The anomaly frequency was much lower in Brahman cows than in the crossbred population, in which it was first detected. It also seems that the anomaly doesn't affect pregnancy in the population. Due to the low frequency, association analyses couldn't be executed. Further, SNP signal of the pseudoautosomal boundary region of the Y chromosome was investigated using HD SNP chip. Pooled DNA of “non-pregnant” and “pregnant” cows were compared and no difference in SNP allele frequency was observed. Results suggest that the anomaly had a very low frequency in this Australian Brahman population and had no effect on reproduction. Further studies comparing pregnant cows and cows that failed to conceive should be executed after better assembly and annotation of the Y chromosome in cattle.

  20. Low frequency of Y anomaly detected in Australian Brahman cow-herds.

    Science.gov (United States)

    de Camargo, Gregório M F; Porto-Neto, Laercio R; Fortes, Marina R S; Bunch, Rowan J; Tonhati, Humberto; Reverter, Antonio; Moore, Stephen S; Lehnert, Sigrid A

    2015-02-01

    Indicine cattle have lower reproductive performance in comparison to taurine. A chromosomal anomaly characterized by the presence Y markers in females was reported and associated with infertility in cattle. The aim of this study was to investigate the occurrence of the anomaly in Brahman cows. Brahman cows (n = 929) were genotyped for a Y chromosome specific region using real time-PCR. Only six out of 929 cows had the anomaly (0.6%). The anomaly frequency was much lower in Brahman cows than in the crossbred population, in which it was first detected. It also seems that the anomaly doesn't affect pregnancy in the population. Due to the low frequency, association analyses couldn't be executed. Further, SNP signal of the pseudoautosomal boundary region of the Y chromosome was investigated using HD SNP chip. Pooled DNA of "non-pregnant" and "pregnant" cows were compared and no difference in SNP allele frequency was observed. Results suggest that the anomaly had a very low frequency in this Australian Brahman population and had no effect on reproduction. Further studies comparing pregnant cows and cows that failed to conceive should be executed after better assembly and annotation of the Y chromosome in cattle. PMID:25750859

  1. Quality Control of Temperature and Salinity from CTD based on Anomaly Detection

    CERN Document Server

    Castelão, Guilherme P

    2015-01-01

    The CTD is a set of sensors used by oceanographers to measure fundamental hydrographic properties of the oceans. It is characterized by a high precision product, only achieved if a quality control procedure identifies and removes the bad samples. Such procedure has been traditionally done by a sequence of independent tests that minimize false negatives. It is here proposed a novel approach to identify the bad samples as anomalies in respect to the typical behavior of good data. Several tests are combined into a single multidimensional evaluation to provide a more flexible classification criterion. The traditional approach is reproduced with an error of 0.04%, otherwise, the Anomaly Detection technique surpasses the reference if calibrated by visual inspection. CoTeDe is a Python package developed to apply the traditional and the Anomaly Detection quality control of temperature and salinity data from CTD, and can be extended to XBT, ARGO and other sensors.

  2. [A Hyperspectral Imagery Anomaly Detection Algorithm Based on Gauss-Markov Model].

    Science.gov (United States)

    Gao, Kun; Liu, Ying; Wang, Li-jing; Zhu, Zhen-yu; Cheng, Hao-bo

    2015-10-01

    With the development of spectral imaging technology, hyperspectral anomaly detection is getting more and more widely used in remote sensing imagery processing. The traditional RX anomaly detection algorithm neglects spatial correlation of images. Besides, it does not validly reduce the data dimension, which costs too much processing time and shows low validity on hyperspectral data. The hyperspectral images follow Gauss-Markov Random Field (GMRF) in space and spectral dimensions. The inverse matrix of covariance matrix is able to be directly calculated by building the Gauss-Markov parameters, which avoids the huge calculation of hyperspectral data. This paper proposes an improved RX anomaly detection algorithm based on three-dimensional GMRF. The hyperspectral imagery data is simulated with GMRF model, and the GMRF parameters are estimated with the Approximated Maximum Likelihood method. The detection operator is constructed with GMRF estimation parameters. The detecting pixel is considered as the centre in a local optimization window, which calls GMRF detecting window. The abnormal degree is calculated with mean vector and covariance inverse matrix, and the mean vector and covariance inverse matrix are calculated within the window. The image is detected pixel by pixel with the moving of GMRF window. The traditional RX detection algorithm, the regional hypothesis detection algorithm based on GMRF and the algorithm proposed in this paper are simulated with AVIRIS hyperspectral data. Simulation results show that the proposed anomaly detection method is able to improve the detection efficiency and reduce false alarm rate. We get the operation time statistics of the three algorithms in the same computer environment. The results show that the proposed algorithm improves the operation time by 45.2%, which shows good computing efficiency. PMID:26904830

  3. Using new edges for anomaly detection in computer networks

    Science.gov (United States)

    Neil, Joshua Charles

    2015-05-19

    Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

  4. Adaptive Kalman filtering for anomaly detection in software appliances

    OpenAIRE

    Knorn, Florian; Leith, Douglas J.

    2008-01-01

    Availability and reliability are often important features of key software appliances such as firewalls, web servers, etc. In this paper we seek to go beyond the simple heartbeat monitoring that is widely used for failover control. We do this by integrating more fine grained measurements that are readily available on most platforms to detect possible faults or the onset of failures. In particular, we evaluate the use of adaptive Kalman Filtering for automated CPU usage prediction that...

  5. A Novel Network Traffic Anomaly Detection Model Based on Superstatistics Theory

    Directory of Open Access Journals (Sweden)

    Yue Yang

    2011-02-01

    Full Text Available With the development of network technology and growing enlargement of network size, the network structure is becoming more and more complicated. Mutual interactions of different network equipment, topology configurations, transmission protocols and cooperation and competition among the network users inevitably cause the network traffic flow which is controlled by several driving factors to appear non-stationary and complicated behavior. Because of its non-stationary property it can not easily use traditional way to analyze the complicated network traffic. A new detection method of non-stationary network traffic based on superstatistics theory is discussed in the paper. According to the superstatistics theory, the complex dynamic system may have a large fluctuation of intensive quantities on large time scales which cause the system to behave as non-stationary which is also the characteristic of network traffic. This new idea provides us a novel method to partition the non-stationary traffic time series into small stationary segments which can be modeled by discrete Generalized Pareto(GP distribution. Different segments follow GP distribution with different distribution parameters which are named slow parameters. We use this slow parameters of the segments as a key determinant factor of the system to describe the network characteristic and analyze the slow parameters with time series theory to detect network anomaly. The result of experiments indicates that this method can be effective.

  6. Anomaly Detection for Internet of Vehicles: A Trust Management Scheme with Affinity Propagation

    Directory of Open Access Journals (Sweden)

    Shu Yang

    2016-01-01

    Full Text Available Anomaly detection is critical for intelligent vehicle (IV collaboration. Forming clusters/platoons, IVs can work together to accomplish complex jobs that they are unable to perform individually. To improve security and efficiency of Internet of Vehicles, IVs’ anomaly detection has been extensively studied and a number of trust-based approaches have been proposed. However, most of these proposals either pay little attention to leader-based detection algorithm or ignore the utility of networked Roadside-Units (RSUs. In this paper, we introduce a trust-based anomaly detection scheme for IVs, where some malicious or incapable vehicles are existing on roads. The proposed scheme works by allowing IVs to detect abnormal vehicles, communicate with each other, and finally converge to some trustworthy cluster heads (CHs. Periodically, the CHs take responsibility for intracluster trust management. Moreover, the scheme is enhanced with a distributed supervising mechanism and a central reputation arbitrator to assure robustness and fairness in detecting process. The simulation results show that our scheme can achieve a low detection failure rate below 1%, demonstrating its ability to detect and filter the abnormal vehicles.

  7. A smartphone based method to enhance road pavement anomaly detection by analyzing the driver behavior

    NARCIS (Netherlands)

    Seraj, Fatjon; Zhang, Kui; Türkes, Okan; Meratnia, Nirvana; Havinga, Paul J.M.

    2015-01-01

    This paper introduces a method to detect road anomalies by analyzing driver behaviours. The analysis is based on the data and the features extracted from smartphone inertial sensors to calculate the angle of swerving and also based on distinctive states of a driver behaviour event. A novel approach

  8. Dual Use Corrosion Inhibitor and Penetrant for Anomaly Detection in Neutron/X Radiography

    Science.gov (United States)

    Hall, Phillip B. (Inventor); Novak, Howard L. (Inventor)

    2004-01-01

    A dual purpose corrosion inhibitor and penetrant composition sensitive to radiography interrogation is provided. The corrosion inhibitor mitigates or eliminates corrosion on the surface of a substrate upon which the corrosion inhibitor is applied. In addition, the corrosion inhibitor provides for the attenuation of a signal used during radiography interrogation thereby providing for detection of anomalies on the surface of the substrate.

  9. Underwater magnetic gradiometer for magnetic anomaly detection, localization, and tracking

    Science.gov (United States)

    Kumar, S.; Sulzberger, G.; Bono, J.; Skvoretz, D.; Allen, G. I.; Clem, T. R.; Ebbert, M.; Bennett, S. L.; Ostrom, R. K.; Tzouris, A.

    2007-04-01

    GE Security and the Naval Surface Warfare Center, Panama City (NSWC-PC) have collaborated to develop a magnetic gradiometer, called the Real-time Tracking Gradiometer or RTG that is mounted inside an unmanned underwater vehicle (UUV). The RTG is part of a buried mine hunting platform being developed by the United States Navy. The RTG has been successfully used to make test runs on mine-like targets buried off the coast of Florida. We will present a general description of the system and latest results describing system performance. This system can be also potentially used for other applications including those in the area of Homeland Security.

  10. Anomaly Detection Using Power Signature of Consumer Electrical Devices

    Directory of Open Access Journals (Sweden)

    CERNAZANU-GLAVAN, C.

    2015-02-01

    Full Text Available The use of the smart grid for developing intelligent applications is a current trend of great importance. One advantage lies in the possibility of direct monitoring of all devices connected to the electrical network in order to prevent possible malfunctions. Therefore, this paper proposes a method for an automatic detection of the malfunctioning of low-intelligence consumer electrical devices. Malfunctioning means any deviation of a household device from its normal operating schedule. The method is based on a comparison technique, consisting in the correlation between the current power signature of a device and an ideal signature (the standard signature provided by the manufacturer. The first step of this method is to achieve a simplified form of power signature which keeps all the original features. Further, the signal is segmented based on the data provided by an event detection algorithm (values of the first derivatives and each resulting component is approximated using a regression function. The final step consists of an analysis based on the correlation between the computed regression coefficients and the coefficients of the standard signal. Following this analysis all the differences are classified as a malfunctioning of the analyzed device.

  11. Fleet Level Anomaly Detection of Aviation Safety Data

    Data.gov (United States)

    National Aeronautics and Space Administration — For the purposes of this paper, the National Airspace System (NAS) encompasses the operations of all aircraft which are subject to air traffic control procedures....

  12. Detection of elastic and electric conductivity anomalies in Potassium Sulphamate single crystal

    Energy Technology Data Exchange (ETDEWEB)

    Varughese, George, E-mail: gvushakoppara@yahoo.co.i [Department of Physics, Catholicate College, Pathanamthitta, Kerala 689645 (India); Santhosh Kumar, A. [SPAP, Mahatma Gandhi University, Kottayam, Kerala 686 560 (India); Louis, Godfrey [Department of Physics, Cochin University of Science and Technology, Cochin 22 (India)

    2010-04-01

    Elastic anomalies in Potassium Sulphamate, (KNH{sub 2}SO{sub 3}), above room temperature were detected from temperature variation of elastic constants measured by ultrasonic Pulse Echo Overlap technique. Potassium Sulphamate has been reported to be a ferroelectric and piezo electric material. The elastic constants C{sub 11}, C{sub 44}, C{sub 55} and C{sub 66} have exhibited weak anomalies around 350 K. The DC conductivity measurement along a, b, and c axes also supports this conclusion.

  13. Cluster analysis for anomaly detection in accounting data : an audit approach

    OpenAIRE

    Thiprungsri, Sutapat; Vasarhelyi, Miklos A.

    2011-01-01

    This study examines the application of cluster analysis in the accounting domain, particularly discrepancy detection in audit. Cluster analysis groups data so that points within a single group or cluster are similar to one another and distinct from points in other clusters. Clustering has been shown to be a good candidate for anomaly detection. The purpose of this study is to examine the use of clustering technology to automate fraud filtering during an audit. We use cluster analysis to help ...

  14. Contextual anomaly detection for cyber-physical security in Smart Grids based on an artificial neural network model

    DEFF Research Database (Denmark)

    Kosek, Anna Magdalena

    2016-01-01

    This paper presents a contextual anomaly detection method and its use in the discovery of malicious voltage control actions in the low voltage distribution grid. The model-based anomaly detection uses an artificial neural network model to identify a distributed energy resource’s behaviour under...

  15. Beyond Trisomy 21: Additional Chromosomal Anomalies Detected through Routine Aneuploidy Screening

    Directory of Open Access Journals (Sweden)

    Amy Metcalfe

    2014-04-01

    Full Text Available Prenatal screening is often misconstrued by patients as screening for trisomy 21 alone; however, other chromosomal anomalies are often detected. This study aimed to systematically review the literature and use diagnostic meta-analysis to derive pooled detection and false positive rates for aneuploidies other than trisomy 21 with different prenatal screening tests. Non-invasive prenatal testing had the highest detection (DR and lowest false positive (FPR rates for trisomy 13 (DR: 90.3%; FPR: 0.2%, trisomy 18 (DR: 98.1%; FPR: 0.2%, and 45,X (DR: 92.2%; FPR: 0.1%; however, most estimates came from high-risk samples. The first trimester combined test also had high DRs for all conditions studied (trisomy 13 DR: 83.1%; FPR: 4.4%; trisomy 18 DR: 91.9%; FPR: 3.5%; 45,X DR: 70.1%; FPR: 5.4%; triploidy DR: 100%; FPR: 6.3%. Second trimester triple screening had the lowest DRs and highest FPRs for all conditions (trisomy 13 DR: 43.9%; FPR: 8.1%; trisomy 18 DR: 70.5%; FPR: 3.3%; 45,X DR: 77.2%; FPR: 9.3%. Prenatal screening tests differ in their ability to accurately detect chromosomal anomalies. Patients should be counseled about the ability of prenatal screening to detect anomalies other than trisomy 21 prior to undergoing screening.

  16. Anomaly Detection in Gamma-Ray Vehicle Spectra with Principal Components Analysis and Mahalanobis Distances

    International Nuclear Information System (INIS)

    The goal of primary radiation monitoring in support of routine screening and emergency response is to detect characteristics in vehicle radiation signatures that indicate the presence of potential threats. Two conceptual approaches to analyzing gamma-ray spectra for threat detection are isotope identification and anomaly detection. While isotope identification is the time-honored method, an emerging technique is anomaly detection that uses benign vehicle gamma ray signatures to define an expectation of the radiation signature for vehicles that do not pose a threat. Newly acquired spectra are then compared to this expectation using statistical criteria that reflect acceptable false alarm rates and probabilities of detection. The gamma-ray spectra analyzed here were collected at a U.S. land Port of Entry (POE) using a NaI-based radiation portal monitor (RPM). The raw data were analyzed to develop a benign vehicle expectation by decimating the original pulse-height channels to 35 energy bins, extracting composite variables via principal components analysis (PCA), and estimating statistically weighted distances from the mean vehicle spectrum with the mahalanobis distance (MD) metric. This paper reviews the methods used to establish the anomaly identification criteria and presents a systematic analysis of the response of the combined PCA and MD algorithm to modeled mono-energetic gamma-ray sources

  17. Research on Anomaly Detection Method in Android Application%Android应用异常检测方法研究

    Institute of Scientific and Technical Information of China (English)

    刘晓明

    2015-01-01

    目前面向Android系统的攻击越来越多,因此,分析与检测Android恶意应用已经成为了一个非常重要的研究课题.本文主要从恶意应用类型,国内外主流检测技术等方面分析了Android恶意应用的检测方法研究现状,并基于当前的检测技术,提出仅将良性样本作为训练集来实现对未知Android应用进行异常检测的方法,取得了良好的实验结果.最后,本文分析了Android应用异常检测方法的发展趋势及未来主要研究方向.%Attacks targeting on Android system have become more and more frequently. Analyzing and detecting Android malicious applications thus has become an important issue. In this work, we analyze the research status of Android malicious application detection methods based on different types of malware and domestic and international mainstream detection technology. Based on the current detection technology, we propose an anomaly detection approach for malapps based on benign Android apps only and achieved good results. Finally, this paper analyzes the development trend of Android application anomaly detection methods and future research direction.

  18. Using Generalized Entropies and OC-SVM with Mahalanobis Kernel for Detection and Classification of Anomalies in Network Traffic

    Directory of Open Access Journals (Sweden)

    Jayro Santiago-Paz

    2015-09-01

    Full Text Available Network anomaly detection and classification is an important open issue in network security. Several approaches and systems based on different mathematical tools have been studied and developed, among them, the Anomaly-Network Intrusion Detection System (A-NIDS, which monitors network traffic and compares it against an established baseline of a “normal” traffic profile. Then, it is necessary to characterize the “normal” Internet traffic. This paper presents an approach for anomaly detection and classification based on Shannon, Rényi and Tsallis entropies of selected features, and the construction of regions from entropy data employing the Mahalanobis distance (MD, and One Class Support Vector Machine (OC-SVM with different kernels (Radial Basis Function (RBF and Mahalanobis Kernel (MK for “normal” and abnormal traffic. Regular and non-regular regions built from “normal” traffic profiles allow anomaly detection, while the classification is performed under the assumption that regions corresponding to the attack classes have been previously characterized. Although this approach allows the use of as many features as required, only four well-known significant features were selected in our case. In order to evaluate our approach, two different data sets were used: one set of real traffic obtained from an Academic Local Area Network (LAN, and the other a subset of the 1998 MIT-DARPA set. For these data sets, a True positive rate up to 99.35%, a True negative rate up to 99.83% and a False negative rate at about 0.16% were yielded. Experimental results show that certain q-values of the generalized entropies and the use of OC-SVM with RBF kernel improve the detection rate in the detection stage, while the novel inclusion of MK kernel in OC-SVM and k-temporal nearest neighbors improve accuracy in classification. In addition, the results show that using the Box-Cox transformation, the Mahalanobis distance yielded high detection rates with

  19. An Analysis of Mechanical Constraints when Using Superconducting Gravimeters for Far-Field Pre-Seismic Anomaly Detection

    OpenAIRE

    Shyh-Chin Lan; Teng-To Yu; Cheinway Hwang; and Ricky Kao

    2011-01-01

    Pre-seismic gravity anomalies from records obtained at a 1 Hz sampling rate from superconducting gravimeters (SG) around East Asia are analyzed. A comparison of gravity anomalies to the source parameters of associated earthquakes shows that the detection of pre-seismic gravity anomalies is constrained by several mechanical conditions of the seismic fault plane. The constraints of the far-field pre-seismic gravity amplitude perturbation were examined and the critical spatial relationship betwe...

  20. An earthquake from space: detection of precursory magnetic anomalies from Swarm satellites before the 2015 M8 Nepal Earthquake

    Science.gov (United States)

    De Santis, A.; Balasis, G.; Pavón-Carrasco, F. J.; Cianchini, G.; Mandea, M.

    2015-12-01

    A large earthquake of around 8 magnitude occurred on 25 April 2015, 06:26 UTC, with epicenter in Nepal, causing more than 9000 fatalities and devastating destruction. The contemporary orbiting in the topside ionosphere of the three Swarm satellites by ESA makes it possible to look for possible pre-earthquake magnetic anomalous signals, likely due to some lithosphere-atmosphere-ionosphere (LAI) coupling. First, a wavelet analysis has been performed during the same day of the earthquake (from the external magnetic point of view, an exceptionally quiet day) with the result that a ULF anomalous and persisting signal (from around 3 to 6 UTC), is clearly detected before the earthquake. After this single-spot analysis, we performed a more extensive analysis for two months around the earthquake occurrence, to confirm or refute the cause-effect relationship. From the series of the detected magnetic anomalies (during night and magnetically quiet times) from Swarm satellites, we show that the cumulative numbers of anomalies follows the same typical power-law behavior of a critical system approaching its critical time, in our case, the large seismic event of 25 April, 2015, and then it recovers as the typical recovery phase after a large earthquake. The impressive similarity of this behavior with the analogous of seismic data analysis, provides strong support to the lithospheric origin of the satellite magnetic anomalies, as due to the LAI coupling during the preparation phase of the Nepal earthquake.

  1. GraphPrints: Towards a Graph Analytic Method for Network Anomaly Detection

    Energy Technology Data Exchange (ETDEWEB)

    Harshaw, Chris R [ORNL; Bridges, Robert A [ORNL; Iannacone, Michael D [ORNL; Reed, Joel W [ORNL; Goodall, John R [ORNL

    2016-01-01

    This paper introduces a novel graph-analytic approach for detecting anomalies in network flow data called \\textit{GraphPrints}. Building on foundational network-mining techniques, our method represents time slices of traffic as a graph, then counts graphlets\\textemdash small induced subgraphs that describe local topology. By performing outlier detection on the sequence of graphlet counts, anomalous intervals of traffic are identified, and furthermore, individual IPs experiencing abnormal behavior are singled-out. Initial testing of GraphPrints is performed on real network data with an implanted anomaly. Evaluation shows false positive rates bounded by 2.84\\% at the time-interval level, and 0.05\\% at the IP-level with 100\\% true positive rates at both.

  2. Capacitance probe for detection of anomalies in non-metallic plastic pipe

    Science.gov (United States)

    Mathur, Mahendra P.; Spenik, James L.; Condon, Christopher M.; Anderson, Rodney; Driscoll, Daniel J.; Fincham, Jr., William L.; Monazam, Esmail R.

    2010-11-23

    The disclosure relates to analysis of materials using a capacitive sensor to detect anomalies through comparison of measured capacitances. The capacitive sensor is used in conjunction with a capacitance measurement device, a location device, and a processor in order to generate a capacitance versus location output which may be inspected for the detection and localization of anomalies within the material under test. The components may be carried as payload on an inspection vehicle which may traverse through a pipe interior, allowing evaluation of nonmetallic or plastic pipes when the piping exterior is not accessible. In an embodiment, supporting components are solid-state devices powered by a low voltage on-board power supply, providing for use in environments where voltage levels may be restricted.

  3. Shape anomaly detection under strong measurement noise: An analytical approach to adaptive thresholding

    Science.gov (United States)

    Krasichkov, Alexander S.; Grigoriev, Eugene B.; Bogachev, Mikhail I.; Nifontov, Eugene M.

    2015-10-01

    We suggest an analytical approach to the adaptive thresholding in a shape anomaly detection problem. We find an analytical expression for the distribution of the cosine similarity score between a reference shape and an observational shape hindered by strong measurement noise that depends solely on the noise level and is independent of the particular shape analyzed. The analytical treatment is also confirmed by computer simulations and shows nearly perfect agreement. Using this analytical solution, we suggest an improved shape anomaly detection approach based on adaptive thresholding. We validate the noise robustness of our approach using typical shapes of normal and pathological electrocardiogram cycles hindered by additive white noise. We show explicitly that under high noise levels our approach considerably outperforms the conventional tactic that does not take into account variations in the noise level.

  4. Thermal anomalies detection before strong earthquakes (M > 6.0 using interquartile, wavelet and Kalman filter methods

    Directory of Open Access Journals (Sweden)

    M. Akhoondzadeh

    2011-04-01

    Full Text Available Thermal anomaly is known as a significant precursor of strong earthquakes, therefore Land Surface Temperature (LST time series have been analyzed in this study to locate relevant anomalous variations prior to the Bam (26 December 2003, Zarand (22 February 2005 and Borujerd (31 March 2006 earthquakes. The duration of the three datasets which are comprised of MODIS LST images is 44, 28 and 46 days for the Bam, Zarand and Borujerd earthquakes, respectively. In order to exclude variations of LST from temperature seasonal effects, Air Temperature (AT data derived from the meteorological stations close to the earthquakes epicenters have been taken into account. The detection of thermal anomalies has been assessed using interquartile, wavelet transform and Kalman filter methods, each presenting its own independent property in anomaly detection. The interquartile method has been used to construct the higher and lower bounds in LST data to detect disturbed states outside the bounds which might be associated with impending earthquakes. The wavelet transform method has been used to locate local maxima within each time series of LST data for identifying earthquake anomalies by a predefined threshold. Also, the prediction property of the Kalman filter has been used in the detection process of prominent LST anomalies. The results concerning the methodology indicate that the interquartile method is capable of detecting the highest intensity anomaly values, the wavelet transform is sensitive to sudden changes, and the Kalman filter method significantly detects the highest unpredictable variations of LST. The three methods detected anomalous occurrences during 1 to 20 days prior to the earthquakes showing close agreement in results found between the different applied methods on LST data in the detection of pre-seismic anomalies. The proposed method for anomaly detection was also applied on regions irrelevant to earthquakes for which no anomaly was detected

  5. Application of Distributed Optical Fiber Sensing Technology in the Anomaly Detection of Shaft Lining in Grouting

    OpenAIRE

    Chunde Piao; Jun Yuan; Bin Shi; Haijun Lu; Guangqing Wei; Chunsheng Gu

    2015-01-01

    The rupture of the shaft lining caused by grouting has seriously undermined the safety in coal mining. Based on BOTDR distributed optical fiber sensing technology, this paper studied the layout method of optical fiber sensors and the anomaly detection method of the deformation and obtained the evolution law of shaft deformation triggered by grouting. The research results showed that the bonding problem of optical fiber sensors in damp environment could be effectively solved, by applying the b...

  6. Accurate Anomaly Detection using Adaptive Monitoring and Fast Switching in SDN

    Directory of Open Access Journals (Sweden)

    Gagandeep Garg

    2015-10-01

    Full Text Available —Software defined networking (SDN is rapidly evolving technology which provides a suitable environment for easily applying efficient monitoring policies on the networks. SDN provides a centralized control of the whole network from which monitoring of network traffic and resources can be done with ease. SDN promises to drastically simplify network monitoring and management and also enable rapid innovation of networks through network programmability. SDN architecture separates the control of the network from the forwarding devices. With the higher innovation provided by the SDN, security threats at open interfaces of SDN also increases significantly as an attacker can target the single centralized point i.e. controller, to attack the network. Hence, efficient adaptive monitoring and measurement is required to detect and prevent malicious activities inside the network. Various such techniques have already been proposed by many researchers. This paper describes a work of applying efficient adaptive monitoring on the network while maintaining the performance of the network considering monitoring overhead over the controller. This work represents effective bandwidth utilization for calculation of threshold range while applying anomaly detection rules for monitoring of the network. Accurate detection of anomalies is implemented and also allows valid users and applications to transfer the data without any restrictions inside the network which otherwise were considered as anomalies in previous technique due to fluctuation of data and narrow threshold window. The concept of fast switching also used to improve the processing speed and performance of the networks.

  7. Detection and Origin of Hydrocarbon Seepage Anomalies in the Barents Sea

    Science.gov (United States)

    Polteau, Stephane; Planke, Sverre; Stolze, Lina; Kjølhamar, Bent E.; Myklebust, Reidun

    2016-04-01

    We have collected more than 450 gravity cores in the Barents Sea to detect hydrocarbon seepage anomalies and for seismic-stratigraphic tie. The cores are from the Hoop Area (125 samples) and from the Barents Sea SE (293 samples). In addition, we have collected cores near seven exploration wells. The samples were analyzed using three different analytical methods; (1) the standard organic geochemical analyzes of Applied Petroleum Technologies (APT), (2) the Amplified Geochemical Imaging (AGI) method, and (3) the Microbial Prospecting for Oil and Gas (MPOG) method. These analytical approaches can detect trace amounts of thermogenic hydrocarbons in the sediment samples, and may provide additional information about the fluid phases and the depositional environment, maturation, and age of the source rocks. However, hydrocarbon anomalies in seabed sediments may also be related to shallow sources, such as biogenic gas or reworked source rocks in the sediments. To better understand the origin of the hydrocarbon anomalies in the Barents Sea we have studied 35 samples collected approximately 200 m away from seven exploration wells. The wells included three boreholes associated with oil discoveries, two with gas discoveries, one dry well with gas shows, and one dry well. In general, the results of this case study reveal that the oil wells have an oil signature, gas wells show a gas signature, and dry wells have a background signature. However, differences in results from the three methods may occur and have largely been explained in terms of analytical measurement ranges, method sensitivities, and bio-geochemical processes in the seabed sediments. The standard geochemical method applied by APT relies on measuring the abundance of compounds between C1 to C5 in the headspace gas and between C11 to C36 in the sediment extracts. The anomalies detected in the sediment samples from this study were in the C16 to C30 range. Since the organic matter yields were mostly very low, the

  8. Detection of airway anomalies in pediatric patients with cardiovascular anomalies with low dose prospective ECG-gated dual-source CT.

    Directory of Open Access Journals (Sweden)

    Hui Jiao

    Full Text Available OBJECTIVES: To assess the feasibility of low-dose prospective ECG-gated dual-source CT (DSCT in detecting airway anomalies in pediatric patients with cardiovascular anomalies compared with flexible tracheobronchoscopy (FTB. METHODS: 33 pediatrics with respiratory symptoms who had been revealed cardiovascular anomalies by transthoracic echocardiography underwent FTB and contrast material-enhanced prospective ECG-triggering CT were enrolled. The study was approved by our institution review board and written informed consent was obtained from all patients' guardian. DSCT examinations were performed to detect cardiovascular abnormalities using weight-adjusted low-dose protocol. Two radiologists independently performed CT image analysis. The FTB reports were reviewed by an experienced pulmonologist. The sensitivity, specificity, positive predictive value (PPV, negative predictive value (NPV, and accuracy of DSCT in the detection of airway anomalies were assessed. The tracheobronchial stenoses revealed on FTB were graded. Effective radiation dose was calculated. RESULTS: Thirty cases were diagnosed with tracheobronchial narrowing and/or abnormality in 33 patients by FTB, while 3 patients had normal FTB findings. Twenty-eight cases were diagnosed with airway anomalies by CT, of which 27 were correct positive. 3 patients with normal findings at CT had findings of tracheobronchial narrowing due to tracheobronchomalacia at inspiration at FTB. Sensitivity and specificity of CT were 90.0% (95% CI: 72.3%, 97.4% and 66.7% (95% CI: 12.5 %, 98.2 %, respectively. PPV and NPV were 96.4% (95% CI: 79.8 %, 99.8% and 40.0% (95% CI: 7.3%, 83.0%, respectively. Overall accuracy of DSCT in detecting airway anomalies in pediatrics with cardiovascular anomalies was 87.9% (95% CI: 74.5%, 97.6%. In grading of tracheobronchial stenosis, images from CT correlated closely (r = 0.89 with those of FTB. Mean effective dose was 0.60 ± 0.20 mSv. CONCLUSION: In pediatric patients

  9. Weyl Anomaly of 2D Dilaton-Scalar Gravity and Hermiticity of System Operator

    OpenAIRE

    Ichinose, Shoichi

    1997-01-01

    Weyl Anomaly in the dilaton-scalar system in 2 dimensional gravity is examined. We take the heat-kernel regularization for the ultraviolet divergences. Generally the Weyl anomaly is determined by the 2nd order differential (elliptic) operator of the system and the definition of the measure. We have the freedom of the operator choice caused by the arbitrariness of total divergences (surface terms) in the action. We examine the Weyl anomaly in connection with such points and the hermiticity of ...

  10. Small sample training and test selection method for optimized anomaly detection algorithms in hyperspectral imagery

    Science.gov (United States)

    Mindrup, Frank M.; Friend, Mark A.; Bauer, Kenneth W.

