Profile-based adaptive anomaly detection for network security.

Energy Technology Data Exchange (ETDEWEB)

Zhang, Pengchu C. (Sandia National Laboratories, Albuquerque, NM); Durgin, Nancy Ann

2005-11-01

As information systems become increasingly complex and pervasive, they become inextricably intertwined with the critical infrastructure of national, public, and private organizations. The problem of recognizing and evaluating threats against these complex, heterogeneous networks of cyber and physical components is a difficult one, yet a solution is vital to ensuring security. In this paper we investigate profile-based anomaly detection techniques that can be used to address this problem. We focus primarily on the area of network anomaly detection, but the approach could be extended to other problem domains. We investigate using several data analysis techniques to create profiles of network hosts and perform anomaly detection using those profiles. The ''profiles'' reduce multi-dimensional vectors representing ''normal behavior'' into fewer dimensions, thus allowing pattern and cluster discovery. New events are compared against the profiles, producing a quantitative measure of how ''anomalous'' the event is. Most network intrusion detection systems (IDSs) detect malicious behavior by searching for known patterns in the network traffic. This approach suffers from several weaknesses, including a lack of generalizability, an inability to detect stealthy or novel attacks, and lack of flexibility regarding alarm thresholds. Our research focuses on enhancing current IDS capabilities by addressing some of these shortcomings. We identify and evaluate promising techniques for data mining and machine-learning. The algorithms are ''trained'' by providing them with a series of data-points from ''normal'' network traffic. A successful algorithm can be trained automatically and efficiently, will have a low error rate (low false alarm and miss rates), and will be able to identify anomalies in ''pseudo real-time'' (i.e., while the intrusion is still in progress

An Integrated Intrusion Detection Model of Cluster-Based Wireless Sensor Network.

Science.gov (United States)

Sun, Xuemei; Yan, Bo; Zhang, Xinzhong; Rong, Chuitian

2015-01-01

Considering wireless sensor network characteristics, this paper combines anomaly and mis-use detection and proposes an integrated detection model of cluster-based wireless sensor network, aiming at enhancing detection rate and reducing false rate. Adaboost algorithm with hierarchical structures is used for anomaly detection of sensor nodes, cluster-head nodes and Sink nodes. Cultural-Algorithm and Artificial-Fish-Swarm-Algorithm optimized Back Propagation is applied to mis-use detection of Sink node. Plenty of simulation demonstrates that this integrated model has a strong performance of intrusion detection.

Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

KAUST Repository

Wang, Wei; Guyet, Thomas; Quiniou, René ; Cordier, Marie-Odile; Masseglia, Florent; Zhang, Xiangliang

2014-01-01

In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.

Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

KAUST Repository

Wang, Wei

2014-06-22

In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.

Anomaly based intrusion detection for a biometric identification system using neural networks

CSIR Research Space (South Africa)

Mgabile, T

2012-10-01

Full Text Available detection technique that analyses the fingerprint biometric network traffic for evidence of intrusion. The neural network algorithm that imitates the way a human brain works is used in this study to classify normal traffic and learn the correct traffic...

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

NARCIS (Netherlands)

Bolzoni, D.; Crispo, Bruno; Etalle, Sandro

2007-01-01

We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network

Multilayer Statistical Intrusion Detection in Wireless Networks

Science.gov (United States)

Hamdi, Mohamed; Meddeb-Makhlouf, Amel; Boudriga, Noureddine

2008-12-01

The rapid proliferation of mobile applications and services has introduced new vulnerabilities that do not exist in fixed wired networks. Traditional security mechanisms, such as access control and encryption, turn out to be inefficient in modern wireless networks. Given the shortcomings of the protection mechanisms, an important research focuses in intrusion detection systems (IDSs). This paper proposes a multilayer statistical intrusion detection framework for wireless networks. The architecture is adequate to wireless networks because the underlying detection models rely on radio parameters and traffic models. Accurate correlation between radio and traffic anomalies allows enhancing the efficiency of the IDS. A radio signal fingerprinting technique based on the maximal overlap discrete wavelet transform (MODWT) is developed. Moreover, a geometric clustering algorithm is presented. Depending on the characteristics of the fingerprinting technique, the clustering algorithm permits to control the false positive and false negative rates. Finally, simulation experiments have been carried out to validate the proposed IDS.

On Emulation-Based Network Intrusion Detection Systems

NARCIS (Netherlands)

Abbasi, Ali; Wetzel, Jos; Bokslag, Wouter; Zambon, Emmanuele; Etalle, Sandro

2014-01-01

Emulation-based network intrusion detection systems have been devised to detect the presence of shellcode in network traffic by trying to execute (portions of) the network packet payloads in an in- strumented environment and checking the execution traces for signs of shellcode activity.

On emulation-based network intrusion detection systems

NARCIS (Netherlands)

Abbasi, A.; Wetzels, J.; Bokslag, W.; Zambon, E.; Etalle, S.; Stavrou, A.; Bos, H.; Portokalidis, G.

2014-01-01

Emulation-based network intrusion detection systems have been devised to detect the presence of shellcode in network traffic by trying to execute (portions of) the network packet payloads in an instrumented environment and checking the execution traces for signs of shellcode activity.

Combining Host-based and network-based intrusion detection system

African Journals Online (AJOL)

These attacks were simulated using hping. The proposed system is implemented in Java. The results show that the proposed system is able to detect attacks both from within (host-based) and outside sources (network-based). Key Words: Intrusion Detection System (IDS), Host-based, Network-based, Signature, Security log.

Neural Network Based Intrusion Detection System for Critical Infrastructures

Energy Technology Data Exchange (ETDEWEB)

Todd Vollmer; Ondrej Linda; Milos Manic

2009-07-01

Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recorded from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.

Towards Reliable Evaluation of Anomaly-Based Intrusion Detection Performance

Science.gov (United States)

Viswanathan, Arun

2012-01-01

This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this

Computational neural network regression model for Host based Intrusion Detection System

Directory of Open Access Journals (Sweden)

Sunil Kumar Gautam

2016-09-01

Full Text Available The current scenario of information gathering and storing in secure system is a challenging task due to increasing cyber-attacks. There exists computational neural network techniques designed for intrusion detection system, which provide security to single machine and entire network's machine. In this paper, we have used two types of computational neural network models, namely, Generalized Regression Neural Network (GRNN model and Multilayer Perceptron Neural Network (MPNN model for Host based Intrusion Detection System using log files that are generated by a single personal computer. The simulation results show correctly classified percentage of normal and abnormal (intrusion class using confusion matrix. On the basis of results and discussion, we found that the Host based Intrusion Systems Model (HISM significantly improved the detection accuracy while retaining minimum false alarm rate.

Cellular Neural Network-Based Methods for Distributed Network Intrusion Detection

Directory of Open Access Journals (Sweden)

Kang Xie

2015-01-01

Full Text Available According to the problems of current distributed architecture intrusion detection systems (DIDS, a new online distributed intrusion detection model based on cellular neural network (CNN was proposed, in which discrete-time CNN (DTCNN was used as weak classifier in each local node and state-controlled CNN (SCCNN was used as global detection method, respectively. We further proposed a new method for design template parameters of SCCNN via solving Linear Matrix Inequality. Experimental results based on KDD CUP 99 dataset show its feasibility and effectiveness. Emerging evidence has indicated that this new approach is affordable to parallelism and analog very large scale integration (VLSI implementation which allows the distributed intrusion detection to be performed better.

The state of the art in intrusion prevention and detection

CERN Document Server

Pathan, Al-Sakib Khan

2013-01-01

The State of the Art in Intrusion Prevention and Detection analyzes the latest trends and issues surrounding intrusion detection systems in computer networks, especially in communications networks. Its broad scope of coverage includes wired, wireless, and mobile networks; next-generation converged networks; and intrusion in social networks.Presenting cutting-edge research, the book presents novel schemes for intrusion detection and prevention. It discusses tracing back mobile attackers, secure routing with intrusion prevention, anomaly detection, and AI-based techniques. It also includes infor

Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2017-01-01

To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which are utili......To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which...... are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we...... of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate...

Apriori-based network intrusion detection system

International Nuclear Information System (INIS)

Wang Wenjin; Liu Junrong; Liu Baoxu

2012-01-01

With the development of network communication technology, more and more social activities run by Internet. In the meantime, the network information security is getting increasingly serious. Intrusion Detection System (IDS) has greatly improved the general security level of whole network. But there are still many problem exists in current IDS, e.g. high leak rate detection/false alarm rates and feature library need frequently upgrade. This paper presents an association-rule based IDS. This system can detect unknown attack by generate rules from training data. Experiment in last chapter proved the system has great accuracy on unknown attack detection. (authors)

Intrusion detection in wireless ad-hoc networks

CERN Document Server

Chaki, Nabendu

2014-01-01

Presenting cutting-edge research, Intrusion Detection in Wireless Ad-Hoc Networks explores the security aspects of the basic categories of wireless ad-hoc networks and related application areas. Focusing on intrusion detection systems (IDSs), it explains how to establish security solutions for the range of wireless networks, including mobile ad-hoc networks, hybrid wireless networks, and sensor networks.This edited volume reviews and analyzes state-of-the-art IDSs for various wireless ad-hoc networks. It includes case studies on honesty-based intrusion detection systems, cluster oriented-based

AdaBoost-based algorithm for network intrusion detection.

Science.gov (United States)

Hu, Weiming; Hu, Wei; Maybank, Steve

2008-04-01

Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.

Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM

Science.gov (United States)

Ganapathy, S.; Yogesh, P.; Kannan, A.

2012-01-01

Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set. PMID:23056036

Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection.

Science.gov (United States)

Hu, Weiming; Gao, Jun; Wang, Yanguo; Wu, Ou; Maybank, Stephen

2014-01-01

Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two online Adaboost-based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.

Alerts Analysis and Visualization in Network-based Intrusion Detection Systems

Energy Technology Data Exchange (ETDEWEB)

Yang, Dr. Li [University of Tennessee

2010-08-01

The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. The second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker s behaviors.

Efficient Mining and Detection of Sequential Intrusion Patterns for Network Intrusion Detection Systems

Science.gov (United States)

Shyu, Mei-Ling; Huang, Zifang; Luo, Hongli

In recent years, pervasive computing infrastructures have greatly improved the interaction between human and system. As we put more reliance on these computing infrastructures, we also face threats of network intrusion and/or any new forms of undesirable IT-based activities. Hence, network security has become an extremely important issue, which is closely connected with homeland security, business transactions, and people's daily life. Accurate and efficient intrusion detection technologies are required to safeguard the network systems and the critical information transmitted in the network systems. In this chapter, a novel network intrusion detection framework for mining and detecting sequential intrusion patterns is proposed. The proposed framework consists of a Collateral Representative Subspace Projection Modeling (C-RSPM) component for supervised classification, and an inter-transactional association rule mining method based on Layer Divided Modeling (LDM) for temporal pattern analysis. Experiments on the KDD99 data set and the traffic data set generated by a private LAN testbed show promising results with high detection rates, low processing time, and low false alarm rates in mining and detecting sequential intrusion detections.

Alerts Visualization and Clustering in Network-based Intrusion Detection

Energy Technology Data Exchange (ETDEWEB)

Yang, Dr. Li [University of Tennessee; Gasior, Wade C [ORNL; Dasireddy, Swetha [University of Tennessee

2010-04-01

Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes it less effective. We propose a system which takes both raw data and Snort alerts to visualize and analyze possible intrusions in a network. Then we present with two models for the visualization of clustered alerts. Our first model gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. In the second model, flocking model, presents the network administrator with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.

A two-stage flow-based intrusion detection model for next-generation networks.

Science.gov (United States)

Umer, Muhammad Fahad; Sher, Muhammad; Bi, Yaxin

2018-01-01

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.

Ensemble regression model-based anomaly detection for cyber-physical intrusion detection in smart grids

DEFF Research Database (Denmark)

Kosek, Anna Magdalena; Gehrke, Oliver

2016-01-01

The shift from centralised large production to distributed energy production has several consequences for current power system operation. The replacement of large power plants by growing numbers of distributed energy resources (DERs) increases the dependency of the power system on small scale......, distributed production. Many of these DERs can be accessed and controlled remotely, posing a cybersecurity risk. This paper investigates an intrusion detection system which evaluates the DER operation in order to discover unauthorized control actions. The proposed anomaly detection method is based...

Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

NARCIS (Netherlands)

Bolzoni, D.; Etalle, Sandro

2008-01-01

We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the

Research on intrusion detection based on Kohonen network and support vector machine

Science.gov (United States)

Shuai, Chunyan; Yang, Hengcheng; Gong, Zeweiyi

2018-05-01

In view of the problem of low detection accuracy and the long detection time of support vector machine, which directly applied to the network intrusion detection system. Optimization of SVM parameters can greatly improve the detection accuracy, but it can not be applied to high-speed network because of the long detection time. a method based on Kohonen neural network feature selection is proposed to reduce the optimization time of support vector machine parameters. Firstly, this paper is to calculate the weights of the KDD99 network intrusion data by Kohonen network and select feature by weight. Then, after the feature selection is completed, genetic algorithm (GA) and grid search method are used for parameter optimization to find the appropriate parameters and classify them by support vector machines. By comparing experiments, it is concluded that feature selection can reduce the time of parameter optimization, which has little influence on the accuracy of classification. The experiments suggest that the support vector machine can be used in the network intrusion detection system and reduce the missing rate.

Ensemble of classifiers based network intrusion detection system performance bound

CSIR Research Space (South Africa)

Mkuzangwe, Nenekazi NP

2017-11-01

Full Text Available This paper provides a performance bound of a network intrusion detection system (NIDS) that uses an ensemble of classifiers. Currently researchers rely on implementing the ensemble of classifiers based NIDS before they can determine the performance...

Deconstructing the Assessment of Anomaly-based Intrusion Detectors for Critical Applications

Energy Technology Data Exchange (ETDEWEB)

Viswanathan, Arun; Tan, Kymie; Neuman, Clifford

2013-10-01

Anomaly detection is a key strategy for cyber intrusion detection because it is conceptually capable of detecting novel attacks. This makes it an appealing defensive technique for environments such as the nation's critical infrastructures that is currently facing increased cyber adversarial activity. When considering deployment within the purview of such critical infrastructures it is imperative that the technology is well understood and reliable, where its performance is benchmarked on the results of principled assessments. This paper works towards such an imperative by analyzing the current state of anomaly detector assessments with a view toward mission critical deployments. We compile a framework of key evaluation constructs that identify how and where current assessment methods may fall short in providing sufficient insight into detector performance characteristics. Within the context of three case studies from literature, we show how error factors that influence the performance of detectors interact with different phases of a canonical evaluation strategy to compromise the integrity of the final results.

Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks

Science.gov (United States)

Zhang, Huibin; Wang, Yuqiao; Chen, Haoran; Zhao, Yongli; Zhang, Jie

2017-12-01

In software defined optical networks (SDON), the centralized control plane may encounter numerous intrusion threatens which compromise the security level of provisioned services. In this paper, the issue of control plane security is studied and two machine-learning-based control plane intrusion detection techniques are proposed for SDON with properly selected features such as bandwidth, route length, etc. We validate the feasibility and efficiency of the proposed techniques by simulations. Results show an accuracy of 83% for intrusion detection can be achieved with the proposed machine-learning-based control plane intrusion detection techniques.

Network Intrusion Dataset Assessment

Science.gov (United States)

2013-03-01

International Conference on Computational Intelligence and Natural Computing, volume 2, pages 413–416, June 2009. • Rung Ching Chen, Kai -Fan Cheng, and...Chia-Fen Hsieh . “Using rough set and support vector machine for network intrusion detection.” International Journal of Network Security & Its...intrusion detection using FP tree rules.” Journal Of Advanced Networking and Applications, 1(1):30–39, 2009. • Ming-Yang Su, Gwo-Jong Yu , and Chun-Yuen

Attack Pattern Analysis Framework for a Multiagent Intrusion Detection System

Directory of Open Access Journals (Sweden)

Krzysztof Juszczyszyn

2008-08-01

Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.

A Protocol Layer Trust-Based Intrusion Detection Scheme for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jian Wang

2017-05-01

Full Text Available This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks.

Fuzzy Based Advanced Hybrid Intrusion Detection System to Detect Malicious Nodes in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Rupinder Singh

2017-01-01

Full Text Available In this paper, an Advanced Hybrid Intrusion Detection System (AHIDS that automatically detects the WSNs attacks is proposed. AHIDS makes use of cluster-based architecture with enhanced LEACH protocol that intends to reduce the level of energy consumption by the sensor nodes. AHIDS uses anomaly detection and misuse detection based on fuzzy rule sets along with the Multilayer Perceptron Neural Network. The Feed Forward Neural Network along with the Backpropagation Neural Network are utilized to integrate the detection results and indicate the different types of attackers (i.e., Sybil attack, wormhole attack, and hello flood attack. For detection of Sybil attack, Advanced Sybil Attack Detection Algorithm is developed while the detection of wormhole attack is done by Wormhole Resistant Hybrid Technique. The detection of hello flood attack is done by using signal strength and distance. An experimental analysis is carried out in a set of nodes; 13.33% of the nodes are determined as misbehaving nodes, which classified attackers along with a detection rate of the true positive rate and false positive rate. Sybil attack is detected at a rate of 99,40%; hello flood attack has a detection rate of 98, 20%; and wormhole attack has a detection rate of 99, 20%.

Anomaly detection in wide area network mesh using two machine learning anomaly detection algorithms

OpenAIRE

Zhang, James; Vukotic, Ilija; Gardner, Robert

2018-01-01

Anomaly detection is the practice of identifying items or events that do not conform to an expected behavior or do not correlate with other items in a dataset. It has previously been applied to areas such as intrusion detection, system health monitoring, and fraud detection in credit card transactions. In this paper, we describe a new method for detecting anomalous behavior over network performance data, gathered by perfSONAR, using two machine learning algorithms: Boosted Decision Trees (BDT...

Investigating the Influence of Special On–Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Directory of Open Access Journals (Sweden)

Wenjuan Li

2018-01-01

Full Text Available Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN has thus been developed by allowing intrusion detection system (IDS nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.

A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks

Directory of Open Access Journals (Sweden)

Muhammad Hilmi Kamarudin

2017-01-01

Full Text Available The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification. Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR coupled with Euclidean Distance Analysis (EDA and the Chebyshev Inequality Theorem (CIT to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB is employed alongside Random Forest (RF as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.

Network traffic anomaly prediction using Artificial Neural Network

Science.gov (United States)

Ciptaningtyas, Hening Titi; Fatichah, Chastine; Sabila, Altea

2017-03-01

As the excessive increase of internet usage, the malicious software (malware) has also increase significantly. Malware is software developed by hacker for illegal purpose(s), such as stealing data and identity, causing computer damage, or denying service to other user[1]. Malware which attack computer or server often triggers network traffic anomaly phenomena. Based on Sophos's report[2], Indonesia is the riskiest country of malware attack and it also has high network traffic anomaly. This research uses Artificial Neural Network (ANN) to predict network traffic anomaly based on malware attack in Indonesia which is recorded by Id-SIRTII/CC (Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center). The case study is the highest malware attack (SQL injection) which has happened in three consecutive years: 2012, 2013, and 2014[4]. The data series is preprocessed first, then the network traffic anomaly is predicted using Artificial Neural Network and using two weight update algorithms: Gradient Descent and Momentum. Error of prediction is calculated using Mean Squared Error (MSE) [7]. The experimental result shows that MSE for SQL Injection is 0.03856. So, this approach can be used to predict network traffic anomaly.

Autonomous Rule Creation for Intrusion Detection

Energy Technology Data Exchange (ETDEWEB)

Todd Vollmer; Jim Alves-Foss; Milos Manic

2011-04-01

Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system.

APHRODITE: an Anomaly-based Architecture for False Positive Reduction

NARCIS (Netherlands)

Bolzoni, D.; Etalle, Sandro

We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial

Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2017-01-01

Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed...... network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may...... result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way...

Proposed Network Intrusion Detection System ‎In Cloud Environment Based on Back ‎Propagation Neural Network

Directory of Open Access Journals (Sweden)

Shawq Malik Mehibs

2017-12-01

Full Text Available Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over the internet. This low-cost service fulfills the basic requirements of users. Because of the open nature and services introduced by cloud computing intruders impersonate legitimate users and misuse cloud resource and services. To detect intruders and suspicious activities in and around the cloud computing environment, intrusion detection system used to discover the illegitimate users and suspicious action by monitors different user activities on the network .this work proposed based back propagation artificial neural network to construct t network intrusion detection in the cloud environment. The proposed module evaluated with kdd99 dataset the experimental results shows promising approach to detect attack with high detection rate and low false alarm rate

A Neuro-genetic Based Short-term Forecasting Framework for Network Intrusion Prediction System

Institute of Scientific and Technical Information of China (English)

Siva S. Sivatha Sindhu; S. Geetha; M. Marikannan; A. Kannan

2009-01-01

Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system (IDS) is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference (KDD 2009) intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS (NGIDS) involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this

Feature selection for anomaly–based network intrusion detection using cluster validity indices

CSIR Research Space (South Africa)

Naidoo, T

2015-09-01

Full Text Available for Anomaly–Based Network Intrusion Detection Using Cluster Validity Indices Tyrone Naidoo_, Jules–Raymond Tapamoy, Andre McDonald_ Modelling and Digital Science, Council for Scientific and Industrial Research, South Africa 1tnaidoo2@csir.co.za 3...

A Frequency-Based Approach to Intrusion Detection

Directory of Open Access Journals (Sweden)

Mian Zhou

2004-06-01

Full Text Available Research on network security and intrusion detection strategies presents many challenging issues to both theoreticians and practitioners. Hackers apply an array of intrusion and exploit techniques to cause disruption of normal system operations, but on the defense, firewalls and intrusion detection systems (IDS are typically only effective in defending known intrusion types using their signatures, and are far less than mature when faced with novel attacks. In this paper, we adapt the frequency analysis techniques such as the Discrete Fourier Transform (DFT used in signal processing to the design of intrusion detection algorithms. We demonstrate the effectiveness of the frequency-based detection strategy by running synthetic network intrusion data in simulated networks using the OPNET software. The simulation results indicate that the proposed intrusion detection strategy is effective in detecting anomalous traffic data that exhibit patterns over time, which include several types of DOS and probe attacks. The significance of this new strategy is that it does not depend on the prior knowledge of attack signatures, thus it has the potential to be a useful supplement to existing signature-based IDS and firewalls.

Data Fusion for Network Intrusion Detection: A Review

Directory of Open Access Journals (Sweden)

Guoquan Li

2018-01-01

Full Text Available Rapid progress of networking technologies leads to an exponential growth in the number of unauthorized or malicious network actions. As a component of defense-in-depth, Network Intrusion Detection System (NIDS has been expected to detect malicious behaviors. Currently, NIDSs are implemented by various classification techniques, but these techniques are not advanced enough to accurately detect complex or synthetic attacks, especially in the situation of facing massive high-dimensional data. Besides, the inherent defects of NIDSs, namely, high false alarm rate and low detection rate, have not been effectively solved. In order to solve these problems, data fusion (DF has been applied into network intrusion detection and has achieved good results. However, the literature still lacks thorough analysis and evaluation on data fusion techniques in the field of intrusion detection. Therefore, it is necessary to conduct a comprehensive review on them. In this article, we focus on DF techniques for network intrusion detection and propose a specific definition to describe it. We review the recent advances of DF techniques and propose a series of criteria to compare their performance. Finally, based on the results of the literature review, a number of open issues and future research directions are proposed at the end of this work.

Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders

Directory of Open Access Journals (Sweden)

Yang Yu

2017-01-01

Full Text Available Network intrusion detection is one of the most important parts for cyber security to protect computer systems against malicious attacks. With the emergence of numerous sophisticated and new attacks, however, network intrusion detection techniques are facing several significant challenges. The overall objective of this study is to learn useful feature representations automatically and efficiently from large amounts of unlabeled raw network traffic data by using deep learning approaches. We propose a novel network intrusion model by stacking dilated convolutional autoencoders and evaluate our method on two new intrusion detection datasets. Several experiments were carried out to check the effectiveness of our approach. The comparative experimental results demonstrate that the proposed model can achieve considerably high performance which meets the demand of high accuracy and adaptability of network intrusion detection systems (NIDSs. It is quite potential and promising to apply our model in the large-scale and real-world network environments.

Inefficiency of IDS Static Anomaly Detectors in Real-World Networks

Directory of Open Access Journals (Sweden)

Edward Guillen

2015-05-01

Full Text Available A wide range of IDS implementations with anomaly detection modules have been deployed. In general, those modules depend on intrusion knowledge databases, such as Knowledge Discovery Dataset (KDD99, Center for Applied Internet Data Analysis (CAIDA or Community Resource for Archiving Wireless Data at Dartmouth (CRAWDAD, among others. Once the database is analyzed and a machine learning method is employed to generate detectors, some classes of new detectors are created. Thereafter, detectors are supposed to be deployed in real network environments in order to achieve detection with good results for false positives and detection rates. Since the traffic behavior is quite different according to the user’s network activities over available services, restrictions and applications, it is supposed that behavioral-based detectors are not well suited to all kind of networks. This paper presents the differences of detection results between some network scenarios by applying traditional detectors that were calculated with artificial neural networks. The same detector is deployed in different scenarios to measure the efficiency or inefficiency of static training detectors.

Toward Bulk Synchronous Parallel-Based Machine Learning Techniques for Anomaly Detection in High-Speed Big Data Networks

Directory of Open Access Journals (Sweden)

Kamran Siddique

2017-09-01

Full Text Available Anomaly detection systems, also known as intrusion detection systems (IDSs, continuously monitor network traffic aiming to identify malicious actions. Extensive research has been conducted to build efficient IDSs emphasizing two essential characteristics. The first is concerned with finding optimal feature selection, while another deals with employing robust classification schemes. However, the advent of big data concepts in anomaly detection domain and the appearance of sophisticated network attacks in the modern era require some fundamental methodological revisions to develop IDSs. Therefore, we first identify two more significant characteristics in addition to the ones mentioned above. These refer to the need for employing specialized big data processing frameworks and utilizing appropriate datasets for validating system’s performance, which is largely overlooked in existing studies. Afterwards, we set out to develop an anomaly detection system that comprehensively follows these four identified characteristics, i.e., the proposed system (i performs feature ranking and selection using information gain and automated branch-and-bound algorithms respectively; (ii employs logistic regression and extreme gradient boosting techniques for classification; (iii introduces bulk synchronous parallel processing to cater computational requirements of high-speed big data networks; and; (iv uses the Infromation Security Centre of Excellence, of the University of Brunswick real-time contemporary dataset for performance evaluation. We present experimental results that verify the efficacy of the proposed system.

Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation

Directory of Open Access Journals (Sweden)

Basant Subba

2016-06-01

Full Text Available Present Intrusion Detection Systems (IDSs for MANETs require continuous monitoring which leads to rapid depletion of a node's battery life. To address this issue, we propose a new IDS scheme comprising a novel cluster leader election process and a hybrid IDS. The cluster leader election process uses the Vickrey–Clarke–Groves mechanism to elect the cluster leader which provides the intrusion detection service. The hybrid IDS comprises a threshold based lightweight module and a powerful anomaly based heavyweight module. Initially, only the lightweight module is activated. The decision to activate the heavyweight module is taken by modeling the intrusion detection process as an incomplete information non-cooperative game between the elected leader node and the potential malicious node. Simulation results show that the proposed scheme significantly reduces the IDS traffic and overall power consumption in addition to maintaining a high detection rate and accuracy.

Reading between the fields: practical, effective intrusion detection for industrial control systems

NARCIS (Netherlands)

Yüksel, Ömer; den Hartog, Jeremy; Etalle, Sandro

2016-01-01

Detection of previously unknown attacks and malicious messages is a challenging problem faced by modern network intrusion detection systems. Anomaly-based solutions, despite being able to detect unknown attacks, have not been used often in practice due to their high false positive rate, and because

A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks.

Science.gov (United States)

Ma, Tao; Wang, Fen; Cheng, Jianjun; Yu, Yang; Chen, Xiaoyun

2016-10-13

The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

Abstracting massive data for lightweight intrusion detection in computer networks

KAUST Repository

Wang, Wei

2016-10-15

Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional . k-means, are employed to find the exemplars from the audit data. . k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD\\'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.

Scalable High-Performance Parallel Design for Network Intrusion Detection Systems on Many-Core Processors

OpenAIRE

Jiang, Hayang; Xie, Gaogang; Salamatian, Kavé; Mathy, Laurent

2013-01-01

Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. ...

SOOA: Exploring Special On-Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2017-01-01

The development of collaborative intrusion detection networks (CIDNs) aims to enhance the performance of a single intrusion detection system (IDS), through communicating and collecting information from other IDS nodes. To defend CIDNs against insider attacks, trust-based mechanisms are crucial...... and render CIDNs still vulnerable to advanced insider attacks in a practical deployment. In this paper, our motivation is to investigate the effect of On-Off attacks on challenge-based CIDNs. In particular, as a study, we explore a special On-Off attack (called SOOA), which can keep responding normally...... to one node while acting abnormally to another node. In the evaluation, we explore the attack performance under simulated CIDN environments. Experimental results indicate that our attack can interfere the effectiveness of trust computation for CIDN nodes....

Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks

OpenAIRE

Garofalo, Mauro

2017-01-01

The Cisco VNI Complete Forecast Highlights clearly states that the Internet traffic is growing in three different directions, Volume, Velocity, and Variety, bringing computer network into the big data era. At the same time, sophisticated network attacks are growing exponentially. Such growth making the existing signature-based security tools, like firewall and traditional intrusion detection systems, ineffective against new kind of attacks or variations of known attacks. In this dissertati...

Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system

OpenAIRE

Kokkonen, Tero

2016-01-01

Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same time it offers many possible attack vectors that can be abused for cyber vandalism, cyber crime, cyber espionage or cyber terrorism. Those threats produce requirements for cyber security situational awareness and intrusion detection capability. This dissertation conc...

Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network

Directory of Open Access Journals (Sweden)

Matti Mantere

2013-09-01

Full Text Available The deterministic and restricted nature of industrial control system networks sets them apart from more open networks, such as local area networks in office environments. This improves the usability of network security, monitoring approaches that would be less feasible in more open environments. One of such approaches is machine learning based anomaly detection. Without proper customization for the special requirements of the industrial control system network environment, many existing anomaly or misuse detection systems will perform sub-optimally. A machine learning based approach could reduce the amount of manual customization required for different industrial control system networks. In this paper we analyze a possible set of features to be used in a machine learning based anomaly detection system in the real world industrial control system network environment under investigation. The network under investigation is represented by architectural drawing and results derived from network trace analysis. The network trace is captured from a live running industrial process control network and includes both control data and the data flowing between the control network and the office network. We limit the investigation to the IP traffic in the traces.

Intrusion Detection in NEAR System by Anti-denoising Traffic Data Series using Discrete Wavelet Transform

Directory of Open Access Journals (Sweden)

VANCEA, F.

2014-11-01

Full Text Available The paper presents two methods for detecting anomalies in data series derived from network traffic. Intrusion detection systems based on network traffic analysis are able to respond to incidents never seen before by detecting anomalies in data series extracted from the traffic. Some anomalies manifest themselves as pulses of various sizes and shapes, superimposed on series corresponding to normal traffic. In order to detect those impulses we propose two methods based on discrete wavelet transformation. Their effectiveness expressed in relative thresholds on pulse amplitude for no false negatives and no false positives is then evaluated against pulse duration and Hurst characteristic of original series. Different base functions are also evaluated for efficiency in the context of the proposed methods.

PMFA: Toward Passive Message Fingerprint Attacks on Challenge-Based Collaborative Intrusion Detection Networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2016-01-01

To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat...... to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated...... and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values....

In-situ trainable intrusion detection system

Energy Technology Data Exchange (ETDEWEB)

Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; Potok, Thomas E.

2016-11-15

A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.

Network science and cybersecurity

CERN Document Server

Pino, Robinson E

2014-01-01

Network Science and Cybersecurity introduces new research and development efforts for cybersecurity solutions and applications taking place within various U.S. Government Departments of  Defense, industry and academic laboratories. This book examines new algorithms and tools, technology platforms and reconfigurable technologies for cybersecurity systems. Anomaly-based intrusion detection systems (IDS) are explored as a key component of any general network intrusion detection service, complementing signature-based IDS components by attempting to identify novel attacks.  These attacks  may not y

Towards software-based signature detection for intrusion prevention on the network card

NARCIS (Netherlands)

Bos, H.; Huang, Kaiming

2006-01-01

CardGuard is a signature detection system for intrusion detection and prevention that scans the entire payload of packets for suspicious patterns and is implemented in software on a network card equiped with an Intel IXP1200 network processor. One card can be used to protect either a single host, or

A Hypergraph and Arithmetic Residue-based Probabilistic Neural Network for classification in Intrusion Detection Systems.

Science.gov (United States)

Raman, M R Gauthama; Somu, Nivethitha; Kirthivasan, Kannan; Sriram, V S Shankar

2017-08-01

Over the past few decades, the design of an intelligent Intrusion Detection System (IDS) remains an open challenge to the research community. Continuous efforts by the researchers have resulted in the development of several learning models based on Artificial Neural Network (ANN) to improve the performance of the IDSs. However, there exists a tradeoff with respect to the stability of ANN architecture and the detection rate for less frequent attacks. This paper presents a novel approach based on Helly property of Hypergraph and Arithmetic Residue-based Probabilistic Neural Network (HG AR-PNN) to address the classification problem in IDS. The Helly property of Hypergraph was exploited for the identification of the optimal feature subset and the arithmetic residue of the optimal feature subset was used to train the PNN. The performance of HG AR-PNN was evaluated using KDD CUP 1999 intrusion dataset. Experimental results prove the dominance of HG AR-PNN classifier over the existing classifiers with respect to the stability and improved detection rate for less frequent attacks. Copyright © 2017 Elsevier Ltd. All rights reserved.

Fuzzy Kernel k-Medoids algorithm for anomaly detection problems

Science.gov (United States)

Rustam, Z.; Talita, A. S.

2017-07-01

Intrusion Detection System (IDS) is an essential part of security systems to strengthen the security of information systems. IDS can be used to detect the abuse by intruders who try to get into the network system in order to access and utilize the available data sources in the system. There are two approaches of IDS, Misuse Detection and Anomaly Detection (behavior-based intrusion detection). Fuzzy clustering-based methods have been widely used to solve Anomaly Detection problems. Other than using fuzzy membership concept to determine the object to a cluster, other approaches as in combining fuzzy and possibilistic membership or feature-weighted based methods are also used. We propose Fuzzy Kernel k-Medoids that combining fuzzy and possibilistic membership as a powerful method to solve anomaly detection problem since on numerical experiment it is able to classify IDS benchmark data into five different classes simultaneously. We classify IDS benchmark data KDDCup'99 data set into five different classes simultaneously with the best performance was achieved by using 30 % of training data with clustering accuracy reached 90.28 percent.

A hybrid approach for efficient anomaly detection using metaheuristic methods

Directory of Open Access Journals (Sweden)

Tamer F. Ghanem

2015-07-01

Full Text Available Network intrusion detection based on anomaly detection techniques has a significant role in protecting networks and systems against harmful activities. Different metaheuristic techniques have been used for anomaly detector generation. Yet, reported literature has not studied the use of the multi-start metaheuristic method for detector generation. This paper proposes a hybrid approach for anomaly detection in large scale datasets using detectors generated based on multi-start metaheuristic method and genetic algorithms. The proposed approach has taken some inspiration of negative selection-based detector generation. The evaluation of this approach is performed using NSL-KDD dataset which is a modified version of the widely used KDD CUP 99 dataset. The results show its effectiveness in generating a suitable number of detectors with an accuracy of 96.1% compared to other competitors of machine learning algorithms.

LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks

DEFF Research Database (Denmark)

Giannetsos, Athanasios; Krontiris, Ioannis; Dimitriou, Tassos

2008-01-01

to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance. In this paper, we present a lightweight intrusion detection system, called LIDeA, designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes......Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed...

A Survey on Cross-Layer Intrusion Detection System for Wireless ...

African Journals Online (AJOL)

pc

2018-03-05

Mar 5, 2018 ... forwarding, and open wireless medium are the factors that make ... Wireless Sensor Network (WSN) is a kind of network that ... These tiny sensors are mainly small sized and have low ..... they were integrated to WSN for intrusion detection in ..... Anomaly Detection Techniques for Smart City Wireless Sensor.

A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network

Directory of Open Access Journals (Sweden)

Wenchao Li

2014-01-01

abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV. Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

Energy Technology Data Exchange (ETDEWEB)

Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

2011-04-01

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

Intrusion detection techniques for plant-wide network in a nuclear power plant

International Nuclear Information System (INIS)

Rajasekhar, P.; Shrikhande, S.V.; Biswas, B.B.; Patil, R.K.

2012-01-01

Nuclear power plants have a lot of critical data to be sent to the operator workstations. A plant wide integrated communication network, with high throughput, determinism and redundancy, is required between the workstations and the field. Switched Ethernet network is a promising prospect for such an integrated communication network. But for such an integrated system, intrusion is a major issue. Hence the network should have an intrusion detection system to make the network data secure and enhance the network availability. Intrusion detection is the process of monitoring the events occurring in a network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of network security policies, acceptable user policies, or standard security practices. This paper states the various intrusion detection techniques and approaches which are applicable for analysis of a plant wide network. (author)

Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis

Directory of Open Access Journals (Sweden)

Yang Dan

2008-12-01

Full Text Available Distributed network traffic anomaly refers to a traffic abnormal behavior involving many links of a network and caused by the same source (e.g., DDoS attack, worm propagation. The anomaly transiting in a single link might be unnoticeable and hard to detect, while the anomalous aggregation from many links can be prevailing, and does more harm to the networks. Aiming at the similar features of distributed traffic anomaly on many links, this paper proposes a network-wide detection method by performing anomalous correlation analysis of traffic signals' instantaneous parameters. In our method, traffic signals' instantaneous parameters are firstly computed, and their network-wide anomalous space is then extracted via traffic prediction. Finally, an anomaly is detected by a global correlation coefficient of anomalous space. Our evaluation using Abilene traffic traces demonstrates the excellent performance of this approach for distributed traffic anomaly detection.

Stochastic Tools for Network Intrusion Detection

OpenAIRE

Yu, Lu; Brooks, Richard R.

2017-01-01

With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detecti...

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

NARCIS (Netherlands)

Hofstede, R.J.; Pras, Aiko

Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and

Power-Aware Intrusion Detection in Mobile Ad Hoc Networks

Science.gov (United States)

Şen, Sevil; Clark, John A.; Tapiador, Juan E.

Mobile ad hoc networks (MANETs) are a highly promising new form of networking. However they are more vulnerable to attacks than wired networks. In addition, conventional intrusion detection systems (IDS) are ineffective and inefficient for highly dynamic and resource-constrained environments. Achieving an effective operational MANET requires tradeoffs to be made between functional and non-functional criteria. In this paper we show how Genetic Programming (GP) together with a Multi-Objective Evolutionary Algorithm (MOEA) can be used to synthesise intrusion detection programs that make optimal tradeoffs between security criteria and the power they consume.

An Automata Based Intrusion Detection Method for Internet of Things

Directory of Open Access Journals (Sweden)

Yulong Fu

2017-01-01

Full Text Available Internet of Things (IoT transforms network communication to Machine-to-Machine (M2M basis and provides open access and new services to citizens and companies. It extends the border of Internet and will be developed as one part of the future 5G networks. However, as the resources of IoT’s front devices are constrained, many security mechanisms are hard to be implemented to protect the IoT networks. Intrusion detection system (IDS is an efficient technique that can be used to detect the attackers when cryptography is broken, and it can be used to enforce the security of IoT networks. In this article, we analyzed the intrusion detection requirements of IoT networks and then proposed a uniform intrusion detection method for the vast heterogeneous IoT networks based on an automata model. The proposed method can detect and report the possible IoT attacks with three types: jam-attack, false-attack, and reply-attack automatically. We also design an experiment to verify the proposed IDS method and examine the attack of RADIUS application.

