Advantages and Disadvantages of the Patient-Centered Medical Home: A Critical Analysis and Lessons Learned.

Science.gov (United States)

Budgen, Jacqueline; Cantiello, John

This article provides a detailed examination of the pros and cons associated with patient-centered medical homes (PCMHs). Opinions and findings from those who have studied PCMHs and those who have been directly involved with this type of health care model are outlined. Key lessons from providers are detailed, and critical success factors are highlighted. This synthesized analysis serves to lend evidence to health care managers and providers who are considering implementation of the PCMH model.

Epidemiologic methods lessons learned from environmental public health disasters: Chernobyl, the World Trade Center, Bhopal, and Graniteville, South Carolina.

Science.gov (United States)

Svendsen, Erik R; Runkle, Jennifer R; Dhara, Venkata Ramana; Lin, Shao; Naboka, Marina; Mousseau, Timothy A; Bennett, Charles

2012-08-01

Environmental public health disasters involving hazardous contaminants may have devastating effects. While much is known about their immediate devastation, far less is known about long-term impacts of these disasters. Extensive latent and chronic long-term public health effects may occur. Careful evaluation of contaminant exposures and long-term health outcomes within the constraints imposed by limited financial resources is essential. Here, we review epidemiologic methods lessons learned from conducting long-term evaluations of four environmental public health disasters involving hazardous contaminants at Chernobyl, the World Trade Center, Bhopal, and Graniteville (South Carolina, USA). We found several lessons learned which have direct implications for the on-going disaster recovery work following the Fukushima radiation disaster or for future disasters. These lessons should prove useful in understanding and mitigating latent health effects that may result from the nuclear reactor accident in Japan or future environmental public health disasters.

Lessons Learned from Creating the Public Earthquake Resource Center at CERI

Science.gov (United States)

Patterson, G. L.; Michelle, D.; Johnston, A.

2004-12-01

The Center for Earthquake Research and Information (CERI) at the University of Memphis opened the Public Earthquake Resource Center (PERC) in May 2004. The PERC is an interactive display area that was designed to increase awareness of seismology, Earth Science, earthquake hazards, and earthquake engineering among the general public and K-12 teachers and students. Funding for the PERC is provided by the US Geological Survey, The NSF-funded Mid America Earthquake Center, and the University of Memphis, with input from the Incorporated Research Institutions for Seismology. Additional space at the facility houses local offices of the US Geological Survey. PERC exhibits are housed in a remodeled residential structure at CERI that was donated by the University of Memphis and the State of Tennessee. Exhibits were designed and built by CERI and US Geological Survey staff and faculty with the help of experienced museum display subcontractors. The 600 square foot display area interactively introduces the basic concepts of seismology, real-time seismic information, seismic network operations, paleoseismology, building response, and historical earthquakes. Display components include three 22" flat screen monitors, a touch sensitive monitor, 3 helicorder elements, oscilloscope, AS-1 seismometer, life-sized liquefaction trench, liquefaction shake table, and building response shake table. All displays include custom graphics, text, and handouts. The PERC website at www.ceri.memphis.edu/perc also provides useful information such as tour scheduling, ask a geologist, links to other institutions, and will soon include a virtual tour of the facility. Special consideration was given to address State science standards for teaching and learning in the design of the displays and handouts. We feel this consideration is pivotal to the success of any grass roots Earth Science education and outreach program and represents a valuable lesson that has been learned at CERI over the last several

The impact of the World Trade Center attack on FDNY firefighter retirement, disabilities, and pension benefits.

Science.gov (United States)

Niles, J K; Webber, M P; Gustave, J; Zeig-Owens, R; Lee, R; Glass, L; Weiden, M D; Kelly, K J; Prezant, D J

2011-09-01

Our goal was to examine the effect of the World Trade Center (WTC) attack and subsequent New York City Fire Department (FDNY) rescue/recovery activities on firefighter retirements. We also analyzed the financial impact associated with the increased number and proportion of service-connected "accidental" disability retirements on the FDNY pension system. A total of 7,763 firefighters retired between 9/11/1994 and 9/10/2008. We compared the total number of retirements and the number and proportion of accidental disability retirements 7 years before and 7 years after the WTC attack. We categorized WTC-related accidental disability retirements by medical cause and worked with the New York City Office of the Actuary to approximate the financial impact by cause. In the 7 years before 9/11 there were 3,261 retirements, 48% (1,571) of which were accidental disability retirements. In the 7 years after 9/11, there were 4,502 retirements, 66% (2,970) were accidental disability retirements, of which 47% (1,402) were associated with WTC-related injuries or illnesses. After 9/11, the increase in accidental disability retirements was, for the most part, due to respiratory-related illnesses. Additional increases were attributed to psychological-related illnesses and musculoskeletal injuries incurred at the WTC site. Pension benefits associated with WTC-related accidental disability retirements have produced an increased financial burden of over $826 million on the FDNY pension system. The WTC attacks affected the health of the FDNY workforce resulting in more post-9/11 retirements than expected, and a larger proportion of these retirees with accidental disability pensions. Copyright © 2011 Wiley-Liss, Inc.

Epidemiologic Methods Lessons Learned from Environmental Public Health Disasters: Chernobyl, the World Trade Center, Bhopal, and Graniteville, South Carolina

Directory of Open Access Journals (Sweden)

Timothy A. Mousseau

2012-08-01

Full Text Available Background: Environmental public health disasters involving hazardous contaminants may have devastating effects. While much is known about their immediate devastation, far less is known about long-term impacts of these disasters. Extensive latent and chronic long-term public health effects may occur. Careful evaluation of contaminant exposures and long-term health outcomes within the constraints imposed by limited financial resources is essential. Methods: Here, we review epidemiologic methods lessons learned from conducting long-term evaluations of four environmental public health disasters involving hazardous contaminants at Chernobyl, the World Trade Center, Bhopal, and Graniteville (South Carolina, USA. Findings: We found several lessons learned which have direct implications for the on-going disaster recovery work following the Fukushima radiation disaster or for future disasters. Interpretation: These lessons should prove useful in understanding and mitigating latent health effects that may result from the nuclear reactor accident in Japan or future environmental public health disasters.

The Need for Situational Awareness in a CBRNE Attack

Directory of Open Access Journals (Sweden)

Jordan Nelms

2011-02-01

Full Text Available Six years before the terrorist attacks on the World Trade Center and the Pentagon, and eight years before the United States went to war with Saddam Hussein for his alleged concealment of chemical and biological weapons caches, Japan's Tokyo subway was struck by one of the most vicious terror attacks in modern history.  The 1995 Sarin terrorist attack represents an important case study for post-9/11 emergency managers because it highlights the key issues first responders and public health officials face when confronted with a CBRNE ('C'hemical, 'B'iological, 'R'adiological, 'N'uclear, 'E'xplosive mass-casualty attack.

Creating a Community of Practice: Lessons Learned from the Center for Astronomy Education (Invited)

Science.gov (United States)

Brissenden, G.

2009-12-01

The Center for Astronomy Education (CAE) is devoted to improving teaching and learning in Astro 101. To accomplish this, a vital part of CAE is our broader community of practice which includes over 1000 instructors, graduate and undergraduate students, and postdocs. It is this greater community of practice that supports each other, helps, and learns from each other beyond what would be possible without it. As our community of practice has grown, we at CAE have learned many lessons about how different facets of CAE can best be used to promote and support our community both as a whole and for individual members. We will discuss the various facets of CAE, such as our online discussion group Astrolrner@CAE (http://astronomy101.jpl.nasa.gov/discussion) and its Guest Moderator program, our CAE Regional Teaching Exchange Coordinator program, our CAE Workshop Presenter Apprenticeship Training program, our online This Month’s Teaching Strategy, monthly newsletters, and various types of socializing and networking sessions we hold at national meetings. But more importantly, we will discuss the lessons we’ve learned about what does and does not work in building community within each of these facets.

Improving Mathematics Teaching as Deliberate Practice through Chinese Lesson Study

Science.gov (United States)

Huang, Rongjin; Prince, Kyle M.; Barlow, Angela T.

2017-01-01

This study examined how a ninth grade teacher improved an Algebra I lesson through a lesson study approach. We used multiple data sources to investigate the improvement of the lesson towards student-centered mathematics instruction, perceived benefits of the teacher, and factors associated with the improvement of teaching. The lesson group…

Cyber Attacks: Emerging Threats to the 21st Century Critical Information Infrastructures

Directory of Open Access Journals (Sweden)

Cezar Vasilescu

2012-06-01

Full Text Available The paper explores the notion of cyber attack as a concept for understanding modern conflicts. It starts by elaborating a conceptual theoretical framework, observing that when it comes to cyber attacks, cyber war and cyber defense there are no internationally accepted definitions on the subject, mostly because of the relative recency of the terms. The second part analyzes the cyber realities of recent years, emphasizing the most advertised cyber attacks in the international mass media: Estonia (2007 and Georgia (2008, with a focus on two main lessons learned: how complicated is to define a cyber war and how difficult to defend against it. Crucial implications for world’s countries and the role of NATO in assuring an effective collective cyber defense are analyzed in the third part. The need for the development of strategic cyber defense documents (e.g. NATO Cyber Defense Policy, NATO Strategic Concept is further examined. It is suggested that particular attention should be paid to the development of a procedure for clearly discriminating between events (cyber attacks, cyber war, cyber crime, or cyber terrorism, and to a procedure for the conduct of nation’s legitimate military/civil cyber response operations.

Marine Corps Center for Lessons Learned. Volume 8, Issue 11, November 2012

Science.gov (United States)

2012-11-01

MARINE CORPS CENTER FOR LESSONS LEARNED M C C L L R E P O R T: F E AT U R E D A R T I C L E S A N D L E S S O N S : R E G U L A R F E AT U R E S...L O A D S F R O M T H E M C C L L W E B S I T E , OCTOBER 2012 R E G U L A R F E AT U R E S : Photo credit: Sgt Rachael Moore A Joint Terminal...Follower by Ira Chaleff, and ▪ Fahim Speaks by Fahim Fazli and Michael Moffett . 19 MCCLL Products "in the Pipeline" Several recent, ongoing and

Conceptual model of acid attacks based on survivor's experiences: Lessons from a qualitative exploration.

Science.gov (United States)

Sabzi Khoshnami, Mohammad; Mohammadi, Elham; Addelyan Rasi, Hamideh; Khankeh, Hamid Reza; Arshi, Maliheh

2017-05-01

Acid attack, a worldwide phenomenon, has been increasing in recent years. In addition to severe injuries to the face and body, such violence leads to psychological and social problems that affect the survivors' quality of life. The present study provides a more in-depth understanding of this phenomenon and explores the nature and dimensions of acid attacks based on survivors' experiences. A grounded theory study using semi-structured, recorded interviews and applying purposeful theoretical sampling was conducted with 12 acid attack survivors in Iran. Data were analysed using constant comparison in open, axial and selective coding stages. A conceptual model was developed to explain the relationships among the main categories extracted through the grounded theory study. Physical and psychological wounds emerged as a core category. Traditional context and extreme beauty value in society acted as the context of the physical and psychological wounds experienced. Living with a drug abuser with behavioural disorders and lack of problem-solving skills in interpersonal conflict were found to be causal conditions. Action strategies to deal with this experience were found to be composed of individual, interpersonal and structural levels. Education, percentage and place of burning acted as intervening conditions that influenced survivors' strategies. Finally, adverse consequences of social deprivation and feeling helpless and hindered were found to have an important impact. Acid attack lead to physical and psychological wounds in survivors. This is a multi-dimensional phenomenon involving illness, disability, and victimization, and requires a wide range of strategies at different levels. The conceptual model derived through this study can serve as a good basis for intervention programs. Copyright © 2016 Elsevier Ltd and ISBI. All rights reserved.

Managing Complex Battlespace Environments Using Attack the Network Methodologies

DEFF Research Database (Denmark)

Mitchell, Dr. William L.

This paper examines the last 8 years of development and application of Attack the Network (AtN) intelligence methodologies for creating shared situational understanding of complex battlespace environment and the development of deliberate targeting frameworks. It will present a short history...... of their development, how they are integrated into operational planning through strategies of deliberate targeting for modern operations. The paper will draw experience and case studies from Iraq, Syria, and Afghanistan and will offer some lessons learned as well as insight into the future of these methodologies....... Including their possible application on a national security level for managing longer strategic endeavors....

Combined Heuristic Attack Strategy on Complex Networks

Directory of Open Access Journals (Sweden)

Marek Šimon

2017-01-01

Full Text Available Usually, the existence of a complex network is considered an advantage feature and efforts are made to increase its robustness against an attack. However, there exist also harmful and/or malicious networks, from social ones like spreading hoax, corruption, phishing, extremist ideology, and terrorist support up to computer networks spreading computer viruses or DDoS attack software or even biological networks of carriers or transport centers spreading disease among the population. New attack strategy can be therefore used against malicious networks, as well as in a worst-case scenario test for robustness of a useful network. A common measure of robustness of networks is their disintegration level after removal of a fraction of nodes. This robustness can be calculated as a ratio of the number of nodes of the greatest remaining network component against the number of nodes in the original network. Our paper presents a combination of heuristics optimized for an attack on a complex network to achieve its greatest disintegration. Nodes are deleted sequentially based on a heuristic criterion. Efficiency of classical attack approaches is compared to the proposed approach on Barabási-Albert, scale-free with tunable power-law exponent, and Erdős-Rényi models of complex networks and on real-world networks. Our attack strategy results in a faster disintegration, which is counterbalanced by its slightly increased computational demands.

The Date That Lives in Infamy: Pearl Harbor Lesson Plans.

Science.gov (United States)

Department of the Navy, Washington, DC.

This lesson plan can help teachers and students understand what happened on December 7, 1941, beginning with the first U.S. treaty with Japan in 1854 through the attacks in 1941. Students use primary sources to synthesize information and draw conclusions about the role of the U.S. Navy in foreign policy and to understand how people in 1941 reacted…

Lessons in the Teaching of Vocabulary from September 11 and Harry Potter.

Science.gov (United States)

Nilsen, Alleen Pace; Nilsen, Don L. F.

2002-01-01

Considers that the comparison between children's success in learning new names in the Harry Potter books versus the relative failure of adults to learn new names connected to the September 11th attacks provides a real-world situation from which principles can be deduced to help educators succeed in teaching vocabulary lessons. Offers classroom…

Adolescent behavior and PTSD 6–7 years after the World Trade Center terrorist attacks of September 11, 2001

Science.gov (United States)

Mann, Mana; Li, Jiehui; Farfel, Mark R; Maslow, Carey B; Osahan, Sukhminder; Stellman, Steven D

2014-01-01

Behavioral problems and psychopathologies were reported in children exposed to the World Trade Center (WTC) attacks in New York City within 2–3 y post-disaster. Little is known of subsequent 9/11 related behavioral and emotional problems. We assessed risk factors for behavioral difficulties and probable posttraumatic stress disorder (PTSD) in 489 adolescent enrollees ages 11–18 y of age in the World Trade Center Health Registry cohort using the Strengths and Difficulties Questionnaire (SDQ) and DISC Predictive Scales (DPS), respectively, as reported by the adolescents. Associations between parental PTSD and adolescent PTSD and behavioral problems were studied in a subset of 166 adolescent-parent pairs in which the parent was also a Registry enrollee. Nearly one-fifth (17.4%) of the adolescents, all of whom were 5–12 y old at the time of the attacks, scored in the abnormal (5.7%) or borderline (11.7%) range of total SDQ. Problems were more frequent in minority, low-income, and single-parent adolescents. Abnormal and borderline SDQ scores were significantly associated with direct WTC exposures and with WTC-related injury or death of a family member. Adolescent PTSD was significantly associated with WTC exposure and with fear of one's own injury or death, and with PTSD in the parent (OR = 5.6; 95% CI 1.1–28.4). This adolescent population should be monitored for persistence or worsening of these problems. Co-occurrence of parent and child mental health symptoms following a disaster may have implications for healthcare practitioners and for disaster response planners. PMID:28229007

Somatotype, Level of Competition, and Performance in Attack in Elite Male Volleyball

Science.gov (United States)

Giannopoulos, Nikiforos; Vagenas, George; Noutsos, Konstantinos; Barzouka, Karolina; Bergeles, Nikolaos

2017-01-01

Abstract This study investigated the relationship between somatotype, level of competition, and performance in attack in elite level male volleyball players. The objective was to test for the potential covariation of competition level (Division A1 vs. A2) and playing position (hitters vs. centers vs. opposites) considering performance in attack. Anthropometric, body composition and somatotype variables were measured according to the Heath-Carter method. The attack actions of 144 players from 48 volleyball matches were analyzed and their performance was rated using a 5-point numerical scale. Results showed that players of Division A1 were taller, heavier, more muscular, and less endomorphic compared to those of Division A2. MANOVA and follow-up discriminant function analysis revealed somatotype differences among playing positions with centers and opposites being endomorph-ectomorph and hitters being central. Centers performed constantly better than hitters and opposites regardless of the division and somatotype. Multiple linear regression analysis showed that variables defining ectomorph and endomorph players, centers, and players of Division A1 significantly determined the relative performance superiority and were able to explain the variation in performance by almost 25%. These results could be taken into account by coaches when assigning players to particular playing positions or when designing individualized position-specific training programs. PMID:28828084

Somatotype, Level of Competition, and Performance in Attack in Elite Male Volleyball

Directory of Open Access Journals (Sweden)

Giannopoulos Nikiforos

2017-08-01

Full Text Available This study investigated the relationship between somatotype, level of competition, and performance in attack in elite level male volleyball players. The objective was to test for the potential covariation of competition level (Division A1 vs. A2 and playing position (hitters vs. centers vs. opposites considering performance in attack. Anthropometric, body composition and somatotype variables were measured according to the Heath-Carter method. The attack actions of 144 players from 48 volleyball matches were analyzed and their performance was rated using a 5-point numerical scale. Results showed that players of Division A1 were taller, heavier, more muscular, and less endomorphic compared to those of Division A2. MANOVA and follow-up discriminant function analysis revealed somatotype differences among playing positions with centers and opposites being endomorph-ectomorph and hitters being central. Centers performed constantly better than hitters and opposites regardless of the division and somatotype. Multiple linear regression analysis showed that variables defining ectomorph and endomorph players, centers, and players of Division A1 significantly determined the relative performance superiority and were able to explain the variation in performance by almost 25%. These results could be taken into account by coaches when assigning players to particular playing positions or when designing individualized position-specific training programs.

Revised and updated recommendations for the establishment of primary stroke centers: a summary statement from the brain attack coalition.

Science.gov (United States)

Alberts, Mark J; Latchaw, Richard E; Jagoda, Andy; Wechsler, Lawrence R; Crocco, Todd; George, Mary G; Connolly, E S; Mancini, Barbara; Prudhomme, Stephen; Gress, Daryl; Jensen, Mary E; Bass, Robert; Ruff, Robert; Foell, Kathy; Armonda, Rocco A; Emr, Marian; Warren, Margo; Baranski, Jim; Walker, Michael D

2011-09-01

The formation and certification of Primary Stroke Centers has progressed rapidly since the Brain Attack Coalition's original recommendations in 2000. The purpose of this article is to revise and update our recommendations for Primary Stroke Centers to reflect the latest data and experience. We conducted a literature review using MEDLINE and PubMed from March 2000 to January 2011. The review focused on studies that were relevant for acute stroke diagnosis, treatment, and care. Original references as well as meta-analyses and other care guidelines were also reviewed and included if found to be valid and relevant. Levels of evidence were added to reflect current guideline development practices. Based on the literature review and experience at Primary Stroke Centers, the importance of some elements has been further strengthened, and several new areas have been added. These include (1) the importance of acute stroke teams; (2) the importance of Stroke Units with telemetry monitoring; (3) performance of brain imaging with MRI and diffusion-weighted sequences; (4) assessment of cerebral vasculature with MR angiography or CT angiography; (5) cardiac imaging; (6) early initiation of rehabilitation therapies; and (7) certification by an independent body, including a site visit and disease performance measures. Based on the evidence, several elements of Primary Stroke Centers are particularly important for improving the care of patients with an acute stroke. Additional elements focus on imaging of the brain, the cerebral vasculature, and the heart. These new elements may improve the care and outcomes for patients with stroke cared for at a Primary Stroke Center.

National Training Center Research Issues

Science.gov (United States)

1987-01-01

Arms Training Activity, NTC’s parent organization. The program supports the Training Activity’ mission of developing lessons learned from past ...the accomplishment of that mission. ARI has awarded the BOM Corporation a three year contract to assist in the utilization of the NTC data for the...Alarm and the M8 or M9 Chemical detection papaer following suspected attacks? o How long from detection to unit assuming the proper MOPP4 level? 44. ?I

The Use of DOE Technologies at The World Trade Center Incident: Lessons Learned

Energy Technology Data Exchange (ETDEWEB)

McCabe, B.; Kovach, J.; Carpenter, C.; Blair, D.

2003-02-25

In response to the attack of the World Trade Center (WTC) on September 11, 2001, the International Union of Operating Engineers (IUOE) National Hazmat Program (OENHP) assembled and deployed a HAZMAT Emergency Management Team (Team) to the disaster site (Site). The response team consisted of a Certified Industrial Hygienist and a rotating team of industrial hygienists, safety professionals, and certified HAZMAT instructors. Through research funded by the Department of Energy (DOE) Office of Environmental Management (EM) and managed by the National Energy Technology Laboratory (NETL), the IUOE conducted human factors assessments on baseline and innovative technologies during real-world conditions and served as an advocate at the WTC disaster site to identify opportunities for the use and evaluation of DOE technologies. From this work, it is clear that opportunities exist for more DOE technologies to be made readily available for use in future emergencies.

The Use of DOE Technologies at The World Trade Center Incident: Lessons Learned

International Nuclear Information System (INIS)

McCabe, B.; Kovach, J.; Carpenter, C.; Blair, D.

2003-01-01

In response to the attack of the World Trade Center (WTC) on September 11, 2001, the International Union of Operating Engineers (IUOE) National Hazmat Program (OENHP) assembled and deployed a HAZMAT Emergency Management Team (Team) to the disaster site (Site). The response team consisted of a Certified Industrial Hygienist and a rotating team of industrial hygienists, safety professionals, and certified HAZMAT instructors. Through research funded by the Department of Energy (DOE) Office of Environmental Management (EM) and managed by the National Energy Technology Laboratory (NETL), the IUOE conducted human factors assessments on baseline and innovative technologies during real-world conditions and served as an advocate at the WTC disaster site to identify opportunities for the use and evaluation of DOE technologies. From this work, it is clear that opportunities exist for more DOE technologies to be made readily available for use in future emergencies

Streamlining Workflow for Endovascular Mechanical Thrombectomy: Lessons Learned from a Comprehensive Stroke Center.

Science.gov (United States)

Wang, Hongjin; Thevathasan, Arthur; Dowling, Richard; Bush, Steven; Mitchell, Peter; Yan, Bernard

2017-08-01

Recently, 5 randomized controlled trials confirmed the superiority of endovascular mechanical thrombectomy (EMT) to intravenous thrombolysis in acute ischemic stroke with large-vessel occlusion. The implication is that our health systems would witness an increasing number of patients treated with EMT. However, in-hospital delays, leading to increased time to reperfusion, are associated with poor clinical outcomes. This review outlines the in-hospital workflow of the treatment of acute ischemic stroke at a comprehensive stroke center and the lessons learned in reduction of in-hospital delays. The in-hospital workflow for acute ischemic stroke was described from prehospital notification to femoral arterial puncture in preparation for EMT. Systematic review of literature was also performed with PubMed. The implementation of workflow streamlining could result in reduction of in-hospital time delays for patients who were eligible for EMT. In particular, time-critical measures, including prehospital notification, the transfer of patients from door to computed tomography (CT) room, initiation of intravenous thrombolysis in the CT room, and the mobilization of neurointervention team in parallel with thrombolysis, all contributed to reduction in time delays. We have identified issues resulting in in-hospital time delays and have reported possible solutions to improve workflow efficiencies. We believe that these measures may help stroke centers initiate an EMT service for eligible patients. Copyright © 2017 National Stroke Association. Published by Elsevier Inc. All rights reserved.

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

NARCIS (Netherlands)

Pieters, Wolter; Davarynejad, Mohsen

2015-01-01

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in

Aftermath of World Trade Center Attack

Science.gov (United States)

2002-01-01

This true-color image was taken by the Enhanced Thematic Mapper Plus (ETM+) aboard the Landsat 7 satellite on September 12, 2001, at roughly 11:30 a.m. Eastern Daylight Savings Time. Visit the NASA home page for photos from the space station and MODIS, and GlobalSecurity.org for images from other satellites. Image courtesy USGS Landsat 7 team, at the EROS Data Center.

Engaging the Deaf American Sign Language Community: Lessons From a Community-Based Participatory Research Center

Science.gov (United States)

McKee, Michael; Thew, Denise; Starr, Matthew; Kushalnagar, Poorna; Reid, John T.; Graybill, Patrick; Velasquez, Julia; Pearson, Thomas

2013-01-01

Background Numerous publications demonstrate the importance of community-based participatory research (CBPR) in community health research, but few target the Deaf community. The Deaf community is understudied and underrepresented in health research despite suspected health disparities and communication barriers. Objectives The goal of this paper is to share the lessons learned from the implementation of CBPR in an understudied community of Deaf American Sign Language (ASL) users in the greater Rochester, New York, area. Methods We review the process of CBPR in a Deaf ASL community and identify the lessons learned. Results Key CBPR lessons include the importance of engaging and educating the community about research, ensuring that research benefits the community, using peer-based recruitment strategies, and sustaining community partnerships. These lessons informed subsequent research activities. Conclusions This report focuses on the use of CBPR principles in a Deaf ASL population; lessons learned can be applied to research with other challenging-to-reach populations. PMID:22982845

Planning guidance for emergency response to a hypothetical nuclear attack on Riyadh, Saudi Arabia

Science.gov (United States)

Shubayr, Nasser Ali M.

The threat of nuclear attack will remain imminent in an ever-advancing society. Saudi Arabia is not immune to this threat. This dissertation establishes planning guidance for response to a nuclear attack on Riyadh, the capital of Saudi Arabia, based on a hypothetical scenario of a nuclear detonation. A case scenario of a one-megaton thermonuclear bomb detonated at ground level over Riyadh is used to support the thesis. Previous nuclear tests and the Hiroshima and Nagasaki bombings have been used to present possible effects on Riyadh. US planning guidance and lessons learned from the Chernobyl and Fukushima nuclear plants accidents have been used to develop the emergency response guidance. The planning guidance outlines a rapid response to the nuclear detonation. Four damage zones have been identified; severe damage zone, moderate damage zone, light damage zone and dangerous fallout zone. Actions that are recommended, and those that should be avoided, have been determined for each zone. Shelter/ evacuation evaluation for blast-affected and fallout-affected areas is the basis for the recommendation that shelter in place is the best decision for the first hours to days after the attack. Guidelines for medical care response and population monitoring and decontamination are included to reduce the early and long-term effects of the attack. Recommendations to the Saudi Arabian authorities have been made to facilitate suitable preparedness and response for such an event.

Lessons Learned Recruiting Minority Participants for Research in Urban Community Health Centers.

Science.gov (United States)

Fam, Elizabeth; Ferrante, Jeanne M

2018-02-01

To help understand and mitigate health disparities, it is important to conduct research with underserved and underrepresented minority populations under real world settings. There is a gap in the literature detailing real-time research staff experience, particularly in their own words, while conducting in-person patient recruitment in urban community health centers. This paper describes challenges faced at the clinic, staff, and patient levels, our lessons learned, and strategies implemented by research staff while recruiting predominantly low-income African-American women for an interviewer-administered survey study in four urban Federally Qualified Health Centers in New Jersey. Using a series of immersion-crystallization cycles, fieldnotes and research reflections written by recruiters, along with notes from team meetings during the study, were qualitatively analyzed. Clinic level barriers included: physical layout of clinic, very low or high patient census, limited private space, and long wait times for patients. Staff level barriers included: unengaged staff, overburdened staff, and provider and staff turnover. Patient level barriers included: disinterested patients, patient mistrust and concerns over confidentiality, no-shows or lack of patient time, and language barrier. We describe strategies used to overcome these barriers and provide recommendations for in-person recruitment of underserved populations into research studies. To help mitigate health disparities, disseminating recruiters' experiences, challenges, and effective strategies used will allow other researchers to build upon these experience in order to increase recruitment success of underserved and underrepresented minority populations into research studies. Copyright © 2018 National Medical Association. Published by Elsevier Inc. All rights reserved.

Bluetooth security attacks comparative analysis, attacks, and countermeasures

CERN Document Server

Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka

2013-01-01

This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.

How to learn and develop from both good and bad lessons- the 2011Tohoku tsunami case -

Science.gov (United States)

Sugimoto, Megumi; Okazumi, Toshio

2013-04-01

The 2011 Tohoku tsunami revealed Japan has repeated same mistakes in a long tsunami disaster history. After the disaster Japanese remember many old lessons and materials: an oral traditional evacuation method 'Tsunami TENDENKO' which is individual independent quick evacuation, a tsunami historical memorial stone "Don't construct houses below this stone to seaside" in Aneyoshi town Iwate prefecture, Namiwake-shrine naming from the story of protect people from tsunami in Sendai city, and so on. Tohoku area has created various tsunami historical cultures to descendent. Tohoku area had not had a tsunami disaster for 50 years after the 1960 Chilean tsunami. The 2010 Chilean tsunami damaged little fish industry. People gradually lost tsunami disaster awareness. At just the bad time the magnitude (M) 9 scale earthquake attacked Tohoku. It was for our generations an inexperienced scale disaster. People did not make use of the ancestor's lessons to survive. The 2004 Sumatra tsunami attacked just before 7 years ago. The magnitude scale is almost same as M 9 scale. Why didn't Tohoku people and Japanese tsunami experts make use of the lessons? Japanese has a character outside Japan. This lesson shows it is difficult for human being to learn from other countries. As for Three mile island accident case in US, it was same for Japan. To addition to this, there are similar types of living lessons among different hazards. For examples, nuclear power plantations problem occurred both the 2012 Hurricane Sandy in US and the 2011 Tohoku tsunami. Both local people were not informed about the troubles though Oyster creek nuclear power station case in US did not proceed seriously all. Tsunami and Hurricane are different hazard. Each exparts stick to their last. 1. It is difficult for human being to transfer living lessons through next generation over decades. 2. It is difficult for human being to forecast inexperienced events. 3. It is usually underestimated the danger because human being

Meaning reconstruction in the face of terror: An examination of recovery and posttraumatic growth among victims of the 9/11 World Trade Center attacks.

Science.gov (United States)

Richardson, Katherine M

2015-01-01

This study examines the relationship between meaning reconstruction with posttraumatic growth and depreciation in the aftermath of terrorist trauma and loss. A group of individuals (n=118) who were personally affected by the September 11, 2001 terrorist attacks were surveyed about their experiences and administered the Posttraumatic Growth Inventory and Impact of Event scales. Subjects were volunteer docents at the Tribute World Trade Center Visitor Center. Results revealed that ability to make sense of one's 9/11 experience was related to recovery but not to posttraumatic growth, whereas ability to find some benefit in the experience was related to growth. In addition, location in downtown Manhattan on September 11, 2001 was related to higher levels of posttraumatic depreciation. Findings suggest that two aspects of meaning reconstruction are differentially related to recovery and posttraumatic growth.

Distinguishing attack and second-preimage attack on encrypted message authentication codes (EMAC)

Science.gov (United States)

Ariwibowo, Sigit; Windarta, Susila

2016-02-01

In this paper we show that distinguisher on CBC-MAC can be applied to Encrypted Message Authentication Code (EMAC) scheme. EMAC scheme in general is vulnerable to distinguishing attack and second preimage attack. Distinguishing attack simulation on AES-EMAC using 225 message modifications, no collision have been found. According to second preimage attack simulation on AES-EMAC no collision found between EMAC value of S1 and S2, i.e. no second preimage found for messages that have been tested. Based on distinguishing attack simulation on truncated AES-EMAC we found collision in every message therefore we cannot distinguish truncated AES-EMAC with random function. Second-preimage attack is successfully performed on truncated AES-EMAC.

Using exterior building surface films to assess human exposure and health risks from PCDD/Fs in New York City, USA, after the World Trade Center attacks.

Science.gov (United States)

Rayne, Sierra

2005-12-09

Concentrations of tetra- through octa-chlorinated dibenzo-p-dioxins and dibenzofurans (PCDD/Fs) were determined in exterior window films from Manhattan and Brooklyn in New York City (NYC), USA, 6 weeks after the World Trade Center (WTC) attacks of 11 September 2001. High concentrations of the 2,3,7,8-substituted congeners (P(2378)CDD/Fs) were observed, at levels up to 6600 pg-TEQ g(-1) nearest the WTC site. An equilibrium partitioning model was developed to reconstruct total gas + particle-phase atmospheric concentrations of P(2378)CDD/Fs at each site. The reconstructed atmospheric and window film concentrations were subsequently used in a preliminary human health risk assessment to estimate the potential cancer and non-cancer risks posed to residents of lower Manhattan from these contaminants over the 6 week exposure period between the WTC attacks and sampling dates. Residents of lower Manhattan appear to have a slightly elevated cancer risk (up to 1.6% increase over background) and increased P(2378)CDD/F body burden (up to 8.0% increase over background) because of above-background exposure to high concentrations of P(2378)CDD/Fs produced from the WTC attacks during the short period between 11 September 2001, and window film sampling 6 weeks later.

Cooperating attackers in neural cryptography.

Science.gov (United States)

Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang

2004-06-01

A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

Crony Attack: Strategic Attack’s Silver Bullet

Science.gov (United States)

2006-11-01

physical assets or financial assets. The form of crony attack that most closely resembles classic strategic attack is to deny, degrade, or destroy a money...February 1951. Reprinted in Airpower Studies Coursebook , Air Command and Staff College, Maxwell AFB, AL, 2002, 152–58. Hirsch, Michael. “NATO’s Game of

Composite Dos Attack Model

Directory of Open Access Journals (Sweden)

Simona Ramanauskaitė

2012-04-01

Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.

Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

Science.gov (United States)

Liu, Xuan

Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to

Heart Attack Recovery FAQs

Science.gov (United States)

... recommendations to make a full recovery. View an animation of a heart attack . Heart Attack Recovery Questions ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

Secure Fusion Estimation for Bandwidth Constrained Cyber-Physical Systems Under Replay Attacks.

Science.gov (United States)

Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li; Bo Chen; Ho, Daniel W C; Guoqiang Hu; Li Yu; Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li

2018-06-01

State estimation plays an essential role in the monitoring and supervision of cyber-physical systems (CPSs), and its importance has made the security and estimation performance a major concern. In this case, multisensor information fusion estimation (MIFE) provides an attractive alternative to study secure estimation problems because MIFE can potentially improve estimation accuracy and enhance reliability and robustness against attacks. From the perspective of the defender, the secure distributed Kalman fusion estimation problem is investigated in this paper for a class of CPSs under replay attacks, where each local estimate obtained by the sink node is transmitted to a remote fusion center through bandwidth constrained communication channels. A new mathematical model with compensation strategy is proposed to characterize the replay attacks and bandwidth constrains, and then a recursive distributed Kalman fusion estimator (DKFE) is designed in the linear minimum variance sense. According to different communication frameworks, two classes of data compression and compensation algorithms are developed such that the DKFEs can achieve the desired performance. Several attack-dependent and bandwidth-dependent conditions are derived such that the DKFEs are secure under replay attacks. An illustrative example is given to demonstrate the effectiveness of the proposed methods.

Prospective Vigilance: Assessing Complex Coordinated Attack Preparedness Programs

Science.gov (United States)

2017-12-01

INTENTIONALLY LEFT BLANK xiii LIST OF ACRONYMS AND ABBREVIATIONS CCA complex coordinate attack EMS emergency medical services FBI Federal Bureau...the Bombings in London on 7th July 2005, vol. HC 1087 (London: The Stationery Office, 2006), https://www.gov.uk/government/uploads/system/uploads...School Center for Homeland Defense and Security Mobile Education Team, DHS Office of Bombing Prevention, and DHS Active Shooter training. 55 NCTC, DHS

Posttraumatic Stress Disorder, Gender, and Risk Factors: World Trade Center Tower Survivors 10 to 11 Years After the September 11, 2001 Attacks.