    2012-01-01

    There are numerous anomaly detection algorithms proposed for hyperspectral imagery. Robust parameter design (RPD) techniques provide an avenue to select robust settings capable of operating consistently across a large variety of image scenes. Many researchers in this area are faced with a paucity of data. Unfortunately, there are no data splitting methods for model validation of datasets with small sample sizes. Typically, training and test sets of hyperspectral images are chosen randomly. Previous research has developed a framework for optimizing anomaly detection in HSI by considering specific image characteristics as noise variables within the context of RPD; these characteristics include the Fisher's score, ratio of target pixels and number of clusters. We have developed method for selecting hyperspectral image training and test subsets that yields consistent RPD results based on these noise features. These subsets are not necessarily orthogonal, but still provide improvements over random training and test subset assignments by maximizing the volume and average distance between image noise characteristics. The small sample training and test selection method is contrasted with randomly selected training sets as well as training sets chosen from the CADEX and DUPLEX algorithms for the well known Reed-Xiaoli anomaly detector.

  11. Interpretation of Magnetic Anomalies in Salihli (Turkey) Geothermal Area Using 3-D Inversion and Edge Detection Techniques

    Science.gov (United States)

    Timur, Emre

    2016-04-01

    There are numerous geophysical methods used to investigate geothermal areas. The major purpose of this magnetic survey is to locate the boudaries of active hydrothermal system in the South of Gediz Graben in Salihli (Manisa/Turkey). The presence of the hydrothermal system had already been inferred from surface evidence of hydrothermal activity and drillings. Firstly, 3-D prismatic models were theoretically investigated and edge detection methods were utilized with an iterative inversion method to define the boundaries and the parameters of the structure. In the first step of the application, it was necessary to convert the total field anomaly into a pseudo-gravity anomaly map. Then the geometric boudaries of the structures were determined by applying a MATLAB based software with 3 different edge detection algorithms. The exact location of the structures were obtained by using these boundary coordinates as initial geometric parameters in the inversion process. In addition to these methods, reduction to pole and horizontal gradient methods were applied to the data to achieve more information about the location and shape of the possible reservoir. As a result, the edge detection methods were found to be successful, both in the field and as theoretical data sets for delineating the boundaries of the possible geothermal reservoir structure. The depth of the geothermal reservoir was determined as 2,4 km from 3-D inversion and 2,1 km from power spectrum methods.

  12. OGLE-2008-BLG-510: first automated real-time detection of a weak microlensing anomaly - brown dwarf or stellar binary?

    CERN Document Server

    Bozza, V; Rattenbury, N J; Joergensen, U G; Tsapras, Y; Bramich, D M; Udalski, A; Bond, I A; Liebig, C; Cassan, A; Fouque, P; Fukui, A; Hundertmark, M; Shin, I -G; Lee, S H; Choi, J -Y; Park, S -Y; Gould, A; Allan, A; Mao, S; Wyrzykowski, L; Street, R A; Buckley, D; Nagayama, T; Mathiasen, M; Hinse, T C; Novati, S Calchi; Harpsoee, K; Mancini, L; Scarpetta, G; Anguita, T; Burgdorf, M J; Horne, K; Hornstrup, A; Kains, N; Kerins, E; Kjaergaard, P; Masi, G; Rahvar, S; Ricci, D; Snodgrass, C; Southworth, J; Steele, I A; Surdej, J; Thoene, C C; Wambsganss, J; Zub, M; Albrow, M D; Batista, V; Beaulieu, J -P; Bennett, D P; Caldwell, J A R; Cole, A; Cook, K H; Coutures, C; Dieters, S; Prester, D Dominis; Donatowicz, J; Greenhill, J; Kane, S R; Kubas, D; Marquette, J -B; Martin, R; Menzies, J; Pollard, K R; Sahu, K C; Williams, A; Szymanski, M K; Kubiak, M; Pietrzynski, G; Soszynski, I; Poleski, R; Ulaczyk, K; DePoy, D L; Dong, S; Han, C; Janczak, J; Lee, C -U; Pogge, R W; Abe, F; Furusawa, K; Hearnshaw, J B; Itow, Y; Kilmartin, P M; Korpela, A V; Lin, W; Ling, C H; Masuda, K; Matsubara, Y; Miyake, N; Muraki, Y; Ohnishi, K; Perrott, Y C; Saito, To; Skuljan, L; Sullivan, D J; Sumi, T; Suzuki, D; Sweatman, W L; Tristram, P J; Wada, K; Yock, P C M; Gulbis, A; Hashimoto, Y; Kniazev, A; Vaisanen, P

    2012-01-01

    The microlensing event OGLE-2008-BLG-510 is characterised by an evident asymmetric shape of the peak, promptly detected by the ARTEMiS system in real time. The skewness of the light curve appears to be compatible both with binary-lens and binary-source models, including the possibility that the lens system consists of an M dwarf orbited by a brown dwarf. The detection of this microlensing anomaly and our analysis demonstrates that: 1) automated real-time detection of weak microlensing anomalies with immediate feedback is feasible, efficient, and sensitive, 2) rather common weak features intrinsically come with ambiguities that are not easily resolved from photometric light curves, 3) a modelling approach that finds all features of parameter space rather than just the `favourite model' is required, and 4) the data quality is most crucial, where systematics can be confused with real features, in particular small higher-order effects such as orbital motion signatures. It moreover becomes apparent that events wit...

  13. Anomaly Detection Rudiments for the Application of Hyperspectral Sensors in Aerospace Remote Sensing

    International Nuclear Information System (INIS)

    Hyperspectral imaging differs from conventional techniques by exploiting the spectral dimensionality of remote scenes. This additional information promotes discrimination of image elements, especially anomalies that are dissimilar with respect to global features. Algorithms for anomaly detection are designed to overcome the inherent difficulty of analysing hypercubes, which are the higher-dimensional analogues of conventional broadband images. Such algorithms are prolific in their variety and design, which could become an obstacle in choice or application for the neophyte researcher in this field. This paper seeks to consolidate this plethora of algorithms into succinct categories for clarity of rudimentary decision making. A duplicate of article 012048 Snapshot hyperspectral imaging and practical applications was originally published here, in error, as article 012051. The present article replaced the duplicate and was published on 18 August 2009.

  14. PROBABILITY CALIBRATION BY THE MINIMUM AND MAXIMUM PROBABILITY SCORES IN ONE-CLASS BAYES LEARNING FOR ANOMALY DETECTION

    Data.gov (United States)

    National Aeronautics and Space Administration — PROBABILITY CALIBRATION BY THE MINIMUM AND MAXIMUM PROBABILITY SCORES IN ONE-CLASS BAYES LEARNING FOR ANOMALY DETECTION GUICHONG LI, NATHALIE JAPKOWICZ, IAN...

  15. Development of newly designed VHF interferometer system for observing earthquake-related atmospheric anomalies

    OpenAIRE

    YAMAMOTO, Isao; Fujiwara, Hironobu; Kamogawa, Masashi; Iyono, Atsushi; Kroumov, Valeri; Azakami, Takashi

    2009-01-01

    Temporal correlation between atmospheric anomalies and earthquakes has recently been verified statistically through measuring VHF FM radio waves transmitted beyond the line-of-sight. In order to locate the sources of such atmospheric anomalies, we developed a VHF interferometer system (bistatic-radar type) capable of finding the arrival direction of FM radio waves scattered possibly by earthquake-related atmospheric anomalies. In general, frequency modulation of FM radio waves produces ambigu...

  16. Least Square Support Vector Machine for Detection of - Ionospheric Anomalies Associated with the Powerful Nepal Earthquake (Mw = 7.5) of 25 April 2015

    Science.gov (United States)

    Akhoondzadeh, M.

    2016-06-01

    Due to the irrepalable devastations of strong earthquakes, accurate anomaly detection in time series of different precursors for creating a trustworthy early warning system has brought new challenges. In this paper the predictability of Least Square Support Vector Machine (LSSVM) has been investigated by forecasting the GPS-TEC (Total Electron Content) variations around the time and location of Nepal earthquake. In 77 km NW of Kathmandu in Nepal (28.147° N, 84.708° E, depth = 15.0 km) a powerful earthquake of Mw = 7.8 took place at 06:11:26 UTC on April 25, 2015. For comparing purpose, other two methods including Median and ANN (Artificial Neural Network) have been implemented. All implemented algorithms indicate on striking TEC anomalies 2 days prior to the main shock. Results reveal that LSSVM method is promising for TEC sesimo-ionospheric anomalies detection.

  17. Automatic, Real-Time Algorithms for Anomaly Detection in High Resolution Satellite Imagery

    Science.gov (United States)

    Srivastava, A. N.; Nemani, R. R.; Votava, P.

    2008-12-01

    Earth observing satellites are generating data at an unprecedented rate, surpassing almost all other data intensive applications. However, most of the data that arrives from the satellites is not analyzed directly. Rather, multiple scientific teams analyze only a small fraction of the total data available in the data stream. Although there are many reasons for this situation one paramount concern is developing algorithms and methods that can analyze the vast, high dimensional, streaming satellite images. This paper describes a new set of methods that are among the fastest available algorithms for real-time anomaly detection. These algorithms were built to maximize accuracy and speed for a variety of applications in fields outside of the earth sciences. However, our studies indicate that with appropriate modifications, these algorithms can be extremely valuable for identifying anomalies rapidly using only modest computational power. We review two algorithms which are used as benchmarks in the field: Orca, One-Class Support Vector Machines and discuss the anomalies that are discovered in MODIS data taken over the Central California region. We are especially interested in automatic identification of disturbances within the ecosystems (e,g, wildfires, droughts, floods, insect/pest damage, wind damage, logging). We show the scalability of the algorithms and demonstrate that with appropriately adapted technology, the dream of real-time analysis can be made a reality.

  18. Advanced Unsupervised Classification Methods to Detect Anomalies on Earthen Levees Using Polarimetric SAR Imagery.

    Science.gov (United States)

    Marapareddy, Ramakalavathi; Aanstoos, James V; Younan, Nicolas H

    2016-01-01

    Fully polarimetric Synthetic Aperture Radar (polSAR) data analysis has wide applications for terrain and ground cover classification. The dynamics of surface and subsurface water events can lead to slope instability resulting in slough slides on earthen levees. Early detection of these anomalies by a remote sensing approach could save time versus direct assessment. We used L-band Synthetic Aperture Radar (SAR) to screen levees for anomalies. SAR technology, due to its high spatial resolution and soil penetration capability, is a good choice for identifying problematic areas on earthen levees. Using the parameters entropy (H), anisotropy (A), alpha (α), and eigenvalues (λ, λ₁, λ₂, and λ₃), we implemented several unsupervised classification algorithms for the identification of anomalies on the levee. The classification techniques applied are H/α, H/A, A/α, Wishart H/α, Wishart H/A/α, and H/α/λ classification algorithms. In this work, the effectiveness of the algorithms was demonstrated using quad-polarimetric L-band SAR imagery from the NASA Jet Propulsion Laboratory's (JPL's) Uninhabited Aerial Vehicle Synthetic Aperture Radar (UAVSAR). The study area is a section of the lower Mississippi River valley in the Southern USA, where earthen flood control levees are maintained by the US Army Corps of Engineers. PMID:27322270

  19. Advanced Unsupervised Classification Methods to Detect Anomalies on Earthen Levees Using Polarimetric SAR Imagery

    Directory of Open Access Journals (Sweden)

    Ramakalavathi Marapareddy

    2016-06-01

    Full Text Available Fully polarimetric Synthetic Aperture Radar (polSAR data analysis has wide applications for terrain and ground cover classification. The dynamics of surface and subsurface water events can lead to slope instability resulting in slough slides on earthen levees. Early detection of these anomalies by a remote sensing approach could save time versus direct assessment. We used L-band Synthetic Aperture Radar (SAR to screen levees for anomalies. SAR technology, due to its high spatial resolution and soil penetration capability, is a good choice for identifying problematic areas on earthen levees. Using the parameters entropy (H, anisotropy (A, alpha (α, and eigenvalues (λ, λ1, λ2, and λ3, we implemented several unsupervised classification algorithms for the identification of anomalies on the levee. The classification techniques applied are H/α, H/A, A/α, Wishart H/α, Wishart H/A/α, and H/α/λ classification algorithms. In this work, the effectiveness of the algorithms was demonstrated using quad-polarimetric L-band SAR imagery from the NASA Jet Propulsion Laboratory’s (JPL’s Uninhabited Aerial Vehicle Synthetic Aperture Radar (UAVSAR. The study area is a section of the lower Mississippi River valley in the Southern USA, where earthen flood control levees are maintained by the US Army Corps of Engineers.

  20. Anomaly detection for network traffic flow%网络流量异常检测

    Institute of Scientific and Technical Information of China (English)

    单蓉胜; 李建华; 王明政

    2004-01-01

    提出了一种新颖的网络洪流攻击的异常检测机制.这种检测机制的无状态维护、低计算代价的特性保证了自身具有抗洪流攻击的能力.本文以检测SYN洪流攻击为实例详细阐述了异常检测机制.这个机制应用EWMA方法检测网络流的突变, 并运用对称性分析方法检测网络流的异常活动.测试结果表明本文所提出的检测机制具有很好的检测洪流攻击的准确度, 并具有低延时特性.%This paper presents a novel mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. In this paper, SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.

  1. Fiber Optic Bragg Grating Sensors for Thermographic Detection of Subsurface Anomalies

    Science.gov (United States)

    Allison, Sidney G.; Winfree, William P.; Wu, Meng-Chou

    2009-01-01

    Conventional thermography with an infrared imager has been shown to be an extremely viable technique for nondestructively detecting subsurface anomalies such as thickness variations due to corrosion. A recently developed technique using fiber optic sensors to measure temperature holds potential for performing similar inspections without requiring an infrared imager. The structure is heated using a heat source such as a quartz lamp with fiber Bragg grating (FBG) sensors at the surface of the structure to detect temperature. Investigated structures include a stainless steel plate with thickness variations simulated by small platelets attached to the back side using thermal grease. A relationship is shown between the FBG sensor thermal response and variations in material thickness. For comparison, finite element modeling was performed and found to agree closely with the fiber optic thermography results. This technique shows potential for applications where FBG sensors are already bonded to structures for Integrated Vehicle Health Monitoring (IVHM) strain measurements and can serve dual-use by also performing thermographic detection of subsurface anomalies.

  2. IMPROVEMENT OF ANOMALY DETECTION ALGORITHMS IN HYPERSPECTRAL IMAGES USING DISCRETE WAVELET TRANSFORM

    Directory of Open Access Journals (Sweden)

    Kamal Jamshidi

    2012-01-01

    Full Text Available Recently anomaly detection (AD has become an important application for target detection in hyperspectralremotely sensed images. In many applications, in addition to high accuracy of detection we need a fast andreliable algorithm as well. This paper presents a novel method to improve the performance of current ADalgorithms. The proposed method first calculates Discrete Wavelet Transform (DWT of every pixel vectorof image using Daubechies4 wavelet. Then, AD algorithm performs on four bands of “Wavelet transform”matrix which are the approximation of main image. In this research some benchmark AD algorithmsincluding Local RX, DWRX and DWEST have been implemented on Airborne Visible/Infrared ImagingSpectrometer (AVIRIS hyperspectral datasets. Experimental results demonstrate significant improvementof runtime in proposed method. In addition, this method improves the accuracy of AD algorithms becauseof DWT’s power in extracting approximation coefficients of signal, which contain the main behaviour ofsignal, and abandon the redundant information in hyperspectral image data.

  3. Classification and Importance of Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Rajasekaran K

    2012-08-01

    Full Text Available An intrusion detection system (IDS is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Due to a growing number of intrusion events and also because the Internet and local networks have become so ubiquitous, organizations are increasingly implementing various systems that monitor IT security breaches. This includes an overview of the classification of intrusion detection systems and introduces the reader to some fundamental concepts of IDS methodology: audit trail analysis and on-the-fly processing as well as anomaly detection and signature detection approaches. This research paper discusses the primary intrusion detection techniques and the classification of intrusion Detection system.

  4. Fetal central nervous system anomalies: comparison of magnetic resonance imaging and ultrasonography for diagnosis

    Institute of Scientific and Technical Information of China (English)

    WANG Guang-bin; QU Lei; LI Hui-hua; SHAN Rui-qin; MA Yu-xiang; SHI Hao; CHEN Li-guang; LIU Wen; QIU Xiu-ling; WEI Yu-long; GUO Li

    2006-01-01

    Background Evaluation of fetal central nervous system (CNS) agenesis by ultrasonography (US) is frequentlylimited, but magnetic resonance imaging (MRI) has its own advantages and is gaining popularity in displayingsuspected fetal anomalies. The purpose of this study was to explore the value of MRI in detecting fetal CNSagenesis.Methods Thirty-four women (aged from 22 to 35 years, average 27 years) with complicated pregnancies (16-39 weeks of gestation, average 30 weeks) were examined with a 1.5 T superconductive MR unit within 24 hoursafter ultrasonography. Half-Fourier acquisition single-shot turbo spin-echo (HASTE) T2-weighted imaging (T2WI)sequence were performed in all patients, and fast low angle shot (FLASH) T1-weighted imaging (T1WI) sequencewere applied sequentially in seven of them. Comparison of the results was made between the MRI and USfindings as well as autopsy or postnatal follow-up MRI findings.Results The gyrus, sulcus, corpus callosum, thalamus, cerebellum, brainstem, and spinal cord of fetus wereshown more clearly on T2-weighted MR images than on T1-weighted MR images. MRI corrected the diagnosis ofUS in 10 cases (10/34, 29.41%) and the diagnosis was missed only in 1 case (1/34, 2.94%).Conclusion MRI has advantages to US in detecting fetal CNS anomalies and is a supplement to US incomplicated pregnancies.

  5. Model-based temperature noise monitoring methods for LMFBR core anomaly detection

    Energy Technology Data Exchange (ETDEWEB)

    Tamaoki, Tetsuo; Sonoda, Yukio; Sato, Masuo (Toshiba Corp., Kawasaki, Kanagawa (Japan)); Takahashi, Ryoichi

    1994-03-01

    Temperature noise, measured by thermocouples mounted at each core fuel subassembly, is considered to be the most useful signal for detecting and locating local cooling anomalies in an LMFBR core. However, the core outlet temperature noise contains background noise due to fluctuations in the operating parameters including reactor power. It is therefore necessary to reduce this background noise for highly sensitive anomaly detection by subtracting predictable components from the measured signal. In the present study, both a physical model and an autoregressive model were applied to noise data measured in the experimental fast reactor JOYO. The results indicate that the autoregressive model has a higher precision than the physical model in background noise prediction. Based on these results, an 'autoregressive model modification method' is proposed, in which a temporary autoregressive model is generated by interpolation or extrapolation of reference models identified under a small number of different operating conditions. The generated autoregressive model has shown sufficient precision over a wide range of reactor power in applications to artificial noise data produced by an LMFBR noise simulator even when the coolant flow rate was changed to keep a constant power-to-flow ratio. (author).

  6. Based on Wide Area Environment Abnormal Behavior Analysis and Anomaly Detection Research

    Directory of Open Access Journals (Sweden)

    Zhang Lin

    2016-01-01

    Full Text Available Group anomaly identification and location is an important issue in the field of artificial intelligence. Capture of the accident source and rapid prediction of mass incidents in public places are difficult problems in intelligent video identification and processing, but the traditional group anomaly detection research has many limitations when it comes to accident source detection and intelligent recognition. We are to research on the algorithms of accident source location and abnormal group identification based on behavior analysis in the condition of dramatically changing group geometry appearance, including: 1 to propose a logic model of image density based on the social force model, and to build the crowd density trend prediction model integrating “fast and fuzzy matching at front-end” and “accurate and classified training at back-end”; 2 to design a fast abnormal source flagging algorithm based on support vector machine, and to realize intelligent and automatic marking of abnormal source point; 3 to construct a multi-view human body skeleton invariant moment model and a motion trajectory model based on linear parametric equations. The expected results of the research will help prevent abnormal events effectively, capture the first scene of incidents and the abnormal source point quickly, and play a decision support role in the proactive national security strategy.

  7. Tracking Environmental Compliance and Remediation Trajectories Using Image-Based Anomaly Detection Methodologies

    Directory of Open Access Journals (Sweden)

    James K. Lein

    2011-11-01

    Full Text Available Recent interest in use of satellite remote sensing for environmental compliance and remediation assessment has been heightened by growing policy requirements and the need to provide more rapid and efficient monitoring and enforcement mechanisms. However, remote sensing solutions are attractive only to the extent that they can deliver environmentally relevant information in a meaningful and time-sensitive manner. Unfortunately, the extent to which satellite-based remote sensing satisfies the demands for compliance and remediation assessment under the conditions of an actual environmental accident or calamity has not been well documented. In this study a remote sensing solution to the problem of site remediation and environmental compliance assessment was introduced based on the use of the RDX anomaly detection algorithm and vegetation indices developed from the Tasseled Cap Transform. Results of this analysis illustrate how the use of standard vegetation transforms, integrated into an anomaly detection strategy, enable the time-sequenced tracking of site remediation progress. Based on these results credible evidence can be produced to support compliance evaluation and remediation assessment following major environmental disasters.

  8. Normalized edge detection, and the horizontal extent and depth of geophysical anomalies

    Institute of Scientific and Technical Information of China (English)

    Li Li-Li; Han Li-Guo; Huang Da-Nian

    2014-01-01

    Edge detection is an image processing technique for finding the boundaries of objects within images. It is typically used to interpret gravity and magnetic data, andfi nd the horizontal boundaries of geological bodies. Large deviations between model and true edges are common because of the interference of depth and errors in computing the derivatives; thus, edge detection methods cannot provide information about the depth of the source. To simultaneously obtain the horizontal extent and depth of geophysical anomalies, we use normalized edge detection filters, which normalize the edge detection function at different depths, and the maxima that correspond to the location of the source. The errors between model and actual edges are minimized as the depth of the source decreases and the normalized edge detection method recognizes the extent of the source based on the maxima, allowing for reliable model results. We demonstrate the applicability of the normalized edge detection fi lters in defi ning the horizontal extent and depth using synthetic and actual aeromagnetic data.

  9. Anomaly detection driven active learning for identifying suspicious tracks and events in WAMI video

    Science.gov (United States)

    Miller, David J.; Natraj, Aditya; Hockenbury, Ryler; Dunn, Katherine; Sheffler, Michael; Sullivan, Kevin

    2012-06-01

    We describe a comprehensive system for learning to identify suspicious vehicle tracks from wide-area motion (WAMI) video. First, since the road network for the scene of interest is assumed unknown, agglomerative hierarchical clustering is applied to all spatial vehicle measurements, resulting in spatial cells that largely capture individual road segments. Next, for each track, both at the cell (speed, acceleration, azimuth) and track (range, total distance, duration) levels, extreme value feature statistics are both computed and aggregated, to form summary (p-value based) anomaly statistics for each track. Here, to fairly evaluate tracks that travel across different numbers of spatial cells, for each cell-level feature type, a single (most extreme) statistic is chosen, over all cells traveled. Finally, a novel active learning paradigm, applied to a (logistic regression) track classifier, is invoked to learn to distinguish suspicious from merely anomalous tracks, starting from anomaly-ranked track prioritization, with ground-truth labeling by a human operator. This system has been applied to WAMI video data (ARGUS), with the tracks automatically extracted by a system developed in-house at Toyon Research Corporation. Our system gives promising preliminary results in highly ranking as suspicious aerial vehicles, dismounts, and traffic violators, and in learning which features are most indicative of suspicious tracks.

  10. Unsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling.

    Science.gov (United States)

    Raghuram, Jayaram; Miller, David J; Kesidis, George

    2014-07-01

    We propose a method for detecting anomalous domain names, with focus on algorithmically generated domain names which are frequently associated with malicious activities such as fast flux service networks, particularly for bot networks (or botnets), malware, and phishing. Our method is based on learning a (null hypothesis) probability model based on a large set of domain names that have been white listed by some reliable authority. Since these names are mostly assigned by humans, they are pronounceable, and tend to have a distribution of characters, words, word lengths, and number of words that are typical of some language (mostly English), and often consist of words drawn from a known lexicon. On the other hand, in the present day scenario, algorithmically generated domain names typically have distributions that are quite different from that of human-created domain names. We propose a fully generative model for the probability distribution of benign (white listed) domain names which can be used in an anomaly detection setting for identifying putative algorithmically generated domain names. Unlike other methods, our approach can make detections without considering any additional (latency producing) information sources, often used to detect fast flux activity. Experiments on a publicly available, large data set of domain names associated with fast flux service networks show encouraging results, relative to several baseline methods, with higher detection rates and low false positive rates.

  11. Structure and dynamics of decadal anomalies in the wintertime midlatitude North Pacific ocean-atmosphere system

    Science.gov (United States)

    Fang, Jiabei; Yang, Xiu-Qun

    2015-12-01

    The structure and dynamics of decadal anomalies in the wintertime midlatitude North Pacific ocean-atmosphere system are examined in this study, using the NCEP/NCAR atmospheric reanalysis, HadISST SST and Simple Ocean Data Assimilation data for 1960-2010. The midlatitude decadal anomalies associated with the Pacific Decadal Oscillation are identified, being characterized by an equivalent barotropic atmospheric low (high) pressure over a cold (warm) oceanic surface. Such a unique configuration of decadal anomalies can be maintained by an unstable ocean-atmosphere interaction mechanism in the midlatitudes, which is hypothesized as follows. Associated with a warm PDO phase, an initial midlatitude surface westerly anomaly accompanied with intensified Aleutian low tends to force a negative SST anomaly by increasing upward surface heat fluxes and driving southward Ekman current anomaly. The SST cooling tends to increase the meridional SST gradient, thus enhancing the subtropical oceanic front. As an adjustment of the atmospheric boundary layer to the enhanced oceanic front, the low-level atmospheric meridional temperature gradient and thus the low-level atmospheric baroclinicity tend to be strengthened, inducing more active transient eddy activities that increase transient eddy vorticity forcing. The vorticity forcing that dominates the total atmospheric forcing tends to produce an equivalent barotropic atmospheric low pressure north of the initial westerly anomaly, intensifying the initial anomalies of the midlatitude surface westerly and Aleutian low. Therefore, it is suggested that the midlatitude ocean-atmosphere interaction can provide a positive feedback mechanism for the development of initial anomaly, in which the oceanic front and the atmospheric transient eddy are the indispensable ingredients. Such a positive ocean-atmosphere feedback mechanism is fundamentally responsible for the observed decadal anomalies in the midlatitude North Pacific ocean

  12. Structure and dynamics of decadal anomalies in the wintertime midlatitude North Pacific ocean-atmosphere system

    Science.gov (United States)

    Fang, Jiabei; Yang, Xiu-Qun

    2016-09-01

    The structure and dynamics of decadal anomalies in the wintertime midlatitude North Pacific ocean-atmosphere system are examined in this study, using the NCEP/NCAR atmospheric reanalysis, HadISST SST and Simple Ocean Data Assimilation data for 1960-2010. The midlatitude decadal anomalies associated with the Pacific Decadal Oscillation are identified, being characterized by an equivalent barotropic atmospheric low (high) pressure over a cold (warm) oceanic surface. Such a unique configuration of decadal anomalies can be maintained by an unstable ocean-atmosphere interaction mechanism in the midlatitudes, which is hypothesized as follows. Associated with a warm PDO phase, an initial midlatitude surface westerly anomaly accompanied with intensified Aleutian low tends to force a negative SST anomaly by increasing upward surface heat fluxes and driving southward Ekman current anomaly. The SST cooling tends to increase the meridional SST gradient, thus enhancing the subtropical oceanic front. As an adjustment of the atmospheric boundary layer to the enhanced oceanic front, the low-level atmospheric meridional temperature gradient and thus the low-level atmospheric baroclinicity tend to be strengthened, inducing more active transient eddy activities that increase transient eddy vorticity forcing. The vorticity forcing that dominates the total atmospheric forcing tends to produce an equivalent barotropic atmospheric low pressure north of the initial westerly anomaly, intensifying the initial anomalies of the midlatitude surface westerly and Aleutian low. Therefore, it is suggested that the midlatitude ocean-atmosphere interaction can provide a positive feedback mechanism for the development of initial anomaly, in which the oceanic front and the atmospheric transient eddy are the indispensable ingredients. Such a positive ocean-atmosphere feedback mechanism is fundamentally responsible for the observed decadal anomalies in the midlatitude North Pacific ocean

  13. Automatic Detection and Classification of Pole-Like Objects in Urban Point Cloud Data Using an Anomaly Detection Algorithm

    Directory of Open Access Journals (Sweden)

    Borja Rodríguez-Cuenca

    2015-09-01

    Full Text Available Detecting and modeling urban furniture are of particular interest for urban management and the development of autonomous driving systems. This paper presents a novel method for detecting and classifying vertical urban objects and trees from unstructured three-dimensional mobile laser scanner (MLS or terrestrial laser scanner (TLS point cloud data. The method includes an automatic initial segmentation to remove the parts of the original cloud that are not of interest for detecting vertical objects, by means of a geometric index based on features of the point cloud. Vertical object detection is carried out through the Reed and Xiaoli (RX anomaly detection algorithm applied to a pillar structure in which the point cloud was previously organized. A clustering algorithm is then used to classify the detected vertical elements as man-made poles or trees. The effectiveness of the proposed method was tested in two point clouds from heterogeneous street scenarios and measured by two different sensors. The results for the two test sites achieved detection rates higher than 96%; the classification accuracy was around 95%, and the completion quality of both procedures was 90%. Non-detected poles come from occlusions in the point cloud and low-height traffic signs; most misclassifications occurred in man-made poles adjacent to trees.

  14. Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

    2011-04-01

    Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

  15. Bootstrap Prediction Intervals in Non-Parametric Regression with Applications to Anomaly Detection

    Science.gov (United States)

    Kumar, Sricharan; Srivistava, Ashok N.

    2012-01-01

    Prediction intervals provide a measure of the probable interval in which the outputs of a regression model can be expected to occur. Subsequently, these prediction intervals can be used to determine if the observed output is anomalous or not, conditioned on the input. In this paper, a procedure for determining prediction intervals for outputs of nonparametric regression models using bootstrap methods is proposed. Bootstrap methods allow for a non-parametric approach to computing prediction intervals with no specific assumptions about the sampling distribution of the noise or the data. The asymptotic fidelity of the proposed prediction intervals is theoretically proved. Subsequently, the validity of the bootstrap based prediction intervals is illustrated via simulations. Finally, the bootstrap prediction intervals are applied to the problem of anomaly detection on aviation data.

  16. Bayesian anomaly detection in heterogeneous media with applications to geophysical tomography

    Science.gov (United States)

    Simon, Martin

    2014-11-01

    In this paper, we consider the problem of detecting a parameterized anomaly in an isotropic, stationary and ergodic conductivity random field via electrical impedance tomography. A homogenization result for a stochastic forward problem built on the complete electrode model is derived, which serves as the basis for a two-stage numerical method in the framework of Bayesian inverse problems. The novelty of this method lies in the introduction of an enhanced error model accounting for the approximation errors that result from reducing the full forward model to a homogenized one. In the first stage, a MAP estimate for the reduced forward model equipped with the enhanced error model is computed. Then, in the second stage, a bootstrap prior based on the first stage results is defined and the resulting posterior distribution is sampled via Markov chain Monte Carlo. We provide the theoretical foundation of the proposed method, discuss different aspects of a numerical implementation and present numerical experiments to support our findings.

  17. Real-time progressive hyperspectral image processing endmember finding and anomaly detection

    CERN Document Server

    Chang, Chein-I

    2016-01-01

    The book covers the most crucial parts of real-time hyperspectral image processing: causality and real-time capability. Recently, two new concepts of real time hyperspectral image processing, Progressive Hyperspectral Imaging (PHSI) and Recursive Hyperspectral Imaging (RHSI). Both of these can be used to design algorithms and also form an integral part of real time hyperpsectral image processing. This book focuses on progressive nature in algorithms on their real-time and causal processing implementation in two major applications, endmember finding and anomaly detection, both of which are fundamental tasks in hyperspectral imaging but generally not encountered in multispectral imaging. This book is written to particularly address PHSI in real time processing, while a book, Recursive Hyperspectral Sample and Band Processing: Algorithm Architecture and Implementation (Springer 2016) can be considered as its companion book. Includes preliminary background which is essential to those who work in hyperspectral ima...