A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

Science.gov (United States)

1999-06-01

administrator whenever a system binary file (such as the ps, login , or ls program) is modified. Normal users have no legitimate reason to alter these files...development of EMERALD [46], which combines statistical anomaly detection from NIDES with signature verification. Specification-based intrusion detection...the creation of a single host that can act as many hosts. Daemons that provide network services—including telnetd, ftpd, and login — display banners

Anomaly-Based Intrusion Detection Systems Utilizing System Call Data

Science.gov (United States)

2012-03-01

52 Table 7. Place Reachability Statistics for Low Level CPN...54 Table 8. Place Reachability Statistics for High Level CPN................................................. 55 Table 9. Password Stealing...the efficiency of traditional anti-virus software tools that are dependent on gigantic , continuously updated databases. Fortunately, Intrusion

Using Generalized Entropies and OC-SVM with Mahalanobis Kernel for Detection and Classification of Anomalies in Network Traffic

Directory of Open Access Journals (Sweden)

Jayro Santiago-Paz

2015-09-01

Full Text Available Network anomaly detection and classification is an important open issue in network security. Several approaches and systems based on different mathematical tools have been studied and developed, among them, the Anomaly-Network Intrusion Detection System (A-NIDS, which monitors network traffic and compares it against an established baseline of a “normal” traffic profile. Then, it is necessary to characterize the “normal” Internet traffic. This paper presents an approach for anomaly detection and classification based on Shannon, Rényi and Tsallis entropies of selected features, and the construction of regions from entropy data employing the Mahalanobis distance (MD, and One Class Support Vector Machine (OC-SVM with different kernels (Radial Basis Function (RBF and Mahalanobis Kernel (MK for “normal” and abnormal traffic. Regular and non-regular regions built from “normal” traffic profiles allow anomaly detection, while the classification is performed under the assumption that regions corresponding to the attack classes have been previously characterized. Although this approach allows the use of as many features as required, only four well-known significant features were selected in our case. In order to evaluate our approach, two different data sets were used: one set of real traffic obtained from an Academic Local Area Network (LAN, and the other a subset of the 1998 MIT-DARPA set. For these data sets, a True positive rate up to 99.35%, a True negative rate up to 99.83% and a False negative rate at about 0.16% were yielded. Experimental results show that certain q-values of the generalized entropies and the use of OC-SVM with RBF kernel improve the detection rate in the detection stage, while the novel inclusion of MK kernel in OC-SVM and k-temporal nearest neighbors improve accuracy in classification. In addition, the results show that using the Box-Cox transformation, the Mahalanobis distance yielded high detection rates with

Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS)

Energy Technology Data Exchange (ETDEWEB)

Jared Verba; Michael Milvich

2008-05-01

Current Intrusion Detection System (IDS) technology is not suited to be widely deployed inside a Supervisory, Control and Data Acquisition (SCADA) environment. Anomaly- and signature-based IDS technologies have developed methods to cover information technology-based networks activity and protocols effectively. However, these IDS technologies do not include the fine protocol granularity required to ensure network security inside an environment with weak protocols lacking authentication and encryption. By implementing a more specific and more intelligent packet inspection mechanism, tailored traffic flow analysis, and unique packet tampering detection, IDS technology developed specifically for SCADA environments can be deployed with confidence in detecting malicious activity.

The effect of destination linked feature selection in real-time network intrusion detection

CSIR Research Space (South Africa)

Mzila, P

2013-07-01

Full Text Available techniques in the network intrusion detection system (NIDS) is the feature selection technique. The ability of NIDS to accurately identify intrusion from the network traffic relies heavily on feature selection, which describes the pattern of the network...

A Privacy-Preserving Framework for Collaborative Intrusion Detection Networks Through Fog Computing

DEFF Research Database (Denmark)

Wang, Yu; Xie, Lin; Li, Wenjuan

2017-01-01

Nowadays, cyber threats (e.g., intrusions) are distributed across various networks with the dispersed networking resources. Intrusion detection systems (IDSs) have already become an essential solution to defend against a large amount of attacks. With the development of cloud computing, a modern IDS...

ANOMALY DETECTION IN NETWORKING USING HYBRID ARTIFICIAL IMMUNE ALGORITHM

Directory of Open Access Journals (Sweden)

D. Amutha Guka

2012-01-01

Full Text Available Especially in today’s network scenario, when computers are interconnected through internet, security of an information system is very important issue. Because no system can be absolutely secure, the timely and accurate detection of anomalies is necessary. The main aim of this research paper is to improve the anomaly detection by using Hybrid Artificial Immune Algorithm (HAIA which is based on Artificial Immune Systems (AIS and Genetic Algorithm (GA. In this research work, HAIA approach is used to develop Network Anomaly Detection System (NADS. The detector set is generated by using GA and the anomalies are identified using Negative Selection Algorithm (NSA which is based on AIS. The HAIA algorithm is tested with KDD Cup 99 benchmark dataset. The detection rate is used to measure the effectiveness of the NADS. The results and consistency of the HAIA are compared with earlier approaches and the results are presented. The proposed algorithm gives best results when compared to the earlier approaches.

Performance Analysis of Hierarchical Group Key Management Integrated with Adaptive Intrusion Detection in Mobile ad hoc Networks

Science.gov (United States)

2016-04-05

applications in wireless networks such as military battlefields, emergency response, mobile commerce , online gaming, and collaborative work are based on the...www.elsevier.com/locate/peva Performance analysis of hierarchical group key management integrated with adaptive intrusion detection in mobile ad hoc...Accepted 19 September 2010 Available online 26 September 2010 Keywords: Mobile ad hoc networks Intrusion detection Group communication systems Group

Towards effective and robust list-based packet filter for signature-based network intrusion detection: an engineering approach

DEFF Research Database (Denmark)

Meng, Weizhi; Li, Wenjuan; Kwok, Lam For

2017-01-01

Network intrusion detection systems (NIDSs) which aim to identify various attacks, have become an essential part of current security infrastructure. In particular, signature-based NIDSs are being widely implemented in industry due to their low rate of false alarms. However, the signature matching...... this problem, packet filtration is a promising solution to reduce unwanted traffic. Motivated by this, in this work, a list-based packet filter was designed and an engineering method of combining both blacklist and whitelist techniques was introduced. To further secure such filters against IP spoofing attacks...... in traffic filtration as well as workload reduction, and is robust against IP spoofing attacks....

Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

Directory of Open Access Journals (Sweden)

Min-Joo Kang

Full Text Available A novel intrusion detection system (IDS using a deep neural network (DNN is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN, therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN bus.

Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

Science.gov (United States)

Kang, Min-Joo; Kang, Je-Won

2016-01-01

A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus.

PERFORMANCE COMPARISON FOR INTRUSION DETECTION SYSTEM USING NEURAL NETWORK WITH KDD DATASET

Directory of Open Access Journals (Sweden)

S. Devaraju

2014-04-01

Full Text Available Intrusion Detection Systems are challenging task for finding the user as normal user or attack user in any organizational information systems or IT Industry. The Intrusion Detection System is an effective method to deal with the kinds of problem in networks. Different classifiers are used to detect the different kinds of attacks in networks. In this paper, the performance of intrusion detection is compared with various neural network classifiers. In the proposed research the four types of classifiers used are Feed Forward Neural Network (FFNN, Generalized Regression Neural Network (GRNN, Probabilistic Neural Network (PNN and Radial Basis Neural Network (RBNN. The performance of the full featured KDD Cup 1999 dataset is compared with that of the reduced featured KDD Cup 1999 dataset. The MATLAB software is used to train and test the dataset and the efficiency and False Alarm Rate is measured. It is proved that the reduced dataset is performing better than the full featured dataset.

A Labeled Data Set For Flow-based Intrusion Detection

NARCIS (Netherlands)

Sperotto, Anna; Sadre, R.; van Vliet, Frank; Pras, Aiko; Nunzi, Giorgio; Scoglio, Caterina; Li, Xing

2009-01-01

Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set

Implementation of SNS Model for Intrusion Prevention in Wireless Local Area Network

DEFF Research Database (Denmark)

Isah, Abdullahi

The thesis has proposed and implemented a so-called SNS (Social network security) model for intrusion prevention in the Wireless Local Area Network of an organization. An experimental design was used to implement and test the model at a university in Nigeria.......The thesis has proposed and implemented a so-called SNS (Social network security) model for intrusion prevention in the Wireless Local Area Network of an organization. An experimental design was used to implement and test the model at a university in Nigeria....

A comparative performance evaluation of intrusion detection techniques for hierarchical wireless sensor networks

Directory of Open Access Journals (Sweden)

H.H. Soliman

2012-11-01

Full Text Available An explosive growth in the field of wireless sensor networks (WSNs has been achieved in the past few years. Due to its important wide range of applications especially military applications, environments monitoring, health care application, home automation, etc., they are exposed to security threats. Intrusion detection system (IDS is one of the major and efficient defensive methods against attacks in WSN. Therefore, developing IDS for WSN have attracted much attention recently and thus, there are many publications proposing new IDS techniques or enhancement to the existing ones. This paper evaluates and compares the most prominent anomaly-based IDS systems for hierarchical WSNs and identifying their strengths and weaknesses. For each IDS, the architecture and the related functionality are briefly introduced, discussed, and compared, focusing on both the operational strengths and weakness. In addition, a comparison of the studied IDSs is carried out using a set of critical evaluation metrics that are divided into two groups; the first one related to performance and the second related to security. Finally based on the carried evaluation and comparison, a set of design principles are concluded, which have to be addressed and satisfied in future research of designing and implementing IDS for WSNs.

A New Anomaly Detection System for School Electricity Consumption Data

Directory of Open Access Journals (Sweden)

Wenqiang Cui

2017-11-01

Full Text Available Anomaly detection has been widely used in a variety of research and application domains, such as network intrusion detection, insurance/credit card fraud detection, health-care informatics, industrial damage detection, image processing and novel topic detection in text mining. In this paper, we focus on remote facilities management that identifies anomalous events in buildings by detecting anomalies in building electricity consumption data. We investigated five models within electricity consumption data from different schools to detect anomalies in the data. Furthermore, we proposed a hybrid model that combines polynomial regression and Gaussian distribution, which detects anomalies in the data with 0 false negative and an average precision higher than 91%. Based on the proposed model, we developed a data detection and visualization system for a facilities management company to detect and visualize anomalies in school electricity consumption data. The system is tested and evaluated by facilities managers. According to the evaluation, our system has improved the efficiency of facilities managers to identify anomalies in the data.

Design and implementation of an intrusion detection system based on IPv6 protocol

Science.gov (United States)

Liu, Bin; Li, Zhitang; Li, Yao; Li, Zhanchun

2005-11-01

Network intrusion detection systems (NIDS) are important parts of network security architecture. Although many NIDS have been proposed, there is little effort to expand the current set of NIDS to support IPv6 protocol. This paper presents the design and implementation of a Network-based Intrusion Detection System that supports both IPv6 protocol and IPv4 protocol. It characters rules based logging to perform content pattern matching and detect a variety of attacks and probes from IPv4 and IPv6.There are four primary subsystems to make it up: packet capture, packet decoder, detection engine, and logging and alerting subsystem. A new approach to packet capture that combined NAPI with MMAP is proposed in this paper. The test results show that the efficiency of packet capture can be improved significantly by this method. Several new attack tools for IPv6 have been developed for intrusion detection evaluation. Test shows that more than 20 kinds of IPv6 attacks can be detected by this system and it also has a good performance under heavy traffic load.

An ontology-based intrusion patterns classification system | Shonubi ...

African Journals Online (AJOL)

Studies have shown that computer intrusions have been on the increase in recent times. Many techniques and patterns are being used by intruders to gain access to data on host computer networks. In this work, intrusion patterns were identified and classified and inherent knowledge were represented using an ontology of ...

Technologies, Methodologies and Challenges in Network Intrusion Detection and Prevention Systems

Directory of Open Access Journals (Sweden)

Nicoleta STANCIU

2013-01-01

Full Text Available This paper presents an overview of the technologies and the methodologies used in Network Intrusion Detection and Prevention Systems (NIDPS. Intrusion Detection and Prevention System (IDPS technologies are differentiated by types of events that IDPSs can recognize, by types of devices that IDPSs monitor and by activity. NIDPSs monitor and analyze the streams of network packets in order to detect security incidents. The main methodology used by NIDPSs is protocol analysis. Protocol analysis requires good knowledge of the theory of the main protocols, their definition, how each protocol works.

Anomaly Detection in Dynamic Networks

Energy Technology Data Exchange (ETDEWEB)

Turcotte, Melissa [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2014-10-14

Anomaly detection in dynamic communication networks has many important security applications. These networks can be extremely large and so detecting any changes in their structure can be computationally challenging; hence, computationally fast, parallelisable methods for monitoring the network are paramount. For this reason the methods presented here use independent node and edge based models to detect locally anomalous substructures within communication networks. As a first stage, the aim is to detect changes in the data streams arising from node or edge communications. Throughout the thesis simple, conjugate Bayesian models for counting processes are used to model these data streams. A second stage of analysis can then be performed on a much reduced subset of the network comprising nodes and edges which have been identified as potentially anomalous in the first stage. The first method assumes communications in a network arise from an inhomogeneous Poisson process with piecewise constant intensity. Anomaly detection is then treated as a changepoint problem on the intensities. The changepoint model is extended to incorporate seasonal behavior inherent in communication networks. This seasonal behavior is also viewed as a changepoint problem acting on a piecewise constant Poisson process. In a static time frame, inference is made on this extended model via a Gibbs sampling strategy. In a sequential time frame, where the data arrive as a stream, a novel, fast Sequential Monte Carlo (SMC) algorithm is introduced to sample from the sequence of posterior distributions of the change points over time. A second method is considered for monitoring communications in a large scale computer network. The usage patterns in these types of networks are very bursty in nature and don’t fit a Poisson process model. For tractable inference, discrete time models are considered, where the data are aggregated into discrete time periods and probability models are fitted to the

Active Low Intrusion Hybrid Monitor for Wireless Sensor Networks.

Science.gov (United States)

Navia, Marlon; Campelo, Jose C; Bonastre, Alberto; Ors, Rafael; Capella, Juan V; Serrano, Juan J

2015-09-18

Several systems have been proposed to monitor wireless sensor networks (WSN). These systems may be active (causing a high degree of intrusion) or passive (low observability inside the nodes). This paper presents the implementation of an active hybrid (hardware and software) monitor with low intrusion. It is based on the addition to the sensor node of a monitor node (hardware part) which, through a standard interface, is able to receive the monitoring information sent by a piece of software executed in the sensor node. The intrusion on time, code, and energy caused in the sensor nodes by the monitor is evaluated as a function of data size and the interface used. Then different interfaces, commonly available in sensor nodes, are evaluated: serial transmission (USART), serial peripheral interface (SPI), and parallel. The proposed hybrid monitor provides highly detailed information, barely disturbed by the measurement tool (interference), about the behavior of the WSN that may be used to evaluate many properties such as performance, dependability, security, etc. Monitor nodes are self-powered and may be removed after the monitoring campaign to be reused in other campaigns and/or WSNs. No other hardware-independent monitoring platforms with such low interference have been found in the literature.

A new intrusion prevention model using planning knowledge graph

Science.gov (United States)

Cai, Zengyu; Feng, Yuan; Liu, Shuru; Gan, Yong

2013-03-01

Intelligent plan is a very important research in artificial intelligence, which has applied in network security. This paper proposes a new intrusion prevention model base on planning knowledge graph and discuses the system architecture and characteristics of this model. The Intrusion Prevention based on plan knowledge graph is completed by plan recognition based on planning knowledge graph, and the Intrusion response strategies and actions are completed by the hierarchical task network (HTN) planner in this paper. Intrusion prevention system has the advantages of intelligent planning, which has the advantage of the knowledge-sharing, the response focused, learning autonomy and protective ability.

Topological Origin of the Network Dilation Anomaly in Ion-Exchanged Glasses

Science.gov (United States)

Wang, Mengyi; Smedskjaer, Morten M.; Mauro, John C.; Sant, Gaurav; Bauchy, Mathieu

2017-11-01

Ion exchange is commonly used to strengthen oxide glasses. However, the resulting stuffed glasses usually do not reach the molar volume of as-melted glasses of similar composition—a phenomenon known as the network dilation anomaly. This behavior seriously limits the potential for the chemical strengthening of glasses and its origin remains one of the mysteries of glass science. Here, based on molecular dynamics simulations of sodium silicate glasses coupled with topological constraint theory, we show that the topology of the atomic network controls the extent of ion-exchange-induced dilation. We demonstrate that isostatic glasses do not show any network dilation anomaly. This is found to arise from the combined absence of floppy modes of deformation and internal eigenstress in isostatic atomic networks.

A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification

Science.gov (United States)

Shyu, Mei-Ling; Sainani, Varsha

The increasing number of network security related incidents have made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). IDSs are expected to analyze a large volume of data while not placing a significantly added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel data mining assisted multiagent-based intrusion detection system (DMAS-IDS) is proposed, particularly with the support of multiclass supervised classification. These agents can detect and take predefined actions against malicious activities, and data mining techniques can help detect them. Our proposed DMAS-IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDS with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on multiagent platform along with a supervised classification technique.

Intelligent Intrusion Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks

Directory of Open Access Journals (Sweden)

Khattab M. Ali Alheeti

2016-07-01

Full Text Available Vehicular ad hoc networks (VANETs play a vital role in the success of self-driving and semi self-driving vehicles, where they improve safety and comfort. Such vehicles depend heavily on external communication with the surrounding environment via data control and Cooperative Awareness Messages (CAMs exchanges. VANETs are potentially exposed to a number of attacks, such as grey hole, black hole, wormhole and rushing attacks. This work presents an intelligent Intrusion Detection System (IDS that relies on anomaly detection to protect the external communication system from grey hole and rushing attacks. These attacks aim to disrupt the transmission between vehicles and roadside units. The IDS uses features obtained from a trace file generated in a network simulator and consists of a feed-forward neural network and a support vector machine. Additionally, the paper studies the use of a novel systematic response, employed to protect the vehicle when it encounters malicious behaviour. Our simulations of the proposed detection system show that the proposed schemes possess outstanding detection rates with a reduction in false alarms. This safe mode response system has been evaluated using four performance metrics, namely, received packets, packet delivery ratio, dropped packets and the average end to end delay, under both normal and abnormal conditions.

Robust and Agile System against Fault and Anomaly Traffic in Software Defined Networks

Directory of Open Access Journals (Sweden)

Mihui Kim

2017-03-01

Full Text Available The main advantage of software defined networking (SDN is that it allows intelligent control and management of networking though programmability in real time. It enables efficient utilization of network resources through traffic engineering, and offers potential attack defense methods when abnormalities arise. However, previous studies have only identified individual solutions for respective problems, instead of finding a more global solution in real time that is capable of addressing multiple situations in network status. To cover diverse network conditions, this paper presents a comprehensive reactive system for simultaneously monitoring failures, anomalies, and attacks for high availability and reliability. We design three main modules in the SDN controller for a robust and agile defense (RAD system against network anomalies: a traffic analyzer, a traffic engineer, and a rule manager. RAD provides reactive flow rule generation to control traffic while detecting network failures, anomalies, high traffic volume (elephant flows, and attacks. The traffic analyzer identifies elephant flows, traffic anomalies, and attacks based on attack signatures and network monitoring. The traffic engineer module measures network utilization and delay in order to determine the best path for multi-dimensional routing and load balancing under any circumstances. Finally, the rule manager generates and installs a flow rule for the selected best path to control traffic. We implement the proposed RAD system based on Floodlight, an open source project for the SDN controller. We evaluate our system using simulation with and without the aforementioned RAD modules. Experimental results show that our approach is both practical and feasible, and can successfully augment an existing SDN controller in terms of agility, robustness, and efficiency, even in the face of link failures, attacks, and elephant flows.

Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic

Directory of Open Access Journals (Sweden)

Amit Kleinmann

2014-09-01

Full Text Available The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI and the Programmable Logic Controllers (PLCs. This paper presents a model-based Intrusion Detection Systems (IDS designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA. The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on traffic from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the traffic was identified as normal.

Attacks and Intrusion Detection in Cloud Computing Using Neural Networks and Particle Swarm Optimization Algorithms

Directory of Open Access Journals (Sweden)

Ahmad Shokuh Saljoughi

2018-01-01

Full Text Available Today, cloud computing has become popular among users in organizations and companies. Security and efficiency are the two major issues facing cloud service providers and their customers. Since cloud computing is a virtual pool of resources provided in an open environment (Internet, cloud-based services entail security risks. Detection of intrusions and attacks through unauthorized users is one of the biggest challenges for both cloud service providers and cloud users. In the present study, artificial intelligence techniques, e.g. MLP Neural Network sand particle swarm optimization algorithm, were used to detect intrusion and attacks. The methods were tested for NSL-KDD, KDD-CUP datasets. The results showed improved accuracy in detecting attacks and intrusions by unauthorized users.

Feature Selection of Network Intrusion Data using Genetic Algorithm and Particle Swarm Optimization

Directory of Open Access Journals (Sweden)

Iwan Syarif

2016-12-01

Full Text Available This paper describes the advantages of using Evolutionary Algorithms (EA for feature selection on network intrusion dataset. Most current Network Intrusion Detection Systems (NIDS are unable to detect intrusions in real time because of high dimensional data produced during daily operation. Extracting knowledge from huge data such as intrusion data requires new approach. The more complex the datasets, the higher computation time and the harder they are to be interpreted and analyzed. This paper investigates the performance of feature selection algoritms in network intrusiona data. We used Genetic Algorithms (GA and Particle Swarm Optimizations (PSO as feature selection algorithms. When applied to network intrusion datasets, both GA and PSO have significantly reduces the number of features. Our experiments show that GA successfully reduces the number of attributes from 41 to 15 while PSO reduces the number of attributes from 41 to 9. Using k Nearest Neighbour (k-NN as a classifier,the GA-reduced dataset which consists of 37% of original attributes, has accuracy improvement from 99.28% to 99.70% and its execution time is also 4.8 faster than the execution time of original dataset. Using the same classifier, PSO-reduced dataset which consists of 22% of original attributes, has the fastest execution time (7.2 times faster than the execution time of original datasets. However, its accuracy is slightly reduced 0.02% from 99.28% to 99.26%. Overall, both GA and PSO are good solution as feature selection techniques because theyhave shown very good performance in reducing the number of features significantly while still maintaining and sometimes improving the classification accuracy as well as reducing the computation time.

Effective approach toward Intrusion Detection System using data mining techniques

Directory of Open Access Journals (Sweden)

G.V. Nadiammai

2014-03-01

Full Text Available With the tremendous growth of the usage of computers over network and development in application running on various platform captures the attention toward network security. This paradigm exploits security vulnerabilities on all computer systems that are technically difficult and expensive to solve. Hence intrusion is used as a key to compromise the integrity, availability and confidentiality of a computer resource. The Intrusion Detection System (IDS plays a vital role in detecting anomalies and attacks in the network. In this work, data mining concept is integrated with an IDS to identify the relevant, hidden data of interest for the user effectively and with less execution time. Four issues such as Classification of Data, High Level of Human Interaction, Lack of Labeled Data, and Effectiveness of Distributed Denial of Service Attack are being solved using the proposed algorithms like EDADT algorithm, Hybrid IDS model, Semi-Supervised Approach and Varying HOPERAA Algorithm respectively. Our proposed algorithm has been tested using KDD Cup dataset. All the proposed algorithm shows better accuracy and reduced false alarm rate when compared with existing algorithms.

Cross-layer design for intrusion detection and data security in wireless ad hoc sensor networks

Science.gov (United States)

Hortos, William S.

2007-09-01

A wireless ad hoc sensor network is a configuration for area surveillance that affords rapid, flexible deployment in arbitrary threat environments. There is no infrastructure support and sensor nodes communicate with each other only when they are in transmission range. The nodes are severely resource-constrained, with limited processing, memory and power capacities and must operate cooperatively to fulfill a common mission in typically unattended modes. In a wireless sensor network (WSN), each sensor at a node can observe locally some underlying physical phenomenon and sends a quantized version of the observation to sink (destination) nodes via wireless links. Since the wireless medium can be easily eavesdropped, links can be compromised by intrusion attacks from nodes that may mount denial-of-service attacks or insert spurious information into routing packets, leading to routing loops, long timeouts, impersonation, and node exhaustion. A cross-layer design based on protocol-layer interactions is proposed for detection and identification of various intrusion attacks on WSN operation. A feature set is formed from selected cross-layer parameters of the WSN protocol to detect and identify security threats due to intrusion attacks. A separate protocol is not constructed from the cross-layer design; instead, security attributes and quantified trust levels at and among nodes established during data exchanges complement customary WSN metrics of energy usage, reliability, route availability, and end-to-end quality-of-service (QoS) provisioning. Statistical pattern recognition algorithms are applied that use observed feature-set patterns observed during network operations, viewed as security audit logs. These algorithms provide the "best" network global performance in the presence of various intrusion attacks. A set of mobile (software) agents distributed at the nodes implement the algorithms, by moving among the layers involved in the network response at each active node

A DBN based anomaly targets detector for HSI

Science.gov (United States)

Ma, Ning; Wang, Shaojun; Yu, Jinxiang; Peng, Yu

2017-10-01

Due to the assumption that Hyperspectral image (HSI) should conform to Gaussian distribution, traditional Mahalanobis distance-based anomaly targets detectors perform poor because the assumption may not always hold. In order to solve those problems, a deep learning based detector, Deep Belief Network(DBN) anomaly detector(DBN-AD), was proposed to fit the unknown distribution of HSI by energy modeling, the reconstruction errors of this encode-decode processing are used for discriminating the anomaly targets. Experiments are implemented on real and synthesized HSI dataset which collection by Airborne Visible Infra-Red Imaging Spectrometer (AVIRIS). Comparing to classic anomaly detector, the proposed method shows better performance, it performs about 0.17 higher in Area Under ROC Curve (AUC) than that of Reed-Xiaoli detector(RXD) and Kernel-RXD (K-RXD).

A Non-Intrusive Alert System for Maritime Anomalies: Literature Review and the Development and Assessment of Interface Design Concepts (Systeme d’Alerte non Intrusive en cas d’Anomalies Maritimes: Examen de la Documentation et Elaboration/Evaluation de Concepts d’Interface)

Science.gov (United States)

2009-03-01

visualisation , en l’occurrence un système d’alerte, qui aiderait les opérateurs du TSM à mieux connaître et comprendre les anomalies maritimes indiquées...and would much rather have an audio alert. Assessment While this paper recognises the need for the operator to configure appropriate alert...displayed on the screen). The intrusiveness filter would also allow leaders to turn off audio alerts, which could be especially important if there is a

On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems

Directory of Open Access Journals (Sweden)

Wei Gao

2014-03-01

Full Text Available Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks.  Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services.  This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

Network Intrusion Detection System (NIDS in Cloud Environment based on Hidden Naïve Bayes Multiclass Classifier

Directory of Open Access Journals (Sweden)

Hafza A. Mahmood

2018-04-01

Full Text Available Cloud Environment is next generation internet based computing system that supplies customiza-ble services to the end user to work or access to the various cloud applications. In order to provide security and decrease the damage of information system, network and computer system it is im-portant to provide intrusion detection system (IDS. Now Cloud environment are under threads from network intrusions, as one of most prevalent and offensive means Denial of Service (DoS attacks that cause dangerous impact on cloud computing systems. This paper propose Hidden naïve Bayes (HNB Classifier to handle DoS attacks which is a data mining (DM model used to relaxes the conditional independence assumption of Naïve Bayes classifier (NB, proposed sys-tem used HNB Classifier supported with discretization and feature selection where select the best feature enhance the performance of the system and reduce consuming time. To evaluate the per-formance of proposal system, KDD 99 CUP and NSL KDD Datasets has been used. The experi-mental results show that the HNB classifier improves the performance of NIDS in terms of accu-racy and detecting DoS attacks, where the accuracy of detect DoS is 100% in three test KDD cup 99 dataset by used only 12 feature that selected by use gain ratio while in NSL KDD Dataset the accuracy of detect DoS attack is 90 % in three Experimental NSL KDD dataset by select 10 fea-ture only.

Data reduction and tying in regional gravity surveys—results from a new gravity base station network and the Bouguer gravity anomaly map for northeastern Mexico

Science.gov (United States)

Hurtado-Cardador, Manuel; Urrutia-Fucugauchi, Jaime

2006-12-01

Since 1947 Petroleos Mexicanos (Pemex) has conducted oil exploration projects using potential field methods. Geophysical exploration companies under contracts with Pemex carried out gravity anomaly surveys that were referred to different floating data. Each survey comprises observations of gravity stations along highways, roads and trails at intervals of about 500 m. At present, 265 separate gravimeter surveys that cover 60% of the Mexican territory (mainly in the oil producing regions of Mexico) are available. This gravity database represents the largest, highest spatial resolution information, and consequently has been used in the geophysical data compilations for the Mexico and North America gravity anomaly maps. Regional integration of gravimeter surveys generates gradients and spurious anomalies in the Bouguer anomaly maps at the boundaries of the connected surveys due to the different gravity base stations utilized. The main objective of this study is to refer all gravimeter surveys from Pemex to a single new first-order gravity base station network, in order to eliminate problems of gradients and spurious anomalies. A second objective is to establish a network of permanent gravity base stations (BGP), referred to a single base from the World Gravity System. Four regional loops of BGP covering eight States of Mexico were established to support the tie of local gravity base stations from each of the gravimeter surveys located in the vicinity of these loops. The third objective is to add the gravity constants, measured and calculated, for each of the 265 gravimeter surveys to their corresponding files in the Pemex and Instituto Mexicano del Petroleo database. The gravity base used as the common datum is the station SILAG 9135-49 (Latin American System of Gravity) located in the National Observatory of Tacubaya in Mexico City. We present the results of the installation of a new gravity base network in northeastern Mexico, reference of the 43 gravimeter surveys

Applying long short-term memory recurrent neural networks to intrusion detection

Directory of Open Access Journals (Sweden)

Ralf C. Staudemeyer

2015-07-01

Full Text Available We claim that modelling network traffic as a time series with a supervised learning approach, using known genuine and malicious behaviour, improves intrusion detection. To substantiate this, we trained long short-term memory (LSTM recurrent neural networks with the training data provided by the DARPA / KDD Cup ’99 challenge. To identify suitable LSTM-RNN network parameters and structure we experimented with various network topologies. We found networks with four memory blocks containing two cells each offer a good compromise between computational cost and detection performance. We applied forget gates and shortcut connections respectively. A learning rate of 0.1 and up to 1,000 epochs showed good results. We tested the performance on all features and on extracted minimal feature sets respectively. We evaluated different feature sets for the detection of all attacks within one network and also to train networks specialised on individual attack classes. Our results show that the LSTM classifier provides superior performance in comparison to results previously published results of strong static classifiers. With 93.82% accuracy and 22.13 cost, LSTM outperforms the winning entries of the KDD Cup ’99 challenge by far. This is due to the fact that LSTM learns to look back in time and correlate consecutive connection records. For the first time ever, we have demonstrated the usefulness of LSTM networks to intrusion detection.

Network Intrusion Forensic Analysis Using Intrusion Detection System

OpenAIRE

Manish Kumar; Dr. M. Hanumanthappa; Dr. T.V. Suresh Kumar

2011-01-01

The need for computer intrusion forensics arises from the alarming increase in the number of computer crimes that are committed annually. After a computer system has been breached and an intrusion has been detected, there is a need for a computer forensics investigation to follow. Computer forensics is used to bring to justice, those responsible for conducting attacks on computer systems throughout the world. Because of this the law must be follow precisely when conducting a forensics investi...

Lunar floor-fractured craters as magmatic intrusions: Geometry, modes of emplacement, associated tectonic and volcanic features, and implications for gravity anomalies

Science.gov (United States)

Jozwiak, Lauren M.; Head, James W.; Wilson, Lionel

2015-03-01

, the intrusion concentrates bending primarily at the periphery, resulting in a flat, tabular intrusion. We predict that this process will result in concentric fractures over the region of greatest bending. This location is close to the crater wall in large, flat-floored craters, as observed in the crater Humboldt, and interior to the crater over the domed floor in smaller craters, as observed in the crater Vitello. A variety of volcanic features are predicted to be associated with the solidification and degassing of the intrusion; these include: (1) surface lava flows associated with concentric fractures (e.g., in the crater Humboldt); (2) vents with no associated pyroclastic material, from the deflation of under-pressurized magmatic foam (e.g., the crater Damoiseau); and (3) vents with associated pyroclastic deposits from vulcanian eruptions of highly pressurized magmatic foam (e.g., the crater Alphonsus). The intrusion of basaltic magma beneath the crater is predicted to contribute a positive component to the Bouguer gravity anomaly; we assess the predicted Bouguer anomalies associated with FFCs and outline a process for their future interpretation. We conclude that our proposed mechanism serves as a viable formation process for FFCs and accurately predicts numerous morphologic, morphometric, and geophysical features associated with FFCs. These predictions can be further tested using GRAIL (Gravity Recovery and Interior Laboratory) data.

Data mining approach to web application intrusions detection

Science.gov (United States)

Kalicki, Arkadiusz

2011-10-01

Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.

Paper 3: EUROCAT data quality indicators for population-based registries of congenital anomalies

DEFF Research Database (Denmark)

Loane, Maria; Dolk, Helen; Garne, Ester

2011-01-01

The European Surveillance of Congenital Anomalies (EUROCAT) network of population-based congenital anomaly registries is an important source of epidemiologic information on congenital anomalies in Europe covering live births, fetal deaths from 20 weeks gestation, and terminations of pregnancy for...

Saltwater intrusion monitoring in Florida

Science.gov (United States)

Prinos, Scott T.

2016-01-01

Florida's communities are largely dependent on freshwater from groundwater aquifers. Existing saltwater in the aquifers, or seawater that intrudes parts of the aquifers that were fresh, can make the water unusable without additional processing. The quality of Florida's saltwater intrusion monitoring networks varies. In Miami-Dade and Broward Counties, for example, there is a well-designed network with recently constructed short open-interval monitoring wells that bracket the saltwater interface in the Biscayne aquifer. Geochemical analyses of water samples from the network help scientists evaluate pathways of saltwater intrusion and movement of the saltwater interface. Geophysical measurements, collected in these counties, aid the mapping of the saltwater interface and the design of monitoring networks. In comparison, deficiencies in the Collier County monitoring network include the positioning of monitoring wells, reliance on wells with long open intervals that when sampled might provide questionable results, and the inability of existing analyses to differentiate between multiple pathways of saltwater intrusion. A state-wide saltwater intrusion monitoring network is being planned; the planned network could improve saltwater intrusion monitoring by adopting the applicable strategies of the networks of Miami-Dade and Broward Counties, and by addressing deficiencies such as those described for the Collier County network.

Quality-of-service sensitivity to bio-inspired/evolutionary computational methods for intrusion detection in wireless ad hoc multimedia sensor networks

Science.gov (United States)

Hortos, William S.

2012-06-01

In the author's previous work, a cross-layer protocol approach to wireless sensor network (WSN) intrusion detection an identification is created with multiple bio-inspired/evolutionary computational methods applied to the functions of the protocol layers, a single method to each layer, to improve the intrusion-detection performance of the protocol over that of one method applied to only a single layer's functions. The WSN cross-layer protocol design embeds GAs, anti-phase synchronization, ACO, and a trust model based on quantized data reputation at the physical, MAC, network, and application layer, respectively. The construct neglects to assess the net effect of the combined bioinspired methods on the quality-of-service (QoS) performance for "normal" data streams, that is, streams without intrusions. Analytic expressions of throughput, delay, and jitter, coupled with simulation results for WSNs free of intrusion attacks, are the basis for sensitivity analyses of QoS metrics for normal traffic to the bio-inspired methods.

Creating a two-layered augmented artificial immune system for application to computer network intrusion detection

Science.gov (United States)

Judge, Matthew G.; Lamont, Gary B.

2009-05-01

Computer network security has become a very serious concern of commercial, industrial, and military organizations due to the increasing number of network threats such as outsider intrusions and insider covert activities. An important security element of course is network intrusion detection which is a difficult real world problem that has been addressed through many different solution attempts. Using an artificial immune system has been shown to be one of the most promising results. By enhancing jREMISA, a multi-objective evolutionary algorithm inspired artificial immune system, with a secondary defense layer; we produce improved accuracy of intrusion classification and a flexibility in responsiveness. This responsiveness can be leveraged to provide a much more powerful and accurate system, through the use of increased processing time and dedicated hardware which has the flexibility of being located out of band.

A Novel Architecture for Intrusion Detection in Mobile Ad hoc Network

OpenAIRE

Atul Patel; Ruchi Kansara; Dr. Paresh Virparia

2011-01-01

Today’s wireless networks are vulnerable in many ways including illegal use, unauthorized access, denial of service attacks, eavesdropping so called war chalking. These problems are one of the main issues for wider uses of wireless network. On wired network intruder can access by wire but in wireless it has possibilities to access the computer anywhere in neighborhood. However, securing MANETs is highly challenging issue due to their inherent characteristics. Intrusion detection is an importa...

An intrusion prevention system as a proactive security mechanism in network infrastructure

Directory of Open Access Journals (Sweden)

Dulanović Nenad

2008-01-01

Full Text Available A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS, proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.

Identifying Threats Using Graph-based Anomaly Detection

Science.gov (United States)

Eberle, William; Holder, Lawrence; Cook, Diane

Much of the data collected during the monitoring of cyber and other infrastructures is structural in nature, consisting of various types of entities and relationships between them. The detection of threatening anomalies in such data is crucial to protecting these infrastructures. We present an approach to detecting anomalies in a graph-based representation of such data that explicitly represents these entities and relationships. The approach consists of first finding normative patterns in the data using graph-based data mining and then searching for small, unexpected deviations to these normative patterns, assuming illicit behavior tries to mimic legitimate, normative behavior. The approach is evaluated using several synthetic and real-world datasets. Results show that the approach has high truepositive rates, low false-positive rates, and is capable of detecting complex structural anomalies in real-world domains including email communications, cellphone calls and network traffic.

Misuse and intrusion detection at Los Alamos National Laboratory

Energy Technology Data Exchange (ETDEWEB)

Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.; Stallings, C.A.; Thompson, J.L.; Christoph, G.G.

1995-04-01

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in system audit records, in system vulnerability postures, and in other evidence found through active system testing. Since 1989 we have implemented a misuse and intrusion detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter, or NADIR. NADIR currently audits a Kerberos distributed authentication system, file activity on a mass, storage system, and four Cray supercomputers that run the UNICOS operating system. NADIR summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations, As NADIR is constantly evolving, this paper reports its development to date.

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Directory of Open Access Journals (Sweden)

Nattawat Khamphakdee

2015-07-01

Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

Evidential reasoning research on intrusion detection

Science.gov (United States)

Wang, Xianpei; Xu, Hua; Zheng, Sheng; Cheng, Anyu

2003-09-01

In this paper, we mainly aim at D-S theory of evidence and the network intrusion detection these two fields. It discusses the method how to apply this probable reasoning as an AI technology to the Intrusion Detection System (IDS). This paper establishes the application model, describes the new mechanism of reasoning and decision-making and analyses how to implement the model based on the synscan activities detection on the network. The results suggest that if only rational probability values were assigned at the beginning, the engine can, according to the rules of evidence combination and hierarchical reasoning, compute the values of belief and finally inform the administrators of the qualities of the traced activities -- intrusions, normal activities or abnormal activities.

Proposed Network Intrusion Detection System ‎Based on Fuzzy c Mean Algorithm in Cloud ‎Computing Environment

Directory of Open Access Journals (Sweden)

Shawq Malik Mehibs

2017-12-01

Full Text Available Nowadays cloud computing had become is an integral part of IT industry, cloud computing provides Working environment allow a user of environmental to share data and resources over the internet. Where cloud computing its virtual grouping of resources offered over the internet, this lead to different matters related to the security and privacy in cloud computing. And therefore, create intrusion detection very important to detect outsider and insider intruders of cloud computing with high detection rate and low false positive alarm in the cloud environment. This work proposed network intrusion detection module using fuzzy c mean algorithm. The kdd99 dataset used for experiments .the proposed system characterized by a high detection rate with low false positive alarm

Generative adversarial networks for anomaly detection in images

OpenAIRE

Batiste Ros, Guillem

2018-01-01

Anomaly detection is used to identify abnormal observations that don t follow a normal pattern. Inthis work, we use the power of Generative Adversarial Networks in sampling from image distributionsto perform anomaly detection with images and to identify local anomalous segments within thisimages. Also, we explore potential application of this method to support pathological analysis ofbiological tissues

Anomaly Detection in the Bitcoin System - A Network Perspective

OpenAIRE

Pham, Thai; Lee, Steven

2016-01-01

The problem of anomaly detection has been studied for a long time, and many Network Analysis techniques have been proposed as solutions. Although some results appear to be quite promising, no method is clearly to be superior to the rest. In this paper, we particularly consider anomaly detection in the Bitcoin transaction network. Our goal is to detect which users and transactions are the most suspicious; in this case, anomalous behavior is a proxy for suspicious behavior. To this end, we use ...

A Comparative Study of Data Mining Algorithms for High Detection Rate in Intrusion Detection System

Directory of Open Access Journals (Sweden)

Nabeela Ashraf

2018-01-01

Full Text Available Due to the fast growth and tradition of the internet over the last decades, the network security problems are increasing vigorously. Humans can not handle the speed of processes and the huge amount of data required to handle network anomalies. Therefore, it needs substantial automation in both speed and accuracy. Intrusion Detection System is one of the approaches to recognize illegal access and rare attacks to secure networks. In this proposed paper, Naive Bayes, J48 and Random Forest classifiers are compared to compute the detection rate and accuracy of IDS. For experiments, the KDD_NSL dataset is used.

Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

KAUST Repository

Hassanzadeh, Amin

2011-07-18

Wireless Mesh Networks (WMN) are easy-to-deploy, low cost solutions for providing networking and internet services in environments with no network infrastructure, e.g., disaster areas and battlefields. Since electric power is not readily available in such environments battery-powered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous monitoring, remains an open research problem. In this paper we propose that carefully chosen monitoring mesh nodes ensure continuous and complete detection coverage, while allowing non-monitoring mesh nodes to save energy through duty-cycling. We formulate the monitoring node selection problem as an optimization problem and propose distributed and centralized solutions for it, with different tradeoffs. Through extensive simulations and a proof-of-concept hardware/software implementation we demonstrate that our solutions extend the WMN lifetime by 8%, while ensuring, at the minimum, a 97% intrusion detection rate.