Science.gov (United States)

Bowler, Rosemarie M; Adams, Shane W; Gocheva, Vihra V; Li, Jiehui; Mergler, Donna; Brackbill, Robert; Cone, James E

2017-12-01

Ten to eleven years after the September 11, 2001 terrorist attacks, probable posttraumatic stress disorder (PTSD) was evaluated in 1,755 World Trade Center (WTC) evacuees based on data from the WTC Health Registry. Characteristics of men and women were compared and factors associated with PTSD symptom severity were examined using the PTSD Checklist (PCL). Compared with men (n = 1,015, 57.8%), women (n = 740, 42.2%) were younger and of lower socioeconomic status. Ten to eleven years after September 11, 2001, 13.7% of men and 24.1% of women met criteria for PTSD. Results indicated that when considered with all other variables (i.e., demographic, socioeconomic and social resources, exposure to the attacks, life events), gender was not a significant predictor of PTSD symptom severity. Being younger on September 11, 2001, unemployed, less educated, and/or having higher exposure to the attacks, unmet mental health care needs, and less social support predicted higher PCL scores for both genders (βs = .077 to .239). Demographic characteristics and socioeconomic resources (ΔR 2 = .113) accounted for the largest amount of variance in PCL scores over and above exposure/evacuation, mental healthcare needs, and social support variables (ΔR 2 = .093 to .102). When trends of unmet mental healthcare needs were analyzed, the most prevalent response for men was that they preferred to manage their own symptoms (15.1%), whereas the most prevalent response for women was that they could not afford to pay for mental health care (14.7%). Although the prevalence of probable PTSD in women tower survivors was approximately twice as high as it was for men, this is attributable largely to demographic and socioeconomic resource factors and not gender alone. Implications for treatment and interventions are discussed. Copyright © 2017 International Society for Traumatic Stress Studies.

Remote damage control during the attacks on Paris: Lessons learned by the Paris Fire Brigade and evolutions in the rescue system.

Science.gov (United States)

Lesaffre, Xavier; Tourtier, Jean-Pierre; Violin, Yann; Frattini, Benoit; Rivet, Catherine; Stibbe, Olivier; Faure, Florian; Godefroy, Anne; Gallet, Jean-Claude; Ausset, Sylvain

2017-06-01

On November 13, 2015, in 40 minutes, Paris suffered four suicide bombers attacks; shootings at three different restaurant terraces; and an attack on the Bataclan concert hall, resulting in 130 dead and 495 wounded. How did the Parisian rescue system respond and how did it evolve since?We proved we could deploy quickly wide prehospital and hospital resources and teams' equipment and preparedness is being further developed. To secure a swifter initial response, we need a better integration of the operators of the rescue chain with a simpler and more robust organization as well as improved communications channels. We must continue to anticipate and prepare for possible future attacks.

Asthma and posttraumatic stress symptoms 5 to 6 years following exposure to the World Trade Center terrorist attack.

Science.gov (United States)

Brackbill, Robert M; Hadler, James L; DiGrande, Laura; Ekenga, Christine C; Farfel, Mark R; Friedman, Stephen; Perlman, Sharon E; Stellman, Steven D; Walker, Deborah J; Wu, David; Yu, Shengchao; Thorpe, Lorna E

2009-08-05

The World Trade Center Health Registry provides a unique opportunity to examine long-term health effects of a large-scale disaster. To examine risk factors for new asthma diagnoses and event-related posttraumatic stress (PTS) symptoms among exposed adults 5 to 6 years following exposure to the September 11, 2001, World Trade Center (WTC) terrorist attack. Longitudinal cohort study with wave 1 (W1) enrollment of 71,437 adults in 2003-2004, including rescue/recovery worker, lower Manhattan resident, lower Manhattan office worker, and passersby eligibility groups; 46,322 adults (68%) completed the wave 2 (W2) survey in 2006-2007. Self-reported diagnosed asthma following September 11; event-related current PTS symptoms indicative of probable posttraumatic stress disorder (PTSD), assessed using the PTSD Checklist (cutoff score > or = 44). Of W2 participants with no stated asthma history, 10.2% (95% confidence interval [CI], 9.9%-10.5%) reported new asthma diagnoses postevent. Intense dust cloud exposure on September 11 was a major contributor to new asthma diagnoses for all eligibility groups: for example, 19.1% vs 9.6% in those without exposure among rescue/recovery workers (adjusted odds ratio, 1.5 [95% CI, 1.4-1.7]). Asthma risk was highest among rescue/recovery workers on the WTC pile on September 11 (20.5% [95% CI, 19.0%-22.0%]). Persistent risks included working longer at the WTC site, not evacuating homes, and experiencing a heavy layer of dust in home or office. Of participants with no PTSD history, 23.8% (95% CI, 23.4%-24.2%) reported PTS symptoms at either W1 (14.3%) or W2 (19.1%). Nearly 10% (9.6% [95% CI, 9.3%-9.8%]) had PTS symptoms at both surveys, 4.7% (95% CI, 4.5%-4.9%) had PTS symptoms at W1 only, and 9.5% (95% CI, 9.3%-9.8%) had PTS symptoms at W2 only. At W2, passersby had the highest rate of PTS symptoms (23.2% [95% CI, 21.4%-25.0%]). Event-related loss of spouse or job was associated with PTS symptoms at W2. Acute and prolonged exposures were both

Seven Deadliest Wireless Technologies Attacks

CERN Document Server

Haines, Brad

2010-01-01

How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption

Blocking of Brute Force Attack

OpenAIRE

M.Venkata Krishna Reddy

2012-01-01

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

An Assessment of Need for Instructional Professional Development for Middle School Science Teachers Using Interactive Lessons

Science.gov (United States)

Burton, Amanda

Numerous studies on the impact of interactive lessons on student learning have been conducted, but there has been a lack of professional development (PD) programs at a middle school focusing on ways to incorporate interactive lessons into the science classroom setting. The purpose of this case study was to examine the instructional practices of science teachers to determine whether the need for an interactive lessons approach to teaching students exists. This qualitative case study focused on teachers' perceptions and pedagogy to determine whether the need to use interactive lessons to meet the needs of all students is present. The research question focused on identifying current practices and determining whether a need for interactive lessons is present. Qualitative data were gathered from science teachers at the school through interviews, lesson plans, and observations, all of which were subsequently coded using an interpretative analysis. The results indicated the need for a professional development (PD) program centered on interactive science lessons. Upon completion of the qualitative study, a detailed PD program has been proposed to increase the instructional practices of science teachers to incorporate interactive lessons within the science classroom. Implications for positive social change include improved teaching strategies and lessons that are more student-centered resulting in better understanding and comprehension, as well as performance on state-mandated tests.

A retrospective analysis of practice patterns in the management of acute asthma attack across Turkey.

Science.gov (United States)

Türktaş, Haluk; Bavbek, Sevim; Misirligil, Zeynep; Gemicioğlu, Bilun; Mungan, Dilşad

2010-12-01

To evaluate patient characteristics and practice patterns in the management of acute asthma attack at tertiary care centers across Turkey. A total of 294 patients (mean age: 50.4 ± 15.1 years; females: 80.3%) diagnosed with persistent asthma were included in this retrospective study upon their admission to the hospital with an acute asthma attack. Patient demographics, asthma control level, asthma attack severity and the management of the attack were evaluated. There was no influence of gender on asthma control and attack severity. In 57.5% of the patients, asthma attack was moderate. Most patients (78.9%) were hospitalized with longer duration evident in the severe attack. Spirometry and chest X-Ray were the most frequent tests (85.4%), while steroids (72.0% parenteral; 29.0% oral) and short-acting beta-agonists (SABA) + anticholinergics (45.5%) were the main drugs of choice in the attack management. Attack severity and pre-attack asthma control level was significantly correlated (p attack asthma was uncontrolled in 42.6% of the patients with severe attack. Most of the patients were on combination of more than one (two in 38.7% and 3-4 in 31.2%) controller drugs before the attack. Providing country specific data on practice patterns in the management of acute asthma attack in a representative cohort in Turkey, prescription of steroids and SABA + anticholinergics as the main drugs of choice was in line with guidelines while the significant relation of pre-attack asthma control to risk/severity of asthma attack and rate/duration of hospitalization seem to be the leading results of the present study. Copyright © 2010 Elsevier Ltd. All rights reserved.

Developing Asthma-Friendly Childcare Centers with Online Training and Evaluation

OpenAIRE

Nowakowski, Alexandra Catherine Hayes; Carretta, Henry Joseph; Pineda, Nicole; Dudley, Julie Kurlfink; Forrest, Jamie R.

2016-01-01

In 2011, the Florida Asthma Coalition began offering its Asthma-Friendly Childcare Center training online. This course teaches childcare center employees the fundamentals of effective asthma management. It covers basic asthma physiology, ways to recognize asthma attacks, techniques to help children experiencing attacks, and strategies to create healthy environments for asthmatics. A team of health services researchers evaluated both years of the online training. Evaluators used a quasi-ex...

Integrating UNESCO ICT-Based Instructional Materials in Chemistry Lessons

Directory of Open Access Journals (Sweden)

CHARLIE P. NACARIO

2014-08-01

Full Text Available This study determined the effectiveness of the lessons in Chemistry integrating UNESCO ICT-based instructional material on the achievement of Chemistry students at Central Bicol State University of Agriculture. It aimed to identify lessons that may be developed integrating UNESCO ICT-based instructional materials, determine the effect of the developed lessons using the material on: conceptual understanding; science process skills; and attitude towards chemistry and gather insights from the experiences of the students and teacher. The study used the single group pretest and posttest experimental design. Descriptive, quantitative and qualitative techniques were also utilized. Quantitative data were taken from the pretest-posttest results on the Test on Conceptual Understanding, Science Process Skills and Chemistry Attitudinaire. Qualitative data were drawn from the experts’ assessment of the developed lessons and research instruments, and the insights of students and teacher. The developed lessons integrating UNESCO ICT-based instructional materials were Atomic Model and Structure, Periodic Table of Elements, Chemical Bonding, and Balancing Chemical Equation. These lessons increased the conceptual understanding of the students by topic and skill from very low mastery to average mastery level. The students have slightly improved along the different science process skills. After teaching the lessons, the students’ attitude also improved. The students became more motivated and interested in Chemistry and the lessons were student centered and entailed teacher’s competence and flexibility in computer use.

Solidarity under Attack

DEFF Research Database (Denmark)

Meret, Susi; Goffredo, Sergio

2017-01-01

https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack......https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack...

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template.

Science.gov (United States)

He, Ying; Johnson, Chris

2015-11-01

The recurrence of past security breaches in healthcare showed that lessons had not been effectively learned across different healthcare organisations. Recent studies have identified the need to improve learning from incidents and to share security knowledge to prevent future attacks. Generic Security Templates (GSTs) have been proposed to facilitate this knowledge transfer. The objective of this paper is to evaluate whether potential users in healthcare organisations can exploit the GST technique to share lessons learned from security incidents. We conducted a series of case studies to evaluate GSTs. In particular, we used a GST for a security incident in the US Veterans' Affairs Administration to explore whether security lessons could be applied in a very different Chinese healthcare organisation. The results showed that Chinese security professional accepted the use of GSTs and that cyber security lessons could be transferred to a Chinese healthcare organisation using this approach. The users also identified the weaknesses and strengths of GSTs, providing suggestions for future improvements. Generic Security Templates can be used to redistribute lessons learned from security incidents. Sharing cyber security lessons helps organisations consider their own practices and assess whether applicable security standards address concerns raised in previous breaches in other countries. The experience gained from this study provides the basis for future work in conducting similar studies in other healthcare organisations. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Attack surfaces

DEFF Research Database (Denmark)

Gruschka, Nils; Jensen, Meiko

2010-01-01

The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion...... of attack surfaces of the cloud computing scenario participants....

Lessons Learned for the MICE Coupling Solenoid from the MICE Spectrometer Solenoids

International Nuclear Information System (INIS)

Green, Michael A.; Wang, Li; Pan, Heng; Wu, Hong; Guo, Xinglong; Li, S.Y.; Zheng, S.X.; Virostek, Steve P.; DeMello, Allen J.; Li, Derun; Trillaud, Frederick; Zisman, Michael S.

2010-01-01

Tests of the spectrometer solenoids have taught us some important lessons. The spectrometer magnet lessons learned fall into two broad categories that involve the two stages of the coolers that are used to cool the magnets. On the first spectrometer magnet, the problems were centered on the connection of the cooler 2nd-stage to the magnet cold mass. On the first test of the second spectrometer magnet, the problems were centered on the cooler 1st-stage temperature and its effect on the operation of the HTS leads. The second time the second spectrometer magnet was tested; the cooling to the cold mass was still not adequate. The cryogenic designs of the MICE and MuCOOL coupling magnets are quite different, but the lessons learned from the tests of the spectrometer magnets have affected the design of the coupling magnets.

Security attack detection algorithm for electric power gis system based on mobile application

Science.gov (United States)

Zhou, Chao; Feng, Renjun; Wang, Liming; Huang, Wei; Guo, Yajuan

2017-05-01

Electric power GIS is one of the key information technologies to satisfy the power grid construction in China, and widely used in power grid construction planning, weather, and power distribution management. The introduction of electric power GIS based on mobile applications is an effective extension of the geographic information system that has been widely used in the electric power industry. It provides reliable, cheap and sustainable power service for the country. The accurate state estimation is the important conditions to maintain the normal operation of the electric power GIS. Recent research has shown that attackers can inject the complex false data into the power system. The injection attack of this new type of false data (load integrity attack LIA) can successfully bypass the routine detection to achieve the purpose of attack, so that the control center will make a series of wrong decision. Eventually, leading to uneven distribution of power in the grid. In order to ensure the safety of the electric power GIS system based on mobile application, it is very important to analyze the attack mechanism and propose a new type of attack, and to study the corresponding detection method and prevention strategy in the environment of electric power GIS system based on mobile application.

Seven Deadliest Microsoft Attacks

CERN Document Server

Kraus, Rob; Borkin, Mike; Alpern, Naomi

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Windows Operating System-Password AttacksActive Directory-Escalat

Social categorization and fear reactions to the September 11th terrorist attacks

NARCIS (Netherlands)

Dumont, M.; Yzerbyt, V.Y.; Wigboldus, D.H.J.; Gordijn, E.H.

2003-01-01

Two experiments were run in The Netherlands and Belgium 1 week after the terrorist attacks against the World Trade Center in New York on September 11, 2001. The aim was to investigate whether social categorization affected emotional reactions, behavioral tendencies, and actual behaviors. Results

Not so close but still extremely loud: recollection of the World Trade Center terror attack and previous hurricanes moderates the association between exposure to hurricane Sandy and posttraumatic stress symptoms.

Science.gov (United States)

Palgi, Yuval; Shrira, Amit; Hamama-Raz, Yaira; Palgi, Sharon; Goodwin, Robin; Ben-Ezra, Menachem

2014-05-01

The present study examined whether recollections of the World Trade Center (WTC) terror attack and previous hurricanes moderated the relationship between exposure to Hurricane Sandy and related posttraumatic stress disorder (PTSD) symptoms. An online sample of 1000 participants from affected areas completed self-report questionnaires a month after Hurricane Sandy hit the East Coast of the United States. Participants reported their exposure to Hurricane Sandy, their PTSD symptoms, and recollections of the WTC terror attack and previous hurricanes elicited due to Hurricane Sandy. Exposure to Hurricane Sandy was related to PTSD symptoms among those with high level of recollections of the WTC terror attack and past hurricanes, but not among those with low level of recollections. The aftermath of exposure to Hurricane Sandy is related not only to exposure, but also to its interaction with recollections of past traumas. These findings have theoretical and practical implications for practitioners and health policy makers in evaluating and interpreting the impact of past memories on future natural disasters. This may help in intervention plans of social and psychological services. Copyright © 2014 Elsevier Inc. All rights reserved.

Whispering through DDoS attack

OpenAIRE

Miralem Mehic; Jiri Slachta; Miroslav Voznak

2016-01-01

Denial of service (DoS) attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS) attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes o...

Scalable DDoS Mitigation System for Data Centers

Directory of Open Access Journals (Sweden)

Zdenek Martinasek

2015-01-01

Full Text Available Distributed Denial of Service attacks (DDoS have been used by attackers for over two decades because of their effectiveness. This type of the cyber-attack is one of the most destructive attacks in the Internet. In recent years, the intensity of DDoS attacks has been rapidly increasing and the attackers combine more often different techniques of DDoS to bypass the protection. Therefore, the main goal of our research is to propose a DDoS solution that allows to increase the filtering capacity linearly and allows to protect against the combination of attacks. The main idea is to develop the DDoS defense system in the form of a portable software image that can be installed on the reserve hardware capacities. During a DDoS attack, these servers will be used as filters of this DDoS attack. Our solution is suitable for data centers and eliminates some lacks of commercial solutions. The system employs modular DDoS filters in the form of special grids containing specific protocol parameters and conditions.

Protecting Cryptographic Memory against Tampering Attack

DEFF Research Database (Denmark)

Mukherjee, Pratyay

In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks. In prac......In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks....... In practice such attacks can be executed easily, e.g. by heating the device, as substantiated by numerous works in the past decade. Tampering attacks are a class of such physical attacks where the attacker can change the memory/computation, gains additional (non-black-box) knowledge by interacting...... with the faulty device and then tries to break the security. Prior works show that generically approaching such problem is notoriously difficult. So, in this dissertation we attempt to solve an easier question, known as memory-tampering, where the attacker is allowed tamper only with the memory of the device...

Holistic Approach to Data Center Energy Efficiency

Energy Technology Data Exchange (ETDEWEB)

Hammond, Steven W [National Renewable Energy Laboratory (NREL), Golden, CO (United States)

2017-09-18

This presentation discusses NREL's Energy System Integrations Facility and NREL's holistic design approach to sustainable data centers that led to the world's most energy-efficient data center. It describes Peregrine, a warm water liquid cooled supercomputer, waste heat reuse in the data center, demonstrated PUE and ERE, and lessons learned during four years of operation.

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Directory of Open Access Journals (Sweden)

Apostolos P. Fournaris

2017-07-01

Full Text Available Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT and Operational Technology (OT systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory. Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS such systems are designed to provide.

Flight test of the X-29A at high angle of attack: Flight dynamics and controls

Science.gov (United States)

Bauer, Jeffrey E.; Clarke, Robert; Burken, John J.

1995-01-01

The NASA Dryden Flight Research Center has flight tested two X-29A aircraft at low and high angles of attack. The high-angle-of-attack tests evaluate the feasibility of integrated X-29A technologies. More specific objectives focus on evaluating the high-angle-of-attack flying qualities, defining multiaxis controllability limits, and determining the maximum pitch-pointing capability. A pilot-selectable gain system allows examination of tradeoffs in airplane stability and maneuverability. Basic fighter maneuvers provide qualitative evaluation. Bank angle captures permit qualitative data analysis. This paper discusses the design goals and approach for high-angle-of-attack control laws and provides results from the envelope expansion and handling qualities testing at intermediate angles of attack. Comparisons of the flight test results to the predictions are made where appropriate. The pitch rate command structure of the longitudinal control system is shown to be a valid design for high-angle-of-attack control laws. Flight test results show that wing rock amplitude was overpredicted and aileron and rudder effectiveness were underpredicted. Flight tests show the X-29A airplane to be a good aircraft up to 40 deg angle of attack.

Seven deadliest USB attacks

CERN Document Server

Anderson, Brian

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdum

Seven Deadliest Unified Communications Attacks

CERN Document Server

York, Dan

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks featured in this book include: UC Ecosystem Attacks Insecure Endpo

Invisible Trojan-horse attack.

Science.gov (United States)

Sajeed, Shihan; Minshull, Carter; Jain, Nitin; Makarov, Vadim

2017-08-21

We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Ac´ın-Ribordy-Gisin (SARG04) QKD protocol at 1924 nm versus that at 1536 nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N. Jain et al., New J. Phys. 16, 123030 (2014). However at 1924 nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.

Whispering through DDoS attack

Directory of Open Access Journals (Sweden)

Miralem Mehic

2016-03-01

Full Text Available Denial of service (DoS attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes of hiding data or concealing the existing covert channel. In addition, in this paper we analyzed the possibility of detection of such covert communication with the well-known statistical method. Also, we proposed the coordination mechanisms of the attack which may be used. A lot of research has been done in order to describe and prevent DDoS attacks, yet research on steganography on this field is still scarce.

Heart attack - discharge

Science.gov (United States)

... and lifestyle Cholesterol - drug treatment Controlling your high blood pressure Deep vein thrombosis - discharge Dietary fats explained Fast food tips Heart attack - discharge Heart attack - what to ask your doctor Heart bypass ... pacemaker - discharge High blood pressure - what to ask your doctor How to read ...

Lessons Learned from Developing a Patient Engagement Panel: An OCHIN Report.

Science.gov (United States)

Arkind, Jill; Likumahuwa-Ackman, Sonja; Warren, Nate; Dickerson, Kay; Robbins, Lynn; Norman, Kathy; DeVoe, Jennifer E

2015-01-01

There is renewed interest in patient engagement in clinical and research settings, creating a need for documenting and publishing lessons learned from efforts to meaningfully engage patients. This article describes early lessons learned from the development of OCHIN's Patient Engagement Panel (PEP). OCHIN supports a national network of more than 300 community health centers (CHCs) and other primary care settings that serve over 1.5 million patients annually across nearly 20 states. The PEP was conceived in 2009 to harness the CHC tradition of patient engagement in this new era of patient-centered outcomes research and to ensure that patients were engaged throughout the life cycle of our research projects, from conception to dissemination. Developed by clinicians and researchers within our practice-based research network, recruitment of patients to serve as PEP members began in early 2012. The PEP currently has a membership of 18 patients from 3 states. Over the past 24 months, the PEP has been involved with 12 projects. We describe developing the PEP and challenges and lessons learned (eg, recruitment, funding model, creating value for patient partners, compensation). These lessons learned are relevant not only for research but also for patient engagement in quality improvement efforts and other clinical initiatives. © Copyright 2015 by the American Board of Family Medicine.

Lessons Learnt from the Westgate Shopping Mall Terrorist Attack in Nairobi, Kenya: Involving the Meetings, Incentives, Conferences and Exhibitions Sector in Crisis Communications

Directory of Open Access Journals (Sweden)

Ashley Schroeder

2014-11-01

Full Text Available The terrorist attacks in Nairobi Kenya have been widely disseminated by the world media, thus, affecting the long-term interests of stakeholders. The tourism industry is made up of a vast number of these stakeholders, with the operating sector alone including the accommodation, tourism services, transportation, entertainment, food services, adventure and outdoor recreation, attractions, meetings, incentive, conventions, and exhibitions (MICE, and travel trade sectors. Within each operating sector, there is also a variety of different stakeholders in various segments and organisations. The purpose of this manuscript is to examine tourism crisis communications surrounding the Westgate Shopping Mall attacks in Kenya. The main research question which guided this study was: did tourism communications surrounding the Westgate Shopping Mall attacks follow best practices for tourism crisis communications? Accordingly, this paper used participant observation to highlight communications surrounding the attacks from the perspective of a conference planner and a conference attendee.

Lessons from Japan: Resilience after Tokyo and Fukushima

Directory of Open Access Journals (Sweden)

Michelle L. Spencer

2013-01-01

Full Text Available In the spring of 1995 Japan experienced the world’s first major terrorist attack using chemical weapons by a little-known religious cult called Aum Shinrikyo. The attack on the Tokyo subway, which killed 13 people, was the first lethal case of a non-state actor using a chemical agent against a civilian population. In March 2011, following a 9.0 magnitude earthquake in Japan, the Fukushima Daiichi nuclear reactor experienced a full meltdown releasing radiation into the surrounding area. The seemingly unhurried government reaction provided conflicting information to Japanese citizens, slowing evacuation and protective actions. Government failure is cited as a significant factor in the severity of the nuclear disaster in three investigations conducted after the incident. This article defines resilience and raises the question of whether the U.S. government has the ability to address the issues raised by the two case studies. There are four primary lessons of these two case studies from Japan: Trust is essential; two-way communications are vital; someone or something will always unexpectedly fail to act appropriately, while others will provide surprising support and; finally, recovery is long-term.

Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

NARCIS (Netherlands)

Gadyatskaya, Olga; Jhawar, Ravi; Kordy, P.T.; Lounis, Karim; Mauw, Sjouke; Trujillo-Rasua, Rolando

2016-01-01

In this tool demonstration paper we present the ADTool2.0: an open-source software tool for design, manipulation and analysis of attack trees. The tool supports ranking of attack scenarios based on quantitative attributes entered by the user; it is scriptable; and it incorporates attack trees with

The work-averse cyber attacker model : theory and evidence from two million attack signatures

NARCIS (Netherlands)

Allodi, L.; Massacci, F.; Williams, J.

The typical cyber attacker is assumed to be all powerful and to exploit all possible vulnerabilities. In this paper we present, and empirically validate, a novel and more realistic attacker model. The intuition of our model is that an attacker will optimally choose whether to act and weaponize a new

Web server attack analyzer

OpenAIRE

Mižišin, Michal

2013-01-01

Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are charact...

Network Protection Against DDoS Attacks

Directory of Open Access Journals (Sweden)

Petr Dzurenda

2015-03-01

Full Text Available The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS. The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS, especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

Attack Tree Generation by Policy Invalidation

DEFF Research Database (Denmark)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

2015-01-01

through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based......Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified...... on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps....

Terrorists and Suicide Attacks

National Research Council Canada - National Science Library

Cronin, Audrey K

2003-01-01

Suicide attacks by terrorist organizations have become more prevalent globally, and assessing the threat of suicide attacks against the United States and its interests at home and abroad has therefore...

Stochastic Model of TCP SYN Attacks

Directory of Open Access Journals (Sweden)

Simona Ramanauskaitė

2011-08-01

Full Text Available A great proportion of essential services are moving into internet space making the threat of DoS attacks even more actual. To estimate the real risk of some kind of denial of service (DoS attack in real world is difficult, but mathematical and software models make this task easier. In this paper we overview the ways of implementing DoS attack models and offer a stochastic model of SYN flooding attack. It allows evaluating the potential threat of SYN flooding attacks, taking into account both the legitimate system flow as well as the possible attack power. At the same time we can assess the effect of such parameters as buffer capacity, open connection storage in the buffer or filte­ring efficiency on the success of different SYN flooding attacks. This model can be used for other type of memory depletion denial of service attacks.Article in Lithuanian

Attack Trees with Sequential Conjunction

NARCIS (Netherlands)

Jhawar, Ravi; Kordy, Barbara; Mauw, Sjouke; Radomirović, Sasa; Trujillo-Rasua, Rolando

2015-01-01

We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of

Heart attack first aid

Science.gov (United States)

First aid - heart attack; First aid - cardiopulmonary arrest; First aid - cardiac arrest ... A heart attack occurs when the blood flow that carries oxygen to the heart is blocked. The heart muscle ...

Investigating the Possibility to Individualize Asthma Attack Therapy Based on Attack Severity and Patient Characteristics

Directory of Open Access Journals (Sweden)

Sárkány Zoltán

2016-03-01

Full Text Available Introduction: The objective of this study was to investigate with the help of a computerized simulation model whether the treatment of an acute asthma attack can be individualized based on the severity of the attack and the characteristics of the patient. Material and Method: A stochastic lung model was used to simulate the deposition of 1 nm - 10 μm particles during a mild and a moderate asthma attack. Breathing parameters were varied to maximize deposition, and simulation results were compared with those obtained in the case of a severe asthma attack. In order to investigate the effect of height on the deposition of inhaled particles, another series of simulations was carried out with identical breathing parameters, comparing patient heights of 155 cm, 175 cm and 195 cm. Results: The optimization process yielded an increase in the maximum deposition values of around 6-7% for each type of investigated asthma attack, and the difference between attacks of different degree of severity was around 5% for both the initial and the optimized values, a higher degree of obstruction increasing the amount of deposited particles. Conclusions: Our results suggest that the individualization of asthma attack treatment cannot be based on particles of different size, as the highest deposited fraction in all three types of attacks can be obtained using 0.01 μm particles. The use of a specific set of breathing parameters yields a difference between a mild and a moderate, as well as a moderate and a severe asthma attack of around 5%.

Analytical Characterization of Internet Security Attacks

Science.gov (United States)

Sellke, Sarah H.

2010-01-01

Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

Development of concept-based physiology lessons for biomedical engineering undergraduate students.

Science.gov (United States)

Nelson, Regina K; Chesler, Naomi C; Strang, Kevin T

2013-06-01

Physiology is a core requirement in the undergraduate biomedical engineering curriculum. In one or two introductory physiology courses, engineering students must learn physiology sufficiently to support learning in their subsequent engineering courses and careers. As preparation for future learning, physiology instruction centered on concepts may help engineering students to further develop their physiology and biomedical engineering knowledge. Following the Backward Design instructional model, a series of seven concept-based lessons was developed for undergraduate engineering students. These online lessons were created as prerequisite physiology training to prepare students to engage in a collaborative engineering challenge activity. This work is presented as an example of how to convert standard, organ system-based physiology content into concept-based content lessons.

Licensing issues in the context of terrorist attacks on nuclear power plants

International Nuclear Information System (INIS)

Danwitz, T. von

2002-01-01

The terrorist attack on the World Trade Center in September 2001 has prompted enhanced nuclear risk awareness among the German population. But in the current public debate about the safety of nuclear power plants in Germany in times of new dimensions of danger, aspects such as the role of the constitutional law, the German Atomic Energy Act, and the regulatory system governing nuclear power plant licensing in the context of protection and safety have not been addressed. The author therefore discusses the German nuclear power plant licensing law and administrative regime, elaborating on the significance attributed in those bodies of law to risks like terrorist attacks on nuclear power plants. (orig./CB) [de

Anger attacks in obsessive compulsive disorder

Directory of Open Access Journals (Sweden)

Nitesh Prakash Painuly

2011-01-01

Full Text Available Background: Research on anger attacks has been mostly limited to depression, and only a few studies have focused on anger attacks in obsessive compulsive disorder. Materials and Methods: In a cross-sectional study all new obsessive compulsive disorder patients aged 20-60 years attending an outpatient clinic were assessed using the anger attack questionnaire, irritability, depression and anxiety scale (for the direction of the aggressive behavior and quality of life (QOL. Results: The sample consisted of 42 consecutive subjects with obsessive compulsive disorder, out of which 21 (50% had anger attacks. The obsessive compulsive disorder subjects with and without anger attacks did not show significant differences in terms of sociodemographic variables, duration of illness, treatment, and family history. However, subjects with anger attacks had significantly higher prevalence of panic attacks and comorbid depression. Significantly more subjects with anger attacks exhibited aggressive acts toward spouse, parents, children, and other relatives in the form of yelling and threatening to hurt, trying to hurt, and threatening to leave. However, the two groups did not differ significantly in terms of QOL, except for the psychological domain being worse in the subjects with anger attacks. Conclusion: Anger attacks are present in half of the patients with obsessive compulsive disorder, and they correlate with the presence of comorbid depression.

Level I center triage and mass casualties.

Science.gov (United States)

Hoey, Brian A; Schwab, C William

2004-05-01

The world has been marked by a recent series of high-profile terrorist attacks, including the attack of September 11, 2001, in New York City. Similar to natural disasters, these attacks often result in a large number of casualties necessitating triage strategies. The end of the twentieth century was marked by the development of trauma systems in the United States and abroad. By their very nature, trauma centers are best equipped to handle mass casualties resulting from natural and manmade disasters. Triage assessment tools and scoring systems have evolved to facilitate this triage process and to potentially reduce the morbidity and mortality associated with these events.

Seven Deadliest Social Network Attacks

CERN Document Server

Timm, Carl

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting social networks? Then you need Seven Deadliest Social Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Social Networking Infrastruct

Pericarditis - after heart attack

Science.gov (United States)

... include: A previous heart attack Open heart surgery Chest trauma A heart attack that has affected the thickness of your heart muscle Symptoms Symptoms include: Anxiety Chest pain from the swollen pericardium rubbing on the ...

Impact of the Implementation of Information Technology on the Center for Army Lessons Learned

National Research Council Canada - National Science Library

Wizner, Anthony

2001-01-01

.... This research evaluates the impact that the implementation of an Information Technology infrastructure has had on the efficiency of Army's Lessons Learned Process and the overall effectiveness...

WILD PIG ATTACKS ON HUMANS

Energy Technology Data Exchange (ETDEWEB)

Mayer, J.

2013-04-12

Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.

Cache timing attacks on recent microarchitectures

DEFF Research Database (Denmark)

Andreou, Alexandres; Bogdanov, Andrey; Tischhauser, Elmar Wolfgang

2017-01-01

Cache timing attacks have been known for a long time, however since the rise of cloud computing and shared hardware resources, such attacks found new potentially devastating applications. One prominent example is S$A (presented by Irazoqui et al at S&P 2015) which is a cache timing attack against...... AES or similar algorithms in virtualized environments. This paper applies variants of this cache timing attack to Intel's latest generation of microprocessors. It enables a spy-process to recover cryptographic keys, interacting with the victim processes only over TCP. The threat model is a logically...... separated but CPU co-located attacker with root privileges. We report successful and practically verified applications of this attack against a wide range of microarchitectures, from a two-core Nehalem processor (i5-650) to two-core Haswell (i7-4600M) and four-core Skylake processors (i7-6700). The attack...

The Cyber-Physical Attacker

DEFF Research Database (Denmark)

Vigo, Roberto

2012-01-01

The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...... the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security...

Forensics Investigation of Web Application Security Attacks

OpenAIRE

Amor Lazzez; Thabet Slimani

2015-01-01

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the sec...

Adaptive cyber-attack modeling system

Science.gov (United States)

Gonsalves, Paul G.; Dougherty, Edward T.

2006-05-01

The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for more systematic software attacks from organized entities. Much effort and focus has been placed on preventing and ameliorating network and OS attacks, a concomitant emphasis is required to address protection of mission critical software. Typical software protection technique and methodology evaluation and verification and validation (V&V) involves the use of a team of subject matter experts (SMEs) to mimic potential attackers or hackers. This manpower intensive, time-consuming, and potentially cost-prohibitive approach is not amenable to performing the necessary multiple non-subjective analyses required to support quantifying software protection levels. To facilitate the evaluation and V&V of software protection solutions, we have designed and developed a prototype adaptive cyber attack modeling system. Our approach integrates an off-line mechanism for rapid construction of Bayesian belief network (BN) attack models with an on-line model instantiation, adaptation and knowledge acquisition scheme. Off-line model construction is supported via a knowledge elicitation approach for identifying key domain requirements and a process for translating these requirements into a library of BN-based cyber-attack models. On-line attack modeling and knowledge acquisition is supported via BN evidence propagation and model parameter learning.

Predicting Factors of Zone 4 Attack in Volleyball.

Science.gov (United States)

Costa, Gustavo C; Castro, Henrique O; Evangelista, Breno F; Malheiros, Laura M; Greco, Pablo J; Ugrinowitsch, Herbert

2017-06-01

This study examined 142 volleyball games of the Men's Super League 2014/2015 seasons in Brazil from which we analyzed 24-26 games of each participating team, identifying 5,267 Zone 4 attacks for further analysis. Within these Zone 4 attacks, we analyzed the association between the effect of the attack carried out and the separate effects of serve reception, tempo and type of attack. We found that the reception, tempo of attack, second tempo of attack, and power of diagonal attack were predictors of the attack effect in Zone 4. Moreover, placed attacks showed a tendency to not yield a score. In conclusion, winning points in high-level men's volleyball requires excellent receptions, a fast attack tempo and powerfully executed of attacks.

Crisis communication. Lessons from 9/11.

Science.gov (United States)

Argenti, Paul

2002-12-01

The sheer enormity of last year's terrorist attacks on the World Trade Center and the Pentagon gave new meaning to the term "crisis management." Suddenly, companies near Ground Zero, as well as those more than a thousand miles away, needed a plan. Because the disasters disrupted established channels not only between businesses and customers but between businesses and employees, internal crisis-communications strategies that could be quickly implemented became a key responsibility of top management. Without these strategies, employees' trauma and confusion might have immobilized their firms and set their customers adrift. In this article, executives from a range of industries talk about how their companies, including Morgan Stanley, Oppenheimer Funds, American Airlines, Verizon, the New York Times, Dell, and Starbucks, went about restoring operations and morale. From his interviews with these individuals, author and management professor Paul Argenti was able to distill a number of lessons, each of which, he says, may "serve as guideposts for any company facing a crisis that undermines its employees' composure, confidence, or concentration." His advice to senior executives includes: Maintain high levels of visibility, so that employees are certain of top management's command of the situation and concern; establish contingency communication channels and work sites; strive to keep employees focused on the business itself, because a sense of usefulness enhances morale and good morale enhances usefulness; and ensure that employees have absorbed the firm's values, which will guide them as they cope with the unpredictable. The most forward-thinking leaders realize that managing a crisis-communications program requires the same dedication and resources they give to other dimensions of their business. More important, they realize that their employees always come first.