  18. Multiscale spatial density smoothing: an application to large-scale radiological survey and anomaly detection

    CERN Document Server

    Tansey, Wesley; Reinhart, Alex; Scott, James G

    2015-01-01

    We consider the problem of estimating a spatially varying density function, motivated by problems that arise in large-scale radiological survey and anomaly detection. In this context, the density functions to be estimated are the background gamma-ray energy spectra at sites spread across a large geographical area, such as nuclear production and waste-storage sites, military bases, medical facilities, university campuses, or the downtown of a city. Several challenges combine to make this a difficult problem. First, the spectral density at any given spatial location may have both smooth and non-smooth features. Second, the spatial correlation in these density functions is neither stationary nor locally isotropic. Third, the spatial correlation decays at different length scales at different locations in the support of the underlying density. Finally, at some spatial locations, there is very little data. We present a method called multiscale spatial density smoothing that successfully addresses these challenges. ...

  19. Interior intrusion detection systems

    Energy Technology Data Exchange (ETDEWEB)

    Rodriguez, J.R.; Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States)); Dry, B. (BE, Inc., Barnwell, SC (United States))

    1991-10-01

    The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.

  20. Interior intrusion detection systems

    International Nuclear Information System (INIS)

    The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs

  1. DEVELOPMENT AND TESTING OF PROCEDURES FOR CARRYING OUT EMERGENCY PHYSICAL INVENTORY TAKING AFTER DETECTING ANOMALY EVENTS CONCERNING NM SECURITY.

    Energy Technology Data Exchange (ETDEWEB)

    VALENTE,J.FISHBONE,L.ET AL.

    2003-07-13

    In the State Scientific Center of Russian Federation - Institute of Physics and Power Engineering (SSC RF-IPPE, Obninsk), which is under Minatom jurisdiction, the procedures for carrying out emergency physical inventory taking (EPIT) were developed and tested in cooperation with the Brookhaven National Laboratory (USA). Here the emergency physical inventory taking means the PIT, which is carried out in case of symptoms indicating a possibility of NM loss (theft). Such PIT often requires a verification of attributes and quantitative characteristics for all the NM items located in a specific Material Balance Area (MBA). In order to carry out the exercise, an MBA was selected where many thousands of NM items containing highly enriched uranium are used. Three clients of the computerized material accounting system (CMAS) are installed in this MBA. Labels with unique (within IPPE site) identification numbers in the form of digit combinations and an appropriate bar code have been applied on the NM items, containers and authorized locations. All the data to be checked during the EPIT are stored in the CMAS database. Five variants of anomalies initiating EPIT and requiring different types of activities on EPIT organization are considered. Automatic working places (AWP) were created on the basis of the client computers in order to carry out a large number of measurements within a reasonable time. In addition to a CMAS client computer, the main components of an AWP include a bar-code reader, an electronic scale and an enrichment meter with NaI--detector--the lMCA Inspector (manufactured by the Canberra Company). All these devices work together with a client computer in the on-line mode. Special computer code (Emergency Inventory Software-EIS) was developed. All the algorithms of interaction between the operator and the system, as well as algorithms of data exchange during the measurements and data comparison, are implemented in this software. Registration of detected

  2. Airborne detection of magnetic anomalies associated with soils on the Oak Ridge Reservation, Tennessee

    International Nuclear Information System (INIS)

    Reconnaissance airborne geophysical data acquired over the 35,000-acre Oak Ridge Reservation (ORR), TN, show several magnetic anomalies over undisturbed areas mapped as Copper Ridge Dolomite (CRD). The anomalies of interest are most apparent in magnetic gradient maps where they exceed 0.06 nT/m and in some cases exceed 0.5 nT/m. Anomalies as large as 25nT are seen on maps. Some of the anomalies correlate with known or suspected karst, or with apparent conductivity anomalies calculated from electromagnetic data acquired contemporaneously with the magnetic data. Some of the anomalies have a strong correlation with topographic lows or closed depressions. Surface magnetic data have been acquired over some of these sites and have confirmed the existence of the anomalies. Ground inspections in the vicinity of several of the anomalies has not led to any discoveries of manmade surface materials of sufficient size to generate the observed anomalies. One would expect an anomaly of approximately 1 nT for a pickup truck from 200 ft altitude. Typical residual magnetic anomalies have magnitudes of 5--10 nT, and some are as large as 25nT. The absence of roads or other indications of culture (past or present) near the anomalies and the modeling of anomalies in data acquired with surface instruments indicate that man-made metallic objects are unlikely to be responsible for the anomaly. The authors show that observed anomalies in the CRD can reasonably be associated with thickening of the soil layer. The occurrence of the anomalies in areas where evidences of karstification are seen would follow because sediment deposition would occur in topographic lows. Linear groups of anomalies on the maps may be associated with fracture zones which were eroded more than adjacent rocks and were subsequently covered with a thicker blanket of sediment. This study indicates that airborne magnetic data may be of use in other sites where fracture zones or buried collapse structures are of interest

  3. Jamming anomaly in $\\mathcal{PT}$-symmetric systems

    CERN Document Server

    Barashenkov, I V; Konotop, Vladimir V

    2016-01-01

    The Schr\\"odinger equation with a $\\mathcal{PT}$-symmetric potential is used to model an optical structure consisting of an element with gain coupled to an element with loss. At low gain-loss amplitudes $\\gamma$, raising the amplitude results in the energy flux from the active to the leaky element being boosted. We study the anomalous behaviour occurring for larger $\\gamma$, where the increase of the amplitude produces a drop of the flux across the gain-loss interface. We show that this jamming anomaly is either a precursor of the exceptional point, where two real eigenvalues coalesce and acquire imaginary parts, or precedes the eigenvalue's immersion in the continuous spectrum.

  4. MODELLING EARTH SYSTEM CHANGES THROUGH THE SHURUM-WONOKA ANOMALY

    DEFF Research Database (Denmark)

    Bjerrum, Christian J.; Canfield, D. E.

    -amplitude fluctuations in the isotopic composition of marine carbonate carbon (d13CIC ) and oxygen (d18O) and more subdued changes in the isotope composition of marine organic carbon. Normally, carbon isotope changes are considered to reflect the burial history of inorganic and organic carbon into sediments, while...... and organic carbon at lower values of d13CIC, with a cross-plot slope of about 1. This unit slope seems to be unique to the Neoproterozoic in Earth history and not easily explained. In our model, the carbon isotope excursions were driven by methane from sediment-hosted clathrate hydrate deposits. Being...... a powerful greenhouse gas, methane increased temperature and melted icecaps. These combined to produce a negative 18O anomaly, while the higher temperatures also accelerated the weathering of continental rocks, drawing down atmospheric CO2. Lower CO2, in turn, reduced the isotope fractionation between DIC...

  5. Plasmon mode as a detection of the chiral anomaly in Weyl semimetals

    OpenAIRE

    Zhou, Jianhui; Chang, Hao-Ran; Xiao, Di

    2014-01-01

    Weyl semimetals are one kind of three-dimensional gapless semimetal with nontrivial topology in the momentum space. The chiral anomaly in Weyl semimetals manifests as a charge imbalance between the Weyl nodes of opposite chiralities induced by parallel electric and magnetic fields. We investigate the chiral anomaly effect on the plasmon mode in both intrinsic and doped Weyl semimetals within the random phase approximation. We prove that the chiral anomaly gives rise to a different plasmon mod...

  6. An Analysis of Mechanical Constraints when Using Superconducting Gravimeters for Far-Field Pre-Seismic Anomaly Detection

    Directory of Open Access Journals (Sweden)

    Shyh-Chin Lan

    2011-01-01

    Full Text Available Pre-seismic gravity anomalies from records obtained at a 1 Hz sampling rate from superconducting gravimeters (SG around East Asia are analyzed. A comparison of gravity anomalies to the source parameters of associated earthquakes shows that the detection of pre-seismic gravity anomalies is constrained by several mechanical conditions of the seismic fault plane. The constraints of the far-field pre-seismic gravity amplitude perturbation were examined and the critical spatial relationship between the SG station and the epicenter precursory signal for detection was determined. The results show that: (1 the pre-seismic amplitude perturbation of gravity is inversely proportional to distance; (2 the transfer path from the epicenter to the SG station that crosses a tectonic boundary has a relatively low pre-seismic gravity anomaly amplitude; (3 the pre-seismic gravity perturbation amplitude is also affected by the attitude between the location of an SG station and the strike of the ruptured fault plane. The removal of typhoon effects and the selection of SG stations within a certain intersection angle to the strike of the fault plane are essential for obtaining reliable pre-seismic gravity anomaly results.

  7. Para-GMRF: parallel algorithm for anomaly detection of hyperspectral image

    Science.gov (United States)

    Dong, Chao; Zhao, Huijie; Li, Na; Wang, Wei

    2007-12-01

    The hyperspectral imager is capable of collecting hundreds of images corresponding to different wavelength channels for the observed area simultaneously, which make it possible to discriminate man-made objects from natural background. However, the price paid for the wealthy information is the enormous amounts of data, usually hundreds of Gigabytes per day. Turning the huge volume data into useful information and knowledge in real time is critical for geoscientists. In this paper, the proposed parallel Gaussian-Markov random field (Para-GMRF) anomaly detection algorithm is an attempt of applying parallel computing technology to solve the problem. Based on the locality of GMRF algorithm, we partition the 3-D hyperspectral image cube in spatial domain and distribute data blocks to multiple computers for concurrent detection. Meanwhile, to achieve load balance, a work pool scheduler is designed for task assignment. The Para-GMRF algorithm is organized in master-slave architecture, coded in C programming language using message passing interface (MPI) library and tested on a Beowulf cluster. Experimental results show that Para-GMRF algorithm successfully conquers the challenge and can be used in time sensitive areas, such as environmental monitoring and battlefield reconnaissance.

  8. Application of Distributed Optical Fiber Sensing Technology in the Anomaly Detection of Shaft Lining in Grouting

    Directory of Open Access Journals (Sweden)

    Chunde Piao

    2015-01-01

    Full Text Available The rupture of the shaft lining caused by grouting has seriously undermined the safety in coal mining. Based on BOTDR distributed optical fiber sensing technology, this paper studied the layout method of optical fiber sensors and the anomaly detection method of the deformation and obtained the evolution law of shaft deformation triggered by grouting. The research results showed that the bonding problem of optical fiber sensors in damp environment could be effectively solved, by applying the binder consisting of sodium silicate and cement. Through BOTDR-based deformation detection, the real-time deformation of the shaft lining caused by grouting was immediately spotted. By comparing the respective strain of shaft lining deformation and concrete deformation, the risk range of shaft lining grouting was identified. With the additional strain increment of the shaft lining triggered by each process of grouting, the saturated condition of grouting volume in strata was analyzed, providing an important technical insight into the field construction and the safety of the shaft lining.

  9. A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMS

    Directory of Open Access Journals (Sweden)

    Joshua Abah

    2015-11-01

    Full Text Available The emergence of mobile platforms with increased storage and computing capabilities and the pervasive use of these platforms for sensitive applications such as online banking, e-commerce and the storage of sensitive information on these mobile devices have led to increasing danger associated with malware targeted at these devices. Detecting such malware presents inimitable challenges as signature-based detection techniques available today are becoming inefficient in detecting new and unknown malware. In this research, a machine learning approach for the detection of malware on Android platforms is presented. The detection system monitors and extracts features from the applications while in execution and uses them to perform in-device detection using a trained K-Nearest Neighbour classifier. Results shows high performance in the detection rate of the classifier with accuracy of 93.75%, low error rate of 6.25% and low false positive rate with ability of detecting real Android malware.

  10. 基于数字属性和符号属性混合数据的网络异常入侵检测方法%Network-based anomaly intrusion detection with numeric-and-nominal mixed data

    Institute of Scientific and Technical Information of China (English)

    蔡龙征; 余胜生; 王晓峰; 周敬利

    2006-01-01

    Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or connections, often contain both numeric and nominal features. Both of these features contain important information for intrusion detection. These two features, on the other hand, have different characteristics. This paper presents a new network based anomaly intrusion detection approach that works well by building profiles for numeric and nominal features in different ways. During training, for each numeric feature, a normal profile is build through statistical distribution inference and parameter estimation, while for each nominal feature, a normal profile is setup through statistical method. These profiles are used as detection models during testing to judge whether a data being tested is benign or malicious. Experiments with the data set of 1999 DARPA (defense advanced research project agency) intrusion detection evaluation show that this approach can detect attacks effectively.

  11. Information-theoretic analysis of x-ray scatter and phase architectures for anomaly detection

    Science.gov (United States)

    Coccarelli, David; Gong, Qian; Stoian, Razvan-Ionut; Greenberg, Joel A.; Gehm, Michael E.; Lin, Yuzhang; Huang, Liang-Chih; Ashok, Amit

    2016-05-01

    Conventional performance analysis of detection systems confounds the effects of the system architecture (sources, detectors, system geometry, etc.) with the effects of the detection algorithm. Previously, we introduced an information-theoretic approach to this problem by formulating a performance metric, based on Cauchy-Schwarz mutual information, that is analogous to the channel capacity concept from communications engineering. In this work, we discuss the application of this metric to study novel screening systems based on x-ray scatter or phase. Our results show how effective use of this metric can impact design decisions for x-ray scatter and phase systems.

  12. Discovering System Health Anomalies using Data Mining Techniques

    Data.gov (United States)

    National Aeronautics and Space Administration — We discuss a statistical framework that underlies envelope detection schemes as well as dynamical models based on Hidden Markov Models (HMM) that can encompass both...

  13. A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks.

    Science.gov (United States)

    Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

    2016-06-13

    In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens' quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN) and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%.

  14. Sparse source travel-time tomography of a laboratory target: accuracy and robustness of anomaly detection

    CERN Document Server

    Pursiainen, Sampsa

    2014-01-01

    This study concerned conebeam travel-time tomography. The focus was on a sparse distribution of signal sources that can be necessary in a challenging in situ environment such as in asteroid tomography. The goal was to approximate the minimum number of source positions needed for robust detection of refractive anomalies, e.g., voids within an asteroid or a casting defects in concrete. Experimental ultrasonic data were recorded utilizing as a target a 150 mm plastic cast cube containing three stones with diameter between 22 and 41 mm. A signal frequency of 55 kHz (35 mm wavelength) was used. Source counts from one to six were tested for different placements. Based on our statistical inversion approach and analysis of the results, three or four sources were found to lead to reliable inversion. The source configurations investigated were also ranked according to their performance. Our results can be used, for example, in the planning of planetary missions as well as in material testing.

  15. A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks.

    Science.gov (United States)

    Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

    2016-01-01

    In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens' quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN) and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%. PMID:27304957

  16. Anomaly Identification from Super-Low Frequency Electromagnetic Data for the Coalbed Methane Detection

    Science.gov (United States)

    Zhao, S. S.; Wang, N.; Hui, J.; Ye, X.; Qin, Q.

    2016-06-01

    Natural source Super Low Frequency(SLF) electromagnetic prospecting methods have become an increasingly promising way in the resource detection. The capacity estimation of the reservoirs is of great importance to evaluate their exploitation potency. In this paper, we built a signal-estimate model for SLF electromagnetic signal and processed the monitored data with adaptive filter. The non-normal distribution test showed that the distribution of the signal was obviously different from Gaussian probability distribution, and Class B instantaneous amplitude probability model can well describe the statistical properties of SLF electromagnetic data. The Class B model parameter estimation is very complicated because its kernel function is confluent hypergeometric function. The parameters of the model were estimated based on property spectral function using Least Square Gradient Method(LSGM). The simulation of this estimation method was carried out, and the results of simulation demonstrated that the LGSM estimation method can reflect important information of the Class B signal model, of which the Gaussian component was considered to be the systematic noise and random noise, and the Intermediate Event Component was considered to be the background ground and human activity noise. Then the observation data was processed using adaptive noise cancellation filter. With the noise components subtracted out adaptively, the remaining part is the signal of interest, i.e., the anomaly information. It was considered to be relevant to the reservoir position of the coalbed methane stratum.

  17. Sparse source travel-time tomography of a laboratory target: accuracy and robustness of anomaly detection

    International Nuclear Information System (INIS)

    This study concerned conebeam travel-time tomography. The focus was on a sparse distribution of signal sources that can be necessary in a challenging in situ environment such as in asteroid tomography. The goal was to approximate the minimum number of source positions needed for robust detection of refractive anomalies, e.g., voids within an asteroid or a casting defects in concrete. Experimental ultrasonic data were recorded utilizing as a target a 150 mm plastic cast cube containing three stones with diameter between 22 and 41 mm. A signal frequency of 55 kHz (35 mm wavelength) was used. Source counts from one to six were tested for different placements. Based on our statistical inversion approach and analysis of the results, three or four sources were found to lead to reliable inversion. The source configurations investigated were also ranked according to their performance. Our results can be used, for example, in the planning of planetary missions as well as in material testing. (paper)

  18. A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Victor Garcia-Font

    2016-06-01

    Full Text Available In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens’ quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%.

  19. Semiconductor radiation detection systems

    CERN Document Server

    2010-01-01

    Covers research in semiconductor detector and integrated circuit design in the context of medical imaging using ionizing radiation. This book explores other applications of semiconductor radiation detection systems in security applications such as luggage scanning, dirty bomb detection and border control.

  20. COLLABORATIVE ANOMALY-BASED INTRUSION DETECTION IN MOBILE AD HOC NETWORKS

    Directory of Open Access Journals (Sweden)

    SUNIL K. PARYANI,

    2011-05-01

    Full Text Available Intrusion Prevention is first line of defense against attacks in MANET. Intrusion Detection and response presents a second line of defense. New vulnerabilities will continue to invent new attack methods so new technology such as MANET, we focus on developing effective detection approaches In this paper, we present an intrusion detection system for detection of malicious node in mobile ad hoc network. The technique is designed for detection of malicious nodes in a neighborhood in which each pair of nodes are within radio range of each other. Such a neighborhood of nodes is known as a clique. [1] This technique is aimed to reduce the computation and communication costs to select a monitor node and reduces the message passing between the nodes to detect a malicious node from the cluster hence there very less traffic and less chances of a collision.

  1. High precision thermal modeling of complex systems with application to the flyby and Pioneer anomaly

    CERN Document Server

    Rievers, Benny

    2011-01-01

    Thermal modeling of complex systems faces the problems of an effective digitalization of the detailed geometry and properties of the system, calculation of the thermal flows and temperature maps, treatment of the thermal radiation including possible multiple reflections, inclusion of additional external influences, extraction of the radiation pressure from calculated surface data, and computational effectiveness. In previous publications the solution to these problems have been outlined and a first application to the Pioneer spacecraft have been shown. Here we like to present the application of our thermal modeling to the Rosetta flyby anomaly as well as to the Pioneer anomaly. The analysis outlines that thermal recoil pressure is not the cause of the Rosetta flyby anomaly but likely resolves the anomalous acceleration observed for Pioneer 10.

  2. WLAN Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Ms. Sushama Shirke

    2011-08-01

    Full Text Available This is an implementation of the Wireless LAN Intrusion Detection System (WIDS using clock-skews as a fingerprinting property as suggested by Jana-Kasera [1]. Our objective is to detect the presence of a fake access point (AP in a Wireless LAN (WLAN. Use of clock -skew enables us to effectively detect Medium Access Control (MAC Address spoofing. The principle used in this project is that clock s k e w s remain consistent over time for the same AP but vary significantly across AP’s. We have also tried to exploreprobable points of failure and implemented algorithms to overcome these problems. Advantage of this implementation is that fake AP can be detected very quickly as WLAN Intrusion Detection System needs only 100 -200 packets in most cases.

  3. Tetralogy of Fallot Associated with Dysplastic Kidneys, Cloacal Anomalies, and Female Pseudohermaphroditism: A Systemic Anomaly of Septation?

    Directory of Open Access Journals (Sweden)

    José Morales-Roselló

    2012-01-01

    Full Text Available A 20-week fetus was diagnosed with tetralogy of Fallot and multicystic kidneys. The postmortem study showed missing müllerian structures with small streak ovaries, external male genitalia, and an abnormal cloacal septation (imperforate anus with a sigmoid colon opening in the bladder. As the observed anomalies were related with septation, a mechanism related with the activation of specific growth factors, we discuss the possibility of a disorder in the function of the bone morphogenetic proteins as a common cause for the widespread anomalies found in this fetus.

  4. Finding Needle in a Million Metrics: Anomaly Detection in a Large-scale Computational Advertising Platform

    OpenAIRE

    Zhou, Bowen; Shariat, Shahriar

    2016-01-01

    Online media offers opportunities to marketers to deliver brand messages to a large audience. Advertising technology platforms enables the advertisers to find the proper group of audiences and deliver ad impressions to them in real time. The recent growth of the real time bidding has posed a significant challenge on monitoring such a complicated system. With so many components we need a reliable system that detects the possible changes in the system and alerts the engineering team. In this pa...

  5. Subsurface faults detection based on magnetic anomalies investigation: A field example at Taba protectorate, South Sinai

    Science.gov (United States)

    Khalil, Mohamed H.

    2016-08-01

    Quantitative interpretation of the magnetic data particularly in a complex dissected structure necessitates using of filtering techniques. In Taba protectorate, Sinai synthesis of different filtering algorithms was carried out to distinct and verifies the subsurface structure and estimates the depth of the causative magnetic sources. In order to separate the shallow-seated structure, filters of the vertical derivatives (VDR), Butterworth high-pass (BWHP), analytic signal (AS) amplitude, and total horizontal derivative of the tilt derivative (TDR_THDR) were conducted. While, filters of the apparent susceptibility and Butterworth low-pass (BWLP) were conducted to identify the deep-seated structure. The depths of the geological contacts and faults were calculated by the 3D Euler deconvolution. Noteworthy, TDR_THDR was independent of geomagnetic inclination, significantly less susceptible to noise, and more sensitive to the details of the shallow superimposed structures. Whereas, the BWLP proved high resolution capabilities in attenuating the shorter wavelength of the near surface anomalies and emphasizing the longer wavelength derived from deeper causative structure. 3D Euler deconvolution (SI = 0) was quite amenable to estimate the depths of superimposed subsurface structure. The pattern, location, and trend of the deduced shallow and deep faults were conformed remarkably to the addressed fault system.

  6. Intrusion Detection Systems

    CERN Document Server

    Pietro, Roberto Di

    2008-01-01

    In our world of ever-increasing Internet connectivity, there is an on-going threat of intrusion, denial of service attacks, or countless other abuses of computer and network resources. In particular, these threats continue to persist due to the flaws of current commercial intrusion detection systems (IDSs). Intrusion Detection Systems is an edited volume by world class leaders in this field. This edited volume sheds new light on defense alert systems against computer and network intrusions. It also covers integrating intrusion alerts within security policy framework for intrusion response, rel

  7. Discrete shearlet transform on GPU with applications in anomaly detection and denoising

    Science.gov (United States)

    Gibert, Xavier; Patel, Vishal M.; Labate, Demetrio; Chellappa, Rama

    2014-12-01

    Shearlets have emerged in recent years as one of the most successful methods for the multiscale analysis of multidimensional signals. Unlike wavelets, shearlets form a pyramid of well-localized functions defined not only over a range of scales and locations, but also over a range of orientations and with highly anisotropic supports. As a result, shearlets are much more effective than traditional wavelets in handling the geometry of multidimensional data, and this was exploited in a wide range of applications from image and signal processing. However, despite their desirable properties, the wider applicability of shearlets is limited by the computational complexity of current software implementations. For example, denoising a single 512 × 512 image using a current implementation of the shearlet-based shrinkage algorithm can take between 10 s and 2 min, depending on the number of CPU cores, and much longer processing times are required for video denoising. On the other hand, due to the parallel nature of the shearlet transform, it is possible to use graphics processing units (GPU) to accelerate its implementation. In this paper, we present an open source stand-alone implementation of the 2D discrete shearlet transform using CUDA C++ as well as GPU-accelerated MATLAB implementations of the 2D and 3D shearlet transforms. We have instrumented the code so that we can analyze the running time of each kernel under different GPU hardware. In addition to denoising, we describe a novel application of shearlets for detecting anomalies in textured images. In this application, computation times can be reduced by a factor of 50 or more, compared to multicore CPU implementations.

  8. Causality principle and nuclear dispersion anomaly in the elastic scattering for α+12C system

    Institute of Scientific and Technical Information of China (English)

    Abdolmajid Izadpanah

    2010-01-01

    The optical model analysis of the alpha particle elastic scattering on a carbon target was performed on the basis of the dispersion relation between the real and imaginary parts of the calculated volume integrals. A nuclear dispersion anomaly in an α+12C system was observed and interpreted clearly.

  9. ANOMALY INTRUSION DETECTION DESIGN USING HYBRID OF UNSUPERVISED AND SUPERVISED NEURAL NETWORK

    Directory of Open Access Journals (Sweden)

    M. Bahrololum

    2009-07-01

    Full Text Available This paper proposed a new approach to design the system using a hybrid of misuse and anomalydetection for training of normal and attack packets respectively. The utilized method for attack training isthe combination of unsupervised and supervised Neural Network (NN for Intrusion Detection System. Bythe unsupervised NN based on Self Organizing Map (SOM, attacks will be classified into smallercategories considering their similar features, and then unsupervised NN based on Backpropagation willbe used for clustering. By misuse approach known packets would be identified fast and unknown attackswill be able to detect by this method.

  10. An ECG Monitoring System For Prediction Of Cardiac Anomalies Using WBAN

    OpenAIRE

    Hadjem, Medina; Salem, Osman; Naït-Abdesselam, Farid

    2014-01-01

    International audience Cardiovascular diseases (CVD) are known to be the most widespread causes to death. Therefore, detecting earlier signs of cardiac anomalies is of prominent importance to ease the treatment of any cardiac complication or take appropriate actions. Electrocardiogram (ECG) is used by doctors as an important diagnosis tool and in most cases, it's recorded and analyzed at hospital after the appearance of first symptoms or recorded by patients using a device named holter ECG...

  11. Unusual Threshold Anomaly in the 6Li+208Pb System

    Institute of Scientific and Technical Information of China (English)

    ZHANG Chun-Lei; JIA Hui-Ming; WU Zhen-Dong; XU Xin-Xing; BAI Chun-Lin; ZHANG Huan-Qiao; LIN Cheng-Jian; RUAN Ming; LIU Zu-Hua; YANG Feng; WU Xiu-Kun; ZHOU Ping; AN Guang-Peng

    2006-01-01

    @@ The angular distributions of elastic scattering for the 6Li +208Pb system have been measured at several energies around the Coulomb barrier. The parameters of optical potential are extracted by means of a phenomenological optical model analysis. It is found that the real and imaginal potentials show a pronounced energy dependence.The behaviour of the potential at the nearly especially sub-barrier energies in the 6Li+208Pb system is quite different from the results of some previous reports observed in other systems, such as 19 F +208 Pb and 16 O+208 Pb.This unusual threshold phenomenon indicates that breakup channel is strongly coupled with the elastic channel and has obvious effects on optical potential.

  12. Enhanced Anomaly Detection Via PLS Regression Models and Information Entropy Theory

    KAUST Repository

    Harrou, Fouzi

    2015-12-07

    Accurate and effective fault detection and diagnosis of modern engineering systems is crucial for ensuring reliability, safety and maintaining the desired product quality. In this work, we propose an innovative method for detecting small faults in the highly correlated multivariate data. The developed method utilizes partial least square (PLS) method as a modelling framework, and the symmetrized Kullback-Leibler divergence (KLD) as a monitoring index, where it is used to quantify the dissimilarity between probability distributions of current PLS-based residual and reference one obtained using fault-free data. The performance of the PLS-based KLD fault detection algorithm is illustrated and compared to the conventional PLS-based fault detection methods. Using synthetic data, we have demonstrated the greater sensitivity and effectiveness of the developed method over the conventional methods, especially when data are highly correlated and small faults are of interest.

  13. Research on Healthy Anomaly Detection Model Based on Deep Learning from Multiple Time-Series Physiological Signals

    Directory of Open Access Journals (Sweden)

    Kai Wang

    2016-01-01

    Full Text Available Health is vital to every human being. To further improve its already respectable medical technology, the medical community is transitioning towards a proactive approach which anticipates and mitigates risks before getting ill. This approach requires measuring the physiological signals of human and analyzes these data at regular intervals. In this paper, we present a novel approach to apply deep learning in physiological signals analysis that allows doctor to identify latent risks. However, extracting high level information from physiological time-series data is a hard problem faced by the machine learning communities. Therefore, in this approach, we apply model based on convolutional neural network that can automatically learn features from raw physiological signals in an unsupervised manner and then based on the learned features use multivariate Gauss distribution anomaly detection method to detect anomaly data. Our experiment is shown to have a significant performance in physiological signals anomaly detection. So it is a promising tool for doctor to identify early signs of illness even if the criteria are unknown a priori.

  14. Application of Inductive Monitoring System to Plug Load Anomaly Detection

    Data.gov (United States)

    National Aeronautics and Space Administration — NASA Ames Research Center’s Sustainability Base is a new 50,000 sq. ft. LEED Platinum office building. Plug loads are expected to account for a significant portion...

  15. Anomaly detection in SCADA systems: a network based approach

    NARCIS (Netherlands)

    Barbosa, Rafael Ramos Regis

    2014-01-01

    Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities, such as water treatment facilities. Historically, these networks were composed by special-purpose embedded devices communicating through proprietary protocols. However

  16. A Mobile Device System for Early Warning of ECG Anomalies

    OpenAIRE

    Adam Szczepański; Khalid Saeed

    2014-01-01

    With the rapid increase in computational power of mobile devices the amount of ambient intelligence-based smart environment systems has increased greatly in recent years. A proposition of such a solution is described in this paper, namely real time monitoring of an electrocardiogram (ECG) signal during everyday activities for identification of life threatening situations. The paper, being both research and review, describes previous work of the authors, current state of the art in the context...

  17. A Bayesian Networks in Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    M. Mehdi

    2007-01-01

    Full Text Available Intrusion detection systems (IDSs have been widely used to overcome security threats in computer networks. Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behaviour which may result in a large number of false alarms caused by incorrect classification of events in current systems. We propose a new approach of an anomaly Intrusion detection system (IDS. It consists of building a reference behaviour model and the use of a Bayesian classification procedure associated to unsupervised learning algorithm to evaluate the deviation between current and reference behaviour. Continuous re-estimation of model parameters allows for real time operation. The use of recursive Log-likelihood and entropy estimation as a measure for monitoring model degradation related with behavior changes and the associated model update show that the accuracy of the event classification process is significantly improved using our proposed approach for reducing the missing-alarm.

  18. Diagnostic value and clinical problems of MR imaging in congenital anomalies of the central nervous system, 2. Spinal dysraphisms

    Energy Technology Data Exchange (ETDEWEB)

    Oi, Shizuo; Urui, Seishiro; Asano, Noboru; Masumura, Michio; Shose, Yoshiteru; Matsumoto, Satoshi

    1987-06-01

    Spina bifida and associated congenital anomalies in the central nervous system were evaluated by means of MRI, and the results compared with those obtained by conventional diagnostic procedures. Using the two-dimensional Fourier transform technique, a three-radiofrequency-pulse sequence (inversion recovery: IR 2100/500; spin-echo: SE 2100/40 or 2100/80) was routinely applied. Compared with X-ray CT, MR proved to be more accurate in the detection of the pathoanatomical relation between the lesion and the spinal cord, or that between the spinal dysraphic state and associated intracranial anomalies. MRI was also superior in the anatomical diagnosis of a spinal lipoma, a tethered cord, syringobulbia, syringomyelia, the Chiari anomaly, and so forth. The most considerable disadvantage of MRI in the diagnosis of the spina bifida is the poor information it provides about the bifid spine itself, but this information may be obtained by the use of conventional diagnostic procedures. Also, a regular-conducting MRI system is still insufficient to demonstrate the precise location of the canda equina nerve roots, especially in relation to a lipoma, although the spin-echo MR myelographic technique was helpful in demarcating the major structures, such as the lipoma and the cord. In syringomyelia and syringobulbia, further invasive study in analyzing the fluid dynamics is needed to determine the proper operative procedure. It was emphasized in this study that MRI is an extremely valuable diagnostic tool also in the diagnosis of spinal dysraphism, especially in the detection of a pathoanatomical structure, but can also be expected to be improved so as to make possible finer anatomical analysis and provide a higher quality of information on the fluid dynamics, at least so as to indicate operative procedures without any invasive methods. (J.P.N.).