A novel intrusion detection method based on OCSVM and K-means recursive clustering

Directory of Open Access Journals (Sweden)

Leandros A. Maglaras

2015-01-01

Full Text Available In this paper we present an intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition system, based on the combination of One-Class Support Vector Machine (OCSVM with RBF kernel and recursive k-means clustering. Important parameters of OCSVM, such as Gaussian width o and parameter v affect the performance of the classifier. Tuning of these parameters is of great importance in order to avoid false positives and over fitting. The combination of OCSVM with recursive k- means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters o and v, making it ideal for real-time intrusion detection mechanisms for SCADA systems. Extensive simulations have been conducted with datasets extracted from small and medium sized HTB SCADA testbeds, in order to compare the accuracy, false alarm rate and execution time against the base line OCSVM method.

DFCL: DYNAMIC FUZZY LOGIC CONTROLLER FOR INTRUSION DETECTION

Directory of Open Access Journals (Sweden)

Abdulrahim Haroun Ali

2014-08-01

Full Text Available Intrusions are a problem with the deployment of Networks which give misuse and abnormal behavior in running reliable network operations and services. In this work, a Dynamic Fuzzy Logic Controller (DFLC is proposed for an anomaly detection problem, with the aim of solving the problem of attack detection rate and faster response process. Data is collected by PingER project. PingER project actively measures the worldwide Internet’s end-to-end performance. It covers over 168 countries around the world. PingER uses simple ubiquitous Internet Ping facility to calculate number of useful performance parameters. From each set of 10 pings between a monitoring host and a remote host, the features being calculated include Minimum Round Trip Time (RTT, Jitter, Packet loss, Mean Opinion Score (MOS, Directness of Connection (Alpha, Throughput, ping unpredictability and ping reachability. A set of 10 pings is being sent from the monitoring node to the remote node every 30 minutes. The received data shows the current characteristic and behavior of the networks. Any changes in the received data signify the existence of potential threat or abnormal behavior. D-FLC uses the combination of parameters as an input to detect the existence of any abnormal behavior of the network. The proposed system is simulated in Matlab Simulink environment. Simulations results show that the system managed to catch 95% of the anomalies with the ability to distinguish normal and abnormal behavior of the network.

An intrusion detection system based on fiber hydrophone

Science.gov (United States)

Liu, Junrong; Qiu, Xiufen; Shen, Heping

2017-10-01

This paper provides a new intrusion detection system based on fiber hydrophone, focusing beam forming figure positioning according to the near field and high precision sound source location algorithm which can accurately position the intrusion; obtaining its behavior path , obtaining the intrusion events related information such as speed form tracking intrusion trace; And analyze identification the detected intrusion behavior. If the monitor area is larger, the algorithm will take too much time once, and influence the system response time, for reduce the calculating time. This paper provides way that coarse location first, and then scanned for accuracy, so as to realize the intrusion events (such as car, etc.) the remote monitoring of positioning. The system makes up the blank in process capture of the fiber optic intrusion detection technology, and improves the understanding of the invasion. Through the capture of the process of intrusion behavior, and the fusion detection of intrusion behavior itself, thus analysis, judgment, identification of the intrusion information can greatly reduce the rate of false positives, greatly improved the reliability and practicability of the perimeter security system.

Anomaly Detection in Nanofibrous Materials by CNN-Based Self-Similarity

Directory of Open Access Journals (Sweden)

Paolo Napoletano

2018-01-01

Full Text Available Automatic detection and localization of anomalies in nanofibrous materials help to reduce the cost of the production process and the time of the post-production visual inspection process. Amongst all the monitoring methods, those exploiting Scanning Electron Microscope (SEM imaging are the most effective. In this paper, we propose a region-based method for the detection and localization of anomalies in SEM images, based on Convolutional Neural Networks (CNNs and self-similarity. The method evaluates the degree of abnormality of each subregion of an image under consideration by computing a CNN-based visual similarity with respect to a dictionary of anomaly-free subregions belonging to a training set. The proposed method outperforms the state of the art.

INTRUSION DETECTION PREVENTION SYSTEM (IDPS PADA LOCAL AREA NETWORK (LAN

Directory of Open Access Journals (Sweden)

Didit Suhartono

2015-02-01

Full Text Available Penelitian ini berjudul “Intrusion Detection Prevention System Local Area Network (LAN” yang bertujuan untuk memproteksi jaringan dari usaha- usaha penyusupan yang dilakukan oleh seorang intruder. Metode yang digunakan pada penelitian ini adalah menggunakan metode kerangka pikir sebagai acuan dari tahap- tahap penelitian yang penulis lakukan. IDS difungsikan sebagai pendeteksi adanya serangan sesuai rule yang ada kemudian pesan peringatan disimpan dalam database dan dikirim via sms kepada seorang network administrator, sedangkan Firewall digunakan sebagai packet filtering dengan cara menentukan security policy yang dinilai penting. Hasilnya adalah ketika IDS memberikanpesan peringatan ketika ada serangan, seorang network administrator dapat memblok adanya serangan tersebut dengan cara manual dengan firewall, ataupun firewall akan memblok sendiri serangan tersebut sesuai dengan security policy yang diterapkan oleh network adminisrator sebelumnya

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

Science.gov (United States)

N Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

2016-01-01

Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

Directory of Open Access Journals (Sweden)

Dhanalakshmi Krishnan Sadhasivan

2017-01-01

Full Text Available Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.

Identification of radon anomalies in soil gas using decision trees and neural networks

International Nuclear Information System (INIS)

Zmazek, B.; Dzeroski, S.; Torkar, D.; Vaupotic, J.; Kobal, I.

2010-01-01

The time series of radon ( 222 Rn) concentration in soil gas at a fault, together with the environmental parameters, have been analysed applying two machine learning techniques: (I) decision trees and (II) neural networks, with the aim at identifying radon anomalies caused by seismic events and not simply ascribed to the effect of the environmental parameters. By applying neural networks, 10 radon anomalies were observed for 12 earthquakes, while with decision trees, the anomaly was found for every earthquake, but, undesirably, some anomalies appeared also during periods without earthquakes. (authors)

Using principal component analysis for selecting network behavioral anomaly metrics

Science.gov (United States)

Gregorio-de Souza, Ian; Berk, Vincent; Barsamian, Alex

2010-04-01

This work addresses new approaches to behavioral analysis of networks and hosts for the purposes of security monitoring and anomaly detection. Most commonly used approaches simply implement anomaly detectors for one, or a few, simple metrics and those metrics can exhibit unacceptable false alarm rates. For instance, the anomaly score of network communication is defined as the reciprocal of the likelihood that a given host uses a particular protocol (or destination);this definition may result in an unrealistically high threshold for alerting to avoid being flooded by false positives. We demonstrate that selecting and adapting the metrics and thresholds, on a host-by-host or protocol-by-protocol basis can be done by established multivariate analyses such as PCA. We will show how to determine one or more metrics, for each network host, that records the highest available amount of information regarding the baseline behavior, and shows relevant deviances reliably. We describe the methodology used to pick from a large selection of available metrics, and illustrate a method for comparing the resulting classifiers. Using our approach we are able to reduce the resources required to properly identify misbehaving hosts, protocols, or networks, by dedicating system resources to only those metrics that actually matter in detecting network deviations.

Use of behavioral biometrics in intrusion detection and online gaming

Science.gov (United States)

Yampolskiy, Roman V.; Govindaraju, Venu

2006-04-01

Behavior based intrusion detection is a frequently used approach for insuring network security. We expend behavior based intrusion detection approach to a new domain of game networks. Specifically, our research shows that a unique behavioral biometric can be generated based on the strategy used by an individual to play a game. We wrote software capable of automatically extracting behavioral profiles for each player in a game of Poker. Once a behavioral signature is generated for a player, it is continuously compared against player's current actions. Any significant deviations in behavior are reported to the game server administrator as potential security breaches. Our algorithm addresses a well-known problem of user verification and can be re-applied to the fields beyond game networks, such as operating systems and non-game networks security.

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

Directory of Open Access Journals (Sweden)

Malik N Ahmed

Full Text Available Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

The potential of the European network of congenital anomaly registers (EUROCAT) for drug safety surveillance : a descriptive study

NARCIS (Netherlands)

Meijer, Willemijn M.; Cornel, Martina C.; Dolk, Helen; de Walle, Hermien E. K.; Armstrong, Nicola C.; de Jong-van den Berg, Lolkje T. W.

Background European Surveillance of Congenital Anomalies (EUROCAT) is a network of population-based congenital anomaly registries in Europe surveying more than I million births per year, or 25% of the births in the European Union. This paper describes the potential of the EUROCAT collaboration for

Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO

Directory of Open Access Journals (Sweden)

Longjie Li

2018-01-01

Full Text Available In order to protect computing systems from malicious attacks, network intrusion detection systems have become an important part in the security infrastructure. Recently, hybrid models that integrating several machine learning techniques have captured more attention of researchers. In this paper, a novel hybrid model was proposed with the purpose of detecting network intrusion effectively. In the proposed model, Gini index is used to select the optimal subset of features, the gradient boosted decision tree (GBDT algorithm is adopted to detect network attacks, and the particle swarm optimization (PSO algorithm is utilized to optimize the parameters of GBDT. The performance of the proposed model is experimentally evaluated in terms of accuracy, detection rate, precision, F1-score, and false alarm rate using the NSL-KDD dataset. Experimental results show that the proposed model is superior to the compared methods.

A Partially Distributed Intrusion Detection System for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Eung Jun Cho

2013-11-01

Full Text Available The increasing use of wireless sensor networks, which normally comprise several very small sensor nodes, makes their security an increasingly important issue. They can be practically and efficiently secured using intrusion detection systems. Conventional security mechanisms are not usually applicable due to the sensor nodes having limitations of computational power, memory capacity, and battery power. Therefore, specific security systems should be designed to function under constraints of energy or memory. A partially distributed intrusion detection system with low memory and power demands is proposed here. It employs a Bloom filter, which allows reduced signature code size. Multiple Bloom filters can be combined to reduce the signature code for each Bloom filter array. The mechanism could then cope with potential denial of service attacks, unlike many previous detection systems with Bloom filters. The mechanism was evaluated and validated through analysis and simulation.

A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems.

Science.gov (United States)

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization's internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

Intrusion detection for IP-based multimedia communications over wireless networks

CERN Document Server

Tang, Jin

2013-01-01

IP-based multimedia communications have become increasingly popular in recent years. With the increasing coverage of the IEEE 802:11™ based wireless networks, IP-based multimedia communications over wireless networks are also drawing extensive attention in both academia and industry. Due to the openness and distributed nature of the protocols involved, such as the session initiation protocol (SIP) and the IEEE 802:11™ standard, it becomes easy for malicious users in the network to achieve their own gain or disrupt the service by deviating from the normal protocol behaviors. This SpringerBrief

Intrusion Detection Algorithm for Mitigating Sinkhole Attack on LEACH Protocol in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Ranjeeth Kumar Sundararajan

2015-01-01

Full Text Available In wireless sensor network (WSN, the sensors are deployed and placed uniformly to transmit the sensed data to a centralized station periodically. So, the major threat of the WSN network layer is sinkhole attack and it is still being a challenging issue on the sensor networks, where the malicious node attracts the packets from the other normal sensor nodes and drops the packets. Thus, this paper proposes an Intrusion Detection System (IDS mechanism to detect the intruder in the network which uses Low Energy Adaptive Clustering Hierarchy (LEACH protocol for its routing operation. In the proposed algorithm, the detection metrics, such as number of packets transmitted and received, are used to compute the intrusion ratio (IR by the IDS agent. The computed numeric or nonnumeric value represents the normal or malicious activity. As and when the sinkhole attack is captured, the IDS agent alerts the network to stop the data transmission. Thus, it can be a resilient to the vulnerable attack of sinkhole. Above all, the simulation result is shown for the proposed algorithm which is proven to be efficient compared with the existing work, namely, MS-LEACH, in terms of minimum computational complexity and low energy consumption. Moreover, the algorithm was numerically analyzed using TETCOS NETSIM.

A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data

Science.gov (United States)

Goldstein, Markus; Uchida, Seiichi

2016-01-01

Anomaly detection is the process of identifying unexpected items or events in datasets, which differ from the norm. In contrast to standard classification tasks, anomaly detection is often applied on unlabeled data, taking only the internal structure of the dataset into account. This challenge is known as unsupervised anomaly detection and is addressed in many practical applications, for example in network intrusion detection, fraud detection as well as in the life science and medical domain. Dozens of algorithms have been proposed in this area, but unfortunately the research community still lacks a comparative universal evaluation as well as common publicly available datasets. These shortcomings are addressed in this study, where 19 different unsupervised anomaly detection algorithms are evaluated on 10 different datasets from multiple application domains. By publishing the source code and the datasets, this paper aims to be a new well-funded basis for unsupervised anomaly detection research. Additionally, this evaluation reveals the strengths and weaknesses of the different approaches for the first time. Besides the anomaly detection performance, computational effort, the impact of parameter settings as well as the global/local anomaly detection behavior is outlined. As a conclusion, we give an advise on algorithm selection for typical real-world tasks. PMID:27093601

Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

Science.gov (United States)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

Anomaly detection in an automated safeguards system using neural networks

International Nuclear Information System (INIS)

Whiteson, R.; Howell, J.A.

1992-01-01

An automated safeguards system must be able to detect an anomalous event, identify the nature of the event, and recommend a corrective action. Neural networks represent a new way of thinking about basic computational mechanisms for intelligent information processing. In this paper, we discuss the issues involved in applying a neural network model to the first step of this process: anomaly detection in materials accounting systems. We extend our previous model to a 3-tank problem and compare different neural network architectures and algorithms. We evaluate the computational difficulties in training neural networks and explore how certain design principles affect the problems. The issues involved in building a neural network architecture include how the information flows, how the network is trained, how the neurons in a network are connected, how the neurons process information, and how the connections between neurons are modified. Our approach is based on the demonstrated ability of neural networks to model complex, nonlinear, real-time processes. By modeling the normal behavior of the processes, we can predict how a system should be behaving and, therefore, detect when an abnormality occurs

The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware

Energy Technology Data Exchange (ETDEWEB)

Tierney, Brian L; Vallentin, Matthias; Sommer, Robin; Lee, Jason; Leres, Craig; Paxson, Vern; Tierney, Brian

2007-09-19

In this work we present a NIDS cluster as a scalable solution for realizing high-performance, stateful network intrusion detection on commodity hardware. The design addresses three challenges: (i) distributing traffic evenly across an extensible set of analysis nodes in a fashion that minimizes the communication required for coordination, (ii) adapting the NIDS's operation to support coordinating its low-level analysis rather than just aggregating alerts; and (iii) validating that the cluster produces sound results. Prototypes of our NIDS cluster now operate at the Lawrence Berkeley National Laboratory and the University of California at Berkeley. In both environments the clusters greatly enhance the power of the network security monitoring.

Intrusion Detection System In IoT

OpenAIRE

Nygaard, Frederik

2017-01-01

Intrusion detection detects misbehaving nodes in a network. In Internet of Things(IoT), IPv6 Routing for Low-Power and Lossy Networks (RPL) is the standard routing protocol. In IoT, devices commonly have low energy, storage and memory, which is why the implemented intrusion algorithm in this thesis will try to minimize the usage of these resources. IDS for RPL-networks have been implemented before, but the use of resources or the number of packets sent was too high to be successful when findi...

Temporal Data-Driven Sleep Scheduling and Spatial Data-Driven Anomaly Detection for Clustered Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Gang Li

2016-09-01

Full Text Available The spatial–temporal correlation is an important feature of sensor data in wireless sensor networks (WSNs. Most of the existing works based on the spatial–temporal correlation can be divided into two parts: redundancy reduction and anomaly detection. These two parts are pursued separately in existing works. In this work, the combination of temporal data-driven sleep scheduling (TDSS and spatial data-driven anomaly detection is proposed, where TDSS can reduce data redundancy. The TDSS model is inspired by transmission control protocol (TCP congestion control. Based on long and linear cluster structure in the tunnel monitoring system, cooperative TDSS and spatial data-driven anomaly detection are then proposed. To realize synchronous acquisition in the same ring for analyzing the situation of every ring, TDSS is implemented in a cooperative way in the cluster. To keep the precision of sensor data, spatial data-driven anomaly detection based on the spatial correlation and Kriging method is realized to generate an anomaly indicator. The experiment results show that cooperative TDSS can realize non-uniform sensing effectively to reduce the energy consumption. In addition, spatial data-driven anomaly detection is quite significant for maintaining and improving the precision of sensor data.

Saliency U-Net: A regional saliency map-driven hybrid deep learning network for anomaly segmentation

Science.gov (United States)

Karargyros, Alex; Syeda-Mahmood, Tanveer

2018-02-01

Deep learning networks are gaining popularity in many medical image analysis tasks due to their generalized ability to automatically extract relevant features from raw images. However, this can make the learning problem unnecessarily harder requiring network architectures of high complexity. In case of anomaly detection, in particular, there is often sufficient regional difference between the anomaly and the surrounding parenchyma that could be easily highlighted through bottom-up saliency operators. In this paper we propose a new hybrid deep learning network using a combination of raw image and such regional maps to more accurately learn the anomalies using simpler network architectures. Specifically, we modify a deep learning network called U-Net using both the raw and pre-segmented images as input to produce joint encoding (contraction) and expansion paths (decoding) in the U-Net. We present results of successfully delineating subdural and epidural hematomas in brain CT imaging and liver hemangioma in abdominal CT images using such network.

Hybrid network defense model based on fuzzy evaluation.

Science.gov (United States)

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Context-aware local Intrusion Detection in SCADA systems : a testbed and two showcases

NARCIS (Netherlands)

Chromik, Justyna Joanna; Haverkort, Boudewijn R.H.M.; Remke, Anne Katharina Ingrid; Pilch, Carina; Brackmann, Pascal; Duhme, Christof; Everinghoff, Franziska; Giberlein, Artur; Teodorowicz, Thomas; Wieland, Julian

2017-01-01

This paper illustrates the use of a testbed that we have developed for context-aware local intrusion detection. This testbed is based on the co-simulation framework Mosaik and allows for the validation of local intrusion detection mechanisms at field stations in power distribution networks. For two

Experimental Study of Nuclear Security System Components for Achieving the Intrusion Process via Sensor's Network System

International Nuclear Information System (INIS)

EL-Kafas, A.A.

2011-01-01

Cluster sensors are one of nuclear security system components which are used to detect any intrusion process of the nuclear sites. In this work, an experimental measuring test for sensor performance and procedures are presented. Sensor performance testing performed to determine whether a particular sensor will be acceptable in a proposed design. We have access to a sensors test field in which the sensor of interest is already properly installed and the parameters have been set to optimal levels by preliminary testing. The glass-breakage (G.B) and open door (O.D) sensors construction, operation and design for the investigated nuclear site are explained. Intrusion tests were carried out inside the field areas of the sensors to evaluate the sensor performance during the intrusion process. Experimental trials were performed for achieving the intrusion process via sensor network system. The performance and intrusion senses of cluster sensors inside the internal zones was recorded and evaluated. The obtained results explained that the tested and experimented G.B sensors have a probability of detection P (D) value 65% founded, and 80% P (D) of Open-door sensor

The prevalence of congenital anomalies in Europe

DEFF Research Database (Denmark)

Dolk, Helen; Loane, Maria; Garne, Ester

2010-01-01

EUROCAT (European Surveillance of Congenital Anomalies) is the network of population-based registers of congenital anomaly in Europe, with a common protocol and data quality review, covering 1.5 million annual births in 22 countries. EUROCAT recorded a total prevalence of major congenital anomali...

Trojan detection model based on network behavior analysis

International Nuclear Information System (INIS)

Liu Junrong; Liu Baoxu; Wang Wenjin

2012-01-01

Based on the analysis of existing Trojan detection technology, this paper presents a Trojan detection model based on network behavior analysis. First of all, we abstract description of the Trojan network behavior, then according to certain rules to establish the characteristic behavior library, and then use the support vector machine algorithm to determine whether a Trojan invasion. Finally, through the intrusion detection experiments, shows that this model can effectively detect Trojans. (authors)

CRITICAL INFORMATION INFRASTRUCTURE SECURITY - NETWORK INTRUSION DETECTION SYSTEMS

Directory of Open Access Journals (Sweden)

Cristea DUMITRU

2011-12-01

Full Text Available Critical Information Infrastructure security will always be difficult to ensure, just because of the features that make it irreplaceable tor other critical infrastructures normal operation. It is decentralized, interconnected interdependent, controlled by multiple actors (mainly private and incorporating diverse types of technologies. It is almost axiomatic that the disruption of the Critical Information Infrastructure affects systems located much farther away, and the cyber problems have direct consequences on the real world. Indeed the Internet can be used as a multiplier in order to amplify the effects of an attack on some critical infrastructures. Security challenges increase with the technological progress. One of the last lines of defense which comes to complete the overall security scheme of the Critical Information Infrastructure is represented by the Network Intrusion Detection Systems.

BLACK HOLE ATTACK IN AODV & FRIEND FEATURES UNIQUE EXTRACTION TO DESIGN DETECTION ENGINE FOR INTRUSION DETECTION SYSTEM IN MOBILE ADHOC NETWORK

Directory of Open Access Journals (Sweden)

HUSAIN SHAHNAWAZ

2012-10-01

Full Text Available Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS. Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system.

Assessing Human Activity in Elderly People Using Non-Intrusive Load Monitoring.

Science.gov (United States)

Alcalá, José M; Ureña, Jesús; Hernández, Álvaro; Gualda, David

2017-02-11

The ageing of the population, and their increasing wish of living independently, are motivating the development of welfare and healthcare models. Existing approaches based on the direct heath-monitoring using body sensor networks (BSN) are precise and accurate. Nonetheless, their intrusiveness causes non-acceptance. New approaches seek the indirect monitoring through monitoring activities of daily living (ADLs), which proves to be a suitable solution. ADL monitoring systems use many heterogeneous sensors, are less intrusive, and are less expensive than BSN, however, the deployment and maintenance of wireless sensor networks (WSN) prevent them from a widespread acceptance. In this work, a novel technique to monitor the human activity, based on non-intrusive load monitoring (NILM), is presented. The proposal uses only smart meter data, which leads to minimum intrusiveness and a potential massive deployment at minimal cost. This could be the key to develop sustainable healthcare models for smart homes, capable of complying with the elderly people' demands. This study also uses the Dempster-Shafer theory to provide a daily score of normality with regard to the regular behavior. This approach has been evaluated using real datasets and, additionally, a benchmarking against a Gaussian mixture model approach is presented.

Advancements of Data Anomaly Detection Research in Wireless Sensor Networks: A Survey and Open Issues

Directory of Open Access Journals (Sweden)

Mohd Aizaini Maarof

2013-08-01

Full Text Available Wireless Sensor Networks (WSNs are important and necessary platforms for the future as the concept “Internet of Things” has emerged lately. They are used for monitoring, tracking, or controlling of many applications in industry, health care, habitat, and military. However, the quality of data collected by sensor nodes is affected by anomalies that occur due to various reasons, such as node failures, reading errors, unusual events, and malicious attacks. Therefore, anomaly detection is a necessary process to ensure the quality of sensor data before it is utilized for making decisions. In this review, we present the challenges of anomaly detection in WSNs and state the requirements to design efficient and effective anomaly detection models. We then review the latest advancements of data anomaly detection research in WSNs and classify current detection approaches in five main classes based on the detection methods used to design these approaches. Varieties of the state-of-the-art models for each class are covered and their limitations are highlighted to provide ideas for potential future works. Furthermore, the reviewed approaches are compared and evaluated based on how well they meet the stated requirements. Finally, the general limitations of current approaches are mentioned and further research opportunities are suggested and discussed.

Advancements of Data Anomaly Detection Research in Wireless Sensor Networks: A Survey and Open Issues

Science.gov (United States)

Rassam, Murad A.; Zainal, Anazida; Maarof, Mohd Aizaini

2013-01-01

Wireless Sensor Networks (WSNs) are important and necessary platforms for the future as the concept “Internet of Things” has emerged lately. They are used for monitoring, tracking, or controlling of many applications in industry, health care, habitat, and military. However, the quality of data collected by sensor nodes is affected by anomalies that occur due to various reasons, such as node failures, reading errors, unusual events, and malicious attacks. Therefore, anomaly detection is a necessary process to ensure the quality of sensor data before it is utilized for making decisions. In this review, we present the challenges of anomaly detection in WSNs and state the requirements to design efficient and effective anomaly detection models. We then review the latest advancements of data anomaly detection research in WSNs and classify current detection approaches in five main classes based on the detection methods used to design these approaches. Varieties of the state-of-the-art models for each class are covered and their limitations are highlighted to provide ideas for potential future works. Furthermore, the reviewed approaches are compared and evaluated based on how well they meet the stated requirements. Finally, the general limitations of current approaches are mentioned and further research opportunities are suggested and discussed. PMID:23966182

Sleep Deprivation Attack Detection in Wireless Sensor Network

Science.gov (United States)

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-02-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maximize the power consumption of sensor nodes, so that their lifetime is minimized. Most of the existing works on sleep deprivation attack detection involve a lot of overhead, leading to poor throughput. The need of the day is to design a model for detecting intrusions accurately in an energy efficient manner. This paper proposes a hierarchical framework based on distributed collaborative mechanism for detecting sleep deprivation torture in wireless sensor network efficiently. Proposed model uses anomaly detection technique in two steps to reduce the probability of false intrusion.

The design about the intrusion defense system for IHEP

International Nuclear Information System (INIS)

Liu Baoxu; Xu Rongsheng; Yu Chuansong; Wu Chunzhen

2003-01-01

With the development of network technologies, limitations on traditional methods of network security protection are becoming more and more obvious. An individual network security product or the simple combination of several products can hardly complete the goal of keeping from hackers' intrusion. Therefore, on the basis of the analyses about the security problems of IHEPNET which is an open and scientific research network, the author designs an intrusion defense system especially for IHEPNET

An international perspective on Facebook intrusion.

Science.gov (United States)

Błachnio, Agata; Przepiorka, Aneta; Benvenuti, Martina; Cannata, Davide; Ciobanu, Adela Magdalena; Senol-Durak, Emre; Durak, Mithat; Giannakos, Michail N; Mazzoni, Elvis; Pappas, Ilias O; Popa, Camelia; Seidman, Gwendolyn; Yu, Shu; Wu, Anise M S; Ben-Ezra, Menachem

2016-08-30

Facebook has become one of the most popular social networking websites in the world. The main aim of the study was to present an international comparison of Facebook intrusion and Internet penetration while examining possible gender differences. The study consisted of 2589 participants from eight countries: China, Greece, Israel, Italy, Poland, Romania, Turkey, USA. Facebook intrusion and Internet penetration were taken into consideration. In this study the relationship between Facebook intrusion and Internet penetration was demonstrated. Facebook intrusion was slightly negatively related to Internet penetration in each country. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

A Machine Learning Based Intrusion Impact Analysis Scheme for Clouds

Directory of Open Access Journals (Sweden)

Junaid Arshad

2012-01-01

Full Text Available Clouds represent a major paradigm shift, inspiring the contemporary approach to computing. They present fascinating opportunities to address dynamic user requirements with the provision of on demand expandable computing infrastructures. However, Clouds introduce novel security challenges which need to be addressed to facilitate widespread adoption. This paper is focused on one such challenge - intrusion impact analysis. In particular, we highlight the significance of intrusion impact analysis for the overall security of Clouds. Additionally, we present a machine learning based scheme to address this challenge in accordance with the specific requirements of Clouds for intrusion impact analysis. We also present rigorous evaluation performed to assess the effectiveness and feasibility of the proposed method to address this challenge for Clouds. The evaluation results demonstrate high degree of effectiveness to correctly determine the impact of an intrusion along with significant reduction with respect to the intrusion response time.

Detection of network attacks based on adaptive resonance theory

Science.gov (United States)

Bukhanov, D. G.; Polyakov, V. M.

2018-05-01

The paper considers an approach to intrusion detection systems using a neural network of adaptive resonant theory. It suggests the structure of an intrusion detection system consisting of two types of program modules. The first module manages connections of user applications by preventing the undesirable ones. The second analyzes the incoming network traffic parameters to check potential network attacks. After attack detection, it notifies the required stations using a secure transmission channel. The paper describes the experiment on the detection and recognition of network attacks using the test selection. It also compares the obtained results with similar experiments carried out by other authors. It gives findings and conclusions on the sufficiency of the proposed approach. The obtained information confirms the sufficiency of applying the neural networks of adaptive resonant theory to analyze network traffic within the intrusion detection system.

Numerical modeling and sensitivity analysis of seawater intrusion in a dual-permeability coastal karst aquifer with conduit networks

Directory of Open Access Journals (Sweden)

Z. Xu

2018-01-01

Full Text Available Long-distance seawater intrusion has been widely observed through the subsurface conduit system in coastal karst aquifers as a source of groundwater contaminant. In this study, seawater intrusion in a dual-permeability karst aquifer with conduit networks is studied by the two-dimensional density-dependent flow and transport SEAWAT model. Local and global sensitivity analyses are used to evaluate the impacts of boundary conditions and hydrological characteristics on modeling seawater intrusion in a karst aquifer, including hydraulic conductivity, effective porosity, specific storage, and dispersivity of the conduit network and of the porous medium. The local sensitivity analysis evaluates the parameters' sensitivities for modeling seawater intrusion, specifically in the Woodville Karst Plain (WKP. A more comprehensive interpretation of parameter sensitivities, including the nonlinear relationship between simulations and parameters, and/or parameter interactions, is addressed in the global sensitivity analysis. The conduit parameters and boundary conditions are important to the simulations in the porous medium because of the dynamical exchanges between the two systems. The sensitivity study indicates that salinity and head simulations in the karst features, such as the conduit system and submarine springs, are critical for understanding seawater intrusion in a coastal karst aquifer. The evaluation of hydraulic conductivity sensitivity in the continuum SEAWAT model may be biased since the conduit flow velocity is not accurately calculated by Darcy's equation as a function of head difference and hydraulic conductivity. In addition, dispersivity is no longer an important parameter in an advection-dominated karst aquifer with a conduit system, compared to the sensitivity results in a porous medium aquifer. In the end, the extents of seawater intrusion are quantitatively evaluated and measured under different scenarios with the variabilities of

Hacking the Cell: Network Intrusion and Exploitation by Adenovirus E1A.

Science.gov (United States)

King, Cason R; Zhang, Ali; Tessier, Tanner M; Gameiro, Steven F; Mymryk, Joe S

2018-05-01

As obligate intracellular parasites, viruses are dependent on their infected hosts for survival. Consequently, viruses are under enormous selective pressure to utilize available cellular components and processes to their own advantage. As most, if not all, cellular activities are regulated at some level via protein interactions, host protein interaction networks are particularly vulnerable to viral exploitation. Indeed, viral proteins frequently target highly connected "hub" proteins to "hack" the cellular network, defining the molecular basis for viral control over the host. This widespread and successful strategy of network intrusion and exploitation has evolved convergently among numerous genetically distinct viruses as a result of the endless evolutionary arms race between pathogens and hosts. Here we examine the means by which a particularly well-connected viral hub protein, human adenovirus E1A, compromises and exploits the vulnerabilities of eukaryotic protein interaction networks. Importantly, these interactions identify critical regulatory hubs in the human proteome and help define the molecular basis of their function. Copyright © 2018 King et al.

Dental Anomalies in Permanent Teeth after Trauma in Primary Dentition.

Science.gov (United States)

Bardellini, Elena; Amadori, Francesca; Pasini, Stefania; Majorana, Alessandra

This retrospective study aims to evaluate the prevalence of dental anomalies in permanent teeth as a result of a trauma concerning the predecessor primary teeth. A total of 241 records of children (118 males and 123 females, mean age 3.62 ± 1.40) affected by trauma on primary teeth were analyzed. All patients were recalled to evaluate the status of the permanent successor teeth by clinical and radiographic investigations. Out of 241 patients, 106 patients (for a total of 179 traumatized primary teeth) presented at the recall. Dental anomalies on successor permanent teeth were detected in 21 patients (19.8%), for a total of 26 teeth (14.5%) and 28 anomalies. Anomalies of the eruptive process were the most observed disturbances (60.7%), followed by enamel hypoplasia (25%) and white spots (14.3%). A higher percentage of anomalies on permanent teeth was observed when trauma occurred at an age less than 36 months (38.5% of cases). Intrusive and extrusive luxation were related with the most cases of clinical disturbances in the successor permanent teeth. The results of this study highlight the risk of dental anomalies after a trauma in primary dentition, especially in early-aged children and in case of intrusive luxation.

INVESTIGATION OF NEURAL NETWORK ALGORITHM FOR DETECTION OF NETWORK HOST ANOMALIES IN THE AUTOMATED SEARCH FOR XSS VULNERABILITIES AND SQL INJECTIONS

Directory of Open Access Journals (Sweden)

Y. D. Shabalin

2016-03-01

Full Text Available A problem of aberrant behavior detection for network communicating computer is discussed. A novel approach based on dynamic response of computer is introduced. The computer is suggested as a multiple-input multiple-output (MIMO plant. To characterize dynamic response of the computer on incoming requests a correlation between input data rate and observed output response (outgoing data rate and performance metrics is used. To distinguish normal and aberrant behavior of the computer one-class neural network classifieris used. General idea of the algorithm is shortly described. Configuration of network testbed for experiments with real attacks and their detection is presented (the automated search for XSS and SQL injections. Real found-XSS and SQL injection attack software was used to model the intrusion scenario. It would be expectable that aberrant behavior of the server will reveal itself by some instantaneous correlation response which will be significantly different from any of normal ones. It is evident that correlation picture of attacks from different malware running, the site homepage overriding on the server (so called defacing, hardware and software failures will differ from correlation picture of normal functioning. Intrusion detection algorithm is investigated to estimate false positive and false negative rates in relation to algorithm parameters. The importance of correlation width value and threshold value selection was emphasized. False positive rate was estimated along the time series of experimental data. Some ideas about enhancement of the algorithm quality and robustness were mentioned.

Assessing Human Activity in Elderly People Using Non-Intrusive Load Monitoring

Directory of Open Access Journals (Sweden)

José M. Alcalá

2017-02-01

Full Text Available The ageing of the population, and their increasing wish of living independently, are motivating the development of welfare and healthcare models. Existing approaches based on the direct heath-monitoring using body sensor networks (BSN are precise and accurate. Nonetheless, their intrusiveness causes non-acceptance. New approaches seek the indirect monitoring through monitoring activities of daily living (ADLs, which proves to be a suitable solution. ADL monitoring systems use many heterogeneous sensors, are less intrusive, and are less expensive than BSN, however, the deployment and maintenance of wireless sensor networks (WSN prevent them from a widespread acceptance. In this work, a novel technique to monitor the human activity, based on non-intrusive load monitoring (NILM, is presented. The proposal uses only smart meter data, which leads to minimum intrusiveness and a potential massive deployment at minimal cost. This could be the key to develop sustainable healthcare models for smart homes, capable of complying with the elderly people’ demands. This study also uses the Dempster-Shafer theory to provide a daily score of normality with regard to the regular behavior. This approach has been evaluated using real datasets and, additionally, a benchmarking against a Gaussian mixture model approach is presented.

Hybrid Intrusion Detection System for DDoS Attacks

Directory of Open Access Journals (Sweden)

Özge Cepheli

2016-01-01

Full Text Available Distributed denial-of-service (DDoS attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS, for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

Autocorrel I: A Neural Network Based Network Event Correlation Approach

National Research Council Canada - National Science Library

Japkowicz, Nathalie; Smith, Reuben

2005-01-01

.... We use the autoassociator to build prototype software to cluster network alerts generated by a Snort intrusion detection system, and discuss how the results are significant, and how they can be applied to other types of network events.

Using a time lapse microgravity model for mapping seawater intrusion around Semarang

Energy Technology Data Exchange (ETDEWEB)

Supriyadi,, E-mail: supriyadi@mail.unnes.ac.id; Khumaedi [Physics Department, Semarang State University (UNNES), D7 Building 2nd Floor FMIPA Sekaran Gunungpati (Indonesia); Yusuf, M. [Badan Meteologi Klimatologi Goefisika (BMKG), Jl.Angkasa I No.2 Kemayoran Jakarta Pusat (Indonesia); Agung, W. [Physics Department, Diponegoro University (UNDIP), Jl. Prof. Soedharto, Tembalang, Semarang (Indonesia)

2016-03-11

A modeling of time-lapse microgravity anomaly due to sea water intrusion has been conducted. It used field data of aquifer cross section, aquifer thickness and lithology of research area. Those data were then processed using Grav3D and Surfer. Modeling results indicated that the intrusion of sea water resulting in a time-lapse microgravity anomalies of 0.12 to 0.18 mGal, at soil layer density of 0.15 g/cm{sup 3} to 0.3 g/cm{sup 3} and at depth of 30 to 100 m. These imply that the areas experiencing seawater intrusion were Tanjung Mas, SPBE Bandarharjo, Brass, Old Market Boom and Johar as the microgravity measured there were in the range of 0.12 to 0.18 mGal and the density contrast were at 0.15 g/cm{sup 3} to 0.28 g/cm{sup 3}. Areas that experienced fluid reduction were Puri Anjasmoro, Kenconowungu and Puspowarno with microgravity changes from -0.06 mGal to -0.18 mGal.

When Intrusion Detection Meets Blockchain Technology: A Review

OpenAIRE

Meng, Weizhi; Tischhauser, Elmar Wolfgang; Wang, Qingju; Wang, Yu; Han, Jinguang

2018-01-01

With the purpose of identifying cyber threats and possible incidents, intrusion detection systems (IDSs) are widely deployed in various computer networks. In order to enhance the detection capability of a single IDS, collaborative intrusion detection networks (or collaborative IDSs) have been developed, which allow IDS nodes to exchange data with each other. However, data and trust management still remain two challenges for current detection architectures, which may degrade the effectiveness ...

Long distance seawater intrusion through a karst conduit network in the Woodville Karst Plain, Florida

Science.gov (United States)

Xu, Zexuan; Bassett, Seth Willis; Hu, Bill; Dyer, Scott Barrett

2016-08-01

Five periods of increased electrical conductivity have been found in the karst conduits supplying one of the largest first magnitude springs in Florida with water. Numerous well-developed conduit networks are distributed in the Woodville Karst Plain (WKP), Florida and connected to the Gulf of Mexico. A composite analysis of precipitation and electrical conductivity data provides strong evidence that the increases in conductivity are directly tied to seawater intrusion moving inland and traveling 11 miles against the prevailing regional hydraulic gradient from from Spring Creek Spring Complex (SCSC), a group of submarine springs at the Gulf Coast. A geochemical analysis of samples from the spring vent rules out anthropogenic contamination and upwelling regional recharge from the deep aquifer as sources of the rising conductivity. The interpretation is supported by the conceptual model established by prior researchers working to characterize the study area. This paper documents the first and longest case of seawater intrusion in the WKP, and also indicates significant possibility of seawater contamination through subsurface conduit networks in a coastal karst aquifer.

Anomaly Detection Based on Sensor Data in Petroleum Industry Applications

Directory of Open Access Journals (Sweden)

Luis Martí

2015-01-01

Full Text Available Anomaly detection is the problem of finding patterns in data that do not conform to an a priori expected behavior. This is related to the problem in which some samples are distant, in terms of a given metric, from the rest of the dataset, where these anomalous samples are indicated as outliers. Anomaly detection has recently attracted the attention of the research community, because of its relevance in real-world applications, like intrusion detection, fraud detection, fault detection and system health monitoring, among many others. Anomalies themselves can have a positive or negative nature, depending on their context and interpretation. However, in either case, it is important for decision makers to be able to detect them in order to take appropriate actions. The petroleum industry is one of the application contexts where these problems are present. The correct detection of such types of unusual information empowers the decision maker with the capacity to act on the system in order to correctly avoid, correct or react to the situations associated with them. In that application context, heavy extraction machines for pumping and generation operations, like turbomachines, are intensively monitored by hundreds of sensors each that send measurements with a high frequency for damage prevention. In this paper, we propose a combination of yet another segmentation algorithm (YASA, a novel fast and high quality segmentation algorithm, with a one-class support vector machine approach for efficient anomaly detection in turbomachines. The proposal is meant for dealing with the aforementioned task and to cope with the lack of labeled training data. As a result, we perform a series of empirical studies comparing our approach to other methods applied to benchmark problems and a real-life application related to oil platform turbomachinery anomaly detection.

An evaluation of classification algorithms for intrusion detection ...

African Journals Online (AJOL)

An evaluation of classification algorithms for intrusion detection. ... Log in or Register to get access to full text downloads. ... Most of the available IDSs use all the 41 features in the network to evaluate and search for intrusive pattern in which ...

Ancient igneous intrusions and early expansion of the Moon revealed by GRAIL gravity gradiometry.