Attack Potential Evaluation in Desktop and Smartphone Fingerprint Sensors: Can They Be Attacked by Anyone?

Directory of Open Access Journals (Sweden)

Ines Goicoechea-Telleria

2018-01-01

Full Text Available The use of biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on the security manufacturers offer when protecting our privileges and private life. It is well known that it is possible to hack into a fingerprint sensor using fake fingers made of Play-Doh and other easy-to-obtain materials but to what extent? Is this true for all users or only for specialists with a deep knowledge on biometrics? Are smartphone fingerprint sensors as reliable as desktop sensors? To answer these questions, we performed 3 separate evaluations. First, we evaluated 4 desktop fingerprint sensors of different technologies by attacking them with 7 different fake finger materials. All of them were successfully attacked by an experienced attacker. Secondly, we carried out a similar test on 5 smartphones with embedded sensors using the most successful materials, which also hacked the 5 sensors. Lastly, we gathered 15 simulated attackers with no background in biometrics to create fake fingers of several materials, and they had one week to attack the fingerprint sensors of the same 5 smartphones, with the starting point of a short video with the techniques to create them. All 5 smartphones were successfully attacked by an inexperienced attacker. This paper will provide the results achieved, as well as an analysis on the attack potential of every case. All results are given following the metrics of the standard ISO/IEC 30107-3.

Overview of DOS attacks on wireless sensor networks and experimental results for simulation of interference attacks

Directory of Open Access Journals (Sweden)

Željko Gavrić

2018-01-01

Full Text Available Wireless sensor networks are now used in various fields. The information transmitted in the wireless sensor networks is very sensitive, so the security issue is very important. DOS (denial of service attacks are a fundamental threat to the functioning of wireless sensor networks. This paper describes some of the most common DOS attacks and potential methods of protection against them. The case study shows one of the most frequent attacks on wireless sensor networks – the interference attack. In the introduction of this paper authors assume that the attack interference can cause significant obstruction of wireless sensor networks. This assumption has been proved in the case study through simulation scenario and simulation results.

Securing internet by eliminating DDOS attacks

Science.gov (United States)

Niranchana, R.; Gayathri Devi, N.; Santhi, H.; Gayathri, P.

2017-11-01

The major threat caused to the authorised usage of Internet is Distributed Denial of Service attack. The mechanisms used to prevent the DDoS attacks are said to overcome the attack’s ability in spoofing the IP packets source addresses. By utilising Internet Protocol spoofing, the attackers cause a consequential load over the networks destination for policing attack packets. To overcome the IP Spoofing level on the Internet, We propose an Inter domain Packet Filter (IPF) architecture. The proposed scheme is not based on global routing information. The packets with reliable source addresses are not rejected, the IPF frame work works in such a manner. The spoofing capability of attackers is confined by IPF, and also the filter identifies the source of an attack packet by minimal number of candidate network.

Plants under dual attack

NARCIS (Netherlands)

Ponzio, C.A.M.

2016-01-01

Though immobile, plants are members of complex environments, and are under constant threat from a wide range of attackers, which includes organisms such as insect herbivores or plant pathogens. Plants have developed sophisticated defenses against these attackers, and include chemical responses

New attacks on Wi-Fi Protected Setup

OpenAIRE

Hamed Mohtadi; Alireza Rahimi

2015-01-01

Wi-Fi Protected Setup (WPS) is a network security standard that is used to secure networks in home and office, introduced in 2006 by the Wi-Fi Alliance. It provides easier configuration setup and is used in almost all recent Wi-Fi devices. In this paper we propose two attacks on this standard. The first attack is an offline brute force attack that uses imbalance on registration protocol. This attack needs user action, but it is more efficient than previous attacks. The second attack uses weak...

A Game Theoretic Approach to Cyber Attack Prediction

Energy Technology Data Exchange (ETDEWEB)

Peng Liu

2005-11-28

The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.

Beyond the Art Lesson: Free-Choice Learning Centers

Science.gov (United States)

Werth, Laurie

2010-01-01

In this article, the author emphasizes that by providing learning centers in the art studio environment and by providing "free-choice time," art educators can encourage and reinforce the natural learning styles of students. Learning centers give elementary students the freedom to pursue individual artistic expression. They give students an…

Invisible Trojan-horse attack

DEFF Research Database (Denmark)

Sajeed, Shihan; Minshull, Carter; Jain, Nitin

2017-01-01

We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance...

Radiological attacks and accidents. Medical consequences

International Nuclear Information System (INIS)

Sakuta, Hidenari

2007-01-01

Probability of the occurrence of radiological attacks appears to be elevated after the terrorist attacks against the United States on September 11 in 2001. There are a lot of scenarios of radiological attack: simple radiological device, radiological disperse device (RDD or dirty bomb), attacks against nuclear reactor, improvised nuclear device, and nuclear weapons. Of these, RDD attack is the most probable scenario, because it can be easily made and can generate enormous psychological and economic damages. Radiological incidents are occurring to and fro in the world, including several cases of theft to nuclear facilities and unsuccessful terrorist attacks against them. Recently, a former Russian spy has allegedly been killed using polonium-210. In addition, serious radiological accidents have occurred in Chernobyl, Goiania, and Tokai-mura. Planning, preparation, education, and training exercise appear to be essential factors to cope with radiological attacks and accidents effectively without feeling much anxiety. Triage and psychological first aid are prerequisite to manage and provide effective medial care for mass casualties without inducing panic. (author)

Script-viruses Attacks on UNIX OS

Directory of Open Access Journals (Sweden)

D. M. Mikhaylov

2010-06-01

Full Text Available In this article attacks on UNIX OS are considered. Currently antivirus developers are concentrated on protecting systems from viruses that are most common and attack popular operating systems. If the system or its components are not often attacked then the antivirus products are not protecting these components as it is not profitable. The same situation is with script-viruses for UNIX OS as most experts consider that it is impossible for such viruses to get enough rights to attack. Nevertheless the main conclusion of this article is the fact that such viruses can be very powerful and can attack systems and get enough rights.

Kinematic Analysis of Volleyball Attack in the Net Center with Various Types of Take-Off.

Science.gov (United States)

Zahálka, František; Malý, Tomáš; Malá, Lucia; Ejem, Miloslav; Zawartka, Marek

2017-09-01

The aim of the study was to describe and compare kinematics in two types of execution of attack hit, the goofy approach and regular approach. The research group consisted of players from the Czech Republic's top league (n = 12, age 28.0 ± 4.3 years, body height 196.6 ± 5.6 cm, body mass 89.7 ± 6.7 kg) divided into two groups according to the individual type of approach in the attack. Analysis of movement was performed by 3D kinematics video analysis, space coordinates were calculated by the DLT (Direct Linear Transformation) method together with interpretation software TEMA Bio 2.3 (Image Systems AB, Sweden). The players started their run-up from a distance of about 4 - 4.5 m from the net with similar maximal vertical velocity (2.91 - 2.96 m⋅s -1 ). The trajectory of players with goofy approach seemed to be convenient for the rotation of shoulders and hips in the moment of ball contact. Differences between both groups were observed. Players with a goofy approach had a longer flight phase compared to regularly approaching players.

A control center design revisited: learning from users’ appropriation

DEFF Research Database (Denmark)

Souza da Conceição, Carolina; Cordeiro, Cláudia

2014-01-01

This paper aims to present the lessons learned during a control center design project by revisiting another control center from the same company designed two and a half years before by the same project team. In light of the experience with the first project and its analysis, the designers and res...

Hybrid attacks on model-based social recommender systems

Science.gov (United States)

Yu, Junliang; Gao, Min; Rong, Wenge; Li, Wentao; Xiong, Qingyu; Wen, Junhao

2017-10-01

With the growing popularity of the online social platform, the social network based approaches to recommendation emerged. However, because of the open nature of rating systems and social networks, the social recommender systems are susceptible to malicious attacks. In this paper, we present a certain novel attack, which inherits characteristics of the rating attack and the relation attack, and term it hybrid attack. Furtherly, we explore the impact of the hybrid attack on model-based social recommender systems in multiple aspects. The experimental results show that, the hybrid attack is more destructive than the rating attack in most cases. In addition, users and items with fewer ratings will be influenced more when attacked. Last but not the least, the findings suggest that spammers do not depend on the feedback links from normal users to become more powerful, the unilateral links can make the hybrid attack effective enough. Since unilateral links are much cheaper, the hybrid attack will be a great threat to model-based social recommender systems.

An Analysis of Attacks on Blockchain Consensus

OpenAIRE

Bissias, George; Levine, Brian Neil; Ozisik, A. Pinar; Andresen, Gavin

2016-01-01

We present and validate a novel mathematical model of the blockchain mining process and use it to conduct an economic evaluation of the double-spend attack, which is fundamental to all blockchain systems. Our analysis focuses on the value of transactions that can be secured under a conventional double-spend attack, both with and without a concurrent eclipse attack. Our model quantifies the importance of several factors that determine the attack's success, including confirmation depth, attacke...

Automated classification of computer network attacks

CSIR Research Space (South Africa)

Van Heerden, R

2013-11-01

Full Text Available according to the relevant types of attack scenarios depicted in the ontology. The two network attack instances are the Distributed Denial of Service attack on SpamHaus in 2013 and the theft of 42 million Rand ($6.7 million) from South African Postbank...

Cyber Attacks and Combat Behavior

Directory of Open Access Journals (Sweden)

Carataș Maria Alina

2017-01-01

Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.

High angle-of-attack aerodynamics of a strake-canard-wing V/STOL fighter configuration

Science.gov (United States)

Durston, D. A.; Schreiner, J. A.

1983-01-01

High angle-of-attack aerodynamic data are analyzed for a strake-canard-wing V/STOL fighter configuration. The configuration represents a twin-engine supersonic V/STOL fighter aircraft which uses four longitudinal thrust-augmenting ejectors to provide vertical lift. The data were obtained in tests of a 9.39 percent scale model of the configuration in the NASA Ames 12-Foot Pressure Wind Tunnel, at a Mach number of 0.2. Trimmed aerodynamic characteristics, longitudinal control power, longitudinal and lateral/directional stability, and effects of alternate strake and canard configurations are analyzed. The configuration could not be trimmed (power-off) above 12 deg angle of attack because of the limited pitch control power and the high degree of longitudinal instability (28 percent) at this Mach number. Aerodynamic center location was found to be controllable by varying strake size and canard location without significantly affecting lift and drag. These configuration variations had relatively little effect on the lateral/directional stability up to 10 deg angle of attack.

Attacks on public telephone networks: technologies and challenges

Science.gov (United States)

Kosloff, T.; Moore, Tyler; Keller, J.; Manes, Gavin W.; Shenoi, Sujeet

2003-09-01

Signaling System 7 (SS7) is vital to signaling and control in America's public telephone networks. This paper describes a class of attacks on SS7 networks involving the insertion of malicious signaling messages via compromised SS7 network components. Three attacks are discussed in detail: IAM flood attacks, redirection attacks and point code spoofing attacks. Depending on their scale of execution, these attacks can produce effects ranging from network congestion to service disruption. Methods for detecting these denial-of-service attacks and mitigating their effects are also presented.

Defense and attack of complex and dependent systems

International Nuclear Information System (INIS)

Hausken, Kjell

2010-01-01

A framework is constructed for how to analyze the strategic defense of an infrastructure subject to attack by a strategic attacker. Merging operations research, reliability theory, and game theory for optimal analytical impact, the optimization program for the defender and attacker is specified. Targets can be in parallel, series, combined series-parallel, complex, k-out-of-n redundancy, independent, interdependent, and dependent. The defender and attacker determine how much to invest in defending versus attacking each of multiple targets. A target can have economic, human, and symbolic values, subjectively assessed by the defender and attacker. A contest success function determines the probability of a successful attack on each target, dependent on the investments by the defender and attacker into each target, and on characteristics of the contest. The defender minimizes the expected damage plus the defense costs. The attacker maximizes the expected damage minus the attack costs. Each agent is concerned about how his investments vary across the targets, and the impact on his utilities. Interdependent systems are analyzed where the defense and attack on one target impacts all targets. Dependent systems are analyzed applying Markov analysis and repeated games where a successful attack on one target in the first period impacts the unit costs of defense and attack, and the contest intensity, for the other target in the second period.

Defense and attack of complex and dependent systems

Energy Technology Data Exchange (ETDEWEB)

Hausken, Kjell, E-mail: kjell.hausken@uis.n [Faculty of Social Sciences, University of Stavanger, N-4036 Stavanger (Norway)

2010-01-15

A framework is constructed for how to analyze the strategic defense of an infrastructure subject to attack by a strategic attacker. Merging operations research, reliability theory, and game theory for optimal analytical impact, the optimization program for the defender and attacker is specified. Targets can be in parallel, series, combined series-parallel, complex, k-out-of-n redundancy, independent, interdependent, and dependent. The defender and attacker determine how much to invest in defending versus attacking each of multiple targets. A target can have economic, human, and symbolic values, subjectively assessed by the defender and attacker. A contest success function determines the probability of a successful attack on each target, dependent on the investments by the defender and attacker into each target, and on characteristics of the contest. The defender minimizes the expected damage plus the defense costs. The attacker maximizes the expected damage minus the attack costs. Each agent is concerned about how his investments vary across the targets, and the impact on his utilities. Interdependent systems are analyzed where the defense and attack on one target impacts all targets. Dependent systems are analyzed applying Markov analysis and repeated games where a successful attack on one target in the first period impacts the unit costs of defense and attack, and the contest intensity, for the other target in the second period.

Automated Generation of Attack Trees

DEFF Research Database (Denmark)

Vigo, Roberto; Nielson, Flemming; Nielson, Hanne Riis

2014-01-01

Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error-prone and impractica......Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error......-prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees...... are automatically inferred from a process algebraic specification in a syntax-directed fashion, encompassing a great many application domains and avoiding incurring systematically an exponential explosion. Moreover, we show how the standard propositional denotation of an attack tree can be used to phrase...

Pareto Efficient Solutions of Attack-Defence Trees

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Nielson, Flemming

2015-01-01

Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes, such as proba......Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes......, such as probability or cost of attacks and defences. In case of multiple parameters most analytical methods optimise one parameter at a time, e.g., minimise cost or maximise probability of an attack. Such methods may lead to sub-optimal solutions when optimising conflicting parameters, e.g., minimising cost while...... maximising probability. In order to tackle this challenge, we devise automated techniques that optimise all parameters at once. Moreover, in the case of conflicting parameters our techniques compute the set of all optimal solutions, defined in terms of Pareto efficiency. The developments are carried out...

Science Centers in the Electronic Age: Are We Doomed?

Science.gov (United States)

Russell, Robert L., Ed.; West, Robert M., Ed.

1996-01-01

This issue is a debate-discussion concerning science centers in the electronic age. The articles are based on presentations made at the Science Center World Congress (1st, Heureka, Finland, June 13-17, 1996). The four articles are: (1) "Lessons from Laboratorio dell'Immaginario Scientifico" (Andrea Bandelli); (2) "The Doom-Shaped Thing in the…

Cross-site scripting attacks procedure and Prevention Strategies

Directory of Open Access Journals (Sweden)

Wang Xijun

2016-01-01

Full Text Available Cross-site scripting attacks and defense has been the site of attack and defense is an important issue, this paper, the definition of cross-site scripting attacks, according to the current understanding of the chaos on the cross-site scripting, analyzes the causes and harm cross-site scripting attacks formation of attacks XXS complete process XSS attacks made a comprehensive analysis, and then for the web program includes Mobility there are cross-site scripting filter laxity given from ordinary users browse the web and web application developers two the defense cross-site scripting attacks effective strategy.

Heart Attack Symptoms in Women

Science.gov (United States)

... fat, cholesterol and other substances (plaque). Watch an animation of a heart attack . Many women think the ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

On the anatomy of social engineering attacks : A literature-based dissection of successful attacks

NARCIS (Netherlands)

Bullee, Jan-Willem; Montoya, L.; Pieters, Wolter; Junger, Marianne; Hartel, Pieter H.

The aim of this studywas to explore the extent towhich persuasion principles are used in successful social engineering attacks. Seventy-four scenarioswere extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenariowas split into attack steps, containing

Lessons learned bulletin

International Nuclear Information System (INIS)

1994-05-01

During the past four years, the Department of Energy -- Savannah River Operations Office and the Westinghouse Savannah River Company (WSRC) Environmental Restoration (ER) Program completed various activities ranging from waste site investigations to closure and post closure projects. Critiques for lessons learned regarding project activities are performed at the completion of each project milestone, and this critique interval allows for frequent recognition of lessons learned. In addition to project related lessons learned, ER also performs lessons learned critiques. T'he Savannah River Site (SRS) also obtains lessons learned information from general industry, commercial nuclear industry, naval nuclear programs, and other DOE sites within the complex. Procedures are approved to administer the lessons learned program, and a database is available to catalog applicable lessons learned regarding environmental remediation, restoration, and administrative activities. ER will continue to use this database as a source of information available to SRS personnel

DDOS ATTACK DETECTION SIMULATION AND HANDLING MECHANISM

Directory of Open Access Journals (Sweden)

Ahmad Sanmorino

2013-11-01

Full Text Available In this study we discuss how to handle DDoS attack that coming from the attacker by using detection method and handling mechanism. Detection perform by comparing number of packets and number of flow. Whereas handling mechanism perform by limiting or drop the packets that detected as a DDoS attack. The study begins with simulation on real network, which aims to get the real traffic data. Then, dump traffic data obtained from the simulation used for detection method on our prototype system called DASHM (DDoS Attack Simulation and Handling Mechanism. From the result of experiment that has been conducted, the proposed method successfully detect DDoS attack and handle the incoming packet sent by attacker.

Model checking exact cost for attack scenarios

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Nielson, Flemming

2017-01-01

Attack trees constitute a powerful tool for modelling security threats. Many security analyses of attack trees can be seamlessly expressed as model checking of Markov Decision Processes obtained from the attack trees, thus reaping the benefits of a coherent framework and a mature tool support....... However, current model checking does not encompass the exact cost analysis of an attack, which is standard for attack trees. Our first contribution is the logic erPCTL with cost-related operators. The extended logic allows to analyse the probability of an event satisfying given cost bounds and to compute...... the exact cost of an event. Our second contribution is the model checking algorithm for erPCTL. Finally, we apply our framework to the analysis of attack trees....

Risk factors for persistence of lower respiratory symptoms among community members exposed to the 2001 World Trade Center terrorist attacks

Science.gov (United States)

Jordan, Hannah T; Friedman, Stephen M; Reibman, Joan; Goldring, Roberta M; Miller Archie, Sara A; Ortega, Felix; Alper, Howard; Shao, Yongzhao; Maslow, Carey B; Cone, James E; Farfel, Mark R; Berger, Kenneth I

2017-01-01

Objectives We studied the course of lower respiratory symptoms (LRS; cough, wheeze or dyspnoea) among community members exposed to the 9/11/2001 World Trade Center (WTC) attacks during a period of 12–13 years following the attacks, and evaluated risk factors for LRS persistence, including peripheral airway dysfunction and post-traumatic stress disorder (PTSD). Methods Non-smoking adult participants in a case-control study of post-9/11-onset LRS (exam 1, 2008–2010) were recruited for follow-up (exam 2, 2013–2014). Peripheral airway function was assessed with impulse oscillometry measures of R5 and R5-20. Probable PTSD was a PTSD checklist score ≥44 on a 2006–2007 questionnaire. Results Of 785 exam 1 participants, 545 (69%) completed exam 2. Most (321, 59%) were asymptomatic at all assessments. Among 192 participants with initial LRS, symptoms resolved for 110 (57%) by exam 2, 55 (29%) had persistent LRS and 27 (14%) had other patterns. The proportion with normal spirometry increased from 65% at exam 1 to 85% at exam 2 in the persistent LRS group (p<0.01) and was stable among asymptomatic participants and those with resolved LRS. By exam 2, spirometry results did not differ across symptom groups; however, R5 and R5-20 abnormalities were more common among participants with persistent LRS (56% and 46%, respectively) than among participants with resolved LRS (30%, p<0.01; 27%, p=0.03) or asymptomatic participants (20%, p<0.001; 8.2%, p<0.001). PTSD, R5 at exam 1, and R5-20 at exam 1 were each independently associated with persistent LRS. Conclusions Peripheral airway dysfunction and PTSD may contribute to LRS persistence. Assessment of peripheral airway function detected pulmonary damage not evident on spirometry. Mental and physical healthcare for survivors of complex environmental disasters should be coordinated carefully. PMID:28341697

NETWORK SECURITY ATTACKS. ARP POISONING CASE STUDY

Directory of Open Access Journals (Sweden)

Luminiţa DEFTA

2010-12-01

Full Text Available Arp poisoning is one of the most common attacks in a switched network. A switch is a network device that limits the ability of attackers that use a packet sniffer to gain access to information from internal network traffic. However, using ARP poisoning the traffic between two computers can be intercepted even in a network that uses switches. This method is known as man in the middle attack. With this type of attack the affected stations from a network will have invalid entries in the ARP table. Thus, it will contain only the correspondence between the IP addresses of the stations from the same network and a single MAC address (the station that initiated the attack. In this paper we present step by step the initiation of such an attack in a network with three computers. We will intercept the traffic between two stations using the third one (the attacker.

Understanding How Components of Organisations Contribute to Attacks

DEFF Research Database (Denmark)

Gu, Min; Aslanyan, Zaruhi; Probst, Christian W.

2016-01-01

Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is diffi......Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors...... is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However......, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model...

[Warning symptoms of asthma attack and asthma self-management: a national asthma control survey from China].

Science.gov (United States)

Lin, J T; Wang, W Q; Zhou, X; Wang, C Z; Huang, M; Cai, S X; Chen, P; Lin, Q C; Zhou, J Y; Gu, Y H; Yuan, Y D; Sun, D J; Yang, X H; Yang, L; Huo, J M; Chen, Z C; Jiang, P; Zhang, J; Ye, X W; Liu, H G; Tang, H P; Liu, R Y; Liu, C T; Zhang, W; Hu, C P; Chen, Y Q; Liu, X J; Dai, L M; Zhou, W; Huang, Y J; Xu, J Y

2017-08-08

Objective: To investigate warning symptoms of asthma attack and evaluate asthma self-management status of asthma patients in urban China. Methods: A multi-center, cross-sectional, questionnaire-based survey was carried out from 30 general hospitals dispersed in 30 provinces of mainland China (except for Tibet) during Oct 2015 to May 2016. Information of frequency and warning symptoms of asthma attack, the time from warning symptoms to asthma attack, the impact of asthma attack and asthma self-management were collected from asthma patients of outpatient department. Results: Altogether 3 875 asthmatic outpatients were recruited. 78.1% (3 026/3 875) of the patients reported restriction of exercise and daily activities during asthma exacerbation. 82.5% (3 160/3 829) of the patients had warning symptoms before asthma attack, the most common warning symptoms were cough, chest tightness and shortness of breath. The median time from warning symptoms to asthma attack was 2 h, the mean time was 90 h. Only 4.4% (167/3 829) of the patients had definite confidence to control asthma when symptoms deteriorated. 76.7% (2 937/3 828) of the patients used medications to control asthma when asthma symptoms deteriorated. Medication choice: inhaled corticosteroid (ICS) + formoterol 45.8% (1 776/3 875), short-acting beta-agonist (SABA) 23.9% (927/3 875). Conclusions: Most asthma patients have warning symptoms before asthma attack, the most common symptoms are cough, chest tightness and shortness of breath. The proportion of patients conducting effective asthma self-management remains low.

Attack Graph Construction for Security Events Analysis

Directory of Open Access Journals (Sweden)

Andrey Alexeevich Chechulin

2014-09-01

Full Text Available The paper is devoted to investigation of the attack graphs construction and analysis task for a network security evaluation and real-time security event processing. Main object of this research is the attack modeling process. The paper contains the description of attack graphs building, modifying and analysis technique as well as overview of implemented prototype for network security analysis based on attack graph approach.

Risk-based decision making for staggered bioterrorist attacks : resource allocation and risk reduction in "reload" scenarios.

Energy Technology Data Exchange (ETDEWEB)

Lemaster, Michelle Nicole; Gay, David M. (Sandia National Laboratories, Albuquerque, NM); Ehlen, Mark Andrew (Sandia National Laboratories, Albuquerque, NM); Boggs, Paul T.; Ray, Jaideep

2009-10-01

Staggered bioterrorist attacks with aerosolized pathogens on population centers present a formidable challenge to resource allocation and response planning. The response and planning will commence immediately after the detection of the first attack and with no or little information of the second attack. In this report, we outline a method by which resource allocation may be performed. It involves probabilistic reconstruction of the bioterrorist attack from partial observations of the outbreak, followed by an optimization-under-uncertainty approach to perform resource allocations. We consider both single-site and time-staggered multi-site attacks (i.e., a reload scenario) under conditions when resources (personnel and equipment which are difficult to gather and transport) are insufficient. Both communicable (plague) and non-communicable diseases (anthrax) are addressed, and we also consider cases when the data, the time-series of people reporting with symptoms, are confounded with a reporting delay. We demonstrate how our approach develops allocations profiles that have the potential to reduce the probability of an extremely adverse outcome in exchange for a more certain, but less adverse outcome. We explore the effect of placing limits on daily allocations. Further, since our method is data-driven, the resource allocation progressively improves as more data becomes available.

Automated Discovery of Mimicry Attacks

National Research Council Canada - National Science Library

Giffin, Jonathon T; Jha, Somesh; Miller, Barton P

2006-01-01

.... These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model...

Experimental Flight Characterization of Spin Stabilized Projectiles at High Angle of Attack

Science.gov (United States)

2017-08-07

impact point prediction for applications such as high-arcing, spin-stabilized munitions. 15. SUBJECT TERMS aerodynamics, spark range, spin...angles of attack increase the delivery error due to poor fire-control solutions (i.e., understanding the relationship between the gun pointing angle and...of downrange travel ) is also evident in the horizontal data. Fig. 3 Center-of-gravity motion The rolling motion is captured in Fig. 4. These

Workplace response of companies exposed to the 9/11 World Trade Center attack: a focus-group study

Science.gov (United States)

North, Carol S.; Pfefferbaum, Betty; Hong, Barry A.; Gordon, Mollie R.; Kim, You-Seung; Lind, Lisa; Pollio, David E.

2014-01-01

The terrorist attacks of 11 September 2001 (9/11) left workplaces in pressing need of a mental health response capability. Unaddressed emotional sequelae may be devastating to the productivity and economic stability of a company’s workforce. In the second year after the attacks, 85 employees of five highly affected agencies participated in 12 focus groups to discuss workplace mental health issues. Managers felt ill prepared to manage the magnitude and the intensity of employees’ emotional responses. Rapid return to work, provision of workplace mental health services, and peer support were viewed as contributory to emotional recovery. Formal mental health services provided were perceived as insufficient. Drawing on their post-9/11 workplace experience, members of these groups identified practical measures that they found helpful in promoting healing outside of professional mental health services. These measures, consistent with many principles of psychological first aid, may be applied by workplace leaders who are not mental health professionals. PMID:23066661

Transforming Graphical System Models to Graphical Attack Models

DEFF Research Database (Denmark)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

2016-01-01

Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations...... approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset....

When Sinuses Attack! (For Kids)

Science.gov (United States)

... First Aid & Safety Doctors & Hospitals Videos Recipes for Kids Kids site Sitio para niños How the Body Works ... Search English Español When Sinuses Attack! KidsHealth / For Kids / When Sinuses Attack! What's in this article? What ...

Heart Attack

Science.gov (United States)

... properly causes your body's blood sugar levels to rise, increasing your risk of heart attack. Metabolic syndrome. This occurs when you have obesity, high blood pressure and high blood sugar. Having metabolic ...

Software-based Microarchitectural Attacks

OpenAIRE

Gruss, Daniel

2017-01-01

Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual ...

Institutionalizing planning, enactment and reflection of daily lessons through appropriate organizational restructuring

NARCIS (Netherlands)

Raval, Harini; McKenney, Susan; Pieters, Julius Marie

2011-01-01

This study describes a professional development program aimed at supporting para-teachers in an Indian educational NGO to adopt learner-centered approaches. Organizational factors inhibiting para-teacher learning were modified. A routine of lesson planning before, and reflection after daily

Integrating cyber attacks within fault trees

International Nuclear Information System (INIS)

Nai Fovino, Igor; Masera, Marcelo; De Cian, Alessio

2009-01-01

In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

Integrating cyber attacks within fault trees

Energy Technology Data Exchange (ETDEWEB)

Nai Fovino, Igor [Joint Research Centre - EC, Institute for the Protection and Security of the Citizen, Ispra, VA (Italy)], E-mail: igor.nai@jrc.it; Masera, Marcelo [Joint Research Centre - EC, Institute for the Protection and Security of the Citizen, Ispra, VA (Italy); De Cian, Alessio [Department of Electrical Engineering, University di Genova, Genoa (Italy)

2009-09-15

In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

Attack and Vulnerability Penetration Testing: FreeBSD

Directory of Open Access Journals (Sweden)

Abdul Hanan Abdullah

2013-07-01

Full Text Available Computer system security has become a major concern over the past few years. Attacks, threasts or intrusions, against computer system and network have become commonplace events. However, there are some system devices and other tools that are available to overcome the threat of these attacks. Currently, cyber attack is a major research and inevitable. This paper presents some steps of penetration in FreeBSD operating system, some tools and new steps to attack used in this experiment, probes for reconnaissance, guessing password via brute force, gaining privilege access and flooding victim machine to decrease availability. All these attacks were executed and infiltrate within the environment of Intrusion Threat Detection Universiti Teknologi Malaysia (ITD UTM data set. This work is expected to be a reference for practitioners to prepare their systems from Internet attacks.

Superposition Attacks on Cryptographic Protocols

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

2011-01-01

of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security......Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold $t$ in the standard model is secure against superposition attacks if and only if the threshold is lowered to $t/2$. We use this result to give zero-knowledge proofs for all of NP in the common reference...

The Use of Lesson Study Combined with Content Representation in the Planning of Physics Lessons During Field Practice to Develop Pedagogical Content Knowledge

Science.gov (United States)

Juhler, Martin Vogt

2016-08-01

Recent research, both internationally and in Norway, has clearly expressed concerns about missing connections between subject-matter knowledge, pedagogical competence and real-life practice in schools. This study addresses this problem within the domain of field practice in teacher education, studying pre-service teachers' planning of a Physics lesson. Two means of intervention were introduced. The first was lesson study, which is a method for planning, carrying out and reflecting on a research lesson in detail with a learner and content-centered focus. This was used in combination with a second means, content representations, which is a systematic tool that connects overall teaching aims with pedagogical prompts. Changes in teaching were assessed through the construct of pedagogical content knowledge (PCK). A deductive coding analysis was carried out for this purpose. Transcripts of pre-service teachers' planning of a Physics lesson were coded into four main PCK categories, which were thereafter divided into 16 PCK sub-categories. The results showed that the intervention affected the pre-service teachers' potential to start developing PCK. First, they focused much more on categories concerning the learners. Second, they focused far more uniformly in all of the four main categories comprising PCK. Consequently, these differences could affect their potential to start developing PCK.

Recurrent spontaneous attacks of dizziness.

Science.gov (United States)

Lempert, Thomas

2012-10-01

This article describes the common causes of recurrent vertigo and dizziness that can be diagnosed largely on the basis of history. Ninety percent of spontaneous recurrent vertigo and dizziness can be explained by six disorders: (1) Ménière disease is characterized by vertigo attacks, lasting 20 minutes to several hours, with concomitant hearing loss, tinnitus, and aural fullness. Aural symptoms become permanent during the course of the disease. (2) Attacks of vestibular migraine may last anywhere from minutes to days. Most patients have a previous history of migraine headaches, and many experience migraine symptoms during the attack. (3) Vertebrobasilar TIAs affect older adults with vascular risk factors. Most attacks last less than 1 hour and are accompanied by other symptoms from the posterior circulation territory. (4) Vestibular paroxysmia is caused by vascular compression of the eighth cranial nerve. It manifests itself with brief attacks of vertigo that recur many times per day, sometimes with concomitant cochlear symptoms. (5) Orthostatic hypotension causes brief episodes of dizziness lasting seconds to a few minutes after standing up and is relieved by sitting or lying down. In older adults, it may be accompanied by supine hypertension. (6) Panic attacks usually last minutes, occur in specific situations, and are accompanied by choking, palpitations, tremor, heat, and anxiety. Less common causes of spontaneous recurrent vertigo and dizziness include perilymph fistula, superior canal dehiscence, autoimmune inner ear disease, otosclerosis, cardiac arrhythmia, and medication side effects. Neurologists need to venture into otolaryngology, internal medicine, and psychiatry to master the differential diagnosis of recurrent dizziness.

Plasma Control of Separated Flows on Delta Wings at High Angles of Attack

Science.gov (United States)

2009-03-18

of Attack 5a. CONTRACT NUMBER ISTC Registration No: 3646 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Dr. Anatoly Alexandrovich...NUMBER(S) ISTC 06-7002 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution is unlimited. 13. SUPPLEMENTARY...This work is supported financially by EOARD and performed under the agreement with the International Science and Technology Center ( ISTC ), Moscow

Breathing Life into Engineering: A Lesson Study Life Science Lesson

Science.gov (United States)

Lawrence, Maria; Yang, Li-Ling; Briggs, May; Hession, Alicia; Koussa, Anita; Wagoner, Lisa

2016-01-01

A fifth grade life science lesson was implemented through a lesson study approach in two fifth grade classrooms. The research lesson was designed by a team of four elementary school teachers with the goal of emphasizing engineering practices consistent with the "Next Generation Science Standards" (NGSS) (Achieve Inc. 2013). The fifth…

Shark Attack Project - Marine Attack at Towed Hydrophone Arrays

National Research Council Canada - National Science Library

Kalmijn, Adrianus J

2005-01-01

The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...

Novel Method For Low-Rate Ddos Attack Detection

Science.gov (United States)

Chistokhodova, A. A.; Sidorov, I. D.

2018-05-01

The relevance of the work is associated with an increasing number of advanced types of DDoS attacks, in particular, low-rate HTTP-flood. Last year, the power and complexity of such attacks increased significantly. The article is devoted to the analysis of DDoS attacks detecting methods and their modifications with the purpose of increasing the accuracy of DDoS attack detection. The article details low-rate attacks features in comparison with conventional DDoS attacks. During the analysis, significant shortcomings of the available method for detecting low-rate DDoS attacks were found. Thus, the result of the study is an informal description of a new method for detecting low-rate denial-of-service attacks. The architecture of the stand for approbation of the method is developed. At the current stage of the study, it is possible to improve the efficiency of an already existing method by using a classifier with memory, as well as additional information.

Heart Attack

Science.gov (United States)

... family history of heart attack race – African Americans, Mexican Americans, Native Americans, and native Hawaiians are at ... Your doctor will prescribe the medicines that are right for you. If you have had a heart ...

Automatic Classification of Attacks on IP Telephony

Directory of Open Access Journals (Sweden)

Jakub Safarik

2013-01-01

Full Text Available This article proposes an algorithm for automatic analysis of attack data in IP telephony network with a neural network. Data for the analysis is gathered from variable monitoring application running in the network. These monitoring systems are a typical part of nowadays network. Information from them is usually used after attack. It is possible to use an automatic classification of IP telephony attacks for nearly real-time classification and counter attack or mitigation of potential attacks. The classification use proposed neural network, and the article covers design of a neural network and its practical implementation. It contains also methods for neural network learning and data gathering functions from honeypot application.

Further attacks on Yeung-Mintzer fragile watermarking scheme

Science.gov (United States)

Fridrich, Jessica; Goljan, Miroslav; Memon, Nasir D.

2000-05-01

In this paper, we describe new and improved attacks on the authentication scheme previously proposed by Yeung and Mintzer. Previous attacks assumed that the binary watermark logo inserted in an image for the purposes of authentication was known. Here we remove that assumption and show how the scheme is still vulnerable, even if the binary logo is not known but the attacker has access to multiple images that have been watermarked with the same secret key and contain the same (but unknown) logo. We present two attacks. The first attack infers the secret watermark insertion function and the binary logo, given multiple images authenticated with the same key and containing the same logo. We show that a very good approximation to the logo and watermark insertion function can be constructed using as few as two images. With color images, one needs many more images, nevertheless the attack is still feasible. The second attack we present, which we call the 'collage-attack' is a variation of the Holliman-Memon counterfeiting attack. The proposed variation does not require knowledge of the watermark logo and produces counterfeits of superior quality by means of a suitable dithering process that we develop.