  19. Diagnostic value and clinical problems of MR imaging in congenital anomalies of the central nervous system, 2

    International Nuclear Information System (INIS)

    Spina bifida and associated congenital anomalies in the central nervous system were evaluated by means of MRI, and the results compared with those obtained by conventional diagnostic procedures. Using the two-dimensional Fourier transform technique, a three-radiofrequency-pulse sequence (inversion recovery: IR 2100/500; spin-echo: SE 2100/40 or 2100/80) was routinely applied. Compared with X-ray CT, MR proved to be more accurate in the detection of the pathoanatomical relation between the lesion and the spinal cord, or that between the spinal dysraphic state and associated intracranial anomalies. MRI was also superior in the anatomical diagnosis of a spinal lipoma, a tethered cord, syringobulbia, syringomyelia, the Chiari anomaly, and so forth. The most considerable disadvantage of MRI in the diagnosis of the spina bifida is the poor information it provides about the bifid spine itself, but this information may be obtained by the use of conventional diagnostic procedures. Also, a regular-conducting MRI system is still insufficient to demonstrate the precise location of the canda equina nerve roots, especially in relation to a lipoma, although the spin-echo MR myelographic technique was helpful in demarcating the major structures, such as the lipoma and the cord. In syringomyelia and syringobulbia, further invasive study in analyzing the fluid dynamics is needed to determine the proper operative procedure. It was emphasized in this study that MRI is an extremely valuable diagnostic tool also in the diagnosis of spinal dysraphism, especially in the detection of a pathoanatomical structure, but can also be expected to be improved so as to make possible finer anatomical analysis and provide a higher quality of information on the fluid dynamics, at least so as to indicate operative procedures without any invasive methods. (J.P.N.)

  20. Automated detection and analysis of volcanic thermal anomalies through the combined use of SEVIRI and MODIS

    OpenAIRE

    Ganci, G.; Istituto Nazionale di Geofisica e Vulcanologia, Sezione Catania, Catania, Italia; Del Negro, C.; Istituto Nazionale di Geofisica e Vulcanologia, Sezione Catania, Catania, Italia; Vicari, A.; Istituto Nazionale di Geofisica e Vulcanologia, Sezione Catania, Catania, Italia; Fortuna, L.; Istituto Nazionale di Geofisica e Vulcanologia, Sezione Catania, Catania, Italia

    2010-01-01

    Multispectral infrared observations carried out by the spacecrafts have shown that spaceborne remote sensing of high-temperature volcanic features is feasible and robust enough to turn into volcano monitoring. Especially meteorological satellites have proven a powerful instrument to detect and monitor dynamic phenomena, such as volcanic processes, allowing very high temporal resolution despite of their low spatial resolution. An automated system that uses both EOS-MODIS and ...

  1. A local proton irradiation model for isotopic anomalies in the solar system

    Science.gov (United States)

    Lee, T.

    1978-01-01

    An attempt is made to explain the O-16 and Al-26 anomalies observed in solar-system bodies in the framework of a local irradiation model wherein a small amount of solar system matter of normal isotopic composition was irradiated by energetic protons from the primeval sun. Several isotopic constraints are summarized with which the model should be consistent, and a proton energy distribution and fluence and a target elemental composition are chosen such that the extraordinary component produced by irradiation satisfies the constraints. Detailed attention is given to the relevant oxygen reactions, Al-26 production, and effects of proton irradiation on isotopes of Mg, Ca, and Ba. A scenario is outlined which satisfies all the constraints. Consequences of the model are discussed with respect to the isotopic anomalies observed in Allende inclusions.

  2. Detection of Characteristic Precipitation Anomaly Patterns of El Nino / La Nina in Time- variable Gravity Fields by GRACE

    Science.gov (United States)

    Heki, K.; Morishita, Y.

    2007-12-01

    GRACE (Gravity Recovery and Climate Experiment) satellites, launched in March 2002, have been mapping monthly gravity fields of the Earth, allowing us to infer changes in surface mass, e.g. water and ice. Past findings include the ice mass loss in southern Greenland (Luthcke et al., 2006) and its acceleration in 2004 (Velicogna and Wahr, 2006), crustal dilatation by the 2004 Sumatra Earthquake (Han et al., 2006) and the postseismic movement of water in mantle (Ogawa and Heki, 2007). ENSO (El Nino and Southern Oscillation) brings about global climate impacts, together with its opposite phenomenon, La Nina. Ropelewski and Halpert (1987) showed typical precipitation patterns in ENSO years; characteristic regional-scale precipitation anomalies occur in India, tropical and southern Africa and South America. Nearly opposite precipitation anomalies are shown to occur in La Nina years (Ropelewski and Halpert, 1988). Here we report the detection of such precipitation anomaly patterns in the GRACE monthly gravity data 2002 - 2007, which includes both La Nina (2005 fall - 2006 spring) and El Nino (2006 fall - 2007 spring) periods. We modeled the worldwide gravity time series with constant trends and seasonal changes, and extracted deviations of gravity values at two time epochs, i.e. February 2006 and 2007, and converted them into the changes in equivalent surface water mass. East Africa showed negative gravity deviation (-20.5 cm in water) in 2006 February (La Nina), which reversed to positive (18.7 cm) in 2007 February (El Nino). Northern and southern parts of South America also showed similar see-saw patterns. Such patterns closely resemble to those found meteorologically (Ropelewski and Halpert, 1987; 1988), suggesting the potential of GRACE as a sensor of inter-annual precipitation anomalies through changes in continental water storage. We performed numerical simulations of soil moisture changes at grid points in land area incorporating the CMAP precipitation data, NCEP

  3. Neonatal head ultrasound: systematic approach to congenital Central Nervous System anomalies. A pictorial essay.

    Science.gov (United States)

    Yoon, Hye-Kyung; Cho, Seong Whi

    2016-09-01

    Brain ultrasound is widely used for the screening of prematurely born babies. Although the best imaging modality for the central nervous system anomaly is brain MRI, the first imaging study in the post-natal period is brain ultrasonography in most cases. Anomalies could be found incidentally on screening ultrasound, or in those cases already suspected on prenatal ultrasound. In order not to miss congenital structural abnormalities of the brain on screening ultrasound, systematic approaches would be very helpful. The ventricles and sylvian fissures are very important structures to suspect central nervous system anomalies: they are symmetric structures so we should look for any asymmetry or maldevelopment. And then, on sagittal images, the midline structures including the corpus callosum and cerebellar vermis should be observed carefully. Finally, we should look for any abnormality in gyration or cortical development. Skull defect with herniation of intracranial contents, a spectrum of encephalo-meningocele, could be also identified on ultrasound. Congenital infections such as cytomegalovirus infection may show ventriculomegaly and malformation of the cortical development on imaging studies. PMID:27622417

  4. Applying an Ontology to a Patrol Intrusion Detection System for Wireless Sensor Networks

    OpenAIRE

    Chia-Fen Hsieh; Rung-Ching Chen; Yung-Fa Huang

    2014-01-01

    With the increasing application of wireless sensor networks (WSN), the security requirements for wireless sensor network communications have become critical. However, the detection mechanisms of such systems impact the effectiveness of the entire network. In this paper, we propose a lightweight ontology-based wireless intrusion detection system (OWIDS). The system applies an ontology to a patrol intrusion detection system (PIDS). A PIDS is used to detect anomalies via detection knowledge. The...

  5. Detection of malignant right coronary artery anomaly by multi-slice CT coronary angiography

    International Nuclear Information System (INIS)

    Coronary artery anomalies occur in 0.3-0.8% of the population and infer a high risk for sudden cardiac death in young adults. Diagnosis is usually established during coronary angiography, which is hampered by poor spatial visualization. Magnetic resonance imaging is an alternative, but it is not feasible in the presence of metal objects or claustrophobia. In this report, a 15-year-old boy experienced ventricular fibrillation and was successfully resuscitated. Cardiac catheterization was inconclusive, and pacemaker implantation prohibited the use of MR imaging. Multi-slice CT coronary angiography revealed a malignant anomalous right coronary artery. (orig.)

  6. Novel Hybrid Intrusion Detection System For Clustered Wireless Sensor Network

    Directory of Open Access Journals (Sweden)

    Hichem Sedjelmaci

    2011-08-01

    Full Text Available Wireless sensor network (WSN is regularly deployed in unattended and hostile environments. The WSN isvulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network. It is widely known, that the intrusion detection is one of the mostefficient security mechanisms to protect the network against malicious attacks or unauthorized access. In this paper, we propose a hybrid intrusion detection system for clustered WSN. Our intrusion framework uses a combination between the Anomaly Detection based on support vector machine (SVM and the Misuse Detection. Experiments results show that most of routing attacks can be detected with low falsealarm.

  7. Novel hybrid intrusion detection system for clustered wireless sensor network

    CERN Document Server

    Sedjelmaci, Hichem

    2011-01-01

    Wireless sensor network (WSN) is regularly deployed in unattended and hostile environments. The WSN is vulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network. It is widely known, that the intrusion detection is one of the most efficient security mechanisms to protect the network against malicious attacks or unauthorized access. In this paper, we propose a hybrid intrusion detection system for clustered WSN. Our intrusion framework uses a combination between the Anomaly Detection based on support vector machine (SVM) and the Misuse Detection. Experiments results show that most of routing attacks can be detected with low false alarm.

  8. Hydrocarbon anomaly in soil gas as near-surface expressions of upflows and outflows in geothermal systems

    Energy Technology Data Exchange (ETDEWEB)

    Ong, H.L.; Higashihara, M.; Klusman, R.W.; Voorhees, K.J.; Pudjianto, R.; Ong, J

    1996-01-24

    A variety of hydrocarbons, C1 - C12, have been found in volcanic gases (fumarolic) and in geothermal waters and gases. The hydrocarbons are thought to have come from products of pyrolysis of kerogen in sedimentary rocks or they could be fed into the geothermal system by the recharging waters which may contain dissolved hydrocarbons or hydrocarbons extracted by the waters from the rocks. In the hot geothermal zone, 300°+ C, many of these hydrocarbons are in their critical state. It is thought that they move upwards due to buoyancy and flux up with the upflowing geothermal fluids in the upflow zones together with the magmatic gases. Permeability which could be provided by faults, fissures, mini and micro fractures are thought to provide pathways for the upward flux. A sensitive technique (Petrex) utilizing passive integrative adsorption of the hydrocarbons in soil gas on activated charcoal followed by desorption and analysis of the hydrocarbons by direct introduction mass spectrometry allows mapping of the anomalous areas. Surveys for geothermal resources conducted in Japan and in Indonesia show that the hydrocarbon anomaly occur over known fields and over areas strongly suspected of geothermal potential. The hydrocarbons found and identified were n-paraffins (C7-C9) and aromatics (C7-C8). Detection of permeable, i.e. active or open faults, parts of older faults which have been reactivated, e.g. by younger intersecting faults, and the area surrounding these faulted and permeable region is possible. The mechanism leading to the appearance of the hydrocarbon in the soil gas over upflow zones of the geothermal reservoir is proposed. The paraffins seems to be better pathfinders for the location of upflows than the aromatics. However the aromatics may, under certain circumstances, give better indications of the direction of the outflow of the geothermal system. It is thought that an upflow zone can be

  9. Selecting training and test images for optimized anomaly detection algorithms in hyperspectral imagery through robust parameter design

    Science.gov (United States)

    Mindrup, Frank M.; Friend, Mark A.; Bauer, Kenneth W.

    2011-06-01

    There are numerous anomaly detection algorithms proposed for hyperspectral imagery. Robust parameter design (RPD) techniques have been applied to some of these algorithms in an attempt to choose robust settings capable of operating consistently across a large variety of image scenes. Typically, training and test sets of hyperspectral images are chosen randomly. Previous research developed a frameworkfor optimizing anomaly detection in HSI by considering specific image characteristics as noise variables within the context of RPD; these characteristics include the Fisher's score, ratio of target pixels and number of clusters. This paper describes a method for selecting hyperspectral image training and test subsets yielding consistent RPD results based on these noise features. These subsets are not necessarily orthogonal, but still provide improvements over random training and test subset assignments by maximizing the volume and average distance between image noise characteristics. Several different mathematical models representing the value of a training and test set based on such measures as the D-optimal score and various distance norms are tested in a simulation experiment.

  10. Neonatal Jaundice Detection System.

    Science.gov (United States)

    Aydın, Mustafa; Hardalaç, Fırat; Ural, Berkan; Karap, Serhat

    2016-07-01

    Neonatal jaundice is a common condition that occurs in newborn infants in the first week of life. Today, techniques used for detection are required blood samples and other clinical testing with special equipment. The aim of this study is creating a non-invasive system to control and to detect the jaundice periodically and helping doctors for early diagnosis. In this work, first, a patient group which is consisted from jaundiced babies and a control group which is consisted from healthy babies are prepared, then between 24 and 48 h after birth, 40 jaundiced and 40 healthy newborns are chosen. Second, advanced image processing techniques are used on the images which are taken with a standard smartphone and the color calibration card. Segmentation, pixel similarity and white balancing methods are used as image processing techniques and RGB values and pixels' important information are obtained exactly. Third, during feature extraction stage, with using colormap transformations and feature calculation, comparisons are done in RGB plane between color change values and the 8-color calibration card which is specially designed. Finally, in the bilirubin level estimation stage, kNN and SVR machine learning regressions are used on the dataset which are obtained from feature extraction. At the end of the process, when the control group is based on for comparisons, jaundice is succesfully detected for 40 jaundiced infants and the success rate is 85 %. Obtained bilirubin estimation results are consisted with bilirubin results which are obtained from the standard blood test and the compliance rate is 85 %. PMID:27229489

  11. Detection of anomalies in NLO sulphamic acid single crystals by ultrasonic and thermal studies

    Indian Academy of Sciences (India)

    GEORGE VARUGHESE

    2016-09-01

    The ultrasonic pulse echo overlap technique (PEO) has been used to measure the velocities of 10 MHz acoustic waves in sulphamic acid single crystals in the range of 300–400 K. This study evaluated all the elastic stiffnessconstants, compliance constants and Poisson’s ratios of the crystal. The temperature variations of the elastic constants have been determined. The phase transition studies above room temperature were investigated using ultrasonic PEO technique. This study has suggested new weak elastic anomalies for the crystal around 330 K. The transverse elastic constants C44 and C66 have shown clear thermal hysteresis of 2 K. The present differential scanningcalorimetric (DSC) studies carried out at a slow heating rate have also suggested weak phase transition around 331 K. The present elastic and thermal studies have been substantiated by already reported DC electrical conductivitystudies around 330 K.

  12. Bicycle Detection System

    OpenAIRE

    Yu, James; Arellano , Secundino; Carrillo , Alma; Cruz , Melinda; Kunitskiy, Dmitriy; Maynigo , Marlo; Sell , Monica

    2013-01-01

    Project Description:  Bicycle detection has become a popular feature of high demand in cities and agencies across the United States. California has recently mandated that all new limit line detector installations as well as modifications to existing limit line detection must provide bicycle detection. This has created the need to develop detection methodologies which are able to detect bicycles as well as differentiate them from vehicles. The objective of this project is to utilize Econolite ...

  13. Lower Energy α Elastic Scattering on 20Ne and Anomaly of α+20Ne Scattering System

    Institute of Scientific and Technical Information of China (English)

    YANG Yong-Xu; TAN Hai-Lan; LI Qing-Run

    2011-01-01

    The α+20 Ne elastic scattering angular distributions at lower incident energies of Eα = 12.7-31.1 MeV have been analyzed by using the a-folding potential based on the α+16O structure model of the 20Ne nucleus. The α-folding potential with a standard Woods-Saxon type imaginary part, can reasonably describe experimental cross sections and the anomalous large angle scattering (ALAS) features. The anomaly of the α+20Ne scattering system is further confirmed in the lower incident energy region.PACS numbers: 25.70.Bc, 24.10.Ht, 21.60.Gx

  14. Elastic anomalies and phonon damping in a metallic high spin-low spin system

    Science.gov (United States)

    Ihlemann, J.; Bärner, K.

    1984-12-01

    The elastic constants and the sound attenuation in single crystals of the metallic high spin (hs)-low spin (ls) system MnAs 1- xP x have been measured for temperaturres between 10 and 500 K. Elastic anomalies and damping maxima have been found for the second-order displacive (B8 1⇌B31) phase transition, the hs-ls transition and for the magnetic order-disorder transition. The phenomena near the hs-ls transition, in particular, are interpreted in terms of a condensation of a soft static phonon at the ls (hs) site in a hs (ls) matrix.

  15. Evaluating the SEVIRI Fire Thermal Anomaly Detection Algorithm across the Central African Republic Using the MODIS Active Fire Product

    Directory of Open Access Journals (Sweden)

    Patrick H. Freeborn

    2014-02-01

    Full Text Available Satellite-based remote sensing of active fires is the only practical way to consistently and continuously monitor diurnal fluctuations in biomass burning from regional, to continental, to global scales. Failure to understand, quantify, and communicate the performance of an active fire detection algorithm, however, can lead to improper interpretations of the spatiotemporal distribution of biomass burning, and flawed estimates of fuel consumption and trace gas and aerosol emissions. This work evaluates the performance of the Spinning Enhanced Visible and Infrared Imager (SEVIRI Fire Thermal Anomaly (FTA detection algorithm using seven months of active fire pixels detected by the Moderate Resolution Imaging Spectroradiometer (MODIS across the Central African Republic (CAR. Results indicate that the omission rate of the SEVIRI FTA detection algorithm relative to MODIS varies spatially across the CAR, ranging from 25% in the south to 74% in the east. In the absence of confounding artifacts such as sunglint, uncertainties in the background thermal characterization, and cloud cover, the regional variation in SEVIRI’s omission rate can be attributed to a coupling between SEVIRI’s low spatial resolution detection bias (i.e., the inability to detect fires below a certain size and intensity and a strong geographic gradient in active fire characteristics across the CAR. SEVIRI’s commission rate relative to MODIS increases from 9% when evaluated near MODIS nadir to 53% near the MODIS scene edges, indicating that SEVIRI errors of commission at the MODIS scene edges may not be false alarms but rather true fires that MODIS failed to detect as a result of larger pixel sizes at extreme MODIS scan angles. Results from this work are expected to facilitate (i future improvements to the SEVIRI FTA detection algorithm; (ii the assimilation of the SEVIRI and MODIS active fire products; and (iii the potential inclusion of SEVIRI into a network of geostationary

  16. 64. The prevalence of coronary artery anomalies in Qassim province detected by cardiac computed tomography angiography

    Directory of Open Access Journals (Sweden)

    O. smettei

    2016-07-01

    Full Text Available Coronary artery anomalies (CAAs affect about 1% of the general population based on invasive coronary angiography (ICA data, computed tomography angiography (CTA enables better visualization of the origin, course, relation to the adjacent structures, and termination of CAAs compared to ICA. The aim of our work is to estimate the frequency of CAAs in Qassim province among patients underwent cardiac CTA at PSCCQ. Retrospective analysis of the CTA data of 2235 patients between 2009 and 2015. The prevalence of CAAs in our study was 1.029%. Among the 2235 patients, 241 (10.78% had CAAs or coronary variants, 198 (8.85% had myocardial bridging, 34 (1.52% had a variable location of the Coronary Ostia, Twenty two (0.98% had a separate origin of left anterior descending (LAD and left circumflex coronary (LCX arteries, ten (0.447% had a separate origin of the RCA and the Conus artery. Seventeen (0.76% had an anomalous origin of the coronaries. Six (0.268% had a coronary artery fistula, which is connected mainly to the right heart chambers, one of these fistulas was complicated by acute myocardial infarction. The incidence of CAAs in our patient population was similar to the former studies, CTA is an excellent tool for diagnosis and guiding the management of the CAAs.

  17. Outcome of fetuses with short femur length detected at second-trimester anomaly scan

    DEFF Research Database (Denmark)

    Mathiesen, J M; Aksglaede, L; Skibsted, L;

    2014-01-01

    FL was identified in 2718 (1.8%) of 147,766 fetuses and was present in 11 (16.2%) of the 68 fetuses affected by trisomy 21 (positive likelihood ratio (LR+) 8.8 (95% CI, 5.1-15.2)). Trisomy 13/18 and unbalanced autosomal structural abnormalities were also associated with a short FL in three (12.0%, LR......+ 6.5 (95% CI, 2.3-18.9)) and eight (32.0%, LR+ 17.4 (95% CI, 9.8-30.9)) of the cases, respectively. The risk of a fetus having trisomy 21, trisomy 18, trisomy 13 or an unbalanced autosomal structural abnormality was 1 : 123 (95% CI, 79-192), given a short FL. Pregnancies with a fetus with short FL...... were more often affected by early preterm delivery (before 34 weeks) (5.6%; odds ratio (OR) = 4.2 (95% CI, 3.5-4.9)) and small-for-gestational-age (SGA) infants (13.9%; OR = 4.3 (95% CI, 3.8-4.8)). CONCLUSION: Short FL at the second-trimester anomaly scan is associated with a significantly higher...

  18. Does the South Atlantic Anomaly influence the ionospheric Sq current system?

    Science.gov (United States)

    Koch, Stephan; Kuvshinov, Alexey

    2014-05-01

    We study if and how the South Atlantic Anomaly (SAA) influences the ionospheric Sq current system. In order to counterbalance the northern hemisphere observatory dominance, we exploit the data for the time span (from November 1989 till December 1990) when the global geomagnetic observatory network was augmented by the AWAGS (Australia Wide Array of Geomagnetic Stations) network. The AWAGS network comprised 53 observation sites that were regularly distributed over the Australian mainland and equipped with portable vector magnetometers. The data from 49 geomagnetically quiet days are processed and the Sq foci tracks are analyzed. The computed tracks result in pronounced bands in the northern and southern hemisphere, which seems to neither follow the geographic nor the geomagnetic or dip equator. We interpret this observation as the Sq foci tracks are controlled by an interplay of the Earth-Sun constellation (which causes the seasonal variations of Sq) and the Earth's main magnetic field. Remarkably, we observe a distinct scattering of the tracks over the SAA. This systematic scattering is due to a larger shift of the southern hemisphere focus northwards during northern summer solstice and southwards during the southern summer solstice. Our explanation of this behavour is that if the main magnetic field is weak, which is the case for the SAA, the Earth-Sun constellation becomes the dominating factor leading to a larger sensitivity of Sq current system on seasonal variations in South Atlantic Anomaly region.

  19. On the possibility of detecting large-scale crustal remanent magnetization with Magsat vector magnetic anomaly data

    Science.gov (United States)

    Galliher, S. C.; Mayhew, M. A.

    1982-01-01

    Magnetic anomaly component data measured by Magsat is compared with synthetic anomaly component fields arising from an equivalent source dipole array at the earth's surface generated from total field anomaly data alone. It is found that the synthetic components fit the component data regardless of the dipole orientation assigned to the equivalent sources and of the dipole spacing. Tentative conclusions are: (1) over the U.S., vector anomaly fields can be determined to the accuracy of the measurements from the total field anomaly data alone; and (2) the equivalent source technique is not useful for determining the direction of large-scale crustal magnetization.

  20. Detection of Congenital Mullerian Anomalies Using Real-Time 3D Sonography

    Directory of Open Access Journals (Sweden)

    Firoozeh Ahmadi

    2011-01-01

    Full Text Available A 35 year-old woman referred to Royan Institute (Reproductive Biomedicine Research Center for infertilitytreatment. She had an eleven-year history of primary infertility with a normal abdominal ultrasound.Hysterosalpingography (HSG was obtained one month prior to referral in another center (Fig A.The HSG finding of an apparent unicorn uterus followed by a normal vaginal ultrasound led us toperform a three-dimensional vaginal ultrasound before resorting to hysteroscopy. Results of thethree-dimensional vaginal ultrasound revealed a normal uterus (Fig B, C.Accurate characterization of congenital Mullerian anomalies (MDAs such as an arcuate, unicornuate,didelphys, bicornuate or septate uterus is challenging. While HSG has been the standard test in the diagnosisof MDAs, some limitations may favor the use of three-dimensional ultrasound. The most difficult partof HSG is interpreting the two-dimensional radiographic image into a complex, three-dimensional livingorgan (1. A variety of technical problems may occur while performing HSG. In this case, only an obliqueview could lead to a correct interpretation. It is advisable for the interpreter to perform the procedure ratherthan to inspect only the finished radiographic images (2.One of the most useful scan planes obtained on three-dimensional ultrasound is the coronal view ofthe uterus. This view is known to be a valuable problem-solving tool that assists in differentiatingbetween various types of MDAs due to the high level of agreement between three-dimensionalultrasound and HSG (3, 4.Recently, three-dimensional ultrasound has become the sole mandatory step in the initial investigationof MDAs due to its superiority to other techniques that have been used for the same purpose (5.

  1. Introduction to detection systems

    DEFF Research Database (Denmark)

    Larsen, Jan

    Presentation of the information processing pipleline for detection including discussing of various issues and the use of mathematical modeling. A simple example of detection a signal in noise illustrated that simple modeling outperforms human visual and auditory perception. Particiants are going...

  2. RePIDS: a multi tier real-time payload-based intrusion detection system

    NARCIS (Netherlands)

    Jamdagni, Aruna; Tan, Zhiyuan; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping

    2013-01-01

    Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative

  3. Value of prenatal MRI in early evaluation of fetal central nervous system anomalies

    Energy Technology Data Exchange (ETDEWEB)

    Kobayashi, Keiichi [Kugayama Hospital, Tokyo (Japan); Nakamura, Masanao; Hino, Ken [Kyorin Univ., Mitaka, Tokyo (Japan). School of Medicine] [and others

    2002-08-01

    Advances in technology and the need for accurate prenatal diagnoses have produced great improvements in fetal diagnosis by MRI. However, there are still many problems with diagnosis of central nervous system (CNS) anomalies using MRI (e.g., time of diagnosis, factors limiting diagnostic ability. Fifteen cases referred to our clinic from 1992 to 2001 and examined using intrauterine ultrasound, prenatal MRI and postnatal MRI were reviewed retrospectively. All clinical records and findings from prenatal MRI, postnatal MRI and ultrasound were reviewed. Prenatal MRI was found to be equal in diagnostic power to ultrasound and postnatal MRI in 10 of the 15 cases. In the remaining 5 fetuses, the findings of prenatal MRI were not the same to those of prenatal ultrasound and postnatal MRI. Our goal was to determine the value of prenatal MRI in diagnosis of fetal CNS anomalies, to ascertain how this information might be used for counseling, and to assess its impact on pregnancy management. Prenatal MRI provided useful information for support personnel (e.g., physicians, nurses, caseworkers, religious advisers). (author)

  4. Towards Corrosion Detection System

    Directory of Open Access Journals (Sweden)

    B.B.Zaidan

    2010-05-01

    Full Text Available Corrosion is a natural process that seeks to reduce the binding energy in metals. The end result of corrosion involves a metal atom being oxidized. Surface corrosion on aluminum aircraft skins, near joints and around fasteners, is often an indicator of buried structural corrosion and cracking In this paper we proposed a new method on which we are moving towards designing a method to detect the corrosion within the metals, the new method has defined texture analysis as the main method for this approach, the proposed enhancement shows less false positive and less false negative. The main functions used in this approach beside texture analysis are Edge detection, structure element and image dilation. The new approach has designed to detect a part of the image that has been affected by the corrosion, the tested images has showed a good result lying on detecting the corrosion part from the image.

  5. An expert system application for network intrusion detection

    Energy Technology Data Exchange (ETDEWEB)

    Jackson, K.A.; Dubois, D.H.; Stallings, C.A.

    1991-01-01

    The paper describes the design of a prototype intrusion detection system for the Los Alamos National Laboratory's Integrated Computing Network (ICN). The Network Anomaly Detection and Intrusion Reporter (NADIR) differs in one respect from most intrusion detection systems. It tries to address the intrusion detection problem on a network, as opposed to a single operating system. NADIR design intent was to copy and improve the audit record review activities normally done by security auditors. We wished to replace the manual review of audit logs with a near realtime expert system. NADIR compares network activity, as summarized in user profiles, against expert rules that define network security policy, improper or suspicious network activities, and normal network and user activity. When it detects deviant (anomalous) behavior, NADIR alerts operators in near realtime, and provides tools to aid in the investigation of the anomalous event. 15 refs., 2 figs.

  6. A data driven approach for detection and isolation of anomalies in a group of UAVs

    Directory of Open Access Journals (Sweden)

    Wang Yin

    2015-02-01

    Full Text Available The use of groups of unmanned aerial vehicles (UAVs has greatly expanded UAV’s capabilities in a variety of applications, such as surveillance, searching and mapping. As the UAVs are operated as a team, it is important to detect and isolate the occurrence of anomalous aircraft in order to avoid collisions and other risks that would affect the safety of the team. In this paper, we present a data-driven approach to detect and isolate abnormal aircraft within a team of formatted flying aerial vehicles, which removes the requirements for the prior knowledge of the underlying dynamic model in conventional model-based fault detection algorithms. Based on the assumption that normal behaviored UAVs should share similar (dynamic model parameters, we propose to firstly identify the model parameters for each aircraft of the team based on a sequence of input and output data pairs, and this is achieved by a novel sparse optimization technique. The fault states of the UAVs would be detected and isolated in the second step by identifying the change of model parameters. Simulation results have demonstrated the efficiency and flexibility of the proposed approach.

  7. A data driven approach for detection and isolation of anomalies in a group of UAVs

    Institute of Scientific and Technical Information of China (English)

    Wang Yin; Wang Daobo; Wang Jianhong

    2015-01-01

    The use of groups of unmanned aerial vehicles (UAVs) has greatly expanded UAV’s capa-bilities in a variety of applications, such as surveillance, searching and mapping. As the UAVs are operated as a team, it is important to detect and isolate the occurrence of anomalous aircraft in order to avoid collisions and other risks that would affect the safety of the team. In this paper, we present a data-driven approach to detect and isolate abnormal aircraft within a team of formatted flying aerial vehicles, which removes the requirements for the prior knowledge of the underlying dynamic model in conventional model-based fault detection algorithms. Based on the assumption that normal behaviored UAVs should share similar (dynamic) model parameters, we propose to firstly identify the model parameters for each aircraft of the team based on a sequence of input and output data pairs, and this is achieved by a novel sparse optimization technique. The fault states of the UAVs would be detected and isolated in the second step by identifying the change of model parameters. Simulation results have demonstrated the efficiency and flexibility of the proposed approach.

  8. Detecting Anomalies in Multivariate Data Sets with Switching Sequences and Continuous Streams

    Data.gov (United States)

    National Aeronautics and Space Administration — The world-wide aviation system is one of the most complex dynamical systems ever developed and is generating data at an extremely rapid rate. Most modern commercial...

  9. Multiple Kernel Learning for Heterogeneous Anomaly Detection: Algorithm and Aviation Safety Case Study

    Data.gov (United States)

    National Aeronautics and Space Administration — The world-wide aviation system is one of the most complex dynamical systems ever developed and is generating data at an extremely rapid rate. Most modern commercial...