Science.gov (United States)

Andrews-Hanna, Jeffrey C; Asmar, Sami W; Head, James W; Kiefer, Walter S; Konopliv, Alexander S; Lemoine, Frank G; Matsuyama, Isamu; Mazarico, Erwan; McGovern, Patrick J; Melosh, H Jay; Neumann, Gregory A; Nimmo, Francis; Phillips, Roger J; Smith, David E; Solomon, Sean C; Taylor, G Jeffrey; Wieczorek, Mark A; Williams, James G; Zuber, Maria T

2013-02-08

The earliest history of the Moon is poorly preserved in the surface geologic record due to the high flux of impactors, but aspects of that history may be preserved in subsurface structures. Application of gravity gradiometry to observations by the Gravity Recovery and Interior Laboratory (GRAIL) mission results in the identification of a population of linear gravity anomalies with lengths of hundreds of kilometers. Inversion of the gravity anomalies indicates elongated positive-density anomalies that are interpreted to be ancient vertical tabular intrusions or dikes formed by magmatism in combination with extension of the lithosphere. Crosscutting relationships support a pre-Nectarian to Nectarian age, preceding the end of the heavy bombardment of the Moon. The distribution, orientation, and dimensions of the intrusions indicate a globally isotropic extensional stress state arising from an increase in the Moon's radius by 0.6 to 4.9 kilometers early in lunar history, consistent with predictions of thermal models.

Illustration, detection and prevention of sleep deprivation anomaly in mobile ad hoc networks

International Nuclear Information System (INIS)

Nadeem, A.; Ahsan, K.; Sarim, M.

2017-01-01

MANETs (Mobile Ad Hoc Networks) have applications in various walks of life from rescue operations to battle field operations, personal and commercial. However, routing operations in MANETs are still vulnerable to anomalies and DoS (Denial of Service) attacks such as sleep deprivation. In SD (Sleep Deprivation) attack malicious node exploits the vulnerability in the route discovery function of the reactive routing protocol for example AODV (Ad Hoc On-Demand Distance Vector). In this paper, we first illustrate the SD anomaly in MANETs and then propose a SD detection and prevention algorithm which efficiently deals with this attack. We assess the performance of our proposed approach through simulation, evaluating its successfulness using different network scenarios. (author)

Research on trust calculation of wireless sensor networks based on time segmentation

Science.gov (United States)

Su, Yaoxin; Gao, Xiufeng; Qiao, Wenxin

2017-05-01

Because the wireless sensor network is different from the traditional network characteristics, it is easy to accept the intrusion from the compromise node. The trust mechanism is the most effective way to defend against internal attacks. Aiming at the shortcomings of the existing trust mechanism, a method of calculating the trust of wireless sensor networks based on time segmentation is proposed. It improves the security of the network and extends the life of the network

Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS to Zero-Day and Stealth Attacks

Directory of Open Access Journals (Sweden)

Waqas Haider

2016-07-01

Full Text Available The Windows Operating System (OS is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS. Unfortunately, a comprehensive data set that reflects the modern Windows OS’s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD; and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA. Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS design will be required.

Using discriminant analysis to detect intrusions in external communication for self-driving vehicles

Directory of Open Access Journals (Sweden)

Khattab M.Ali Alheeti

2017-08-01

Full Text Available Security systems are a necessity for the deployment of smart vehicles in our society. Security in vehicular ad hoc networks is crucial to the reliable exchange of information and control data. In this paper, we propose an intelligent Intrusion Detection System (IDS to protect the external communication of self-driving and semi self-driving vehicles. This technology has the ability to detect Denial of Service (DoS and black hole attacks on vehicular ad hoc networks (VANETs. The advantage of the proposed IDS over existing security systems is that it detects attacks before they causes significant damage. The intrusion prediction technique is based on Linear Discriminant Analysis (LDA and Quadratic Discriminant Analysis (QDA which are used to predict attacks based on observed vehicle behavior. We perform simulations using Network Simulator 2 to demonstrate that the IDS achieves a low rate of false alarms and high accuracy in detection.

Multivariate exploration of non-intrusive load monitoring via spatiotemporal pattern network

Energy Technology Data Exchange (ETDEWEB)

Liu, Chao; Akintayo, Adedotun; Jiang, Zhanhong; Henze, Gregor P.; Sarkar, Soumik

2018-02-01

Non-intrusive load monitoring (NILM) of electrical demand for the purpose of identifying load components has thus far mostly been studied using univariate data, e.g., using only whole building electricity consumption time series to identify a certain type of end-use such as lighting load. However, using additional variables in the form of multivariate time series data may provide more information in terms of extracting distinguishable features in the context of energy disaggregation. In this work, a novel probabilistic graphical modeling approach, namely the spatiotemporal pattern network (STPN) is proposed for energy disaggregation using multivariate time-series data. The STPN framework is shown to be capable of handling diverse types of multivariate time-series to improve the energy disaggregation performance. The technique outperforms the state of the art factorial hidden Markov models (FHMM) and combinatorial optimization (CO) techniques in multiple real-life test cases. Furthermore, based on two homes' aggregate electric consumption data, a similarity metric is defined for the energy disaggregation of one home using a trained model based on the other home (i.e., out-of-sample case). The proposed similarity metric allows us to enhance scalability via learning supervised models for a few homes and deploying such models to many other similar but unmodeled homes with significantly high disaggregation accuracy.

Intrusion detection system using Online Sequence Extreme Learning Machine (OS-ELM) in advanced metering infrastructure of smart grid.

Science.gov (United States)

Li, Yuancheng; Qiu, Rixuan; Jing, Sitong

2018-01-01

Advanced Metering Infrastructure (AMI) realizes a two-way communication of electricity data through by interconnecting with a computer network as the core component of the smart grid. Meanwhile, it brings many new security threats and the traditional intrusion detection method can't satisfy the security requirements of AMI. In this paper, an intrusion detection system based on Online Sequence Extreme Learning Machine (OS-ELM) is established, which is used to detecting the attack in AMI and carrying out the comparative analysis with other algorithms. Simulation results show that, compared with other intrusion detection methods, intrusion detection method based on OS-ELM is more superior in detection speed and accuracy.

Cultural and Personality Predictors of Facebook Intrusion: A Cross-Cultural Study

Directory of Open Access Journals (Sweden)

Agata Błachnio

2016-12-01

Full Text Available The increase in the number of users of social networking sites has inspired intense efforts to determine intercultural differences between them. The main aim of the study was to investigate the cultural and personal predictors of Facebook intrusion. A total of 2,628 Facebook users from eight countries took part in the study. The Facebook Intrusion Questionnaire, the Ten-Item Personality Measure, and the Singelis Scale were used. We found that two variables related to Country were significantly related to Facebook intrusion: uniqueness (negatively and low context (positively; of the personality variables, conscientiousness and emotional stability were negatively related to the dependent variable of Facebook intrusion across different countries, which may indicate the universal pattern of Facebook intrusion. The results of the study will contribute to the international debate on the phenomenon of social networking sites (SNS.

Intrusion recognition for optic fiber vibration sensor based on the selective attention mechanism

Science.gov (United States)

Xu, Haiyan; Xie, Yingjuan; Li, Min; Zhang, Zhuo; Zhang, Xuewu

2017-11-01

Distributed fiber-optic vibration sensors receive extensive investigation and play a significant role in the sensor panorama. A fiber optic perimeter detection system based on all-fiber interferometric sensor is proposed, through the back-end analysis, processing and intelligent identification, which can distinguish effects of different intrusion activities. In this paper, an intrusion recognition based on the auditory selective attention mechanism is proposed. Firstly, considering the time-frequency of vibration, the spectrogram is calculated. Secondly, imitating the selective attention mechanism, the color, direction and brightness map of the spectrogram is computed. Based on these maps, the feature matrix is formed after normalization. The system could recognize the intrusion activities occurred along the perimeter sensors. Experiment results show that the proposed method for the perimeter is able to differentiate intrusion signals from ambient noises. What's more, the recognition rate of the system is improved while deduced the false alarm rate, the approach is proved by large practical experiment and project.

Evaluating challenge-based trust mechanism in medical smartphone networks: an empirical study

DEFF Research Database (Denmark)

Meng, Weizhi; Fei, Fei; Li, Wenjuan

2017-01-01

Intrusion detection systems (IDSs) are one of the widely adopted security tools in protecting computer networks, whereas it is still a big challenge for a single IDS to identify various threats in practice. Collaborative intrusion detection networks (CIDNs) are then developed in order to enhance...

Resistor-network anomalies in the heat transport of random harmonic chains.

Science.gov (United States)

Weinberg, Isaac; de Leeuw, Yaron; Kottos, Tsampikos; Cohen, Doron

2016-06-01

We consider thermal transport in low-dimensional disordered harmonic networks of coupled masses. Utilizing known results regarding Anderson localization, we derive the actual dependence of the thermal conductance G on the length L of the sample. This is required by nanotechnology implementations because for such networks Fourier's law G∝1/L^{α} with α=1 is violated. In particular we consider "glassy" disorder in the coupling constants and find an anomaly which is related by duality to the Lifshitz-tail regime in the standard Anderson model.

An Unsupervised Deep Hyperspectral Anomaly Detector

Directory of Open Access Journals (Sweden)

Ning Ma

2018-02-01

Full Text Available Hyperspectral image (HSI based detection has attracted considerable attention recently in agriculture, environmental protection and military applications as different wavelengths of light can be advantageously used to discriminate different types of objects. Unfortunately, estimating the background distribution and the detection of interesting local objects is not straightforward, and anomaly detectors may give false alarms. In this paper, a Deep Belief Network (DBN based anomaly detector is proposed. The high-level features and reconstruction errors are learned through the network in a manner which is not affected by previous background distribution assumption. To reduce contamination by local anomalies, adaptive weights are constructed from reconstruction errors and statistical information. By using the code image which is generated during the inference of DBN and modified by adaptively updated weights, a local Euclidean distance between under test pixels and their neighboring pixels is used to determine the anomaly targets. Experimental results on synthetic and recorded HSI datasets show the performance of proposed method outperforms the classic global Reed-Xiaoli detector (RXD, local RX detector (LRXD and the-state-of-the-art Collaborative Representation detector (CRD.

Research on IPv6 intrusion detection system Snort-based

Science.gov (United States)

Shen, Zihao; Wang, Hui

2010-07-01

This paper introduces the common intrusion detection technologies, discusses the work flow of Snort intrusion detection system, and analyzes IPv6 data packet encapsulation and protocol decoding technology. We propose the expanding Snort architecture to support IPv6 intrusion detection in accordance with CIDF standard combined with protocol analysis technology and pattern matching technology, and present its composition. The research indicates that the expanding Snort system can effectively detect various intrusion attacks; it is high in detection efficiency and detection accuracy and reduces false alarm and omission report, which effectively solves the problem of IPv6 intrusion detection.

Intrusion detection system using Online Sequence Extreme Learning Machine (OS-ELM in advanced metering infrastructure of smart grid.

Directory of Open Access Journals (Sweden)

Yuancheng Li

Full Text Available Advanced Metering Infrastructure (AMI realizes a two-way communication of electricity data through by interconnecting with a computer network as the core component of the smart grid. Meanwhile, it brings many new security threats and the traditional intrusion detection method can't satisfy the security requirements of AMI. In this paper, an intrusion detection system based on Online Sequence Extreme Learning Machine (OS-ELM is established, which is used to detecting the attack in AMI and carrying out the comparative analysis with other algorithms. Simulation results show that, compared with other intrusion detection methods, intrusion detection method based on OS-ELM is more superior in detection speed and accuracy.

Long distance seawater intrusion through a karst conduit network in the Woodville Karst Plain, Florida

OpenAIRE

Zexuan Xu; Seth Willis Bassett; Bill Hu; Scott Barrett Dyer

2016-01-01

Five periods of increased electrical conductivity have been found in the karst conduits supplying one of the largest first magnitude springs in Florida with water. Numerous well-developed conduit networks are distributed in the Woodville Karst Plain (WKP), Florida and connected to the Gulf of Mexico. A composite analysis of precipitation and electrical conductivity data provides strong evidence that the increases in conductivity are directly tied to seawater intrusion moving inland and travel...

A Cross-Layer, Anomaly-Based IDS for WSN and MANET.

Science.gov (United States)

Amouri, Amar; Morgera, Salvatore D; Bencherif, Mohamed A; Manthena, Raju

2018-02-22

Intrusion detection system (IDS) design for mobile adhoc networks (MANET) is a crucial component for maintaining the integrity of the network. The need for rapid deployment of IDS capability with minimal data availability for training and testing is an important requirement of such systems, especially for MANETs deployed in highly dynamic scenarios, such as battlefields. This work proposes a two-level detection scheme for detecting malicious nodes in MANETs. The first level deploys dedicated sniffers working in promiscuous mode. Each sniffer utilizes a decision-tree-based classifier that generates quantities which we refer to as correctly classified instances (CCIs) every reporting time. In the second level, the CCIs are sent to an algorithmically run supernode that calculates quantities, which we refer to as the accumulated measure of fluctuation (AMoF) of the received CCIs for each node under test (NUT). A key concept that is used in this work is that the variability of the smaller size population which represents the number of malicious nodes in the network is greater than the variance of the larger size population which represents the number of normal nodes in the network. A linear regression process is then performed in parallel with the calculation of the AMoF for fitting purposes and to set a proper threshold based on the slope of the fitted lines. As a result, the malicious nodes are efficiently and effectively separated from the normal nodes. The proposed scheme is tested for various node velocities and power levels and shows promising detection performance even at low-power levels. The results presented also apply to wireless sensor networks (WSN) and represent a novel IDS scheme for such networks.

Saharan dust intrusions in Spain: Health impacts and associated synoptic conditions.

Science.gov (United States)

Díaz, Julio; Linares, Cristina; Carmona, Rocío; Russo, Ana; Ortiz, Cristina; Salvador, Pedro; Trigo, Ricardo Machado

2017-07-01

A lot of papers have been published about the impact on mortality of Sahara dust intrusions in individual cities. However, there is a lack of studies that analyse the impact on a country and scarcer if in addition the analysis takes into account the meteorological conditions that favour these intrusions. The main aim is to examine the effect of Saharan dust intrusions on daily mortality in different Spanish regions and to characterize the large-scale atmospheric circulation anomalies associated with such dust intrusions. For determination of days with Saharan dust intrusions, we used information supplied by the Ministry of Agriculture, Food & Environment, it divides Spain into 9 main areas. In each of these regions, a representative province was selected. A time series analysis has been performed to analyse the relationship between daily mortality and PM 10 levels in the period from 01.01.04 to 31.12.09, using Poisson regression and stratifying the analysis by the presence or absence of Saharan dust advections. The proportion of days on which there are Saharan dust intrusions rises to 30% of days. The synoptic pattern is characterised by an anticyclonic ridge extending from northern Africa to the Iberian Peninsula. Particulate matter (PM) on days with intrusions are associated with daily mortality, something that does not occur on days without intrusions, indicating that Saharan dust may be a risk factor for daily mortality. In other cases, what Saharan dust intrusions do is to change the PM-related mortality behaviour pattern, going from PM 2.5 . A study such as the one conducted here, in which meteorological analysis of synoptic situations which favour Saharan dust intrusions, is combined with the effect on health at a city level, would seem to be crucial when it comes to analysing the differentiated mortality pattern in situations of Saharan dust intrusions. Copyright © 2017 Elsevier Inc. All rights reserved.

A survey of intrusion detection techniques in Cloud

OpenAIRE

Modi, C.; Patel, D.; Patel, H.; Borisaniya, B.; Patel, A.; Rajarajan, M.

2013-01-01

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and...

A Novel Algorithm for Intrusion Detection Based on RASL Model Checking

Directory of Open Access Journals (Sweden)

Weijun Zhu

2013-01-01

Full Text Available The interval temporal logic (ITL model checking (MC technique enhances the power of intrusion detection systems (IDSs to detect concurrent attacks due to the strong expressive power of ITL. However, an ITL formula suffers from difficulty in the description of the time constraints between different actions in the same attack. To address this problem, we formalize a novel real-time interval temporal logic—real-time attack signature logic (RASL. Based on such a new logic, we put forward a RASL model checking algorithm. Furthermore, we use RASL formulas to describe attack signatures and employ discrete timed automata to create an audit log. As a result, RASL model checking algorithm can be used to automatically verify whether the automata satisfy the formulas, that is, whether the audit log coincides with the attack signatures. The simulation experiments show that the new approach effectively enhances the detection power of the MC-based intrusion detection methods for a number of telnet attacks, p-trace attacks, and the other sixteen types of attacks. And these experiments indicate that the new algorithm can find several types of real-time attacks, whereas the existing MC-based intrusion detection approaches cannot do that.

Kullback-Leibler distance-based enhanced detection of incipient anomalies

KAUST Repository

Harrou, Fouzi

2016-09-09

Accurate and effective anomaly detection and diagnosis of modern engineering systems by monitoring processes ensure reliability and safety of a product while maintaining desired quality. In this paper, an innovative method based on Kullback-Leibler divergence for detecting incipient anomalies in highly correlated multivariate data is presented. We use a partial least square (PLS) method as a modeling framework and a symmetrized Kullback-Leibler distance (KLD) as an anomaly indicator, where it is used to quantify the dissimilarity between current PLS-based residual and reference probability distributions obtained using fault-free data. Furthermore, this paper reports the development of two monitoring charts based on the KLD. The first approach is a KLD-Shewhart chart, where the Shewhart monitoring chart with a three sigma rule is used to monitor the KLD of the response variables residuals from the PLS model. The second approach integrates the KLD statistic into the exponentially weighted moving average monitoring chart. The performance of the PLS-based KLD anomaly-detection methods is illustrated and compared to that of conventional PLS-based anomaly detection methods. Using synthetic data and simulated distillation column data, we demonstrate the greater sensitivity and effectiveness of the developed method over the conventional PLS-based methods, especially when data are highly correlated and small anomalies are of interest. Results indicate that the proposed chart is a very promising KLD-based method because KLD-based charts are, in practice, designed to detect small shifts in process parameters. © 2016 Elsevier Ltd

Multiscale Pore Throat Network Reconstruction of Tight Porous Media Constrained by Mercury Intrusion Capillary Pressure and Nuclear Magnetic Resonance Measurements

Science.gov (United States)

Xu, R.; Prodanovic, M.

2017-12-01

Due to the low porosity and permeability of tight porous media, hydrocarbon productivity strongly depends on the pore structure. Effective characterization of pore/throat sizes and reconstruction of their connectivity in tight porous media remains challenging. Having a representative pore throat network, however, is valuable for calculation of other petrophysical properties such as permeability, which is time-consuming and costly to obtain by experimental measurements. Due to a wide range of length scales encountered, a combination of experimental methods is usually required to obtain a comprehensive picture of the pore-body and pore-throat size distributions. In this work, we combine mercury intrusion capillary pressure (MICP) and nuclear magnetic resonance (NMR) measurements by percolation theory to derive pore-body size distribution, following the work by Daigle et al. (2015). However, in their work, the actual pore-throat sizes and the distribution of coordination numbers are not well-defined. To compensate for that, we build a 3D unstructured two-scale pore throat network model initialized by the measured porosity and the calculated pore-body size distributions, with a tunable pore-throat size and coordination number distribution, which we further determine by matching the capillary pressure vs. saturation curve from MICP measurement, based on the fact that the mercury intrusion process is controlled by both the pore/throat size distributions and the connectivity of the pore system. We validate our model by characterizing several core samples from tight Middle East carbonate, and use the network model to predict the apparent permeability of the samples under single phase fluid flow condition. Results show that the permeability we get is in reasonable agreement with the Coreval experimental measurements. The pore throat network we get can be used to further calculate relative permeability curves and simulate multiphase flow behavior, which will provide valuable

Unique Challenges in WiFi Intrusion Detection

OpenAIRE

Milliken, Jonny

2014-01-01

The Intrusion Detection System (IDS) is a common means of protecting networked systems from attack or malicious misuse. The deployment of an IDS can take many different forms dependent on protocols, usage and cost. This is particularly true of Wireless Intrusion Detection Systems (WIDS) which have many detection challenges associated with data transmission through an open, shared medium, facilitated by fundamental changes at the Physical and MAC layers. WIDS need to be considered in more deta...

EUROCAT website data on prenatal detection rates of congenital anomalies

DEFF Research Database (Denmark)

Garne, Ester; Dolk, Helen; Loane, Maria

2010-01-01

The EUROCAT website www.eurocat-network.eu publishes prenatal detection rates for major congenital anomalies using data from European population-based congenital anomaly registers, covering 28% of the EU population as well as non-EU countries. Data are updated annually. This information can be us...

EUROCAT website data on prenatal detection rates of congenital anomalies

NARCIS (Netherlands)

Garne, Ester; Dolk, Helen; Loane, Maria; Boyd, Patricia A.

2010-01-01

The EUROCAT website www.eurocat-network.eu publishes prenatal detection rates for major congenital anomalies using data from European population-based congenital anomaly registers, covering 28% of the EU population as well as non-EU countries. Data are updated annually. This information can be

Detecting Malicious Nodes in Medical Smartphone Networks Through Euclidean Distance-Based Behavioral Profiling

DEFF Research Database (Denmark)

Meng, Weizhi; Li, Wenjuan; Wang, Yu

2017-01-01

and healthcare personnel. The underlying network architecture to support such devices is also referred to as medical smartphone networks (MSNs). Similar to other networks, MSNs also suffer from various attacks like insider attacks (e.g., leakage of sensitive patient information by a malicious insider......). In this work, we focus on MSNs and design a trust-based intrusion detection approach through Euclidean distance-based behavioral profiling to detect malicious devices (or called nodes). In the evaluation, we collaborate with healthcare organizations and implement our approach in a real simulated MSN...

Time to face it! Facebook intrusion and the implications for romantic jealousy and relationship satisfaction.

Science.gov (United States)

Elphinston, Rachel A; Noller, Patricia

2011-11-01

Young people's exposure to social network sites such as Facebook is increasing, along with the potential for such use to complicate romantic relationships. Yet, little is known about the overlaps between the online and offline worlds. We extended previous research by investigating the links between Facebook intrusion, jealousy in romantic relationships, and relationship outcomes in a sample of undergraduates currently in a romantic relationship. A Facebook Intrusion Questionnaire was developed based on key features of technological (behavioral) addictions. An eight-item Facebook Intrusion Questionnaire with a single-factor structure was supported; internal consistency was high. Facebook intrusion was linked to relationship dissatisfaction, via jealous cognitions and surveillance behaviors. The results highlight the possibility of high levels of Facebook intrusion spilling over into romantic relationships, resulting in problems such as jealousy and dissatisfaction. The results have implications for romantic relationships and for Facebook users in general.

Magnetic anomalies across Bastar craton and Pranhita–Godavari ...

Indian Academy of Sciences (India)

Such intrusions can be explained considering the collision of the Bastar and Dharwar cratons by the ... that there was no imprint of magnetization of a later date, it is concluded that the Indian plate was located in the .... swarms, that occur in this craton. Thus the .... b, c and d, needed to explain the anomalies along with the ...

NIST Special Publication on Intrusion Detection Systems

National Research Council Canada - National Science Library

Bace, Rebecca Gurley

2001-01-01

Intrusion detection systems (IDSs) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems...

Magnetic investigation and 2½ D gravity profile modelling across the Beattie magnetic anomaly in the southeastern Karoo Basin, South Africa

Science.gov (United States)

Baiyegunhi, Christopher; Gwavava, Oswald

2017-03-01

The southeastern Karoo Basin is considered to be one of the most prospective areas for shale gas exploration in South Africa. An interesting magnetic anomaly, the Beattie magnetic anomaly (BMA), and geologic intrusions are seen on the magnetic map. To date, the source of the BMA and interconnectivity of the igneous intrusions are not well understood. In this study, we investigate the interconnectivity of the igneous intrusions and possible location of the source of the BMA using gravity and magnetic methods. The gravity model results showed that igneous intrusions are interconnected at depth, which probably pose threat by increasing the risk of fracking the Karoo for shale gas exploration. The magnetic results revealed that the BMA becomes stronger with depth. The average depths to the top of the shallow and deep magnetic sources were estimated to be approximately 0.6 and 15 km, respectively.

Non-Intrusive Intelligibility Prediction Using a Codebook-Based Approach

DEFF Research Database (Denmark)

Sørensen, Charlotte; Kavalekalam, Mathew Shaji; Xenaki, Angeliki

2017-01-01

It could be beneficial for users of hearing aids if these were able to automatically adjust the processing according to the speech intelligibility in the specific acoustic environment. Most speech intelligibility metrics are intrusive, i.e., they require a clean reference signal, which is rarely...... a high correlation between the proposed non-intrusive codebookbased STOI (NIC-STOI) and the intrusive STOI indicating that NIC-STOI is a suitable metric for automatic classification of speech signals...

Condition Parameter Modeling for Anomaly Detection in Wind Turbines

Directory of Open Access Journals (Sweden)

Yonglong Yan

2014-05-01

Full Text Available Data collected from the supervisory control and data acquisition (SCADA system, used widely in wind farms to obtain operational and condition information about wind turbines (WTs, is of important significance for anomaly detection in wind turbines. The paper presents a novel model for wind turbine anomaly detection mainly based on SCADA data and a back-propagation neural network (BPNN for automatic selection of the condition parameters. The SCADA data sets are determined through analysis of the cumulative probability distribution of wind speed and the relationship between output power and wind speed. The automatic BPNN-based parameter selection is for reduction of redundant parameters for anomaly detection in wind turbines. Through investigation of cases of WT faults, the validity of the automatic parameter selection-based model for WT anomaly detection is verified.

Enhancing Trust Management for Wireless Intrusion Detection via Traffic Sampling in the Era of Big Data

DEFF Research Database (Denmark)

Meng, Weizhi; Li, Wenjuan; Su, Chunhua

2017-01-01

many kinds of information among sensors, whereas such network is vulnerable to a wide range of attacks, especially insider attacks, due to its natural environment and inherent unreliable transmission. To safeguard its security, intrusion detection systems (IDSs) are widely adopted in a WSN to defend...... against insider attacks through implementing proper trustbased mechanisms. However, in the era of big data, sensors may generate excessive information and data, which could degrade the effectiveness of trust computation. In this paper, we focus on this challenge and propose a way of combining Bayesian......-based trust management with traffic sampling for wireless intrusion detection under a hierarchical structure. In the evaluation, we investigate the performance of our approach in both a simulated and a real network environment. Experimental results demonstrate that packet-based trust management would become...

Orthodontic intrusion : Conventional and mini-implant assisted intrusion mechanics

Directory of Open Access Journals (Sweden)

Anup Belludi

2012-01-01

intrusion has revolutionized orthodontic anchorage and biomechanics by making anchorage perfectly stable. This article addresses various conventional clinical intrusion mechanics and especially intrusion using mini-implants that have proven effective over the years for intrusion of maxillary anteriors.

Enhanced Deployment Strategy for Role-based Hierarchical Application Agents in Wireless Sensor Networks with Established Clusterheads

Science.gov (United States)

Gendreau, Audrey

Efficient self-organizing virtual clusterheads that supervise data collection based on their wireless connectivity, risk, and overhead costs, are an important element of Wireless Sensor Networks (WSNs). This function is especially critical during deployment when system resources are allocated to a subsequent application. In the presented research, a model used to deploy intrusion detection capability on a Local Area Network (LAN), in the literature, was extended to develop a role-based hierarchical agent deployment algorithm for a WSN. The resulting model took into consideration the monitoring capability, risk, deployment distribution cost, and monitoring cost associated with each node. Changing the original LAN methodology approach to model a cluster-based sensor network depended on the ability to duplicate a specific parameter that represented the monitoring capability. Furthermore, other parameters derived from a LAN can elevate costs and risk of deployment, as well as jeopardize the success of an application on a WSN. A key component of the approach presented in this research was to reduce the costs when established clusterheads in the network were found to be capable of hosting additional detection agents. In addition, another cost savings component of the study addressed the reduction of vulnerabilities associated with deployment of agents to high volume nodes. The effectiveness of the presented method was validated by comparing it against a type of a power-based scheme that used each node's remaining energy as the deployment value. While available energy is directly related to the model used in the presented method, the study deliberately sought out nodes that were identified with having superior monitoring capability, cost less to create and sustain, and are at low-risk of an attack. This work investigated improving the efficiency of an intrusion detection system (IDS) by using the proposed model to deploy monitoring agents after a temperature sensing

A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

OpenAIRE

Dhanalakshmi Krishnan Sadhasivan; Kannapiran Balasubramanian

2017-01-01

Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to...

Multicriteria Similarity-Based Anomaly Detection Using Pareto Depth Analysis.

Science.gov (United States)

Hsiao, Ko-Jen; Xu, Kevin S; Calder, Jeff; Hero, Alfred O

2016-06-01

We consider the problem of identifying patterns in a data set that exhibits anomalous behavior, often referred to as anomaly detection. Similarity-based anomaly detection algorithms detect abnormally large amounts of similarity or dissimilarity, e.g., as measured by the nearest neighbor Euclidean distances between a test sample and the training samples. In many application domains, there may not exist a single dissimilarity measure that captures all possible anomalous patterns. In such cases, multiple dissimilarity measures can be defined, including nonmetric measures, and one can test for anomalies by scalarizing using a nonnegative linear combination of them. If the relative importance of the different dissimilarity measures are not known in advance, as in many anomaly detection applications, the anomaly detection algorithm may need to be executed multiple times with different choices of weights in the linear combination. In this paper, we propose a method for similarity-based anomaly detection using a novel multicriteria dissimilarity measure, the Pareto depth. The proposed Pareto depth analysis (PDA) anomaly detection algorithm uses the concept of Pareto optimality to detect anomalies under multiple criteria without having to run an algorithm multiple times with different choices of weights. The proposed PDA approach is provably better than using linear combinations of the criteria, and shows superior performance on experiments with synthetic and real data sets.

Intrusive Memories of Distressing Information: An fMRI Study.

Directory of Open Access Journals (Sweden)

Eva Battaglini

Full Text Available Although intrusive memories are characteristic of many psychological disorders, the neurobiological underpinning of these involuntary recollections are largely unknown. In this study we used functional magentic resonance imaging (fMRI to identify the neural networks associated with encoding of negative stimuli that are subsequently experienced as intrusive memories. Healthy partipants (N = 42 viewed negative and neutral images during a visual/verbal processing task in an fMRI context. Two days later they were assessed on the Impact of Event Scale for occurrence of intrusive memories of the encoded images. A sub-group of participants who reported significant intrusions (n = 13 demonstrated stronger activation in the amygdala, bilateral ACC and parahippocampal gyrus during verbal encoding relative to a group who reported no intrusions (n = 13. Within-group analyses also revealed that the high intrusion group showed greater activity in the dorsomedial (dmPFC and dorsolateral prefrontal cortex (dlPFC, inferior frontal gyrus and occipital regions during negative verbal processing compared to neutral verbal processing. These results do not accord with models of intrusions that emphasise visual processing of information at encoding but are consistent with models that highlight the role of inhibitory and suppression processes in the formation of subsequent intrusive memories.

Study of the Radial Peripapillary Capillary Network in Congenital Optic Disc Anomalies With Optical Coherence Tomography Angiography.

Science.gov (United States)

Cennamo, Gilda; Rossi, Claudia; Ruggiero, Pasquale; de Crecchio, Giuseppe; Cennamo, Giovanni

2017-04-01

To evaluate the radial peripapillary capillary network with optical coherence tomography angiography (angio-OCT) in morning glory syndrome (MGS), optic disc colobomas, and optic disc pits, and to explore possible correlations between the neural vascular structure and the pathogenesis of congenital optic disc anomalies. Prospective observational comparative case series. Fifteen eyes of 15 patients with congenital optic disc anomalies were enrolled in this study. All patients underwent angio-OCT. The scans were centered on optic discs. The mean age at presentation was 33 years (range: 19-50 years). Congenital optic disc anomalies were identified in all 15 eyes. Three eyes had the characteristic funduscopic signs of MGS, and angio-OCT scans of the peripapillary retina revealed a dense microvascular network. Optic disc colobomas were found in 5 eyes, and the characteristic funduscopic signs of optic pits were found in 7 eyes. Angio-OCT showed the absence of a radial peripapillary microvascular network in these 12 eyes. The finding that angio-OCT scans confirmed the presence of a peripapillary microvascular network only in MGS cases supports the hypothesis that a primary neuroectodermal abnormality and a secondary mesenchymal abnormality leads to MGS. Angio-OCT is a safe, rapid imaging technique that could shed light on the pathogenesis of rare diseases of the optic disc. Copyright © 2016 Elsevier Inc. All rights reserved.

Intrusive Images in Psychological Disorders

Science.gov (United States)

Brewin, Chris R.; Gregory, James D.; Lipton, Michelle; Burgess, Neil

2010-01-01

Involuntary images and visual memories are prominent in many types of psychopathology. Patients with posttraumatic stress disorder, other anxiety disorders, depression, eating disorders, and psychosis frequently report repeated visual intrusions corresponding to a small number of real or imaginary events, usually extremely vivid, detailed, and with highly distressing content. Both memory and imagery appear to rely on common networks involving medial prefrontal regions, posterior regions in the medial and lateral parietal cortices, the lateral temporal cortex, and the medial temporal lobe. Evidence from cognitive psychology and neuroscience implies distinct neural bases to abstract, flexible, contextualized representations (C-reps) and to inflexible, sensory-bound representations (S-reps). We revise our previous dual representation theory of posttraumatic stress disorder to place it within a neural systems model of healthy memory and imagery. The revised model is used to explain how the different types of distressing visual intrusions associated with clinical disorders arise, in terms of the need for correct interaction between the neural systems supporting S-reps and C-reps via visuospatial working memory. Finally, we discuss the treatment implications of the new model and relate it to existing forms of psychological therapy. PMID:20063969

A Survey of Visualization Tools Assessed for Anomaly-Based Intrusion Detection Analysis

Science.gov (United States)

2014-04-01

includes Complex System SCILAB Toolbox, GraphViz, Igraph, NetDraw, Network Workbench, OpenDX, Prefuse, Sci² Tool, and Visualization Toolkit (VTK...Kits’ Capabilities Name Web Sites (all accessed 01/29/2014 Strengths Weaknesses Complex Systems SCILAB Tool http://www.randomfactory.com/openastro...osx/ scilab -info.html Measures graph parameters Academic Free License (AFL); works on UNIX and Windows; programming language is MATLAB; no

An armored-cable-based fiber Bragg grating sensor array for perimeter fence intrusion detection

Science.gov (United States)

Hao, Jianzhong; Dong, Bo; Varghese, Paulose; Phua, Jiliang; Foo, Siang Fook

2012-01-01

In this paper, an armored-cable-based optical fiber Bragg grating (FBG) sensor array, for perimeter fence intrusion detection, is demonstrated and some of the field trial results are reported. The field trial was conducted at a critical local installation in Singapore in December 2010. The sensor array was put through a series of both simulated and live intrusion scenarios to test the stability and suitability of operation in the local environmental conditions and to determine its capabilities in detecting and reporting these intrusions accurately to the control station. Such a sensor array can provide perimeter intrusion detection with fine granularity and preset pin-pointing accuracy. The various types of intrusions included aided or unaided climbs, tampering and cutting of the fence, etc. The unique sensor packaging structure provides high sensitivity, crush resistance and protection against rodents. It is also capable of resolving nuisance events such as rain, birds sitting on the fence or seismic vibrations. These sensors are extremely sensitive with a response time of a few seconds. They can be customized for a desired spatial resolution and pre-determined sensitivity. Furthermore, it is easy to cascade a series of such sensors to monitor and detect intrusion events over a long stretch of fence line. Such sensors can be applied to real-time intrusion detection for perimeter security, pipeline security and communications link security.

WE-H-BRC-06: A Unified Machine-Learning Based Probabilistic Model for Automated Anomaly Detection in the Treatment Plan Data

International Nuclear Information System (INIS)

Chang, X; Liu, S; Kalet, A; Yang, D

2016-01-01

Purpose: The purpose of this work was to investigate the ability of a machine-learning based probabilistic approach to detect radiotherapy treatment plan anomalies given initial disease classes information. Methods In total we obtained 1112 unique treatment plans with five plan parameters and disease information from a Mosaiq treatment management system database for use in the study. The plan parameters include prescription dose, fractions, fields, modality and techniques. The disease information includes disease site, and T, M and N disease stages. A Bayesian network method was employed to model the probabilistic relationships between tumor disease information, plan parameters and an anomaly flag. A Bayesian learning method with Dirichlet prior was useed to learn the joint probabilities between dependent variables in error-free plan data and data with artificially induced anomalies. In the study, we randomly sampled data with anomaly in a specified anomaly space.We tested the approach with three groups of plan anomalies – improper concurrence of values of all five plan parameters and values of any two out of five parameters, and all single plan parameter value anomalies. Totally, 16 types of plan anomalies were covered by the study. For each type, we trained an individual Bayesian network. Results: We found that the true positive rate (recall) and positive predictive value (precision) to detect concurrence anomalies of five plan parameters in new patient cases were 94.45±0.26% and 93.76±0.39% respectively. To detect other 15 types of plan anomalies, the average recall and precision were 93.61±2.57% and 93.78±3.54% respectively. The computation time to detect the plan anomaly of each type in a new plan is ∼0.08 seconds. Conclusion: The proposed method for treatment plan anomaly detection was found effective in the initial tests. The results suggest that this type of models could be applied to develop plan anomaly detection tools to assist manual and

WE-H-BRC-06: A Unified Machine-Learning Based Probabilistic Model for Automated Anomaly Detection in the Treatment Plan Data

Energy Technology Data Exchange (ETDEWEB)

Chang, X; Liu, S [Washington University in St. Louis, St. Louis, MO (United States); Kalet, A [University of Washington Medical Center, Seattle, WA (United States); Yang, D [Washington University in St Louis, St Louis, MO (United States)

2016-06-15

Purpose: The purpose of this work was to investigate the ability of a machine-learning based probabilistic approach to detect radiotherapy treatment plan anomalies given initial disease classes information. Methods In total we obtained 1112 unique treatment plans with five plan parameters and disease information from a Mosaiq treatment management system database for use in the study. The plan parameters include prescription dose, fractions, fields, modality and techniques. The disease information includes disease site, and T, M and N disease stages. A Bayesian network method was employed to model the probabilistic relationships between tumor disease information, plan parameters and an anomaly flag. A Bayesian learning method with Dirichlet prior was useed to learn the joint probabilities between dependent variables in error-free plan data and data with artificially induced anomalies. In the study, we randomly sampled data with anomaly in a specified anomaly space.We tested the approach with three groups of plan anomalies – improper concurrence of values of all five plan parameters and values of any two out of five parameters, and all single plan parameter value anomalies. Totally, 16 types of plan anomalies were covered by the study. For each type, we trained an individual Bayesian network. Results: We found that the true positive rate (recall) and positive predictive value (precision) to detect concurrence anomalies of five plan parameters in new patient cases were 94.45±0.26% and 93.76±0.39% respectively. To detect other 15 types of plan anomalies, the average recall and precision were 93.61±2.57% and 93.78±3.54% respectively. The computation time to detect the plan anomaly of each type in a new plan is ∼0.08 seconds. Conclusion: The proposed method for treatment plan anomaly detection was found effective in the initial tests. The results suggest that this type of models could be applied to develop plan anomaly detection tools to assist manual and

Time-resolved seismic tomography detects magma intrusions at Mount Etna.

Science.gov (United States)

Patanè, D; Barberi, G; Cocina, O; De Gori, P; Chiarabba, C

2006-08-11

The continuous volcanic and seismic activity at Mount Etna makes this volcano an important laboratory for seismological and geophysical studies. We used repeated three-dimensional tomography to detect variations in elastic parameters during different volcanic cycles, before and during the October 2002-January 2003 flank eruption. Well-defined anomalous low P- to S-wave velocity ratio volumes were revealed. Absent during the pre-eruptive period, the anomalies trace the intrusion of volatile-rich (>/=4 weight percent) basaltic magma, most of which rose up only a few months before the onset of eruption. The observed time changes of velocity anomalies suggest that four-dimensional tomography provides a basis for more efficient volcano monitoring and short- and midterm eruption forecasting of explosive activity.

Unsupervised Ensemble Anomaly Detection Using Time-Periodic Packet Sampling

Science.gov (United States)

Uchida, Masato; Nawata, Shuichi; Gu, Yu; Tsuru, Masato; Oie, Yuji

We propose an anomaly detection method for finding patterns in network traffic that do not conform to legitimate (i.e., normal) behavior. The proposed method trains a baseline model describing the normal behavior of network traffic without using manually labeled traffic data. The trained baseline model is used as the basis for comparison with the audit network traffic. This anomaly detection works in an unsupervised manner through the use of time-periodic packet sampling, which is used in a manner that differs from its intended purpose — the lossy nature of packet sampling is used to extract normal packets from the unlabeled original traffic data. Evaluation using actual traffic traces showed that the proposed method has false positive and false negative rates in the detection of anomalies regarding TCP SYN packets comparable to those of a conventional method that uses manually labeled traffic data to train the baseline model. Performance variation due to the probabilistic nature of sampled traffic data is mitigated by using ensemble anomaly detection that collectively exploits multiple baseline models in parallel. Alarm sensitivity is adjusted for the intended use by using maximum- and minimum-based anomaly detection that effectively take advantage of the performance variations among the multiple baseline models. Testing using actual traffic traces showed that the proposed anomaly detection method performs as well as one using manually labeled traffic data and better than one using randomly sampled (unlabeled) traffic data.

How Intrusion Detection Can Improve Software Decoy Applications

National Research Council Canada - National Science Library

Monteiro, Valter

2003-01-01

This research concerns information security and computer-network defense. It addresses how to handle the information of log files and intrusion-detection systems to recognize when a system is under attack...