Pareto Efficient Solution of Attack-Defence Trees

NARCIS (Netherlands)

Aslanyan, Zaruhi; Nielson, Flemming

Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes, such as

Genetic attack on neural cryptography.

Science.gov (United States)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-03-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

Genetic attack on neural cryptography

International Nuclear Information System (INIS)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-01-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size

Genetic attack on neural cryptography

Science.gov (United States)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-03-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

Attacks on the AJPS Mersenne-based cryptosystem

NARCIS (Netherlands)

K. de Boer (Koen); L. Ducas (Léo); S. Jeffery (Stacey); R. M. de Wolf (Ronald)

2018-01-01

textabstractAggarwal, Joux, Prakash and Santha recently introduced a new potentially quantum-safe public-key cryptosystem, and suggested that a brute-force attack is essentially optimal against it. They consider but then dismiss both Meet-in-the-Middle attacks and LLL-based attacks. Very soon after

The political attack ad

Directory of Open Access Journals (Sweden)

Palma Peña-Jiménez, Ph.D.

2011-01-01

Full Text Available During election campaigns the political spot has a clear objective: to win votes. This message is communicated to the electorate through television and Internet, and usually presents a negative approach, which includes a direct critical message against the opponent, rather than an exposition of proposals. This article is focused on the analysis of the campaign attack video ad purposely created to encourage the disapproval of the political opponent among voters. These ads focus on discrediting the opponent, many times, through the transmission of ad hominem messages, instead of disseminating the potential of the political party and the virtues and manifesto of its candidate. The article reviews the development of the attack ad since its first appearance, which in Spain dates back to 1996, when the famous Doberman ad was broadcast, and examines the most memorable campaign attack ads.

Robust Detection of Stepping-Stone Attacks

National Research Council Canada - National Science Library

He, Ting; Tong, Lang

2006-01-01

The detection of encrypted stepping-stone attack is considered. Besides encryption and padding, the attacker is capable of inserting chaff packets and perturbing packet timing and transmission order...

A Framework for Attack-Resilient Industrial Control Systems : Attack Detection and Controller Reconfiguration

OpenAIRE

Paridari, Kaveh; O'Mahony, Niamh; Mady, Alie El-Din; Chabukswar, Rohan; Boubekeur, Menouer; Sandberg, Henrik

2017-01-01

Most existing industrial control systems (ICSs), such as building energy management systems (EMSs), were installed when potential security threats were only physical. With advances in connectivity, ICSs are now, typically, connected to communications networks and, as a result, can be accessed remotely. This extends the attack surface to include the potential for sophisticated cyber attacks, which can adversely impact ICS operation, resulting in service interruption, equipment damage, safety c...

The molecular epidemiology of respiratory viruses associated with asthma attacks: A single-center observational study in Japan.

Science.gov (United States)

Saraya, Takeshi; Kimura, Hirokazu; Kurai, Daisuke; Ishii, Haruyuki; Takizawa, Hajime

2017-10-01

Few reports have described the significance of viral respiratory infections (VRIs) in exacerbation of asthma in adult patients. The aim of this study was to elucidate the profiles of VRIs in adult patients with asthma along with their molecular epidemiology.A cross-sectional observational study was conducted at Kyorin University Hospital from August 2012 to May 2015. To identify respiratory pathogens in inpatients and outpatients suffering from asthma attacks, RT-PCR/sequencing/phylogenetic analysis methods were applied alongside conventional microbiological methods. Phylogenetic and pairwise distance analyses of 10 viruses were performed.A total of 106 asthma attack patients enrolled in this study in both inpatient (n = 49) and outpatient (n = 57) settings. The total 106 respiratory samples were obtained from nasopharyngeal swab (n = 68) or sputum (n = 38). Among these, patients with virus alone (n = 39), virus and bacterial (n = 5), and bacterial alone (n = 5) were identified. The ratio of virus-positive patients in inpatient or outpatient to the total cases were 31.1% (n = 33) and 10.4% (n = 11), respectively. The frequency of virus-positive patients was significantly higher in inpatients (75.3%, n = 33) than in outpatients (19.3%, n = 11). Major VRIs included human rhinovirus (HRV) (n = 24), human metapneumovirus (hMPV) (n = 9), influenza virus (Inf-V) (n = 8), and respiratory syncytial virus (RSV) (n = 3) infections with seasonal variations. HRV-A and HRV-C were the most commonly detected viruses, with wide genetic divergence on phylogenetic analysis.Asthmatic exacerbations in adults are highly associated with VRIs such as HRV-A or HRV-C, hMPV, RSV, and Inf-V infections with seasonal variations and genetic divergence, but similar frequencies of VRIs occurred in asthma attack patients throughout the seasons.

The Knitting Lesson.

Science.gov (United States)

Smith, Pamela

1987-01-01

Based on Jean-Francois Millet's 1869 painting, "The Knitting Lesson," this lesson's goal is to introduce students in grades seven through nine to genre (everyday life) painting the nineteenth century. The lesson is also designed to show that some aspects of genre may be timeless. (BSR)

An Adaptive Approach for Defending against DDoS Attacks

Directory of Open Access Journals (Sweden)

Muhai Li

2010-01-01

Full Text Available In various network attacks, the Distributed Denial-of-Service (DDoS attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.

Swine-Flu Scare Offers Lessons for Study-Abroad Programs

Science.gov (United States)

Fischer, Karin

2009-01-01

Reports of swine flu have led some colleges to pull students and faculty members out of Mexico, the epicenter of the outbreak, and to cancel study-abroad programs there. But even as the number of new cases appears to be falling, the health scare offers some lasting lessons for colleges, says Gary Rhodes, director of the Center for Global Education…

Countermeasures for unintentional and intentional video watermarking attacks

Science.gov (United States)

Deguillaume, Frederic; Csurka, Gabriela; Pun, Thierry

2000-05-01

These last years, the rapidly growing digital multimedia market has revealed an urgent need for effective copyright protection mechanisms. Therefore, digital audio, image and video watermarking has recently become a very active area of research, as a solution to this problem. Many important issues have been pointed out, one of them being the robustness to non-intentional and intentional attacks. This paper studies some attacks and proposes countermeasures applied to videos. General attacks are lossy copying/transcoding such as MPEG compression and digital/analog (D/A) conversion, changes of frame-rate, changes of display format, and geometrical distortions. More specific attacks are sequence edition, and statistical attacks such as averaging or collusion. Averaging attack consists of averaging locally consecutive frames to cancel the watermark. This attack works well for schemes which embed random independent marks into frames. In the collusion attack the watermark is estimated from single frames (based on image denoising), and averaged over different scenes for better accuracy. The estimated watermark is then subtracted from each frame. Collusion requires that the same mark is embedded into all frames. The proposed countermeasures first ensures robustness to general attacks by spread spectrum encoding in the frequency domain and by the use of an additional template. Secondly, a Bayesian criterion, evaluating the probability of a correctly decoded watermark, is used for rejection of outliers, and to implement an algorithm against statistical attacks. The idea is to embed randomly chosen marks among a finite set of marks, into subsequences of videos which are long enough to resist averaging attacks, but short enough to avoid collusion attacks. The Bayesian criterion is needed to select the correct mark at the decoding step. Finally, the paper presents experimental results showing the robustness of the proposed method.

Link-layer Jamming Attacks on S-MAC

NARCIS (Netherlands)

Law, Y.W.; Hartel, Pieter H.; den Hartog, Jeremy; Havinga, Paul J.M.

2004-01-01

We argue that among denial-of-service (DoS) attacks, link-layer jamming is a more attractive option to attackers than radio jamming is. By exploiting the semantics of the link-layer protocol (aka MAC protocol), an attacker can achieve better efficiency than blindly jamming the radio signals alone.

Link-layer jamming attacks on S-MAC

NARCIS (Netherlands)

Law, Y.W.; Hartel, Pieter H.; den Hartog, Jeremy; Havinga, Paul J.M.

We argue that among denial-of-service (DoS) attacks, link-layer jamming is a more attractive option to attackers than radio jamming is. By exploiting the semantics of the link-layer protocol (aka MAC protocol), an attacker can achieve better efficiency than blindly jamming the radio signals alone.

Transforming doctor-patient relationships to promote patient-centered care: lessons from palliative care.

Science.gov (United States)

Yedidia, Michael J

2007-01-01

Palliative care was studied for its potential to yield lessons for transforming doctor-patient relationships to promote patient-centered care. Examination of patient and provider experiences of the transition from curative to palliative care promises valuable insights about establishing and maintaining trust as the goals of care shift and about addressing a broad spectrum of patient needs. The study was guided by a conceptual framework grounded in existing models to address five dimensions of doctor-patient relationships: range of needs addressed, source of authority, maintenance of trust, emotional involvement, and expression of authenticity. Data collection included observation of the care of 40 patients in the inpatient hospice unit and at home, interviews with patients and family members, and in-depth interviews with 22 physicians and two nurses providing end-of-life care. Standard qualitative procedures were used to analyze the data, incorporating techniques for maximizing the validity of the results and broadening their relevance to other contexts. Findings provide evidence for challenging prominent assumptions about possibilities for doctor-patient relationships: questioning the merits of the prohibition on emotional involvement, dependence on protocols for handling difficult communication issues, unqualified reliance on consumer empowerment to assure that care is responsive to patients' needs, and adoption of narrowly defined boundaries between medical and social service systems in caring for patients. Medical education can play a role in preparing doctors to assume new roles by openly addressing management of emotions in routine clinical work, incorporating personal awareness training, facilitating reflection on interactions with patients through use of standardized patients and videotapes, and expanding capacity to effectively address a broad range of needs through teamwork training.

A computer network attack taxonomy and ontology

CSIR Research Space (South Africa)

Van Heerden, RP

2012-01-01

Full Text Available of the attack that occur after the attack goal has been achieved, and occurs because the attacker loses control of some systems. For example, after the launch of a DDOS (Distributed Denial of Service) attack, zombie computers may still connect to the target...-scrap- value-of-a-hacked-pc-revisited/ . Lancor, L., & Workman, R. (2007). Using Google Hacking to Enhance Defense Strategies. ACM SIGCSE Bulletin, 39 (1), 491-495. Lau, F., Rubin, S. H., Smith, M. H., & Trajkovic, L. (2000). Distributed Denial of Service...

Unified communications forensics anatomy of common UC attacks

CERN Document Server

Grant, Nicholas Mr

2013-01-01

Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment. This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including: analysis of forensic artifacts in common UC attacks an in-depth look at established UC technologies and attack exploits hands-on understanding of UC attack vectors and associated countermeasures

A Square Peg in a Round Hole: A Case Study of Center Gravity Application in Counter Insurgency Warfare

Science.gov (United States)

2011-06-01

Operations," Proceedings (December 2004): 32. 28 John Mackinlay, The Insurgent Archipelago (London: C. Hurst, 2009), 10. See also Abraham H. Maslow ...Motivation and Personality, (New York: Harper & Row, 1970), 97- 104. For a description of what Maslow considers his ―Heirarchy of Needs‖. 29...of attacks, see Anthony Cordesman and Abraham Wagner, The Lessons of Modern War, Volume II: The Iran-Iraq War (Boulder, CO: Westview, 1990), 506

Attacks and countermeasures on AES and ECC

DEFF Research Database (Denmark)

Tange, Henrik; Andersen, Birger

2013-01-01

AES (Advanced Encryption Standard) is widely used in LTE and Wi-Fi communication systems. AES has recently been exposed to new attacks which have questioned the overall security of AES. The newest attack is a so called biclique attack, which is using the fact that the content of the state array...

Epidemiological findings of major chemical attacks in the Syrian war are consistent with civilian targeting: a short report.

Science.gov (United States)

Rodriguez-Llanes, Jose M; Guha-Sapir, Debarati; Schlüter, Benjamin-Samuel; Hicks, Madelyn Hsiao-Rei

2018-01-01

Evidence of use of toxic gas chemical weapons in the Syrian war has been reported by governmental and non-governmental international organizations since the war started in March 2011. To date, the profiles of victims of the largest chemical attacks in Syria remain unknown. In this study, we used descriptive epidemiological analysis to describe demographic characteristics of victims of the largest chemical weapons attacks in the Syrian war. We analysed conflict-related, direct deaths from chemical weapons recorded in non-government-controlled areas by the Violation Documentation Center, occurring from March 18, 2011 to April 10, 2017, with complete information on the victim's date and place of death, cause and demographic group. 'Major' chemical weapons events were defined as events causing ten or more direct deaths. As of April 10, 2017, a total of 1206 direct deaths meeting inclusion criteria were recorded in the dataset from all chemical weapons attacks regardless of size. Five major chemical weapons attacks caused 1084 of these documented deaths. Civilians comprised the majority ( n  = 1058, 97.6%) of direct deaths from major chemical weapons attacks in Syria and combatants comprised a minority of 2.4% ( n  = 26). In the first three major chemical weapons attacks, which occurred in 2013, children comprised 13%-14% of direct deaths, ranging in numbers from 2 deaths among 14 to 117 deaths among 923. Children comprised higher proportions of direct deaths in later major chemical weapons attacks, forming 21% ( n  = 7) of 33 deaths in the 2016 major attack and 34.8% ( n  = 32) of 92 deaths in the 2017 major attack. Our finding of an extreme disparity in direct deaths from major chemical weapons attacks in Syria, with 97.6% of victims being civilians and only 2.4% being combatants provides evidence that major chemical weapons attacks were indiscriminate or targeted civilians directly; both violations of International Humanitarian Law (IHL). Identifying and

Classifying network attack scenarios using an ontology

CSIR Research Space (South Africa)

Van Heerden, RP

2012-03-01

Full Text Available ) or to the target?s reputation. The Residue sub-phase refers to damage or artefacts of the attack that occur after the attack goal has been achieved, and occurs because the attacker loses control of some systems. For example after the launch of a DDOS..., A. (1995). Hacking theft of $10 million from citibank revealed. Retrieved 10/10, 2011, from http://articles.latimes.com/1995-08-19/business/fi-36656_1_citibank-system Hurley, E. (2004). SCO site succumbs to DDoS attack. Retrieved 10/10, 2011, from...

Modelling Social-Technical Attacks with Timed Automata

DEFF Research Database (Denmark)

David, Nicolas; David, Alexandre; Hansen, Rene Rydhof

2015-01-01

. In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks...... in our model and perform analysis and simulation of both model and attack, revealing details about the specific interaction between attacker and victim. Using timed automata also allows for intuitive modelling of systems, in which quantities like time and cost can be easily added and analysed....

Quantitative Verification and Synthesis of Attack-Defence Scenarios

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Nielson, Flemming; Parker, David

2016-01-01

analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack...... which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods...

Situational awareness of a coordinated cyber attack

Science.gov (United States)

Sudit, Moises; Stotz, Adam; Holender, Michael

2005-03-01

As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

The history of a lesson

DEFF Research Database (Denmark)

Rasmussen, Mikkel Vedby

2003-01-01

and emphasises the need to study the history of lessons rather than the lessons of history. This approach shows that Munich is the end point of a constitutive history that begins in the failure of the Versailles treaty to create a durable European order following the First World War. The Munich lesson is thus......The article investigates the concept of lessons in IR. By means of a constructivist critique of the 'lessons literature', the article analyses one of the most important of IR lessons: that of Munich. Examining how the Munich lesson came about, the article shows the praxeological nature of lessons...... one element of the lesson of Versailles, which is a praxeology that defines how the West is to make peace, and against whom peace must be defended. The lesson of Versailles has been, at least in part, constitutive of the outbreak of the Cold War, and it continues to define the Western conception...

The use of high impact practices (HIPs) on chemistry lesson design and implementation by pre-service teachers

Science.gov (United States)

Chamrat, Suthida; Apichatyotin, Nattaya; Puakanokhirun, Kittaporn

2018-01-01

The quality of lesson design is essential to learning effectiveness. Research shows some characteristics of lessons have strong effect on learning which were grouped into "High Impact Practices or HIPs. This research aims to examine the use of HIPs on chemistry lesson design as a part of Teaching Science Strand in Chemistry Concepts course. At the first round of lesson design and implementing in classroom, 14 chemistry pre-services teachers freely selected topics, designed and implemented on their own ideas. The lessons have been reflected by instructors and their peers. High Impact Practices were overtly used as the conceptual framework along with the After-Action Review and Reflection (AARR). The selected High Impact practice in this study consisted of 6 elements: well-designed lesson, vary cognitive demand/academic challenge, students center approach, opportunity of students to reflect by discussion or writing, the assignment of project based learning or task, and the lesson reflects pre-service teachers' Technological Pedagogical Content Knowledge (TPACK). The second round, pre-service teachers were encouraged to explicitly used 6 High Impact Practices in cooperated with literature review specified on focused concepts for bettering designed and implemented lessons. The data were collected from 28 lesson plans and 28 classroom observations to compare and discuss between the first and second lesson and implementation. The results indicated that High Impact Practices effect on the quality of delivered lesson. However, there are some elements that vary on changes which were detailed and discussed in this research article.

Lessons from the History of Quarantine, from Plague to Influenza A

Centers for Disease Control (CDC) Podcasts

2013-05-08

Reginald Tucker reads an abridged version of the Emerging Infectious Diseases’ Historical Review, Lessons from the History of Quarantine, from Plague to Influenza A.  Created: 5/8/2013 by National Center for Emerging and Zoonotic Infectious Diseases (NCEZID).   Date Released: 5/15/2013.

Anti-discrimination Analysis Using Privacy Attack Strategies

KAUST Repository

Ruggieri, Salvatore

2014-09-15

Social discrimination discovery from data is an important task to identify illegal and unethical discriminatory patterns towards protected-by-law groups, e.g., ethnic minorities. We deploy privacy attack strategies as tools for discrimination discovery under hard assumptions which have rarely tackled in the literature: indirect discrimination discovery, privacy-aware discrimination discovery, and discrimination data recovery. The intuition comes from the intriguing parallel between the role of the anti-discrimination authority in the three scenarios above and the role of an attacker in private data publishing. We design strategies and algorithms inspired/based on Frèchet bounds attacks, attribute inference attacks, and minimality attacks to the purpose of unveiling hidden discriminatory practices. Experimental results show that they can be effective tools in the hands of anti-discrimination authorities.

Conduct of Occupational Health During Major Disasters: A Comparison of Literature on Occupational Health Issues in the World Trade Center Terrorist Attack and the Fukushima Nuclear Power Plant Accident.

Science.gov (United States)

Toyoda, Hiroyuki; Mori, Koji

2017-01-01

Workers who respond to large-scale disasters can be exposed to health hazards that do not exist in routine work. It is assumed that learning from past cases is effective for preparing for and responding to such problems, but published information is still insufficient. Accordingly, we conducted a literature review about the health issues and occupational health activities at the World Trade Center (WTC) terrorist attack and at the Fukushima Nuclear Power Plant accident to investigate how occupational health activities during disasters should be conducted. Seven studies about the WTC attack were extracted and categorized into the following topics: "in relation to emergency systems including occupational health management"; "in relation to improvement and prevention of health effects and occupational hygiene"; and "in relation to care systems aimed at mitigating health effects." Studies about the Fukushima Nuclear Power Plant accident have been used in a previous review. We conclude that, to prevent health effects in workers who respond to large-scale disasters, it is necessary to incorporate occupational health regulations into the national response plan, and to develop practical support functions that enable support to continue for an extended period, training systems for workers with opportunities to report accidents, and care systems to mitigate the health effects.

Lesson Learning at JPL

Science.gov (United States)

Oberhettinger, David

2011-01-01

A lessons learned system is a hallmark of a mature engineering organization A formal lessons learned process can help assure that valuable lessons get written and published, that they are well-written, and that the essential information is "infused" into institutional practice. Requires high-level institutional commitment, and everyone's participation in gathering, disseminating, and using the lessons

Cyberprints: Identifying Cyber Attackers by Feature Analysis

Science.gov (United States)

Blakely, Benjamin A.

2012-01-01

The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

Simulation of Attacks for Security in Wireless Sensor Network.

Science.gov (United States)

Diaz, Alvaro; Sanchez, Pablo

2016-11-18

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node's software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.

Simulation of Attacks for Security in Wireless Sensor Network

Science.gov (United States)

Diaz, Alvaro; Sanchez, Pablo

2016-01-01

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node’s software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work. PMID:27869710

Using agility to combat cyber attacks.

Science.gov (United States)

Anderson, Kerry

2017-06-01

Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

Women's Heart Disease: Heart Attack Symptoms

Science.gov (United States)

... of this page please turn JavaScript on. Feature: Women's Heart Disease Heart Attack Symptoms Past Issues / Winter ... most common heart attack symptom in men and women is chest pain or discomfort. However, women also ...

A novel proposed network security management approach for cyber attacks

International Nuclear Information System (INIS)

Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

2007-01-01

Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

Adaptive optimisation-offline cyber attack on remote state estimator

Science.gov (United States)

Huang, Xin; Dong, Jiuxiang

2017-10-01

Security issues of cyber-physical systems have received increasing attentions in recent years. In this paper, deception attacks on the remote state estimator equipped with the chi-squared failure detector are considered, and it is assumed that the attacker can monitor and modify all the sensor data. A novel adaptive optimisation-offline cyber attack strategy is proposed, where using the current and previous sensor data, the attack can yield the largest estimation error covariance while ensuring to be undetected by the chi-squared monitor. From the attacker's perspective, the attack is better than the existing linear deception attacks to degrade the system performance. Finally, some numerical examples are provided to demonstrate theoretical results.

Cyber-physical attacks a growing invisible threat

CERN Document Server

Loukas, George

2015-01-01

Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building's lights, make a car veer off the road,  or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism. The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Perpetrators can now cause damage without the same risk, and without the political, social, or moral

Hospitalizations for asthma among adults exposed to the September 11, 2001 World Trade Center terrorist attack.

Science.gov (United States)

Miller-Archie, Sara A; Jordan, Hannah T; Alper, Howard; Wisnivesky, Juan P; Cone, James E; Friedman, Stephen M; Brackbill, Robert M

2018-04-01

We described the patterns of asthma hospitalization among persons exposed to the 2001 World Trade Center (WTC) attacks, and assessed whether 9/11-related exposures or comorbidities, including posttraumatic stress disorder (PTSD) and gastroesophageal reflux symptoms (GERS), were associated with an increased rate of hospitalization. Data for adult enrollees in the WTC Health Registry, a prospective cohort study, with self-reported physician-diagnosed asthma who resided in New York State on 9/11 were linked to administrative hospitalization data to identify asthma hospitalizations during September 11, 2001-December 31, 2010. Multivariable zero-inflated Poisson regression was used to examine associations among 9/11 exposures, comorbid conditions, and asthma hospitalizations. Of 11 471 enrollees with asthma, 406 (3.5%) had ≥1 asthma hospitalization during the study period (721 total hospitalizations). Among enrollees diagnosed before 9/11 (n = 6319), those with PTSD or GERS had over twice the rate of hospitalization (adjusted rate ratio (ARR) = 2.5, 95% CI = 1.4-4.1; ARR = 2.1, 95% CI = 1.3-3.2, respectively) compared to those without. This association was not statistically significant in enrollees diagnosed after 9/11. Compared to higher educational attainment, completing less than college was associated with an increased hospitalization rate among participants with both pre-9/11- and post-9/11-onset asthma (ARR = 1.9, 95% CI = 1.2-2.9; ARR = 2.6, 95% CI = 1.6-4.1, respectively). Sinus symptoms, exposure to the dust cloud, and having been a WTC responder were not associated with asthma hospitalization. Among enrollees with pre-9/11 asthma, comorbid PTSD and GERS were associated with an increase in asthma hospitalizations. Management of these comorbidities may be an important factor in preventing hospitalization.

Use of Attack Graphs in Security Systems

Directory of Open Access Journals (Sweden)

Vivek Shandilya

2014-01-01

Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

A fatal elephant attack.

Science.gov (United States)

Hejna, Petr; Zátopková, Lenka; Safr, Miroslav

2012-01-01

A rare case of an elephant attack is presented. A 44-year-old man working as an elephant keeper was attacked by a cow elephant when he tripped over a foot chain while the animal was being medically treated. The man fell down and was consequently repeatedly attacked with elephant tusks. The man sustained multiple stab injuries to both groin regions, a penetrating injury to the abdominal wall with traumatic prolapse of the loops of the small bowel, multiple defects of the mesentery, and incomplete laceration of the abdominal aorta with massive bleeding into the abdominal cavity. In addition to the penetrating injuries, the man sustained multiple rib fractures with contusion of both lungs and laceration of the right lobe of the liver, and comminuted fractures of the pelvic arch and left femoral body. The man died shortly after he had been received at the hospital. The cause of death was attributed to traumatic shock. © 2011 American Academy of Forensic Sciences.

Lessons, open questions, and future prospects

Directory of Open Access Journals (Sweden)

Grupe D.

2012-12-01

Full Text Available We summarize some of the highlights of this workshop, the first of its kind dedicated to observing and modeling the tidal disruption of stars by black holes in the centers of galaxies (or star clusters. We review the lessons learned from recent observations and from theory and identify outstanding questions and areas where more theoretical and observational work is needed. We also consider upcoming observing facilities that can be used to study tidal disruption events and speculate what these new facilities may contribute to the field.

Cyber Attacks, Information Attacks, and Postmodern Warfare

Directory of Open Access Journals (Sweden)

Valuch Jozef

2017-06-01

Full Text Available The aim of this paper is to evaluate and differentiate between the phenomena of cyberwarfare and information warfare, as manifestations of what we perceive as postmodern warfare. We describe and analyse the current examples of the use the postmodern warfare and the reactions of states and international bodies to these phenomena. The subject matter of this paper is the relationship between new types of postmodern conflicts and the law of armed conflicts (law of war. Based on ICJ case law, it is clear that under current legal rules of international law of war, cyber attacks as well as information attacks (often performed in the cyberspace as well can only be perceived as “war” if executed in addition to classical kinetic warfare, which is often not the case. In most cases perceived “only” as a non-linear warfare (postmodern conflict, this practice nevertheless must be condemned as conduct contrary to the principles of international law and (possibly a crime under national laws, unless this type of conduct will be recognized by the international community as a “war” proper, in its new, postmodern sense.

False Positive and False Negative Effects on Network Attacks

Science.gov (United States)

Shang, Yilun

2018-01-01

Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

Machine Learning Methods for Attack Detection in the Smart Grid.

Science.gov (United States)

Ozay, Mete; Esnaola, Inaki; Yarman Vural, Fatos Tunay; Kulkarni, Sanjeev R; Poor, H Vincent

2016-08-01

Attack detection problems in the smart grid are posed as statistical learning problems for different attack scenarios in which the measurements are observed in batch or online settings. In this approach, machine learning algorithms are used to classify measurements as being either secure or attacked. An attack detection framework is provided to exploit any available prior knowledge about the system and surmount constraints arising from the sparse structure of the problem in the proposed approach. Well-known batch and online learning algorithms (supervised and semisupervised) are employed with decision- and feature-level fusion to model the attack detection problem. The relationships between statistical and geometric properties of attack vectors employed in the attack scenarios and learning algorithms are analyzed to detect unobservable attacks using statistical learning methods. The proposed algorithms are examined on various IEEE test systems. Experimental analyses show that machine learning algorithms can detect attacks with performances higher than attack detection algorithms that employ state vector estimation methods in the proposed attack detection framework.

Transient Ischemic Attack

Medline Plus

Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...

Application distribution model and related security attacks in VANET

Science.gov (United States)

Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

2013-03-01

In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

Nonepileptic attack disorder among married women.

Science.gov (United States)

Dhanaraj, M; Rangaraj, R; Arulmozhi, T; Vengatesan, A

2005-06-01

To study the clinical features, precipitating stressful life events and prognosis of nonepileptic attack disorder (NEAD) among married women. Prospective cohort study with 1-year follow-up. A tertiary care teaching hospital. Of the 1020 patients with epilepsy referred to the epilepsy clinic during 2002-2003, 30 were married women with NEAD. The diagnostic criteria for NEAD included normal EEG during ictal and post-ictal phase of the generalized 'attack.' The data collected included clinical characteristics, semiology of the attacks, precipitating stressful events, and co-morbid psychiatric disorders. The control group included 30 age-matched married women with generalized tonic-clonic seizures. The long-term outcome and factors influencing the outcomes were analyzed. The mean duration of illness was 18 months, and the pattern of the attack was 'fall and lying still' in 53% and 'fall with generalized motor movements' in 47%. The frequency was one or more per week in 57% and occasionally in 43%. The important stressful events were matrimonial discord following illegal relationship of the husband with another woman (chi2 = 9.02, P = 0.003) and constant quarrel with other family members (chi2 = 5.19, P = 0.02). The prevalence of sexual abuse was low (7%). Co-morbid psychiatric disorder was observed in 70%. At the end of 1 year, 39% were free from the attack. Resolution of the stressful life events (chi2 = 4.52, P = 0.03) and lower frequency of attack at the time of reporting (chi2 = 3.88, P = 0.05) correlated with good outcomes. Among patients with NEAD in India, the major precipitating factors were matrimonial discord following illegal relationship of the husband with another woman and constant quarrel with other family members and not sexual abuse. Women with low frequency of attack at the time of reporting and the remission of the stressful events had better outcomes.

Subclinical endophthalmitis following a rooster attack.

Science.gov (United States)

Lekse Kovach, Jaclyn; Maguluri, Srilakshmi; Recchia, Franco M

2006-12-01

Ocular injury resulting from rooster attacks is rarely reported in the literature. Sadly, the target of these attacks is most often children younger than 3 years old, whose naiveté of the aggressive, territorial behavior of birds can place them at risk. Acute sequelae of these attacks can result in a lifetime of visual impairment. The possibility of a subacute or occult infection is an unusual occurrence that must always be considered. In an effort to prevent future attacks and ocular casualties, we present a case of a 12-month-old boy who suffered an open globe following a rooster attack. The open globe was emergently repaired. One week later, a white cataract was noticed on examination in the absence of systemic or ocular signs of inflammation. Traumatic endophthalmitis and lenticular abscess were suspected during examination under anesthesia. Vitrectomy, lensectomy, and injection of intravitreal antibiotics were performed. Culture of lenticular and vitreous aspirates grew alpha-streptococcus. Alpha-streptococcal endophthalmitis can result from ocular injuries caused by rooster pecking. The infection may present insidiously and without typical ocular or systemic symptoms or signs. Management is challenging and may require surgery.

Robustness analysis of interdependent networks under multiple-attacking strategies

Science.gov (United States)

Gao, Yan-Li; Chen, Shi-Ming; Nie, Sen; Ma, Fei; Guan, Jun-Jie

2018-04-01

The robustness of complex networks under attacks largely depends on the structure of a network and the nature of the attacks. Previous research on interdependent networks has focused on two types of initial attack: random attack and degree-based targeted attack. In this paper, a deliberate attack function is proposed, where six kinds of deliberate attacking strategies can be derived by adjusting the tunable parameters. Moreover, the robustness of four types of interdependent networks (BA-BA, ER-ER, BA-ER and ER-BA) with different coupling modes (random, positive and negative correlation) is evaluated under different attacking strategies. Interesting conclusions could be obtained. It can be found that the positive coupling mode can make the vulnerability of the interdependent network to be absolutely dependent on the most vulnerable sub-network under deliberate attacks, whereas random and negative coupling modes make the vulnerability of interdependent network to be mainly dependent on the being attacked sub-network. The robustness of interdependent network will be enhanced with the degree-degree correlation coefficient varying from positive to negative. Therefore, The negative coupling mode is relatively more optimal than others, which can substantially improve the robustness of the ER-ER network and ER-BA network. In terms of the attacking strategies on interdependent networks, the degree information of node is more valuable than the betweenness. In addition, we found a more efficient attacking strategy for each coupled interdependent network and proposed the corresponding protection strategy for suppressing cascading failure. Our results can be very useful for safety design and protection of interdependent networks.

Optimizing power system investments and resilience against attacks

International Nuclear Information System (INIS)

Fang, Yiping; Sansavini, Giovanni

2017-01-01

This paper studies the combination of capacity expansion and switch installation in electric systems that ensures optimum performance under nominal operations and attacks. The planner–attacker–defender model is adopted to develop decisions that minimize investment and operating costs, and functionality loss after attacks. The model bridges long-term system planning for transmission expansion and short-term switching operations in reaction to attacks. The mixed-integer optimization is solved by decomposition via two-layer cutting plane algorithm. Numerical results on an IEEE system shows that small investments in transmission line switching enhance resilience by responding to disruptions via system reconfiguration. Sensitivity analyses show that transmission planning under the assumption of small-scale attacks provides the most robust strategy, i.e. the minimum-regret planning, if many constraints and limited investment budget affect the planning. On the other hand, the assumption of large-scale attacks provides the most robust strategy if the planning process involves large flexibility and budget. - Highlights: • Investment optimization in power systems under attacks is presented. • Capacity expansion and switch installation for system reconfiguration are combined. • The problem is solved by decomposition via two-layer cutting plane algorithm. • Small investments in switch installation enhance resilience by response to attacks. • Sensitivity analyses identify robust planning against different attack scenarios.

Attacker Modelling in Ubiquitous Computing Systems

DEFF Research Database (Denmark)

Papini, Davide

in with our everyday life. This future is visible to everyone nowadays: terms like smartphone, cloud, sensor, network etc. are widely known and used in our everyday life. But what about the security of such systems. Ubiquitous computing devices can be limited in terms of energy, computing power and memory...... attacker remain somehow undened and still under extensive investigation. This Thesis explores the nature of the ubiquitous attacker with a focus on how she interacts with the physical world and it denes a model that captures the abilities of the attacker. Furthermore a quantitative implementation...

Peacetime Use of Computer Network Attack

National Research Council Canada - National Science Library

Busby, Daniel

2000-01-01

.... PDD-63 alerts the nation to prepare for impending cyber attacks. This paper examines the nature, scale, and likelihood of cyber attacks posited in PDD-63 and finds that the country does not face an imminent "electronic Pearl Harbor...

About a hypothetical terrorist attack on a nuclear power plant

International Nuclear Information System (INIS)

2001-10-01

After the terrorism attack on the World Trade Center, a record number ( two thirds) of US citizens favour the use of nuclear energy and consider nuclear plants to be safe. At the same time 59% definitely support building more nuclear plants, less than in March during the Californian crisis, but more than earlier., Most american citizens ( 84%) continue to support licence renewal for nuclear plants and 72 % agree with keeping the option open to build new nuclear plants in the future. The strongest supporters are those who have visited a nuclear plant or information centre. (N.C.)

Denial of Service Attack Techniques: Analysis, Implementation and Comparison

Directory of Open Access Journals (Sweden)

Khaled Elleithy

2005-02-01

Full Text Available A denial of service attack (DOS is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. In this paper we show the implementation and analysis of three main types of attack: Ping of Death, TCP SYN Flood, and Distributed DOS. The Ping of Death attack will be simulated against a Microsoft Windows 95 computer. The TCP SYN Flood attack will be simulated against a Microsoft Windows 2000 IIS FTP Server. Distributed DOS will be demonstrated by simulating a distribution zombie program that will carry the Ping of Death attack. This paper will demonstrate the potential damage from DOS attacks and analyze the ramifications of the damage.

Protecting people against radiation exposure in the event of a radiological attack

International Nuclear Information System (INIS)

Valentin, J.

2005-01-01

after exposure has occurred. Responders involved in recovery, remediation and eventual restoration should be subject to the usual international standards for occupational radiological protection, which are based on ICRP recommendations, including the relevant requirements for occupational dose limitation established in such standards. These restrictions may be relaxed for informed volunteers undertaking urgent rescue operations, and they are not applicable for voluntary life-saving actions. However, specific protection measures are recommended for female workers who may be pregnant or nursing an infant. The immediate countermeasures to protect the public in the rescue phase are primarily caring for people with traumatic injuries and controlling access. Subsequent actions include respiratory protection, personal decontamination, sheltering, iodine prophylaxis (if radioiodines are involved), and temporary evacuation. In the recovery phase, the relocation and resettlement of people may be needed in extreme cases. This phase may require remedial action, including cleanup, management of the resulting radioactive waste, management of any human remains containing significant amounts of radioactive substances, and dealing with remaining radioactive residues. The guidance given in relation to public protection is based solely on radiological protection considerations and should be seen as a decision-aiding tool to prepare for the aftermath of a radiological attack. It is expected to serve as input to a final decision-making process that may include other societal concerns, consideration of lessons learned in the past (especially these involving the public perception of the risks posed by radioactive contamination) and the participation of interested parties. A radiological attack could also be the cause of radioactive contamination of water, food, and other widely consumed commodities. This possible outcome is considered unlikely to lead to significant internal contamination of

Attacks on IEEE 802.11 wireless networks

Directory of Open Access Journals (Sweden)

Dejan Milan Tepšić

2013-06-01

Full Text Available Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity. Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key. WPA2 (802.11i later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption. Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated. Introduction In the entire history of

Temporal Cyber Attack Detection.