  10. Methods and Systems for Characterization of an Anomaly Using Infrared Flash Thermography

    Science.gov (United States)

    Koshti, Ajay M. (Inventor)

    2013-01-01

    A method for characterizing an anomaly in a material comprises (a) extracting contrast data; (b) measuring a contrast evolution; (c) filtering the contrast evolution; (d) measuring a peak amplitude of the contrast evolution; (d) determining a diameter and a depth of the anomaly, and (e) repeating the step of determining the diameter and the depth of the anomaly until a change in the estimate of the depth is less than a set value. The step of determining the diameter and the depth of the anomaly comprises estimating the depth using a diameter constant C.sub.D equal to one for the first iteration of determining the diameter and the depth; estimating the diameter; and comparing the estimate of the depth of the anomaly after each iteration of estimating to the prior estimate of the depth to calculate the change in the estimate of the depth of the anomaly.

  11. Intrusion Detection System Using Hierarchical GMM and Dimensionality Reduction

    Directory of Open Access Journals (Sweden)

    L. Maria Michael

    2012-07-01

    Full Text Available The focus of this chapter is to provide the effective intrusion detection technique to protect Web server. The IDS protects an server from malicious attacks from the Internet if someone tries to break in through the firewall and tries to have access on any system in the trusted side and alerts the system administrator in case there is a breach in security. Gaussian Mixture Models (GMMs are among the most statistically mature methods for clustering the data. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection model is to collect behavioral features of non-normal operation and establish related feature library. In the existing system of anomaly based Intrusion Detection System, the work is based on the number of attacks on the network and using decision tree analysis for rule matching and grading. We are proposing an IDS approach that will use signature based and anomaly based identification scheme. And we are also proposing the rule pruning scheme with GMM(Gaussian Mixture Model. It does facilitate efficient way of handling large amount of rules. And we are planned to compare the performance of the IDS on different models. The Dimension Reduction focuses on using information obtained KDD Cup 99 data set for the selection of attributes to identify the type of attacks. The dimensionality reduction is performed on 41 attributes to 14 and 7 attributes based on Best First Search method and then apply the two classifying Algorithms ID3 and J48 Keywords-Intrusion detection, reliable networks, malicious routers, internet dependability, tolerance.

  12. Détection d'anomalies bathymétriques à partir de profils altimétriques = Detection of bathymetric anomalies from altimetric profiles

    OpenAIRE

    Le Quentrec, M. F.

    1992-01-01

    De nombreux travaux ont montré l'intérêt des données des satellites altimétriques pour la détection des anomalies bathymétriques océaniques. La bonne corrélation entre les altitudes du géoïde déduites des mesures altimétriques et les structures bathymétriques de courtes longueurs d'onde (de 35 à 245 km pour le satellite SEASAT) a permis, soit de découvrir de nouveaux reliefs sous-marins (plus d'une centaine de monts sous-marins ont été détectés dans le Pacifique Sud par cette méthode) soit de...

  13. Anomaly Detection in Electroencephalogram Signals Using Unconstrained Minimum Average Correlation Energy Filter

    Directory of Open Access Journals (Sweden)

    Aini Hussain

    2009-01-01

    Full Text Available Problem statement: Electroencepharogram (EEG is an extremely complex signal with very low signal to noise ratio and these attributed to difficulty in analyzing the signal. Hence for detecting abnormal segment, a distinctive method is required to train the technologist to distinguish the anomalous in EEG data. The objective of this study was to create a framework to analyze EEG signals recorded from epileptic patients by evaluating the potential of UMACE filter to detect changes in single-channel EEG data during routine epilepsy monitoring. Approach: Normally, the peak to side lobe ratio (PSR of a UMACE filter was employed as an indicator if a test data is similar to an authentic class or vice versa, however in this study, the consistent changes of the correlation output known as Region Of Interest (ROI was plotted and monitored. Based on this approach, a novel method to analyze and distinguish variances in scalp EEG as well as comparing both normal and abnormal regions of the patient’s EEG was assessed. The performance of the novelty detection was examined based on the onset and end time of each seizure in the ROI plot. Results: Results showed that using ROI plot of variances one can distinguish irregularities in the EEG data. The advantage of the proposed technique was that it did not require large amount of data for training. Conclusion: As such, it was feasible to perform seizure analysis as well as localizing seizure onsets. In short, the technique can be used as a guideline for faster diagnosis in a lengthy EEG recording.

  14. Genetic algorithm for TEC seismo-ionospheric anomalies detection around the time of the Solomon (Mw = 8.0) earthquake of 06 February 2013

    Science.gov (United States)

    Akhoondzadeh, M.

    2013-08-01

    On 6 February 2013, at 12:12:27 local time (01:12:27 UTC) a seismic event registering Mw 8.0 struck the Solomon Islands, located at the boundaries of the Australian and Pacific tectonic plates. Time series prediction is an important and widely interesting topic in the research of earthquake precursors. This paper describes a new computational intelligence approach to detect the unusual variations of the total electron content (TEC) seismo-ionospheric anomalies induced by the powerful Solomon earthquake using genetic algorithm (GA). The GA detected a considerable number of anomalous occurrences on earthquake day and also 7 and 8 days prior to the earthquake in a period of high geomagnetic activities. In this study, also the detected TEC anomalies using the proposed method are compared to the results dealing with the observed TEC anomalies by applying the mean, median, wavelet, Kalman filter, ARIMA, neural network and support vector machine methods. The accordance in the final results of all eight methods is a convincing indication for the efficiency of the GA method. It indicates that GA can be an appropriate non-parametric tool for anomaly detection in a non linear time series showing the seismo-ionospheric precursors variations.

  15. On the origin of the flux ratio anomaly in quadruple lens systems

    Science.gov (United States)

    Inoue, Kaiki Taro

    2016-09-01

    We explore the origin of the flux ratio anomaly in quadruple lens systems. Using a semi-analytic method based on N-body simulations, we estimate the effect of a possible magnification perturbation caused by subhaloes with a mass scale of ≲109 h-1 M⊙ in lensing galaxy haloes. Taking into account astrometric shifts and assuming that the primary lens is described by a singular isothermal ellipsoid, the expected change to the flux ratios for a multiply lensed image is just a few per cent and the mean of the expected convergence perturbation at the effective Einstein radius of the lensing galaxy halo is = 0.003, corresponding to the mean of the ratio of a projected dark matter mass fraction in subhaloes at the effective Einstein radius = 0.006. In contrast, the expected change to the flux ratio caused by line-of-sight structures is typically ˜10 per cent and the mean of the convergence perturbation is = 0.008, corresponding to = 0.017. The contribution of the magnification perturbation caused by subhaloes is ˜40 per cent of the total at a source redshift zS = 0.7 and decreases monotonically in zS to ˜20 per cent at zS = 3.6. Assuming statistical isotropy, the convergence perturbation estimated from 11 observed quadruple lens systems has a positive correlation with the source redshift zS, which is much stronger than that with the lens redshift zL. This feature also supports that the flux ratio anomaly is caused mainly by line-of-sight structures rather than subhaloes. We also discuss a possible imprint of line-of-sight structures in the demagnification of minimum images due to locally underdense structures in the line of sight.

  16. Rapid deployment intrusion detection system

    International Nuclear Information System (INIS)

    A rapidly deployable security system is one that provides intrusion detection, assessment, communications, and annunciation capabilities; is easy to install and configure; can be rapidly deployed, and is reusable. A rapidly deployable intrusion detection system (RADIDS) has many potential applications within the DOE Complex: back-up protection for failed zones in a perimeter intrusion detection and assessment system, intrusion detection and assessment capabilities in temporary locations, protection of assets during Complex reconfiguration, and protection in hazardous locations, protection of assets during Complex reconfiguration, and protection in hazardous locations. Many DOE user-need documents have indicated an interest in a rapidly deployable intrusion detection system. The purpose of the RADIDS project is to design, develop, and implement such a system. 2 figs

  17. Rotor health monitoring combining spin tests and data-driven anomaly detection methods

    Data.gov (United States)

    National Aeronautics and Space Administration — Health monitoring is highly dependent on sensor systems that are capable of performing in various engine environmental conditions and able to transmit a signal upon...

  18. An Adaptive Hybrid Multi-level Intelligent Intrusion Detection System for Network Security

    Directory of Open Access Journals (Sweden)

    P. Ananthi

    2014-04-01

    Full Text Available Intrusion Detection System (IDS plays a vital factor in providing security to the networks through detecting malicious activities. Due to the extensive advancements in the computer networking, IDS has become an active area of research to determine various types of attacks in the networks. A large number of intrusion detection approaches are available in the literature using several traditional statistical and data mining approaches. Data mining techniques in IDS observed to provide significant results. Data mining approaches for misuse and anomaly-based intrusion detection generally include supervised, unsupervised and outlier approaches. It is important that the efficiency and potential of IDS be updated based on the criteria of new attacks. This study proposes a novel Adaptive Hybrid Multi-level Intelligent IDS (AHMIIDS system which is the combined version of anomaly and misuse detection techniques. The anomaly detection is based on Bayesian Networks and then the misuse detection is performed using Adaptive Neuro Fuzzy Inference System (ANFIS. The outputs of both anomaly detection and misuse detection modules are applied to Decision Table Majority (DTM to perform the final decision making. A rule-base approach is used in this system. It is observed from the results that the proposed AHMIIDS performs better than other conventional hybrid IDS.

  19. An automated computer misuse detection system for UNICOS

    Energy Technology Data Exchange (ETDEWEB)

    Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.; Stallings, C.A.; Thompson, J.L.; Christoph, G.G.

    1994-09-27

    An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. This activity is reflected in the system audit record, in the system vulnerability posture, and in other evidence found through active testing of the system. During the last several years we have implemented an automatic misuse detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter (NADIR). We are currently expanding NADIR to include processing of the Cray UNICOS operating system. This new component is called the UNICOS Realtime NADIR, or UNICORN. UNICORN summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. The first phase of UNICORN development is nearing completion, and will be operational in late 1994.

  20. A new approach for structural health monitoring by applying anomaly detection on strain sensor data

    NARCIS (Netherlands)

    Trichias, K.; Pijpers, R.J.M.; Meeuwissen, H.B.

    2014-01-01

    Structural Health Monitoring (SHM) systems help to monitor critical infrastructures (bridges, tunnels, etc.) remotely and provide up-to-date information about their physical condition. In addition, it helps to predict the structure’s life and required maintenance in a cost-efficient way. Typically,

  1. Gas detection system

    International Nuclear Information System (INIS)

    The detection of H2S leaks is accomplished by a pair of identical detectors. Each detector includes a He-Xe laser which emits at 3.6859 μm and which is mounted on a scanning device with a telescope. The beam is made to scan a number of strategically located retroreflectors and is reflected, forming a curtain of optically sensitive paths along two sides of the plant. By placing the two detectors at diagonally opposite corners of the storage area, this curtain is extended to surround the entire plant. If a leak occurs, a plume of H2S will cut through the curtain of optically sensitive paths and the scanning beam will be absorbed by the H2S which has a major absorption line at 3.6858 μm. The intensity of the reflected beam detected will vary depending on the concentration and diameter of the H2S plume. A second pair of detectors may be located at two other diagonally-opposite corners to provide a second curtain of optically-sensitive paths. This second curtain forms a grid with the first curtain, thus enabling the operator to determine where the gas is moving through the grid. (LL)

  2. Anomaly Detection and Comparative Analysis of Hydrothermal Alteration Materials Trough Hyperspectral Multisensor Data in the Turrialba Volcano

    Science.gov (United States)

    Rejas, J. G.; Martínez-Frías, J.; Bonatti, J.; Martínez, R.; Marchamalo, M.

    2012-07-01

    The aim of this work is the comparative study of the presence of hydrothermal alteration materials in the Turrialba volcano (Costa Rica) in relation with computed spectral anomalies from multitemporal and multisensor data adquired in spectral ranges of the visible (VIS), short wave infrared (SWIR) and thermal infrared (TIR). We used for this purposes hyperspectral and multispectral images from the HyMAP and MASTER airborne sensors, and ASTER and Hyperion scenes in a period between 2002 and 2010. Field radiometry was applied in order to remove the atmospheric contribution in an empirical line method. HyMAP and MASTER images were georeferenced directly thanks to positioning and orientation data that were measured at the same time in the acquisition campaign from an inertial system based on GPS/IMU. These two important steps were allowed the identification of spectral diagnostic bands of hydrothermal alteration minerals and the accuracy spatial correlation. Enviromental impact of the volcano activity has been studied through different vegetation indexes and soil patterns. Have been mapped hydrothermal materials in the crater of the volcano, in fact currently active, and their surrounding carrying out a principal components analysis differentiated for a high and low absorption bands to characterize accumulations of kaolinite, illite, alunite and kaolinite+smectite, delimitating zones with the presence of these minerals. Spectral anomalies have been calculated on a comparative study of methods pixel and subpixel focused in thermal bands fused with high-resolution images. Results are presented as an approach based on expert whose main interest lies in the automated identification of patterns of hydrothermal altered materials without prior knowledge or poor information on the area.

  3. Multi-scale structure and topological anomaly detection via a new network statistic: The onion decomposition

    Science.gov (United States)

    Hébert-Dufresne, Laurent; Grochow, Joshua A.; Allard, Antoine

    2016-08-01

    We introduce a network statistic that measures structural properties at the micro-, meso-, and macroscopic scales, while still being easy to compute and interpretable at a glance. Our statistic, the onion spectrum, is based on the onion decomposition, which refines the k-core decomposition, a standard network fingerprinting method. The onion spectrum is exactly as easy to compute as the k-cores: It is based on the stages at which each vertex gets removed from a graph in the standard algorithm for computing the k-cores. Yet, the onion spectrum reveals much more information about a network, and at multiple scales; for example, it can be used to quantify node heterogeneity, degree correlations, centrality, and tree- or lattice-likeness. Furthermore, unlike the k-core decomposition, the combined degree-onion spectrum immediately gives a clear local picture of the network around each node which allows the detection of interesting subgraphs whose topological structure differs from the global network organization. This local description can also be leveraged to easily generate samples from the ensemble of networks with a given joint degree-onion distribution. We demonstrate the utility of the onion spectrum for understanding both static and dynamic properties on several standard graph models and on many real-world networks.

  4. MA- IDS: A Distributed Intrusion Detection System Based on Data Mining

    Institute of Scientific and Technical Information of China (English)

    SUN Jian-hua; JIN Hai; CHEN Hao; HAN Zong-fen

    2005-01-01

    Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields,we propose the MA-IDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detection system (AIDS) are combined. Data mining is applied to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network-based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architecture of the MA-IDS system, and discuss specific design and implementation issue.

  5. Dynamic and real-time network anomaly detection model inspired by immune%基于免疫的网络动态实时异常检测模型

    Institute of Scientific and Technical Information of China (English)

    彭凌西; 曾金全

    2012-01-01

    网络异常检测已成为入侵检测系统发展的重要方向.现有异常检测模型对检测模式描述为一种静态方式,缺乏良好的自适应性和协同性,检测率低,难以满足高速网络环境下实时检测的需求.针对此,借鉴人体免疫系统优异的自学习自适应机制,提出了一种新的基于免疫的网络动态实时异常检测模型NAIM.该模型通过对检测模式进行动态描述,结合抗体细胞动态克隆原理,探讨种痘及疫苗分发机制,实现检测模式随真实网络环境同步演化,从而提高网络异常检测的准确性和及时性.%The network anomaly detection has become the promising direction of intrusion detection system. The existing anomaly detection models depict the detection pattern with a static way, which lack good adaptability and interoperability with low detection rate, so it is difficult to implement the real-time detection under the high- speed network environment. Our research uses the excellent mechanism of Self-learning and adaptability of the human immune system, and a novel real-time immune-based anomaly detection model(NAIM) is proposed. The model dynamically depicts detection model, combining the antibody's clone theory and disscussing the vaccina- tion and bacterin distribution mechanism, which achieves the detection mode's synchronous evolvement with the real network enviroment, thus improves the network anomaly detection's veracity and timeliness.

  6. Critical features in electromagnetic anomalies detected prior to the L'Aquila earthquake

    CERN Document Server

    Contoyiannis, Y F; Kopanas, J; Antonopoulos, G; Contoyianni, L; Eftaxias, K

    2009-01-01

    Electromagnetic (EM) emissions in a wide frequency spectrum ranging from kHz to MHz are produced by opening cracks, which can be considered as the so-called precursors of general fracture. We emphasize that the MHz radiation appears earlier than the kHz in both laboratory and geophysical scale. An important challenge in this field of research is to distinguish characteristic epochs in the evolution of precursory EM activity and identify them with the equivalent last stages in the earthquake (EQ) preparation process. Recently, we proposed the following two epochs/stages model: (i) The second epoch, which includes the finally emerged strong impulsive kHz EM emission is due to the fracture of the high strength large asperities that are distributed along the activated fault sustaining the system. (ii) The first epoch, which includes the initially emerged MHz EM radiation is thought to be due to the fracture of a highly heterogeneous system that surrounds the family of asperities. A catastrophic EQ of magnitude Mw...

  7. Automated Signature Creator for a Signature Based Intrusion Detection System with Network Attack Detection Capabilities (Pancakes

    Directory of Open Access Journals (Sweden)

    Frances Bernadette C. De Ocampo

    2015-05-01

    Full Text Available Signature-based Intrusion Detection System (IDS helps in maintaining the integrity of data in a network controlled environment. Unfortunately, this type of IDS depends on predetermined intrusion patterns that are manually created. If the signature database of the Signature-based IDS is not updated, network attacks just pass through this type of IDS without being noticed. To avoid this, an Anomaly-based IDS is used in order to countercheck if a network traffic that is not detected by Signature-based IDS is a true malicious traffic or not. In doing so, the Anomaly-based IDS might come up with several numbers of logs containing numerous network attacks which could possibly be a false positive. This is the reason why the Anomaly-based IDS is not perfect, it would readily alarm the system that a network traffic is an attack just because it is not on its baseline. In order to resolve the problem between these two IDSs, the goal is to correlate data between the logs of the Anomaly-based IDS and the packet that has been captured in order to determine if a network traffic is really malicious or not. With the supervision of a security expert, the malicious network traffic would be verified as malicious. Using machine learning, the researchers can identify which algorithm is better than the other algorithms in classifying if a certain network traffic is really malicious. Upon doing so, the creation of signatures would follow by basing the automated creation of signatures from the detected malicious traffic.

  8. Centrifugal unbalance detection system

    Science.gov (United States)

    Cordaro, Joseph V.; Reeves, George; Mets, Michael

    2002-01-01

    A system consisting of an accelerometer sensor attached to a centrifuge enclosure for sensing vibrations and outputting a signal in the form of a sine wave with an amplitude and frequency that is passed through a pre-amp to convert it to a voltage signal, a low pass filter for removing extraneous noise, an A/D converter and a processor and algorithm for operating on the signal, whereby the algorithm interprets the amplitude and frequency associated with the signal and once an amplitude threshold has been exceeded the algorithm begins to count cycles during a predetermined time period and if a given number of complete cycles exceeds the frequency threshold during the predetermined time period, the system shuts down the centrifuge.

  9. Structural Anomalies Detected in Ceramic Matrix Composites Using Combined Nondestructive Evaluation and Finite Element Analysis (NDE and FEA)

    Science.gov (United States)

    Abdul-Aziz, Ali; Baaklini, George Y.; Bhatt, Ramakrishna T.

    2003-01-01

    and the experimental data. Furthermore, modeling of the voids collected via NDE offered an analytical advantage that resulted in more accurate assessments of the material s structural strength. The top figure shows a CT scan image of the specimen test section illustrating various hidden structural entities in the material and an optical image of the test specimen considered in this study. The bottom figure represents the stress response predicted from the finite element analyses (ref .3 ) for a selected CT slice where it clearly illustrates the correspondence of the high stress risers due to voids in the material with those predicted by the NDE. This study is continuing, and efforts are concentrated on improving the modeling capabilities to imitate the structural anomalies as detected.

  10. Fault Detection for Nonlinear Systems

    DEFF Research Database (Denmark)

    Stoustrup, Jakob; Niemann, H.H.

    1998-01-01

    The paper describes a general method for designing fault detection and isolation (FDI) systems for nonlinear processes. For a rich class of nonlinear systems, a nonlinear FDI system can be designed using convex optimization procedures. The proposed method is a natural extension of methods based...

  11. A HOST ANOMALY DETECTION METHOD BASED ON LDA MODEL%基于LDA模型的主机异常检测方法

    Institute of Scientific and Technical Information of China (English)

    贺喜; 蒋建春; 丁丽萍; 王永吉; 廖晓峰

    2012-01-01

    基于系统调用序列的入侵检测是分析主机系统调用数据进而发现入侵的一种安全检测技术,其关键技术是如何能够更准确地抽取系统调用序列的特征,并进行分类.为此,引进LDA( Latent Dirichlet Allocation )文本挖掘模型构建新的入侵检测分类算法.该方法将系统调用短序列视为word,利用LDA模型提取进程系统调用序列的主题特征,并结合系统调用频率特征,运用kNN(k-Nearest Neighbor)分类算法进行异常检测.针对DAPRA数据集的实验结果表明,该方法提高了入侵检测的准确度,降低了误报率.%The technique of intrusion detection based on sequence of host system call is a security detection technique mainly focusing on analysing the data set of host system call and further finding the intrusion. Its key technology relies on how to extract the characteristics of system call sequence more accurately and then followed by classification. In this paper, aiming at this, LDA (Latent Dirichlet Allocation) text mining model is introduced to build a new intrusion detection classification algorithm. In this method, topic characteristics of system call sequence are extracted using LDA model which the short sequence of system call is regarded by the method as word. Combined with the frequency characteristics of system calls, kNN (k-Nearest Neighbor) classification algorithm is used for anomaly detection. Experiment is evaluated on 1998 DAPRA data set, the result shows that the method improves the accuracy of intrusion detection, and reduces the false alarm rate.

  12. An experimental study on a training support system utilizing trainee's eye gaze point and think aloud protocol for diagnosing nuclear power plant anomalies

    International Nuclear Information System (INIS)

    An experimental system has been developed for aiming at supporting the simulator training of diagnosis nuclear power plant anomaly, where an expert provides the instructions to a trainee by his/her own educational and experienced point of view. This system has several characteristics as follows: (1) the expert can provide the instruction through the local area network or the Internet, (2) the training task is the detection of the primary cause of plant anomaly, which is not including the plant operation but requires only thinking, and (3) the system can automatically detects the trainee's view-point and think aloud protocols and provide these two types of information to the expert in real time for supporting his/her instruction. A laboratory experiment using this system was conducted, where an expert, who had really engaged in plant operation as a chief operator, was employed as the instructor for novice students. As the result of analyzing the experimental data, it was found that the two types of information, trainee's viewpoints and his verbal protocols, have some potential of effectiveness for supporting the instructor to estimate the trainees diagnostic thinking process and provide the instruction. (author)

  13. APDS: Autonomous Pathogen Detection System

    Energy Technology Data Exchange (ETDEWEB)

    Langlois, R G; Brown, S; Burris, L; Colston, B; Jones, L; Makarewicz, T; Mariella, R; Masquelier, D; McBride, M; Milanovich, F; Masarabadi, S; Venkateswaran, K; Marshall, G; Olson, D; Wolcott, D

    2002-02-14

    An early warning system to counter bioterrorism, the Autonomous Pathogen Detection System (APDS) continuously monitors the environment for the presence of biological pathogens (e.g., anthrax) and once detected, it sounds an alarm much like a smoke detector warns of a fire. Long before September 11, 2001, this system was being developed to protect domestic venues and events including performing arts centers, mass transit systems, major sporting and entertainment events, and other high profile situations in which the public is at risk of becoming a target of bioterrorist attacks. Customizing off-the-shelf components and developing new components, a multidisciplinary team developed APDS, a stand-alone system for rapid, continuous monitoring of multiple airborne biological threat agents in the environment. The completely automated APDS samples the air, prepares fluid samples in-line, and performs two orthogonal tests: immunoassay and nucleic acid detection. When compared to competing technologies, APDS is unprecedented in terms of flexibility and system performance.

  14. Ferromagnetic Objects Magnetovision Detection System

    Directory of Open Access Journals (Sweden)

    Michał Nowicki

    2013-12-01

    Full Text Available This paper presents the application of a weak magnetic fields magnetovision scanning system for detection of dangerous ferromagnetic objects. A measurement system was developed and built to study the magnetic field vector distributions. The measurements of the Earth’s field distortions caused by various ferromagnetic objects were carried out. The ability for passive detection of hidden or buried dangerous objects and the determination of their location was demonstrated.

  15. Incipient-signature identification of mechanical anomalies in a ship-borne satellite antenna system using an ensemble multiwavelet

    International Nuclear Information System (INIS)

    The instrumented tracking and telemetry ship with a ship-borne satellite antenna (SSA) is the critical device to ensure high quality of space exploration work. To effectively detect mechanical anomalies that can lead to unexpected downtime of the SSA, an ensemble multiwavelet (EM) is presented for identifying the anomaly related incipient-signatures within the measured dynamic signals. Rather than using a predetermined basis as in a conventional multiwavelet, an EM optimizes the matching basis which satisfactorily adapts to the anomaly related incipient-signatures. The construction technique of an EM is based on the conjunction of a two-scale similarity transform (TST) and lifting scheme (LS). For the technique above, the TST improves the regularity by increasing the approximation order of multiscaling functions, while subsequently the LS enhances the smoothness and localizability via utilizing the vanishing moment of multiwavelet functions. Moreover, combining the Hilbert transform with EM decomposition, we identify the incipient-signatures induced by the mechanical anomalies from the measured dynamic signals. A numerical simulation and two successful applications of diagnosis cases (a planetary gearbox and a roller bearing) demonstrate that the proposed technique is capable of dealing with the challenging incipient-signature identification task even though spectral complexity, as well as the strong amplitude/frequency modulation effect, is present in the dynamic signals. (paper)

  16. On the Origin of Flux Ratio Anomaly in Quadruple Lens Systems

    CERN Document Server

    Inoue, Kaiki Taro

    2016-01-01

    We explore the origin of flux ratio anomaly in quadruple lens systems. Using a semi-analytic method based on $N$-body simulations, we estimate the effect of possible magnification perturbation caused by subhaloes with a mass scale of <~ $ 10^9\\,h^{-1} \\textrm{M}_\\odot$ in lensing galaxy haloes. Taking into account astrometric shifts by perturbers, we find that the expected change to the flux ratios per a multiply lensed image is just a few percent and the mean of the expected convergence perturbation at the effective Einstein radius of the lensing galaxy halo is $\\langle \\delta \\kappa_{\\textrm{sub}} \\rangle = 0.003$, corresponding to the mean of the ratio of a projected dark matter mass fraction in subhaloes $\\langle f_{\\textrm{sub}} \\rangle = 0.006$ for observed 11 quadruple lens systems. In contrast, the expected change to the flux ratio caused by line-of-sight structures in intergalactic spaces is typically ~10 percent and the mean of the convergence perturbation is $\\langle |\\delta \\kappa_{\\textrm{los}...

  17. Detection and Protection Against Intrusions on Smart Grid Systems

    Directory of Open Access Journals (Sweden)

    Ata Arvani

    2015-05-01

    Full Text Available The wide area monitoring of power systems is implemented at a central control center to coordinate the actions of local controllers. Phasor measurement units (PMUs are used for the collection of data in real time for the smart grid energy systems. Intrusion detection and cyber security of network are important requirements for maintaining the integrity of wide area monitoring systems. The intrusion detection methods analyze the measurement data to detect any possible cyber attacks on the operation of smart grid systems. In this paper, the model-based and signal-based intrusion detection methods are investigated to detect the presence of malicious data. The chi-square test and discrete wavelet transform (DWT have been used for anomaly-based detection. The false data injection attack (FDIA can be detected using measurement residual. If the measurement residual is larger than expected detection threshold, then an alarm is triggered and bad data can be identified. Avoiding such alarms in the residual test is referred to as stealth attack. There are two protection strategies for stealth attack: (1 Select a subset of meters to be protected from the attacker (2 Place secure phasor measurement units in the power grid. An IEEE 14-bus system is simulated using real time digital simulator (RTDS hardware platform for implementing attack and detection schemes.

  18. HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NETWORK

    Directory of Open Access Journals (Sweden)

    Seyedeh Yasaman Rashida

    2013-06-01

    Full Text Available In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.

  19. Competing Orders and Anomalies.

    Science.gov (United States)

    Moon, Eun-Gook

    2016-01-01

    A conservation law is one of the most fundamental properties in nature, but a certain class of conservation "laws" could be spoiled by intrinsic quantum mechanical effects, so-called quantum anomalies. Profound properties of the anomalies have deepened our understanding in quantum many body systems. Here, we investigate quantum anomaly effects in quantum phase transitions between competing orders and striking consequences of their presence. We explicitly calculate topological nature of anomalies of non-linear sigma models (NLSMs) with the Wess-Zumino-Witten (WZW) terms. The non-perturbative nature is directly related with the 't Hooft anomaly matching condition: anomalies are conserved in renormalization group flow. By applying the matching condition, we show massless excitations are enforced by the anomalies in a whole phase diagram in sharp contrast to the case of the Landau-Ginzburg-Wilson theory which only has massive excitations in symmetric phases. Furthermore, we find non-perturbative criteria to characterize quantum phase transitions between competing orders. For example, in 4D, we show the two competing order parameter theories, CP(1) and the NLSM with WZW, describe different universality class. Physical realizations and experimental implication of the anomalies are also discussed. PMID:27499184

  20. Competing Orders and Anomalies

    Science.gov (United States)

    Moon, Eun-Gook

    2016-08-01

    A conservation law is one of the most fundamental properties in nature, but a certain class of conservation “laws” could be spoiled by intrinsic quantum mechanical effects, so-called quantum anomalies. Profound properties of the anomalies have deepened our understanding in quantum many body systems. Here, we investigate quantum anomaly effects in quantum phase transitions between competing orders and striking consequences of their presence. We explicitly calculate topological nature of anomalies of non-linear sigma models (NLSMs) with the Wess-Zumino-Witten (WZW) terms. The non-perturbative nature is directly related with the ’t Hooft anomaly matching condition: anomalies are conserved in renormalization group flow. By applying the matching condition, we show massless excitations are enforced by the anomalies in a whole phase diagram in sharp contrast to the case of the Landau-Ginzburg-Wilson theory which only has massive excitations in symmetric phases. Furthermore, we find non-perturbative criteria to characterize quantum phase transitions between competing orders. For example, in 4D, we show the two competing order parameter theories, CP(1) and the NLSM with WZW, describe different universality class. Physical realizations and experimental implication of the anomalies are also discussed.

  1. Survey of prenatal screening policies in Europe for structural malformations and chromosome anomalies, and their impact on detection and termination rates for neural tube defects and Down's syndrome

    DEFF Research Database (Denmark)

    Boyd, P A; Devigan, C; Khoshnood, B;

    2008-01-01

    screening policies in 18 countries and 1.13 million births in 12 countries in 2002-04. METHODS: (i) Questionnaire on national screening policies and termination of pregnancy for fetal anomaly (TOPFA) laws in 2004. (ii) Analysis of data on prenatal detection and termination for Down's syndrome and neural...... tube defects (NTDs) using the EUROCAT database. MAIN OUTCOME MEASURES: Existence of national prenatal screening policies, legal gestation limit for TOPFA, prenatal detection and termination rates for Down's syndrome and NTD. RESULTS: Ten of the 18 countries had a national country-wide policy for Down...... associated with wide country variation in prenatal detection rates for Down's syndrome and NTD....