Efficient Network Monitoring for Attack Detection

OpenAIRE

Limmer, Tobias

2011-01-01

Techniques for network-based intrusion detection have been evolving for years, and the focus of most research is on detection algorithms, although networks are distributed and dynamically managed nowadays. A data processing framework is required that allows to embed multiple detection techniques and to provide data with the needed aggregation levels. Within that framework, this work concentrates on methods that improve the interoperability of intrusion detection techniques and focuses on data...

Field observations of extended seawater intrusion through subsurface karst conduit networks at Wakulla Spring in the Woodville Karst Plain, Florida

Science.gov (United States)

Xu, Z.; Bassett, S.; Hu, B. X.; Dyer, S.

2016-12-01

Five periods of increased electrical conductivity have been found in the karst conduits supplying one of the largest first magnitude springs in Florida with water. Numerous well-developed conduit networks are distributed in the Woodville Karst Plain (WKP), Florida and connected to the Gulf of Mexico. A composite analysis of precipitation and electric conductivity data provides strong evidence that the increases in conductivity are directly tied to seawater intrusion moving inland and traveling 14 miles against the prevailing regional hydraulic gradient from from Spring Creek Spring Complex (SCSC), a group of submarine springs at the Gulf Coast. A geochemical analysis of samples from the spring vent rules out anthropogenic contamination and upwelling regional recharge from the deep aquifer as sources of the rising conductivity. The interpretation is supported by the conceptual model established by prior researchers working to characterize the study area. This abstract documented the first and longest case of seawater intrusion in the WKP, and also indicates significant possibility of seawater contamination through subsurface conduit networks in a coastal karst aquifer.

ANALISA PERBANDINGAN ANOMALI GRAVITASI DENGAN PERSEBARAN INTRUSI AIR ASIN (STUDI KASUS JAKARTA 2006-2007

Directory of Open Access Journals (Sweden)

Litanya Octonovrilna

2009-07-01

Full Text Available Aplikasi pada bidang geofisika, berupa pengukuran gravitasi dilakukan di lapangan dalam jangka waktu tertentu, dengan tujuan untuk mendeteksi perubahan kondisi bawah permukaan bumi. Dalam hal ini dilakukan pengukuran gravitasi di wilayah Jakarta untuk mendeteksi perubahan kondisi hidrologi Jakarta dalam kaitannya dengan fenomena intrusi air asin. Secara geografis daerah penelitian berada pada -6.35158 s.d -6.08655 LS dan 106.689 s.d. 106.955 BT. Pengolahan data gravitasi wilayah Jakarta dilakukan dalam 2 periode, yaitu periode I (September 2006 dan periode II (November–Desember 2007. Anomali gravitasi  tertinggi terdapat pada bagian pusat dan barat Jakarta ini mengindikasikan terjadinya fenomena subsidensi dan kekosongan massa akibat eksploitasi air tanah serta tekanan dari sejumlah gedung tinggi yang berpusat pada daerah tersebut. Anomali gravitasi terendah terdapat di bagian barat laut Jakarta yang bersesuaian konsentrasi nilai kepayauan tertinggi, mengindikasikan adanya intrusi air asin yang diakibatkan oleh adanya fenomena Conate Water yang menyusup  pada aquifer air tanah akibat eksplotasi air tanah berlebih. Hubungan pola aliran sungai dengan nilai kepayauan air, membuktikan adanya pengaruh sungai aquifer air tanah, namun dampaknya tidak terlalu berpengaruh terlebih pada aquifer dalam.   Gravity measurements are conducted in the field within a certain period in order to detect changes in the earth's surface conditions. We conducted gravity measurements in Jakarta to detect changes in hydrologic conditions in connection to salt water intrusion phenomena. The data processing performed in the two periods, the first period is September 2006 and the second one is November-December 2007. The highest gravity anomalies are in central and western parts of Jakarta. This implies the occurrence of mass subsidence and void due to the exploitation of ground water and the pressure from a number of high buildings based on the area. The lowest gravity

DeepAnomaly: Combining Background Subtraction and Deep Learning for Detecting Obstacles and Anomalies in an Agricultural Field

Directory of Open Access Journals (Sweden)

Peter Christiansen

2016-11-01

Full Text Available Convolutional neural network (CNN-based systems are increasingly used in autonomous vehicles for detecting obstacles. CNN-based object detection and per-pixel classification (semantic segmentation algorithms are trained for detecting and classifying a predefined set of object types. These algorithms have difficulties in detecting distant and heavily occluded objects and are, by definition, not capable of detecting unknown object types or unusual scenarios. The visual characteristics of an agriculture field is homogeneous, and obstacles, like people, animals and other obstacles, occur rarely and are of distinct appearance compared to the field. This paper introduces DeepAnomaly, an algorithm combining deep learning and anomaly detection to exploit the homogenous characteristics of a field to perform anomaly detection. We demonstrate DeepAnomaly as a fast state-of-the-art detector for obstacles that are distant, heavily occluded and unknown. DeepAnomaly is compared to state-of-the-art obstacle detectors including “Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks” (RCNN. In a human detector test case, we demonstrate that DeepAnomaly detects humans at longer ranges (45–90 m than RCNN. RCNN has a similar performance at a short range (0–30 m. However, DeepAnomaly has much fewer model parameters and (182 ms/25 ms = a 7.28-times faster processing time per image. Unlike most CNN-based methods, the high accuracy, the low computation time and the low memory footprint make it suitable for a real-time system running on a embedded GPU (Graphics Processing Unit.

Research on Healthy Anomaly Detection Model Based on Deep Learning from Multiple Time-Series Physiological Signals

Directory of Open Access Journals (Sweden)

Kai Wang

2016-01-01

Full Text Available Health is vital to every human being. To further improve its already respectable medical technology, the medical community is transitioning towards a proactive approach which anticipates and mitigates risks before getting ill. This approach requires measuring the physiological signals of human and analyzes these data at regular intervals. In this paper, we present a novel approach to apply deep learning in physiological signals analysis that allows doctor to identify latent risks. However, extracting high level information from physiological time-series data is a hard problem faced by the machine learning communities. Therefore, in this approach, we apply model based on convolutional neural network that can automatically learn features from raw physiological signals in an unsupervised manner and then based on the learned features use multivariate Gauss distribution anomaly detection method to detect anomaly data. Our experiment is shown to have a significant performance in physiological signals anomaly detection. So it is a promising tool for doctor to identify early signs of illness even if the criteria are unknown a priori.

An Adaptive Database Intrusion Detection System

Science.gov (United States)

Barrios, Rita M.

2011-01-01

Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent…

Semantic intrusion detection with multisensor data fusion using ...

Indian Academy of Sciences (India)

spatiotemporal relations to form complex events which model the intrusion patterns. ... Wireless sensor networks; complex event processing; event stream; ...... of the 2006 ACM SIGMOD International Conference on Management of Data, 407– ...

Cultural and Personality Predictors of Facebook Intrusion: A Cross-Cultural Study.

Science.gov (United States)

Błachnio, Agata; Przepiorka, Aneta; Benvenuti, Martina; Cannata, Davide; Ciobanu, Adela M; Senol-Durak, Emre; Durak, Mithat; Giannakos, Michail N; Mazzoni, Elvis; Pappas, Ilias O; Popa, Camelia; Seidman, Gwendolyn; Yu, Shu; Wu, Anise M S; Ben-Ezra, Menachem

2016-01-01

The increase in the number of users of social networking sites (SNS) has inspired intense efforts to determine intercultural differences between them. The main aim of the study was to investigate the cultural and personal predictors of Facebook intrusion. A total of 2628 Facebook users from eight countries took part in the study. The Facebook Intrusion Questionnaire, the Ten-Item Personality Inventory, and the Singelis Scale were used. We found that two variables related to Country were significantly related to Facebook intrusion: uniqueness (negatively) and low context (positively); of the personality variables, conscientiousness, and emotional stability were negatively related to the dependent variable of Facebook intrusion across different countries, which may indicate the universal pattern of Facebook intrusion. The results of the study will contribute to the international debate on the phenomenon of SNS.

Human intrusion

International Nuclear Information System (INIS)

Hora, S.; Neill, R.; Williams, R.; Bauser, M.; Channell, J.

1993-01-01

This paper focused on the possible approaches to evaluating the impacts of human intrusion on nuclear waste disposal. Several major issues were reviewed. First, it was noted that human intrusion could be addressed either quantitatively through performance assessments or qualitatively through design requirements. Second, it was decided that it was impossible to construct a complete set of possible future human intrusion scenarios. Third, the question of when the effect of possible human intrusion should be considered, before or after site selection was reviewed. Finally, the time frame over which human intrusion should be considered was discussed

Geochemistry and tectonomagmatic setting of the Kharaju gabbroic intrusions (South Azarshahr, East Azerbaijan province

Directory of Open Access Journals (Sweden)

Abdolnaser Fazlnia

2016-12-01

Full Text Available Kharaju mafic intrusions (south Azarshahr; East Azarbaijan are gabbro in composition. The rocks with Eocene age intruded the northwest part of Urumieh -Dokhtar magmatic belt with a trend of NW-SE. These rocks contain mostly of minerals such as plagioclase, quartz, pyroxene, titanite, apatite and magnetite. The rocks are moderate to high calc-alkaline. The gabbros were produced as a result of the partial melting of mantle wedge with spinel lherzolite and after emplacement into the crustal magma chamber underwent fractional crystallization. Injection of the Kharaju intrusions is in relation to the last stages of Neotethys subduction activity under Central Iran. Negative anomaly in the high ionic strength elements (HFSE like, Nb, Ta, P, Hf and Zr and mild positive anomalies of Eu and Sr with moderate increases in values of K, Sr, Rb, Ba, Pb and U show oblique subduction beneath Central Iran might be willing to make the appropriate space on the edge of central Iran and as a result, partial melting in the mantle wedge occurred due to reduce the pressure as decompression.

THE PALEOPROTEROZOIC IMANDRA-VARZUGA RIFTING STRUCTURE (KOLA PENINSULA: INTRUSIVE MAGMATISM AND MINERAGENY

Directory of Open Access Journals (Sweden)

V. V. Chashchin

2014-01-01

Full Text Available The article provides data on the structure of the Paleoproterozoic intercontinental Imandra-Varzuga rifting structure (IVS and compositions of intrusive formations typical of the early stage of the IVS development and associated mineral resources. IVS is located in the central part of the Kola region. Its length is about 350 km, and its width varies from 10 km at the flanks to 50 km in the central part. IVS contains an association of the sedimentary-volcanic, intrusive and dyke complexes. It is a part of a large igneous Paleoproterozoic province of the Fennoscandian Shield spreading for a huge area (about 1 million km2, which probably reflects the settings of the head part of the mantle plume. Two age groups of layered intrusions were associated with the initial stage of the IVS development. The layered intrusions of the Fedorovo-Pansky and Monchegorsk complexes (about 2.50 Ga are confined to the northern flank and the western closure of IVS, while intrusions of the Imandra complex (about 2.45 Ga are located at the southern flank of IVS. Intrusions of older complexes are composed of rock series from dunite to gabbro and anorthosites (Monchegorsk complex and from orthopyroxenite to gabbro and anorthosites (Fedorovo-Pansky complex. Some intrusions of this complexes reveal features of multiphase ones. The younger Imandra complex intrusions (about 2.45 Ga are stratified from orthopyroxenite to ferrogabbro. Their important feature is comagmatical connection with volcanites. All the intrusive complexes have the boninite-like mantle origin enriched by lithophyle components. Rocks of these two complexеs with different age have specific geochemical characteristics. In the rocks of the Monchegorsk and Fedorovo-Pansky complexes, the accumulation of REE clearly depends on the basicity of the rocks, the spectrum of REE is non-fractionated and ‘flat’, and the Eu positive anomaly is slightly manifested. In the rocks of the Imandra complex, the level of

Data Mining for Intrusion Detection

Science.gov (United States)

Singhal, Anoop; Jajodia, Sushil

Data Mining Techniques have been successfully applied in many different fields including marketing, manufacturing, fraud detection and network management. Over the past years there is a lot of interest in security technologies such as intrusion detection, cryptography, authentication and firewalls. This chapter discusses the application of Data Mining techniques to computer security. Conclusions are drawn and directions for future research are suggested.

Protecting against cyber threats in networked information systems

Science.gov (United States)

Ertoz, Levent; Lazarevic, Aleksandar; Eilertson, Eric; Tan, Pang-Ning; Dokas, Paul; Kumar, Vipin; Srivastava, Jaideep

2003-07-01

This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.

Towards real-time intrusion detection for NetFlow and IPFIX

NARCIS (Netherlands)

Hofstede, R.J.; Bartos, Vaclav; Sperotto, Anna; Pras, Aiko

2013-01-01

DDoS attacks bring serious economic and technical damage to networks and enterprises. Timely detection and mitigation are therefore of great importance. However, when flow monitoring systems are used for intrusion detection, as it is often the case in campus, enterprise and backbone networks, timely

Nearshore magnetic anomalies of inner shelf of Bhimunipatnam-Pudimadaka, east coast of India

Digital Repository Service at National Institute of Oceanography (India)

Subrahmanyam, A.S.; Rao, K.M.; Murthy, K.S.R.; Rao, T.C.S.

, the causative sources (intrusive bodies) are estimated to occur at depths varying between 80 and 200 m from the sea surface. In the Lawson's Bay the high-amplitude anomaly is attributed to basement uplift due to folding in granitic or gneissic rocks. Even though...

Cultural and Personality Predictors of Facebook Intrusion: A Cross-Cultural Study

Science.gov (United States)

Błachnio, Agata; Przepiorka, Aneta; Benvenuti, Martina; Cannata, Davide; Ciobanu, Adela M.; Senol-Durak, Emre; Durak, Mithat; Giannakos, Michail N.; Mazzoni, Elvis; Pappas, Ilias O.; Popa, Camelia; Seidman, Gwendolyn; Yu, Shu; Wu, Anise M. S.; Ben-Ezra, Menachem

2016-01-01

The increase in the number of users of social networking sites (SNS) has inspired intense efforts to determine intercultural differences between them. The main aim of the study was to investigate the cultural and personal predictors of Facebook intrusion. A total of 2628 Facebook users from eight countries took part in the study. The Facebook Intrusion Questionnaire, the Ten-Item Personality Inventory, and the Singelis Scale were used. We found that two variables related to Country were significantly related to Facebook intrusion: uniqueness (negatively) and low context (positively); of the personality variables, conscientiousness, and emotional stability were negatively related to the dependent variable of Facebook intrusion across different countries, which may indicate the universal pattern of Facebook intrusion. The results of the study will contribute to the international debate on the phenomenon of SNS. PMID:27994566

Ant colony induced decision trees for intrusion detection

CSIR Research Space (South Africa)

Botes, FH

2017-06-01

Full Text Available platform. Intrusion Detection Systems (IDS) analyse network traffic to identify suspicious patterns with the intention to compromise the system. Practitioners train classifiers to classify the data within different categories e.g. malicious or normal...

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Science.gov (United States)

Wen, Shameng; Meng, Qingkun; Feng, Chao; Tang, Chaojing

2017-01-01

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam For

2018-01-01

to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However...

An Immune-inspired Adaptive Automated Intrusion Response System Model

Directory of Open Access Journals (Sweden)

Ling-xi Peng

2012-09-01

Full Text Available An immune-inspired adaptive automated intrusion response system model, named as , is proposed. The descriptions of self, non-self, immunocyte, memory detector, mature detector and immature detector of the network transactions, and the realtime network danger evaluation equations are given. Then, the automated response polices are adaptively performed or adjusted according to the realtime network danger. Thus, not only accurately evaluates the network attacks, but also greatly reduces the response times and response costs.

Source characteristics and tectonic setting of mafic-ultramafic intrusions in North Xinjiang, NW China: Insights from the petrology and geochemistry of the Lubei mafic-ultramafic intrusion

Science.gov (United States)

Chen, Bao-Yun; Yu, Jin-Jie; Liu, Shuai-Jie

2018-05-01

The newly discovered Lubei sulfide-bearing mafic-ultramafic intrusion forms the western extension of the Huangshan-Jin'erquan mafic-ultramafic intrusion belt in East Tianshan, NW China. The Lubei intrusion comprises hornblende peridotite, lherzolite, and harzburgite in its southern portion, gabbro in its middle portion, and hornblende gabbro in its northern portion. Intrusive relationships indicate that three magma pulses were involved in the formation of the intrusion, and that they were likely evolved from a common primitive magma. Estimated compositions of the Lubei primitive magma are similar to those of island arc calc-alkaline basalt except for the low Na2O and CaO contents of the Lubei primitive magma. This paper reports on the mineral compositions, whole-rock major and trace element contents, and Rb-Sr and Sm-Nd isotopic compositions of the Lubei intrusion, and a zircon LA-MC-ICP-MS U-Pb age for hornblende gabbro. The Lubei intrusion is characterized by enrichment in large-ion lithophile elements, depletion in high-field-strength elements, and marked negative Nb and Ta anomalies, with enrichment in chondrite-normalized light rare earth elements. It exhibits low (87Sr/86Sr)i ratios of 0.70333-0.70636 and low (143Nd/144Nd)i ratios of 0.51214-0.51260, with positive εNd values of +4.01 to +6.33. LA-ICP-MS U-Pb zircon ages yielded a weighted-mean age of 287.9 ± 1.6 Ma for the Lubei intrusion. Contemporaneous mafic-ultramafic intrusions in different tectonic domains in North Xinjiang show similar geological and geochemical signatures to the Lubei intrusion, suggesting a source region of metasomatized mantle previously modified by hydrous fluids from the slab subducted beneath the North Xinjiang region in the early Permian. Metasomatism of the mantle was dominated by hydrous fluids and was related to subduction of the Paleo-Asian oceanic lithosphere during the Paleozoic. Sr-Nd-Pb isotopic compositions suggest that the mantle source was a mixture of depleted mid

Intrusive Images in Psychological Disorders

OpenAIRE

Brewin, Chris R.; Gregory, James D.; Lipton, Michelle; Burgess, Neil

2010-01-01

Involuntary images and visual memories are prominent in many types of psychopathology. Patients with posttraumatic stress disorder, other anxiety disorders, depression, eating disorders, and psychosis frequently report repeated visual intrusions corresponding to a small number of real or imaginary events, usually extremely vivid, detailed, and with highly distressing content. Both memory and imagery appear to rely on common networks involving medial prefrontal regions, posterior regions in th...

Developing a Framework for E-Manufacturing Based on Wireless Sensor Network

Directory of Open Access Journals (Sweden)

Xu Xi

2013-06-01

Full Text Available This paper analyzes the current situation of business environment and business intelligence systems integration at first. With emerging applications of internet and wireless communication technologies, e-manufacturing is focused on the use of internet, monitoring and communications technologies to make things happen collaboratively on a global basis. A wireless sensor network based data acquisition system gives enormous benefits such as ease and flexibility of deployment in addition to low maintenance and deployment costs. This paper reviews wireless sensor network and its application for e-manufacturing. To provide a dependable, non-intrusive, secure, real-time automated health monitoring, a distributed reconfigurable sensor network is introduced which consists of real and virtual sensor nodes over a communication wireless sensor network using Mica2 motes.

Aspects of cold intrusions over Greece during autumn

Science.gov (United States)

Mita, Constantina; Marinaki, Aggeliki; Zeini, Konstantina; Konstantara, Metaxia

2010-05-01

This study is focused on the description of atmospheric disturbances that caused intense cold intrusions over Greece during autumn for a period of 25 years (1982-2006). The study was based on data analysis from the meteorological station network of the Hellenic National Meteorological Service (HNMS) and the European Centre for Medium Range Weather Forecasts (ECMWF). Initially, the days with temperature at the isobaric surface of 850 hPa less or equal to the mean temperature for the 10-day period the day under investigation belongs to are isolated, composing a new confined data set which was further used. An event of intense cold intrusion is identified based on a subjective set of criteria, considering the temperature decrease at the level of 850 hPa and its duration. In particular, the criteria that were used to identify a cold intrusion were: temperature variation between two successive days at the isobaric level of 850 hPa being equal or greater than 50 C at least once during the event and duration of the event of at least two successive days with continuous temperature decrease. Additionally, the synoptic analysis of the atmospheric disturbances involved using weather charts from ECMWF, revealed that all cases were related to low pressure systems at the level of 500 hPa, accompanied by cold air masses. Moreover, a methodology proposed to classify the cold intrusions based on general circulation characteristics of the atmosphere, resulted in seven major categories. More than half of the events belong in two categories, originated northwest of the greater Greek area (Greece and parts of neighbouring countries), between 400 and 600 N. Further analysis indicated that the frequency of events increases from September to November and the majority of the events lasted two to three days. Additionally, the non-parametric Mann-Kendall test was used for the investigation of the statistical significance of the trends appearing in the results. The tests revealed that over

Typed Linear Chain Conditional Random Fields and Their Application to Intrusion Detection

Science.gov (United States)

Elfers, Carsten; Horstmann, Mirko; Sohr, Karsten; Herzog, Otthein

Intrusion detection in computer networks faces the problem of a large number of both false alarms and unrecognized attacks. To improve the precision of detection, various machine learning techniques have been proposed. However, one critical issue is that the amount of reference data that contains serious intrusions is very sparse. In this paper we present an inference process with linear chain conditional random fields that aims to solve this problem by using domain knowledge about the alerts of different intrusion sensors represented in an ontology.

Smart Home System Based on GSM Network

Directory of Open Access Journals (Sweden)

Bakhtiar Ali Karim

2018-04-01

Full Text Available Due to increasing robbery and intrusion, establishing home-security system has become a correlated part of the modern houses, buildings, and offices. As the family members are not at home all the time, the traditional home security system, which makes alarm sound only, may not be efficient enough. Alternatively, Global System for Mobile communications (GSM based security system can provide higher level of security and convenience compared to the traditionally used systems. The main objective of the current paper is to design and implement cost-efficient and reliable security, safety and home automation system for protection and occupants’ convenience. If any undesired events, such as intrusion, gas leakage and fire occurs in the house, our system warns the homeowner in real-time using Short Message Service (SMS. With the proposed system home appliances can also be controlled in three ways, namely sending SMS from the authorized numbers to the system through GSM network, smartphone app using Bluetooth module and infrared (IR control using IR module

An ethernet/IP security review with intrusion detection applications

International Nuclear Information System (INIS)

Laughter, S. A.; Williams, R. D.

2006-01-01

Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IP networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)

Improved wavelet packet classification algorithm for vibrational intrusions in distributed fiber-optic monitoring systems

Science.gov (United States)

Wang, Bingjie; Pi, Shaohua; Sun, Qi; Jia, Bo

2015-05-01

An improved classification algorithm that considers multiscale wavelet packet Shannon entropy is proposed. Decomposition coefficients at all levels are obtained to build the initial Shannon entropy feature vector. After subtracting the Shannon entropy map of the background signal, components of the strongest discriminating power in the initial feature vector are picked out to rebuild the Shannon entropy feature vector, which is transferred to radial basis function (RBF) neural network for classification. Four types of man-made vibrational intrusion signals are recorded based on a modified Sagnac interferometer. The performance of the improved classification algorithm has been evaluated by the classification experiments via RBF neural network under different diffusion coefficients. An 85% classification accuracy rate is achieved, which is higher than the other common algorithms. The classification results show that this improved classification algorithm can be used to classify vibrational intrusion signals in an automatic real-time monitoring system.

Fracturing of doleritic intrusions and associated contact zones: Implications for fluid flow in volcanic basins

Science.gov (United States)

Senger, Kim; Buckley, Simon J.; Chevallier, Luc; Fagereng, Åke; Galland, Olivier; Kurz, Tobias H.; Ogata, Kei; Planke, Sverre; Tveranger, Jan

2015-02-01

Igneous intrusions act as both carriers and barriers to subsurface fluid flow and are therefore expected to significantly influence the distribution and migration of groundwater and hydrocarbons in volcanic basins. Given the low matrix permeability of igneous rocks, the effective permeability in- and around intrusions is intimately linked to the characteristics of their associated fracture networks. Natural fracturing is caused by numerous processes including magma cooling, thermal contraction, magma emplacement and mechanical disturbance of the host rock. Fracturing may be locally enhanced along intrusion-host rock interfaces, at dyke-sill junctions, or at the base of curving sills, thereby potentially enhancing permeability associated with these features. In order to improve our understanding of fractures associated with intrusive bodies emplaced in sedimentary host rocks, we have investigated a series of outcrops from the Karoo Basin of the Eastern Cape province of South Africa, where the siliciclastic Burgersdorp Formation has been intruded by various intrusions (thin dykes, mid-sized sheet intrusions and thick sills) belonging to the Karoo dolerite. We present a quantified analysis of fracturing in- and around these igneous intrusions based on five outcrops at three individual study sites, utilizing a combination of field data, high-resolution lidar virtual outcrop models and image processing. Our results show a significant difference between the three sites in terms of fracture orientation. The observed differences can be attributed to contrasting intrusion geometries, outcrop geometry (for lidar data) and tectonic setting. Two main fracture sets were identified in the dolerite at two of the sites, oriented parallel and perpendicular to the contact respectively. Fracture spacing was consistent between the three sites, and exhibits a higher degree of variation in the dolerites compared to the host rock. At one of the study sites, fracture frequency in the

Intrusions of a drowsy mind: neural markers of phenomenological unpredictability.

Science.gov (United States)

Noreika, Valdas; Canales-Johnson, Andrés; Koh, Justin; Taylor, Mae; Massey, Irving; Bekinschtein, Tristan A

2015-01-01

The transition from a relaxed to a drowsy state of mind is often accompanied by hypnagogic experiences: most commonly, perceptual imagery, but also linguistic intrusions, i.e., the sudden emergence of unpredictable anomalies in the stream of inner speech. This study has sought to describe the contents of such intrusions, to verify their association with the progression of sleep onset, and to investigate the electroencephalographic processes associated with linguistic intrusions as opposed to more common hypnagogic perceptual imagery. A single participant attended 10 experimental sessions in the EEG laboratory, where he was allowed to drift into a drowsy state of mind, while maintaining metacognition of his own experiences. Once a linguistic intrusion or a noticeable perceptual image occurred, the participant pressed a button and reported it verbally. An increase in the EEG-defined depth of drowsiness as assessed by the Hori system of sleep onset was observed in the last 20 s before a button press. Likewise, EEG Dimension of Activation values decreased before the button press, indicating that the occurrence of cognitively incongruous experiences coincides with the rapid change of EEG predictability patterns. EEG hemispheric asymmetry analysis showed that linguistic intrusions had a higher alpha and gamma power in the left hemisphere electrodes, whereas perceptual imagery reports were associated with a higher beta power over the right hemisphere. These findings indicate that the modality as well as the incongruence of drowsiness-related hypnagogic experiences is strongly associated with distinct EEG signatures in this participant. Sleep onset may provide a unique possibility to study the neural mechanisms accompanying the fragmentation of the stream of consciousness in healthy individuals.

Intrusions of a drowsy mind: Neural markers of phenomenological unpredictability

Directory of Open Access Journals (Sweden)

Valdas eNoreika

2015-03-01

Full Text Available The transition from a relaxed to a drowsy state of mind is often accompanied by hypnagogic experiences: most commonly, perceptual imagery, but also linguistic intrusions, i.e. the sudden emergence of unpredictable anomalies in the stream of inner speech. This study has sought to describe the contents of such intrusions, to verify their association with the progression of sleep onset, and to investigate the electroencephalographic processes associated with linguistic intrusions as opposed to more common hypnagogic perceptual imagery. A single participant attended 10 experimental sessions in the EEG laboratory, where he was allowed to drift into a drowsy state of mind, while maintaining metacognition of his own experiences. Once a linguistic intrusion or a noticeable perceptual image occurred, the participant pressed a button and reported it verbally. An increase in the EEG-defined depth of drowsiness as assessed by the Hori system of sleep onset was observed in the last 20 sec before a button press. Likewise, EEG Dimension of Activation values decreased before the button press, indicating that the occurrence of cognitively incongruous experiences coincides with the rapid change of EEG predictability patterns. EEG hemispheric asymmetry analysis showed that linguistic intrusions had a higher alpha and gamma power in the left hemisphere electrodes, whereas perceptual imagery reports were associated with a higher beta power over the right hemisphere. These findings indicate that the modality as well as the incongruence of drowsiness-related hypnagogic experiences is strongly associated with distinct EEG signatures in this participant. Sleep onset may provide a unique possibility to study the neural mechanisms accompanying the fragmentation of the stream of consciousness in healthy individuals.

Implementing an Intrusion Detection System in the Mysea Architecture

National Research Council Canada - National Science Library

Tenhunen, Thomas

2008-01-01

.... The objective of this thesis is to design an intrusion detection system (IDS) architecture that permits administrators operating on MYSEA client machines to conveniently view and analyze IDS alerts from the single level networks...

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Directory of Open Access Journals (Sweden)

Shameng Wen

Full Text Available Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Wireless Sensor Network Based Smart Grid Communications: Cyber Attacks, Intrusion Detection System and Topology Control

Directory of Open Access Journals (Sweden)

Lipi Chhaya

2017-01-01

Full Text Available The existing power grid is going through a massive transformation. Smart grid technology is a radical approach for improvisation in prevailing power grid. Integration of electrical and communication infrastructure is inevitable for the deployment of Smart grid network. Smart grid technology is characterized by full duplex communication, automatic metering infrastructure, renewable energy integration, distribution automation and complete monitoring and control of entire power grid. Wireless sensor networks (WSNs are small micro electrical mechanical systems that are deployed to collect and communicate the data from surroundings. WSNs can be used for monitoring and control of smart grid assets. Security of wireless sensor based communication network is a major concern for researchers and developers. The limited processing capabilities of wireless sensor networks make them more vulnerable to cyber-attacks. The countermeasures against cyber-attacks must be less complex with an ability to offer confidentiality, data readiness and integrity. The address oriented design and development approach for usual communication network requires a paradigm shift to design data oriented WSN architecture. WSN security is an inevitable part of smart grid cyber security. This paper is expected to serve as a comprehensive assessment and analysis of communication standards, cyber security issues and solutions for WSN based smart grid infrastructure.

Anomaly Detection in SCADA Systems - A Network Based Approach

NARCIS (Netherlands)

Barbosa, R.R.R.

2014-01-01

Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities, such as water treatment facilities. Historically, these networks were composed by special-purpose embedded devices communicating through proprietary protocols.

Anomaly detection in SCADA systems: a network based approach

NARCIS (Netherlands)

Barbosa, R.R.R.

2014-01-01

Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities, such as water treatment facilities. Historically, these networks were composed by special-purpose embedded devices communicating through proprietary protocols.

Optimization of the Case Based Reasoning Systems

International Nuclear Information System (INIS)

Mohamed, A.H.

2014-01-01

Intrusion Detection System (IDS) have a great importance in saving the authority of the information widely spread all over the world through the networks. Many Case Based Systems concerned on the different methods of the unauthorized users/hackers that face the developers of the IDS. The proposed system introduces a new hybrid system that uses the genetic algorithm to optimize an IDS - case based system. It can detect the new anomalies appeared through the network and use the cases in the case library to determine the suitable solution for their behavior. The suggested system can solve the problem either by using an old identical solution or adapt the optimum one till have the targeted solution. The proposed system has been applied to block unauthorized users / hackers from attach the medical images for radiotherapy of the cancer diseases during their transmission through web. The proposed system can prove its accepted performance in this manner

Seismic constraints on a large mafic intrusion with implications for the subsidence mechanism of the Danish Basin

DEFF Research Database (Denmark)

Sandrin, Alessandro; Thybo, Hans

2008-01-01

Gal) positive gravity anomaly known as Silkeborg Gravity High. The intrusion has a minimum volume of 40,000 km3, which implies that the magma influx and the consequent cooling of the lithosphere from high temperature could have had profound effects on the subsidence of the Danish Basin, in particular because...

Research on Abnormal Detection Based on Improved Combination of K - means and SVDD

Science.gov (United States)

Hao, Xiaohong; Zhang, Xiaofeng

2018-01-01

In order to improve the efficiency of network intrusion detection and reduce the false alarm rate, this paper proposes an anomaly detection algorithm based on improved K-means and SVDD. The algorithm first uses the improved K-means algorithm to cluster the training samples of each class, so that each class is independent and compact in class; Then, according to the training samples, the SVDD algorithm is used to construct the minimum superspheres. The subordinate relationship of the samples is determined by calculating the distance of the minimum superspheres constructed by SVDD. If the test sample is less than the center of the hypersphere, the test sample belongs to this class, otherwise it does not belong to this class, after several comparisons, the final test of the effective detection of the test sample.In this paper, we use KDD CUP99 data set to simulate the proposed anomaly detection algorithm. The results show that the algorithm has high detection rate and low false alarm rate, which is an effective network security protection method.

AANtID: an alternative approach to network intrusion detection ...

African Journals Online (AJOL)

Journal of Computer Science and Its Application ... Security has become not just a feature of an information system, but the core and a necessity especially the systems that communicate and transmit data over the Internet for they are more ... Keywords: Intrusion, Genetic Algorithm, detection, Security, DARPA dataset ...

Anomaly detection for medical images based on a one-class classification

Science.gov (United States)

Wei, Qi; Ren, Yinhao; Hou, Rui; Shi, Bibo; Lo, Joseph Y.; Carin, Lawrence

2018-02-01

Detecting an anomaly such as a malignant tumor or a nodule from medical images including mammogram, CT or PET images is still an ongoing research problem drawing a lot of attention with applications in medical diagnosis. A conventional way to address this is to learn a discriminative model using training datasets of negative and positive samples. The learned model can be used to classify a testing sample into a positive or negative class. However, in medical applications, the high unbalance between negative and positive samples poses a difficulty for learning algorithms, as they will be biased towards the majority group, i.e., the negative one. To address this imbalanced data issue as well as leverage the huge amount of negative samples, i.e., normal medical images, we propose to learn an unsupervised model to characterize the negative class. To make the learned model more flexible and extendable for medical images of different scales, we have designed an autoencoder based on a deep neural network to characterize the negative patches decomposed from large medical images. A testing image is decomposed into patches and then fed into the learned autoencoder to reconstruct these patches themselves. The reconstruction error of one patch is used to classify this patch into a binary class, i.e., a positive or a negative one, leading to a one-class classifier. The positive patches highlight the suspicious areas containing anomalies in a large medical image. The proposed method has been tested on InBreast dataset and achieves an AUC of 0.84. The main contribution of our work can be summarized as follows. 1) The proposed one-class learning requires only data from one class, i.e., the negative data; 2) The patch-based learning makes the proposed method scalable to images of different sizes and helps avoid the large scale problem for medical images; 3) The training of the proposed deep convolutional neural network (DCNN) based auto-encoder is fast and stable.

Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems

Directory of Open Access Journals (Sweden)

Omar Achbarou

2017-03-01

Full Text Available Cloud computing is a new way of integrating a set of old technologies to implement a new paradigm that creates an avenue for users to have access to shared and configurable resources through internet on-demand. This system has many common characteristics with distributed systems, hence, the cloud computing also uses the features of networking. Thus the security is the biggest issue of this system, because the services of cloud computing is based on the sharing. Thus, a cloud computing environment requires some intrusion detection systems (IDSs for protecting each machine against attacks. The aim of this work is to present a classification of attacks threatening the availability, confidentiality and integrity of cloud resources and services. Furthermore, we provide literature review of attacks related to the identified categories. Additionally, this paper also introduces related intrusion detection models to identify and prevent these types of attacks.

An Anomaly Detector Based on Multi-aperture Mapping for Hyperspectral Data

Directory of Open Access Journals (Sweden)

LI Min

2016-10-01

Full Text Available Considering the correlationship of spectral content between anomaly and clutter background, inaccurate selection of background pixels induced estimation error of background model. In order to solve the above problems, a multi-aperture mapping based anomaly detector was proposed in this paper. Firstly, differing from background model which focused on feature extraction of background, multi-aperture mapping of hyperspectral data characterized the feature of whole hyperspectral data. According to constructed basis set of multi-aperture mapping, anomaly salience index of every test pixel was proposed to measure the relative statistic difference. Secondly, in order to analysis the moderate salience anomaly precisely, membership value was constructed to identify anomaly salience of test pixels continuously based on fuzzy logical theory. At same time, weighted iterative estimation of multi-aperture mapping was expected to converge adaptively with membership value as weight. Thirdly, classical defuzzification was proposed to fuse different detection results. Hyperspectral data was used in the experiments, and the robustness and sensitivity to anomaly with lower silence of proposed detector were tested.

Holonomy anomalies

International Nuclear Information System (INIS)

Bagger, J.; Nemeschansky, D.; Yankielowicz, S.

1985-05-01

A new type of anomaly is discussed that afflicts certain non-linear sigma models with fermions. This anomaly is similar to the ordinary gauge and gravitational anomalies since it reflects a topological obstruction to the reparametrization invariance of the quantum effective action. Nonlinear sigma models are constructed based on homogeneous spaces G/H. Anomalies arising when the fermions are chiral are shown to be cancelled sometimes by Chern-Simons terms. Nonlinear sigma models are considered based on general Riemannian manifolds. 9 refs

Evaluasi Sistem Pendeteksi Intrusi Berbasis Anomali dengan N-gram dan Incremental Learning

Directory of Open Access Journals (Sweden)

I Made Agus Adi Wirawan

2017-01-01

Full Text Available Keberadaan teknologi informasi yang terus berkembang dengan pesat menjadikan kebutuhan akan penggunaannya semakin hari semakin meningkat. Transaksi data melalui internet telah menjadi kebutuhan wajib hampir dari semua perangkat lunak yang ada saat ini. Perangkat lunak seperti media social, colud server, online game, aplikasi layanan pemerintah, aplikasi pengontrol suatu tempat secara remote, dsb. Tentu dengan berbagai macam penggunaan internet tersebut dibutuhkan metode untuk mengamankan jaringannya. Sistem pendeteksi intrusi atau yang pada umumnya disebut IDS (Intrusion Detection System merupakan solusi untuk mengamankan suatu jaringan. Sistem ini nantinya bertugas untuk menentukan apakah suatu paket merupakan bentuk serangan atau paket biasa sesuai dengan kondisi tertentu. Saat ini telah banyak dikembangkan aplikasi IDS (Intrusion Detection System, namun sebagian besar yang dikembangkan berbasis signature atau menggunakan rule, dan sebagaian kecil menggunakan anomali. Anomali adalah suatu metode untuk mencari penyimpangan dalam sebuah data. Pada aplikasi ini konsep IDS yang diterapkan adalah IDS berbasis anomali dimana analisis datanya pada infromasi paket data yang dikirimkan. Pada tugas akhir ini menggunakan dua metode, yaitu metode n-gram yang digunakan untuk mengitung distribusi byte karakter pada paket data sedangkan metode mahalanonis distance digunakan untuk menghitung jarak antara paket data normal dan paket data yang berupa intrusi. Metode mahalanobis distance dapat membedakan paket data yang normal dan paket data yang berupa intrusi dengan menghitung rata-rata dan standar deviasi dari paket data.

System for Malicious Node Detection in IPv6-Based Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Kresimir Grgic

2016-01-01

Full Text Available The trend of implementing the IPv6 into wireless sensor networks (WSNs has recently occurred as a consequence of a tendency of their integration with other types of IP-based networks. The paper deals with the security aspects of these IPv6-based WSNs. A brief analysis of security threats and attacks which are present in the IPv6-based WSN is given. The solution to an adaptive distributed system for malicious node detection in the IPv6-based WSN is proposed. The proposed intrusion detection system is based on distributed algorithms and a collective decision-making process. It introduces an innovative concept of probability estimation for malicious behaviour of sensor nodes. The proposed system is implemented and tested through several different scenarios in three different network topologies. Finally, the performed analysis showed that the proposed system is energy efficient and has a good capability to detect malicious nodes.

Magnetic anomaly patterns over crustal blocks of the King Edward VII Peninsula, Marie Byrd Land, West Antarctica

Directory of Open Access Journals (Sweden)

M. Spano

2000-06-01

Full Text Available Within the framework of the GITARA II project an aeromagnetic survey was performed during the GANOVEXVII expedition (1992/1993 over the King Edward VII Peninsula in northwestern Marie Byrd Land (West Antarctica. This region which may represent the eastern flank of the Ross Sea rift system had previously been explored only at reconnaissance level. New total field and upward continued (10 km magnetic anomaly maps are produced and interpreted here to map and discuss the crustal structure of the Edward VII Peninsula. Tworound-shaped, high-amplitude magnetic anomalies are recognised over the Alexandra Mountains block. The anomalies are difficult to interpret since susceptibility data indicate the prevalence of non-magnetic rocks at the surface. A possible interpretation is that the anomalies are due to Cretaceous mafic intrusives distinct from weakly magnetic Byrd Coast Granite of the adjacent Rockefeller Mountains block. Alternatively the anomalies could be related to buried pluton-sized Devonian Ford Granodiorite intruded by dikes. If Cretaceous in age, the former intrusives revealed from the magnetics could also be responsible for contact metamorphism of the adjacent Alexandra Mountains migmatites. Lower amplitude circular anomalies over the Central Plateau and Prestrud Inlet are likely to be caused by unexposed Devonian Ford Granodiorite which crops out in the Ford Ranges. Elongated high-frequency anomalies of the Sulzberger Bay are similar to those recognised over seismically constrained Cenozoic rift-related volcanics of the Ross Sea. A broad magnetic low over the Sulzberger Ice Shelf may be indicative of a fault bounded graben-like basin with sedimentary infill. Overall recognition of magnetic anomaly patterns and trends reveals segmentation of the Edward VII Peninsula and of the adjacent marine areas in distinct crustal blocks. Faults may separate these blocks and they are interpreted to reflect multiple Cretaceous and maybe Cenozoic crustal

A scalable architecture for online anomaly detection of WLCG batch jobs

Science.gov (United States)

Kuehn, E.; Fischer, M.; Giffels, M.; Jung, C.; Petzold, A.