Energy Technology Data Exchange (ETDEWEB)

Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-11-01

Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

12 CFR 263.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 3 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in... shall be excused based on the pendency before any court of any interlocutory appeal or collateral attack. ...

12 CFR 509.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 5 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding....17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is... shall be excused based on the pendency before any court of any interlocutory appeal or collateral attack. ...

Detection of complex cyber attacks

Science.gov (United States)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

Vulnerability Assessment by Learning Attack Specifications in Graphs

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Lopes, Raul H.C.

This paper presents an evolutionary approach for learning attack specifications that describe attack scenarios. The objective is to find vulnerabilities in computer networks which minimise the cost of an attack with maximum impact. Although we focus on Insider Threat, the proposed approach applies

Attack Tree Generation by Policy Invalidation

NARCIS (Netherlands)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, René Rydhof; Kammüller, Florian; Naeem Akram, R.; Jajodia, S.

2015-01-01

Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identi﬿cation. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identi﬿ed

Neural network classifier of attacks in IP telephony

Science.gov (United States)

Safarik, Jakub; Voznak, Miroslav; Mehic, Miralem; Partila, Pavol; Mikulec, Martin

2014-05-01

Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

SCADA system vulnerabilities to cyber attack

Energy Technology Data Exchange (ETDEWEB)

Shaw, W. T. [Cyber Security Consulting (Canada)

2004-10-01

The susceptibility to terrorist attacks of computer-based supervisory control (SCADA) systems that are used to monitor and control water distribution systems, oil and gas pipelines and the electrical grid, is discussed. The discussion includes ways in which SCADA systems may be attacked and remedial actions that may be taken to reduce or eliminate the possibility of such attacks. Attacks may take the form of causing the system to generate false data to divert attention from impending system disasters, or commandeer the system to seriously disable it, or cause damage to the process or equipment being controlled by sending improper control commands. SCADA systems are also vulnerable to internal threats, either from an accidental action that results in damage, or an intentional action, as for example by a disgruntled employee, or ex-employee, usually by way of reprogramming an RTU or PLC by accessing the polling/communications circuit. Recent SCADA systems are much more susceptible to concerted cyber attacks because of the adoption of IT technologies and standards into the design of such systems. (Older systems are more likely to be unique designs, hence less susceptible to attack). As far as protection of SCADA systems is concerned, there are no technologies that would prevent a technologically sophisticated terrorist or disgruntled employee from doing major damage to the system, however, the IT world has developed a range of technologies for the protection of IT assets, and many of these same technologies can also be used to safeguard modern SCADA systems.

Combating Memory Corruption Attacks On Scada Devices

Science.gov (United States)

Bellettini, Carlo; Rrushi, Julian

Memory corruption attacks on SCADA devices can cause significant disruptions to control systems and the industrial processes they operate. However, despite the presence of numerous memory corruption vulnerabilities, few, if any, techniques have been proposed for addressing the vulnerabilities or for combating memory corruption attacks. This paper describes a technique for defending against memory corruption attacks by enforcing logical boundaries between potentially hostile data and safe data in protected processes. The technique encrypts all input data using random keys; the encrypted data is stored in main memory and is decrypted according to the principle of least privilege just before it is processed by the CPU. The defensive technique affects the precision with which attackers can corrupt control data and pure data, protecting against code injection and arc injection attacks, and alleviating problems posed by the incomparability of mitigation techniques. An experimental evaluation involving the popular Modbus protocol demonstrates the feasibility and efficiency of the defensive technique.

Occupational Practitioner's Role in the Management of a Crisis: Lessons Learned from the Paris November 2015 Terrorist Attack.

Science.gov (United States)

Descatha, Alexis; Huynh Tuong, Alice; Coninx, Pierre; Baer, Michel; Loeb, Thomas; Despréaux, Thomas

2016-01-01

In massive catastrophic events, occupational health practitioners are more and more frequently involved in the management of such situations. We aim to describe the multiple aspects of the role that occupational health practitioners might play, by focusing on the recent example of the Paris terrorist attack of November 2015. During and after the Paris attack, occupational practitioners, in collaboration with emergency and security professionals, were involved in psychological care, assembling information, follow-up, return-to-work, and improving in-company safety plans. Based on this experience and other industrial disasters, we distinguish three phases: the critical phase, the post-critical phase, and the anticipation phase. In the critical phase, the occupational practitioner cares for patients before the emergency professionals take charge, initiates the psychological management, and may also play an organizational role for company health aspects. In the post-critical phase, he or she would be involved in monitoring those affected by the events and participate in preventing, to the extent possible, posttraumatic stress disorder, helping victims in the return-to-work process, and improving procedures and organizing drills. In addition to their usual work of primary prevention, occupational practitioners should endeavor to improve preparedness in the anticipation phase, by taking part in contingency planning, training in first aid, and defining immediately applicable protocols. In conclusion, recent events have highlighted the essential role of occupational health services in anticipation of a crisis, management during the crisis, and follow-up.

Occupational practitioner's role in the management of a crisis: lessons learned from the Paris November 2015 terrorist attack

Directory of Open Access Journals (Sweden)

Alexis Descatha

2016-09-01

Full Text Available In massive catastrophic events, occupational health practitioners are more and more frequently involved in the management of such situations. We aim to describe the multiple aspects of the role that occupational health practitioners might play, by focusing on the recent example of the Paris terrorist attack of November 2015.During and after the Paris attack, occupational practitioners in collaboration with emergency and security professionals were involved in psychological care, assembling information, follow-up, return-to-work, and improving in-company safety plans.Based on this experience and other industrial disasters, we distinguish three phases: the critical phase, the post-critical phase, and the anticipation phase. In the critical phase, the occupational practitioner cares for patients before the emergency professionals take charge, initiates the psychological management, and may also play an organizational role for company health aspects. In the post-critical phase, he or she would be involved in monitoring those affected by the events, and participate in preventing, to the extent possible, post-traumatic stress disorder, helping victims in the return-to-work process, and improving procedures and organizing drills. In addition to their usual work of primary prevention, occupational practitioners should endeavor to improve preparedness in the anticipation phase, by taking part in contingency planning, training in first aid, and defining immediately applicable protocols.In conclusion, recent events have highlighted the essential role of occupational health services in anticipation of a crisis, management during the crisis, and follow-up.

Assessing Uncertainties in Boundary Layer Transition Predictions for HIFiRE-1 at Non-zero Angles of Attack

Science.gov (United States)

Marek, Lindsay C.

2011-01-01

Boundary layer stability was analyzed for the HIFiRE-1 flight vehicle geometry for ground tests conducted at the CUBRC LENS I hypersonic shock test facility and the Langley Research Center (LaRC) 20- inch Mach 6 Tunnel. Boundary layer stability results were compared to transition onset location obtained from discrete heat transfer measurements from thin film gauges during the CUBRC test and spatially continuous heat transfer measurements from thermal phosphor paint data during the LaRC test. The focus of this analysis was on conditions at non-zero angles of attack as stability analysis has already been performed at zero degrees angle of attack. Also, the transition onset data obtained during flight testing was at nonzero angles of attack, so this analysis could be expanded in the future to include the results of the flight test data. Stability analysis was performed using the 2D parabolized stability software suite STABL (Stability and Transition Analysis for Hypersonic Boundary Layers) developed at the University of Minnesota and the mean flow solutions were computed using the DPLR finite volume Navier-Stokes computational fluid dynamics (CFD) solver. A center line slice of the 3D mean flow solution was used for the stability analysis to incorporate the angle of attack effects while still taking advantage of the 2D STABL software suite. The N-factors at transition onset and the value of Re(sub theta)/M(sub e), commonly used to predict boundary layer transition onset, were compared for all conditions analyzed. Ground test data was analyzed at Mach 7.2 and Mach 6.0 and angles of attack of 1deg, 3deg and 5deg. At these conditions, the flow was found to be second mode dominant for the HIFiRE-1 slender cone geometry. On the leeward side of the vehicle, a strong trend of transition onset location with angle of attack was observed as the boundary layer on the leeward side of the vehicle developed inflection points at streamwise positions on the vehicle that correlated to

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

Energy Technology Data Exchange (ETDEWEB)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills, and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between

The ConocoPhillips Center for a Sustainable WE2ST (Water-Energy Education, Science, and Technology): Lessons Learned from an Innovative Research-Education-Outreach Center at Colorado School of Mines

Science.gov (United States)

Hogue, T. S.; Blaine, A. C.; Martin, A. C.

2016-12-01

, engaging in K-12 classroom activities and events, and by using websites and social media to share information. This presentation will highlight the successes and lessons learned as we enter the third year of this innovative model for a University Center.

Trace Attack against Biometric Mobile Applications

Directory of Open Access Journals (Sweden)

Sanaa Ghouzali

2016-01-01

Full Text Available With the exponential increase in the dependence on mobile devices in everyday life, there is a growing concern related to privacy and security issues in the Gulf countries; therefore, it is imperative that security threats should be analyzed in detail. Mobile devices store enormous amounts of personal and financial information, unfortunately without any security. In order to secure mobile devices against different threats, biometrics has been applied and shown to be effective. However, biometric mobile applications are also vulnerable to several types of attacks that can decrease their security. Biometric information itself is considered sensitive data; for example, fingerprints can leave traces in touched objects and facial images can be captured everywhere or accessed by the attacker if the facial image is stored in the mobile device (lost or stolen. Hence, an attacker can easily forge the identity of a legitimate user and access data on a device. In this paper, the effects of a trace attack on the sensitivity of biometric mobile applications are investigated in terms of security and user privacy. Experimental results carried out on facial and fingerprint mobile authentication applications using different databases have shown that these mobile applications are vulnerable to the proposed attack, which poses a serious threat to the overall system security and user privacy.

Limit Asthma Attacks Caused by Colds or Flu

Science.gov (United States)

Asthma: Limit asthma attacks caused by colds or flu A cold or the flu can trigger an asthma attack. Here's why — and how to keep your sneeze ... plan. If you notice warning signs of an asthma attack — such as coughing, wheezing, chest tightness or shortness ...

Quantitative Attack Tree Analysis via Priced Timed Automata

NARCIS (Netherlands)

Kumar, Rajesh; Ruijters, Enno Jozef Johannes; Stoelinga, Mariëlle Ida Antoinette; Sankaranarayanan, Sriram; Vicario, Enrico

The success of a security attack crucially depends on the resources available to an attacker: time, budget, skill level, and risk appetite. Insight in these dependencies and the most vulnerable system parts is key to providing effective counter measures. This paper considers attack trees, one of the

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

Energy Technology Data Exchange (ETDEWEB)

Djouadi, Seddik M [ORNL; Melin, Alexander M [ORNL; Ferragut, Erik M [ORNL; Laska, Jason A [ORNL; Dong, Jin [ORNL; Drira, Anis [ORNL

2015-01-01

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signals are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.

Modeling attacker-defender interactions in information networks.

Energy Technology Data Exchange (ETDEWEB)

Collins, Michael Joseph

2010-09-01

The simplest conceptual model of cybersecurity implicitly views attackers and defenders as acting in isolation from one another: an attacker seeks to penetrate or disrupt a system that has been protected to a given level, while a defender attempts to thwart particular attacks. Such a model also views all non-malicious parties as having the same goal of preventing all attacks. But in fact, attackers and defenders are interacting parts of the same system, and different defenders have their own individual interests: defenders may be willing to accept some risk of successful attack if the cost of defense is too high. We have used game theory to develop models of how non-cooperative but non-malicious players in a network interact when there is a substantial cost associated with effective defensive measures. Although game theory has been applied in this area before, we have introduced some novel aspects of player behavior in our work, including: (1) A model of how players attempt to avoid the costs of defense and force others to assume these costs; (2) A model of how players interact when the cost of defending one node can be shared by other nodes; and (3) A model of the incentives for a defender to choose less expensive, but less effective, defensive actions.

Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

DEFF Research Database (Denmark)

Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

2012-01-01

and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it....... The second aim of the paper is to simulate these attacks on hybrid MAC mechanisms, which shows the performance degradation of aWSN under the considered attacks. The modelling and implementation of the security attacks give an actual view of the network which can be useful in further investigating secure...

Lessons learned: mobile device encryption in the academic medical center.

Science.gov (United States)

Kusche, Kristopher P

2009-01-01

The academic medical center is faced with the unique challenge of meeting the multi-faceted needs of both a modern healthcare organization and an academic institution, The need for security to protect patient information must be balanced by the academic freedoms expected in the college setting. The Albany Medical Center, consisting of the Albany Medical College and the Albany Medical Center Hospital, was challenged with implementing a solution that would preserve the availability, integrity and confidentiality of business, patient and research data stored on mobile devices. To solve this problem, Albany Medical Center implemented a mobile encryption suite across the enterprise. Such an implementation comes with complexities, from performance across multiple generations of computers and operating systems, to diversity of application use mode and end user adoption, all of which requires thoughtful policy and standards creation, understanding of regulations, and a willingness and ability to work through such diverse needs.

Algebraic Side-Channel Attack on Twofish

Directory of Open Access Journals (Sweden)

Chujiao Ma

2017-05-01

Full Text Available While algebraic side-channel attack (ASCA has been successful in breaking simple cryptographic algorithms, it has never been done on larger or more complex algorithms such as Twofish. Compared to other algorithms that ASCA has been used on, Twofish is more difficult to attack due to the key-dependent S-boxes as well as the complex key scheduling. In this paper, we propose the first algebraic side-channel attack on Twofish, and examine the importance of side-channel information in getting past the key-dependent S-boxes and the complex key scheduling. The cryptographic algorithm and side-channel information are both expressed as boolean equations and a SAT solver is used to recover the key. While algebraic attack by itself is not sufficient to break the algorithm, with the help of side-channel information such as Hamming weights, we are able to correctly solve for 96 bits of the 128 bits key in under 2 hours with known plaintext/ciphertext.

On localization attacks against cloud infrastructure

Science.gov (United States)

Ge, Linqiang; Yu, Wei; Sistani, Mohammad Ali

2013-05-01

One of the key characteristics of cloud computing is the device and location independence that enables the user to access systems regardless of their location. Because cloud computing is heavily based on sharing resource, it is vulnerable to cyber attacks. In this paper, we investigate a localization attack that enables the adversary to leverage central processing unit (CPU) resources to localize the physical location of server used by victims. By increasing and reducing CPU usage through the malicious virtual machine (VM), the response time from the victim VM will increase and decrease correspondingly. In this way, by embedding the probing signal into the CPU usage and correlating the same pattern in the response time from the victim VM, the adversary can find the location of victim VM. To determine attack accuracy, we investigate features in both the time and frequency domains. We conduct both theoretical and experimental study to demonstrate the effectiveness of such an attack.

Network attacks and defenses a hands-on approach

CERN Document Server

Trabelsi, Zouheir; Al Braiki, Arwa; Mathew, Sujith Samuel

2012-01-01

The attacks on computers and business networks are growing daily, and the need for security professionals who understand how malfeasants perform attacks and compromise networks is a growing requirement to counter the threat. Network security education generally lacks appropriate textbooks with detailed, hands-on exercises that include both offensive and defensive techniques. Using step-by-step processes to build and generate attacks using offensive techniques, Network Attacks and Defenses: A Hands-on Approach enables students to implement appropriate network security solutions within a laborat

Buried Waste Integrated Demonstration lessons learned: 1993 technology demonstrations

International Nuclear Information System (INIS)

Kostelnik, K.M.; Owens, K.J.

1994-01-01

An integrated technology demonstration was conducted by the Buried Waste Integrated Demonstration (BWID) at the Idaho National Engineering Laboratory Cold Test Pit in the summer of 1993. This program and demonstration was sponsored by the US Department of Energy Office of Technology Development. The demonstration included six technologies representing a synergistic system for the characterization and retrieval of a buried hazardous waste site. The integrated technology demonstration proved very successful and a summary of the technical accomplishments is presented. Upon completion of the integrated technology demonstration, cognizant program personnel participated in a lessons learned exercise. This exercise was conducted at the Simplot Decision Support Center at Idaho State University and lessons learned activity captured additional information relative to the integration of technologies for demonstration purposes. This information will be used by BWID to enhance program planning and strengthen future technology demonstrations

SDN-Based Double Hopping Communication against Sniffer Attack

Directory of Open Access Journals (Sweden)

Zheng Zhao

2016-01-01

Full Text Available Sniffer attack has been a severe threat to network communication security. Traditional network usually uses static network configuration, which provides convenience to sniffer attack. In this paper, an SDN-based double hopping communication (DHC approach is proposed to solve this problem. In DHC, ends in communication packets as well as the routing paths are changed dynamically. Therefore, the traffic will be distributed to multiple flows and transmitted along different paths. Moreover, the data from multiple users will be mixed, bringing difficulty for attackers in obtaining and recovering the communication data, so that sniffer attack will be prevented effectively. It is concluded that DHC is able to increase the overhead of sniffer attack, as well as the difficulty of communication data recovery.

Attacks on Bluetooth Security Architecture and Its Countermeasures

Science.gov (United States)

Iqbal, Mian Muhammad Waseem; Kausar, Firdous; Wahla, Muhammad Arif

WPANs compliment the traditional IEEE 802.11 wireless networks by facilitating the clients with flexibility in network topologies, higher mobility and relaxed configuration/hardware requirements. Bluetooth, a WPAN technology, is an open standard for short-range radio frequency (RF) communication. However, it is also susceptible to typical security threats found in wireless LANs. This paper discuses some of the attack scenarios against the bluetooth network such as hostile intrusion, active Man-in-the-Middle (MITM) attack using unit key and various forms of denial of service (DoS) attacks. These threats and attacks compromise the confidentiality and availability of bluetooth data and services. This paper proposes an improved security architecture for bluetooth device which provides protection against the above mentioned attacks.

Cyber Power: Attack and Defense Lessons from Land, Sea, and Air Power

Science.gov (United States)

2011-06-01

Internet War," Cyberpsychology , Behavior , and Social Networking 13, no. 4 (2010): 450. Existing evidence suggests that some of the ethnic Russians who...34Storming the Servers: A Social Psychological Analysis of the First Internet War." Cyberpsychology , Behavior , and Social Networking 13, no. 4... Network Analysis Center, who I wholeheartedly appreciate for his time, trust, and insight as an interview subject. Trent, thank you for being so open and

An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting Attacks

Directory of Open Access Journals (Sweden)

Zheng Zhao

2017-01-01

Full Text Available Fingerprinting attacks are one of the most severe threats to the security of networks. Fingerprinting attack aims to obtain the operating system information of target hosts to make preparations for future attacks. In this paper, a fingerprint hopping method (FPH is proposed based on software-defined networks to defend against fingerprinting attacks. FPH introduces the idea of moving target defense to show a hopping fingerprint toward the fingerprinting attackers. The interaction of the fingerprinting attack and its defense is modeled as a signal game, and the equilibriums of the game are analyzed to develop an optimal defense strategy. Experiments show that FPH can resist fingerprinting attacks effectively.

Data-plane Defenses against Routing Attacks on Tor

Directory of Open Access Journals (Sweden)

Tan Henry

2016-10-01

Full Text Available Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

Rotational Rebound Attacks on Reduced Skein

DEFF Research Database (Denmark)

Khovratovich, Dmitry; Nikolic, Ivica; Rechberger, Christian

2010-01-01

In this paper we combine a recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach...

Step to improve neural cryptography against flipping attacks.

Science.gov (United States)

Zhou, Jiantao; Xu, Qinzhen; Pei, Wenjiang; He, Zhenya; Szu, Harold

2004-12-01

Synchronization of neural networks by mutual learning has been demonstrated to be possible for constructing key exchange protocol over public channel. However, the neural cryptography schemes presented so far are not the securest under regular flipping attack (RFA) and are completely insecure under majority flipping attack (MFA). We propose a scheme by splitting the mutual information and the training process to improve the security of neural cryptosystem against flipping attacks. Both analytical and simulation results show that the success probability of RFA on the proposed scheme can be decreased to the level of brute force attack (BFA) and the success probability of MFA still decays exponentially with the weights' level L. The synchronization time of the parties also remains polynomial with L. Moreover, we analyze the security under an advanced flipping attack.

Improved Impossible Differential Attacks on Large-Block Rijndael

DEFF Research Database (Denmark)

Wang, Qingju; Gu, Dawu; Rijmen, Vincent

2012-01-01

. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2198.1 chosen plaintexts, an attack is demonstrated on 9-round Rijndael-224 with 2 195.2 encryptions and 2140.4 bytes memory. Increasing the data complexity to 2216 plaintexts, the time complexity can be reduced to 2130 encryptions...... and the memory requirements to 2 93.6 bytes. For 9-round Rijndael-256, we provide an attack requiring 2229.3 chosen plaintexts, 2194 encryptions, and 2 139.6 bytes memory. Alternatively, with 2245.3 plaintexts, an attack with a reduced time of 2127.1 encryptions and a memory complexity of 290.9 bytes can...... be mounted. With 2244.2 chosen plaintexts, we can attack 10-round Rijndael-256 with 2253.9 encryptions and 2186.8 bytes of memory....

RAPTOR: Ransomware Attack PredicTOR

OpenAIRE

Quinkert, Florian; Holz, Thorsten; Hossain, KSM Tozammel; Ferrara, Emilio; Lerman, Kristina

2018-01-01

Ransomware, a type of malicious software that encrypts a victim's files and only releases the cryptographic key once a ransom is paid, has emerged as a potentially devastating class of cybercrimes in the past few years. In this paper, we present RAPTOR, a promising line of defense against ransomware attacks. RAPTOR fingerprints attackers' operations to forecast ransomware activity. More specifically, our method learns features of malicious domains by looking at examples of domains involved in...

Shark attack-related injuries: Epidemiology and implications for plastic surgeons.

Science.gov (United States)

Ricci, Joseph A; Vargas, Christina R; Singhal, Dhruv; Lee, Bernard T

2016-01-01

The increased media attention to shark attacks has led to a heightened fear and public awareness. Although few sharks are considered dangerous, attacks on humans can result in large soft tissue defects necessitating the intervention of reconstructive surgeons. This study aims to evaluate and describe the characteristics of shark-related injuries in order to improve treatment. The Global Shark Accident File, maintained by the Shark Research Institute (Princeton, NJ, USA), is a compilation of all known worldwide shark attacks. Database records since the 1900s were reviewed to identify differences between fatal and nonfatal attacks, including: geography, injury pattern, shark species, and victim activity. Since the 1900s, there have been 5034 reported shark attacks, of which 1205 (22.7%) were fatal. Although the incidence of attacks per decade has increased, the percentage of fatalities has decreased. Characteristics of fatal attacks included swimming (p = 0.001), boating (p = 0.001), three or more bite sites (p = 0.03), limb loss (p = 0.001), or tiger shark attack (p = 0.002). The most common attacks were bites to the legs (41.8%) or arms (18.4%), with limb loss occurring in 7% of attacks. Geographically, the majority of attacks occurred in North America (36.7%) and Australia (26.5%). Most attacks in the USA occurred in Florida (49.1%) and California (13.6%). Although rare, shark attacks result in devastating injuries to patients. As these injuries often involve multiple sites and limb loss, this creates a significant challenge for reconstructive surgeons. Proper identification of the characteristics of the attack can aid in providing optimal care for those affected. Copyright © 2015 British Association of Plastic, Reconstructive and Aesthetic Surgeons. Published by Elsevier Ltd. All rights reserved.

Privacy Leaks through Data Hijacking Attack on Mobile Systems

Directory of Open Access Journals (Sweden)

Zhang Daojuan

2017-01-01

Full Text Available To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices. In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack.

What Can We Learn?--The Algonquin Bear Attack.

Science.gov (United States)

Strickland, Dan

1992-01-01

Describes a bear attack in Algonquin Park in Lake Opeongo (Canada) in which a man and woman were killed. Hypothesizes that the bear deliberately preyed on its victims and concludes that the bear was physically normal. Despite this isolated attack, the chance of being attacked by a black bear when camping is virtually nonexistent. (KS)

Inoculation Policies in Response to BW Attacks: Additional Factors to Consider

International Nuclear Information System (INIS)

Leitner, P. M.

2007-01-01

When viewed on its own merits, the debate over who should be inoculated during a period of biological emergency is a rather straightforward public policy decision. The classic public policy 'balancing act' decision-making model is defaulted to as issues of fairness, efficiency, cost-effectiveness, adequacy of supply, mission performance, and constituencies are arrayed and adjudicated. This mainstream approach is appropriate as far as it goes but it also exemplifies a series of structural and perceptual weaknesses when applied to wartime or localized terrorism scenarios. In fact, the establishment of a vaccination policy appropriate to a flu pandemic falls squarely within this mainstream debate. Although the notion of a pandemic carries an assumption of a great many fatalities it does not possess the fear quotient, uncertainty, horror, unnaturalness, or inevitability of a bio-terror or biological warfare incident. As a result, the reliability and responsiveness of key personnel responding to a flu pandemic should be less of an issue than it will be in the event of an intentional man-made biological incident. The principal policy weakness in instances an intentional bio-attack stems from a generalized failure, or refusal, to systematically study the behavior of key personnel, first-responders, soldiers, or critical senior leadership during severe crises occurring in their own backyards. In other words, when the 'balloon goes up' how many of your responders and critical personnel will show up for work? This presentation considers many of the 'unaddressed' factors that experience has shown may have a determinative effect upon the efficacy of a response to a biological incident. Lessons are drawn from experiences of US forces station in the former West Germany, US Defense Department Continuity of Operations Programs, Hurricane Katrina, and the 9/11 attacks on the United States. (author)

"Evita Una Muerte, Esta en Tus Manos" Program: Bystander First Aid Training for Terrorist Attacks.

Science.gov (United States)

Pajuelo Castro, J J; Meneses Pardo, J C; Salinas Casado, P L; Hernandez Martin, P; Montilla Canet, R; Del Campo Cuesta, J L; Incera Bustio, G; Martin Ayuso, D

The latest terrorist attacks in Europe and in the rest of the world, and the military experience in the most recent conflicts leave us with several lessons learned. The most important is that the fate of the wounded rests in the hands of the one who applies the first dressing, because the victims usually die within the first 10 minutes, before professional care providers or police personnel arrive at the scene. A second lesson is that the primary cause of preventable death in these types of incidents involving explosives and firearms is massive hemorraghe. There is a need to develop a training oriented to citizens so they can identify and use available resources to avoid preventable deaths that occur in this kind of incidents, especially massive hemorrhage. A 7-hour training intervention program was developed and conducted between January and May 2017. Data were collected from participants' answers on a multiple-choice test before and after undertaking the training. Improved mean score for at least 75% of a group's members on the posttraining test was considered reflective of adequate knowledge. A total of 173 participants (n = 74 men [42.8%]; n = 99 women [57.2%]) attended the training. They were classified into three groups: a group of citizens/ first responders with no prior health training, a group of health professionals, and a group of nursing students. Significant differences (ρ first responders group. 2017.

Studies on sulfate attack: Mechanisms, test methods, and modeling

Science.gov (United States)

Santhanam, Manu

The objective of this research study was to investigate various issues pertaining to the mechanism, testing methods, and modeling of sulfate attack in concrete. The study was divided into the following segments: (1) effect of gypsum formation on the expansion of mortars, (2) attack by the magnesium ion, (3) sulfate attack in the presence of chloride ions---differentiating seawater and groundwater attack, (4) use of admixtures to mitigate sulfate attack---entrained air, sodium citrate, silica fume, and metakaolin, (5) effects of temperature and concentration of the attack solution, (6) development of new test methods using concrete specimens, and (7) modeling of the sulfate attack phenomenon. Mortar specimens using portland cement (PC) and tricalcium silicate (C 3S), with or without mineral admixtures, were prepared and immersed in different sulfate solutions. In addition to this, portland cement concrete specimens were also prepared and subjected to complete and partial immersion in sulfate solutions. Physical measurements, chemical analyses and microstructural studies were performed periodically on the specimens. Gypsum formation was seen to cause expansion of the C3S mortar specimens. Statistical analyses of the data also indicated that the quantity of gypsum was the most significant factor controlling the expansion of mortar bars. The attack by magnesium ion was found to drive the reaction towards the formation of brucite. Decalcification of the C-S-H and its subsequent conversion to the non-cementitious M-S-H was identified as the mechanism of destruction in magnesium sulfate attack. Mineral admixtures were beneficial in combating sodium sulfate attack, while reducing the resistance to magnesium sulfate attack. Air entrainment did not change the measured physical properties, but reduced the visible distress of the mortars. Sodium citrate caused a substantial reduction in the rate of damage of the mortars due to its retarding effect. Temperature and

PATIENT-CENTERED DECISION MAKING: LESSONS FROM MULTI-CRITERIA DECISION ANALYSIS FOR QUANTIFYING PATIENT PREFERENCES.

Science.gov (United States)

Marsh, Kevin; Caro, J Jaime; Zaiser, Erica; Heywood, James; Hamed, Alaa

2018-01-01

Patient preferences should be a central consideration in healthcare decision making. However, stories of patients challenging regulatory and reimbursement decisions has led to questions on whether patient voices are being considered sufficiently during those decision making processes. This has led some to argue that it is necessary to quantify patient preferences before they can be adequately considered. This study considers the lessons from the use of multi-criteria decision analysis (MCDA) for efforts to quantify patient preferences. It defines MCDA and summarizes the benefits it can provide to decision makers, identifies examples of MCDAs that have involved patients, and summarizes good practice guidelines as they relate to quantifying patient preferences. The guidance developed to support the use of MCDA in healthcare provide some useful considerations for the quantification of patient preferences, namely that researchers should give appropriate consideration to: the heterogeneity of patient preferences, and its relevance to decision makers; the cognitive challenges posed by different elicitation methods; and validity of the results they produce. Furthermore, it is important to consider how the relevance of these considerations varies with the decision being supported. The MCDA literature holds important lessons for how patient preferences should be quantified to support healthcare decision making.

Impact of Cyber Attacks on High Voltage DC Transmission Damping Control

Directory of Open Access Journals (Sweden)

Rui Fan

2018-04-01

Full Text Available Hybrid AC/HVDC (AC-HVDC grids have evolved to become huge cyber-physical systems that are vulnerable to cyber attacks because of the wide attack surface and increasing dependence on intelligent electronic devices, computing resources and communication networks. This paper, for the first time, studies the impact of cyber attacks on HVDC transmission oscillation damping control.Three kinds of cyber attack models are considered: timing attack, replay attack and false data injection attack. Followed by a brief introduction of the HVDC model and conventional oscillation damping control method, the design of three attack models is described in the paper. These attacks are tested on a modified IEEE New England 39-Bus AC-HVDC system. Simulation results have shown that all three kinds of attacks are capable of driving the AC-HVDC system into large oscillations or even unstable conditions.

How Belfius Bank's response to the terrorist attacks in Brussels helped embed business continuity in the company culture.

Science.gov (United States)

Jappens, Ludo

2017-01-01

Until 2015, major terrorist incidents in Belgium were considered a 'black swan'. However, the suicide attacks in Paris on 13th November, 2015 provided a wake-up call. Investigations revealed that the raid was prepared in Belgium by jihadists who grew up in Brussels and was coordinated by Belgian ISIS fighters in Syria. In an instant, it became clear that terror had been embedded in Belgian society and could erupt at any moment. At Belfius Bank Belgium, the subsequent months were a rollercoaster ride of terrorist-related events. Business activities were strongly affected, as the company's head office is located in the centre of Brussels. This paper focuses on the way Belfius responded to the events and how the lessons learned have helped to improve its business continuity and crisis management capability.

An avatar based education application to improve patients' knowledge of and response to heart attack symptoms: a pragmatic randomized controlled trial protocol.

Science.gov (United States)

Tongpeth, Jintana; Du, Huiyun; Clark, Robyn

2018-06-19

To evaluate the effectiveness of an interactive, avatar based education application to improve knowledge of and response to heart attack symptoms in people who are at risk of a heart attack. Poor knowledge of heart attack symptoms is recognised as a significant barrier to timely medical treatment. Numerous studies have demonstrated that technology can assist in patient education to improve knowledge and self-care. A single-center, non-blinded, two parallel groups, pragmatic randomized controlled trial. Seventy patients will be recruited from the coronary care unit of a public hospital. Eligible participants will be randomised to either the usual care or the intervention group (usual care plus avatar-based heart attack education app). The primary outcome of this study is knowledge. Secondary outcomes include response to heart attack symptoms, health service use and satisfaction. Study participants will be followed-up for six months. This study will evaluate the avatar based education app as a method to deliver vital information to patients. Participants' knowledge of and response to heart attack symptoms, as well as their health service use, will be assessed to evaluate the intervention effectiveness. This article is protected by copyright. All rights reserved. This article is protected by copyright. All rights reserved.

OPERATION COBRA. Deliberate Attack, Exploitation

Science.gov (United States)

1984-05-25

to attack Sens, then continue to Troyes , on the Seine River. CCA was in the north, crossing the Loing River at Souppes against light resistance and...advanced from Troyes and prepared positions close to Sens. Under strong artillery support, a task force from CCA (TF Oden) attacked the enemy frontally...movement towards the Seine River on 24 August with an advance toward Troyes . Facing the combat command were what remained of the 51st SS Brigade, light

Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks

Science.gov (United States)

Tyra, Adam; Li, Jingtao; Shang, Yilun; Jiang, Shuo; Zhao, Yanjun; Xu, Shouhuai

2017-09-01

Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive. This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes within some L-hop (L ≥ 0) distance of a chosen node are all deleted during one attack (with L = 0 degenerating to site percolation). Whereas, adaptive attacks are launched by attackers who can make node-selection decisions based on the network state in the beginning of each attack. The resulting characterization enriches the body of knowledge with new insights, such as: (i) the Achilles' Heel phenomenon is only valid for independent attacks, but not for dependent attacks; (ii) powerful attack strategies (e.g., targeted attacks and dependent attacks, dependent attacks and adaptive attacks) are not compatible and cannot help the attacker when used collectively. Our results shed some light on the design of robust complex networks.

Art and community health: lessons from an urban health center.

Science.gov (United States)

Siegel, Wilma Bulkin; Bartley, Mary Anne

2004-01-01

Staff at a nurse-managed urban health center conducted a series of art sessions to benefit the community. The authors believe the program's success clearly communicated the relationship between art and community health. As a result of the success of the sessions, plans are in the works to make art a permanent part of the health center's services.

Command Disaggregation Attack and Mitigation in Industrial Internet of Things

Directory of Open Access Journals (Sweden)

Peng Xun

2017-10-01

Full Text Available A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1 the command sequence is disordered and (2 disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

Command Disaggregation Attack and Mitigation in Industrial Internet of Things.

Science.gov (United States)

Xun, Peng; Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

2017-10-21

A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

Counteracting Power Analysis Attacks by Masking

Science.gov (United States)

Oswald, Elisabeth; Mangard, Stefan

The publication of power analysis attacks [12] has triggered a lot of research activities. On the one hand these activities have been dedicated toward the development of secure and efficient countermeasures. On the other hand also new and improved attacks have been developed. In fact, there has been a continuous arms race between designers of countermeasures and attackers. This chapter provides a brief overview of the state-of-the art in the arms race in the context of a countermeasure called masking. Masking is a popular countermeasure that has been extensively discussed in the scientific community. Numerous articles have been published that explain different types of masking and that analyze weaknesses of this countermeasure.

Metrics for Assessment of Smart Grid Data Integrity Attacks

Energy Technology Data Exchange (ETDEWEB)

Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

2012-07-01

There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

A taxonomy of distributed denial of service attacks

DEFF Research Database (Denmark)

De Donno, Michele; Giaretta, Alberto; Dragoni, Nicola

2017-01-01

Distributed Denial of Service (DDoS) attacks which are now even more powerful and easier to achieve than the past. Understanding how these attacks work, in all their different forms, represents a first crucial step to tackle this urgent issue. To this end, in this paper we propose a new up-to-date taxonomy...... and a comprehensive classification of current DDoS attacks....