  2. Anomaly indicators for time-reversal symmetric topological orders

    CERN Document Server

    Wang, Chenjie

    2016-01-01

    Some time-reversal symmetric topological orders are anomalous in that they cannot be realized in strictly two-dimensions without breaking time reversal symmetry; instead, they can only be realized on the surface of certain three-dimensional systems. We propose two quantities, which we call {\\it anomaly indicators}, that can detect if a time-reversal symmetric topological order is anomalous in this sense. Both anomaly indicators are expressed in terms of the quantum dimensions, topological spins, and time-reversal properties of the anyons in the given topological order. The first indicator, $\\eta_2$, applies to bosonic systems while the second indicator, $\\eta_f$, applies to fermionic systems in the DIII class. We conjecture that $\\eta_2$, together with a previously known indicator $\\eta_1$, can detect the two known $\\mathbb Z_2$ anomalies in the bosonic case, while $\\eta_f$ can detect the $\\mathbb Z_{16}$ anomaly in the fermionic case.

  3. Intrusion Detection System: Security Monitoring System

    Directory of Open Access Journals (Sweden)

    ShabnamNoorani,

    2015-10-01

    Full Text Available An intrusion detection system (IDS is an ad hoc security solution to protect flawed computer systems. It works like a burglar alarm that goes off if someone tampers with or manages to get past other security mechanisms such as authentication mechanisms and firewalls. An Intrusion Detection System (IDS is a device or a software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.Intrusion Detection System (IDS has been used as a vital instrument in defending the network from this malicious or abnormal activity..In this paper we are comparing host based and network based IDS and various types of attacks possible on IDS.

  4. Automatic Detection and Classification of Pole-Like Objects in Urban Point Cloud Data Using an Anomaly Detection Algorithm

    OpenAIRE

    Borja Rodríguez-Cuenca; Silverio García-Cortés; Celestino Ordóñez; Maria C. Alonso

    2015-01-01

    Detecting and modeling urban furniture are of particular interest for urban management and the development of autonomous driving systems. This paper presents a novel method for detecting and classifying vertical urban objects and trees from unstructured three-dimensional mobile laser scanner (MLS) or terrestrial laser scanner (TLS) point cloud data. The method includes an automatic initial segmentation to remove the parts of the original cloud that are not of interest for detecting vertical o...

  5. Intelligent System for Worm Detection

    Directory of Open Access Journals (Sweden)

    Tarek S. Sobh

    2009-01-01

    Full Text Available Worms are on the top of malware threats attacking computer system although of the evolution of worms detectiontechniques. Early detection of unknown worms is still a problem. This paper produce a method for detecting unknown wormsbased on local victim information. The proposed system uses Artificial Neural Network (ANN for classifying worm/ nonwormtraffic and predicting the percentage of infection in the infected network. This prediction can be used to support decisionmaking process for network administrator to respond quickly to worm propagation in an accurate procedure.

  6. Scattering anomaly in optics

    CERN Document Server

    Silveirinha, Mario G

    2016-01-01

    In time-reversal invariant electronic systems the scattering matrix is anti-symmetric. This property enables an effect, designated here as "scattering anomaly", such that the electron transport does not suffer from back reflections, independent of the specific geometry of the propagation path or the presence of time-reversal invariant defects. In contrast, for a generic time-reversal invariant photonic system the scattering matrix is symmetric and there is no similar anomaly. Here, it is theoretically proven that despite these fundamental differences there is a wide class of photonic platforms - in some cases formed only by time-reversal invariant media - in which the scattering anomaly can occur. It is shown that an optical system invariant under the action of the composition of the time-reversal, parity and duality operators is characterized by an anti-symmetric scattering matrix. Specific examples of photonic platforms wherein the scattering anomaly occurs are given, and it is demonstrated with full wave n...

  7. Quickest detection in coupled systems

    CERN Document Server

    Hadjiliadis, Olympia; Poor, H Vincent

    2009-01-01

    This work considers the problem of quickest detection of signals in a coupled system of N sensors, which receive continuous sequential observations from the environment. It is assumed that the signals, which are modeled a general Ito processes, are coupled across sensors, but that their onset times may differ from sensor to sensor. The objective is the optimal detection of the first time at which any sensor in the system receives a signal. The problem is formulated as a stochastic optimization problem in which an extended average Kullback- Leibler divergence criterion is used as a measure of detection delay, with a constraint on the mean time between false alarms. The case in which the sensors employ cumulative sum (CUSUM) strategies is considered, and it is proved that the minimum of N CUSUMs is asymptotically optimal as the mean time between false alarms increases without bound.

  8. Optical detection in microfluidic systems

    DEFF Research Database (Denmark)

    Mogensen, Klaus Bo; Kutter, Jörg Peter

    2009-01-01

    Optical detection schemes continue to be favoured for measurements in microfluidic systems. A selection of the latest progress mainly within the last two years is critically reviewed. Emphasis is on integrated solutions, such as planar waveguides, coupling schemes to the outside world, evanescent...

  9. Portable Microleak-Detection System

    Science.gov (United States)

    Rivers, H. Kevin; Sikora, Joseph G.; Sankaran, Sankara N.

    2007-01-01

    The figure schematically depicts a portable microleak-detection system that has been built especially for use in testing hydrogen tanks made of polymer-matrix composite materials. (As used here, microleak signifies a leak that is too small to be detectable by the simple soap-bubble technique.) The system can also be used to test for microleaks in tanks that are made of other materials and that contain gases other than hydrogen. Results of calibration tests have shown that measurement errors are less than 10 percent for leak rates ranging from 0.3 to 200 cm3/min. Like some other microleak-detection systems, this system includes a vacuum pump and associated plumbing for sampling the leaking gas, and a mass spectrometer for analyzing the molecular constituents of the gas. The system includes a flexible vacuum chamber that can be attached to the outer surface of a tank or other object of interest that is to be tested for leakage (hereafter denoted, simply, the test object). The gas used in a test can be the gas or vapor (e.g., hydrogen in the original application) to be contained by the test object. Alternatively, following common practice in leak testing, helium can be used as a test gas. In either case, the mass spectrometer can be used to verify that the gas measured by the system is the test gas rather than a different gas and, hence, that the leak is indeed from the test object.

  10. Semi autonomous mine detection system

    Energy Technology Data Exchange (ETDEWEB)

    Douglas Few; Roelof Versteeg; Herman Herman

    2010-04-01

    CMMAD is a risk reduction effort for the AMDS program. As part of CMMAD, multiple instances of semi autonomous robotic mine detection systems were created. Each instance consists of a robotic vehicle equipped with sensors required for navigation and marking, a countermine sensors and a number of integrated software packages which provide for real time processing of the countermine sensor data as well as integrated control of the robotic vehicle, the sensor actuator and the sensor. These systems were used to investigate critical interest functions (CIF) related to countermine robotic systems. To address the autonomy CIF, the INL developed RIK was extended to allow for interaction with a mine sensor processing code (MSPC). In limited field testing this system performed well in detecting, marking and avoiding both AT and AP mines. Based on the results of the CMMAD investigation we conclude that autonomous robotic mine detection is feasible. In addition, CMMAD contributed critical technical advances with regard to sensing, data processing and sensor manipulation, which will advance the performance of future fieldable systems. As a result, no substantial technical barriers exist which preclude – from an autonomous robotic perspective – the rapid development and deployment of fieldable systems.

  11. A Novel Distributed Intrusion Detection System for Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Leandros A. Maglaras

    2015-04-01

    Full Text Available In the new interconnected world, we need to secure vehicular cyber-physical systems (VCPS using sophisticated intrusion detection systems. In this article, we present a novel distributed intrusion detection system (DIDS designed for a vehicular ad hoc network (VANET. By combining static and dynamic detection agents, that can be mounted on central vehicles, and a control center where the alarms about possible attacks on the system are communicated, the proposed DIDS can be used in both urban and highway environments for real time anomaly detection with good accuracy and response time.

  12. Anomaly Detection in Stock Marketplace Based on Market Microstructure%市场微结构的股市交易异常行为检测

    Institute of Scientific and Technical Information of China (English)

    林杨

    2013-01-01

    It is well known that many defects exist in current stock market, such as information abuse and price manipulation. Anomaly detection is helpful to enhance the integrity, fairness and transparence of stock market so it becomes a key link in financial regulatory system. Unfortunately , existing approaches were low performing as they rarely focused on analyzing the intraday information and mining potential trading behaviors. It proposed a method, which based on market mi-crostructure, to detect abnormal trading behaviors. An experiment was presented demonstrating the feasibility and effectiveness of this approach.%股票市场存在诸多弊端,如滥用客户信息,价格操纵等.股市监控是金融监管体系中不可缺少的一环,它对市场交易的诚信、公平和公开透明起到重要作用.现有检测交易异常行为的诸多方法中,很少分析股市即日数据并挖掘潜在的交易行为来检测异常.股市是一个复杂的非线性系统,一套可行高效的异常行为检测方法是股市异常行为监控的重要课题.提出一种基于市场微结构的异常交易行为检测方法,该方法能较有效地检测出股市存在的异常交易行为.最后,通过实例说明该方法的可行性和有效性.

  13. Performance Enhancement of Intrusion Detection using Neuro - Fuzzy Intelligent System

    Directory of Open Access Journals (Sweden)

    Dr. K. S. Anil Kumar

    2014-10-01

    Full Text Available This research work aims at developing hybrid algorithms using data mining techniques for the effective enhancement of anomaly intrusion detection performance. Many proposed algorithms have not addressed their reliability with varying amount of malicious activity or their adaptability for real time use. The study incorporates a theoretical basis for improvement in performance of IDS using K-medoids Algorithm, Fuzzy Set Algorithm, Fuzzy Rule System and Neural Network techniques. Also statistical significance of estimates has been looked into for finalizing the best one using DARPA network traffic datasets.

  14. SADM potentiometer anomaly investigations

    Science.gov (United States)

    Wood, Brian; Mussett, David; Cattaldo, Olivier; Rohr, Thomas

    2005-07-01

    During the last 3 years Contraves Space have been developing a Low Power (1-2kW) Solar Array Drive Mechanism (SADM) aimed at small series production. The mechanism was subjected to two test programmes in order to qualify the SADM to acceptable levels. During the two test programmes, anomalies were experienced with the Potentiometers provided by Eurofarad SA and joint investigations were undertaken to resolve why these anomalies had occurred. This paper deals with the lessons learnt from the failure investigation on the two Eurofarad (rotary) Potentiometer anomaly. The Rotary Potentiometers that were used were fully redundant; using two back to back mounted "plastic tracks". It is a pancake configuration mounted directly to the shaft of the Slip Ring Assembly at the extreme in-board end of the SADM. It has no internal bearings. The anomaly initially manifested itself as a loss of performance in terms of linearity, which was first detected during Thermal Vacuum testing. A subsequent anomaly manifested itself by the complete failure of the redundant potentiometer again during thermal vacuum testing. This paper will follow and detail the chain of events following this anomaly and identifies corrective measures to be applied to the potentiometer design and assembly process.

  15. A comparison of classical and intelligent methods to detect potential thermal anomalies before the 11 August 2012 Varzeghan, Iran, earthquake (Mw = 6.4

    Directory of Open Access Journals (Sweden)

    M. Akhoondzadeh

    2013-04-01

    Full Text Available In this paper, a number of classical and intelligent methods, including interquartile, autoregressive integrated moving average (ARIMA, artificial neural network (ANN and support vector machine (SVM, have been proposed to quantify potential thermal anomalies around the time of the 11 August 2012 Varzeghan, Iran, earthquake (Mw = 6.4. The duration of the data set, which is comprised of Aqua-MODIS land surface temperature (LST night-time snapshot images, is 62 days. In order to quantify variations of LST data obtained from satellite images, the air temperature (AT data derived from the meteorological station close to the earthquake epicenter has been taken into account. For the models examined here, results indicate the following: (i ARIMA models, which are the most widely used in the time series community for short-term forecasting, are quickly and easily implemented, and can efficiently act through linear solutions. (ii A multilayer perceptron (MLP feed-forward neural network can be a suitable non-parametric method to detect the anomalous changes of a non-linear time series such as variations of LST. (iii Since SVMs are often used due to their many advantages for classification and regression tasks, it can be shown that, if the difference between the predicted value using the SVM method and the observed value exceeds the pre-defined threshold value, then the observed value could be regarded as an anomaly. (iv ANN and SVM methods could be powerful tools in modeling complex phenomena such as earthquake precursor time series where we may not know what the underlying data generating process is. There is good agreement in the results obtained from the different methods for quantifying potential anomalies in a given LST time series. This paper indicates that the detection of the potential thermal anomalies derive credibility from the overall efficiencies and potentialities of the four integrated methods.

  16. A comparison of classical and intelligent methods to detect potential thermal anomalies before the 11 August 2012 Varzeghan, Iran, earthquake (Mw = 6.4)

    Science.gov (United States)

    Akhoondzadeh, M.

    2013-04-01

    In this paper, a number of classical and intelligent methods, including interquartile, autoregressive integrated moving average (ARIMA), artificial neural network (ANN) and support vector machine (SVM), have been proposed to quantify potential thermal anomalies around the time of the 11 August 2012 Varzeghan, Iran, earthquake (Mw = 6.4). The duration of the data set, which is comprised of Aqua-MODIS land surface temperature (LST) night-time snapshot images, is 62 days. In order to quantify variations of LST data obtained from satellite images, the air temperature (AT) data derived from the meteorological station close to the earthquake epicenter has been taken into account. For the models examined here, results indicate the following: (i) ARIMA models, which are the most widely used in the time series community for short-term forecasting, are quickly and easily implemented, and can efficiently act through linear solutions. (ii) A multilayer perceptron (MLP) feed-forward neural network can be a suitable non-parametric method to detect the anomalous changes of a non-linear time series such as variations of LST. (iii) Since SVMs are often used due to their many advantages for classification and regression tasks, it can be shown that, if the difference between the predicted value using the SVM method and the observed value exceeds the pre-defined threshold value, then the observed value could be regarded as an anomaly. (iv) ANN and SVM methods could be powerful tools in modeling complex phenomena such as earthquake precursor time series where we may not know what the underlying data generating process is. There is good agreement in the results obtained from the different methods for quantifying potential anomalies in a given LST time series. This paper indicates that the detection of the potential thermal anomalies derive credibility from the overall efficiencies and potentialities of the four integrated methods.

  17. A pattern recognition system for JPEG steganography detection

    Science.gov (United States)

    Chen, C. L. Philip; Chen, Mei-Ching; Agaian, Sos; Zhou, Yicong; Roy, Anuradha; Rodriguez, Benjamin M.

    2012-10-01

    This paper builds up a pattern recognition system to detect anomalies in JPEG images, especially steganographic content. The system consists of feature generation, feature ranking and selection, feature extraction, and pattern classification. These processes tend to capture image characteristics, reduce the problem dimensionality, eliminate the noise inferences between features, and further improve classification accuracies on clean and steganography JPEG images. Based on the discussion and analysis of six popular JPEG steganography methods, the entire recognition system results in higher classification accuracies between clean and steganography classes compared to merely using individual feature subset for JPEG steganography detection. The strength of feature combination and preprocessing has been integrated even when a small amount of information is embedded. The work demonstrated in this paper is extensible and can be improved by integrating various new and current techniques.

  18. Networked gamma radiation detection system for tactical deployment

    Science.gov (United States)

    Mukhopadhyay, Sanjoy; Maurer, Richard; Wolff, Ronald; Smith, Ethan; Guss, Paul; Mitchell, Stephen

    2015-08-01

    A networked gamma radiation detection system with directional sensitivity and energy spectral data acquisition capability is being developed by the National Security Technologies, LLC, Remote Sensing Laboratory to support the close and intense tactical engagement of law enforcement who carry out counterterrorism missions. In the proposed design, three clusters of 2″ × 4″ × 16″ sodium iodide crystals (4 each) with digiBASE-E (for list mode data collection) would be placed on the passenger side of a minivan. To enhance localization and facilitate rapid identification of isotopes, advanced smart real-time localization and radioisotope identification algorithms like WAVRAD (wavelet-assisted variance reduction for anomaly detection) and NSCRAD (nuisance-rejection spectral comparison ratio anomaly detection) will be incorporated. We will test a collection of algorithms and analysis that centers on the problem of radiation detection with a distributed sensor network. We will study the basic characteristics of a radiation sensor network and focus on the trade-offs between false positive alarm rates, true positive alarm rates, and time to detect multiple radiation sources in a large area. Empirical and simulation analyses of critical system parameters, such as number of sensors, sensor placement, and sensor response functions, will be examined. This networked system will provide an integrated radiation detection architecture and framework with (i) a large nationally recognized search database equivalent that would help generate a common operational picture in a major radiological crisis; (ii) a robust reach back connectivity for search data to be evaluated by home teams; and, finally, (iii) a possibility of integrating search data from multi-agency responders.

  19. Ventriculomegaly with non-CNS anomalies

    International Nuclear Information System (INIS)

    We correlated fetal magnetic resonance (MR) imaging findings with postnatal clinical findings to assess ventriculomegaly with non-CNS anomalies. From 2002 to 2010, 52 fetuses underwent a MRI for evaluation of ventriculomegaly after ultrasonography (US). Ten of the 52 demonstrated anomalies outside the central nervous system (CNS), including trisomy 8, trisomy 18, X-linked hydrocephalus, CHARGE/Potter sequences, VATER association, oral-facial-digital syndrome, esophageal atresia type C, or external auditory canal stenosis. Examinations were performed between 24 and 35 weeks' gestation. MR imaging was performed in a 1.5-tesla unit using a phased-array coil without preparation. Fetal MR imaging showed abnormalities of the kidney, bladder, duodenum, and thumbs but did not permit diagnosis of esophageal atresia type C or craniofacial, anorectal, or skeletal anomalies. Cardiac anomaly was most frequent, but fetal MR imaging did not allow final diagnosis of congenital heart disease. On both US and MR imaging, esophageal atresia type C and anorectal anomaly were undetected; normal rectal signal in a case of anorectal anomaly without urorectal fistula did not lead to suspicion of anomaly. Observation of adducted thumbs on MR imaging is an important sign of X-linked hydrocephalus. The slice area used in this study did not cover polydactyly, which accompanies oral-facial-digital syndrome. US and MR imaging are complementary imaging methods used to evaluate ventriculomegaly. Fetal MR imaging should cover the kidney, bladder, and fingers. Further work is needed to determine the anomalies that can be clearly detected by fetal MR imaging. (author)

  20. Focal skin defect, limb anomalies and microphthalmia.

    NARCIS (Netherlands)

    Jackson, K.E.; Andersson, H.C.

    2004-01-01

    We describe two unrelated female patients with congenital single focal skin defects, unilateral microphthalmia and limb anomalies. Growth and psychomotor development were normal and no brain malformation was detected. Although eye and limb anomalies are commonly associated, clinical anophthalmia and

  1. [Fetal ocular anomalies: the advantages of prenatal magnetic resonance imaging].

    Science.gov (United States)

    Brémond-Gignac, D; Copin, H; Elmaleh, M; Milazzo, S

    2010-05-01

    Congenital ocular malformations are uncommon and require prenatal diagnosis. Severe anomalies are more often detected by trained teams and minor anomalies are more difficult to identify and must be systematically sought, particularly when multiple malformations or a family and maternal history is known. The prenatal diagnosis-imaging tool most commonly used is ultrasound but it can be completed by magnetic resonance imaging (MRI), which contributes crucial information. Fetal dysmorphism can occur in various types of dysfunction and prenatal diagnosis must recognize fetal ocular anomalies. After systematic morphologic ultrasound imaging, different abnormalities detected by MRI are studied. Classical parameters such as binocular and interorbital measurements are used to detect hypotelorism and hypertelorism. Prenatal ocular anomalies such as cataract microphthalmia, anophthalmia, and coloboma have been described. Fetal MRI added to prenatal sonography is essential in detecting cerebral and general anomalies and can give more information on the size and morphology of the eyeball. Fetal abnormality detection includes a detailed family and maternal history, an amniotic fluid sample for karyotype, and other analyses for a better understanding of the images. Each pregnancy must be discussed with all specialists for genetic counseling. With severe malformations, termination of pregnancy is proposed because of risk of blindness and associated cerebral or systemic anomalies. Early prenatal diagnosis of ocular malformations can also detect associated abnormalities, taking congenital cataracts that need surgical treatment into account as early as possible. Finally, various associated syndromes need a pediatric check-up that could lead to emergency treatment.

  2. Evaluation of Intrusion Detection Systems

    OpenAIRE

    Ulvila, Jacob W.; Gaffney, John E.

    2003-01-01

    This paper presents a comprehensive method for evaluating intrusion detection systems (IDSs). It integrates and extends ROC (receiver operating characteristic) and cost analysis methods to provide an expected cost metric. Results are given for determining the optimal operation of an IDS based on this expected cost metric. Results are given for the operation of a single IDS and for a combination of two IDSs. The method is illustrated for: 1) determining the best operating point for a single an...

  3. Mine Safety Detection System (MSDS)

    OpenAIRE

    Ballard, B.; Degnan, T.; Kipp, M.; Johnson, J; Miller, D.; Minto, M.

    2012-01-01

    Systems Engineering Project Report Approved for public release, distribution unlimited The search, detection, identification and assessment components of the U.S. Navys organic modular in-stride Mine Countermeasure (MCM) Concept of Operations (CONOPS) have been evaluated for their effectiveness as part of a hypothetical exercise in response to the existence of sea mines placed in the sea lanes of the Strait of Hormuz. The current MCM CONOPS has been shown to be capable of supporting the...

  4. Inverter Anomaly Detection Algorithm Research and Simulation%变频器异常检测方法研究与仿真

    Institute of Scientific and Technical Information of China (English)

    莫桂江

    2012-01-01

    Put forward a kind of abnormal parameter mapping estimate of the frequency converter dynamic parameters abnormal detection algorithm is proposed. Extraction frequency converter dynamic anomalies parameters, establishes the dynamic parameter and converter the mapping relationship between the parts of frequency converter dynamic parameters for nonlinear transform, the calculation of frequency converter dynamic parameters abnormal interval remove interference. Experiments show that the detection means to be able lo improve the frequency converter anomaly detection accuracy, can accurate detection fault components.%提出了一种异常参数映射估计的变频器异常动态参数检测算法.提取变频器异常动态参数,建立动态参数与变频器部件之间的映射关系,对变频器动态参数进行非线性变换,计算变频器动态参数异常区间排除干扰.实验证明,这种检测方式能够提高变频器异常检测的准确率,能够准确检测故障部件.

  5. The Autonomous Pathogen Detection System

    Energy Technology Data Exchange (ETDEWEB)

    Dzenitis, J M; Makarewicz, A J

    2009-01-13

    We developed, tested, and now operate a civilian biological defense capability that continuously monitors the air for biological threat agents. The Autonomous Pathogen Detection System (APDS) collects, prepares, reads, analyzes, and reports results of multiplexed immunoassays and multiplexed PCR assays using Luminex{copyright} xMAP technology and flow cytometer. The mission we conduct is particularly demanding: continuous monitoring, multiple threat agents, high sensitivity, challenging environments, and ultimately extremely low false positive rates. Here, we introduce the mission requirements and metrics, show the system engineering and analysis framework, and describe the progress to date including early development and current status.

  6. Prenatal sonographic diagnosis of focal musculoskeletal anomalies

    Energy Technology Data Exchange (ETDEWEB)

    Ryu, Jung Kyu; Cho, Jeong Yeon; Lee, Young Ho; Kim, Ei Jeong; Chun, Yi Kyeong [Samsung Cheil Hospital, Sungkyunkwan University School of Medicine, Seoul (Korea, Republic of)

    2002-09-15

    Focal musculoskeletal anomalies are various and may be an isolated finding or may be found in conjunction with numerous associations, including genetic syndromes, Karyotype abnormals, central nervous system anomalies and other general musculoskeletal disorders. Early prenatal diagnosis of these focal musculoskeletal anomalies nor only affects prenatal care and postnatal outcome but also helps in approaching other numerous associated anomalies.

  7. Imaging of facial anomalies.

    Science.gov (United States)

    Castillo, M; Mukherji, S K

    1995-01-01

    Anomalies of the face may occur in its lower or middle segments. Anomalies of the lower face generally involve the derivatives of the branchial apparatus and therefore manifest as defects in the mandible, pinnae, external auditory canals, and portions of the middle ears. These anomalies are occasionally isolated, but most of them occur in combination with systemic syndromes. These anomalies generally do not occur with respiratory compromise. Anomalies of the midface may extend from the upper lip to the forehead, reflecting the complex embryology of this region. Most of these deformities are isolated, but some patients with facial clefts, notably the midline cleft syndrome and holoprosencephaly, have anomalies in other sites. This is important because these patients will require detailed imaging of the face and brain. Anomalies of the midface tend to involve the nose and its air-conducting passages. We prefer to divide these anomalies into those with and without respiratory obstruction. The most common anomalies that result in airway compromise include posterior choanal stenoses and atresias, bilateral cysts (mucoceles) of the distal lacrimal ducts, and stenosis of the pyriform (anterior) nasal aperture. These may be optimally evaluated with computed tomography (CT) and generally require immediate treatment to ensure adequate ventilation. Rare nasal anomalies that also result in airway obstruction are agenesis of the pharynx, agenesis of the nose, and hypoplasia of the nasal alae. Agenesis of the nasopharynx and nose are complex anomalies that require both CT and magnetic resonance imaging (MRI). The diagnosis of hypoplasia of the nasal alae is a clinical one; these anomalies do not require imaging studies. Besides facial clefts, anomalies of the nose without respiratory obstruction tend to be centered around the nasofrontal region. This is the site of the most common sincipital encephaloceles. Patients with frontonasal and nasoethmoidal encephaloceles require both

  8. Electrochemical anomalies of protic ionic liquid - Water systems: A case study using ethylammonium nitrate - Water system

    Science.gov (United States)

    Abe, Hiroshi; Nakama, Kazuya; Hayashi, Ryotaro; Aono, Masami; Takekiyo, Takahiro; Yoshimura, Yukihiro; Saihara, Koji; Shimizu, Akio

    2016-08-01

    Electrochemical impedance spectroscopy was used to evaluate protic ionic liquid (pIL)-water mixtures in the temperature range of -35-25 °C. The pIL used in this study was ethylammonium nitrate (EAN). At room temperature, the resonant mode of conductivity was observed in the high frequency region. The anomalous conductivity disappeared once solidification occurred at low temperatures. The kinetic pH of the EAN-water system was investigated at a fixed temperature. Rhythmic pH oscillations in the EAN-H2O mixtures were induced at 70 water mixture are caused in an intermediate state between pIL and bulk water. From the ab initio calculations, it was observed that the dipole moment of the EAN-water complex shows a discrete jump at around 85 mol% H2O. Water-mediated hydrogen bonding network drastically changes at the crossover concentration.

  9. Geoelectrical Characterization of the Punta Banda System: A Possible Structural Control for the Geothermal Anomalies

    Science.gov (United States)

    Arango-Galvan, C.; Flores-Marquez, E.; Prol-Ledesma, R.; Working Group, I.

    2007-05-01

    The lack of sufficient drinking water in México has become a very serious problem, especially in the northern desert regions of the country. In order to give a real solution to this phenomenon the IMPULSA research program has been created to develope novel technologies based on desalination of sea and brackish water using renewable sources of energy to face the problem. The Punta Banda geothermal anomaly is located towards the northern part of Baja California Peninsula (Mexico). High water temperatures in some wells along the coast depicted a geothermal anomaly. An audiomagnetotelluric survey was carried out in the area as a preliminary study, both to understand the process generating these anomalous temperatures and to assess its potential exploitation to supply hot water to desalination plants. Among the electromagnetic methods, the audiomagnetotellurics (AMT) method is appropriated for deep groundwater and geothermal studies. The survey consisted of 27 AMT stations covering a 5 km profile along the Agua Blanca Fault. The employed array allowed us to characterize the geoelectrical properties of the main structures up to 500 m depth. Two main geoelectrical zones were identified: 1) a shallow low resistivity media located at the central portion of the profile, coinciding with the Maneadero valley and 2) two high resitivity structures bordering the conductive zone possibly related to NS faulting, already identified by previous geophysical studies. These results suggest that the main geothermal anomalies are controlled by the dominant structural regime in the zone.

  10. Nucleic acid detection system and method for detecting influenza

    Energy Technology Data Exchange (ETDEWEB)

    Cai, Hong; Song, Jian

    2015-03-17

    The invention provides a rapid, sensitive and specific nucleic acid detection system which utilizes isothermal nucleic acid amplification in combination with a lateral flow chromatographic device, or DNA dipstick, for DNA-hybridization detection. The system of the invention requires no complex instrumentation or electronic hardware, and provides a low cost nucleic acid detection system suitable for highly sensitive pathogen detection. Hybridization to single-stranded DNA amplification products using the system of the invention provides a sensitive and specific means by which assays can be multiplexed for the detection of multiple target sequences.

  11. Compensated intruder-detection systems

    Science.gov (United States)

    McNeilly, David R.; Miller, William R.

    1984-01-01

    Intruder-detection systems in which intruder-induced signals are transmitted through a medium also receive spurious signals induced by changes in a climatic condition affecting the medium. To combat this, signals received from the detection medium are converted to a first signal. The system also provides a reference signal proportional to climate-induced changes in the medium. The first signal and the reference signal are combined for generating therefrom an output signal which is insensitive to the climatic changes in the medium. An alarm is energized if the output signal exceeds a preselected value. In one embodiment, an acoustic cable is coupled to a fence to generate a first electrical signal proportional to movements thereof. False alarms resulting from wind-induced movements of the fence (detection medium) are eliminated by providing an anemometer-driven voltage generator to provide a reference voltage proportional to the velocity of wind incident on the fence. An analog divider receives the first electrical signal and the reference signal as its numerator and denominator inputs, respectively, and generates therefrom an output signal which is insensitive to the wind-induced movements in the fence.

  12. Capillary Electrophoresis - Optical Detection Systems

    Energy Technology Data Exchange (ETDEWEB)

    Sepaniak, M. J.

    2001-08-06

    Molecular recognition systems are developed via molecular modeling and synthesis to enhance separation performance in capillary electrophoresis and optical detection methods for capillary electrophoresis. The underpinning theme of our work is the rational design and development of molecular recognition systems in chemical separations and analysis. There have been, however, some subtle and exciting shifts in our research paradigm during this period. Specifically, we have moved from mostly separations research to a good balance between separations and spectroscopic detection for separations. This shift is based on our perception that the pressing research challenges and needs in capillary electrophoresis and electrokinetic chromatography relate to the persistent detection and flow rate reproducibility limitations of these techniques (see page 1 of the accompanying Renewal Application for further discussion). In most of our work molecular recognition reagents are employed to provide selectivity and enhance performance. Also, an emerging trend is the use of these reagents with specially-prepared nano-scale materials. Although not part of our DOE BES-supported work, the modeling and synthesis of new receptors has indirectly supported the development of novel microcantilevers-based MEMS for the sensing of vapor and liquid phase analytes. This fortuitous overlap is briefly covered in this report. Several of the more significant publications that have resulted from our work are appended. To facilitate brevity we refer to these publications liberally in this progress report. Reference is also made to very recent work in the Background and Preliminary Studies Section of the Renewal Application.

  13. Ionization detection system for aerosols

    Science.gov (United States)

    Jacobs, Martin E.

    1977-01-01

    This invention relates to an improved smoke-detection system of the ionization-chamber type. In the preferred embodiment, the system utilizes a conventional detector head comprising a measuring ionization chamber, a reference ionization chamber, and a normally non-conductive gas triode for discharging when a threshold concentration of airborne particulates is present in the measuring chamber. The improved system utilizes a measuring ionization chamber which is modified to minimize false alarms and reductions in sensitivity resulting from changes in ambient temperature. In the preferred form of the modification, an annular radiation shield is mounted about the usual radiation source provided to effect ionization in the measuring chamber. The shield is supported by a bimetallic strip which flexes in response to changes in ambient temperature, moving the shield relative to the source so as to vary the radiative area of the source in a manner offsetting temperature-induced variations in the sensitivity of the chamber.