2016-10-01

For data centres it is increasingly important to monitor the network usage, and learn from network usage patterns. Especially configuration issues or misbehaving batch jobs preventing a smooth operation need to be detected as early as possible. At the GridKa data and computing centre we therefore operate a tool BPNetMon for monitoring traffic data and characteristics of WLCG batch jobs and pilots locally on different worker nodes. On the one hand local information itself are not sufficient to detect anomalies for several reasons, e.g. the underlying job distribution on a single worker node might change or there might be a local misconfiguration. On the other hand a centralised anomaly detection approach does not scale regarding network communication as well as computational costs. We therefore propose a scalable architecture based on concepts of a super-peer network.

Intrusion detection in cloud computing based attack patterns and risk assessment

Directory of Open Access Journals (Sweden)

Ben Charhi Youssef

2017-05-01

Full Text Available This paper is an extension of work originally presented in SYSCO CONF.We extend our previous work by presenting the initial results of the implementation of intrusion detection based on risk assessment on cloud computing. The idea focuses on a novel approach for detecting cyber-attacks on the cloud environment by analyzing attacks pattern using risk assessment methodologies. The aim of our solution is to combine evidences obtained from Intrusion Detection Systems (IDS deployed in a cloud with risk assessment related to each attack pattern. Our approach presents a new qualitative solution for analyzing each symptom, indicator and vulnerability analyzing impact and likelihood of distributed and multi-steps attacks directed to cloud environments. The implementation of this approach will reduce the number of false alerts and will improve the performance of the IDS.

A Hybrid Swarm Intelligence Algorithm for Intrusion Detection Using Significant Features

Directory of Open Access Journals (Sweden)

P. Amudha

2015-01-01

Full Text Available Intrusion detection has become a main part of network security due to the huge number of attacks which affects the computers. This is due to the extensive growth of internet connectivity and accessibility to information systems worldwide. To deal with this problem, in this paper a hybrid algorithm is proposed to integrate Modified Artificial Bee Colony (MABC with Enhanced Particle Swarm Optimization (EPSO to predict the intrusion detection problem. The algorithms are combined together to find out better optimization results and the classification accuracies are obtained by 10-fold cross-validation method. The purpose of this paper is to select the most relevant features that can represent the pattern of the network traffic and test its effect on the success of the proposed hybrid classification algorithm. To investigate the performance of the proposed method, intrusion detection KDDCup’99 benchmark dataset from the UCI Machine Learning repository is used. The performance of the proposed method is compared with the other machine learning algorithms and found to be significantly different.

A Simulation-Optimization Model for Seawater Intrusion Management at Pingtung Coastal Area, Taiwan

Directory of Open Access Journals (Sweden)

Po-Syun Huang

2018-02-01

Full Text Available The coastal regions of Pingtung Plain in southern Taiwan rely on groundwater as their main source of fresh water for aquaculture, agriculture, domestic, and industrial sectors. The availability of fresh groundwater is threatened by unsustainable groundwater extraction and the over-pumpage leads to the serious problem of seawater intrusion. It is desired to find appropriate management strategies to control groundwater salinity and mitigate seawater intrusion. In this study, a simulation–optimization model has been presented to solve the problem of seawater intrusion along the coastal aquifers in Pingtung Plain and the objective is using injection well barriers and minimizing the total injection rate based on the pre-determined locations of injection barriers. The SEAWAT code is used to simulate the process of seawater intrusion and the surrogate model of artificial neural networks (ANNs is used to approximate the seawater intrusion (SWI numerical model to increase the computational efficiency during the optimization process. The heuristic optimization scheme of differential evolution (DE algorithm is selected to identify the global optimal management solution. Two different management scenarios, one is the injection barriers located along the coast and the other is the injection barrier located at the inland, are considered and the optimized results show that the deployment of injection barriers at the inland is more effective to reduce total dissolved solids (TDS concentrations and mitigate seawater intrusion than that along the coast. The computational time can be reduced by more than 98% when using ANNs to replace the numerical model and the DE algorithm has been confirmed as a robust optimization scheme to solve groundwater management problems. The proposed framework can identify the most reliable management strategies and provide a reference tool for decision making with regard to seawater intrusion remediation.

The Use of Artificial-Intelligence-Based Ensembles for Intrusion Detection: A Review

Directory of Open Access Journals (Sweden)

Gulshan Kumar

2012-01-01

Full Text Available In supervised learning-based classification, ensembles have been successfully employed to different application domains. In the literature, many researchers have proposed different ensembles by considering different combination methods, training datasets, base classifiers, and many other factors. Artificial-intelligence-(AI- based techniques play prominent role in development of ensemble for intrusion detection (ID and have many benefits over other techniques. However, there is no comprehensive review of ensembles in general and AI-based ensembles for ID to examine and understand their current research status to solve the ID problem. Here, an updated review of ensembles and their taxonomies has been presented in general. The paper also presents the updated review of various AI-based ensembles for ID (in particular during last decade. The related studies of AI-based ensembles are compared by set of evaluation metrics driven from (1 architecture & approach followed; (2 different methods utilized in different phases of ensemble learning; (3 other measures used to evaluate classification performance of the ensembles. The paper also provides the future directions of the research in this area. The paper will help the better understanding of different directions in which research of ensembles has been done in general and specifically: field of intrusion detection systems (IDSs.

Non-intrusive reduced order modeling of nonlinear problems using neural networks

Science.gov (United States)

Hesthaven, J. S.; Ubbiali, S.

2018-06-01

We develop a non-intrusive reduced basis (RB) method for parametrized steady-state partial differential equations (PDEs). The method extracts a reduced basis from a collection of high-fidelity solutions via a proper orthogonal decomposition (POD) and employs artificial neural networks (ANNs), particularly multi-layer perceptrons (MLPs), to accurately approximate the coefficients of the reduced model. The search for the optimal number of neurons and the minimum amount of training samples to avoid overfitting is carried out in the offline phase through an automatic routine, relying upon a joint use of the Latin hypercube sampling (LHS) and the Levenberg-Marquardt (LM) training algorithm. This guarantees a complete offline-online decoupling, leading to an efficient RB method - referred to as POD-NN - suitable also for general nonlinear problems with a non-affine parametric dependence. Numerical studies are presented for the nonlinear Poisson equation and for driven cavity viscous flows, modeled through the steady incompressible Navier-Stokes equations. Both physical and geometrical parametrizations are considered. Several results confirm the accuracy of the POD-NN method and show the substantial speed-up enabled at the online stage as compared to a traditional RB strategy.

A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks.

Science.gov (United States)

Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

2016-06-13

In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens' quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN) and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%.

A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Victor Garcia-Font

2016-06-01

Full Text Available In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens’ quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%.

Hybrid feature selection for supporting lightweight intrusion detection systems

Science.gov (United States)

Song, Jianglong; Zhao, Wentao; Liu, Qiang; Wang, Xin

2017-08-01

Redundant and irrelevant features not only cause high resource consumption but also degrade the performance of Intrusion Detection Systems (IDS), especially when coping with big data. These features slow down the process of training and testing in network traffic classification. Therefore, a hybrid feature selection approach in combination with wrapper and filter selection is designed in this paper to build a lightweight intrusion detection system. Two main phases are involved in this method. The first phase conducts a preliminary search for an optimal subset of features, in which the chi-square feature selection is utilized. The selected set of features from the previous phase is further refined in the second phase in a wrapper manner, in which the Random Forest(RF) is used to guide the selection process and retain an optimized set of features. After that, we build an RF-based detection model and make a fair comparison with other approaches. The experimental results on NSL-KDD datasets show that our approach results are in higher detection accuracy as well as faster training and testing processes.

Design of an Acoustic Target Intrusion Detection System Based on Small-Aperture Microphone Array

Science.gov (United States)

Zu, Xingshui; Guo, Feng; Huang, Jingchang; Zhao, Qin; Liu, Huawei; Li, Baoqing; Yuan, Xiaobing

2017-01-01

Automated surveillance of remote locations in a wireless sensor network is dominated by the detection algorithm because actual intrusions in such locations are a rare event. Therefore, a detection method with low power consumption is crucial for persistent surveillance to ensure longevity of the sensor networks. A simple and effective two-stage algorithm composed of energy detector (ED) and delay detector (DD) with all its operations in time-domain using small-aperture microphone array (SAMA) is proposed. The algorithm analyzes the quite different velocities between wind noise and sound waves to improve the detection capability of ED in the surveillance area. Experiments in four different fields with three types of vehicles show that the algorithm is robust to wind noise and the probability of detection and false alarm are 96.67% and 2.857%, respectively. PMID:28273838

Towards Periodicity Based Anomaly Detection in SCADA Networks

NARCIS (Netherlands)

Barbosa, R.R.R.; Sadre, R.; Pras, Aiko

Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities. The polling mechanism used to retrieve data from field devices causes the data transmission to be highly periodic. In this paper, we propose an approach that exploits

Facebook intrusion, fear of missing out, narcissism, and life satisfaction: A cross-sectional study.

Science.gov (United States)

Błachnio, Agata; Przepiórka, Aneta

2018-01-01

Facebook is one of the most popular social networking sites. The present paper examines the relations between fear of missing out, narcissism, Facebook intrusion, and life satisfaction. We hypothesized that the fear of missing out and narcissism would play a significant role in Facebook intrusion. The participants in the study were 360 Polish users of Facebook. We administered the Facebook Intrusion Scale, the Fear of Missing Out Scale, the Narcissistic Personality Inventory, and the Satisfaction with Life Scale. The results showed that a high level of fear of missing out and high narcissism are predictors of Facebook intrusion, while a low level of fear of missing out and high narcissism are related to satisfaction with life. Our findings provide a more comprehensive picture of the predictors of Facebook intrusion and reveal interesting patterns. Copyright © 2017 Elsevier B.V. All rights reserved.

Space weather and space anomalies

Directory of Open Access Journals (Sweden)

L. I. Dorman

2005-11-01

Full Text Available A large database of anomalies, registered by 220 satellites in different orbits over the period 1971-1994 has been compiled. For the first time, data from 49 Russian Kosmos satellites have been included in a statistical analysis. The database also contains a large set of daily and hourly space weather parameters. A series of statistical analyses made it possible to quantify, for different satellite orbits, space weather conditions on the days characterized by anomaly occurrences. In particular, very intense fluxes (>1000 pfu at energy >10 MeV of solar protons are linked to anomalies registered by satellites in high-altitude (>15000 km, near-polar (inclination >55° orbits typical for navigation satellites, such as those used in the GPS network, NAVSTAR, etc. (the rate of anomalies increases by a factor ~20, and to a much smaller extent to anomalies in geostationary orbits, (they increase by a factor ~4. Direct and indirect connections between anomaly occurrence and geomagnetic perturbations are also discussed.

Metallogenic aspects of Itu intrusive suite

International Nuclear Information System (INIS)

Amaral, G.; Pascholati, E.M.

1990-01-01

The integrated use of geological, geochemical, geophysical and remote sensing data is providing interesting new information on the metallogenic characteristics of the Itu Intrusive Suite. During World War II, up to 1959, a wolframite deposit was mined near the border of the northernmost body (Itupeva Granite). This deposit is formed by greisen veins associated with cassiterite and topaz, clearly linked with later phases of magmatic differentiation. Generally those veins are related to hydrothermal alteration of the granites and the above mentioned shear zone. U, Th and K determinations by field and laboratory gammaspectrometry were used for regional distribution analysis of those elements and its ratios and calculation of radioactivity heat production. In this aspects, the Itupeva Granite is the hottest and presents several anomalies in the Th/U ratio, indicative of late or post magmatic oxidation processes. (author)

Self-potential anomalies preceding tectonic and volcanic crises

International Nuclear Information System (INIS)

Patella, D.

1993-01-01

In this paper I consider a possible physical mechanism capable of explaining self-potential anomalies, which are currently observed on the ground surface prior to tectonic and volcanic activities. A rock cracking-fluid diffusion-charge polarization model is described. The electrical charge polarization is assumed to be the electrokinetic effect due to invasion of fluid into new fissures, which open inside a stressed rock material because of dilatancy, in the case of tectonic activity, and of the rising of a magma intrusion in the case of volcanic activity. (author). 10 refs, 2 figs

Improving Accuracy of Intrusion Detection Model Using PCA and optimized SVM

Directory of Open Access Journals (Sweden)

Sumaiya Thaseen Ikram

2016-06-01

Full Text Available Intrusion detection is very essential for providing security to different network domains and is mostly used for locating and tracing the intruders. There are many problems with traditional intrusion detection models (IDS such as low detection capability against unknown network attack, high false alarm rate and insufficient analysis capability. Hence the major scope of the research in this domain is to develop an intrusion detection model with improved accuracy and reduced training time. This paper proposes a hybrid intrusiondetection model by integrating the principal component analysis (PCA and support vector machine (SVM. The novelty of the paper is the optimization of kernel parameters of the SVM classifier using automatic parameter selection technique. This technique optimizes the punishment factor (C and kernel parameter gamma (γ, thereby improving the accuracy of the classifier and reducing the training and testing time. The experimental results obtained on the NSL KDD and gurekddcup dataset show that the proposed technique performs better with higher accuracy, faster convergence speed and better generalization. Minimum resources are consumed as the classifier input requires reduced feature set for optimum classification. A comparative analysis of hybrid models with the proposed model is also performed.

Coronary artery anomalies. Diagnosis and classification based on cardiac CT and MRI (CMR) - from ALCAPA to anomalies of termination

International Nuclear Information System (INIS)

Heermann, Philipp; Heindel, Walter; Schuelke, Christoph

2017-01-01

Coronary artery anomalies encompass a clinically and anatomically variable spectrum including physiological variants and pathophysiologically relevant anomalies. The majority of the variants has no hemodynamic relevance and is often detected accidentally. The recognition of the rare and relevant anomalies that cause either relevant shunt volumes leading to myocardial ischemia or ventricular tachyarrhythmias with the risk of sudden cardiac death is of major importance. This review is based on a literature search in PubMed conducted using the key words ''coronary artery'' and/or ''anomaly'' and/or ''anomalous origin'' and/or ''myocardial bridging'' and/or ''coronary artery fistula'' and/or ''Bland-White-Garland'' and/or ''ALCAPA''. Coronary artery anomalies can be anatomically subdivided into anomalies of origin, course and termination. The method of choice for anatomical imaging is ECG-triggered or gated multislice CT (MSCT) that provides high spatial resolution and the capability of multiplanar reconstructions. It facilitates the delineation of the precise course of all three coronary arteries and thus allows for correct classification in the anatomical classification system of coronary artery anomalies. The strengths of cardiac magnetic resonance imaging (CMR) are the evaluation of cardiac morphology, myocardial tissue properties and myocardial function. Basic methods are the analysis of myocardial contraction and perfusion with and without pharmacologic stress. Furthermore, potential shunt volumes could be quantified by phase contrast imaging or volumetry.

Acceptance- and imagery-based strategies can reduce chocolate cravings: A test of the elaborated-intrusion theory of desire.

Science.gov (United States)

Schumacher, Sophie; Kemps, Eva; Tiggemann, Marika

2017-06-01

The elaborated-intrusion theory of desire proposes that craving is a two-stage process whereby initial intrusions about a desired target are subsequently elaborated with mental imagery. The present study tested whether the craving reduction strategies of cognitive defusion and guided imagery could differentially target the intrusion and elaboration stages, respectively, and thus differentially impact the craving process. Participants were randomly assigned to a cognitive defusion, a guided imagery or a mind-wandering control condition. Pre- and post-intervention chocolate-related thoughts, intrusiveness of thoughts, vividness of imagery, craving intensity, and chocolate consumption were compared. Experiment 1 recruited a general sample of young women (n = 94), whereas Experiment 2 recruited a sample of chocolate cravers who wanted to reduce their chocolate consumption (n = 97). Across both experiments, cognitive defusion lowered intrusiveness of thoughts, vividness of imagery and craving intensity. Guided imagery reduced chocolate-related thoughts, intrusiveness, vividness and craving intensity for chocolate cravers (Experiment 2), but not for the general sample (Experiment 1). There were no group differences in chocolate consumption in either experiment. Results add to existing evidence supporting the elaborated-intrusion theory of desire in the food domain, and suggest that acceptance- and imagery-based techniques have potential for use in combatting problematic cravings. Copyright © 2017 Elsevier Ltd. All rights reserved.

Sensitive Data Protection Based on Intrusion Tolerance in Cloud Computing

OpenAIRE

Jingyu Wang; xuefeng Zheng; Dengliang Luo

2011-01-01

Service integration and supply on-demand coming from cloud computing can significantly improve the utilization of computing resources and reduce power consumption of per service, and effectively avoid the error of computing resources. However, cloud computing is still facing the problem of intrusion tolerance of the cloud computing platform and sensitive data of new enterprise data center. In order to address the problem of intrusion tolerance of cloud computing platform and sensitive data in...

A simple Bouguer gravity anomaly map of southwestern Saudi Arabia and an initial interpretation

Science.gov (United States)

Gettings, M.E.

1983-01-01

with gravity highs contain a large proportion of gabbroic and dioritic intrusive rocks and that the bulk density of the upper crust associated with some of the batholithic complexes has been lowered by the large-scale intrusion of granitic material at depth, as well as by that exposed at the surface. A comparison of known base and precious metals occurrences with the Bouguer gravity anomaly field shows, in some cases, a correlation between such occurrences and the features of the gravity anomaly map. Several areas were identified between known mineral occurrences along gravity-defined structures that may contain mineral deposits if the lithologic environment is favorable.

Probabilistic monitoring in intrusion detection module for energy efficiency in mobile ad hoc networks

Science.gov (United States)

De Rango, Floriano; Lupia, Andrea

2016-05-01

MANETs allow mobile nodes communicating to each other using the wireless medium. A key aspect of these kind of networks is the security, because their setup is done without an infrastructure, so external nodes could interfere in the communication. Mobile nodes could be compromised, misbehaving during the multi-hop transmission of data, or they could have a selfish behavior to save energy, which is another important constraint in MANETs. The detection of these behaviors need a framework that takes into account the latest interactions among nodes, so malicious or selfish nodes could be detected also if their behavior is changed over time. The monitoring activity increases the energy consumption, so our proposal takes into account this issue reducing the energy required by the monitoring system, keeping the effectiveness of the intrusion detection system. The results show an improvement in the saved energy, improving the detection performance too.

A robust background regression based score estimation algorithm for hyperspectral anomaly detection

Science.gov (United States)

Zhao, Rui; Du, Bo; Zhang, Liangpei; Zhang, Lefei

2016-12-01

Anomaly detection has become a hot topic in the hyperspectral image analysis and processing fields in recent years. The most important issue for hyperspectral anomaly detection is the background estimation and suppression. Unreasonable or non-robust background estimation usually leads to unsatisfactory anomaly detection results. Furthermore, the inherent nonlinearity of hyperspectral images may cover up the intrinsic data structure in the anomaly detection. In order to implement robust background estimation, as well as to explore the intrinsic data structure of the hyperspectral image, we propose a robust background regression based score estimation algorithm (RBRSE) for hyperspectral anomaly detection. The Robust Background Regression (RBR) is actually a label assignment procedure which segments the hyperspectral data into a robust background dataset and a potential anomaly dataset with an intersection boundary. In the RBR, a kernel expansion technique, which explores the nonlinear structure of the hyperspectral data in a reproducing kernel Hilbert space, is utilized to formulate the data as a density feature representation. A minimum squared loss relationship is constructed between the data density feature and the corresponding assigned labels of the hyperspectral data, to formulate the foundation of the regression. Furthermore, a manifold regularization term which explores the manifold smoothness of the hyperspectral data, and a maximization term of the robust background average density, which suppresses the bias caused by the potential anomalies, are jointly appended in the RBR procedure. After this, a paired-dataset based k-nn score estimation method is undertaken on the robust background and potential anomaly datasets, to implement the detection output. The experimental results show that RBRSE achieves superior ROC curves, AUC values, and background-anomaly separation than some of the other state-of-the-art anomaly detection methods, and is easy to implement

Human intrusion: New ideas?

International Nuclear Information System (INIS)

Cooper, J.R.

2002-01-01

Inadvertent human intrusion has been an issue for the disposal of solid radioactive waste for many years. This paper discusses proposals for an approach for evaluating the radiological significance of human intrusion as put forward by ICRP with contribution from work at IAEA. The approach focuses on the consequences of the intrusion. Protective actions could, however, include steps to reduce the probability of human intrusion as well as the consequences. (author)

Algorithms for Anomaly Detection - Lecture 1

CERN Multimedia

CERN. Geneva

2017-01-01

The concept of statistical anomalies, or outliers, has fascinated experimentalists since the earliest attempts to interpret data. We want to know why some data points don’t seem to belong with the others: perhaps we want to eliminate spurious or unrepresentative data from our model. Or, the anomalies themselves may be what we are interested in: an outlier could represent the symptom of a disease, an attack on a computer network, a scientific discovery, or even an unfaithful partner. We start with some general considerations, such as the relationship between clustering and anomaly detection, the choice between supervised and unsupervised methods, and the difference between global and local anomalies. Then we will survey the most representative anomaly detection algorithms, highlighting what kind of data each approach is best suited to, and discussing their limitations. We will finish with a discussion of the difficulties of anomaly detection in high-dimensional data and some new directions for anomaly detec...

Algorithms for Anomaly Detection - Lecture 2

CERN Multimedia

CERN. Geneva

2017-01-01

The concept of statistical anomalies, or outliers, has fascinated experimentalists since the earliest attempts to interpret data. We want to know why some data points don’t seem to belong with the others: perhaps we want to eliminate spurious or unrepresentative data from our model. Or, the anomalies themselves may be what we are interested in: an outlier could represent the symptom of a disease, an attack on a computer network, a scientific discovery, or even an unfaithful partner. We start with some general considerations, such as the relationship between clustering and anomaly detection, the choice between supervised and unsupervised methods, and the difference between global and local anomalies. Then we will survey the most representative anomaly detection algorithms, highlighting what kind of data each approach is best suited to, and discussing their limitations. We will finish with a discussion of the difficulties of anomaly detection in high-dimensional data and some new directions for anomaly detec...

Relational databases for rare disease study: application to vascular anomalies.

Science.gov (United States)

Perkins, Jonathan A; Coltrera, Marc D

2008-01-01

To design a relational database integrating clinical and basic science data needed for multidisciplinary treatment and research in the field of vascular anomalies. Based on data points agreed on by the American Society of Pediatric Otolaryngology (ASPO) Vascular Anomalies Task Force. The database design enables sharing of data subsets in a Health Insurance Portability and Accountability Act (HIPAA)-compliant manner for multisite collaborative trials. Vascular anomalies pose diagnostic and therapeutic challenges. Our understanding of these lesions and treatment improvement is limited by nonstandard terminology, severity assessment, and measures of treatment efficacy. The rarity of these lesions places a premium on coordinated studies among multiple participant sites. The relational database design is conceptually centered on subjects having 1 or more lesions. Each anomaly can be tracked individually along with their treatment outcomes. This design allows for differentiation between treatment responses and untreated lesions' natural course. The relational database design eliminates data entry redundancy and results in extremely flexible search and data export functionality. Vascular anomaly programs in the United States. A relational database correlating clinical findings and photographic, radiologic, histologic, and treatment data for vascular anomalies was created for stand-alone and multiuser networked systems. Proof of concept for independent site data gathering and HIPAA-compliant sharing of data subsets was demonstrated. The collaborative effort by the ASPO Vascular Anomalies Task Force to create the database helped define a common vascular anomaly data set. The resulting relational database software is a powerful tool to further the study of vascular anomalies and the development of evidence-based treatment innovation.

A hierarchical detection method in external communication for self-driving vehicles based on TDMA

Science.gov (United States)

Al-ani, Muzhir Shaban; McDonald-Maier, Klaus

2018-01-01

Security is considered a major challenge for self-driving and semi self-driving vehicles. These vehicles depend heavily on communications to predict and sense their external environment used in their motion. They use a type of ad hoc network termed Vehicular ad hoc networks (VANETs). Unfortunately, VANETs are potentially exposed to many attacks on network and application level. This paper, proposes a new intrusion detection system to protect the communication system of self-driving cars; utilising a combination of hierarchical models based on clusters and log parameters. This security system is designed to detect Sybil and Wormhole attacks in highway usage scenarios. It is based on clusters, utilising Time Division Multiple Access (TDMA) to overcome some of the obstacles of VANETs such as high density, high mobility and bandwidth limitations in exchanging messages. This makes the security system more efficient, accurate and capable of real time detection and quick in identification of malicious behaviour in VANETs. In this scheme, each vehicle log calculates and stores different parameter values after receiving the cooperative awareness messages from nearby vehicles. The vehicles exchange their log data and determine the difference between the parameters, which is utilised to detect Sybil attacks and Wormhole attacks. In order to realize efficient and effective intrusion detection system, we use the well-known network simulator (ns-2) to verify the performance of the security system. Simulation results indicate that the security system can achieve high detection rates and effectively detect anomalies with low rate of false alarms. PMID:29315302

A hierarchical detection method in external communication for self-driving vehicles based on TDMA.

Science.gov (United States)

Alheeti, Khattab M Ali; Al-Ani, Muzhir Shaban; McDonald-Maier, Klaus

2018-01-01

Security is considered a major challenge for self-driving and semi self-driving vehicles. These vehicles depend heavily on communications to predict and sense their external environment used in their motion. They use a type of ad hoc network termed Vehicular ad hoc networks (VANETs). Unfortunately, VANETs are potentially exposed to many attacks on network and application level. This paper, proposes a new intrusion detection system to protect the communication system of self-driving cars; utilising a combination of hierarchical models based on clusters and log parameters. This security system is designed to detect Sybil and Wormhole attacks in highway usage scenarios. It is based on clusters, utilising Time Division Multiple Access (TDMA) to overcome some of the obstacles of VANETs such as high density, high mobility and bandwidth limitations in exchanging messages. This makes the security system more efficient, accurate and capable of real time detection and quick in identification of malicious behaviour in VANETs. In this scheme, each vehicle log calculates and stores different parameter values after receiving the cooperative awareness messages from nearby vehicles. The vehicles exchange their log data and determine the difference between the parameters, which is utilised to detect Sybil attacks and Wormhole attacks. In order to realize efficient and effective intrusion detection system, we use the well-known network simulator (ns-2) to verify the performance of the security system. Simulation results indicate that the security system can achieve high detection rates and effectively detect anomalies with low rate of false alarms.

Intrusion detection sensors

International Nuclear Information System (INIS)

Williams, J.D.

1978-07-01

Intrusion detection sensors are an integral part of most physical security systems. Under the sponsorship of the U.S. Department of Energy, Office of Safeguards and Security, Sandia Laboratories has conducted a survey of available intrusion detection sensors and has tested a number of different sensors. An overview of these sensors is provided. This overview includes (1) the operating principles of each type of sensor, (2) unique sensor characteristics, (3) desired sensor improvements which must be considered in planning an intrusion detection system, and (4) the site characteristics which affect the performance of both exterior and interior sensors. Techniques which have been developed to evaluate various intrusion detection sensors are also discussed

Saltwater intrusion in the surficial aquifer system of the Big Cypress Basin, southwest Florida, and a proposed plan for improved salinity monitoring

Science.gov (United States)

Prinos, Scott T.

2013-01-01

The installation of drainage canals, poorly cased wells, and water-supply withdrawals have led to saltwater intrusion in the primary water-use aquifers in southwest Florida. Increasing population and water use have exacerbated this problem. Installation of water-control structures, well-plugging projects, and regulation of water use have slowed saltwater intrusion, but the chloride concentration of samples from some of the monitoring wells in this area indicates that saltwater intrusion continues to occur. In addition, rising sea level could increase the rate and extent of saltwater intrusion. The existing saltwater intrusion monitoring network was examined and found to lack the necessary organization, spatial distribution, and design to properly evaluate saltwater intrusion. The most recent hydrogeologic framework of southwest Florida indicates that some wells may be open to multiple aquifers or have an incorrect aquifer designation. Some of the sampling methods being used could result in poor-quality data. Some older wells are badly corroded, obstructed, or damaged and may not yield useable samples. Saltwater in some of the canals is in close proximity to coastal well fields. In some instances, saltwater occasionally occurs upstream from coastal salinity control structures. These factors lead to an incomplete understanding of the extent and threat of saltwater intrusion in southwest Florida. A proposed plan to improve the saltwater intrusion monitoring network in the South Florida Water Management District’s Big Cypress Basin describes improvements in (1) network management, (2) quality assurance, (3) documentation, (4) training, and (5) data accessibility. The plan describes improvements to hydrostratigraphic and geospatial network coverage that can be accomplished using additional monitoring, surface geophysical surveys, and borehole geophysical logging. Sampling methods and improvements to monitoring well design are described in detail. Geochemical analyses

Anomaly detection through information sharing under different topologies

NARCIS (Netherlands)

Gallos, Lazaros K.; Korczynski, M.T.; Fefferman, Nina H.

2017-01-01

Early detection of traffic anomalies in networks increases the probability of effective intervention/mitigation actions, thereby improving the stability of system function. Centralized methods of anomaly detection are subject to inherent constraints: (1) they create a communication burden on the

A Non-Intrusive Cyber Physical Social Sensing Solution to People Behavior Tracking: Mechanism, Prototype, and Field Experiments.

Science.gov (United States)

Jia, Yunjian; Zhou, Zhenyu; Chen, Fei; Duan, Peng; Guo, Zhen; Mumtaz, Shahid

2017-01-13

Tracking people's behaviors is a main category of cyber physical social sensing (CPSS)-related people-centric applications. Most tracking methods utilize camera networks or sensors built into mobile devices such as global positioning system (GPS) and Bluetooth. In this article, we propose a non-intrusive wireless fidelity (Wi-Fi)-based tracking method. To show the feasibility, we target tracking people's access behaviors in Wi-Fi networks, which has drawn a lot of interest from the academy and industry recently. Existing methods used for acquiring access traces either provide very limited visibility into media access control (MAC)-level transmission dynamics or sometimes are inflexible and costly. In this article, we present a passive CPSS system operating in a non-intrusive, flexible, and simplified manner to overcome above limitations. We have implemented the prototype on the off-the-shelf personal computer, and performed real-world deployment experiments. The experimental results show that the method is feasible, and people's access behaviors can be correctly tracked within a one-second delay.

Nuisance alarm suppression techniques for fibre-optic intrusion detection systems

Science.gov (United States)

Mahmoud, Seedahmed S.; Visagathilagar, Yuvaraja; Katsifolis, Jim

2012-02-01

The suppression of nuisance alarms without degrading sensitivity in fibre-optic intrusion detection systems is important for maintaining acceptable performance. Signal processing algorithms that maintain the POD and minimize nuisance alarms are crucial for achieving this. A level crossings algorithm is presented for suppressing torrential rain-induced nuisance alarms in a fibre-optic fence-based perimeter intrusion detection system. Results show that rain-induced nuisance alarms can be suppressed for rainfall rates in excess of 100 mm/hr, and intrusion events can be detected simultaneously during rain periods. The use of a level crossing based detection and novel classification algorithm is also presented demonstrating the suppression of nuisance events and discrimination of nuisance and intrusion events in a buried pipeline fibre-optic intrusion detection system. The sensor employed for both types of systems is a distributed bidirectional fibre-optic Mach Zehnder interferometer.

Geochemistry and petrogenesis of the Feshark intrusion (NE Isfahan city

Directory of Open Access Journals (Sweden)

Ali Kananian

2017-11-01

Full Text Available Introduction Granitic rocks are the most abundant rock types in various tectonic settings and they have originated from mantle-derived magmas and/or partial melting of crustal rocks. The Oligo-Miocene Feshark intrusion is situated in the northeast of the city of Isfahan, and a small part of Urumieh–Dokhtar Magmatic Arc is between 52º21' E to 52º26'E and 32º50' N to - 32º53' N. The pluton has intruded into lower Eocene volcanic rocks such as rhyolite, andesite, and dacite and limestone. Analytical methods Fifteen representative samples from the Feshark intrusion were selected on the basis of their freshness. The major elements and some trace elements were analyzed by X-ray fluorescence (XRF at Naruto University in Japan and the trace-element compositions were determined at the ALS Chemex lab. Results The Feshark intrusion can be divided into two phases, namely granodiorite with slightly granite and tonalite composition and quartz diorite with various quartz diorite and quartz monzodiorite abundant enclaves according to Middlemost (1994 classification. The quartz diorite show dark grey and are abundant at the western part of the intrusive rocks. Granodiorite are typically of white-light grey in color and change gradually into granite and tonalite. The granodiorite and granite rocks consist of quartz, K-feldspar, plagioclase, biotite, and amphibole, whereas in the quartz diorites the mineral assemblages between different minerals are very similar to those observed in the granodiorite. However, amphibole and plagioclase are more abundant and quartz and K-feldspar modal contents are lower than in the granodiorite whereas pyroxene occurs as rare grains. They are characterized as metaluminous to mildly peraluminous based on alumina saturation index (e.g. Shand, 1943 and are mostly medium-K calc-alkaline in nature (Rickwood, 1989. Discussion In the Yb vs. La/Yb and Tb/Yb variation diagrams (He et al., 2009, the studied samples show small

Correlating intrusion detection alerts on bot malware infections using neural network

DEFF Research Database (Denmark)

Kidmose, Egon; Stevanovic, Matija; Pedersen, Jens Myrup

2016-01-01

Millions of computers are infected with bot malware, form botnets and enable botmaster to perform malicious and criminal activities. Intrusion Detection Systems are deployed to detect infections, but they raise many correlated alerts for each infection, requiring a large manual investigation effort...

Petroleum Vapor Intrusion

Science.gov (United States)

One type of vapor intrusion is PVI, in which vapors from petroleum hydrocarbons such as gasoline, diesel, or jet fuel enter a building. Intrusion of contaminant vapors into indoor spaces is of concern.

Hybrid Intrusion Forecasting Framework for Early Warning System

Science.gov (United States)

Kim, Sehun; Shin, Seong-Jun; Kim, Hyunwoo; Kwon, Ki Hoon; Han, Younggoo

Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.

SEADE: Countering the Futility of Network Security

Science.gov (United States)

2015-10-01

guards, and computer cages) and logical security measures (network firewall and intrusion detection). However, no matter how many layers of network...security built-in and with minimal security dependence on network security appliances (e.g., firewalls ). As Secretary of Defense Ashton Carter...based analysis that assumes nothing bad will happen to applications/data if those defenses prevent malware transactions at the entrance. The

A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS on Software Defined Network (SDN

Directory of Open Access Journals (Sweden)

M. H. H. Khairi

2018-04-01

Full Text Available Software defined network (SDN is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS. SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.

Contextual anomaly detection for cyber-physical security in Smart Grids based on an artificial neural network model

DEFF Research Database (Denmark)

Kosek, Anna Magdalena

2016-01-01

control. An intrusion detection system observes distributed energy resource’s behaviour, control actions and the power system impact, and is tested together with an ongoing voltage control attack in a co-simulation set-up. The simulation results obtained with a real photovoltaic rooftop power plant data...

Anomaly Detection for Aviation Safety Based on an Improved KPCA Algorithm

Directory of Open Access Journals (Sweden)

Xiaoyu Zhang

2017-01-01

Full Text Available Thousands of flights datasets should be analyzed per day for a moderate sized fleet; therefore, flight datasets are very large. In this paper, an improved kernel principal component analysis (KPCA method is proposed to search for signatures of anomalies in flight datasets through the squared prediction error statistics, in which the number of principal components and the confidence for the confidence limit are automatically determined by OpenMP-based K-fold cross-validation algorithm and the parameter in the radial basis function (RBF is optimized by GPU-based kernel learning method. Performed on Nvidia GeForce GTX 660, the computation of the proposed GPU-based RBF parameter is 112.9 times (average 82.6 times faster than that of sequential CPU task execution. The OpenMP-based K-fold cross-validation process for training KPCA anomaly detection model becomes 2.4 times (average 1.5 times faster than that of sequential CPU task execution. Experiments show that the proposed approach can effectively detect the anomalies with the accuracy of 93.57% and false positive alarm rate of 1.11%.

Global nickel anomaly links Siberian Traps eruptions and the latest Permian mass extinction.

Science.gov (United States)

Rampino, Michael R; Rodriguez, Sedelia; Baransky, Eva; Cai, Yue

2017-09-29

Anomalous peaks of nickel abundance have been reported in Permian-Triassic boundary sections in China, Israel, Eastern Europe, Spitzbergen, and the Austrian Carnic Alps. New solution ICP-MS results of enhanced nickel from P-T boundary sections in Hungary, Japan, and Spiti, India suggest that the nickel anomalies at the end of the Permian were a worldwide phenomenon. We propose that the source of the nickel anomalies at the P-T boundary were Ni-rich volatiles released by the Siberian volcanism, and by coeval Ni-rich magma intrusions. The peaks in nickel abundance correlate with negative δ 13 C and δ 18 O anomalies, suggesting that explosive reactions between magma and coal during the Siberian flood-basalt eruptions released large amounts of CO 2 and CH 4 into the atmosphere, causing severe global warming and subsequent mass extinction. The nickel anomalies may provide a timeline in P-T boundary sections, and the timing of the peaks supports the Siberian Traps as a contributor to the latest Permian mass extinction.

A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis

OpenAIRE

Davicino, Pablo; Echaiz, Javier; Ardenghi, Jorge Raúl

2011-01-01

Computer Intrusion Detection Systems (IDS) are primarily designed to protect availability, condentiality and integrity of critical information infrastructures. A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, with a central server or with a cluster of servers that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using cooperative intelligent sensors distributed across the network(s). ...

Biological intrusion barriers for large-volume waste-disposal sites

International Nuclear Information System (INIS)

Hakonson, T.E.; Cline, J.F.; Rickard, W.H.

1982-01-01

intrusion of plants and animals into shallow land burial sites with subsequent mobilization of toxic and radiotoxic materials has occured. Based on recent pathway modeling studies, such intrusions can contribute to the dose received by man. This paper describes past work on developing biological intrusion barrier systems for application to large volume waste site stabilization. State-of-the-art concepts employing rock and chemical barriers are discussed relative to long term serviceability and cost of application. The interaction of bio-intrusion barrier systems with other processes affecting trench cover stability are discussed to ensure that trench cover designs minimize the potential dose to man. 3 figures, 6 tables

Intrusion Detection System Based on Decision Tree over Big Data in Fog Environment

Directory of Open Access Journals (Sweden)

Kai Peng

2018-01-01

Full Text Available Fog computing, as the supplement of cloud computing, can provide low-latency services between mobile users and the cloud. However, fog devices may encounter security challenges as a result of the fog nodes being close to the end users and having limited computing ability. Traditional network attacks may destroy the system of fog nodes. Intrusion detection system (IDS is a proactive security protection technology and can be used in the fog environment. Although IDS in tradition network has been well investigated, unfortunately directly using them in the fog environment may be inappropriate. Fog nodes produce massive amounts of data at all times, and, thus, enabling an IDS system over big data in the fog environment is of paramount importance. In this study, we propose an IDS system based on decision tree. Firstly, we propose a preprocessing algorithm to digitize the strings in the given dataset and then normalize the whole data, to ensure the quality of the input data so as to improve the efficiency of detection. Secondly, we use decision tree method for our IDS system, and then we compare this method with Naïve Bayesian method as well as KNN method. Both the 10% dataset and the full dataset are tested. Our proposed method not only completely detects four kinds of attacks but also enables the detection of twenty-two kinds of attacks. The experimental results show that our IDS system is effective and precise. Above all, our IDS system can be used in fog computing environment over big data.

State of the art on defenses against wormhole attacks in wireless sensor networks

DEFF Research Database (Denmark)

Prasad, Neeli R.; Giannetsos, T.; Dimitriou, T.

2009-01-01

describe the wormhole attack, a severe routing attack against sensor networks that is particularly challenging to defend against. We detail its characteristics and study its effects on the successful operation of a sensor network. We present state-of-the-art research for addressing wormhole related...... the possibility of using more sophisticated methods, like intrusion detection systems, to achieve a more complete and autonomic defense mechanism against wormhole attackers. We present our work on intrusion detection and introduce a lightweight IDS framework, called LIDeA, designed for wireless sensor networks....... LIDeA is based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. We conclude by highlighting how such a system can be used for defending against wormhole attackers....