Alkaptonuria: An example of a "fundamental disease"--A rare disease with important lessons for more common disorders.

Science.gov (United States)

Gallagher, James A; Dillon, Jane P; Sireau, Nicolas; Timmis, Oliver; Ranganath, Lakshminarayan R

2016-04-01

"Fundamental diseases" is a term introduced by the charity Findacure to describe rare genetic disorders that are gateways to understanding common conditions and human physiology. The concept that rare diseases have important lessons for biomedical science has been recognised by some of the great figures in the history of medical research, including Harvey, Bateson and Garrod. Here we describe some of the recently discovered lessons from the study of the iconic genetic disease alkaptonuria (AKU), which have shed new light on understanding the pathogenesis of osteoarthritis. In AKU, ochronotic pigment is deposited in cartilage when collagen fibrils become susceptible to attack by homogentisic acid (HGA). When HGA binds to collagen, cartilage matrix becomes stiffened, resulting in the aberrant transmission of loading to underlying subchondral bone. Aberrant loading leads to the formation of pathophysiological structures including trabecular excrescences and high density mineralised protrusions (HDMPs). These structures initially identified in AKU have subsequently been found in more common osteoarthritis and appear to play a role in joint destruction in both diseases. Copyright © 2016 Elsevier Ltd. All rights reserved.

An Explanation of Nakamoto's Analysis of Double-spend Attacks

OpenAIRE

Ozisik, A. Pinar; Levine, Brian Neil

2017-01-01

The fundamental attack against blockchain systems is the double-spend attack. In this tutorial, we provide a very detailed explanation of just one section of Satoshi Nakamoto's original paper where the attack's probability of success is stated. We show the derivation of the mathematics relied upon by Nakamoto to create a model of the attack. We also validate the model with a Monte Carlo simulation, and we determine which model component is not perfect.

Modeling and Analysis of Information Attack in Computer Networks

National Research Council Canada - National Science Library

Pepyne, David

2003-01-01

... (as opposed to physical and other forms of attack) . Information based attacks are attacks that can be carried out from anywhere in the world, while sipping cappuccino at an Internet cafe' or while enjoying the comfort of a living room armchair...

Using an ontology for network attack planning

CSIR Research Space (South Africa)

Van Heerden, R

2016-09-01

Full Text Available The modern complexity of network attacks and their counter-measures (cyber operations) requires detailed planning. This paper presents a Network Attack Planning ontology which is aimed at providing support for planning such network operations within...

Protecting infrastructure networks from cost-based attacks

International Nuclear Information System (INIS)

Wang Xingang; Guan Shuguang; Lai, Choy Heng

2009-01-01

It is well known that heterogeneous networks are vulnerable to the intentional removal of a small fraction of highly connected or loaded nodes, implying that to protect the network effectively, the important nodes should be allocated more defense resource than the others. However, if too much resource is allocated to the few important nodes, the numerous less-important nodes will be less protected, which if attacked together can still lead to devastating damage. A natural question is therefore how to efficiently distribute the limited defense resource among the network nodes such that the network damage is minimized against any attack strategy. In this paper, taking into account the factor of attack cost, the problem of network security is reconsidered in terms of efficient network defense against cost-based attacks. The results show that, for a general complex network, there exists an optimal distribution of the defense resource with which the network is best protected from cost-based attacks. Furthermore, it is found that the configuration of the optimal defense is dependent on the network parameters. Specifically, networks of larger size, sparser connection and more heterogeneous structure will more likely benefit from the defense optimization.

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Directory of Open Access Journals (Sweden)

Ru Zhang

2017-01-01

Full Text Available The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

On node replication attack in wireless sensor networks

International Nuclear Information System (INIS)

Qabulio, M.; Malkani, Y.A.

2015-01-01

WSNs (Wireless Sensor Networks) comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes) that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs. (author)

On Node Replication Attack in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Mumtaz Qabulio

2016-04-01

Full Text Available WSNs (Wireless Sensor Networks comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs

Attacker-defender game from a network science perspective

Science.gov (United States)

Li, Ya-Peng; Tan, Suo-Yi; Deng, Ye; Wu, Jun

2018-05-01

Dealing with the protection of critical infrastructures, many game-theoretic methods have been developed to study the strategic interactions between defenders and attackers. However, most game models ignore the interrelationship between different components within a certain system. In this paper, we propose a simultaneous-move attacker-defender game model, which is a two-player zero-sum static game with complete information. The strategies and payoffs of this game are defined on the basis of the topology structure of the infrastructure system, which is represented by a complex network. Due to the complexity of strategies, the attack and defense strategies are confined by two typical strategies, namely, targeted strategy and random strategy. The simulation results indicate that in a scale-free network, the attacker virtually always attacks randomly in the Nash equilibrium. With a small cost-sensitive parameter, representing the degree to which costs increase with the importance of a target, the defender protects the hub targets with large degrees preferentially. When the cost-sensitive parameter exceeds a threshold, the defender switches to protecting nodes randomly. Our work provides a new theoretical framework to analyze the confrontations between the attacker and the defender on critical infrastructures and deserves further study.

Are the rules for the right to self-defense outdated to address current conflicts like attacks from non-state actors and cyber-attacks?

Directory of Open Access Journals (Sweden)

Gonzalo J. Arias

2017-06-01

Full Text Available The latest US-led coalition’s attacks against ISIS in Syria raised the question whether states can use defensive force against non-state actors. Two critical incidents had previously triggered the discussion on the importance and consequences of cyber-attacks as a new form armed attacks. The first one occurred in Estonia in 2007, when the country experienced extensive computer hacking attacks that lasted several weeks. The second incident happened in 2008, during the Georgia–Russia conflict over South Ossetia, when Georgia experienced cyber-attacks similar to those suffered by Estonia in the previous year. Furthermore, on June 21, 2016, the central banks of Indonesia and South Korea were hit by cyber-attacks on their public websites since activist hacking group Anonymous pledged last month to target banks across the world. The previous incidents have created, once again, public questioning if the rules on the use of force and the right of self-defense established in the United Nations Charter are sufficient and efficient to address these new forms of attacks.

After-gate attack on a quantum cryptosystem

International Nuclear Information System (INIS)

Wiechers, C; Wittmann, C; Elser, D; Marquardt, Ch; Leuchs, G; Lydersen, L; Skaar, J; Makarov, V

2011-01-01

We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

Compiling symbolic attacks to protocol implementation tests

Directory of Open Access Journals (Sweden)

Michael Rusinowitch

2013-07-01

Full Text Available Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.

Lessons learned from community-based approaches to sodium reduction.

Science.gov (United States)

Kane, Heather; Strazza, Karen; Losby, Jan L; Lane, Rashon; Mugavero, Kristy; Anater, Andrea S; Frost, Corey; Margolis, Marjorie; Hersey, James

2015-01-01

This article describes lessons from a Centers for Disease Control and Prevention initiative encompassing sodium reduction interventions in six communities. A multiple case study design was used. This evaluation examined data from programs implemented in six communities located in New York (Broome County, Schenectady County, and New York City); California (Los Angeles County and Shasta County); and Kansas (Shawnee County). Participants (n = 80) included program staff, program directors, state-level staff, and partners. Measures for this evaluation included challenges, facilitators, and lessons learned from implementing sodium reduction strategies. The project team conducted a document review of program materials and semistructured interviews 12 to 14 months after implementation. The team coded and analyzed data deductively and inductively. Five lessons for implementing community-based sodium reduction approaches emerged: (1) build relationships with partners to understand their concerns, (2) involve individuals knowledgeable about specific venues early, (3) incorporate sodium reduction efforts and messaging into broader nutrition efforts, (4) design the program to reduce sodium gradually to take into account consumer preferences and taste transitions, and (5) identify ways to address the cost of lower-sodium products. The experiences of the six communities may assist practitioners in planning community-based sodium reduction interventions. Addressing sodium reduction using a community-based approach can foster meaningful change in dietary sodium consumption.

An Analysis of Cyber-Attack on NPP Considering Physical Impact

Energy Technology Data Exchange (ETDEWEB)

Lee, In Hyo; Kang, Hyun Gook [KAIST, Daejeon (Korea, Republic of); Son, Han Seong [Joonbu University, Geumsan (Korea, Republic of)

2016-05-15

Some research teams performed related works on cyber-physical system which is a system that cyber-attack can lead to serious consequences including product loss, damage, injury and death when it is attacked. They investigated the physical impact on cyber-physical system due to the cyber-attack. But it is hard to find the research about NPP cyber security considering the physical impact or safety. In this paper, to investigate the relationship between physical impact and cyber-attack, level 1 PSA results are utilized in chapter 2 and cyber-attack analysis is performed in chapter 3. The cyber security issue on NPP is inevitable issue. Unlike general cyber security, cyber-physical system like NPP can induce serious consequences such as core damage by cyber-attack. So in this paper, to find how hacker can attack the NPP, (1) PSA results were utilized to find the relationship between physical system and cyber-attack and (2) vulnerabilities on digital control systems were investigated to find how hacker can implement the possible attack. It is expected that these steps are utilized when establishing penetration test plans or cyber security drill plans.

An Analysis of Cyber-Attack on NPP Considering Physical Impact

International Nuclear Information System (INIS)

Lee, In Hyo; Kang, Hyun Gook; Son, Han Seong

2016-01-01

Some research teams performed related works on cyber-physical system which is a system that cyber-attack can lead to serious consequences including product loss, damage, injury and death when it is attacked. They investigated the physical impact on cyber-physical system due to the cyber-attack. But it is hard to find the research about NPP cyber security considering the physical impact or safety. In this paper, to investigate the relationship between physical impact and cyber-attack, level 1 PSA results are utilized in chapter 2 and cyber-attack analysis is performed in chapter 3. The cyber security issue on NPP is inevitable issue. Unlike general cyber security, cyber-physical system like NPP can induce serious consequences such as core damage by cyber-attack. So in this paper, to find how hacker can attack the NPP, (1) PSA results were utilized to find the relationship between physical system and cyber-attack and (2) vulnerabilities on digital control systems were investigated to find how hacker can implement the possible attack. It is expected that these steps are utilized when establishing penetration test plans or cyber security drill plans

Lessons learned from the Syrian sarin attack: evaluation of a clinical syndrome through social media.

Science.gov (United States)

Rosman, Yossi; Eisenkraft, Arik; Milk, Nadav; Shiyovich, Arthur; Ophir, Nimrod; Shrot, Shai; Kreiss, Yitshak; Kassirer, Michael

2014-05-06

On the night of 21 August 2013, sarin was dispersed in the eastern outskirts of Damascus, killing 1400 civilians and severely affecting thousands more. This article aims to delineate the clinical presentation and management of a mass casualty event caused by a nerve agent as shown in the social media. Authors searched YouTube for videos uploaded of this attack and identified 210 videos. Of these, 67 met inclusion criteria and were evaluated in the final analysis.These videos displayed 130 casualties; 119 (91.5%) of which were defined as moderately injured or worse. The most common clinical signs were dyspnea (53.0%), diaphoresis (48.5%), and loss of consciousness (40.7%). Important findings included a severe shortage of supporting measures and lack of antidotal autoinjectors. Decontamination, documented in 25% of the videos, was done in an inefficient manner. Protective gear was not noticed, except for sporadic use of latex gloves and surgical masks.This is believed to be the first time that social media was used to evaluate clinical data and management protocols to better prepare against future possible events.

Classification of cyber attacks in South Africa

CSIR Research Space (South Africa)

Van Heerden, R

2016-05-01

Full Text Available various ATM's throughout South Africa. Two criminals, Motsoane and Masoleng, were arrested in February 2012 and both sentenced to 15 years in jail [36, 37]. 3.10 2013: IOL DDoS Anonymous Africa claimed responsibility for launching a Distributed Denial... of Service (DDoS) attack on the Independent Newspaper web site iol.co.za. The attack was in response to claims that the IOL group supports Zimbabwean president Robert Mugabe. The following taunt was sent to boast about the attack: “IOL bad boys bad boys...

A Review Of Recent Cyber-Attacks In Fiji

Directory of Open Access Journals (Sweden)

Neeraj A. Sharma

2015-08-01

Full Text Available Computing technology has evolved in such dramatic ways that a child can use such technology and their features. Internet is one such technology which allows peripheral devices to be connected to each other creating a network to share information. In the same way information can be attacked. In this paper we will be discussing the different types of cyber-attack that recently took place in Fiji. Common attacks discussed in this review paper are phishing email scams website defacement and skimming. Apart from common preventative methods some novel recommendations have been made. We believe the Fiji experiences and recommendations will assist technology users prepare better against such attacks.

Research on high power intra-channel crosstalk attack in optical networks

Science.gov (United States)

Ren, Shuai; Zhang, Yinfa; Wang, Jingyu; Zhang, Jumei; Rao, Xuejun; Fang, Yuanyuan

2017-02-01

The mechanism of high power intra-channel crosstalk attack is analyzed theoretically and the conclusion that power of attack signal and crosstalk coefficient of optical switch are the main factors for which high power intra-channel have destructive effect on quality of legitimate signals is drawn. Effects of high power intra-channel crosstalk attack on quality of legitimate signals and its capability of attack propagation are investigated quantitatively by building the simulation system in VPI software. The results show that legitimate signals through the first and the second stage optical switch are affected by attack and legitimate signal through the third stage optical switch is almost unaffected by attack when power of original attack signal (OAS) is above 20dB more than that of legitimate signals and crosstalk coefficient of optical switch is -20dB at optical cross connect 1 (OXC1). High power intra-channel crosstalk attack has a certain capability of attack propagation. Attack capability of OAS can be propagated to OXC3 when power of OAS is 27dB more than that of legitimate signals and crosstalk coefficient of optical switch is -20dB. We also find that the secondary attack signal (SAS) does not have capability of attack propagation.

Psychologists and detainee interrogations: key decisions, opportunities lost, and lessons learned.

Science.gov (United States)

Pope, Kenneth S

2011-01-01

After the 9-11 terrorist attacks, U.S. psychologists faced hard choices about what roles, if any, were appropriate for psychologists in the detainee interrogations conducted in settings such as the Bagram Airbase, the Abu Ghraib Prison, and the Guantanamo Bay Detention Camps. The American Psychological Association (APA) sparked intense controversy with its policies and public statements. This article reviews APA decisions, documents, and public statements in this area, in the context of major criticisms and responses to those criticisms. The review focuses on key issues: how the APA created and reported policies in the areas of ethics and national security; transparency; psychologists' professional identities; psychologists' qualifications; ethical-legal conflicts; policies opposing torture; interpretations of avoiding harm; and effective interrogations. It suggests lessons learned, missed opportunities, and questions in need of a fresh approach. © 2011 by Annual Reviews. All rights reserved

Lessons Learned in Pilot Testing Specialty Consultations to Benefit Individuals with Lower Limb Loss

Directory of Open Access Journals (Sweden)

Christine Elnitsky

2012-12-01

Full Text Available Telerehabilitation technologies enable the delivery of rehabilitation services from providers to people with disabilities as well as specialty care consultations. This article discusses the barriers experienced when planning and pilot testing a telerehabilitation multi-site specialty consultation for specialists in their medical centers, and the lessons learned. The barriers included integration and participation, coordination across organizational units, and privacy and information security. Lessons learned included the need for collaboration across multiple departments, telerehabilitation equipment back-ups, and anonymous and private communication protocols. Despite delays resulting from coordination at multiple levels of a national organization, we developed a program plan and successfully implemented a pilot test of the southeast region program.  Specialty consultation using telerehabilitation delivery methods requires identifying provider preferences for technological features. Lessons learned could inform development of outpatient telerehabilitation for patients with amputations and studies of patients and providers involved in telerehabilitation.

Evaluation of Crosstalk Attacks in Access Networks

DEFF Research Database (Denmark)

Wagner, Christoph; Eiselt, Michael; Grobe, Klaus

2016-01-01

WDM-PON systems regained interest as low-cost solution for metro and access networks. We present a comparative analysis of resilience of wavelength-selective and wavelength-routed architectures against crosstalk attackers. We compare the vulnerability of these architectures against attacks...

Efficacy of a Community-Based Physical Activity Program KM2H2 for Stroke and Heart Attack Prevention among Senior Hypertensive Patients: A Cluster Randomized Controlled Phase-II Trial.

Directory of Open Access Journals (Sweden)

Jie Gong

Full Text Available To evaluate the efficacy of the program Keep Moving toward Healthy Heart and Healthy Brain (KM2H2 in encouraging physical activities for the prevention of heart attack and stroke among hypertensive patients enrolled in the Community-Based Hypertension Control Program (CBHCP.Cluster randomized controlled trial with three waves of longitudinal assessments at baseline, 3 and 6 months post intervention.Community-based and patient-centered self-care for behavioral intervention in urban settings of China.A total of 450 participants diagnosed with hypertension from 12 community health centers in Wuhan, China were recruited, and were randomly assigned by center to receive either KM2H2 plus standard CBHCP care (6 centers and 232 patients or the standard care only (6 centers and 218 patients.KM2H2 is a behavioral intervention guided by the Transtheoretical Model, the Model of Personalized Medicine and Social Capital Theory. It consists of six intervention sessions and two booster sessions engineered in a progressive manner. The purpose is to motivate and maintain physical activities for the prevention of heart attack and stroke.Heart attack and stroke (clinically diagnosed, primary outcome, blood pressure (measured, secondary outcome, and physical activity (self-report, tertiary outcome were assessed at the individual level during the baseline, 3- and 6-month post-intervention.Relative to the standard care, receiving KM2H2 was associated with significant reductions in the incidence of heart attack (3.60% vs. 7.03%, p < .05 and stroke (5.11% vs. 9.90%, p<0.05, and moderate reduction in blood pressure (-3.72 mmHg in DBP and -2.92 mmHg in DBP at 6-month post-intervention; and significant increases in physical activity at 3- (d = 0.53, 95% CI: 0.21, 0.85 and 6-month (d = 0.45, 95% CI: 0.04, 0.85 post-intervention, respectively.The program KM2H2 is efficacious to reduce the risk of heart attack and stroke among senior patients who are on anti

Optimal counterterrorism and the recruitment effect of large terrorist attacks

DEFF Research Database (Denmark)

Jensen, Thomas

2011-01-01

We analyze a simple dynamic model of the interaction between terrorists and authorities. Our primary aim is to study optimal counterterrorism and its consequences when large terrorist attacks lead to a temporary increase in terrorist recruitment. First, we show that an increase in counterterrorism...... makes it more likely that terrorist cells plan small rather than large attacks and therefore may increase the probability of a successful attack. Analyzing optimal counterterrorism we see that the recruitment effect makes authorities increase the level of counterterrorism after large attacks. Therefore......, in periods following large attacks a new attack is more likely to be small compared to other periods. Finally, we analyze the long-run consequences of the recruitment effect. We show that it leads to more counterterrorism, more small attacks, and a higher sum of terrorism damage and counterterrorism costs...

Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference

NARCIS (Netherlands)

Aslanyan, Zaruhi; Nielson, Flemming; Parker, David

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal

Occupational Practitioner’s Role in the Management of a Crisis: Lessons Learned from the Paris November 2015 Terrorist Attack

Science.gov (United States)

Descatha, Alexis; Huynh Tuong, Alice; Coninx, Pierre; Baer, Michel; Loeb, Thomas; Despréaux, Thomas

2016-01-01

In massive catastrophic events, occupational health practitioners are more and more frequently involved in the management of such situations. We aim to describe the multiple aspects of the role that occupational health practitioners might play, by focusing on the recent example of the Paris terrorist attack of November 2015. During and after the Paris attack, occupational practitioners, in collaboration with emergency and security professionals, were involved in psychological care, assembling information, follow-up, return-to-work, and improving in-company safety plans. Based on this experience and other industrial disasters, we distinguish three phases: the critical phase, the post-critical phase, and the anticipation phase. In the critical phase, the occupational practitioner cares for patients before the emergency professionals take charge, initiates the psychological management, and may also play an organizational role for company health aspects. In the post-critical phase, he or she would be involved in monitoring those affected by the events and participate in preventing, to the extent possible, posttraumatic stress disorder, helping victims in the return-to-work process, and improving procedures and organizing drills. In addition to their usual work of primary prevention, occupational practitioners should endeavor to improve preparedness in the anticipation phase, by taking part in contingency planning, training in first aid, and defining immediately applicable protocols. In conclusion, recent events have highlighted the essential role of occupational health services in anticipation of a crisis, management during the crisis, and follow-up. PMID:27703965

'Cryptogenic Drop Attacks' revisited: evidence of overlap with functional neurological disorder.

Science.gov (United States)

Hoeritzauer, Ingrid; Carson, Alan J; Stone, Jon

2018-02-07

In their 1973 BMJ paper 'Cryptogenic Drop Attacks', Stevens and Matthews described 40, mostly middle-aged, female patients with drop attacks of unknown cause. Although clinically common, there has been little on this topic since. We aimed to determine clinical features, comorbidity and outcome of patients with drop attacks. We carried out a retrospective review of patients with cryptogenic drop attacks seen consecutively by one clinician (JS) between 2006 and 2016. Demographics, phenomenology, duration and frequency of attacks, attack description and comorbid diagnoses were recorded. Patients were followed up with a notes review. 83 patients with cryptogenic drop attacks were predominantly female (89%, n=79), mean age 44  years. The majority (93%, n=77) could not remember the fall itself and almost half (43%, n=36) experienced prodromal dissociative symptoms. Mechanical trips or syncope preceded drop attacks, historically, in 24% (n=20) of cases. Persistent fatigue (73%, n=61), chronic pain (40%, n=33), functional limb weakness (31%,n=26) and dissociative (non-epileptic) attacks 28% (n=23) were common, with the latter usually preceding or emerging from drop attacks. At follow-up (88%, mean 38 months), 28% (n=23) had resolution of their drop attacks. Predisposing (but non-causative) disease comorbidity was found at baseline (n=12) and follow-up (n=5). Cryptogenic drop attacks are associated with high frequency of comorbid functional somatic and functional neurological disorders. Patients commonly have prodromal dissociative symptoms and in some there was a clear relationship with prior or subsequent dissociative (non-epileptic) attacks. Some cryptogenic drop attacks may be best understood as phenomena on the spectrum of dissociative attacks. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2018. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

Optimal Patrol to Detect Attacks at Dispersed Heterogeneous Locations

Science.gov (United States)

2013-12-01

solution RALP Random-attacker linear program SALP Strategic-attacker linear program SMDP Semi-Markov decision process SP Shortest path SPR1 Shortest...average cost per attack among all vertices, which we refer to as the strategic-attacker linear program ( SALP ): min x zOPT (3.1a) subject to ∑ (k,l)∈A c...the SALP is indicated by zOPT. The lower bound that is obtained from using the LBLP is indicated by zLB. Solutions obtained from using a heuristic

Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

Science.gov (United States)

Kebert, Alan; Barnejee, Bikramjit; Solano, Juan; Solano, Wanda

2013-01-01

The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

Can a Copycat Effect be Observed in Terrorist Suicide Attacks?

Directory of Open Access Journals (Sweden)

Nicholas Farnham

2017-03-01

Full Text Available The purpose of this paper is to explore how a copycat effect – established within the field of suicide studies – may manifest itself in terrorist suicide attacks, and takes an exploratory approach in evaluating the prospect of incorporating open-data resources in future counter-terrorism research. This paper explores a possible ‘copycat effect’ in cases of suicide terrorism, which entails a perpetrator being inspired by a preceding attack to carry out a similar attack not long after the original. In the wake of mounting risks of lone wolf terrorist attacks today and due to the general difficulties faced in preventing such attacks, in this paper we explore a potential area of future prevention in media reporting, security and anti-terrorism policies today. Using the START Global Terrorism Database (GTD, this paper investigates terrorist suicide-attack clusters and analyses the relationship between attacks found within the same cluster. Using a mixed-method approach, our analyses did not uncover clear evidence supporting a copycat effect among the studied attacks. These and other findings have numerous policy and future research implications.

Transient Ischemic Attack

Medline Plus

Full Text Available ... major stroke. It's important to call 9-1-1 immediately for any stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. The content in this ...

THE REPRISAL ATTACKS BY AL-SHABAAB AGAINST KENYA

Directory of Open Access Journals (Sweden)

E.O.S.ODHIAMBO

2013-10-01

Full Text Available The incursion of Kenya Defence Forces (KDF into Somalia was met by a series of threats from the Al-Shabaab that it would increase the attacks against Kenya if the troops were not withdrawn. The capture of Kismayu by KDF has weakened the nerve of Al-Shabaab but has not eliminated the imminent danger of a substantive terror attack. Since the incursion by KDF, Kenya has succumbed to a sequence of grenade and Improvised Explosive Devices attacks, roadside bombs, landmines and raids by fighters using small arms and light weapons and Rocket Propelled Grenades against Kenyans mostly in North Eastern, Coastal and Nairobi counties, marking the resurgence of terrorism in the country. We argue that Kenya is more vulnerable to Al-Shabaab terrorists attack than before the KDF incursion by citing the frequencies of reprisal attacks from October 2011 to January 2013. Hence, our troops should be withdrawn and deployed within our boundary.

Thwarting Nonintrusive Occupancy Detection Attacks from Smart Meters

Directory of Open Access Journals (Sweden)

Dapeng Man

2017-01-01

Full Text Available Occupancy information is one of the most important privacy issues of a home. Unfortunately, an attacker is able to detect occupancy from smart meter data. The current battery-based load hiding (BLH methods cannot solve this problem. To thwart occupancy detection attacks, we propose a framework of battery-based schemes to prevent occupancy detection (BPOD. BPOD monitors the power consumption of a home and detects the occupancy in real time. According to the detection result, BPOD modifies those statistical metrics of power consumption, which highly correlate with the occupancy by charging or discharging a battery, creating a delusion that the home is always occupied. We evaluate BPOD in a simulation using several real-world smart meter datasets. Our experiment results show that BPOD effectively prevents the threshold-based and classifier-based occupancy detection attacks. Furthermore, BPOD is also able to prevent nonintrusive appliance load monitoring attacks (NILM as a side-effect of thwarting detection attacks.

Detecting peripheral-based attacks on the host memory

CERN Document Server

Stewin, Patrick

2015-01-01

This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the host’s main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process – an aspect attackers are quick to exploit.  Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the host’s main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only me...

Laser Tracker Utilization Methodology in Measuring Truth Trajectories for INS Testing on 6 Degree of Freedom Table at the Marshall Space Flight Center's Contact Dynamics Simulation Laboratory with Lessons Learned

Science.gov (United States)

Leggett, Jared O.; Bryant, Thomas C.; Cowen, Charles T.; Clifton, Billy W.

2018-01-01

When performing Inertial Navigation System (INS) testing at the Marshall Space Flight Center's (MSFC) Contact Dynamics Simulation Laboratory (CDSL) early in 2017, a Leica Geosystems AT901 Laser Tracker system (LLT) measured the twist & sway trajectories as generated by the 6 Degree Of Freedom (6DOF) Table in the CDSL. These LLT measured trajectories were used in the INS software model validation effort. Several challenges were identified and overcome during the preparation for the INS testing, as well as numerous lessons learned. These challenges included determining the position and attitude of the LLT with respect to an INS-shared coordinate frame using surveyed monument locations in the CDSL and the accompanying mathematical transformation, accurately measuring the spatial relationship between the INS and a 6DOF tracking probe due to lack of INS visibility from the LLT location, obtaining the data from the LLT during a test, determining how to process the results for comparison with INS data in time and frequency domains, and using a sensitivity analysis of the results to verify the quality of the results. While many of these challenges were identified and overcome before or during testing, a significant lesson on test set-up was not learned until later in the data analysis process. It was found that a combination of trajectory-dependent gimbal locking and environmental noise introduced non-negligible noise in the angular measurements of the LLT that spanned the evaluated frequency spectrum. The lessons learned in this experiment may be useful for others performing INS testing in similar testing facilities.

Why cryptography should not rely on physical attack complexity

CERN Document Server

Krämer, Juliane

2015-01-01

This book presents two practical physical attacks. It shows how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these attacks, and presents countermeasures on the software and the hardware level that can help to prevent them in the future. Though their theory has been known for several years now, since neither attack has yet been successfully implemented in practice, they have generally not been considered a serious threat. In short, their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, the book introduces the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its initial implementation, it has not been taken seriously. The work shows both simple and differential photonic side channel analyses. Then, it presents a fault attack against pairing-based cryptography. Due to the need for at least two indepe...

Multi-Layer Approach for the Detection of Selective Forwarding Attacks.

Science.gov (United States)

Alajmi, Naser; Elleithy, Khaled

2015-11-19

Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

Multi-Layer Approach for the Detection of Selective Forwarding Attacks

Directory of Open Access Journals (Sweden)

Naser Alajmi

2015-11-01

Full Text Available Security breaches are a major threat in wireless sensor networks (WSNs. WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD. The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

Adversarial Feature Selection Against Evasion Attacks.

Science.gov (United States)

Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

2016-03-01

Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

NASA's astrophysics archives at the National Space Science Data Center

Science.gov (United States)

Vansteenberg, M. E.

1992-01-01

NASA maintains an archive facility for Astronomical Science data collected from NASA's missions at the National Space Science Data Center (NSSDC) at Goddard Space Flight Center. This archive was created to insure the science data collected by NASA would be preserved and useable in the future by the science community. Through 25 years of operation there are many lessons learned, from data collection procedures, archive preservation methods, and distribution to the community. This document presents some of these more important lessons, for example: KISS (Keep It Simple, Stupid) in system development. Also addressed are some of the myths of archiving, such as 'scientists always know everything about everything', or 'it cannot possibly be that hard, after all simple data tech's do it'. There are indeed good reasons that a proper archive capability is needed by the astronomical community, the important question is how to use the existing expertise as well as the new innovative ideas to do the best job archiving this valuable science data.

Trojan-horse attacks on quantum-key-distribution systems

International Nuclear Information System (INIS)

Gisin, N.; Fasel, S.; Kraus, B.; Zbinden, H.; Ribordy, G.

2006-01-01

General Trojan-horse attacks on quantum-key-distribution systems, i.e., attacks on Alice or Bob's system via the quantum channel, are analyzed. We illustrate the power of such attacks with today's technology and conclude that all systems must implement active counter measures. In particular, all systems must include an auxiliary detector that monitors any incoming light. We show that such counter measures can be efficient, provided that enough additional privacy amplification is applied to the data. We present a practical way to reduce the maximal information gain that an adversary can gain using Trojan-horse attacks. This does reduce the security analysis of the two-way plug-and-play implementation to those of the standard one-way systems

12 CFR 308.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... PRACTICE RULES OF PRACTICE AND PROCEDURE Uniform Rules of Practice and Procedure § 308.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any...

12 CFR 19.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... OF PRACTICE AND PROCEDURE Uniform Rules of Practice and Procedure § 19.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any court concerning all...

Drammer : Deterministic Rowhammer attacks on mobile platforms

NARCIS (Netherlands)

Van Der Veen, Victor; Fratantonio, Yanick; Lindorfer, Martina; Gruss, Daniel; Maurice, Clémentine; Vigna, Giovanni; Bos, Herbert; Razavi, Kaveh; Giuffrida, Cristiano

2016-01-01

Recent work shows that the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system. However, existing efforts either describe probabilistic (and thus unreliable) attacks or rely on special (and often unavailable) memory management features to place victim objects

A Comprehensive Taxonomy and Analysis of IEEE 802.15.4 Attacks

Directory of Open Access Journals (Sweden)

Yasmin M. Amin

2016-01-01

Full Text Available The IEEE 802.15.4 standard has been established as the dominant enabling technology for Wireless Sensor Networks (WSNs. With the proliferation of security-sensitive applications involving WSNs, WSN security has become a topic of great significance. In comparison with traditional wired and wireless networks, WSNs possess additional vulnerabilities which present opportunities for attackers to launch novel and more complicated attacks against such networks. For this reason, a thorough investigation of attacks against WSNs is required. This paper provides a single unified survey that dissects all IEEE 802.15.4 PHY and MAC layer attacks known to date. While the majority of existing references investigate the motive and behavior of each attack separately, this survey classifies the attacks according to clear metrics within the paper and addresses the interrelationships and differences between the attacks following their classification. The authors’ opinions and comments regarding the placement of the attacks within the defined classifications are also provided. A comparative analysis between the classified attacks is then performed with respect to a set of defined evaluation criteria. The first half of this paper addresses attacks on the IEEE 802.15.4 PHY layer, whereas the second half of the paper addresses IEEE 802.15.4 MAC layer attacks.

A Lesson about the Circular Flow. Active Learning Lessons. Economics International.

Science.gov (United States)

Landfried, Janet

This lesson plan was developed through "Economics International," an international program to help build economic education infrastructures in the emerging market economies. It provides a lesson description; appropriate grade level; economic concepts; content standards and benchmarks; related subjects; instructional objectives; time…

The accountability problem of flooding attacks in service-oriented architectures

DEFF Research Database (Denmark)

Jensen, Meiko; Schwenk, Jörg

2009-01-01

The threat of Denial of Service attacks poses a serious problem to the security of network-based services in general. For flooding attacks against service-oriented applications, this threat is dramatically amplified with potentially much higher impact and very little effort on the attacker's side....... Additionally, due to the high distribution of a SOA application's components, fending such attacks becomes a far more complex task. In this paper, we present the problem of accountability, referring to the issue of resolving the attacker in a highly distributed service-oriented application. Using a general...

Attack Helicopter Operations: Art or Science

Science.gov (United States)

1991-05-13

ATTACK HELICOPTER OPERATIONS: ART OR SCIENCE ? BY LIEUTENANT COLONEL JAN CALLEN United States Army DISTRIBUTION STATEMENT A: Approved for public release...TASK IWORK UNIT ELEMENT NO. NO. NO. ACCESSION NC 11. TITLE (Include Socurity Classification) Attack Helicopter Operations: Art or Science ? 12. PERSONAL...OPERATIONS: ART OR SCIENCE ? AN INDIVIDUAL STUDY PROJECT by Lieutenant Colonel Jan Callen United States Army Colonel Greg Snelgrove Project Adviser U.S

Attacker Model Lab

OpenAIRE

2006-01-01

tut quiz present Tutorial Quiz Presentation Interactive Media Element This interactive tutorial the two sub-classes of computer attackers: amateurs and professionals. It provides valuable insight into the nature of necessary protection measure for information assets. CS3600 Information Assurance: Introduction to Computer Security Course

A Secure Localization Approach against Wormhole Attacks Using Distance Consistency

Directory of Open Access Journals (Sweden)

Lou Wei

2010-01-01

Full Text Available Wormhole attacks can negatively affect the localization in wireless sensor networks. A typical wormhole attack can be launched by two colluding attackers, one of which sniffs packets at one point in the network and tunnels them through a wired or wireless link to another point, and the other relays them within its vicinity. In this paper, we investigate the impact of the wormhole attack on the localization and propose a novel distance-consistency-based secure localization scheme against wormhole attacks, which includes three phases of wormhole attack detection, valid locators identification and self-localization. The theoretical model is further formulated to analyze the proposed secure localization scheme. The simulation results validate the theoretical results and also demonstrate the effectiveness of our proposed scheme.

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

Science.gov (United States)

Sasaki, Yu; Wang, Lei; Ohta, Kazuo; Kunihiro, Noboru

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

12 CFR 747.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... INVESTIGATIONS Uniform Rules of Practice and Procedure § 747.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any court concerning all or any part of an...