  14. Prenatal Sonographic Diagnosis of Focal Musculoskeletal Anomalies

    OpenAIRE

    Ryu, Jung Kyu; Cho, Jeong Yeon; Choi, Jong Sun

    2003-01-01

    Focal musculoskeletal anomalies vary, and can manifest as part of a syndrome or be accompanied by numerous other conditions such as genetic disorders, karyotype abnormalities, central nervous system anomalies and other skeletal anomalies. Isolated focal musculoskeletal anomaly does, however, also occur; its early prenatal diagnosis is important in deciding prenatal care, and also helps in counseling parents about the postnatal effects of numerous possible associated anomalies. We have encount...

  15. Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor Networks

    OpenAIRE

    Nabil Ali Alrajeh; Lloret, J

    2013-01-01

    Intrusion detection system (IDS) is regarded as the second line of defense against network anomalies and threats. IDS plays an important role in network security. There are many techniques which are used to design IDSs for specific scenario and applications. Artificial intelligence techniques are widely used for threats detection. This paper presents a critical study on genetic algorithm, artificial immune, and artificial neural network (ANN) based IDSs techniques used in wireless sensor netw...

  16. 调试中基于文法编码的日志异常检测算法%A Log Anomaly Detection Algorithm for Debugging Based on Grammar-Based Codes

    Institute of Scientific and Technical Information of China (English)

    王楠; 韩冀中; 方金云

    2013-01-01

    调试软件中的非确定错误对软件开发有重要意义.近年来,随着云计算系统的快速发展和对录制重放调试方法研究的深入,使用异常检测方法从大量文本日志或控制流日志等数据中找出异常的信息对调试愈发重要.传统的异常检测算法大多是为检测和防范攻击而设计的,它们很多基于马尔可夫假设,对事件流上的剧烈变化很敏感.但是新的问题要求异常检测能够检出语义级别的异常行为.实验表明现有的基于马尔可夫假设的异常检测算法在这方面表现不佳.提出了一种新的基于文法编码的异常检测算法.该算法不依赖于统计模型、概率模型、机器学习及马尔可夫假设,设计和实现都极为简单.实验表明在检测高层次的语义异常方面,该算法比传统方法有优势.%Debugging non-deterministic bugs has long been an important research area in software development. In recent years, with the rapid emerging of large cloud computing systems and the development of record replay debugging, the key of such debugging problem becomes mining anomaly information from text console logs and/or execution flow logs. Anomaly detection algorithms can therefore be used in this area. However, although many approaches have been proposed, traditional anomaly detection algorithms are designed for detecting network attacking and not suitable for the new problems. One important reason is the Markov assumption on which many traditional anomaly detection methods are based. Markov-based methods are sensitive to harshly trashing in event transitions. In contrast, the new problems in system diagnosing require the abilities of detecting semantic misbehaviors. Experiment results show the powerless of Markov-based methods on those problems. This paper presents a novel anomaly detection algorithm which is based on grammar-based codes. Different from previous approaches, our algorithm is a non-Markov approach. It doesn

  17. Leading anomalies, the drift Hamiltonian and the relativistic two-body system

    CERN Document Server

    Nabet, Bernard M

    2014-01-01

    We suggest to solve for the motion of the two body problem in General Relativity by identifying the leading violation of conserved quantities, referred to as (relativistic) anomalies, ordered by the post-Newtonian order at which they appear. This differs from the standard procedure of obtaining the full solution up to a prescribed order. We find that the reduced Hamiltonian which describes the drift in the space of conserved quantities is given by the average of the perturbation Hamiltonian. Using this approach the averaging is done prior to the derivation of time evolution, thereby economizing the computation. The computations become similar to those in the Hamilton-Jacobi method, while staying in the more comfortable setting of the Hamiltonian formulation. We apply this approach of leading anomalies and the drift Hamiltonian to the binary problem and treat several perturbations: 1PN, spin-orbit and spin-spin. On the way we discuss the interpretation of the Laplace-Runge-Lenz vector as a generator of scale-p...

  18. Fetal renal anomalies : diagnosis, management, and outcome

    NARCIS (Netherlands)

    Damen-Elias, Henrica Antonia Maria

    2004-01-01

    In two to three percent of fetuses structural anomalies can be found with prenatal ultrasound investigation. Anomalies of the urinary tract account for 15 to 20% of these anomalies with a detection rate of approximately of 90%. In Chapter 2, 3 and 4 we present reference curves for size and growth of

  19. Thermal animal detection system (TADS)

    Energy Technology Data Exchange (ETDEWEB)

    Desholm, M.

    2003-03-01

    This report presents data from equipment tests and software development for the Thermal Animal Detection System (TADS) development project: 'Development of a method for estimating collision frequency between migrating birds and offshore wind turbines'. The technical tests were performed to investigate the performance of remote controlling, video file compression tool and physical stress of the thermal camera when operating outdoors and under the real time vibration conditions at a 2 MW turbine. Furthermore, experimental tests on birds were performed to describe the decreasing detectability with distance on free flying birds, the performance of the thermal camera during poor visibility, and finally, the performance of the thermal sensor software developed for securing high -quality data. In general, it can be concluded that the thermal camera and its related hardware and software, the TADS, are capable of recording migrating birds approaching the rotating blades of a turbine, even under conditions with poor visibility. If the TADS is used in a vertical viewing scenario it would comply with the requirements for a setup used for estimating the avian collision frequency at offshore wind turbines. (au)

  20. Quantitative identification of mutant alleles derived from lung cancer in plasma cell-free DNA via anomaly detection using deep sequencing data.

    Directory of Open Access Journals (Sweden)

    Yoji Kukita

    Full Text Available The detection of rare mutants using next generation sequencing has considerable potential for diagnostic applications. Detecting circulating tumor DNA is the foremost application of this approach. The major obstacle to its use is the high read error rate of next-generation sequencers. Rather than increasing the accuracy of final sequences, we detected rare mutations using a semiconductor sequencer and a set of anomaly detection criteria based on a statistical model of the read error rate at each error position. Statistical models were deduced from sequence data from normal samples. We detected epidermal growth factor receptor (EGFR mutations in the plasma DNA of lung cancer patients. Single-pass deep sequencing (>100,000 reads was able to detect one activating mutant allele in 10,000 normal alleles. We confirmed the method using 22 prospective and 155 retrospective samples, mostly consisting of DNA purified from plasma. A temporal analysis suggested potential applications for disease management and for therapeutic decision making to select epidermal growth factor receptor tyrosine kinase inhibitors (EGFR-TKI.

  1. Magnetoelectric coupling driven dielectric anomaly in non-polar system SeCuO3

    International Nuclear Information System (INIS)

    The non-polar material SeCuO3, which contains Cu2+ with S=1/2 spin and Se4+, has a highly distorted perovskite structure due to the small radii of Se4+ cations. The dielectric constant displays a critical decrease at 25 K, at which temperature the ferromagnetic ordering of the Cu2+ spin appears, suggesting a strong coupling between the magnetic and dielectric properties. Studies on SeCuO3 show that the magnetic and electrical subsystems reciprocally correlate via the hybridization of sp and pd. We conclude that the spin-pair correlation along the b-axis plays a significant role in the decrease of the dielectric constant around the magnetic transition temperature via the magnetoelectric coupling, and successfully explain the dielectric anomaly. The obtained dielectric constant and the magnetocapacitance for SeCuO3 are quantitative agreement with experimental results.

  2. Controls on Martian Hydrothermal Systems: Application to Valley Network and Magnetic Anomaly Formation

    Science.gov (United States)

    Harrison, Keith P.; Grimm, Robert E.

    2002-01-01

    Models of hydrothermal groundwater circulation can quantify limits to the role of hydrothermal activity in Martian crustal processes. We present here the results of numerical simulations of convection in a porous medium due to the presence of a hot intruded magma chamber. The parameter space includes magma chamber depth, volume, aspect ratio, and host rock permeability and porosity. A primary goal of the models is the computation of surface discharge. Discharge increases approximately linearly with chamber volume, decreases weakly with depth (at low geothermal gradients), and is maximized for equant-shaped chambers. Discharge increases linearly with permeability until limited by the energy available from the intrusion. Changes in the average porosity are balanced by changes in flow velocity and therefore have little effect. Water/rock ratios of approximately 0.1, obtained by other workers from models based on the mineralogy of the Shergotty meteorite, imply minimum permeabilities of 10(exp -16) sq m2 during hydrothermal alteration. If substantial vapor volumes are required for soil alteration, the permeability must exceed 10(exp -15) sq m. The principal application of our model is to test the viability of hydrothermal circulation as the primary process responsible for the broad spatial correlation of Martian valley networks with magnetic anomalies. For host rock permeabilities as low as 10(exp -17) sq m and intrusion volumes as low as 50 cu km, the total discharge due to intrusions building that part of the southern highlands crust associated with magnetic anomalies spans a comparable range as the inferred discharge from the overlying valley networks.

  3. 基于用户行为周期的移动设备异常检测方法%User BehaviorCycle-Based Statistical Approach for Anomaly Detecting on Mobile Devices

    Institute of Scientific and Technical Information of China (English)

    吴志忠; 周学海

    2015-01-01

    In this paper, we present a distributed anomaly detection system for mobile devices. The proposed framework realizes a client-server architecture, the client continuously extracts various features of mobile device and transfers to the server, and the server’s major task is to detect anomaly using state-of-art detection algorithms. According to the regularity of human daily activity and the periodic of using mobile device, we also propose a novel user behavior cycle based statistical approach, in which the abnormal is determined by the distance from the undetermined feature vector to the similar time segments’ vectors of previous cycles. We use the Mahalanobis distance as distance metric since it is rarely affected by the correlate and value range of features. Evaluation results demonstrated that the proposed framework and novel anomaly detection algorithm could effectively improve the detection rate of malwares on mobile devices.%本文提出了一种分布式的移动设备异常检测系统,该系统采用客户端-服务器架构,客户端程序在移动设备上持续提取特征并传送给服务器,服务器使用异常检测算法分析特征。根据人类日常活动的规律性以及用户使用移动设备的周期性,我们还提出了一种基于用户行为周期的异常检测方法,通过比较待检测特征向量和以往周期相近时间段的特征向量集的距离即可判定该特征向量是否异常,向量比较时采用不受特征间关联以及特征取值范围影响的马氏距离作为距离衡量的标准。实验证明我们采用的移动设备异常检测系统框架和检测方法能够有效提高对移动设备恶意程序的检测率。

  4. NADIR: A prototype system for detecting network and file system abuse

    Energy Technology Data Exchange (ETDEWEB)

    Hochberg, J.G.; Jackson, K.A.; Stallings, C.A.; McClary, J.F.; DuBois, D.H.; Ford, J.R.

    1992-01-01

    This paper describes the design of a prototype computer misuse detection system for the Los Alamos Notional Laboratory's Integrated Computing Network (ICN). This automated expert system, the Network Anomaly Detection and Intrusion Reporter (NADIR), streamlines and supplements the manual audit record review traditionally performed by security auditors. NADIR compares network activity, as summarized in weekly profiles of individual users and the ICN as a whole, against expert rules that define security policy, improper or suspicious behavior, and normal user activity. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes analysis by NADIR of two types of ICN activity: user authentication and access control, and mass file storage. It highlights system design issues of data handling, exploiting existing auditing systems, and performing audit analysis at the network level.

  5. NADIR: A prototype system for detecting network and file system abuse

    Energy Technology Data Exchange (ETDEWEB)

    Hochberg, J.G.; Jackson, K.A.; Stallings, C.A.; McClary, J.F.; DuBois, D.H.; Ford, J.R.

    1992-10-01

    This paper describes the design of a prototype computer misuse detection system for the Los Alamos Notional Laboratory`s Integrated Computing Network (ICN). This automated expert system, the Network Anomaly Detection and Intrusion Reporter (NADIR), streamlines and supplements the manual audit record review traditionally performed by security auditors. NADIR compares network activity, as summarized in weekly profiles of individual users and the ICN as a whole, against expert rules that define security policy, improper or suspicious behavior, and normal user activity. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes analysis by NADIR of two types of ICN activity: user authentication and access control, and mass file storage. It highlights system design issues of data handling, exploiting existing auditing systems, and performing audit analysis at the network level.

  6. Distributed Impact Detection System Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Automated impact detection and characterization on manned spacecraft has been an elusive goal due to the transitory nature of the detectable high-frequency signals....

  7. ISOTOPIC ANOMALIES IN PRIMITIVE SOLAR SYSTEM MATTER: SPIN-STATE-DEPENDENT FRACTIONATION OF NITROGEN AND DEUTERIUM IN INTERSTELLAR CLOUDS

    Energy Technology Data Exchange (ETDEWEB)

    Wirstroem, Eva S.; Cordiner, Martin A.; Charnley, Steven B.; Milam, Stefanie N., E-mail: ewirstrom@gmail.com [Astrochemistry Laboratory and Goddard Center for Astrobiology, NASA Goddard Space Flight Center, Greenbelt, MD 20770 (United States)

    2012-09-20

    Organic material found in meteorites and interplanetary dust particles is enriched in D and {sup 15}N. This is consistent with the idea that the functional groups carrying these isotopic anomalies, nitriles and amines, were formed by ion-molecule chemistry in the protosolar nebula. Theoretical models of interstellar fractionation at low temperatures predict large enrichments in both D and {sup 15}N and can account for the largest isotopic enrichments measured in carbonaceous meteorites. However, more recent measurements have shown that, in some primitive samples, a large {sup 15}N enrichment does not correlate with one in D, and that some D-enriched primitive material displays little, if any, {sup 15}N enrichment. By considering the spin-state dependence in ion-molecule reactions involving the ortho and para forms of H{sub 2}, we show that ammonia and related molecules can exhibit such a wide range of fractionation for both {sup 15}N and D in dense cloud cores. We also show that while the nitriles, HCN and HNC, contain the greatest {sup 15}N enrichment, this is not expected to correlate with extreme D enrichment. These calculations therefore support the view that solar system {sup 15}N and D isotopic anomalies have an interstellar heritage. We also compare our results to existing astronomical observations and briefly discuss future tests of this model.

  8. ISOTOPIC ANOMALIES IN PRIMITIVE SOLAR SYSTEM MATTER: SPIN-STATE-DEPENDENT FRACTIONATION OF NITROGEN AND DEUTERIUM IN INTERSTELLAR CLOUDS

    International Nuclear Information System (INIS)

    Organic material found in meteorites and interplanetary dust particles is enriched in D and 15N. This is consistent with the idea that the functional groups carrying these isotopic anomalies, nitriles and amines, were formed by ion-molecule chemistry in the protosolar nebula. Theoretical models of interstellar fractionation at low temperatures predict large enrichments in both D and 15N and can account for the largest isotopic enrichments measured in carbonaceous meteorites. However, more recent measurements have shown that, in some primitive samples, a large 15N enrichment does not correlate with one in D, and that some D-enriched primitive material displays little, if any, 15N enrichment. By considering the spin-state dependence in ion-molecule reactions involving the ortho and para forms of H2, we show that ammonia and related molecules can exhibit such a wide range of fractionation for both 15N and D in dense cloud cores. We also show that while the nitriles, HCN and HNC, contain the greatest 15N enrichment, this is not expected to correlate with extreme D enrichment. These calculations therefore support the view that solar system 15N and D isotopic anomalies have an interstellar heritage. We also compare our results to existing astronomical observations and briefly discuss future tests of this model.

  9. Isotopic Anomalies in Primitive Solar System Matter: Spin-State-Dependent Fractionation of Nitrogen and Deuterium in Interstellar Clouds

    Science.gov (United States)

    Wirstrom, Eva S.; Charnley, Steven B.; Cordiner, Martin A.; Milam, Stefanie N.

    2012-01-01

    Organic material found in meteorites and interplanetary dust particles is enriched in D and N-15. This is consistent with the idea that the functional groups carrying these isotopic anomalies, nitriles and amines, were formed by ion-molecule chemistry in the protosolar nebula, Theoretical models of interstellar fractionation at low temperatures predict large enrichments in both D and N-15 and can account for the largest isotopic enrichments measured in carbonaceous meteorites. However, more recent measurements have shown that, in some primitive samples, a large N-15 enrichment does not correlate with one in D, and that some D-enriched primitive material displays little, if any, N-15 enrichment. By considering the spin-state dependence in ion-molecule reactions involving the ortho and para forms of H2, we show that ammonia and related molecules can exhibit such a wide range of fractionation for both N-15 and D in dense cloud cores. We also show that while the nitriles, HCN and HNC, contain the greatest N=15 enrichment, this is not expected to correlate with extreme D enrichment. These calculations therefore support the view that solar system N-15 and D isotopic anomalies have an interstellar heritage. We also compare our results to existing astronomical observations and briefly discuss future tests of this model.

  10. Isotopic Anomalies in Primitive Solar System Matter: Spin-State Dependent Fractionation of Nitrogen and Deuterium in Interstellar Clouds

    Science.gov (United States)

    Wirstrom, Eva S.; Charnley, Steven B.; Cordiner, Martin A.; Milan, Stefanie N.

    2012-01-01

    Organic material found in meteorites and interplanetary dust particles is enriched in D and N-15, This is consistent with the idea that the functional groups carrying these isotopic anomalies, nitriles and amines, were formed by ion-molecule chemistry in the protosolar core. Theoretical models of interstellar fractionation at low temperatures predict large enrichments in both D and N-15 and can account for the largest isotop c enrichments measured in carbonaceous meteorites, However, more recent measurements have shown that, in some primitive samples, a large N-15 enrichment does not correlate with one in D, and that some D-enriched primitive material displays little, if any, N-15 enrichment. By considering the spin-state dependence in ion-molecule reactions involving the ortho and para forms of H2, we show that ammonia and related molecules can exhibit such a wide range of fractionation for both N-15 and D in dense cloud cores, We also show that while the nitriles, HCN and HNC, contain the greatest N-15 enrichment, this is not expected to correlate with extreme D emichment. These calculations therefore support the view that Solar System N-15 and D isotopic anomalies have an interstellar heritage, We also compare our results to existing astronomical observations and briefly discuss future tests of this model.

  11. On the compatibility of a proposed explanation of the Pioneer anomaly with the cartography of the solar system

    CERN Document Server

    Ranada, Antonio F

    2009-01-01

    We analyze here the reasons why an explanation of the Pioneer anomaly proposed by the authors is fully compatible with the cartography of the solar system. First, this proposal posits that the phenomenon is an apparent acceleration, not a real one, caused by a progressive desynchronization of the astronomical and the atomic clock-times, after they had been synchronized at a previous instant. The desynchronization could be caused by a coupling between the background gravitation and the quantum vacuum. Therefore, the standard argument for the incompatibility of the Pioneer acceleration and the values of the planets' orbits radii cannot be applied. Second, this proposal gives exactly the same results for radar ranging observations as standard physics. Hence, it cannot be in conflict with the very precise cartography of the solar system determined by NASA's Viking mission. Otherwise stated, while this proposal predicts apparent changes in the velocities of the spaceships and in the frequencies of Doppler observat...

  12. The Pioneer Anomaly

    Directory of Open Access Journals (Sweden)

    Viktor T. Toth

    2010-09-01

    Full Text Available Radio-metric Doppler tracking data received from the Pioneer 10 and 11 spacecraft from heliocentric distances of 20-70 AU has consistently indicated the presence of a small, anomalous, blue-shifted frequency drift uniformly changing with a rate of ~6 × 10–9 Hz/s. Ultimately, the drift was interpreted as a constant sunward deceleration of each particular spacecraft at the level of aP = (8.74 ± 1.33 × 10–10 m/s2. This apparent violation of the Newton's gravitational inverse square law has become known as the Pioneer anomaly; the nature of this anomaly remains unexplained. In this review, we summarize the current knowledge of the physical properties of the anomaly and the conditions that led to its detection and characterization. We review various mechanisms proposed to explain the anomaly and discuss the current state of efforts to determine its nature. A comprehensive new investigation of the anomalous behavior of the two Pioneers has begun recently. The new efforts rely on the much-extended set of radio-metric Doppler data for both spacecraft in conjunction with the newly available complete record of their telemetry files and a large archive of original project documentation. As the new study is yet to report its findings, this review provides the necessary background for the new results to appear in the near future. In particular, we provide a significant amount of information on the design, operations and behavior of the two Pioneers during their entire missions, including descriptions of various data formats and techniques used for their navigation and radio-science data analysis. As most of this information was recovered relatively recently, it was not used in the previous studies of the Pioneer anomaly, but it is critical for the new investigation.

  13. Neutron Interrogation System For Underwater Threat Detection And Identification

    Science.gov (United States)

    Barzilov, Alexander P.; Novikov, Ivan S.; Womble, Phil C.

    2009-03-01

    Wartime and terrorist activities, training and munitions testing, dumping and accidents have generated significant munitions contamination in the coastal and inland waters in the United States and abroad. Although current methods provide information about the existence of the anomaly (for instance, metal objects) in the sea bottom, they fail to identify the nature of the found objects. Field experience indicates that often in excess of 90% of objects excavated during the course of munitions clean up are found to be non-hazardous items (false alarm). The technology to detect and identify waterborne or underwater threats is also vital for protection of critical infrastructures (ports, dams, locks, refineries, and LNG/LPG). We are proposing a compact neutron interrogation system, which will be used to confirm possible threats by determining the chemical composition of the suspicious underwater object. The system consists of an electronic d-T 14-MeV neutron generator, a gamma detector to detect the gamma signal from the irradiated object and a data acquisition system. The detected signal then is analyzed to quantify the chemical elements of interest and to identify explosives or chemical warfare agents.

  14. DIAGNOSTIC OF ANOMALIES IN DATA-PROCESSING NETWORKS WITH USE OF VARIETY OF INFORMATION EXCHANGE

    Directory of Open Access Journals (Sweden)

    Kucher V. A.

    2015-06-01

    Full Text Available The work is devoted to searching efficient detection methods of anomalous state in data networks. There is a structure of modern informational attacks detecting system. There are short review and analysis of information system network security facilities. Two main technologies of attack detection are described: anomaly detection and misuse detection. It is shown that every detection of anomalies is based on assumption that anomalous behavior is deflection from normal profile of behavior. It is hard to implement this technology, although there is some progress when expert system, fuzzy logic and so on are used for this purpose. Action patterns or symbols assets which describe anomaly activity are used as attack signature in misuse detection method. Author offers to use benefits of both methods for solving the problem

  15. Doses Due to the South Atlantic Anomaly During the Euromir'95 Mission Measured by an On-Board TLD System

    International Nuclear Information System (INIS)

    During the Euromir'95 mission, a specially designed microprocessor-controlled thermoluminescent detector (TLD) system, called the 'Pille'95', was used by ESA astronaut Thomas Reiter to measure the cosmic radiation dose inside the Mir space station. One of the experiment's objectives was to determine the dose fraction on Mir due to the South Atlantic Anomaly (SAA) on an orbit inclined at 51.6 deg. and at an altitude of about 400 km. Using an hourly measuring period for 170 h in automatic mode, dose components both of galactic (independent of SAA) and SAA origin were determined. It was found that the maximum dose due to crossing the SAA was equal to 55 μGy. Averaging all the measurements it was calculated that the mean dose rate inside the Mir was 12-14 μGy.h-1, and that half of this value was caused by the SAA. (author)

  16. Tectonic history of the north portion of the San Andreas fault system, California, inferred from gravity and magnetic anomalies

    Science.gov (United States)

    Griscom, A.; Jachens, R.C.

    1989-01-01

    Geologic and geophysical data for the San Andreas fault system north of San Francisco suggest that the eastern boundary of the Pacific plate migrated eastward from its presumed original position at the base of the continental slope to its present position along the San Andreas transform fault by means of a series of eastward jumps of the Mendocino triple junction. These eastward jumps total a distance of about 150 km since 29 Ma. Correlation of right-laterally displaced gravity and magnetic anomalies that now have components at San Francisco and on the shelf north of Point Arena indicates that the presently active strand of the San Andreas fault north of the San Francisco peninsula formed recently at about 5 Ma when the triple junction jumped eastward a minimum of 100 km to its present location at the north end of the San Andreas fault. -from Authors

  17. Intrusion detection system and technology of layered wireless sensor network based on Agent

    Directory of Open Access Journals (Sweden)

    Genjian Yu

    2013-08-01

    Full Text Available The intrusion detection system and technology of classified layered-wireless sensor network was able to meet the high safety requirements of wireless sensor network, it is urgent for us to improve the identification and generalization of detection system about characters of intrusion. In this paper, we design an intelligent intrusion detection system which realize intelligence, the effective and direct way was to add the methods,  and it was used for identification and generalization of intrusion characters to the Agent function of intrusion detection. It could obtain credible judgment by updating and examining the database for the actions which the general misuse detection or anomaly detection were not sure if the intrusion was formed.

  18. DELORES - A System for Detection and Localization of Structural Damages

    DEFF Research Database (Denmark)

    Johansen, Rasmus Johan; Ulriksen, Martin Dalgaard; Damkilde, Lars

    2016-01-01

    Today, structural inspections of large structures, like wind turbines, bridges, etc., are often performed manually by highly trained personnel. Obviously, this inspection approach is both extremely costly and tedious, for which reason this paper provides a presentation of an alternative approach...... that monitors the structures remotely without human involvement. DELORES (DEtection and LOcalization of RESponse anomalies) is a first version of a system, which utilizes vibration recordings from the healthy and current states of a structure to declare its current health. DELORES employs extended versions...... in question is utilized along with measured vibrations of the real structure to determine its current health situation. DELORES provides a user interface with various options that, among other things, make the program suitable for structures modeled in two and three dimensions. The present paper will provide...

  19. Real time prediction of sea level anomaly data with the Prognocean system - comparison of results obtained using different prediction techniques

    Science.gov (United States)

    Mizinski, Bartlomiej; Niedzielski, Tomasz; Kosek, Wieslaw

    2013-04-01

    Prognocean is a near-real time modeling and prediction system elaborated and based at University of Wroclaw, Poland. It operates on gridded Sea Level Anomaly (SLA) data obtained from the Archiving, Validation and Interpretation of Satellite Oceanographic data (AVISO), France. The data acquisition flow from AVISO to Prognocean is entirely automatic and is implemented in Python. The core of the system - including data pre-processing, modeling, prediction, validation and visualization procedures - is composed of a series of R scripts that are interrelated and work at three levels of generalization. The objective of the work presented here is to show the results of our numerical experiment that have been carried out since early 2012. Four prediction models have been implemented to date: (1) extrapolation of polynomial-harmonic model and the extrapolation of polynomial-harmonic model with (2) autoregressive model, (3) threshold autoregressive model and (4) autocovariance procedure. Although the presentation is limited to four models and their predictive skills, Prognocean consists of modules and hence new techniques may be plugged in at any time. In this paper, the comparison of the results into forecasting sea level anomaly maps is presented. Along with sample predictions, with various lead times up to two weeks, we present and discuss a set of root mean square prediction error maps computed in real time after the observations have been available. We identified areas where linear prediction models reveal considerable errors, which may indicate a non-linear mode of sea level change. In addition, we have identified an agreement between the spatial pattern of large prediction errors and the spatial occurrence of key mesoscale ocean eddies.

  20. Multi-Vector Portable Intrusion Detection System

    OpenAIRE

    Moyers, Benjamin

    2009-01-01

    This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlat...

  1. Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS)

    Energy Technology Data Exchange (ETDEWEB)

    Jared Verba; Michael Milvich

    2008-05-01

    Current Intrusion Detection System (IDS) technology is not suited to be widely deployed inside a Supervisory, Control and Data Acquisition (SCADA) environment. Anomaly- and signature-based IDS technologies have developed methods to cover information technology-based networks activity and protocols effectively. However, these IDS technologies do not include the fine protocol granularity required to ensure network security inside an environment with weak protocols lacking authentication and encryption. By implementing a more specific and more intelligent packet inspection mechanism, tailored traffic flow analysis, and unique packet tampering detection, IDS technology developed specifically for SCADA environments can be deployed with confidence in detecting malicious activity.

  2. Anomaly Structure of Supergravity and Anomaly Cancellation

    CERN Document Server

    Butter, Daniel

    2009-01-01

    We display the full anomaly structure of supergravity, including new D-term contributions to the conformal anomaly. This expression has the super-Weyl and chiral U(1)_K transformation properties that are required for implementation of the Green-Schwarz mechanism for anomaly cancellation. We outline the procedure for full anomaly cancellation. Our results have implications for effective supergravity theories from the weakly coupled heterotic string theory.

  3. Analyzing Spatiotemporal Anomalies through Interactive Visualization

    Directory of Open Access Journals (Sweden)

    Tao Zhang

    2014-06-01

    Full Text Available As we move into the big data era, data grows not just in size, but also in complexity, containing a rich set of attributes, including location and time information, such as data from mobile devices (e.g., smart phones, natural disasters (e.g., earthquake and hurricane, epidemic spread, etc. We are motivated by the rising challenge and build a visualization tool for exploring generic spatiotemporal data, i.e., records containing time location information and numeric attribute values. Since the values often evolve over time and across geographic regions, we are particularly interested in detecting and analyzing the anomalous changes over time/space. Our analytic tool is based on geographic information system and is combined with spatiotemporal data mining algorithms, as well as various data visualization techniques, such as anomaly grids and anomaly bars superimposed on the map. We study how effective the tool may guide users to find potential anomalies through demonstrating and evaluating over publicly available spatiotemporal datasets. The tool for spatiotemporal anomaly analysis and visualization is useful in many domains, such as security investigation and monitoring, situation awareness, etc.

  4. Evaluating the SEVIRI Fire Thermal Anomaly Detection Algorithm across the Central African Republic Using the MODIS Active Fire Product

    OpenAIRE

    Freeborn, Patrick H.; Wooster, Martin J.; Gareth Roberts; Weidong Xu

    2014-01-01

    Satellite-based remote sensing of active fires is the only practical way to consistently and continuously monitor diurnal fluctuations in biomass burning from regional, to continental, to global scales. Failure to understand, quantify, and communicate the performance of an active fire detection algorithm, however, can lead to improper interpretations of the spatiotemporal distribution of biomass burning, and flawed estimates of fuel consumption and trace gas and aerosol emissions. This work e...

  5. Role of Sonography and MRI in Fetal CNS Anomaly

    Directory of Open Access Journals (Sweden)

    Jalal Jalalshokouhi

    2010-05-01

    Full Text Available Current ultrasound equipment allows the antenatal identification of many central nervous system anomalies from early gestation. Diagnostic accuracy, however, remains heavily dependent upon the expertise of the sonologist. Fetal ultrasound is effective in identifying CNS anomalies. Magnetic resonance imaging may play a major role in the evaluation of cases with suboptimal ultrasound visualization, or when specific anomalies are suspected, such as intracranial haemorrhage or migrational disorders."nThis study was performed in two centers, of which anomaly sonography scan was carried out in Nasle Omid clinic by high end ultrasound machines (Aloka a10-version 2009 and Medison Accuvix-XQ and the fetal MRI was performed in Jaam e Jam Imaging center."nAnomaly ultrasound scan and detailed CNS scan was done by checking the size and shape of the skull, symmetry of the CNS, cerebellum, cisterna magna, CSP, lateral ventricles and thalami by 2-6 MHZ abdominal convex transducer and in some cases, high resolution transvaginal sonography was performed for better images."nCases were referred for fetal CNS MRI when ultra-sound was not conclusive for CNS anomaly or better evaluation of the background anomaly."nIn this study, in more than 20 cases we could confirm sonography is the major diagnostic tool for CNS anomalies, if performed by an experienced sonologist and proper equipment. "nMRI has a very important role in confirming ultra-sound findings or detecting CNS anomalies when sonography is not conclusive, if MRI is accomplished based on a proper protocol and read by an experienced radiologist.

  6. RASID: A Robust WLAN Device-free Passive Motion Detection System

    CERN Document Server

    Kosba, Ahmed E; Youssef, Moustafa

    2011-01-01

    Device-free passive (DfP) indoor localization is an emerging technology enabling the localization of entities that do not carry any devices nor participate actively in the localization process using the already installed wireless infrastructure. This technology is useful for a variety of applications, where special hardware might not be applicable or affordable such as intrusion detection, smart homes and border protection. In this paper, we present the design, implementation and evaluation of RASID, a DfP system for human motion detection. RASID combines different modules for statistical anomaly detection while adapting to changes in the environment to provide accurate, robust and low-overhead detection of human activities. Evaluation of the system in two different real testbed environments shows that it can achieve an accurate detection capability of 6% miss detection rate and 9% false alarm rate in both environments. In addition, the high accuracy and low overhead performance are robust to changes in the e...