Kullback-Leibler distance-based enhanced detection of incipient anomalies

KAUST Repository

Harrou, Fouzi; Sun, Ying; Madakyaru, Muddu

2016-01-01

Accurate and effective anomaly detection and diagnosis of modern engineering systems by monitoring processes ensure reliability and safety of a product while maintaining desired quality. In this paper, an innovative method based on Kullback

Sensor Anomaly Detection in Wireless Sensor Networks for Healthcare

Science.gov (United States)

Haque, Shah Ahsanul; Rahman, Mustafizur; Aziz, Syed Mahfuzul

2015-01-01

Wireless Sensor Networks (WSN) are vulnerable to various sensor faults and faulty measurements. This vulnerability hinders efficient and timely response in various WSN applications, such as healthcare. For example, faulty measurements can create false alarms which may require unnecessary intervention from healthcare personnel. Therefore, an approach to differentiate between real medical conditions and false alarms will improve remote patient monitoring systems and quality of healthcare service afforded by WSN. In this paper, a novel approach is proposed to detect sensor anomaly by analyzing collected physiological data from medical sensors. The objective of this method is to effectively distinguish false alarms from true alarms. It predicts a sensor value from historic values and compares it with the actual sensed value for a particular instance. The difference is compared against a threshold value, which is dynamically adjusted, to ascertain whether the sensor value is anomalous. The proposed approach has been applied to real healthcare datasets and compared with existing approaches. Experimental results demonstrate the effectiveness of the proposed system, providing high Detection Rate (DR) and low False Positive Rate (FPR). PMID:25884786

Is mindfulness-based therapy an effective intervention for obsessive-intrusive thoughts: a case series.

Science.gov (United States)

Wilkinson-Tough, Megan; Bocci, Laura; Thorne, Kirsty; Herlihy, Jane

2010-01-01

Despite the efficacy of cognitive-behavioural interventions in improving the experience of obsessions and compulsions, some people do not benefit from this approach. The present research uses a case series design to establish whether mindfulness-based therapy could benefit those experiencing obsessive-intrusive thoughts by targeting thought-action fusion and thought suppression. Three participants received a relaxation control intervention followed by a six-session mindfulness-based intervention which emphasized daily practice. Following therapy all participants demonstrated reductions in Yale-Brown Obsessive-Compulsive Scale scores to below clinical levels, with two participants maintaining this at follow-up. Qualitative analysis of post-therapy feedback suggested that mindfulness skills such as observation, awareness and acceptance were seen as helpful in managing thought-action fusion and suppression. Despite being limited by small participant numbers, these results suggest that mindfulness may be beneficial to some people experiencing intrusive unwanted thoughts and that further research could establish the possible efficacy of this approach in larger samples. Copyright (c) 2009 John Wiley & Sons, Ltd.

Late Triassic porphyritic intrusions and associated volcanic rocks from the Shangri-La region, Yidun terrane, Eastern Tibetan Plateau: Adakitic magmatism and porphyry copper mineralization

Science.gov (United States)

Wang, Bai-Qiu; Zhou, Mei-Fu; Li, Jian-Wei; Yan, Dan-Ping

2011-11-01

Early Mesozoic porphyritic intrusions in the Shangri-La region, southern Yidun terrane, SW China, are spatially associated with andesites and dacites. These intrusions are composed of diorite and quartz diorite, and are closely related to copper mineralization. LA-ICP-MS zircon U-Pb ages of the intrusions range from 230 to 215 Ma. The associated andesites and dacites are interlayered with slates and sandstones and have ages of around 220 Ma. All of the intrusive and extrusive rocks have similar, highly fractionated REE patterns and high La/Yb (13-49) ratios with no prominent Eu anomalies. They display pronounced negative Nb-Ta and Ti anomalies on primitive mantle-normalized spidergrams. Their SiO2 contents range from 56.6 to 67.1 wt.%, Al2O3 from 14.2 to 17.4 wt.% and MgO from1.9 to 4.2 wt.%. All the rocks have high Sr (258-1980 ppm), and low Y (13-21 ppm) with high Sr/Y ratios (29-102). These features suggest that both the volcanic rocks and porphyritic intrusions were derived from adakitic magmas. They have similar initial 87Sr/86Sr ratios (0.7058 to 0.7077) and εNd (- 1.88 to - 4.93) values, but belong to high silica (HSA) and low silica adakitic rocks (LSA). The HSA represent an early stage of magmatism (230 to 215 Ma) and were derived from oceanic slab melts with limited interaction with the overlying mantle wedge during ascent. At 215 Ma, more extensive interaction produced the LSA. We propose that the early adakitic magmas (HSA) formed by flat subduction leading to melting of oceanic slab, whereas subsequent slab break-off caused the significant interaction between slab melts and the mantle wedge and thus the generation of the later adakitic magmas (LSA).

Volcano monitoring using GPS: Developing data analysis strategies based on the June 2007 Kīlauea Volcano intrusion and eruption

Science.gov (United States)

Larson, Kristine M.; Poland, Michael; Miklius, Asta

2010-01-01

The global positioning system (GPS) is one of the most common techniques, and the current state of the art, used to monitor volcano deformation. In addition to slow (several centimeters per year) displacement rates, GPS can be used to study eruptions and intrusions that result in much larger (tens of centimeters over hours-days) displacements. It is challenging to resolve precise positions using GPS at subdaily time intervals because of error sources such as multipath and atmospheric refraction. In this paper, the impact of errors due to multipath and atmospheric refraction at subdaily periods is examined using data from the GPS network on Kīlauea Volcano, Hawai'i. Methods for filtering position estimates to enhance precision are both simulated and tested on data collected during the June 2007 intrusion and eruption. Comparisons with tiltmeter records show that GPS instruments can precisely recover the timing of the activity.

Network traffic intelligence using a low interaction honeypot

Science.gov (United States)

Nyamugudza, Tendai; Rajasekar, Venkatesh; Sen, Prasad; Nirmala, M.; Madhu Viswanatham, V.

2017-11-01

Advancements in networking technology have seen more and more devices becoming connected day by day. This has given organizations capacity to extend their networks beyond their boundaries to remote offices and remote employees. However as the network grows security becomes a major challenge since the attack surface also increases. There is need to guard the network against different types of attacks like intrusion and malware through using different tools at different networking levels. This paper describes how network intelligence can be acquired through implementing a low-interaction honeypot which detects and track network intrusion. Honeypot allows an organization to interact and gather information about an attack earlier before it compromises the network. This process is important because it allows the organization to learn about future attacks of the same nature and allows them to develop counter measures. The paper further shows how honeypot-honey net based model for interruption detection system (IDS) can be used to get the best valuable information about the attacker and prevent unexpected harm to the network.

Late Triassic Porphyritic Intrusions And Associated Volcanic Rocks From The Shangri-La Region, Yidun Terrane, Eastern Tibetan Plateau: Implications For Adakitic Magmatism And Porphyry Copper Mineralization

Science.gov (United States)

Wang, B.; Zhou, M.; Li, J.; Yan, D.

2011-12-01

The Yidun terrane, located on the eastern margin of the Tibetan plateau, has been commonly considered to be a Triassic volcanic arc produced by subduction of the Ganzi-Litang oceanic lithosphere. The Yidun terrane is characterized by numerous arc-affinity granitic intrusions located along a 500-km-long, north-south-trending belt. Among these granitic bodies, several small porphyritic intrusions in the southern segment of the terrane (Shangri-La region) are associated with large porphyry copper deposits. These porphyritc intrusions are composed of diorite and quartz diorite, and spatially associated with andesites and dacites. LA-ICP-MS zircon U-Pb ages of the intrusions range from 230 to 215 Ma. The andesites and dacites are intercalated with slates and sandstones and have ages of around 220 Ma. The intrusive and volcanic rocks have SiO2 contents from 56.6 to 67.1 wt.%, Al2O3 from 14.2 to 17.4 wt.% and MgO from 1.9 to 4.2 wt.%. They show significant negative Nb-Ta anomalies on primitive mantle-normalized spidergrams. They have high La/Yb (13-49) ratios with no prominent Eu anomalies. All the rocks have high Sr (258-1980 ppm), and low Y (13-21 ppm) with high Sr/Y ratios (29-102). The geochemical features indicate that both the volcanic rocks and porphyritic intrusions were derived from adakitic magmas. They have similar initial 87Sr/86Sr ratios (0.7058 to 0.7077) and ɛNd (-1.88 to -4.93) values, but can be further divided into two groups: high silica (HSA) and low silica adakitic rocks (LSA). The HSA, representing an early stage of magmatism (230 to 215 Ma), were derived from oceanic slab melts with limited interaction with the overlying mantle wedge. At 215 Ma, more extensive interaction resulted in the formation of LSA. We propose that HSA were produced by flat subduction leading to melting of oceanic slab, whereas subsequent slab break-off caused the significant interaction between slab melts and the mantle wedge and thus the generation of the LSA. Compared with

Volcanomagnetic anomalies: a review and the computation of the piezomagnetic field expected at Vulcano (Aeolian Islands, Italy

Directory of Open Access Journals (Sweden)

F. Ferricci

1994-06-01

Full Text Available he volcanic area of Vulcano experienced major unrest, which brought the fumarolic field temperatures from slightly less than 300 °C to ca. 700 °C between 1988-1993. The structure underlying the crater, investigated by drillings and by different geophysical techniques, is relatively well-known. This led us to attempt modelling the magnetic anomaly which could be generated by sudden pressure variations in the magma chamber at shallow depth. The rocks embedding the intrusive rock penetrated by drill-holes to a depth of ca. 2000 m are characterized by high susceptibility, which points to the possibility of obtaining significant magnetic anomalies with acceptably weak pressure pulses. The model for straightforward computing of the anomalous field was drawn accounting for (1 the inferred geometry of the Curie isotherrn, (2 presence of a spherical magma reservoir, 2 km wide and centred at a depth of 3.5 km, overlain by (3 a 0.5 km wide and 1.5 km high cylinder simulating the intrusion first revealed by drillings. The model elements (2 and (3 behave as a single source zone and are assumed to lie beyond the Curie point, the contribution to the piezomagnetic effect being provided by the surrounding medium. Under such conditions, a 10 MPa pressure pulse applied within the sourcezone provides a 4 nT piezomagnetic anomaly, compatible with the amplitude of the anomalies observed at those volcanoes of the world where magnetic surveillance is routinely carried out. The analytical method used for computation of the magnetic field generated by mechanical stress is extensively discussed, and the contribution of piezomagnetism to rapid variations of the magnetic field is compared to other types of magnetic anomalies likely to occur at active volcanoes.

Petrology, geochemistry, and geochronology of the Chah-Bazargan gabbroic intrusions in the south Sanandaj-Sirjan zone, Neyriz, Iran

Science.gov (United States)

Fazlnia, Abdolnaser; Schenk, Volker; Appel, Peter; Alizade, Abouzar

2013-07-01

The Chah-Bazargan gabbroic intrusions are located in the south of Sanandaj-Sirjan zone. Precise U-Pb zircon SHRIMP ages of the intrusions show magmatic ages of 170.5 ± 1.9 Ma. These intrusions consist primarily of gabbros, interspersed with lenticular bodies of anorthosite, troctolite, clinopyroxenite, and wehrlite. The lenticular bodies show gradational or sharp boundaries with the gabbros. In the gradational boundaries, gabbros are mineralogically transformed into anorthosites, wehrlites, and/or clinopyroxenites. On the other hand, where the boundaries are sharp, the mineral assemblages change abruptly. There is no obvious deformation in the intrusions. Hence, the changes in mineral compositions are interpreted as the result of crystallization processes, such as fractionation in the magma chamber. Rock types with sharp boundaries show abrupt chemical changes, but the changes exhibit the same patterns of increasing and decreasing elements, especially of rare earth elements, as the gradational boundaries. Therefore, it is possible that all parts of the intrusions were formed from the same parental magma. Parts showing signs of nonequilibrium crystallization, such as cumulate features and sub-solidification, underwent fracturing and were interspersed throughout the magma chamber by late injection pulses or mechanical movements under mush conditions. The geological and age data show that the intrusions were formed from an Al-, Sr-, Fe-enriched and K-, Nb-depleted tholeiitic magma. The magma resulted from the partial melting of a metasomatized spinel demonstrated by negative Nb, P, Hf, and Ti, and positive Ba, Sr, and U anomalies typical of subduction-related magmas.

Stress reaction process-based hierarchical recognition algorithm for continuous intrusion events in optical fiber prewarning system

Science.gov (United States)

Qu, Hongquan; Yuan, Shijiao; Wang, Yanping; Yang, Dan

2018-04-01

To improve the recognition performance of optical fiber prewarning system (OFPS), this study proposed a hierarchical recognition algorithm (HRA). Compared with traditional methods, which employ only a complex algorithm that includes multiple extracted features and complex classifiers to increase the recognition rate with a considerable decrease in recognition speed, HRA takes advantage of the continuity of intrusion events, thereby creating a staged recognition flow inspired by stress reaction. HRA is expected to achieve high-level recognition accuracy with less time consumption. First, this work analyzed the continuity of intrusion events and then presented the algorithm based on the mechanism of stress reaction. Finally, it verified the time consumption through theoretical analysis and experiments, and the recognition accuracy was obtained through experiments. Experiment results show that the processing speed of HRA is 3.3 times faster than that of a traditional complicated algorithm and has a similar recognition rate of 98%. The study is of great significance to fast intrusion event recognition in OFPS.

Epidemiology of multiple congenital anomalies in Europe: A EUROCAT population-based registry study

DEFF Research Database (Denmark)

Calzolari, Elisa; Barisic, Ingeborg; Loane, Maria

2014-01-01

BACKGROUND: This study describes the prevalence, associated anomalies, and demographic characteristics of cases of multiple congenital anomalies (MCA) in 19 population-based European registries (EUROCAT) covering 959,446 births in 2004 and 2010. METHODS: EUROCAT implemented a computer algorithm f...

Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems

Science.gov (United States)

McEvoy, Thomas Richard; Wolthusen, Stephen D.

Recent research on intrusion detection in supervisory data acquisition and control (SCADA) and DCS systems has focused on anomaly detection at protocol level based on the well-defined nature of traffic on such networks. Here, we consider attacks which compromise sensors or actuators (including physical manipulation), where intrusion may not be readily apparent as data and computational states can be controlled to give an appearance of normality, and sensor and control systems have limited accuracy. To counter these, we propose to consider indirect relations between sensor readings to detect such attacks through concurrent observations as determined by control laws and constraints.

Case-Based Multi-Sensor Intrusion Detection

Science.gov (United States)

Schwartz, Daniel G.; Long, Jidong

2009-08-01

Multi-sensor intrusion detection systems (IDSs) combine the alerts raised by individual IDSs and possibly other kinds of devices such as firewalls and antivirus software. A critical issue in building a multi-sensor IDS is alert-correlation, i.e., determining which alerts are caused by the same attack. This paper explores a novel approach to alert correlation using case-based reasoning (CBR). Each case in the CBR system's library contains a pattern of alerts raised by some known attack type, together with the identity of the attack. Then during run time, the alert streams gleaned from the sensors are compared with the patterns in the cases, and a match indicates that the attack described by that case has occurred. For this purpose the design of a fast and accurate matching algorithm is imperative. Two such algorithms were explored: (i) the well-known Hungarian algorithm, and (ii) an order-preserving matching of our own device. Tests were conducted using the DARPA Grand Challenge Problem attack simulator. These showed that the both matching algorithms are effective in detecting attacks; but the Hungarian algorithm is inefficient; whereas the order-preserving one is very efficient, in fact runs in linear time.

Count out your intrusions: Effects of verbal encoding on intrusive memories

NARCIS (Netherlands)

Krans, J.; Näring, G.W.B.; Becker, E.S.

2009-01-01

Peri-traumatic information processing is thought to affect the development of intrusive trauma memories. This study aimed to replicate and improve the study by Holmes, Brewin, and Hennessy (2004, Exp. 3) on the role of peri-traumatic verbal processing in analogue traumatic intrusion development.

Options for human intrusion

International Nuclear Information System (INIS)

Bauser, M.; Williams, R.

1993-01-01

This paper addresses options for dealing with human intrusion in terms of performance requirements and repository siting and design requirements. Options are presented, along with the advantages and disadvantages of certain approaches. At the conclusion, a conceptual approach is offered emphasizing both the minimization of subjective judgements concerning future human activity, and specification of repository requirements to minimize the likelihood of human intrusion and any resulting, harmful effects should intrusion occur

A Non-Intrusive Cyber Physical Social Sensing Solution to People Behavior Tracking: Mechanism, Prototype, and Field Experiments

Directory of Open Access Journals (Sweden)

Yunjian Jia

2017-01-01

Full Text Available Tracking people’s behaviors is a main category of cyber physical social sensing (CPSS-related people-centric applications. Most tracking methods utilize camera networks or sensors built into mobile devices such as global positioning system (GPS and Bluetooth. In this article, we propose a non-intrusive wireless fidelity (Wi-Fi-based tracking method. To show the feasibility, we target tracking people’s access behaviors in Wi-Fi networks, which has drawn a lot of interest from the academy and industry recently. Existing methods used for acquiring access traces either provide very limited visibility into media access control (MAC-level transmission dynamics or sometimes are inflexible and costly. In this article, we present a passive CPSS system operating in a non-intrusive, flexible, and simplified manner to overcome above limitations. We have implemented the prototype on the off-the-shelf personal computer, and performed real-world deployment experiments. The experimental results show that the method is feasible, and people’s access behaviors can be correctly tracked within a one-second delay.

A Proposal for Kelly CriterionBased Lossy Network Compression

Science.gov (United States)

2016-03-01

detection applications. Most of these applications only send alerts to the central analysis servers. These alerts do not provide the forensic capability...based intrusion detection systems. These systems tend to examine the indi- vidual system’s audit logs looking for intrusive activity. The notable

Semi-non-intrusive objective intelligibility measure using spatial filtering in hearing aids

DEFF Research Database (Denmark)

Sørensen, Charlotte; Boldt, Jesper Bünsow; Gran, Frederik

2016-01-01

-intrusive metrics have not been able to achieve acceptable intelligibility predictions. This paper presents a new semi-non-intrusive intelligibility measure based on an existing intrusive measure, STOI, where an estimate of the clean speech is extracted using spatial filtering in the hearing aid. The results......Reliable non-intrusive online assessment of speech intelligibility can play a key role for the functioning of hearing aids, e.g. as guidance for adjusting the hearing aid settings to the environment. While existing intrusive metrics can provide a precise and reliable measure, the current non...

Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

KAUST Repository

Hassanzadeh, Amin; Stoleru, Radu; Shihada, Basem

2011-01-01

in such environments battery-powered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous

System and method for anomaly detection

Science.gov (United States)

Scherrer, Chad

2010-06-15

A system and method for detecting one or more anomalies in a plurality of observations is provided. In one illustrative embodiment, the observations are real-time network observations collected from a stream of network traffic. The method includes performing a discrete decomposition of the observations, and introducing derived variables to increase storage and query efficiencies. A mathematical model, such as a conditional independence model, is then generated from the formatted data. The formatted data is also used to construct frequency tables which maintain an accurate count of specific variable occurrence as indicated by the model generation process. The formatted data is then applied to the mathematical model to generate scored data. The scored data is then analyzed to detect anomalies.

The potential of the European network of congenital anomaly registers (EUROCAT) for drug safety surveillance: a descriptive study.

Science.gov (United States)

Meijer, Willemijn M; Cornel, Martina C; Dolk, Helen; de Walle, Hermien E K; Armstrong, Nicola C; de Jong-van den Berg, Lolkje T W

2006-09-01

European Surveillance of Congenital Anomalies (EUROCAT) is a network of population-based congenital anomaly registries in Europe surveying more than 1 million births per year, or 25% of the births in the European Union. This paper describes the potential of the EUROCAT collaboration for pharmacoepidemiology and drug safety surveillance. The 34 full members and 6 associate members of the EUROCAT network were sent a questionnaire about their data sources on drug exposure and on drug coding. Available data on drug exposure during the first trimester available in the central EUROCAT database for the years 1996-2000 was summarised for 15 out of 25 responding full members. Of the 40 registries, 29 returned questionnaires (25 full and 4 associate members). Four of these registries do not collect data on maternal drug use. Of the full members, 15 registries use the EUROCAT drug code, 4 use the international ATC drug code, 3 registries use another coding system and 7 use a combination of these coding systems. Obstetric records are the most frequently used sources of drug information for the registries, followed by interviews with the mother. Only one registry uses pharmacy data. Percentages of cases with drug exposure (excluding vitamins/minerals) varied from 4.4% to 26.0% among different registries. The categories of drugs recorded varied widely between registries. Practices vary widely between registries regarding recording drug exposure information. EUROCAT has the potential to be an effective collaborative framework to contribute to post-marketing drug surveillance in relation to teratogenic effects, but work is needed to implement ATC drug coding more widely, and to diversify the sources of information used to determine drug exposure in each registry.

Rate based failure detection

Science.gov (United States)

Johnson, Brett Emery Trabun; Gamage, Thoshitha Thanushka; Bakken, David Edward

2018-01-02

This disclosure describes, in part, a system management component and failure detection component for use in a power grid data network to identify anomalies within the network and systematically adjust the quality of service of data published by publishers and subscribed to by subscribers within the network. In one implementation, subscribers may identify a desired data rate, a minimum acceptable data rate, desired latency, minimum acceptable latency and a priority for each subscription. The failure detection component may identify an anomaly within the network and a source of the anomaly. Based on the identified anomaly, data rates and or data paths may be adjusted in real-time to ensure that the power grid data network does not become overloaded and/or fail.

USBcat - Towards an Intrusion Surveillance Toolset

Directory of Open Access Journals (Sweden)

Chris Chapman

2014-10-01

Full Text Available This paper identifies an intrusion surveillance framework which provides an analyst with the ability to investigate and monitor cyber-attacks in a covert manner. Where cyber-attacks are perpetrated for the purposes of espionage the ability to understand an adversary's techniques and objectives are an important element in network and computer security. With the appropriate toolset, security investigators would be permitted to perform both live and stealthy counter-intelligence operations by observing the behaviour and communications of the intruder. Subsequently a more complete picture of the attacker's identity, objectives, capabilities, and infiltration could be formulated than is possible with present technologies. This research focused on developing an extensible framework to permit the covert investigation of malware. Additionally, a Universal Serial Bus (USB Mass Storage Device (MSD based covert channel was designed to enable remote command and control of the framework. The work was validated through the design, implementation and testing of a toolset.

The intrusive complexof the Island of Giglio: geomagnetic characteristics of plutonic facies with low susceptibility contrast

Directory of Open Access Journals (Sweden)

R. Cavallini

1998-06-01

Full Text Available Two main plutonic facies characterize the intrusive complex of the Island of Giglio, and the trend of their contact at depth has been modelled using a 2D½ analysis based on a detailed geomagnetic survey in order to verify the geological hypothesis of the subsurface geometry of this contact. The magnetic anomaly connected with the discontinuity is quite low, due to the small difference between the magnetic susceptibilities of the two granitic facies. Development of this model of inversion of the magnetic field, which is in good agreement with the geological interpretation, was made possible by: 1 accurate control of the geomagnetic time variations and consequent temporal reduction, 2 a very low level of the artificial magnetic noise, 3 high density of the magnetic survey, 4 detailed knowledge of the mapped geologic contact between facies and of their petrologic characteristics, and 5 direct local measurements of the magnetic susceptibilities of the key lithologies. The model shows the trends of the geological contact, as projected in three E-W sections, that dips eastward in the range between 210 and 540, supporting the geologic hypothesis that the Pietrabona facies represents an external shell of the shallowly emplaced Giglio monzogranite intrusion.

Rapid deployment intrusion detection system

International Nuclear Information System (INIS)

Graham, R.H.

1997-01-01

A rapidly deployable security system is one that provides intrusion detection, assessment, communications, and annunciation capabilities; is easy to install and configure; can be rapidly deployed, and is reusable. A rapidly deployable intrusion detection system (RADIDS) has many potential applications within the DOE Complex: back-up protection for failed zones in a perimeter intrusion detection and assessment system, intrusion detection and assessment capabilities in temporary locations, protection of assets during Complex reconfiguration, and protection in hazardous locations, protection of assets during Complex reconfiguration, and protection in hazardous locations. Many DOE user-need documents have indicated an interest in a rapidly deployable intrusion detection system. The purpose of the RADIDS project is to design, develop, and implement such a system. 2 figs

Approach for Assessing Human Intrusion into a Radwaste Repository

International Nuclear Information System (INIS)

Cho, Dong Keun; Kim, Jung Woo; Jeong, Jong Tae; Baik, Min Hoon

2016-01-01

An approach to assess human intrusion into radwaste repository resulting from future human actions was proposed based on the common principals, requirements, and recommendations from IAEA, ICRP, and OECD/NEA, with the assumption that the intrusion occurs after loss of knowledge of the hazardous nature of the disposal facility. At first, the essential boundary conditions were derived on the basis of international recommendations, followed by overall approach to deal with inadvertent human intrusion. The essential premises were derived on the basis of international recommendations, followed by overall approach to deal with inadvertent human intrusion. The procedure to derive protective measures was also explained with four steps regarding how to derive safety framework, general measures, potential measures, and eventual protective measures on the basis of stylized scenarios. It is expected that the approach proposed in this study will be effectively used to reduce the potential for and/or consequence of human intrusion during entire processes of realization of disposal facility.

Relation between the St. Louis urban precipitation anomaly and synoptic weather factors

International Nuclear Information System (INIS)

Vogel, J.L.; Huff, F.A.

1978-01-01

The summer (June--August) rainfall distribution on the METROMEX network was analyzed to determine the synoptic conditions during which the urban-industrial regions of St. Louis affect the precipitation process. The rainfall patterns were stratified by direction of movement of convective entities in storm systems, surface wind direction, and basic synoptic weather types. The results provide support for enhancement of rainfall downstorm from the urban-industrial region. Although only 23% of the 330 storms moved from the west-southwest, the storms produced 42% of the network rainfall and were strong contributors to the rainfall anomaly that maximizes 25--30 km northeast of St. Louis. Cold front conditions with the major convective entities moving from the southwest, and squall lines with any storm motion were associated with the most intense rainstorms over the raingage network, and these storms were also largely responsible for the rainfall anomaly. The rainfall pattern based on air mass storms did not indicate any The rainfall pattern based on air mass storms did not indicate any significant urban enhancement of rainfall and study of squall zone storms suggested possible reduction of rainfall in the urban region

Detection of Intelligent Intruders in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Yun Wang

2016-01-01

Full Text Available Most of the existing research works on the intrusion detection problem in a wireless sensor network (WSN assume linear or random mobility patterns in abstracting intruders’ models in traversing the WSN field. However, in real-life WSN applications, an intruder is usually an intelligent mobile robot with environment learning and detection avoidance capability (i.e., the capability to avoid surrounding sensors. Due to this, the literature results based on the linear or random mobility models may not be applied to the real-life WSN design and deployment for efficient and effective intrusion detection in practice. This motivates us to investigate the impact of intruder’s intelligence on the intrusion detection problem in a WSN for various applications. To be specific, we propose two intrusion algorithms, the pinball and flood-fill algorithms, to mimic the intelligent motion and behaviors of a mobile intruder in detecting and circumventing nearby sensors for detection avoidance while heading for its destination. The two proposed algorithms are integrated into a WSN framework for intrusion detection analysis in various circumstances. Monte Carlo simulations are conducted, and the results indicate that: (1 the performance of a WSN drastically changes as a result of the intruder’s intelligence in avoiding sensor detections and intrusion algorithms; (2 network parameters, including node density, sensing range and communication range, play a crucial part in the effectiveness of the intruder’s intrusion algorithms; and (3 it is imperative to integrate intruder’s intelligence in the WSN research for intruder detection problems under various application circumstances.

Graph anomalies in cyber communications

Energy Technology Data Exchange (ETDEWEB)

Vander Wiel, Scott A [Los Alamos National Laboratory; Storlie, Curtis B [Los Alamos National Laboratory; Sandine, Gary [Los Alamos National Laboratory; Hagberg, Aric A [Los Alamos National Laboratory; Fisk, Michael [Los Alamos National Laboratory

2011-01-11

Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

Adaptive Intrusion Data System (AIDS)

International Nuclear Information System (INIS)

Corlis, N.E.

1980-05-01

The adaptive intrusion data system (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique data system which uses computer controlled data systems, video cameras and recorders, analog-to-digital conversion, environmental sensors, and digital recorders to collect sensor data. The data can be viewed either manually or with a special computerized data-reduction system which adds new data to a data base stored on a magnetic disc recorder. This report provides a synoptic account of the AIDS as it presently exists. Modifications to the purchased subsystems are described, and references are made to publications which describe the Sandia-designed subsystems

Interior intrusion detection systems

Energy Technology Data Exchange (ETDEWEB)

Rodriguez, J.R.; Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States)); Dry, B. (BE, Inc., Barnwell, SC (United States))

1991-10-01

The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.

Interior intrusion detection systems

International Nuclear Information System (INIS)

Rodriguez, J.R.; Matter, J.C.; Dry, B.

1991-10-01

The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs

A Comprehensive Review and meta-analysis on Applications of Machine Learning Techniques in Intrusion Detection

Directory of Open Access Journals (Sweden)

Manojit Chattopadhyay

2018-05-01

Full Text Available Securing a machine from various cyber-attacks has been of serious concern for researchers, statutory bodies such as governments, business organizations and users in both wired and wireless media. However, during the last decade, the amount of data handling by any device, particularly servers, has increased exponentially and hence the security of these devices has become a matter of utmost concern. This paper attempts to examine the challenges in the application of machine learning techniques to intrusion detection. We review different inherent issues in defining and applying the machine learning techniques to intrusion detection. We also attempt to identify the best technological solution for changing usage pattern by comparing different machine learning techniques on different datasets and summarizing their performance using various performance metrics. This paper highlights the research challenges and future trends of intrusion detection in dynamic scenarios of intrusion detection problems in diverse network technologies.

Episodic intrusion, internal differentiation, and hydrothermal alteration of the miocene tatoosh intrusive suite south of Mount Rainier, Washington

Science.gov (United States)

du Bray, E.A.; Bacon, C.R.; John, D.A.; Wooden, J.L.; Mazdab, F.K.

2011-01-01

The Miocene Tatoosh intrusive suite south of Mount Rainier is composed of three broadly granodioritic plutons that are manifestations of ancestral Cascades arc magmatism. Tatoosh intrusive suite plutons have individually diagnostic characteristics, including texture, mineralogy, and geochemistry, and apparently lack internal contacts. New ion-microprobe U-Pb zircon ages indicate crystallization of the Stevens pluton ca. 19.2 Ma, Reflection-Pyramid pluton ca. 18.5 Ma, and Nisqually pluton ca. 17.5 Ma. The Stevens pluton includes rare, statistically distinct ca. 20.1 Ma zircon antecrysts. Wide-ranging zircon rare earth element (REE), Hf, U, and Th concentrations suggest late crystallization from variably evolved residual liquids. Zircon Eu/Eu*-Hf covariation is distinct for each of the Reflection-Pyramid, Nisqually, and Stevens plutons. Although most Tatoosh intrusive suite rocks have been affected by weak hydrothermal alteration, and sparse mineralized veins cut some of these rocks, significant base or precious metal mineralization is absent. At the time of shallow emplacement, each of these magma bodies was largely homogeneous in bulk composition and petrographic features, but, prior to final solidification, each of the Tatoosh intrusive suite plutons developed internal compositional variation. Geochemical and petrographic trends within each pluton are most consistent with differential loss of residual melt, possibly represented by late aplite dikes or erupted as rhyolite, from crystal-rich magma. Crystal-rich magma that formed each pluton evidently accumulated in reservoirs below the present level of exposure and then intruded to a shallow depth. Assembled by episodic intrusion, the Tatoosh intrusive suite may be representative of midsized composite plutonic complexes beneath arc volcanoes. ?? 2011 Geological Society of America.

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Directory of Open Access Journals (Sweden)

Uma R. Salunkhe

2017-01-01

Full Text Available In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Influence of seawater intrusion on microbial communities in groundwater.

Science.gov (United States)

Unno, Tatsuya; Kim, Jungman; Kim, Yumi; Nguyen, Son G; Guevarra, Robin B; Kim, Gee Pyo; Lee, Ji-Hoon; Sadowsky, Michael J

2015-11-01

Groundwater is the sole source of potable water on Jeju Island in the Republic of (South) Korea. Groundwater is also used for irrigation and industrial purposes, and it is severely impacted by seawater intrusion in coastal areas. Consequently, monitoring the intrusion of seawater into groundwater on Jeju is very important for health and environmental reasons. A number of studies have used hydrological models to predict the deterioration of groundwater quality caused by seawater intrusion. However, there is conflicting evidence of intrusion due to complicated environmental influences on groundwater quality. Here we investigated the use of next generation sequencing (NGS)-based microbial community analysis as a way to monitor groundwater quality and detect seawater intrusion. Pristine groundwater, groundwater from three coastal areas, and seawater were compared. Analysis of the distribution of bacterial species clearly indicated that the high and low salinity groundwater differed significantly with respect to microbial composition. While members of the family Parvularculaceae were only identified in high salinity water samples, a greater percentage of the phylum Actinobacteria was predominantly observed in pristine groundwater. In addition, we identified 48 shared operational taxonomic units (OTUs) with seawater, among which the high salinity groundwater sample shared a greater number of bacterial species with seawater (6.7%). In contrast, other groundwater samples shared less than 0.5%. Our results suggest that NGS-based microbial community analysis of groundwater may be a useful tool for monitoring groundwater quality and detect seawater intrusion. This technology may also provide additional insights in understanding hydrological dynamics. Copyright © 2015 Elsevier B.V. All rights reserved.

Abstracting audit data for lightweight intrusion detection

KAUST Repository

Wang, Wei

2010-01-01

High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010 Springer-Verlag.

Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems.

Science.gov (United States)

Laftah Al-Yaseen, Wathiq; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree

2015-01-01

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

Intrusive images in psychological disorders: characteristics, neural mechanisms, and treatment implications.

Science.gov (United States)

Brewin, Chris R; Gregory, James D; Lipton, Michelle; Burgess, Neil

2010-01-01

Involuntary images and visual memories are prominent in many types of psychopathology. Patients with posttraumatic stress disorder, other anxiety disorders, depression, eating disorders, and psychosis frequently report repeated visual intrusions corresponding to a small number of real or imaginary events, usually extremely vivid, detailed, and with highly distressing content. Both memory and imagery appear to rely on common networks involving medial prefrontal regions, posterior regions in the medial and lateral parietal cortices, the lateral temporal cortex, and the medial temporal lobe. Evidence from cognitive psychology and neuroscience implies distinct neural bases to abstract, flexible, contextualized representations (C-reps) and to inflexible, sensory-bound representations (S-reps). We revise our previous dual representation theory of posttraumatic stress disorder to place it within a neural systems model of healthy memory and imagery. The revised model is used to explain how the different types of distressing visual intrusions associated with clinical disorders arise, in terms of the need for correct interaction between the neural systems supporting S-reps and C-reps via visuospatial working memory. Finally, we discuss the treatment implications of the new model and relate it to existing forms of psychological therapy.

An Anomaly Detection Algorithm of Cloud Platform Based on Self-Organizing Maps

Directory of Open Access Journals (Sweden)

Jun Liu

2016-01-01

Full Text Available Virtual machines (VM on a Cloud platform can be influenced by a variety of factors which can lead to decreased performance and downtime, affecting the reliability of the Cloud platform. Traditional anomaly detection algorithms and strategies for Cloud platforms have some flaws in their accuracy of detection, detection speed, and adaptability. In this paper, a dynamic and adaptive anomaly detection algorithm based on Self-Organizing Maps (SOM for virtual machines is proposed. A unified modeling method based on SOM to detect the machine performance within the detection region is presented, which avoids the cost of modeling a single virtual machine and enhances the detection speed and reliability of large-scale virtual machines in Cloud platform. The important parameters that affect the modeling speed are optimized in the SOM process to significantly improve the accuracy of the SOM modeling and therefore the anomaly detection accuracy of the virtual machine.

Intrusion detection and monitoring for wireless networks.

Energy Technology Data Exchange (ETDEWEB)

Thomas, Eric D.; Van Randwyk, Jamie A.; Lee, Erik J.; Stephano, Amanda (Indiana University); Tabriz, Parisa (University of Illinois at Urbana-Champaign); Pelon, Kristen (Cedarville University); McCoy, Damon (University of Colorado, Boulder); Lodato, Mark (Lafayette College); Hemingway, Franklin (University of New Mexico); Custer, Ryan P.; Averin, Dimitry (Polytechnic University); Franklin, Jason (Carnegie Mellon University); Kilman, Dominique Marie

2005-11-01

Wireless computer networks are increasing exponentially around the world. They are being implemented in both the unlicensed radio frequency (RF) spectrum (IEEE 802.11a/b/g) and the licensed spectrum (e.g., Firetide [1] and Motorola Canopy [2]). Wireless networks operating in the unlicensed spectrum are by far the most popular wireless computer networks in existence. The open (i.e., proprietary) nature of the IEEE 802.11 protocols and the availability of ''free'' RF spectrum have encouraged many producers of enterprise and common off-the-shelf (COTS) computer networking equipment to jump into the wireless arena. Competition between these companies has driven down the price of 802.11 wireless networking equipment and has improved user experiences with such equipment. The end result has been an increased adoption of the equipment by businesses and consumers, the establishment of the Wi-Fi Alliance [3], and widespread use of the Alliance's ''Wi-Fi'' moniker to describe these networks. Consumers use 802.11 equipment at home to reduce the burden of running wires in existing construction, facilitate the sharing of broadband Internet services with roommates or neighbors, and increase their range of ''connectedness''. Private businesses and government entities (at all levels) are deploying wireless networks to reduce wiring costs, increase employee mobility, enable non-employees to access the Internet, and create an added revenue stream to their existing business models (coffee houses, airports, hotels, etc.). Municipalities (Philadelphia; San Francisco; Grand Haven, MI) are deploying wireless networks so they can bring broadband Internet access to places lacking such access; offer limited-speed broadband access to impoverished communities; offer broadband in places, such as marinas and state parks, that are passed over by traditional broadband providers; and provide themselves with higher quality, more

Review of the geochemistry and metallogeny of approximately 1.4 Ga granitoid intrusions of the conterminous United States

Science.gov (United States)

du Bray, Edward A.; Holm-Denoma, Christopher S.; Lund, Karen; Premo, Wayne R.

2018-03-27

The conterminous United States hosts numerous volumetrically significant and geographically dispersed granitoid intrusions that range in age from 1.50 to 1.32 billion years before present (Ga). Although previously referred to as A-type granites, most are better described as ferroan granites. These granitoid intrusions are distributed in the northern and central Rocky Mountains, the Southwest, the northern midcontinent, and a swath largely buried beneath Phanerozoic cover across the Great Plains and into the southern midcontinent. These intrusions, with ages that are bimodally distributed between about 1.455–1.405 Ga and 1.405–1.320 Ga, are dispersed nonsystematically with respect to age across their spatial extents. Globally, although A-type or ferroan granites are genetically associated with rare-metal deposits, most U.S. 1.4 Ga granitoid intrusions do not contain significant deposits. Exceptions are the light rare-earth element deposit at Mountain Pass, California, and the iron oxide-apatite and iron oxide-copper-gold deposits in southeast Missouri.Most of the U.S. 1.4 Ga granitoid intrusions are composed of hornblende ± biotite or biotite ± muscovite monzogranite, commonly with prominent alkali feldspar megacrysts; however, modal compositions vary widely. These intrusions include six of the eight commonly identified subtypes of ferroan granite: alkali-calcic and calc-alkalic peraluminous subtypes; alkalic, alkali-calcic, and calc-alkalic metaluminous subtypes; and the alkalic peralkaline subtype. The U.S. 1.4 Ga granitoid intrusions also include variants of these subtypes that have weakly magnesian compositions. Extreme large-ion lithophile element enrichments typical of ferroan granites elsewhere are absent among these intrusions. Chondrite-normalized rare-earth element patterns for these intrusions have modest negative slopes and moderately developed negative europium anomalies. Their radiogenic isotopic compositions are consistent with mixing involving

Intelligent Position Aware Mobile Services for Seamless and Non-Intrusive Clocking-in

Directory of Open Access Journals (Sweden)

Sergio Ríos Aguilar

2014-03-01

Full Text Available This paper analyzes the viability of the use of employees smartphones as a valid tool for companies in order to conduct presence control. A Mobile Location Aware Information System is also proposed for a non intrusive Presence Control using exclusively terminal-based reactive location technologies, meeting cost minimization, and universal access criteria. The focus is providing trust to the employees, so that they feel safe and in control of when the location data is gathered while satisfying the control needs of the employer. LAMS platform is a state-of-the-art framework for synchronous mobile location-aware content personalization, using A-GPS terminal-based/network assisted mobile positioning techniques and UAProf data processing at the origin server.

Tactile sensor of hardness recognition based on magnetic anomaly detection

Science.gov (United States)

Xue, Lingyun; Zhang, Dongfang; Chen, Qingguang; Rao, Huanle; Xu, Ping

2018-03-01

Hardness, as one kind of tactile sensing, plays an important role in the field of intelligent robot application such as gripping, agricultural harvesting, prosthetic hand and so on. Recently, with the rapid development of magnetic field sensing technology with high performance, a number of magnetic sensors have been developed for intelligent application. The tunnel Magnetoresistance(TMR) based on magnetoresistance principal works as the sensitive element to detect the magnetic field and it has proven its excellent ability of weak magnetic detection. In the paper, a new method based on magnetic anomaly detection was proposed to detect the hardness in the tactile way. The sensor is composed of elastic body, ferrous probe, TMR element, permanent magnet. When the elastic body embedded with ferrous probe touches the object under the certain size of force, deformation of elastic body will produce. Correspondingly, the ferrous probe will be forced to displace and the background magnetic field will be distorted. The distorted magnetic field was detected by TMR elements and the output signal at different time can be sampled. The slope of magnetic signal with the sampling time is different for object with different hardness. The result indicated that the magnetic anomaly sensor can recognize the hardness rapidly within 150ms after the tactile moment. The hardness sensor based on magnetic anomaly detection principal proposed in the paper has the advantages of simple structure, low cost, rapid response and it has shown great application potential in the field of intelligent robot.