Phase-remapping attack in practical quantum-key-distribution systems

International Nuclear Information System (INIS)

Fung, Chi-Hang Fred; Qi, Bing; Lo, Hoi-Kwong; Tamaki, Kiyoshi

2007-01-01

Quantum key distribution (QKD) can be used to generate secret keys between two distant parties. Even though QKD has been proven unconditionally secure against eavesdroppers with unlimited computation power, practical implementations of QKD may contain loopholes that may lead to the generated secret keys being compromised. In this paper, we propose a phase-remapping attack targeting two practical bidirectional QKD systems (the 'plug-and-play' system and the Sagnac system). We showed that if the users of the systems are unaware of our attack, the final key shared between them can be compromised in some situations. Specifically, we showed that, in the case of the Bennett-Brassard 1984 (BB84) protocol with ideal single-photon sources, when the quantum bit error rate (QBER) is between 14.6% and 20%, our attack renders the final key insecure, whereas the same range of QBER values has been proved secure if the two users are unaware of our attack; also, we demonstrated three situations with realistic devices where positive key rates are obtained without the consideration of Trojan horse attacks but in fact no key can be distilled. We remark that our attack is feasible with only current technology. Therefore, it is very important to be aware of our attack in order to ensure absolute security. In finding our attack, we minimize the QBER over individual measurements described by a general POVM, which has some similarity with the standard quantum state discrimination problem

Effectiveness of the Call in Beach Volleyball Attacking Play

Directory of Open Access Journals (Sweden)

Künzell Stefan

2014-12-01

Full Text Available In beach volleyball the setter has the opportunity to give her or his hitter a “call”. The call intends that the setter suggests to her or his partner where to place the attack in the opponent’s court. The effectiveness of a call is still unknown. We investigated the women’s and men’s Swiss National Beach Volleyball Championships in 2011 and analyzed 2185 attacks. We found large differences between female and male players. While men called in only 38.4% of attacks, women used calls in 85.5% of attacks. If the male players followed a given call, 63% of the attacks were successful. The success rate of attacks without any call was 55.8% and 47.6% when the call was ignored. These differences were not significant (χ2(2 = 4.55, p = 0.103. In women’s beach volleyball, the rate of successful attacks was 61.5% when a call was followed, 35% for attacks without a call, and 42.6% when a call was ignored. The differences were highly significant (χ2(2 = 23.42, p < 0.0005. Taking into account the findings of the present study, we suggested that the call was effective in women’s beach volleyball, while its effect in men’s game was unclear. Considering the quality of calls we indicate that there is a significant potential to increase the effectiveness of a call.

Improving performance of HVAC systems to reduce exposure to aerosolized infectious agents in buildings; recommendations to reduce risks posed by biological attacks.

Science.gov (United States)

Hitchcock, Penny J; Mair, Michael; Inglesby, Thomas V; Gross, Jonathan; Henderson, D A; O'Toole, Tara; Ahern-Seronde, Joa; Bahnfleth, William P; Brennan, Terry; Burroughs, H E Barney; Davidson, Cliff; Delp, William; Ensor, David S; Gomory, Ralph; Olsiewski, Paula; Samet, Jonathan M; Smith, William M; Streifel, Andrew J; White, Ronald H; Woods, James E

2006-01-01

The prospect of biological attacks is a growing strategic threat. Covert aerosol attacks inside a building are of particular concern. In the summer of 2005, the Center for Biosecurity of the University of Pittsburgh Medical Center convened a Working Group to determine what steps could be taken to reduce the risk of exposure of building occupants after an aerosol release of a biological weapon. The Working Group was composed of subject matter experts in air filtration, building ventilation and pressurization, air conditioning and air distribution, biosecurity, building design and operation, building decontamination and restoration, economics, medicine, public health, and public policy. The group focused on functions of the heating, ventilation, and air conditioning systems in commercial or public buildings that could reduce the risk of exposure to deleterious aerosols following biological attacks. The Working Group's recommendations for building owners are based on the use of currently available, off-the-shelf technologies. These recommendations are modest in expense and could be implemented immediately. It is also the Working Group's judgment that the commitment and stewardship of a lead government agency is essential to secure the necessary financial and human resources and to plan and build a comprehensive, effective program to reduce exposure to aerosolized infectious agents in buildings.

Integrating Patient-Reported Outcomes into Spine Surgical Care through Visual Dashboards: Lessons Learned from Human-Centered Design

Science.gov (United States)

Hartzler, Andrea L.; Chaudhuri, Shomir; Fey, Brett C.; Flum, David R.; Lavallee, Danielle

2015-01-01

Introduction: The collection of patient-reported outcomes (PROs) draws attention to issues of importance to patients—physical function and quality of life. The integration of PRO data into clinical decisions and discussions with patients requires thoughtful design of user-friendly interfaces that consider user experience and present data in personalized ways to enhance patient care. Whereas most prior work on PROs focuses on capturing data from patients, little research details how to design effective user interfaces that facilitate use of this data in clinical practice. We share lessons learned from engaging health care professionals to inform design of visual dashboards, an emerging type of health information technology (HIT). Methods: We employed human-centered design (HCD) methods to create visual displays of PROs to support patient care and quality improvement. HCD aims to optimize the design of interactive systems through iterative input from representative users who are likely to use the system in the future. Through three major steps, we engaged health care professionals in targeted, iterative design activities to inform the development of a PRO Dashboard that visually displays patient-reported pain and disability outcomes following spine surgery. Findings: Design activities to engage health care administrators, providers, and staff guided our work from design concept to specifications for dashboard implementation. Stakeholder feedback from these health care professionals shaped user interface design features, including predefined overviews that illustrate at-a-glance trends and quarterly snapshots, granular data filters that enable users to dive into detailed PRO analytics, and user-defined views to share and reuse. Feedback also revealed important considerations for quality indicators and privacy-preserving sharing and use of PROs. Conclusion: Our work illustrates a range of engagement methods guided by human-centered principles and design

Integrating Patient-Reported Outcomes into Spine Surgical Care through Visual Dashboards: Lessons Learned from Human-Centered Design.

Science.gov (United States)

Hartzler, Andrea L; Chaudhuri, Shomir; Fey, Brett C; Flum, David R; Lavallee, Danielle

2015-01-01

The collection of patient-reported outcomes (PROs) draws attention to issues of importance to patients-physical function and quality of life. The integration of PRO data into clinical decisions and discussions with patients requires thoughtful design of user-friendly interfaces that consider user experience and present data in personalized ways to enhance patient care. Whereas most prior work on PROs focuses on capturing data from patients, little research details how to design effective user interfaces that facilitate use of this data in clinical practice. We share lessons learned from engaging health care professionals to inform design of visual dashboards, an emerging type of health information technology (HIT). We employed human-centered design (HCD) methods to create visual displays of PROs to support patient care and quality improvement. HCD aims to optimize the design of interactive systems through iterative input from representative users who are likely to use the system in the future. Through three major steps, we engaged health care professionals in targeted, iterative design activities to inform the development of a PRO Dashboard that visually displays patient-reported pain and disability outcomes following spine surgery. Design activities to engage health care administrators, providers, and staff guided our work from design concept to specifications for dashboard implementation. Stakeholder feedback from these health care professionals shaped user interface design features, including predefined overviews that illustrate at-a-glance trends and quarterly snapshots, granular data filters that enable users to dive into detailed PRO analytics, and user-defined views to share and reuse. Feedback also revealed important considerations for quality indicators and privacy-preserving sharing and use of PROs. Our work illustrates a range of engagement methods guided by human-centered principles and design recommendations for optimizing PRO Dashboards for patient

Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis.

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

2015-01-01

Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

2015-01-01

Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim’ based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks. PMID:26222882

Collaborative Attack Mitigation and Response: A survey

NARCIS (Netherlands)

Steinberger, Jessica; Sperotto, Anna; Baier, Harald; Pras, Aiko

2015-01-01

Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains

Classroom Management and Lesson Planning(4)

Institute of Scientific and Technical Information of China (English)

2006-01-01

Lesson PlanningTask 1As teachers,we all need to plan our lessons before we teach.Make a list of things that you think need tobe included in a lesson plan.Then compare and discuss your list with another teacher.Also think about reasonswhy we need to plan our lessons.

A Unique Fatal Moose Attack Mimicking Homicide.

Science.gov (United States)

Gudmannsson, Petur; Berge, Johan; Druid, Henrik; Ericsson, Göran; Eriksson, Anders

2018-03-01

Fatalities caused by animal attacks are rare, but have the potential to mimic homicide. We present a case in which a moose attacked and killed a woman who was walking her dog in a forest. Autopsy showed widespread blunt trauma with a large laceration on one leg in which blades of grass were embedded. Flail chest was the cause of death. The case was initially conceived as homicide by means of a riding lawn mower. A review of the case by moose experts and analyses of biological trace material that proved to originate from moose, established the true source of injury. The dog probably provoked a moose, which, in response, stomped and gored the victim to death. The injuries resembled those previously reported from attacks by cattle and water buffalo. Fatal moose attacks constitute an extremely rare threat in boreal areas, but can be considered in traumatic deaths of unknown cause. © 2017 American Academy of Forensic Sciences.

The role of sleep in migraine attacks

Directory of Open Access Journals (Sweden)

Elaine Inamorato

1993-11-01

Full Text Available Migraine attacks may be precipitated by sleep deprivation or excessive sleep and sleep is also associated with relief of migraine attacks. In view of this variable relationship we studied the records of 159 consecutive outpatients of our Headache Unit. In 121 records there was reference to sleep involvement, in 55% by a single form and in 45% by more than one form. When only one form was related, relief was most common (70%. 30% of that group of patients had the migraine attack precipitated by sleep, 24% by deprivation and 6% by sleep excess. When the effects of sleep were multiple, these effects were as expected logically in 65%: «in accordance» group (e.g attack precipitated by sleep deprivation and relieved by sleep onset. In a second group, («conflicting» where the involvement was not logical, there were three different combinations of sleep involvement, possibly due to more than one pathophysiological mechanism.

Changes in vestibular evoked myogenic potentials after Meniere attacks.

Science.gov (United States)

Kuo, Shih-Wei; Yang, Ting-Hua; Young, Yi-Ho

2005-09-01

The aim of this study was to apply videonystagmography (VNG) and vestibular evoked myogenic potential (VEMP) tests to patients with Meniere attacks, to explore the mechanics of where saccular disorders may affect the semicircular canals. From January 2001 to December 2003, 12 consecutive patients with unilateral definite Meniere's disease with vertiginous attacks underwent VNG for recording spontaneous nystagmus, as well as VEMP tests. At the very beginning of the Meniere attack, the spontaneous nystagmus beat toward the lesion side in 5 patients (42%) and toward the healthy side in 7 patients (58%). Twenty-four hours later, only 6 patients (50%) showed spontaneous nystagmus beating toward the healthy side. Nevertheless, spontaneous nystagmus subsided in all patients within 48 hours. The VEMP test was performed within 24 hours of a Meniere attack; the VEMPs were normal in 4 patients and abnormal in 8 patients (67%). After 48 hours, 4 patients with initially abnormal VEMPs had resolution and return to normal VEMPs, and the other 4 patients still had absent VEMPs. Most patients (67%) with Meniere attacks revealed abnormal VEMPs, indicating that the saccule participates in a Meniere attack. This is an important idea that stimulates consideration of the mechanism of Meniere attacks.

Constellation Program Lessons Learned. Volume 2; Detailed Lessons Learned

Science.gov (United States)

Rhatigan, Jennifer; Neubek, Deborah J.; Thomas, L. Dale

2011-01-01

These lessons learned are part of a suite of hardware, software, test results, designs, knowledge base, and documentation that comprises the legacy of the Constellation Program. The context, summary information, and lessons learned are presented in a factual format, as known and described at the time. While our opinions might be discernable in the context, we have avoided all but factually sustainable statements. Statements should not be viewed as being either positive or negative; their value lies in what we did and what we learned that is worthy of passing on. The lessons include both "dos" and "don ts." In many cases, one person s "do" can be viewed as another person s "don t"; therefore, we have attempted to capture both perspectives when applicable and useful. While Volume I summarizes the views of those who managed the program, this Volume II encompasses the views at the working level, describing how the program challenges manifested in day-to-day activities. Here we see themes that were perhaps hinted at, but not completely addressed, in Volume I: unintended consequences of policies that worked well at higher levels but lacked proper implementation at the working level; long-term effects of the "generation gap" in human space flight development, the need to demonstrate early successes at the expense of thorough planning, and the consequences of problems and challenges not yet addressed because other problems and challenges were more immediate or manifest. Not all lessons learned have the benefit of being operationally vetted, since the program was cancelled shortly after Preliminary Design Review. We avoid making statements about operational consequences (with the exception of testing and test flights that did occur), but we do attempt to provide insight into how operational thinking influenced design and testing. The lessons have been formatted with a description, along with supporting information, a succinct statement of the lesson learned, and

Classroom Management and Lesson Planning(4)

Institute of Scientific and Technical Information of China (English)

2006-01-01

@@ Lesson Planning Task 1 As teachers,we all need to plan our lessons before we teach.Make a list of things that you think need to be included in a lesson plan.Then compare and discuss your list with another teacher.Also think about reasons why we need to plan our lessons.

Messaging Attacks on Android: Vulnerabilities and Intrusion Detection

Directory of Open Access Journals (Sweden)

Khodor Hamandi

2015-01-01

Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.

Lesson Planning the Kodaly Way.

Science.gov (United States)

Boshkoff, Ruth

1991-01-01

Discusses the contribution of Zoltan Kodaly to music lesson planning. Emphasizes preparation, presentation, and practice as the three important strategies in teaching concepts and skills to be included in a lesson plan. Includes a sample lesson plan covering a semester and advice on choosing song material. (DK)

The role of failure/problems in engineering: A commentary of failures experienced - lessons learned

Science.gov (United States)

Ryan, R. S.

1992-03-01

The written version of a series of seminars given to several aerospace companies and three NASA centers are presented. The results are lessons learned through a study of the problems experienced in 35 years of engineering. The basic conclusion is that the primary cause of problems has not been mission technologies, as important as technology is, but the neglect of basic principles. Undergirding this is the lack of a systems focus from determining requirements through design, verification, and operations phases. Many of the concepts discussed are fundamental to total quality management (TQM) and can be used to augment this product enhanced philosophy. Fourteen principles are addressed with problems experienced and are used as examples. Included is a discussion of the implication of constraints, poorly defined requirements, and schedules. Design guidelines, lessons learned, and future tasks are listed. Two additional sections are included that deal with personal lessons learned and thoughts on future thrusts (TQM).

The role of failure/problems in engineering: A commentary of failures experienced - lessons learned

Science.gov (United States)

Ryan, R. S.

1992-01-01

The written version of a series of seminars given to several aerospace companies and three NASA centers are presented. The results are lessons learned through a study of the problems experienced in 35 years of engineering. The basic conclusion is that the primary cause of problems has not been mission technologies, as important as technology is, but the neglect of basic principles. Undergirding this is the lack of a systems focus from determining requirements through design, verification, and operations phases. Many of the concepts discussed are fundamental to total quality management (TQM) and can be used to augment this product enhanced philosophy. Fourteen principles are addressed with problems experienced and are used as examples. Included is a discussion of the implication of constraints, poorly defined requirements, and schedules. Design guidelines, lessons learned, and future tasks are listed. Two additional sections are included that deal with personal lessons learned and thoughts on future thrusts (TQM).

Defending networks against denial-of-service attacks

Science.gov (United States)

Gelenbe, Erol; Gellman, Michael; Loukas, George

2004-11-01

Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.

A multiple linear regression analysis of hot corrosion attack on a series of nickel base turbine alloys

Science.gov (United States)

Barrett, C. A.

1985-01-01

Multiple linear regression analysis was used to determine an equation for estimating hot corrosion attack for a series of Ni base cast turbine alloys. The U transform (i.e., 1/sin (% A/100) to the 1/2) was shown to give the best estimate of the dependent variable, y. A complete second degree equation is described for the centered" weight chemistries for the elements Cr, Al, Ti, Mo, W, Cb, Ta, and Co. In addition linear terms for the minor elements C, B, and Zr were added for a basic 47 term equation. The best reduced equation was determined by the stepwise selection method with essentially 13 terms. The Cr term was found to be the most important accounting for 60 percent of the explained variability hot corrosion attack.

Performance Improvement of Power Analysis Attacks on AES with Encryption-Related Signals

Science.gov (United States)

Lee, You-Seok; Lee, Young-Jun; Han, Dong-Guk; Kim, Ho-Won; Kim, Hyoung-Nam

A power analysis attack is a well-known side-channel attack but the efficiency of the attack is frequently degraded by the existence of power components, irrelative to the encryption included in signals used for the attack. To enhance the performance of the power analysis attack, we propose a preprocessing method based on extracting encryption-related parts from the measured power signals. Experimental results show that the attacks with the preprocessed signals detect correct keys with much fewer signals, compared to the conventional power analysis attacks.

Lesson study: Professional development and its impact on science teacher self-efficacy

Science.gov (United States)

Roberts, Megan Rae

This study focuses on an analysis of a professional development program known as lesson study via data obtained during an in-service professional development program for secondary school science teachers. The purpose of this study was to examine the self-efficacy beliefs of one group of science teachers related to their experiences in a lesson study. Another purpose for this research, aligned with the first, included a theoretical analysis of the lesson study construct to see if its design promoted positive self-efficacy beliefs of its participants. The research is framed within the context of social constructivism and self-efficacy and is qualitative in nature and utilized descriptive analysis as a means of research. Case studies were conducted detailing two of the six participants. Data sources included researcher field notes and transcriptions of all planning and debriefing sessions; individual interviews with each participant and the schools' principal; a participant questionnaire, and the Science Teaching Efficacy Belief Instrument. Themes that emerged included the positive perceptions of lesson study as a collaborative and teacher-centered experience; the understanding that lesson study can instill a sense of professionalism to those who participate in the process; the sense that discussing student learning using objective observations from classroom is a powerful way to assess learning and uncover personal teacher beliefs; and the insight that the time commitment that lesson study requires can inhibit teachers and schools from sustaining it as a form of on-going professional development. Although these themes are consistent with the research on lesson study in Japan and elsewhere in the United States, they also extend the research on self-efficacy and science teacher professional development. In the end, this study supported some of the conclusions of the self-efficacy research as it relates to professional development while also adding that interpersonal

1994 Attack Team Workshop: Phase II - Full-Scale Offensive Fog Attack Tests

National Research Council Canada - National Science Library

Scheffey, Joseph

1997-01-01

.... This report demonstrates the benefits of using a medium angle fog stream to control the overhead fire threat when conducting a direct attack on a growing/steady state fire where the sea of the fire is obstructed...

Network overload due to massive attacks

Science.gov (United States)

Kornbluth, Yosef; Barach, Gilad; Tuchman, Yaakov; Kadish, Benjamin; Cwilich, Gabriel; Buldyrev, Sergey V.

2018-05-01

We study the cascading failure of networks due to overload, using the betweenness centrality of a node as the measure of its load following the Motter and Lai model. We study the fraction of survived nodes at the end of the cascade pf as a function of the strength of the initial attack, measured by the fraction of nodes p that survive the initial attack for different values of tolerance α in random regular and Erdös-Renyi graphs. We find the existence of a first-order phase-transition line pt(α ) on a p -α plane, such that if p pt , pf is large and the giant component of the network is still present. Exactly at pt, the function pf(p ) undergoes a first-order discontinuity. We find that the line pt(α ) ends at a critical point (pc,αc) , in which the cascading failures are replaced by a second-order percolation transition. We find analytically the average betweenness of nodes with different degrees before and after the initial attack, we investigate their roles in the cascading failures, and we find a lower bound for pt(α ) . We also study the difference between localized and random attacks.

Novel mechanism of network protection against the new generation of cyber attacks

Science.gov (United States)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

2012-06-01

A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

Analysing the integration of engineering in science lessons with the Engineering-Infused Lesson Rubric

Science.gov (United States)

Peterman, Karen; Daugherty, Jenny L.; Custer, Rodney L.; Ross, Julia M.

2017-09-01

Science teachers are being called on to incorporate engineering practices into their classrooms. This study explores whether the Engineering-Infused Lesson Rubric, a new rubric designed to target best practices in engineering education, could be used to evaluate the extent to which engineering is infused into online science lessons. Eighty lessons were selected at random from three online repositories, and coded with the rubric. Overall results documented the strengths of existing lessons, as well as many components that teachers might strengthen. In addition, a subset of characteristics was found to distinguish lessons with the highest level of engineering infusion. Findings are discussed in relation to the potential of the rubric to help teachers use research evidence-informed practice generally, and in relation to the new content demands of the U.S. Next Generation Science Standards, in particular.

So You Want to Start a Peer Online Writing Center?

Directory of Open Access Journals (Sweden)

Christine Rosalia

2013-03-01

Full Text Available The purpose of this article is to share lessons learned in setting up three different peer online writing centers in three different contexts (EFL, Generation 1.5, and ESL. In each center the focus was on the language learner as a peer online writing advisor and their needs in maintaining centers “for and by” learners. Technology affordances and constraints for local contexts, which promote learner autonomy, are analyzed. The open-source platforms (Moodle, Drupal, and Google Apps are compared in terms of usability for peer writing center work, particularly centers where groups co-construct feedback for writers, asynchronously. This paper is useful for readers who would like a head start or deeper understanding of potential logistics and decision-making involved in establishing a peer online writing center within coursework and/or a self-access learning center.

Software test attacks to break mobile and embedded devices

CERN Document Server

Hagar, Jon Duncan

2013-01-01

Address Errors before Users Find Them Using a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of ""smart"" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams. The numerous test attacks show you when a software product does not work (i.e., has bugs) and provide you with information about the software product under test. The book guides you step by step starting with the basics. It

Modeling attacking of high skills volleyball players

Directory of Open Access Journals (Sweden)

Vladimir Gamaliy

2014-12-01

Full Text Available Purpose: to determine the model indicators of technical and tactical actions in the attack highly skilled volleyball players. Material and Methods: the study used statistical data of major international competitions: Olympic Games – 2012 World Championships – 2010, World League – 2010–2014 European Championship – 2010–2014. A total of 130 analyzed games. Methods were used: analysis and generalization of scientific and methodological literature, analysis of competitive activity highly skilled volleyball players, teacher observation, modeling technical and tactical actions in attacking highly skilled volleyball players. Results: it was found that the largest volume application of technical and tactical actions in the attack belongs to the group tactics «supple movement», whose indicator is 21,3%. The smallest amount of application belongs to the group tactics «flight level» model whose indicators is 5,4%, the efficiency of 3,4%, respectively. It is found that the power service in the jump from model parameters used in 51,6% of cases, the planning targets – 21,7% and 4,4% planning to reduce. Attacks performed with the back line, on model parameters used in the amount of 20,8% efficiency –13,7%. Conclusions: we prove that the performance of technical and tactical actions in the attack can be used as model in the control system of training and competitive process highly skilled volleyball players

Sleep Deprivation Attack Detection in Wireless Sensor Network

OpenAIRE

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-01-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maxi...

With Interest It Comes To...Unconscionable Clauses in Sales Contracts. A Student's Lesson Plan [and] A Teacher's Lesson Plan [and] A Lawyer's Lesson Plan.

Science.gov (United States)

Howard, Estelle; And Others

One of a series of secondary level teaching units presenting case studies with pro and con analysis of particular legal problems, the document presents a student's lesson plan, a teacher's lesson plan, and a lawyer's lesson plan on unconscionable clauses in sales contracts. The unit acquaints students with the operation of sales contracts and…

Calcium Supplements: A Risk Factor for Heart Attack?

Science.gov (United States)

... factor for heart attack? I've read that calcium supplements may increase the risk of heart attack. ... D. Some doctors think it's possible that taking calcium supplements may increase your risk of a heart ...

Using the Domain Name System to Thwart Automated Client-Based Attacks

Energy Technology Data Exchange (ETDEWEB)

Taylor, Curtis R [ORNL; Shue, Craig A [ORNL

2011-09-01

On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.

Lessons learned related to packaging and transportation

International Nuclear Information System (INIS)

Wallen, C.

1995-01-01

The use of lessons learned as a tool for learning from past experiences is well established, especially by many organizations within the nuclear industry. Every person has, at some time, used the principles of lessons learned to adopt good work practices based on their own experiences or the experiences of others. Lessons learned can also help to avoid the recurrence of adverse practices, which is often an area that most lessons-learned programs tend to focus on. This paper will discuss how lessons learned relate to packaging and transportation issues and events experienced at Department of Energy (DOE) facilities. It will also discuss the role performed by the Office of Nuclear and Facility Safety's Office of Operating Experience Analysis and Feedback in disseminating lessons learned and operating experience feedback to the DOE complex. The central concept of lessons learned is that any organization should be able to learn from its own experiences and events. In addition, organizations should implement methodologies to scan external environments for lessons learned, to analyze and determine the relevance of lessons learned, and to bring about the necessary changes learned from these experiences. With increased concerns toward facility safety, the importance of utilizing the lessons-learned principles and the establishment of lessons-learned programs can not be overstated

Lessons Learned From Community-Based Approaches to Sodium Reduction

Science.gov (United States)

Kane, Heather; Strazza, Karen; Losby PhD, Jan L.; Lane, Rashon; Mugavero, Kristy; Anater, Andrea S.; Frost, Corey; Margolis, Marjorie; Hersey, James

2017-01-01

Purpose This article describes lessons from a Centers for Disease Control and Prevention initiative encompassing sodium reduction interventions in six communities. Design A multiple case study design was used. Setting This evaluation examined data from programs implemented in six communities located in New York (Broome County, Schenectady County, and New York City); California (Los Angeles County and Shasta County); and Kansas (Shawnee County). Subjects Participants (n = 80) included program staff, program directors, state-level staff, and partners. Measures Measures for this evaluation included challenges, facilitators, and lessons learned from implementing sodium reduction strategies. Analysis The project team conducted a document review of program materials and semi structured interviews 12 to 14 months after implementation. The team coded and analyzed data deductively and inductively. Results Five lessons for implementing community-based sodium reduction approaches emerged: (1) build relationships with partners to understand their concerns, (2) involve individuals knowledgeable about specific venues early, (3) incorporate sodium reduction efforts and messaging into broader nutrition efforts, (4) design the program to reduce sodium gradually to take into account consumer preferences and taste transitions, and (5) identify ways to address the cost of lower-sodium products. Conclusion The experiences of the six communities may assist practitioners in planning community-based sodium reduction interventions. Addressing sodium reduction using a community-based approach can foster meaningful change in dietary sodium consumption. PMID:24575726

Multilevel Modeling of Distributed Denial of Service Attacks in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Katarzyna Mazur

2016-01-01

Full Text Available The growing popularity of wireless sensor networks increases the risk of security attacks. One of the most common and dangerous types of attack that takes place these days in any electronic society is a distributed denial of service attack. Due to the resource constraint nature of mobile sensors, DDoS attacks have become a major threat to its stability. In this paper, we established a model of a structural health monitoring network, being disturbed by one of the most common types of DDoS attacks, the flooding attack. Through a set of simulations, we explore the scope of flood-based DDoS attack problem, assessing the performance and the lifetime of the network under the attack condition. To conduct our research, we utilized the Quality of Protection Modeling Language. With the proposed approach, it was possible to examine numerous network configurations, parameters, attack options, and scenarios. The results of the carefully performed multilevel analysis allowed us to identify a new kind of DDoS attack, the delayed distributed denial of service, by the authors, referred to as DDDoS attack. Multilevel approach to DDoS attack analysis confirmed that, examining endangered environments, it is significant to take into account many characteristics at once, just to not overlook any important aspect.

Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets

Science.gov (United States)

DeTrano, Alexander; Karimi, Naghmeh; Karri, Ramesh; Guo, Xiaofei; Carlet, Claude; Guilley, Sylvain

2015-01-01

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set. PMID:26491717

Quick Reference: Cyber Attacks Awareness and Prevention Method for Home Users

OpenAIRE

Haydar Teymourlouei

2015-01-01

It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such t...

Exciting middle and high school students about immunology: an easy, inquiry-based lesson.

Science.gov (United States)

Lukin, Kara

2013-03-01

High school students in the United States are apathetic about science, technology, engineering and mathematics (STEM), and the workforce pipeline in these areas is collapsing. The lack of understanding of basic principles of biology means that students are unable to make educated decisions concerning their personal health. To address these issues, we have developed a simple, inquiry-based outreach lesson centered on a mouse dissection. Students learn key concepts in immunology and enhance their understanding of human organ systems. The experiment highlights aspects of the scientific method and authentic data collection and analysis. This hands-on activity stimulates interest in biology, personal health and careers in STEM fields. Here, we present all the information necessary to execute the lesson effectively with middle and high school students.

A Strategic Analysis of Information Sharing Among Cyber Attackers

Directory of Open Access Journals (Sweden)

Kjell Hausken

2015-10-01

Full Text Available We build a game theory model where the market design is such that one firm invests in security to defend against cyber attacks by two hackers. The firm has an asset, which is allocated between the three market participants dependent on their contest success. Each hacker chooses an optimal attack, and they share information with each other about the firm’s vulnerabilities. Each hacker prefers to receive information, but delivering information gives competitive advantage to the other hacker. We find that each hacker’s attack and information sharing are strategic complements while one hacker’s attack and the other hacker’s information sharing are strategic substitutes. As the firm’s unit defense cost increases, the attack is inverse U-shaped and reaches zero, while the firm’s defense and profit decrease, and the hackers’ information sharing and profit increase. The firm’s profit increases in the hackers’ unit cost of attack, while the hackers’ information sharing and profit decrease. Our analysis also reveals the interesting result that the cumulative attack level of the hackers is not affected by the effectiveness of information sharing between them and moreover, is also unaffected by the intensity of joint information sharing. We also find that as the effectiveness of information sharing between hackers increases relative to the investment in attack, the firm’s investment in cyber security defense and profit are constant, the hackers’ investments in attacks decrease, and information sharing levels and hacker profits increase. In contrast, as the intensity of joint information sharing increases, while the firm’s investment in cyber security defense and profit remain constant, the hackers’ investments in attacks increase, and the hackers’ information sharing levels and profits decrease. Increasing the firm’s asset causes all the variables to increase linearly, except information sharing which is constant. We extend

Strengthening Crypto-1 Cipher Against Algebraic Attacks

Directory of Open Access Journals (Sweden)

Farah Afianti

2015-08-01

Full Text Available In the last few years, several studies addressed the problem of data security in Mifare Classic. One of its weaknesses is the low random number quality. This causes SAT solver attacks to have lower complexity. In order to strengthen Crypto-1 against SAT solver attacks, a modification of the feedback function with better cryptographic properties is proposed. It applies a primitive polynomial companion matrix. SAT solvers cannot directly attack the feedback shift register that uses the modified Boolean feedback function, the register has to be split into smaller groups. Experimental testing showed that the amount of memory and CPU time needed were highest when attacking the modified Crypto-1 using the modified feedback function and the original filter function. In addition, another modified Crypto-1, using the modified feedback function and a modified filter function, had the lowest percentage of revealed variables. It can be concluded that the security strength and performance of the modified Crypto-1 using the modified feedback function and the modified filter function are better than those of the original Crypto-1.

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

NARCIS (Netherlands)

Jhawar, Ravi; Lounis, Karim; Mauw, Sjouke

2016-01-01

Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions

Vulnerability of water supply systems to cyber-physical attacks

Science.gov (United States)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

Security Measurement for Unknown Threats Based on Attack Preferences

Directory of Open Access Journals (Sweden)

Lihua Yin

2018-01-01

Full Text Available Security measurement matters to every stakeholder in network security. It provides security practitioners the exact security awareness. However, most of the works are not applicable to the unknown threat. What is more, existing efforts on security metric mainly focus on the ease of certain attack from a theoretical point of view, ignoring the “likelihood of exploitation.” To help administrator have a better understanding, we analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. Based on the prediction, we propose a method of security measurement. In detail, we compute the optimal attack timing from the perspective of attacker, using a long-term game to estimate the risk of being found and then choose the optimal timing based on the risk and profit. We design a learning strategy to model the information sharing mechanism among multiattackers and use spatial structure to model the long-term process. After calculating the Nash equilibrium for each subgame, we consider the likelihood of being attacked for each node as the security metric result. The experiment results show the efficiency of our approach.

Longitudinal determinants of depression among World Trade Center Health Registry enrollees, 14-15 years after the 9/11 attacks.

Science.gov (United States)

Jacobson, Melanie H; Norman, Christina; Nguyen, Angela; Brackbill, Robert M

2018-03-15

Exposure to the September 11, 2001 (9/11) terrorist attacks has been found to be associated with posttraumatic stress disorder (PTSD) and comorbid PTSD and depression up to 10-11 years post-disaster. However, little is known about the longitudinal predictors of mental health conditions over time. We examined longitudinal determinants of depression within strata of PTSD among 21,258 enrollees of the World Trade Center Health Registry who completed four questionnaires over 14 years of follow-up (Wave 1 in 2003-04; Wave 2 in 2005-06; Wave 3 in 2011-12; and Wave 4 in 2015-16). PTSD status was measured using the PTSD checklist on all four waves and defined as a score of ≥ 44; depression was assessed using the 8-item Patient Health Questionnaire at Waves 3 and 4 and defined as a score of ≥ 10. Across Waves 3 and 4, 18.6% experienced depression, and it was more common among those who ever had PTSD (56.1%) compared with those who had not (5.6%). Across PTSD strata, predictors of depression included low income, unemployment, low social integration and support, post-9/11 traumatic life events, and chronic physical illness. These factors also decreased the likelihood of recovering from depression. Depression symptoms were not measured at Waves 1 and 2; data was self-reported. These findings highlight the substantial burden of depression in a trauma-exposed population 14-15 years post-disaster, especially among those with PTSD. Similar life stressors predicted the course of depression among those with and without PTSD which may inform public health and clinical interventions. Copyright © 2018 The Authors. Published by Elsevier B.V. All rights reserved.

Cyber attack analysis on cyber-physical systems: Detectability, severity, and attenuation strategy

Science.gov (United States)

Kwon, Cheolhyeon

Security of Cyber-Physical Systems (CPS) against malicious cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is usually intractable to describe and diagnose them systematically. Motivated by such difficulties, this thesis presents a set of theories and algorithms for a cyber-secure architecture of the CPS within the control theoretic perspective. Here, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Firstly, we investigate the detectability of the cyber attacks from the system's behavior under cyber attacks. Specifically, we conduct a study on the vulnerabilities in the CPS's monitoring system against the stealthy cyber attack that is carefully designed to avoid being detected by its detection scheme. After classifying three kinds of cyber attacks according to the attacker's ability to compromise the system, we derive the necessary and sufficient conditions under which such stealthy cyber attacks can be designed to cause the unbounded estimation error while not being detected. Then, the analytical design method of the optimal stealthy cyber attack that maximizes the estimation error is developed. The proposed stealthy cyber attack analysis is demonstrated with illustrative examples on Air Traffic Control (ATC) system and Unmanned Aerial Vehicle (UAV) navigation system applications. Secondly, in an attempt to study the CPSs' vulnerabilities in more detail, we further discuss a methodology to identify potential cyber threats inherent in the given CPSs and quantify the attack severity accordingly. We then develop an analytical algorithm to test the behavior of the CPS under various cyber attack combinations. Compared to a numerical approach, the analytical algorithm enables the prediction of the most effective cyber attack combinations without computing the severity of all possible attack combinations, thereby greatly reducing the

Consciousness in Non-Epileptic Attack Disorder

OpenAIRE

Reuber, M.; Kurthen, M.

2011-01-01

Non-epileptic attack disorder (NEAD) is one of the most important differential diagnoses of epilepsy. Impairment of\\ud consciousness is the key feature of non-epileptic attacks (NEAs). The first half of this review summarises the clinical research\\ud literature featuring observations relating to consciousness in NEAD. The second half places this evidence in the wider context\\ud of the recent discourse on consciousness in neuroscience and the philosophy of mind. We argue that studies of consci...

Gait biometrics under spoofing attacks: an experimental investigation

Science.gov (United States)

Hadid, Abdenour; Ghahramani, Mohammad; Kellokumpu, Vili; Feng, Xiaoyi; Bustard, John; Nixon, Mark

2015-11-01

Gait is a relatively biometric modality which has a precious advantage over other modalities, such as iris and voice, in that it can be easily captured from a distance. Although it has recently become a topic of great interest in biometric research, there has been little investigation into gait spoofing attacks where a person tries to imitate the clothing or walking style of someone else. We recently analyzed for the first time the effects of spoofing attacks on silhouette-based gait biometric systems and showed that it was indeed possible to spoof gait biometric systems by clothing impersonation and the deliberate selection of a target that has a similar build to the attacker. To gain deeper insight into the performance of current gait biometric systems under spoofing attacks, we provide a thorough investigation on how clothing can be used to spoof a target and evaluate the performance of two state-of-the-art recognition methods on a gait spoofing database recorded at the University of Southampton. Furthermore, we describe and evaluate an initial solution coping with gait spoofing attacks. The obtained results are very promising and point out interesting findings which can be used for future investigations.

Learning from history: The Glasgow Airport terrorist attack.