  7. Thermal systems for landmine detection

    Science.gov (United States)

    D'Angelo, Marco; Del Vecchio, Luca; Esposito, Salvatore; Balsi, Marco; Jankowski, Stanislaw

    2009-06-01

    This paper presents new techniques of landmine detection and localization using thermal methods. Described methods use both dynamical and static analysis. The work is based on datasets obtained from the Humanitarian Demining Laboratory of Università La Sapienza di Roma, Italy.

  8. US Army Nuclear Burst Detection System (NBDS)

    International Nuclear Information System (INIS)

    The Nuclear Burst Detection System (NBDS) was developed to meet the Army requirements of an unattended, automatic nuclear burst reporting system. It provides pertinent data for battlefield commanders on a timely basis with high reliability

  9. Development of a Global Agricultural Hotspot Detection and Early Warning System

    Science.gov (United States)

    Lemoine, G.; Rembold, F.; Urbano, F.; Csak, G.

    2015-12-01

    The number of web based platforms for crop monitoring has grown rapidly over the last years and anomaly maps and time profiles of remote sensing derived indicators can be accessed online thanks to a number of web based portals. However, while these systems make available a large amount of crop monitoring data to the agriculture and food security analysts, there is no global platform which provides agricultural production hotspot warning in a highly automatic and timely manner. Therefore a web based system providing timely warning evidence as maps and short narratives is currently under development by the Joint Research Centre. The system (called "HotSpot Detection System of Agriculture Production Anomalies", HSDS) will focus on water limited agricultural systems worldwide. The automatic analysis of relevant meteorological and vegetation indicators at selected administrative units (Gaul 1 level) will trigger warning messages for the areas where anomalous conditions are observed. The level of warning (ranging from "watch" to "alert") will depend on the nature and number of indicators for which an anomaly is detected. Information regarding the extent of the agricultural areas concerned by the anomaly and the progress of the agricultural season will complement the warning label. In addition, we are testing supplementary detailed information from other sources for the areas triggering a warning. These regard the automatic web-based and food security-tailored analysis of media (using the JRC Media Monitor semantic search engine) and the automatic detection of active crop area using Sentinel 1, upcoming Sentinel-2 and Landsat 8 imagery processed in Google Earth Engine. The basic processing will be fully automated and updated every 10 days exploiting low resolution rainfall estimates and satellite vegetation indices. Maps, trend graphs and statistics accompanied by short narratives edited by a team of crop monitoring experts, will be made available on the website on a

  10. Doppler colour flow mapping of fetal intracerebral arteries in the presence of central nervous system anomalies

    NARCIS (Netherlands)

    J.W. Wladimiroff (Juriy); R. Heydanus (Rogier); P.A. Stewart (Patricia)

    1993-01-01

    textabstractThe adjunctive role of Doppler colour flow mapping in the evaluation of intracerebral morphology and arterial blood flow in the presence of normal and abnormal central nervous system morphology was determined. A total of 59 fetuses with suspected central nervous system pathology between

  11. The Pioneer Anomaly

    CERN Document Server

    Turyshev, Slava G

    2010-01-01

    Radio-metric Doppler tracking data received from the Pioneer 10 and 11 spacecraft from heliocentric distances of 20-70 AU has consistently indicated the presence of a small, anomalous, blue-shifted frequency drift uniformly changing with a rate of ~6 x 10^{-9} Hz/s. Ultimately, the drift was interpreted as a constant sunward deceleration of each particular spacecraft at the level of a_P = (8.74 +/- 1.33) x 10^{-10} m/s^2. This apparent violation of the Newton's gravitational inverse-square law has become known as the Pioneer anomaly; the nature of this anomaly remains unexplained. In this review, we summarize the current knowledge of the physical properties of the discovered effect and the conditions that led to its detection and characterization. We review various mechanisms proposed to explain the anomaly and discuss the current state of efforts to determine its nature. A comprehensive new investigation of the anomalous behavior of the two Pioneers has begun recently. The new efforts rely on the much-extend...

  12. MODEL FOR INTRUSION DETECTION SYSTEM

    Directory of Open Access Journals (Sweden)

    Neha Rani

    2012-10-01

    Full Text Available Advancement in wireless communications lead more and more mobile wireless networks e.g., mobile networks [mobile ad hoc networks (MANETs], wireless sensor networks, etc. Some of the challenges in MANET include: Dynamic network topology, Speed, Bandwidth, computation capability, Scalability, Quality of service, Secure and Reliable routing. One of the most important challenges in mobile wireless networks is the Secure and reliable routing and the main characteristic of MANET with respect to security is the lack of clear line of defence. Therefore, the SP routing problem in MANET turns into dynamic optimization problem. In this paper, a path detection algorithm and a model to detect intruders that is misbehaving nodes in the alternative paths is proposed.

  13. 无线自组织网络中多层综合的节点行为异常检测方法%Multi-layer Integrated Anomaly Detection of Mobile Nodes Behaviors in Mobile Ad Hoc Networks

    Institute of Scientific and Technical Information of China (English)

    王涛; 余顺争

    2009-01-01

    Mobile Ad hoc Networks are very vulnerable to malicious attacks due to the nature of mobile computing envi-ronment such as wireless communication channels, limited power and bandwidth, dynamically changing and distributed network topology,etc.The general existing Intrusion Detection Systems (IDS) have provided little evidence that they are applicable to a broader range threats.Based on the generalized and cooperative intrusion detection architecture pro-posed as the foundation for all intrusion detection, we presented an anomaly detection mechanism to discriminate the il-legitimate network behaviors of mobile nodes.By collecting the observation sequences of multiple protocol layers, Hid-den semi-Markov Model (HSMM) was explored to describe the network behaviors of legitimate nodes and to implement the anomaly detection for various malicious attacks.We conducted extensive experiments using the na-2 simulation envi-ronment to evaluate and validate our research.%Ad hoe网络由于采用无线信道、有限的电源和带宽、分布式控制等,会比有线网络更易受到入侵攻击.通常的入侵检测技术具有检测能力单一、缺乏对抗新入侵方式的能力等缺陷.在分布式入侵检测系统(IDS)的基础上,提出一种针对移动节点网络行为的异常检测机制.基于多层综合的观测值序列,采用隐半马尔可夫模型(HSMM)建立描述网络中合法节点正常行为的检测模型,继而对网络中的正常与异常行为进行判断与识别.实验表明,此方法能针对现有多种入侵方式进行有效的检测.

  14. Research and Implementation on Network Trafifc Anomaly Detection without Guidance Learning with Spark%Spark框架下基于无指导学习环境的网络流量异常检测研究与实现

    Institute of Scientific and Technical Information of China (English)

    吴晓平; 周舟; 李洪成

    2016-01-01

    In view of the massive data intrusion detection, this paper designs and implements a network trafifc anomaly detection system based on Spark framework. Data preprocessing use Python and Python data, an upgraded version of the IPython implementation. Anomaly detection usesK-means predict and classify flow records represent the type of attack. In order to avoid time overhead uses traditional distributed computing framework, this paper designs and implements an anomalyK-means detection method under the framework of Spark. The method storages temporary data into memory rather than the hard drive, and improve the computational efifciency. In order to solve the problem ofK value select dififcult, through the Spark iterative calculation and comparison of the different K-means value of theK algorithm in the cluster center to all points in the cluster average value of all points, to achieve the best selection ofK value. Finally, the performance and function of the system are tested. The test result shows that the system achieves the predetermined design requirements, and has high computational efifciency and detection accuracy.%针对海量数据进行入侵检测的困难性问题,文章设计并实现了一套基于Spark框架的网络流量无指导学习异常检测系统。数据的预处理采用Python和Python的数据升级版IPython实现,异常检测采用无指导学习环境下的快速聚类方法K-means预测以及划分流量方法,记录所代表的攻击类型。为了避免MapReduce等传统分布式计算框架频繁的硬盘读写带来的巨大时间开销,文章设计实现了Spark框架下的K-means异常检测方法,通过将每轮迭代产生的临时数据存入内存而非硬盘中,有效提高了K-means聚类检测算法的计算效率。此外,为解决K-means算法中K值选取难的问题,通过Spark迭代计算与比较不同K值下的K-means算法中各聚类中心到所属簇中所有点距离的平均值,实现最佳K值

  15. Development of the environmental neutron detection system

    CERN Document Server

    Kume, K

    2002-01-01

    Environmental neutron detection system was proposed and developed. The main goal of this system was set to detect fast and thermal neutrons with the identical detectors setup without degraders. This system consists of a sup 1 sup 0 B doped liquid scintillator for n detection and CsI scintillators for simultaneous gamma emission from sup 1 sup 0 B doped in the liquid scintillator after the n capture reaction. The first setup was optimized for the thermal n detection, while the second setup was for the fast n detection. It was shown that the thermal n flux was obtained in the first setup by using the method of the gamma coincidence method with the help of the Monte Carlo calculation. The second setup was designed to improve the detection efficiency for the fast n, and was shown qualitatively that both the pulse shape discrimination and the coincidence methods are efficient. There will be more improvements, particularly for the quantitative discussion.

  16. Fall Detection Sensor System for the Elderly

    Directory of Open Access Journals (Sweden)

    Alicia Y.C. Tang

    2015-06-01

    Full Text Available Many elderly people are living alone in their homes. If the elderly fall down, it may be difficult for them to request for help. The main objective of this work is to design an android-based fall detection sensor system at affordable cost for the elderly in Malaysia. This paper describes the design of the android-based fall detection sensor system. The system is able to acknowledge a falling incident to the contact person such that the incident can be reported to the ambulance department soonest possible, and to provide necessary medical treatments for the injured elderly. The design and implementation combines both hardware and software that work seamlessly in detecting and reporting a fall at home. The hardware part consists of the falling detection sensor that detects the body position of the user whether it is on a falling mode while the software side consists of some formulas that detect the fallings and triggers the alarm.

  17. Intrusion Detection Approach Using Connectionist Expert System

    Institute of Scientific and Technical Information of China (English)

    MA Rui; LIU Yu-shu; DU Yan-hui

    2005-01-01

    In order to improve the detection efficiency of rule-based expert systems, an intrusion detection approach using connectionist expert system is proposed. The approach converts the AND/OR nodes into the corresponding neurons, adopts the three-layered feed forward network with full interconnection between layers,translates the feature values into the continuous values belong to the interval [0, 1 ], shows the confidence degree about intrusion detection rules using the weight values of the neural networks and makes uncertain inference with sigmoid function. Compared with the rule-based expert system, the neural network expert system improves the inference efficiency.

  18. Network traffic anomaly detection based on relative entropy%基于相对熵的网络流量异常检测方法

    Institute of Scientific and Technical Information of China (English)

    张登银; 廖建飞

    2012-01-01

    The anomaly detection of network traffic, which aims at detecting abrupt attacks timely and accurately, is important in the field of network security. Existing detection methods, such as the methods based on data mining and wavelet analysis, fail to meet the application requirements of online traffic detection either due to the high complexity of algorithm or the poor detection effect. By introducing the concept of information entropy and calculating relative entropy of the network traffic on the vision of the traffic S dimensions and hierarchies in real-time, this paper proposes a relative entropy based detection method with the time complexity of algorithm at O(N ×log2N ×D) . Experiment analysis shows that the false a-larm rate can be controlled only in 0. 03 ~0. 05 when the detection rate reaches 0. 8 ~0. 85 , which meets the requirements of real-time and accuracy simultaneously.%网络流量的异常检测是网络安全领域一个重要分支,目标是及时准确地检测网络中发生的突发攻击事件.现有流量异常检测方法如数据挖掘、小波分析等方法或因检测效果较差,或因算法复杂,难以满足实时在线流量检测的应用需求.文中引入信息熵概念,通过对网络流量进行分维和分层实时计算网络流量相对熵,提出了一种基于相对熵的流量异常检测方法,算法时间复杂度为O(N×log2N× D).实验分析表明,当检测率达到0.80 ~0.85时,误报率控制在0.03 ~O.05,可同时满足系统实时性和准确性要求.

  19. The Price of Failure - A Study of System Test Anomaly Trends

    Science.gov (United States)

    Arnheim, B.; Chang, P. S.

    2004-08-01

    One challenge with system level testing is that most failures at this level result in impacting the critical path. This paper presents analysis of system test failures and their impact on the critical path schedule for a production program. The paper focuses on a multiple vehicle program where it is possible to explore the effects of schedule slip and learning curve across a production line. Another feature of this type of program is that problems encountered on any particular satellite can be addressed on all other vehicles that have not yet flown. However, reachback of this nature comes with an impact to the program. This paper will also explore that impact.

  20. Introduction to Wireless Intrusion Detection Systems

    OpenAIRE

    Milliken, Jonny

    2014-01-01

    The IDS (Intrusion Detection System) is a common means of protecting networked systems from attack or malicious misuse. The development and rollout of an IDS can take many different forms in terms of equipment, protocols, connectivity, cost and automation. This is particularly true of WIDS (Wireless Intrusion Detection Systems) which have many more opportunities and challenges associated with data transmission through an open, shared medium. The operation of a WIDS is a multistep process from...

  1. An Anomaly Detection Scheme Based on DBI-PD Clustering Algorithm%一种基于DBI-PD聚类算法的异常检测机制

    Institute of Scientific and Technical Information of China (English)

    丁姝郁

    2015-01-01

    分析了网络数据维数和检测准确度之间的关系,介绍了常用于入侵检测的聚类分析方法及其优缺点。在此基础上,提出一种以戴维森堡丁指数(DBI)为聚类准则、基于划分和密度方法的聚类算法(DBI-PD)。该方法通过信息增益率(IGR)提取网络数据中对检测攻击最有用的“特征”,并以DBI准则确定最优聚类个数、划分和密度两种聚类分析方法结合使用用于异常检测。提出的基于DBI-PD的异常检测机制能有效避免聚类分析在入侵检测中的“维数灾难”问题、避免无用数据特征干扰,还能改善聚类质量,从而提高检测准确度。%In this paper, the relationship between the dimensions of network data and the detection accuracy is analyzed. In addition, this paper introduces clustering analysis methods which are often used in intrusion detection and compare their advantages and disadvantages. On the basis of that, this paper proposes a partition and density-based clustering algorithm used Davies-Bouldin Index (DBI-PD). DBI-PD method firstly selects the most related features for detection in network data using information gain ratio (IGR), then determines the optimal number of clusters based on DBI, and finally combines the partition and density clustering methods to detect. The DBI-PD based anomaly detection scheme proposed in this paper can effectively avoid the "dimension disaster" problem in clustering analysis, as well as avoid the interferences because of the useless data features. Furthermore, this scheme can improve the clustering quality, so as to improve the accuracy of detection.

  2. Electrometrical Methods Application for Detection of Heating System Pipeline Corrosion

    Science.gov (United States)

    Vetrov, A.; Ilyin, Y.; Isaev, V.; Rondel, A.; Shapovalov, N.

    2004-12-01

    Coated steel underground pipelines are widely used for the petroleum and gaze transportation, for the water and heat supply. The soils, where the pipelines are placed, are usually highly corrosive for pipe's metal. In the places of crippling of external coating the corrosion processes begin, and this can provoke a pipe breakage. To ensure the pipeline survivability it is necessary to carry out the control of pipeline conditions. The geophysical methods are used to provide such diagnostic. Authors have studied the corrosion processes of the municipal heating system pipelines in Saint-Petersburg (Russia) using the air thermal imaging method, the investigation of electromagnetic fields and spontaneous polarization, measurements of electrode potentials of metal tubes. The pipeline reparation works, which have been provided this year, allowed us to make the visual observation of pipes. The investigation object comprises a pipeline composed of two parallel tubes, which are placed 1-2 meters deep. The fact that the Russian Federation and CIS countries still use the direct heat supply system makes impossible any addition of anticorrosion components to circulating water. Pipelines operate under high pressure (up to 5 atm) and high temperature (designed temperature is 150°C). Tube's isolation is meant for heat loss minimization, and ordinary has poor hydro-isolation. Some pipeline construction elements (sliding and fixed bearings, pressure compensators, heat enclosures) are often non-isolated, and tube's metal contacts with soil. Hard usage condition, ingress of technical contamination cause, stray currents etc. cause high accidental rate. Realization of geophysical diagnostics, including electrometry, is hampered in a city by underground communication systems, power lines, isolating ground cover (asphalt), limitation of the working area with buildings. These restrictions form the investigation conditions. In order to detect and localize isolation (coat) defects authors

  3. Design of Secure Distributed Intrusion Detection Systems

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Intrusion Detection System (IDS) have received a great deal of attention because of their excellent ability of preventing network incidents. Recently, many efficient approaches have been proposed to improve detection ability of IDS. While the self-protection ability of IDS is relatively worse and easy to be exploited by attackers, this paper gives a scheme of Securely Distributed Intrusion Detection System (SDIDS). This system adopts special measurements to enforce the security of IDS components. A new secure mechanism combining role-based access control and attribute certificate is used to resist attack to communication.

  4. RoADS: a road pavement monitoring system for anomaly detection using smart phones

    NARCIS (Netherlands)

    Seraj, Fatjon; Zwaag, van der Berend Jan; Dilo, Arta; Luarasi, Tamara; Havinga, Paul; Atzmueller, Martin; Chin, Alvin; Janssen, Frederik; Schweizer, Immanuel; Trattner, Christoph

    2016-01-01

    Monitoring the road pavement is a challenging task. Authorities spend time and finances to monitor the state and quality of the road pavement. This paper investigate road surface monitoring with smartphones equipped with GPS and inertial sensors: accelerometer and gyroscope. In this study we descri

  5. Aeromagnetic anomalies over faulted strata

    Science.gov (United States)

    Grauch, V.J.S.; Hudson, Mark R.

    2011-01-01

    High-resolution aeromagnetic surveys are now an industry standard and they commonly detect anomalies that are attributed to faults within sedimentary basins. However, detailed studies identifying geologic sources of magnetic anomalies in sedimentary environments are rare in the literature. Opportunities to study these sources have come from well-exposed sedimentary basins of the Rio Grande rift in New Mexico and Colorado. High-resolution aeromagnetic data from these areas reveal numerous, curvilinear, low-amplitude (2–15 nT at 100-m terrain clearance) anomalies that consistently correspond to intrasedimentary normal faults (Figure 1). Detailed geophysical and rock-property studies provide evidence for the magnetic sources at several exposures of these faults in the central Rio Grande rift (summarized in Grauch and Hudson, 2007, and Hudson et al., 2008). A key result is that the aeromagnetic anomalies arise from the juxtaposition of magnetically differing strata at the faults as opposed to chemical processes acting at the fault zone. The studies also provide (1) guidelines for understanding and estimating the geophysical parameters controlling aeromagnetic anomalies at faulted strata (Grauch and Hudson), and (2) observations on key geologic factors that are favorable for developing similar sedimentary sources of aeromagnetic anomalies elsewhere (Hudson et al.).

  6. Towards the detecting of pseudo-Hermitian anomalies for negative square masses neutrinos in intensive magnetic fields

    CERN Document Server

    Rodionov, Vasily

    2016-01-01

    One of the primary goals of contemporary physics of neutrinos after discovery of their masses become the investigation of their electromagnetic properties. This is a necessary step for creation of new physics beyond the Standard Model (SM), which no longer can claim the role theory explaining everything phenomenon of the Universe. On this it should draw attention because SM remains consistent local scheme for any value of the masses of particles $0\\leq m <\\infty $. Now the masses of elementary particles can exceed even Planck's mass $m_{Planck}\\simeq 10^{19}GeV$, which is the largest scale mass in the Universe. For solving this problem of studying of electromagnetic interactions of neutrino we suggest use the methods of relativistic quantum theory with the limiting mass $m\\leq M$. The restriction of mass spectrum of fermions can be obtained in the frame of non-Hermitian (pseudo-Hermitian) fermion systems having the direct application to the neutrino physics. The systems of the similar type include so-calle...

  7. Malicious Code Execution Detection and Response Immune System inspired by the Danger Theory

    CERN Document Server

    Kim, Jungwon; Twycross, Jamie; Aickelin, Uwe

    2010-01-01

    The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. We propose the incorporation of this concept into a responsive intrusion detection system, where behavioural information of the system and running processes is combined with information regarding individual system calls.

  8. Semantic Plagiarism Detection System Using Ontology Mapping

    Directory of Open Access Journals (Sweden)

    Manjula Shenoy K

    2012-06-01

    Full Text Available Plagiarism detection can play an important role in detecting stealing of original ideas in papers, journals and internet web sites. Checking these manually is simply impossible nowadays due to existence of large digital repository. Ontology is a way of describing documents semantics. Ontology mapping can resolve semantic heterogeneity in documents. Our paper proposes an automatic system for semantic plagiarism detection based on ontology mapping.

  9. Chiral anomalies and differential geometry

    Energy Technology Data Exchange (ETDEWEB)

    Zumino, B.

    1983-10-01

    Some properties of chiral anomalies are described from a geometric point of view. Topics include chiral anomalies and differential forms, transformation properties of the anomalies, identification and use of the anomalies, and normalization of the anomalies. 22 references. (WHK)

  10. Graph anomalies in cyber communications

    Energy Technology Data Exchange (ETDEWEB)

    Vander Wiel, Scott A [Los Alamos National Laboratory; Storlie, Curtis B [Los Alamos National Laboratory; Sandine, Gary [Los Alamos National Laboratory; Hagberg, Aric A [Los Alamos National Laboratory; Fisk, Michael [Los Alamos National Laboratory

    2011-01-11

    Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

  11. Systemic lupus erythematosus in pregnancy with rare anomaly of rhizomelic chondrodysplasia punctata in baby

    Directory of Open Access Journals (Sweden)

    Alakananda

    2016-06-01

    Full Text Available Rhizomelic means shortening of the bones closest to the body's trunk. Chondrodysplasia refers to malformation (the dysplasia part of the word of the cartilage (the chondro part of the word. Punctata refers to an unusual stippling on the end of the bones that join the shoulders and elbows (the humerus and the top of the leg and the hip (femur. On X-ray an infant's bones look spotty at the ends. Here, we report a case of rhizomelic chondrodysplasia punctate (RCDP in newborn of a known systemic lupus erythematosus (SLE patient. Consent for publication of this rare case for academic benefit has been taken from the patient. [Int J Res Med Sci 2016; 4(6.000: 2461-2463

  12. CN Anomalies in the Halo System and the Origin of Globular Clusters in the Milky Way

    CERN Document Server

    Carollo, Daniela; Beers, Timothy; Freeman, Ken

    2013-01-01

    We explore the kinematics and orbital properties of a sample of red giants in the halo system of the Milky Way that are thought to have formed in globular clusters, based on their anomalously strong UV/blue CN bands. The orbital parameters of the CN-strong halo stars are compared to those of the inner- and outer-halo populations as described by Carollo et al., and to the orbital parameters of globular clusters with well-studied Galactic orbits. The CN-strong field stars and the globular clusters both exhibit kinematics and orbital properties similar to the inner-halo population, indicating that stripped or destroyed globular clusters could be a significant source of inner-halo field stars, and suggesting that both the CN-strong stars and the majority of globular clusters are primarily associated with this population.

  13. Magnetic and magnetodielectric coupling anomalies in the Haldane spin-chain system Nd2BaNiO5

    Directory of Open Access Journals (Sweden)

    Tathamay Basu

    2015-03-01

    Full Text Available We report the magnetic, heat-capacity, dielectric and magnetodielectric (MDE behaviour of a Haldane spin-chain compound containing light rare-earth ion, Nd2BaNiO5, in detail, as a function of temperature (T and magnetic field (H down to 2 K. In addition to the well-known long range antiferromagnetic order setting in at (TN = 48 K as indicated in dc magnetization (M, we have observed another magnetic transition near 10 K; this transition appears to be of a glassy-type which vanishes with a marginal application of external magnetic field (even H = 100 Oe. There are corresponding anomalies in dielectric constant (ε′ as well with variation of T. The isothermal M(H curves at 2 and 5 K reveal the existence of a magnetic-field induced transition around 90 kOe; the isothermal ε′(H also tracks such a metamagnetic transition. These results illustrate the MDE coupling in this compound. Additionally, we observe a strong frequency dependence of a step in ε′(T with this feature appearing around 25-30 K for the lowest frequency of 1 kHz, far below TN. This is attributed to interplay between crystal-field effect and exchange interaction between Nd and Ni, which establishes the sensitivity of dielectric measurements to detect such effects. Interestingly enough, the observed dispersions of the ε′(T curves is essentially H-independent in the entire T-range of measurement, despite the existence of MDE coupling, which is in sharp contrast with other heavy rare-earth members in this series.

  14. Energy Efficient Cluster-Based Intrusion Detection System for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Manal Abdullah

    2014-09-01

    Full Text Available Wireless sensor networks (WSNs are network type where sensors are used to collect physical measurements. It has many application areas such as healthcare, weather monitoring and even military applications. Security in this kind of networks is a big concern especially in the applications that required confidentiality and privacy. Therefore, providing a WSN with an intrusion detection system is essential to protect its security from different types of intrusions, cyber-attacks and random faults. Clustering has proven its efficiency in prolong the node as well as the whole WSN lifetime. In this paper we have designed an Intrusion Detection (ID system based on Stable Election Protocol (SEP for clustered heterogeneous WSNs. The benefit of using SEP is that it is a heterogeneous-aware protocol to prolong the time interval before the death of the first node. KDD Cup’99 data set is used as the training data and test data. After normalizing our dataset, we trained the system to detect four types of attacks which are Probe, Dos, U2R and R2L, using 18 features out of the 42 features available in KDD Cup'99 dataset. The research used the K-nearest neighbour (KNN classifier for anomaly detection. The experiments determine K = 5 for best classification and this reveals recognition rate of attacks as 75%. Results are compared with KNN classifier for anomaly detection without using a clustering algorithm.

  15. Means and methods used to check radiation detection, signalling and alarm devices in the centralized environment control systems of the INB of CEN-Saclay

    International Nuclear Information System (INIS)

    Having reviewed the prescribed technical measures concerning 'systematic environment controls' in INB (Installations nucleaires de base - basic nuclear facilities) and published in the J.O. (French Official Journal) the authors briefly describe the main radiation detection, signalling and alarm systems at present installed in INB of CEN-Saclay and weigh up the extent to which their characteristics comply with the statutory texts. They then develop the means and methods set up to check on the good working order of these devices which are integrated in centralised one-piece modular analogue or informatics type control systems possible functioning anomalies being classed in two categories: logic type anomalies corresonding to a straightforward breakdown where detection is permanent; developing anomalies corresponding to poor functioning where detection requires a more critical and periodic control. The authors demonstrate the advantages offered by centralised computer type control systems

  16. Computer aided detection system for clustered microcalcifications

    Science.gov (United States)

    Ge, Jun; Hadjiiski, Lubomir M.; Sahiner, Berkman; Wei, Jun; Helvie, Mark A.; Zhou, Chuan; Chan, Heang-Ping

    2009-01-01

    We have developed a computer-aided detection (CAD) system to detect clustered microcalcification automatically on full-field digital mammograms (FFDMs) and a CAD system for screen-film mammograms (SFMs). The two systems used the same computer vision algorithms but their false positive (FP) classifiers were trained separately with sample images of each modality. In this study, we compared the performance of the CAD systems for detection of clustered microcalcifications on pairs of FFDM and SFM obtained from the same patient. For case-based performance evaluation, the FFDM CAD system achieved detection sensitivities of 70%, 80%, and 90% at an average FP cluster rate of 0.07, 0.16, and 0.63 per image, compared with an average FP cluster rate of 0.15, 0.38, and 2.02 per image for the SFM CAD system. The difference was statistically significant with the alternative free-response receiver operating characteristic (AFROC) analysis. When evaluated on data sets negative for microcalcification clusters, the average FP cluster rates of the FFDM CAD system were 0.04, 0.11, and 0.33 per image at detection sensitivity level of 70%, 80%, and 90%, compared with an average FP cluster rate of 0.08, 0.14, and 0.50 per image for the SFM CAD system. When evaluated for malignant cases only, the difference of the performance of the two CAD systems was not statistically significant with AFROC analysis. PMID:17264365

  17. Computer systems for automatic earthquake detection

    Science.gov (United States)

    Stewart, S.W.

    1974-01-01

    U.S Geological Survey seismologists in Menlo park, California, are utilizing the speed, reliability, and efficiency of minicomputers to monitor seismograph stations and to automatically detect earthquakes. An earthquake detection computer system, believed to be the only one of its kind in operation, automatically reports about 90 percent of all local earthquakes recorded by a network of over 100 central California seismograph stations. The system also monitors the stations for signs of malfunction or abnormal operation. Before the automatic system was put in operation, all of the earthquakes recorded had to be detected by manually searching the records, a time-consuming process. With the automatic detection system, the stations are efficiently monitored continuously. 

  18. IMPROVING CAUSE DETECTION SYSTEMS WITH ACTIVE LEARNING

    Data.gov (United States)

    National Aeronautics and Space Administration — IMPROVING CAUSE DETECTION SYSTEMS WITH ACTIVE LEARNING ISAAC PERSING AND VINCENT NG Abstract. Active learning has been successfully applied to many natural language...

  19. Testing Of Network Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Jagadeep Vegunta

    2011-11-01

    Full Text Available Network based intrusion detection system use the models of attacks to identify intrusive behavior ability of systems to detect attacks by quality of models which are called signatures. Some attacks exploits in different ways. For this reason we use testing tools that able to detect goodness of signatures. This technique describes test and evaluate misuse detection models in the case of network-based intrusion detection systems. we use Mutant Exploits are working against vulnerability applications. This mutant exploit is based on mechanism to generate large no. of exploit by applying mutant operators. The results of the systems in detecting these variations pro-vide a quantitative basis for the evaluation of the quality of the corresponding detection model. but here we are going to find defects of this testing and is this test will provide 100% security for this system (or not. and also which technique gives much security among these techniques fuzzy logic, neural networks, hybrid fuzzy and neural networks, naïve bayes, genetic algorithms and data mining.

  20. The effects of sea surface temperature anomalies on oceanic coral reef systems in the southwestern tropical Atlantic

    Science.gov (United States)

    Ferreira, B. P.; Costa, M. B. S. F.; Coxey, M. S.; Gaspar, A. L. B.; Veleda, D.; Araujo, M.

    2013-06-01

    In 2010, high sea surface temperatures that were recorded in several parts of the world and caused coral bleaching and coral mortality were also recorded in the southwest Atlantic Ocean, between latitudes 0°S and 8°S. This paper reports on coral bleaching and diseases in Rocas Atoll and Fernando de Noronha archipelago and examines their relationship with sea surface temperature (SST) anomalies recorded by PIRATA buoys located at 8°S30°W, 0°S35°W, and 0°S23°W. Adjusted satellite data were used to derive SST climatological means at buoy sites and to derive anomalies at reef sites. The whole region was affected by the elevated temperature anomaly that persisted through 2010, reaching 1.67 °C above average at reef sites and 1.83 °C above average at buoys sites. A significant positive relationship was found between the percentage of coral bleaching that was observed on reef formations and the corresponding HotSpot SST anomaly recorded by both satellite and buoys. These results indicate that the warming observed in the ocean waters was followed by a warming at the reefs. The percentage of bleached corals persisting after the subsidence of the thermal stress, and disease prevalence increased through 2010, after two periods of thermal stress. The in situ temperature anomaly observed during the 2009-2010 El Niño event was equivalent to the anomaly observed during the 1997-1998 El Niño event, explaining similar bleaching intensity. Continued monitoring efforts are necessary to further assess the relationship between bleaching severity and PIRATA SST anomalies and improve the use of this new dataset in future regional bleaching predictions.