Geology, mineralization, geochemistry and petrology of intrusions in the Kuh Zar Au-Cu deposit, Damghan

Directory of Open Access Journals (Sweden)

Payam Roohbakhsh

2018-04-01

secondary iron oxides such as goethite, hematite and limonite. Lithogeochemical exploration revealed Au (up to 598 ppb, Ag (up to 3747 ppb, Cu (up to 679 ppm, Pb (up to 1427 ppm and Zn (up to 1013 ppm anomalies. Based on geochemical studies, intrusive rocks have characteristics of high-K Calc-alkaline to slightly shoshonitic and they are within metaluminous to the slightly peraluminous range. Enrichment of LREE versus HREE, enrichment of LILE and depletion in HFSE indicate that the magma was formed in the subduction zones. The negative Eu anomaly is due to the presence of plagioclase as a residual mineral in the magma source. The parent magma is probably formed by the partial melting of amphibolites. The presence of monzonite porphyry source rock, QSP and propylitic alterations, pyrite disseminated mineralization and geochemical anomalies of Au and Cu in the Kuh Zar deposit represents Au-Cu porphyry mineralization in the area. Discussion Tectonic setting discrimination diagrams (Pearce et al., 1984 show that subvolcanic rocks plot almost on the fields of the volcanic arc granites (VAG. In the Rb/Zr vs. Nb diagram from (Brown et al., 1984, the samples are plotted in the field of primitive island arc/continental margin arc. The Torud-Chah Shirin Belt is a part of the Alborz magmatic assemblage (AMA. The AMA has been interpreted to represent the subduction of the Neo Tethyan oceanic lithosphere beneath the Central Iranian continental microplate and the subsequent continental collision of the Arabian and Iranian microplates in the late Cretaceous-early Cenozoic (Berberian and Berberian, 1981; Berberian et al., 1982; Alavi, 1994; Golonka, 2004. Acknowledgement This study has been supported by the Research Foundation of the Ferdowsi University of Mashhad, Iran (Project No. 27126.3. The authors would like to acknowledge the East Amethyst Laboratory for XRF analysis. We also thank the Gold Company of Iran for providing conditions for camping and accommodation. References Alavi, M

Intrusive luxation of 60 permanent incisors

DEFF Research Database (Denmark)

Tsilingaridis, Georgios; Malmgren, Barbro; Andreasen, Jens O

2012-01-01

  Intrusive luxation in the permanent dentition is an uncommon injury but it is considered one of the most severe types of dental trauma because of the risk for damage to the periodontal ligament, pulp and alveolar bone. Management of intrusive luxation in the permanent dentition is controversial....... The purpose of this study was to evaluate pulp survival and periodontal healing in intrusive luxated permanent teeth in relation to treatment alternatives, degree of intrusion and root development....

Intrusion detection method based on nonlinear correlation measure

NARCIS (Netherlands)

Ambusaidi, Mohammed A.; Tan, Zhiyuan; He, Xiangjian; Nanda, Priyadarsi; Lu, Liang Fu; Jamdagni, Aruna

2014-01-01

Cyber crimes and malicious network activities have posed serious threats to the entire internet and its users. This issue is becoming more critical, as network-based services, are more widespread and closely related to our daily life. Thus, it has raised a serious concern in individual internet

Internet use, Facebook intrusion, and depression: Results of a cross-sectional study.

Science.gov (United States)

Błachnio, A; Przepiórka, A; Pantic, I

2015-09-01

Facebook has become a very popular social networking platform today, particularly among adolescents and young adults, profoundly changing the way they communicate and interact. However, some reports have indicated that excessive Facebook use might have detrimental effects on mental health and be associated with certain psychological problems. Because previous findings on the relationship between Facebook addiction and depression were not unambiguous, further investigation was required. The main objective of our study was to examine the potential associations between Internet use, depression, and Facebook intrusion. A total of 672 Facebook users took part in the cross-sectional study. The Facebook Intrusion Questionnaire and the Center for Epidemiologic Studies Depression Scale were used. For collecting the data, the snowball sampling procedure was used. We showed that depression can be a predictor of Facebook intrusion. Our results provides additional evidence that daily Internet use time in minutes, gender, and age are also predictors of Facebook intrusion: that Facebook intrusion can be predicted by being male, young age, and an extensive number of minutes spent online. On the basis of this study, it is possible to conclude that there are certain demographic - variables, such as age, gender, or time spent online - that may help in outlining the profile of a user who may be in danger of becoming addicted to Facebook. This piece of knowledge may serve for prevention purposes. Copyright © 2015 Elsevier Masson SAS. All rights reserved.

On-road anomaly detection by multimodal sensor analysis and multimedia processing

Science.gov (United States)

Orhan, Fatih; Eren, P. E.

2014-03-01

The use of smartphones in Intelligent Transportation Systems is gaining popularity, yet many challenges exist in developing functional applications. Due to the dynamic nature of transportation, vehicular social applications face complexities such as developing robust sensor management, performing signal and image processing tasks, and sharing information among users. This study utilizes a multimodal sensor analysis framework which enables the analysis of sensors in multimodal aspect. It also provides plugin-based analyzing interfaces to develop sensor and image processing based applications, and connects its users via a centralized application as well as to social networks to facilitate communication and socialization. With the usage of this framework, an on-road anomaly detector is being developed and tested. The detector utilizes the sensors of a mobile device and is able to identify anomalies such as hard brake, pothole crossing, and speed bump crossing. Upon such detection, the video portion containing the anomaly is automatically extracted in order to enable further image processing analysis. The detection results are shared on a central portal application for online traffic condition monitoring.

Wireless sensing without sensors—an experimental study of motion/intrusion detection using RF irregularity

International Nuclear Information System (INIS)

Lee, Pius W Q; Tan, Hwee-Pink; Seah, Winston K G; Yao, Zexi

2010-01-01

Motion and intrusion detection are often cited as wireless sensor network (WSN) applications with typical configurations comprising clusters of wireless nodes equipped with motion sensors to detect human motion. Currently, WSN performance is subjected to several constraints, namely radio irregularity and finite on-board computation/energy resources. Radio irregularity in radio frequency (RF) propagation rises to a higher level in the presence of human activity due to the absorption effect of the human body. In this paper, we investigate the feasibility of monitoring RF transmission for the purpose of intrusion detection through experimentation. With empirical data obtained from the Crossbow TelosB platform in several different environments, the impact of human activity on the signal strength of RF signals in a WSN is evaluated. We then propose a novel approach to intrusion detection by turning a constraint in WSN, namely radio irregularity, into an advantage for the purpose of intrusion detection, using signal fluctuations to detect the presence of human activity within the WSN. Unlike RF fingerprinting, the 'intruders' here neither transmit nor receive any RF signals. By enabling existing wireless infrastructures to serve as intrusion detectors instead of deploying numerous costly sensors, this approach shows great promise for providing novel solutions

Type D personality, stress coping strategies and self-efficacy as predictors of Facebook intrusion.

Science.gov (United States)

Błachnio, Agata; Przepiorka, Aneta; Czuczwar, Stanisław Jerzy

2017-07-01

Recently, Facebook has become one of the most popular social networking sites. People use it more and more often. A number of studies have recently addressed the issue of excessive Facebook use, showing this phenomenon to be a spreading problem. The main aim of the present study was to examine whether Type D personality, self-efficacy and coping strategies are related to Facebook intrusion. The participants were 882 students of Polish universities, all of them Facebook users (72% women, mean age: 22.25 years, SD =2.06). We used the Facebook Intrusion Questionnaire, the Facebook Intensity Scale, the General Self-Efficacy Scale, the Coping Inventory for Stressful Situations, and the Type D Scale. We applied the pen-and-paper procedure. Our results indicate that emotion-oriented and avoidance-oriented strategies of coping in stressful situations are predictors of Facebook intrusion and Facebook intensity. The relations between both Facebook intrusion and intensity and social inhibition are significant only when emotion-oriented coping strategy is controlled. The knowledge of whether coping strategies in stressful situations, such as focus on emotions or avoidance, are related to Facebook intrusion might be useful for clinical purposes. Copyright © 2017 Elsevier Ireland Ltd. All rights reserved.

Paleomagnetic determinations on Lanzarote from magnetic and gravity anomalies: Implications for the early history of the Canary Islands

Science.gov (United States)

Blanco-Montenegro, I.; Montesinos, F. G.; GarcíA, A.; Vieira, R.; VillalaíN, J. J.

2005-12-01

The Bouguer and aeromagnetic anomaly maps of Lanzarote show a gravity high and a dipolar magnetic anomaly over the central part of the island, indicating one isolated source. Assuming that the structure responsible for both anomalies is the same, a methodology has been designed to estimate the total magnetization vector of the source, which is interpreted as a large intrusive body (mafic core) positioned as a result of magma rising to the surface during the early stages of growth of Lanzarote. Considering its geometry to be known from a previous three-dimensional (3-D) gravity model, the approach proposed in this paper is based on the delineation of magnetic contacts through analysis of the horizontal gradient of the reduced-to-the-pole anomaly map, comparison between the gravity and the pseudogravity anomalies, and 3-D forward magnetic modeling. The total magnetization vector obtained by this method is defined by a module of 4.5 A m-1 and a direction D = -20° and I = 30°. Comparing the paleomagnetic pole, obtained from this direction, with the apparent polar wander path of Africa for the last 160 Myr, it is concluded that the main component of the total magnetization vector is probably a primary natural remanent magnetization (NRM) which could have been acquired between 60 and 100 Ma. This result suggests that the emplacement of magmas at shallow depths linked to the beginning of volcanism in Lanzarote took place during the Upper Cretaceous, thus providing the first evidence of a timeline for the early formative stages of this volcanic island.

Prototype of Intrusion Detection Model using UML 5.0 and Forward Engineering

Directory of Open Access Journals (Sweden)

Muthaiyan MADIAJAGAN,

2011-01-01

Full Text Available In this paper we are using UML (Unified Modeling Language which is the blueprint language between the programmers, analysts, and designer’s for easy representation of pictures or diagrammatic notation with some textual data. Here we are using UML 5.0 to show “prototype of the Intrusion Detection Model” and by explaining it by combining various parts by drawing various UML diagrams such as Use cases and Activity diagrams and Class Diagram using which we show forward engineering using the class diagram of the IDM( Intrusion Detection Model. IDM is a device or software that works on detecting malicious activities by unauthorized users that can cause breach to the security policy within a network.

Anomaly detection in smart city wireless sensor networks

OpenAIRE

Garcia Font, Víctor

2017-01-01

Aquesta tesi proposa una plataforma de detecció d’intrusions per a revelar atacs a les xarxes de sensors sense fils (WSN, per les sigles en anglès) de les ciutats intel·ligents (smart cities). La plataforma està dissenyada tenint en compte les necessitats dels administradors de la ciutat intel·ligent, els quals necessiten accés a una arquitectura centralitzada que pugui gestionar alarmes de seguretat en un sistema altament heterogeni i distribuït. En aquesta tesi s’identifiquen els diversos p...

Anomaly detection in smart city wireless sensor networks

OpenAIRE

García Font, Víctor

2017-01-01

Aquesta tesi proposa una plataforma de detecció d'intrusions per a revelar atacs a les xarxes de sensors sense fils (WSN, per les sigles en anglès) de les ciutats intel·ligents (smart cities). La plataforma està dissenyada tenint en compte les necessitats dels administradors de la ciutat intel·ligent, els quals necessiten accés a una arquitectura centralitzada que pugui gestionar alarmes de seguretat en un sistema altament heterogeni i distribuït. En aquesta tesi s'identifiquen els diversos p...

A Metrics-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems

Science.gov (United States)

2002-04-01

Based Approach to Intrusion Detection System Evaluation for Distributed Real - Time Systems Authors: G. A. Fink, B. L. Chappell, T. G. Turner, and...Distributed, Security. 1 Introduction Processing and cost requirements are driving future naval combat platforms to use distributed, real - time systems of...distributed, real - time systems . As these systems grow more complex, the timing requirements do not diminish; indeed, they may become more constrained

Theory and experiments in model-based space system anomaly management

Science.gov (United States)

Kitts, Christopher Adam

This research program consists of an experimental study of model-based reasoning methods for detecting, diagnosing and resolving anomalies that occur when operating a comprehensive space system. Using a first principles approach, several extensions were made to the existing field of model-based fault detection and diagnosis in order to develop a general theory of model-based anomaly management. Based on this theory, a suite of algorithms were developed and computationally implemented in order to detect, diagnose and identify resolutions for anomalous conditions occurring within an engineering system. The theory and software suite were experimentally verified and validated in the context of a simple but comprehensive, student-developed, end-to-end space system, which was developed specifically to support such demonstrations. This space system consisted of the Sapphire microsatellite which was launched in 2001, several geographically distributed and Internet-enabled communication ground stations, and a centralized mission control complex located in the Space Technology Center in the NASA Ames Research Park. Results of both ground-based and on-board experiments demonstrate the speed, accuracy, and value of the algorithms compared to human operators, and they highlight future improvements required to mature this technology.

Inversion of self-potential anomalies caused by 2D inclined sheets using neural networks

International Nuclear Information System (INIS)

El-Kaliouby, Hesham M; Al-Garni, Mansour A

2009-01-01

The modular neural network (MNN) inversion method has been used for inversion of self-potential (SP) data anomalies caused by 2D inclined sheets of infinite horizontal extent. The analysed parameters are the depth (h), the half-width (a), the inclination (α), the zero distance from the origin (x o ) and the polarization amplitude (k). The MNN inversion has been first tested on a synthetic example and then applied to two field examples from the Surda area of Rakha mines, India, and Kalava fault zone, India. The effect of random noise has been studied, and the technique showed satisfactory results. The inversion results show good agreement with the measured field data compared with other inversion techniques in use

Petrology and geochemistry of intrusive rocks in Some-Ahani and Ferezneh prospect areas, east of Sangan mine, Khaf (Southeast of Mashhad

Directory of Open Access Journals (Sweden)

Nazi Mazhari

2017-03-01

Full Text Available The Some-Ahani and Ferezneh prospect areas are two of the eastern anomalies ofKhaf’s Sangan iron mine in Khorasan Razavi province. Biotite monzonite porphyry andbiotite syenogranite Tertiary plutons occurred in the area of study. Due to the severe alteration of biotite monzonite porphyry intrusion, geochemical studies have beenfocused on the biotite syenogranite. It is chemically peraluminous, moderate to highpotassic and magnesian and its tectonic setting is of post orogenic. In both A-typegranites and in differentiated peralkaline I-type granitic rocks: negative Eu anomaly,mild enrichment of LREE, positive, relatively flat HREE pattern, negative anomalies ofBa, Sr, La, Ce, Ti, and large amount of Ga (16- 24 ppm are the same. On the basis ofmajor oxide values and SiO2 vs. FeOt/MgO ratio, the prospect area samples fall in therange of I-type granites. Variations in the minor and trace elements in all samplesindicate fractional crystallization in separation of plagioclase, alkali feldspar and biotite,generated by fractional crystallization from an I-type granitic magma poor in P. Increasein HFS elements such as Ga and Nb is associated with the differentiation of thesegranites. Comparison of the intrusions studied with Bermani and Sarkhar rocks insoutheast Sangan shows that variations in the major, minor and rare earth elements aresimilar to each other and to those of I-type granites, which can be differentiated by various degrees of partial melting of andesite and dacite protolith or are produced by atwo-stage process of remelting intermediate rocks.

Effective use of surface-water management to control saltwater intrusion

Science.gov (United States)

Hughes, J. D.; White, J.

2012-12-01

The Biscayne aquifer in southeast Florida is susceptible to saltwater intrusion and inundation from rising sea-level as a result of high groundwater withdrawal rates and low topographic relief. Groundwater levels in the Biscayne aquifer are managed by an extensive canal system that is designed to control flooding, supply recharge to municipal well fields, and control saltwater intrusion. We present results from an integrated surface-water/groundwater model of a portion of the Biscayne aquifer to evaluate the ability of the existing managed surface-water control network to control saltwater intrusion. Surface-water stage and flow are simulated using a hydrodynamic model that solves the diffusive-wave approximation of the depth-integrated shallow surface-water equations. Variable-density groundwater flow and fluid density are solved using the Oberbeck--Boussinesq approximation of the three-dimensional variable-density groundwater flow equation and a sharp interface approximation, respectively. The surface-water and variable-density groundwater domains are implicitly coupled during each Picard iteration. The Biscayne aquifer is discretized into a multi-layer model having a 500-m square horizontal grid spacing. All primary and secondary surface-water features in the active model domain are discretized into segments using the 500-m square horizontal grid. A 15-year period of time is simulated and the model includes 66 operable surface-water control structures, 127 municipal production wells, and spatially-distributed daily internal and external hydrologic stresses. Numerical results indicate that the existing surface-water system can be effectively used in many locations to control saltwater intrusion in the Biscayne aquifer resulting from increases in groundwater withdrawals or sea-level rise expected to occur over the next 25 years. In other locations, numerical results indicate surface-water control structures and/or operations may need to be modified to control

Simulation-Optimization Model for Seawater Intrusion Management at Pingtung Coastal Area, Taiwan

Science.gov (United States)

Huang, P. S.; Chiu, Y.

2015-12-01

In 1970's, the agriculture and aquaculture were rapidly developed at Pingtung coastal area in southern Taiwan. The groundwater aquifers were over-pumped and caused the seawater intrusion. In order to remedy the contaminated groundwater and find the best strategies of groundwater usage, a management model to search the optimal groundwater operational strategies is developed in this study. The objective function is to minimize the total amount of injection water and a set of constraints are applied to ensure the groundwater levels and concentrations are satisfied. A three-dimension density-dependent flow and transport simulation model, called SEAWAT developed by U.S. Geological Survey, is selected to simulate the phenomenon of seawater intrusion. The simulation model is well calibrated by the field measurements and replaced by the surrogate model of trained artificial neural networks (ANNs) to reduce the computational time. The ANNs are embedded in the management model to link the simulation and optimization models, and the global optimizer of differential evolution (DE) is applied for solving the management model. The optimal results show that the fully trained ANNs could substitute the original simulation model and reduce much computational time. Under appropriate setting of objective function and constraints, DE can find the optimal injection rates at predefined barriers. The concentrations at the target locations could decrease more than 50 percent within the planning horizon of 20 years. Keywords : Seawater intrusion, groundwater management, numerical model, artificial neural networks, differential evolution

Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks

Science.gov (United States)

Alicherry, Mansoor; Keromytis, Angelos D.; Stavrou, Angelos

Mobile Ad-hoc Networks (MANETs) are increasingly employed in tactical military and civil rapid-deployment networks, including emergency rescue operations and ad hoc disaster-relief networks. However, this flexibility of MANETs comes at a price, when compared to wired and base station-based wireless networks: MANETs are susceptible to both insider and outsider attacks. This is mainly because of the lack of a well-defined defense perimeter preventing the effective use of wired defenses including firewalls and intrusion detection systems.

The Effects of Saltwater Intrusion to Flood Mitigation Project

Science.gov (United States)

Azida Abu Bakar, Azinoor; Khairudin Khalil, Muhammad

2018-03-01

The objective of this study is to determine the effects of saltwater intrusion to flood mitigation project located in the flood plains in the district of Muar, Johor. Based on the studies and designs carried out, one of the effective flood mitigation options identified is the Kampung Tanjung Olak bypass and Kampung Belemang bypass at the lower reaches of Sungai Muar. But, the construction of the Kampung Belemang and Tanjung Olak bypass, while speeding up flood discharges, may also increase saltwater intrusion during drought low flows. Establishing the dynamics of flooding, including replicating the existing situation and the performance with prospective flood mitigation interventions, is most effectively accomplished using computer-based modelling tools. The finding of this study shows that to overcome the problem, a barrage should be constructed at Sungai Muar to solve the saltwater intrusion and low yield problem of the river.

Atmospheric circulation patterns and phenological anomalies of grapevine in Italy

Science.gov (United States)

Cola, Gabriele; Alilla, Roberta; Dal Monte, Giovanni; Epifani, Chiara; Mariani, Luigi; Parisi, Simone Gabriele

2014-05-01

Grapevine (Vitis vinifera L.) is a fundamental crop for Italian agriculture as testified by the first place of Italy in the world producers ranking. This justify the importance of quantitative analyses referred to this crucial crop and aimed to quantify meteorological resources and limitations to development and production. Phenological rhythms of grapevine are strongly affected by surface fields of air temperature which in their turn are affected by synoptic circulation. This evidence highlights the importance of an approach based on dynamic climatology in order to detect and explain phenological anomalies that can have relevant effects on quantity and quality of grapevine production. In this context, this research is aimed to study the existing relation among the 850 hPa circulation patterns over the Euro-Mediterranean area from NOAA Ncep dataset and grapevine phenological fields for Italy over the period 2006-2013, highlighting the main phenological anomalies and analyzing synoptic determinants. This work is based on phenological fields with a standard pixel of 2 km routinely produced from 2006 by the Iphen project (Italian Phenological network) on the base of phenological observations spatialized by means of a specific algorithm based on cumulated thermal resources expressed as Normal Heat Hours (NHH). Anomalies have been evaluated with reference to phenological normal fields defined for the Italian area on the base of phenological observations and Iphen model. Results show that relevant phenological anomalies observed over the reference period are primarily associated with long lasting blocking systems driving cold air masses (Arctic or Polar-Continental) or hot ones (Sub-Tropical) towards the Italian area. Specific cases are presented for some years like 2007 and 2011.

Anomalies and contradictions in an airport construction project: a historical analysis based on Cultural-Historical Activity Theory.

Science.gov (United States)

Lopes, Manoela Gomes Reis; Vilela, Rodolfo Andrade de Gouveia; Querol, Marco Antônio Pereira

2018-02-19

Large construction projects involve the functioning of a complex activity system (AS) in network format. Anomalies such as accidents, delays, reworks, etc., can be explained by contradictions that emerge historically in the system. The aim of this study was to analyze the history of an airport construction project to understand the current contradictions and anomalies in the AS and how they emerged. A case study was conducted for this purpose, combining Collective Work Analysis, interviews, observations, and analysis of documents that provided the basis for sessions in the Change Laboratory, where a participant timeline was elaborated with the principal events during the construction project. Based on the timeline, a historical analysis of the airport's AS revealed critical historical events and contradictions that explained the anomalies that occurred during the project. The analysis showed that the airport had been planned for construction with politically determined deadlines that were insufficient and inconsistent with the project's complexity. The choice of the contract modality, which assigned responsibility to a joint venture for all of the project's phases, was another critical historical event, because it allowed launching the construction before a definitive executive project had been drafted. There were also different cultures in companies working together for the first time in the context of a project with time pressures and outsourcing of activities without the necessary coordination. Identifying these contradictions and their historical origins proved essential for understanding the current situation and efforts to prevent similar situations in the future.

Feature selection for anomaly–based network intrusion detection using cluster validity indices

CSIR Research Space (South Africa)

Naidoo, Tyrone

2015-09-01

Full Text Available data, which is rarely available in operational networks. It uses normalized cluster validity indices as an objective function that is optimized over the search space of candidate feature subsets via a genetic algorithm. Feature sets produced...

[Analysis of intrusion errors in free recall].

Science.gov (United States)

Diesfeldt, H F A

2017-06-01

Extra-list intrusion errors during five trials of the eight-word list-learning task of the Amsterdam Dementia Screening Test (ADST) were investigated in 823 consecutive psychogeriatric patients (87.1% suffering from major neurocognitive disorder). Almost half of the participants (45.9%) produced one or more intrusion errors on the verbal recall test. Correct responses were lower when subjects made intrusion errors, but learning slopes did not differ between subjects who committed intrusion errors and those who did not so. Bivariate regression analyses revealed that participants who committed intrusion errors were more deficient on measures of eight-word recognition memory, delayed visual recognition and tests of executive control (the Behavioral Dyscontrol Scale and the ADST-Graphical Sequences as measures of response inhibition). Using hierarchical multiple regression, only free recall and delayed visual recognition retained an independent effect in the association with intrusion errors, such that deficient scores on tests of episodic memory were sufficient to explain the occurrence of intrusion errors. Measures of inhibitory control did not add significantly to the explanation of intrusion errors in free recall, which makes insufficient strength of memory traces rather than a primary deficit in inhibition the preferred account for intrusion errors in free recall.

Development of anomaly detection models for deep subsurface monitoring

Science.gov (United States)

Sun, A. Y.

2017-12-01

Deep subsurface repositories are used for waste disposal and carbon sequestration. Monitoring deep subsurface repositories for potential anomalies is challenging, not only because the number of sensor networks and the quality of data are often limited, but also because of the lack of labeled data needed to train and validate machine learning (ML) algorithms. Although physical simulation models may be applied to predict anomalies (or the system's nominal state for that sake), the accuracy of such predictions may be limited by inherent conceptual and parameter uncertainties. The main objective of this study was to demonstrate the potential of data-driven models for leakage detection in carbon sequestration repositories. Monitoring data collected during an artificial CO2 release test at a carbon sequestration repository were used, which include both scalar time series (pressure) and vector time series (distributed temperature sensing). For each type of data, separate online anomaly detection algorithms were developed using the baseline experiment data (no leak) and then tested on the leak experiment data. Performance of a number of different online algorithms was compared. Results show the importance of including contextual information in the dataset to mitigate the impact of reservoir noise and reduce false positive rate. The developed algorithms were integrated into a generic Web-based platform for real-time anomaly detection.

Hydrodynamic modeling of the intrusion phenomenon in water distribution systems; Modelacion hidrodinamica del fenomeno de intrusion en tuberia de abastecimiento

Energy Technology Data Exchange (ETDEWEB)

Lopez-Jimenez, Petra Amparo; Mora-Rodriguez, Jose de Jesus; Perez-Garcia, Rafael; Martinez-Solano, F. Javier [Universidad Politecnica de Valencia (Spain)

2008-10-15

This paper describes a strategy for the hydrodynamic modeling of the pathogen intrusion phenomenon in water distribution systems by the combination of a breakage with a depression situation. This scenario will be modeled computationally and experimentally. The phenomenon to be represented by both simulations is the same: the entrance of an external volume into the circulation of a main volume, known as a pathogen intrusion, as long as the main volume is potable water. To this end, a prototype and a computational model based on Computational Fluid Dynamics (CFD) are used, which allow visualizing the fields of speeds and pressures in a simulated form. With the comparison of the results of both models, conclusions will be drawn on the detail of the studied pathogen intrusion phenomenon. [Spanish] En el presente documento se describe una estrategia de modelacion del fenomeno hidrodinamico de la intrusion patogena en redes de distribucion de agua por combinacion de una rotura con una situacion de depresion. Este escenario sera modelado computacional y experimentalmente. El fenomeno que se desea representar con ambas simulaciones es el mismo: la entrada de un caudal externo a una conduccion para la que circula un caudal principal, denominado intrusion patogena, siempre y cuando el caudal principal sea agua potable. Para ello se dispone de un prototipo y un modelo computacional basado en la Dinamica de Fluidos Computacional (DFC de aqui en adelante), que permite visualizar los campos de velocidades y presiones de forma simulada. Con la comparacion de los resultados de ambos modelos se extraeran conclusiones sobre el detalle del fenomeno de la intrusion patogena estudiado.

Radon anomalies and their correlation with microseismicity in N-W Himalaya

International Nuclear Information System (INIS)

Virk, H.S.; Walia, Vivek; Sharma, Anand Kumar; Kumar, Naresh; Kumar, Rajiv

2000-01-01

Evidence for radon anomalies in soil-gas and groundwater as earthquake precursor phenomenon is recorded in Kangra and Chamba valleys of Himachal Pradesh, India based on micro-seismicity trends in N-W Himalaya. Radon monitoring is being carried out at Palampur, Jawalamukhi, Dalhousie and Chamba stations using emanometry for discrete measurements and alpha-logger technique for continuous recording of time-series radon data from June 1996 to September 1997. Radon anomalies in both type of data are correlated with some of the micro-earthquakes recorded during the time-window by the seismographic network of Indian Meteorological Department (IMD). A critical analysis is made of radon data to find confidence level and sensitivity of each recording station

Intrusion detection model using fusion of chi-square feature selection and multi class SVM

Directory of Open Access Journals (Sweden)

Ikram Sumaiya Thaseen

2017-10-01

Full Text Available Intrusion detection is a promising area of research in the domain of security with the rapid development of internet in everyday life. Many intrusion detection systems (IDS employ a sole classifier algorithm for classifying network traffic as normal or abnormal. Due to the large amount of data, these sole classifier models fail to achieve a high attack detection rate with reduced false alarm rate. However by applying dimensionality reduction, data can be efficiently reduced to an optimal set of attributes without loss of information and then classified accurately using a multi class modeling technique for identifying the different network attacks. In this paper, we propose an intrusion detection model using chi-square feature selection and multi class support vector machine (SVM. A parameter tuning technique is adopted for optimization of Radial Basis Function kernel parameter namely gamma represented by ‘ϒ’ and over fitting constant ‘C’. These are the two important parameters required for the SVM model. The main idea behind this model is to construct a multi class SVM which has not been adopted for IDS so far to decrease the training and testing time and increase the individual classification accuracy of the network attacks. The investigational results on NSL-KDD dataset which is an enhanced version of KDDCup 1999 dataset shows that our proposed approach results in a better detection rate and reduced false alarm rate. An experimentation on the computational time required for training and testing is also carried out for usage in time critical applications.

Remote Network Access (RNA)

National Research Council Canada - National Science Library

2002-01-01

.... Remote Network Access (RNA) includes or is associated with all communication devices/software, firewalls, intrusion detection systems and virus protection applications to ensure security of the OIG, DoD, Network from remote...

Individual differences in spatial configuration learning predict the occurrence of intrusive memories.

Science.gov (United States)

Meyer, Thomas; Smeets, Tom; Giesbrecht, Timo; Quaedflieg, Conny W E M; Girardelli, Marta M; Mackay, Georgina R N; Merckelbach, Harald

2013-03-01

The dual-representation model of posttraumatic stress disorder (PTSD; Brewin, Gregory, Lipton, & Burgess, Psychological Review, 117, 210-232 2010) argues that intrusions occur when people fail to construct context-based representations during adverse experiences. The present study tested a specific prediction flowing from this model. In particular, we investigated whether the efficiency of temporal-lobe-based spatial configuration learning would account for individual differences in intrusive experiences and physiological reactivity in the laboratory. Participants (N = 82) completed the contextual cuing paradigm, which assesses spatial configuration learning that is believed to depend on associative encoding in the parahippocampus. They were then shown a trauma film. Afterward, startle responses were quantified during presentation of trauma reminder pictures versus unrelated neutral and emotional pictures. PTSD symptoms were recorded in the week following participation. Better configuration learning performance was associated with fewer perceptual intrusions, r = -.33, p .46) and had no direct effect on intrusion-related distress and overall PTSD symptoms, rs > -.12, ps > .29. However, configuration learning performance tended to be associated with reduced physiological responses to unrelated negative images, r = -.20, p = .07. Thus, while spatial configuration learning appears to be unrelated to affective responding to trauma reminders, our overall findings support the idea that the context-based memory system helps to reduce intrusions.

A Model-Based Anomaly Detection Approach for Analyzing Streaming Aircraft Engine Measurement Data

Science.gov (United States)

Simon, Donald L.; Rinehart, Aidan Walker

2015-01-01

This paper presents a model-based anomaly detection architecture designed for analyzing streaming transient aircraft engine measurement data. The technique calculates and monitors residuals between sensed engine outputs and model predicted outputs for anomaly detection purposes. Pivotal to the performance of this technique is the ability to construct a model that accurately reflects the nominal operating performance of the engine. The dynamic model applied in the architecture is a piecewise linear design comprising steady-state trim points and dynamic state space matrices. A simple curve-fitting technique for updating the model trim point information based on steadystate information extracted from available nominal engine measurement data is presented. Results from the application of the model-based approach for processing actual engine test data are shown. These include both nominal fault-free test case data and seeded fault test case data. The results indicate that the updates applied to improve the model trim point information also improve anomaly detection performance. Recommendations for follow-on enhancements to the technique are also presented and discussed.

Layered crust-mantle transition zone below a large crustal intrusion in the Norwegian-Danish basin

DEFF Research Database (Denmark)

Sandrin, Alessandro; Nielsen, Lars; Thybo, Hans

2009-01-01

the lowermost crust (7.7 km/s) and the uppermost mantle (7.9-8.0 km/s). The seismic data show a "ringing" Moho below the western part of the intrusion. The coda trailing the main PmP reflection is about 1.0 s long and is composed of 4-5 wavelets. We demonstrate that this feature may be explained by a layered......The crust and uppermost mantle below the large positive gravity anomaly in the central part of the Norwegian-Danish Basin, the Silkeborg Gravity High (SGH), is investigated using controlled source seismic data. A more than 80 km long and ~ 20 km thick intrusion is interpreted. The seismic velocity...... transition zone between 30 and 35 km depth, where high-velocity layers of mantle affinity (7.9-8.05 km/s) alternate with layers of typical lower crustal velocity (6.7-7.3 km/s). The characteristics of this layering, which causes thePmP coda, are modelled by matching synthetic seismograms to the observed data...

[Simultaneous intrusion and retraction of the anterior teeth using a three-piece base arch].

Science.gov (United States)

Liu, D; Bai, D; Wang, C; Sun, W; Guo, J; Xi, R

2000-06-01

To evaluate the effects of the three-piece base arch on overbite correction of Class II malocclusion. 20 patients with high angle, flared incisors were treated using a three-piece base arch appliance. The intrusion force of four upper incisors was adjusted to approximately 50 g. The line of force action was 2 mm distally to the resistant center(RC) and the retraction force was 20 g, the right and left posterior segments were joined by a palatal bar. Cephalograms were taken before treatment (T1) and six months after treatment (T2). The upper molars moved mesially 0.60 +/- 0.35 mm and the distance of the vertical extrusion was 0.80 +/- 0.52 mm. The distances of the upper central incisor retraction and intrusion were -4.20 +/- 2.12 mm and 3.10 +/- 0.54 mm respectively. The RC of the central incisor retracted -4.12 +/- 1.96 mm and intruded 3.20 +/- 0.66 mm. The axial inclination of the upper incisor-palatal plane changed from 123.21 degrees +/- 4.26 degrees to 116.00 degrees +/- 3.96 degrees. The three-piece segmented approach can effectively intrude and retract the upper anterior teeth for flared incisors and deep overbite.

Detection of Anomalies in Hydrometric Data Using Artificial Intelligence Techniques

Science.gov (United States)

Lauzon, N.; Lence, B. J.

2002-12-01

This work focuses on the detection of anomalies in hydrometric data sequences, such as 1) outliers, which are individual data having statistical properties that differ from those of the overall population; 2) shifts, which are sudden changes over time in the statistical properties of the historical records of data; and 3) trends, which are systematic changes over time in the statistical properties. For the purpose of the design and management of water resources systems, it is important to be aware of these anomalies in hydrometric data, for they can induce a bias in the estimation of water quantity and quality parameters. These anomalies may be viewed as specific patterns affecting the data, and therefore pattern recognition techniques can be used for identifying them. However, the number of possible patterns is very large for each type of anomaly and consequently large computing capacities are required to account for all possibilities using the standard statistical techniques, such as cluster analysis. Artificial intelligence techniques, such as the Kohonen neural network and fuzzy c-means, are clustering techniques commonly used for pattern recognition in several areas of engineering and have recently begun to be used for the analysis of natural systems. They require much less computing capacity than the standard statistical techniques, and therefore are well suited for the identification of outliers, shifts and trends in hydrometric data. This work constitutes a preliminary study, using synthetic data representing hydrometric data that can be found in Canada. The analysis of the results obtained shows that the Kohonen neural network and fuzzy c-means are reasonably successful in identifying anomalies. This work also addresses the problem of uncertainties inherent to the calibration procedures that fit the clusters to the possible patterns for both the Kohonen neural network and fuzzy c-means. Indeed, for the same database, different sets of clusters can be

Geology, mineralization, U-Pb dating and Sr-Nd isotope geochemistry of intrusive bodies in northeast of Kashmar

Directory of Open Access Journals (Sweden)

Alireza Almasi

2015-04-01

+ epidotization+ chloride+ sericite+ barite which are synchronous with IOCG veins (specularite+ chalcopyrite+ pyrite± galena± sphalerite± barite± siderite ± etc.. Primary centralized and sulfide base-metal veins in crosscutting points between Dorouneh fault and minor faults. Bahariyeh, Uchpalang and Sarsefidal areas are located in these crosscutting points. Tourmaline (demorterite ±chloride fill the fractures in the intrusive rocks of southern part of area next to the Dorouneh fault occasionally. Lateral alteration synchronous with IOCG veins occur in Kamarmard area. Geochemical data of all veins show Cu, Pb, Zn anomalies (>1% in two type veins, Au anomalies (to about 15 ppm only in IOCG veins, Mn anomalies in two type veins and Ba anomalies in IOCG veins. Alteration and mineralization in the world-class IOCG deposits identified by sodic-calcic and potassic (hydrothermal actinolite and biotite and magnetite± gold in deep parts (Sillitoe, 2003 and advanced argillic+ pyrite+ sericite+ toulrmaline (demorterite in shallow parts (Ray and Dick, 2002. Generally, alteration in the study area is similar to shallow parts of world-class IOCG deposits. Tanourjeh is a IOCG deposit next to the northwest of the study area. In Tanourjeh, the gold-bearing magnetite is synchronous to potassic alteration (hydrothermal biotite and other alterations are advanced argillic, silicification and sericite. These characteristics are similar to deep parts of world-class IOCG deposits. Bahariyeh, Uchpalang and Sarsefidal have similarities to alterations in Tanourjeh. Considering Tanourjeh lie in the lower level rather to Bahariyeh, Uchpalang and Sarsefidal, we believe they erosion surface in Tanourjeh is lower. Kamarmard lies in the highest erosion surface in the study area. Alterations and Mineralization as similar to Kuh e Zar IOCG deposit (specularite+chalcopyrite+gold which is next to the Kamarmard area in Northeast of study area. In Bahariyeh-Uchpalang areas we can see only one IOCG vein but in

Anomaly Detection using the "Isolation Forest" algorithm

CERN Multimedia

CERN. Geneva

2015-01-01

Anomaly detection can provide clues about an outlying minority class in your data: hackers in a set of network events, fraudsters in a set of credit card transactions, or exotic particles in a set of high-energy collisions. In this talk, we analyze a real dataset of breast tissue biopsies, with malignant results forming the minority class. The "Isolation Forest" algorithm finds anomalies by deliberately “overfitting” models that memorize each data point. Since outliers have more empty space around them, they take fewer steps to memorize. Intuitively, a house in the country can be identified simply as “that house out by the farm”, while a house in the city needs a longer description like “that house in Brooklyn, near Prospect Park, on Union Street, between the firehouse and the library, not far from the French restaurant”. We first use anomaly detection to find outliers in the biopsy data, then apply traditional predictive modeling to discover rules that separate anomalies from normal data...

Gravity Anomalies in the Northern Hawaiian Islands: Evidence for an Alternative Magma Chamber on Kauai and a Conjoined Niihau-Kauai Island

Science.gov (United States)

Flinders, A. F.; Ito, G.; Garcia, M.; Kim, S.; Appelgate, B.

2008-12-01

The shield stage evolution of the islands of Kauai and Niihau are poorly understood. Previous land-based gravity surveys provide only a coarse constraint on the observed gravitational field. Questions as to whether the island of Kauai was formed by a single or multiple shields and the developmental relationship between these neighboring islands are still debated. Our new land-based gravity survey of Kauai and ship-board gravity surveys around both islands identified large complete Bouguer gravitational anomalies under Kauai's Lihue Basin and offshore in the Kaulakahi Channel, a 30-km-long bathymetric ridge connecting the two islands. These gravitational highs are consistent in size and magnitude with those of other Hawaiian islands and imply local zones of high density crust, most likely attributed to magmatic intrusions; e.g. former magma chambers, or rift zones. The Lihue Basin anomaly observed is offset 20 km east from the geologically mapped caldera region. This offset implies either the unlikely case that the shield stage plumbing system connecting the magma chamber and caldera could have been inclined by up to 75 degrees from the vertical, or that the currently mapped caldera is a late feature, unrelated to shield volcanism. The location of the gravitational anomaly, in the Kaulakahi Channel, 20 km east of Niihau is consistent with geologic mapping, which indicates that Niihau is a remnant of an ancient shield volcano centered east of the island. The proximity of the Niihau gravitational anomaly 10 km from the western edge of Kauai supports the hypothesis that the two volcanoes were part of the same island.

Distance metric learning for complex networks: Towards size-independent comparison of network structures

Science.gov (United States)