Science.gov (United States)

Crichton, Gillies

Glasgow Airport was the target of a terrorist attack on 30th June, 2007. Many people within Scotland had come to believe that Scotland was immune from terrorism. This perception was in large part informed by Scotland's experience during the protracted Troubles in Northern Ireland, during which the Provisional Irish Republican Army's mainland bombing campaign focused on targets in England, sparing both Scotland and Wales. While Glasgow Airport did not expect such an attack to take place, meticulous planning, organising and testing of plans had taken place to mitigate the unlikely event of such an attack. The attack stands up as a shining example of robust business continuity management, where the airport reopened for business as usual in less than 24 hours from the time of the attack. Little is known about how the airport handled the situation in conjunction with other responding agencies as people tend to want to focus on high-profile disasters only. Yet countless such incidents are happening worldwide on a daily basis, in which there are excellent learning opportunities, and, taken in the spirit of converting hindsight into foresight, the likelihood of similar incidents could potentially be reduced in the future.

Lessons for Teaching Art Criticism.

Science.gov (United States)

Barrett, Terry, Ed.; Clark, Gilbert, Ed.

This collection of lessons is meant to be a practical guide to help teachers engage children in art criticism. The lessons generally follow a similar format. Most suggest an age group but may be modified for use with younger or older students. Several authors suggest variations and extensions for lessons that include studio activities. A broad…

Tracks FAQs: How Do Heart Attack Hospitalization Rates In My Community Compare With Other Counties Or States?

Centers for Disease Control (CDC) Podcasts

2011-09-01

In this podcast, CDC Tracking experts discuss how to compare heart attack hospitalization rates in your community with other counties or states. Do you have a question for our Tracking experts? Please e-mail questions to trackingsupport@cdc.gov.  Created: 9/1/2011 by National Center for Environmental Health, Division of Environmental Hazards and Health Effects, Environmental Health Tracking Branch.   Date Released: 9/1/2011.

"Frankenstein." [Lesson Plan].

Science.gov (United States)

Simon, Melanie

Based on Mary Shelley's novel "Frankenstein," this lesson plan presents activities designed to help students understand that active readers interpret a novel (its characters, plot, setting, and theme) in different ways; and the great literature can be and has been adapted in many ways over time. The main activity of the lesson involves students…

Heart Attack Payment - Hospital

Data.gov (United States)

U.S. Department of Health & Human Services — Payment for heart attack patients measure – provider data. This data set includes provider data for payments associated with a 30-day episode of care for heart...

Stability Analysis of an Advanced Persistent Distributed Denial-of-Service Attack Dynamical Model

Directory of Open Access Journals (Sweden)

Chunming Zhang

2018-01-01

Full Text Available The advanced persistent distributed denial-of-service (APDDoS attack is a fairly significant threat to cybersecurity. Formulating a mathematical model for accurate prediction of APDDoS attack is important. However, the dynamical model of APDDoS attack has barely been reported. This paper first proposes a novel dynamical model of APDDoS attack to understand the mechanisms of APDDoS attack. Then, the attacked threshold of this model is calculated. The global stability of attack-free and attacked equilibrium are both proved. The influences of the model’s parameters on attacked equilibrium are discussed. Eventually, the main conclusions of the theoretical analysis are examined through computer simulations.

Phagocytosis: history's lessons.

Science.gov (United States)

Garg, Manish; Chandawarkar, Rajiv Y

2013-01-01

The assimilation of lessons from the past is an essential component of education for scientists of tomorrow. These lessons are not easy to find. History books on science are few and usually highly dramatized and biographies of scientists tend to exaggerate the pomp of scientific discovery. Both underplay the hard and laborious work that is integral to any scientific pursuit. Here we illustrate one such example. A century ago, the Nobel Prize in Medicine was awarded to two scientists: Ilya Metchnikoff, a Russian zoologist, for the discovery ofphagocytosis-a cell-mediated ingestion ofmicrobes; and Paul Ehrlich, a distinguished physician-scientist, for discovering a highly antigen-specific serum-derived antibody-based immune defense. These two diametrically opposing views of the host-pathogen interaction set the stage for a strife that led to seminal advancements in immunology. Mirrored in this journey are important lessons for scientists today--ubiquitously as applicable to modern scientific life as they were a century ago. This commentaryhighlights these lessons--a fitting centenary to a well-deserved recognition.

Inflammation and neuropathic attacks in hereditary brachial plexus neuropathy

Science.gov (United States)

Klein, C; Dyck, P; Friedenberg, S; Burns, T; Windebank, A; Dyck, P

2002-01-01

Objective: To study the role of mechanical, infectious, and inflammatory factors inducing neuropathic attacks in hereditary brachial plexus neuropathy (HBPN), an autosomal dominant disorder characterised by attacks of pain and weakness, atrophy, and sensory alterations of the shoulder girdle and upper limb muscles. Methods: Four patients from separate kindreds with HBPN were evaluated. Upper extremity nerve biopsies were obtained during attacks from a person of each kindred. In situ hybridisation for common viruses in nerve tissue and genetic testing for a hereditary tendency to pressure palsies (HNPP; tomaculous neuropathy) were undertaken. Two patients treated with intravenous methyl prednisolone had serial clinical and electrophysiological examinations. One patient was followed prospectively through pregnancy and during the development of a stereotypic attack after elective caesarean delivery. Results: Upper extremity nerve biopsies in two patients showed prominent perivascular inflammatory infiltrates with vessel wall disruption. Nerve in situ hybridisation for viruses was negative. There were no tomaculous nerve changes. In two patients intravenous methyl prednisolone ameliorated symptoms (largely pain), but with tapering of steroid dose, signs and symptoms worsened. Elective caesarean delivery did not prevent a typical postpartum attack. Conclusions: Inflammation, probably immune, appears pathogenic for some if not all attacks of HBPN. Immune modulation may be useful in preventing or reducing the neuropathic attacks, although controlled trials are needed to establish efficacy, as correction of the mutant gene is still not possible. The genes involved in immune regulation may be candidates for causing HBPN disorders. PMID:12082044

Based on Intelligent Robot of E-business Distribution Center Operation Mode Research

Directory of Open Access Journals (Sweden)

Li Juntao

2016-01-01

Full Text Available According to E-business distribution center operation mode in domestic and advanced experience drawing lessons at home and abroad, this paper based on intelligent robot researches E-business distribution center operation mode. And it proposes the innovation logistics storage in E-business and sorting integration system, and elaborates its principle, characteristics, as well as studies its business mode and logistics process, and its parameters and working mode of AGV equipment.

Heart Attack Payment - National

Data.gov (United States)

U.S. Department of Health & Human Services — Payment for heart attack patients measure – national data. This data set includes national-level data for payments associated with a 30-day episode of care for heart...

Heart Attack Payment - State

Data.gov (United States)

U.S. Department of Health & Human Services — Payment for heart attack patients measure – state data. This data set includes state-level data for payments associated with a 30-day episode of care for heart...

Choosing What to Protect When Attacker Resources and Asset Valuations are Uncertain

Directory of Open Access Journals (Sweden)

Kjell Hausken

2014-01-01

Full Text Available The situation has been modelled where the attacker's resources are unknown to the defender. Protecting assets presupposes that the defender has some information on the attacker's resource capabilities. An attacker targets one of two assets. The attacker's resources and valuations of these assets are drawn probabilistically. We specify when the isoutility curves are upward sloping (the defender prefers to invest less in defense, thus leading to higher probabilities of success for attacks on both assets or downward sloping (e.g. when one asset has a low value or high unit defense cost. This stands in contrast to earlier research and results from the uncertainty regarding the level of the attacker's resources. We determine which asset the attacker targets depending on his type, unit attack costs, the contest intensity, and investment in defense. A two stage game is considered, where the defender moves first and the attacker moves second. When both assets are equivalent and are treated equivalently by both players, an interior equilibrium exists when the contest intensity is low, and a corner equilibrium with no defense exists when the contest intensity is large and the attacker holds large resources. Defense efforts are inverse U shaped in the attacker's resources. (original abstract

Development of Cyber-attack Risk Assessment Model for Nuclear Power Plants

International Nuclear Information System (INIS)

Park, Jong Woo; Lee, Seung Jun

2017-01-01

In this work, a risk evaluation method to identify significant cyber-attack scenarios and important components which should be defensed was proposed based on the probabilistic safety assessment (PSA) method which is widely used for evaluating risk of NPPs. NPPs adopting digital systems have been facing the risk of cyber-attacks. To develop efficient and reasonable defense strategy, it is required to identify significant cyber-attack scenarios and important components because there are huge number of critical digital assets in an NPP. By evaluating the risk of cyber-attack, the risk-informed defense strategies against cyber-attack could be suggested. In this work, the method to identify important cyber-attack scenarios and to evaluate the quantitative risk caused by cyber-attacks was proposed. For a future study, more feasible scenarios will be analyzed and additional modifications will be made in the model if necessary.

Analysis of Network Vulnerability Under Joint Node and Link Attacks

Science.gov (United States)

Li, Yongcheng; Liu, Shumei; Yu, Yao; Cao, Ting

2018-03-01

The security problem of computer network system is becoming more and more serious. The fundamental reason is that there are security vulnerabilities in the network system. Therefore, it’s very important to identify and reduce or eliminate these vulnerabilities before they are attacked. In this paper, we are interested in joint node and link attacks and propose a vulnerability evaluation method based on the overall connectivity of the network to defense this attack. Especially, we analyze the attack cost problem from the attackers’ perspective. The purpose is to find the set of least costs for joint links and nodes, and their deletion will lead to serious network connection damage. The simulation results show that the vulnerable elements obtained from the proposed method are more suitable for the attacking idea of the malicious persons in joint node and link attack. It is easy to find that the proposed method has more realistic protection significance.

Inoculation Policies in Response to Terrorist or WMD Attacks: Additional Factors to Consider

International Nuclear Information System (INIS)

Leitner, P. M.

2007-01-01

When viewed on its own merits, the debate over who should be inoculated during a period of biological emergency is a rather straightforward public policy decision. The classic public policy 'balancing act' decision-making model is defaulted to as issues of fairness, efficiency, cost-effectiveness, adequacy of supply, mission performance, and constituencies are arrayed and adjudicated. This mainstream approach is appropriate as far as it goes but it also exemplifies a series of structural and perceptual weaknesses when applied to wartime or localized terrorism scenarios. In fact, the establishment of a vaccination policy appropriate to a flu pandemic falls squarely within this mainstream debate. Although the notion of a pandemic carries an assumption of a great many fatalities it does not possess the fear quotient, uncertainty, horror, unnaturalness, or inevitability of a bio-terror or biological warfare incident. As a result, the reliability and responsiveness of key personnel responding to a flu pandemic should be less of an issue than it will be in the event of an intentional man-made biological incident. The principal policy weakness in instances an intentional bio-attack stems from a generalized failure, or refusal, to systematically study the behavior of key personnel, first-responders, soldiers, or critical senior leadership during severe crises occurring in their own backyards. In other words, when the 'balloon goes up' how many of your responders and critical personnel will show up for work? This presentation considers many of the 'unaddressed' factors that experience has shown may have a determinative effect upon the efficacy of a response to a biological incident. Lessons are drawn from experiences of US forces station in the former West Germany, US Defense Department Continuity of Operations Programs, Hurricane Katrina, and the 9/11 attacks on the United States. (author)

Semantic Identification Attacks on Web Browsing

OpenAIRE

Guha, Neel

2016-01-01

We introduce a Semantic Identification Attack, in which an adversary uses semantic signals about the pages visited in one browsing session to identify other browsing sessions launched by the same user. This attack allows an adver- sary to determine if two browsing sessions originate from the same user regardless of any measures taken by the user to disguise their browser or network. We use the MSNBC Anonymous Browsing data set, which contains a large set of user visits (labeled by category) t...

Hereditary angioedema attacks resolve faster and are shorter after early icatibant treatment.

Directory of Open Access Journals (Sweden)

Marcus Maurer

Full Text Available BACKGROUND: Attacks of hereditary angioedema (HAE are unpredictable and, if affecting the upper airway, can be lethal. Icatibant is used for physician- or patient self-administered symptomatic treatment of HAE attacks in adults. Its mode of action includes disruption of the bradykinin pathway via blockade of the bradykinin B(2 receptor. Early treatment is believed to shorten attack duration and prevent severe outcomes; however, evidence to support these benefits is lacking. OBJECTIVE: To examine the impact of timing of icatibant administration on the duration and resolution of HAE type I and II attacks. METHODS: The Icatibant Outcome Survey is an international, prospective, observational study for patients treated with icatibant. Data on timings and outcomes of icatibant treatment for HAE attacks were collected between July 2009-February 2012. A mixed-model of repeated measures was performed for 426 attacks in 136 HAE type I and II patients. RESULTS: Attack duration was significantly shorter in patients treated <1 hour of attack onset compared with those treated ≥ 1 hour (6.1 hours versus 16.8 hours [p<0.001]. Similar significant effects were observed for <2 hours versus ≥ 2 hours (7.2 hours versus 20.2 hours [p<0.001] and <5 hours versus ≥ 5 hours (8.0 hours versus 23.5 hours [p<0.001]. Treatment within 1 hour of attack onset also significantly reduced time to attack resolution (5.8 hours versus 8.8 hours [p<0.05]. Self-administrators were more likely to treat early and experience shorter attacks than those treated by a healthcare professional. CONCLUSION: Early blockade of the bradykinin B(2 receptor with icatibant, particularly within the first hour of attack onset, significantly reduced attack duration and time to attack resolution.

Pre-attack signs and symptoms in cluster headache: Characteristics and time profile.

Science.gov (United States)

Snoer, Agneta; Lund, Nunu; Beske, Rasmus; Jensen, Rigmor; Barloese, Mads

2018-05-01

Introduction In contrast to the premonitory phase of migraine, little is known about the pre-attack (prodromal) phase of a cluster headache. We aimed to describe the nature, prevalence, and duration of pre-attack symptoms in cluster headache. Methods Eighty patients with episodic cluster headache or chronic cluster headache, according to ICHD-3 beta criteria, were invited to participate. In this observational study, patients underwent a semi-structured interview where they were asked about the presence of 31 symptoms/signs in relation to a typical cluster headache attack. Symptoms included previously reported cluster headache pre-attack symptoms, premonitory migraine symptoms and accompanying symptoms of migraine and cluster headache. Results Pre-attack symptoms were reported by 83.3% of patients, with an average of 4.25 (SD 3.9) per patient. Local and painful symptoms, occurring with a median of 10 minutes before attack, were reported by 70%. Local and painless symptoms and signs, occurring with a median of 10 minutes before attack, were reported by 43.8% and general symptoms, occurring with a median of 20 minutes before attack, were reported by 62.5% of patients. Apart from a dull/aching sensation in the attack area being significantly ( p cluster headache. Since the origin of cluster headache attacks is still unresolved, studies of pre-attack symptoms could contribute to the understanding of cluster headache pathophysiology. Furthermore, identification and recognition of pre-attack symptoms could potentially allow earlier abortive treatment.

Variability of clinical features in attacks of migraine with aura

DEFF Research Database (Denmark)

Hansen, Jakob M; Goadsby, Peter J; Charles, Andrew C

2016-01-01

. CONCLUSION: These findings are consistent with variable involvement of different brain regions during a migraine attack. The variable occurrence of nausea, and phonophobia in conjunction with photophobia, both defining features of migraine, may be an important consideration in designing clinical studies......BACKGROUND: There is significant variability in the clinical presentation of migraine, both among patients, and between attacks in an individual patient. We examined clinical features of migraine with aura in a large group of patients enrolled in a clinical trial, and compared retrospective...... a detailed retrospective description of the clinical features of their attacks of migraine. During the trial, clinical symptoms in migraine attacks starting with aura were recorded prospectively in 861 attacks. RESULTS: Retrospectively reported visual aura symptoms were variable and often overlapping...

"Dateline NBC"'s Persuasive Attack on Wal-Mart.

Science.gov (United States)

Benoit, William L.; Dorries, Bruce

1996-01-01

Develops a typology of persuasive attack strategies. Identifies two key components of persuasive attack: responsibility and offensiveness. Describes several strategies for intensifying each of these elements. Applies this analysis to "Dateline NBC"'s allegations that Wal-Mart's "Buy American" campaign was deceptive. Concludes…

Transforming Graphical System Models To Graphical Attack Models

NARCIS (Netherlands)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, René Rydhof; Kammüller, Florian; Mauw, S.; Kordy, B.

2015-01-01

Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that

TCPL: A Defense against wormhole attacks in wireless sensor networks

International Nuclear Information System (INIS)

Kumar, K. E. Naresh; Waheed, Mohd. Abdul; Basappa, K. Kari

2010-01-01

Do In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many sensor network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

Behavioral Modeling of WSN MAC Layer Security Attacks: A Sequential UML Approach

DEFF Research Database (Denmark)

Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

2012-01-01

is the vulnerability to security attacks/threats. The performance and behavior of a WSN are vastly affected by such attacks. In order to be able to better address the vulnerabilities of WSNs in terms of security, it is important to understand the behavior of the attacks. This paper addresses the behavioral modeling...... of medium access control (MAC) security attacks in WSNs. The MAC layer is responsible for energy consumption, delay and channel utilization of the network and attacks on this layer can introduce significant degradation of the individual sensor nodes due to energy drain and in performance due to delays....... The behavioral modeling of attacks will be beneficial for designing efficient and secure MAC layer protocols. The security attacks are modeled using a sequential diagram approach of Unified Modeling Language (UML). Further, a new attack definition, specific to hybrid MAC mechanisms, is proposed....

The WOMBAT Attack Attribution Method: Some Results

Science.gov (United States)

Dacier, Marc; Pham, Van-Hau; Thonnard, Olivier

In this paper, we present a new attack attribution method that has been developed within the WOMBAT project. We illustrate the method with some real-world results obtained when applying it to almost two years of attack traces collected by low interaction honeypots. This analytical method aims at identifying large scale attack phenomena composed of IP sources that are linked to the same root cause. All malicious sources involved in a same phenomenon constitute what we call a Misbehaving Cloud (MC). The paper offers an overview of the various steps the method goes through to identify these clouds, providing pointers to external references for more detailed information. Four instances of misbehaving clouds are then described in some more depth to demonstrate the meaningfulness of the concept.

Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions

NARCIS (Netherlands)

M.M.J. Stevens (Marc); D. Shumow

2017-01-01

textabstractCounter-cryptanalysis, the concept of using cryptanalytic techniques to detect cryptanalytic attacks, was introduced by Stevens at CRYPTO 2013 [22] with a hash collision detection algorithm. That is, an algorithm that detects whether a given single message is part of a colliding message

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Directory of Open Access Journals (Sweden)

Lu Zhou

2017-01-01

Full Text Available Low-rate Distributed Denial-of-Service (low-rate DDoS attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.

Implementation of Positive Operator-Valued Measure in Passive Faraday Mirror Attack

International Nuclear Information System (INIS)

Wang Wei-Long; Gao Ming; Ma Zhi

2015-01-01

Passive Faraday-mirror (PFM) attack is based on imperfect Faraday mirrors in practical quantum cryptography systems and a set of three-dimensional Positive Operator-Valued Measure (POVM) operators plays an important role in this attack. In this paper, we propose a simple scheme to implement the POVM in PFM attack on an Faraday–Michelson quantum cryptography system. Since the POVM can not be implemented directly with previous methods, in this scheme it needs to expand the states sent by Alice and the POVM operators in the attack into four-dimensional Hilbert space first, without changing the attacking effect by calculation. Based on the methods proposed by Ahnert and Payne, the linear-optical setup for implementing the POVM operators is derived. At last, the complete setup for realizing the PFM attack is presented with all parameters. Furthermore, our scheme can also be applied to realize PFM attack on a plug-and-play system by changing the parameters in the setup. (paper)

Pitch control margin at high angle of attack - Quantitative requirements (flight test correlation with simulation predictions)

Science.gov (United States)

Lackey, J.; Hadfield, C.

1992-01-01

Recent mishaps and incidents on Class IV aircraft have shown a need for establishing quantitative longitudinal high angle of attack (AOA) pitch control margin design guidelines for future aircraft. NASA Langley Research Center has conducted a series of simulation tests to define these design guidelines. Flight test results have confirmed the simulation studies in that pilot rating of high AOA nose-down recoveries were based on the short-term response interval in the forms of pitch acceleration and rate.

Regression Nodes: Extending attack trees with data from social sciences

NARCIS (Netherlands)

Bullee, Jan-Willem; Montoya, L.; Pieters, Wolter; Junger, Marianne; Hartel, Pieter H.

In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to

Depletion-of-Battery Attack: Specificity, Modelling and Analysis.

Science.gov (United States)

Shakhov, Vladimir; Koo, Insoo

2018-06-06

The emerging Internet of Things (IoT) has great potential; however, the societal costs of the IoT can outweigh its benefits. To unlock IoT potential, there needs to be improvement in the security of IoT applications. There are several standardization initiatives for sensor networks, which eventually converge with the Internet of Things. As sensor-based applications are deployed, security emerges as an essential requirement. One of the critical issues of wireless sensor technology is limited sensor resources, including sensor batteries. This creates a vulnerability to battery-exhausting attacks. Rapid exhaustion of sensor battery power is not only explained by intrusions, but can also be due to random failure of embedded sensor protocols. Thus, most wireless sensor applications, without tools to defend against rash battery exhausting, would be unable to function during prescribed times. In this paper, we consider a special type of threat, in which the harm is malicious depletion of sensor battery power. In contrast to the traditional denial-of-service attack, quality of service under the considered attack is not necessarily degraded. Moreover, the quality of service can increase up to the moment of the sensor set crashes. We argue that this is a distinguishing type of attack. Hence, the application of a traditional defense mechanism against this threat is not always possible. Therefore, effective methods should be developed to counter the threat. We first discuss the feasibility of rash depletion of battery power. Next, we propose a model for evaluation of energy consumption when under attack. Finally, a technique to counter the attack is discussed.

User observations on information sharing (corporate knowledge and lessons learned)

Science.gov (United States)

Montague, Ronald A.; Gregg, Lawrence A.; Martin, Shirley A.; Underwood, Leroy H.; Mcgee, John M.

1993-01-01

The sharing of 'corporate knowledge' and lessons learned in the NASA aerospace community has been identified by Johnson Space Center survey participants as a desirable tool. The concept of the program is based on creating a user friendly information system that will allow engineers, scientists, and managers at all working levels to share their information and experiences with other users irrespective of location or organization. The survey addresses potential end uses for such a system and offers some guidance on the development of subsequent processes to ensure the integrity of the information shared. This system concept will promote sharing of information between NASA centers, between NASA and its contractors, between NASA and other government agencies, and perhaps between NASA and institutions of higher learning.

Fault attacks, injection techniques and tools for simulation

NARCIS (Netherlands)

Piscitelli, R.; Bhasin, S.; Regazzoni, F.

2015-01-01

Faults attacks are a serious threat to secure devices, because they are powerful and they can be performed with extremely cheap equipment. Resistance against fault attacks is often evaluated directly on the manufactured devices, as commercial tools supporting fault evaluation do not usually provide

Cybersecurity protecting critical infrastructures from cyber attack and cyber warfare

CERN Document Server

Johnson, Thomas A

2015-01-01

The World Economic Forum regards the threat of cyber attack as one of the top five global risks confronting nations of the world today. Cyber attacks are increasingly targeting the core functions of the economies in nations throughout the world. The threat to attack critical infrastructures, disrupt critical services, and induce a wide range of damage is becoming more difficult to defend against. Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare examines the current cyber threat landscape and discusses the strategies being used by governments and corporatio

[Comparative analysis of phenomenology of paroxysms of atrial fibrillation and panic attacks].

Science.gov (United States)

San'kova, T A; Solov'eva, A D; Nedostup, A V

2004-01-01

To study phenomenology of attacks of atrial fibrillation (AF) and to compare it with phenomenology of panic attacks for elucidation of pathogenesis of atrial fibrillation and for elaboration of rational therapeutic intervention including those aimed at correction of psychovegetative abnormalities. Patients with nonrheumatic paroxysmal AF (n=105) and 100 patients with panic attacks (n=100). Clinical, cardiological and neurological examination, analysis of patients complaints during attacks of AF, and comparison them with diagnostic criteria for panic attack. It was found that clinical picture of attacks of AF comprised vegetative, emotional and functional neurological phenomena similar to those characteristic for panic attacks. This similarity as well as positive therapeutic effect of clonazepam allowed to propose a novel pathogenic mechanism of AF attacks. Severity of psychovegetative disorders during paroxysm of AF could be evaluated by calculation of psychovegetative iudex: Psychovegetative index should be used for detection of panic attack-like component in clinical picture of AF paroxysm and thus for determination of indications for inclusion of vegetotropic drugs, e. g. clonazepam, in complex preventive therapy.

Securing SQL server protecting your database from attackers

CERN Document Server

Cherry, Denny

2015-01-01

SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack. In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practic

A hard lesson for Europeans: the ASEAN CDC.

Science.gov (United States)

Tibayrenc, Michel

2005-06-01

Despite the growing threat of major pandemics, the European Union is planning no more than a meager surveillance agency staffed with 70 people on the 2007 horizon: the new European Centre for Disease Control. I argue that an effective structure should be much larger and include a strong research activity. Asian countries, inspired by the US CDC, are now taking this concept in hand and creating an ASEAN Center For Disease Control, with sophisticated laboratory facilities to be included. This is a tough lesson for us Europeans, and our avarice in this domain could have tragic consequences in the future.

Strategic defense and attack for reliability systems

International Nuclear Information System (INIS)

Hausken, Kjell

2008-01-01

This article illustrates a method by which arbitrarily complex series/parallel reliability systems can be analyzed. The method is illustrated with the series-parallel and parallel-series systems. Analytical expressions are determined for the investments and utilities of the defender and the attacker, depend on their unit costs of investment for each component, the contest intensity for each component, and their evaluations of the value of system functionality. For a series-parallel system, infinitely many components in parallel benefit the defender maximally regardless of the finite number of parallel subsystems in series. Conversely, infinitely many components in series benefit the attacker maximally regardless of the finite number of components in parallel in each subsystem. For a parallel-series system, the results are opposite. With equivalent components, equal unit costs for defender and attacker, equal intensity for all components, and equally many components in series and parallel, the defender always prefers the series-parallel system rather than the parallel-series system, and converse holds for the attacker. Hence from the defender's perspective, ceteris paribus, the series-parallel system is more reliable, and has fewer 'cut sets' or failure modes

Defending majority voting systems against a strategic attacker

International Nuclear Information System (INIS)

Levitin, Gregory; Hausken, Kjell; Ben Haim, Hanoch

2013-01-01

Voting systems used in technical and tactical decision making in pattern recognition and target detection, data handling, signal processing, distributed and secure computing etc. are considered. A maxmin two period game is analyzed where the defender first protects and chooses units for participation in voting. The attacker thereafter attacks a subset of units. It is shown that when the defender protects all the voting units, the optimal number of units chosen for voting is either one or the maximal possible odd number. When the defender protects only the units chosen for voting, the optimal number of chosen units increases with the defender resource superiority (i.e., more resources than the attacker) and with probability of providing correct output by any unit. The system success probability always increases in the total number of voting units, the defender–attacker resource ratio, and the probability that each voting unit produces a correct output. The system success probability increases in the attacker–defender contest intensity if the defender achieves per-unit resource superiority, and otherwise decreases in the contest intensity. The presented model and enumerative algorithm allow obtaining optimal voting system defense strategy for any combination of parameters: total number of units, attack and defense resources, unit success probability and contest intensity.

Construction of a Cyber Attack Model for Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

2017-05-01

The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missed if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.

Fatal injection: a survey of modern code injection attack countermeasures

Directory of Open Access Journals (Sweden)

Dimitris Mitropoulos

2017-11-01

Full Text Available With a code injection attack (CIA an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

Attacks and infections in percolation processes

International Nuclear Information System (INIS)

Janssen, Hans-Karl; Stenull, Olaf

2017-01-01

We discuss attacks and infections at propagating fronts of percolation processes based on the extended general epidemic process. The scaling behavior of the number of the attacked and infected sites in the long time limit at the ordinary and tricritical percolation transitions is governed by specific composite operators of the field-theoretic representation of this process. We calculate corresponding critical exponents for tricritical percolation in mean-field theory and for ordinary percolation to 1-loop order. Our results agree well with the available numerical data. (paper)

ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

Energy Technology Data Exchange (ETDEWEB)

Cui, Xiaohui [ORNL; Beaver, Justin M [ORNL; Treadwell, Jim N [ORNL

2012-01-01

The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.

REAL-TIME INTELLIGENT MULTILAYER ATTACK CLASSIFICATION SYSTEM

Directory of Open Access Journals (Sweden)

T. Subbhulakshmi

2014-01-01

Full Text Available Intrusion Detection Systems (IDS takes the lion’s share of the current security infrastructure. Detection of intrusions is vital for initiating the defensive procedures. Intrusion detection was done by statistical and distance based methods. A threshold value is used in these methods to indicate the level of normalcy. When the network traffic crosses the level of normalcy then above which it is flagged as anomalous. When there are occurrences of new intrusion events which are increasingly a key part of system security, the statistical techniques cannot detect them. To overcome this issue, learning techniques are used which helps in identifying new intrusion activities in a computer system. The objective of the proposed system designed in this paper is to classify the intrusions using an Intelligent Multi Layered Attack Classification System (IMLACS which helps in detecting and classifying the intrusions with improved classification accuracy. The intelligent multi layered approach contains three intelligent layers. The first layer involves Binary Support Vector Machine classification for detecting the normal and attack. The second layer involves neural network classification to classify the attacks into classes of attacks. The third layer involves fuzzy inference system to classify the attacks into various subclasses. The proposed IMLACS can be able to detect an intrusion behavior of the networks since the system contains a three intelligent layer classification and better set of rules. Feature selection is also used to improve the time of detection. The experimental results show that the IMLACS achieves the Classification Rate of 97.31%.

Simulating Cyber-Attacks for Fun and Profit

OpenAIRE

Futoransky, Ariel; Miranda, Fernando; Orlicki, Jose; Sarraute, Carlos

2010-01-01

We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker's standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applications, protocols, users, etc. A novel characteristic of this tool is to simulate vulnerabilities (in...

Network resilience against intelligent attacks constrained by the degree-dependent node removal cost

International Nuclear Information System (INIS)

Annibale, A; Coolen, A C C; Bianconi, G

2010-01-01

We study the resilience of complex networks against attacks in which nodes are targeted intelligently, but where disabling a node has a cost to the attacker which depends on its degree. Attackers have to meet these costs with limited resources, which constrains their actions. A network's integrity is quantified in terms of the efficacy of the process that it supports. We calculate how the optimal attack strategy and the most attack-resistant network degree statistics depend on the node removal cost function and the attack resources. The resilience of networks against intelligent attacks is found to depend strongly on the node removal cost function faced by the attacker. In particular, if node removal costs increase sufficiently fast with the node degree, power law networks are found to be more resilient than Poissonian ones, even against optimized intelligent attacks. For cost functions increasing quadratically in the node degrees, intelligent attackers cannot damage the network more than random damages would.

Chess therapy: A new approach to curing panic attack.

Science.gov (United States)

Barzegar, Kazem; Barzegar, Somayeh

2017-12-01

To study the effect of playing cell phone chess game on treating panic attack. The chess game on an android cell phone was played by the researcher who was affected by panic attack as a post-traumatic disorder immediately after or before feeling of the start of symptoms. The right level of difficulty, i.e., levels 2-4, was selected for optimal results. Playing chess game on the android cell phone prevented the manifestation of panic attack and led to the cure of this traumatic condition. Chess therapy with the right level of difficulty can be recommended as a very effective non-pharmaceutical method for the successful treatment of panic attacks. Copyright © 2017 Elsevier B.V. All rights reserved.

Counting equations in algebraic attacks on block ciphers

DEFF Research Database (Denmark)

Knudsen, Lars Ramkilde; Miolane, Charlotte Vikkelsø

2010-01-01

This paper is about counting linearly independent equations for so-called algebraic attacks on block ciphers. The basic idea behind many of these approaches, e.g., XL, is to generate a large set of equations from an initial set of equations by multiplication of existing equations by the variables...... in the system. One of the most difficult tasks is to determine the exact number of linearly independent equations one obtain in the attacks. In this paper, it is shown that by splitting the equations defined over a block cipher (an SP-network) into two sets, one can determine the exact number of linearly...... independent equations which can be generated in algebraic attacks within each of these sets of a certain degree. While this does not give us a direct formula for the success of algebraic attacks on block ciphers, it gives some interesting bounds on the number of equations one can obtain from a given block...

Plasma Exchange in Severe Attacks of Neuromyelitis Optica

Directory of Open Access Journals (Sweden)

Mickael Bonnan

2012-01-01

Full Text Available Background. Neuromyelitis optica (NMO attacks are poorly controlled by steroids and evolve in stepwise neurological impairments. Assuming the strong humoral response underlying NMO attacks, plasma exchange (PLEX is an appropriate technique in severe NMO attacks. Objective. Presenting an up-to-date review of the literature of PLEX in NMO. Methods. We summarize the rationale of PLEX in relation with the physiology of NMO, the main technical aspects, and the available studies. Results. PLEX in severe attacks from myelitis or optic neuritis are associated with a better outcome, depending on PLEX delay (“time is cord and eyes”. NMO-IgG status has no influence. Finally, we build up an original concept linking the inner dynamic of the lesion, the timing of PLEX onset and the expected clinical results. Conclusion. PLEX is a safe and efficient add-on therapy in NMO, in synergy with steroids. Large therapeutic trials are required to definitely assess the procedure and define the time opportunity window.

Blood flow velocity in migraine attacks - a transcranial Doppler study

International Nuclear Information System (INIS)

Zwetsloot, C.P.; Caekebeke, J.F.V.; Jansen, J.C.; Odink, J.; Ferrari, M.D.

1991-01-01

A pulsed Doppler device was used to measure blood flow velocities in the common carotid artery, the extracranial part of the internal carotid artery, the external carotid artery, the middle cerebral artery, and the anterior cerebral artery in 31 migraneurs without aura (n=27) and with aura (n=4), both during and ouside an attack. The aims were to compare blood flow velocity during and between migraine attacks and to study asymmetries of the blood flow velocity. Compared with blood flow velocity values obtained in the attack-free interval, blood flow velocity was lower during attacks without aura in both common carotid arteries, but not in the other extra- and intracranial vessels which were examined. However, during attacks of migraine with aura, blood flow velocity tended to be lower in all examined vessels. There were no asymmetries of the blood flow velocity. It is suggested that during migraine attacks without aura there is a dissociation in blood flow regulation in the common carotid and middle cerebral arteries. 20 refs., 2 tabs

Blood flow velocity in migraine attacks - a transcranial Doppler study

Energy Technology Data Exchange (ETDEWEB)

Zwetsloot, C.P.; Caekebeke, J.F.V.; Jansen, J.C.; Odink, J.; Ferrari, M.D. (Rijksuniversiteit Leiden (Netherlands))

1991-05-01

A pulsed Doppler device was used to measure blood flow velocities in the common carotid artery, the extracranial part of the internal carotid artery, the external carotid artery, the middle cerebral artery, and the anterior cerebral artery in 31 migraneurs without aura (n=27) and with aura (n=4), both during and ouside an attack. The aims were to compare blood flow velocity during and between migraine attacks and to study asymmetries of the blood flow velocity. Compared with blood flow velocity values obtained in the attack-free interval, blood flow velocity was lower during attacks without aura in both common carotid arteries, but not in the other extra- and intracranial vessels which were examined. However, during attacks of migraine with aura, blood flow velocity tended to be lower in all examined vessels. There were no asymmetries of the blood flow velocity. It is suggested that during migraine attacks without aura there is a dissociation in blood flow regulation in the common carotid and middle cerebral arteries. 20 refs., 2 tabs.

Previous experience in manned space flight: A survey of human factors lessons learned

Science.gov (United States)

Chandlee, George O.; Woolford, Barbara

1993-01-01

Previous experience in manned space flight programs can be used to compile a data base of human factors lessons learned for the purpose of developing aids in the future design of inhabited spacecraft. The objectives are to gather information available from relevant sources, to develop a taxonomy of human factors data, and to produce a data base that can be used in the future for those people involved in the design of manned spacecraft operations. A study is currently underway at the Johnson Space Center with the objective of compiling, classifying, and summarizing relevant human factors data bearing on the lessons learned from previous manned space flights. The research reported defines sources of data, methods for collection, and proposes a classification for human factors data that may be a model for other human factors disciplines.

The confused world of sulfate attack on concrete

International Nuclear Information System (INIS)

Neville, Adam

2004-01-01

External sulfate attack is not completely understood. Part I identifies the issues involved, pointing out disagreements, and distinguishes between the mere occurrence of chemical reactions of sulfates with hydrated cement paste and the damage or deterioration of concrete; only the latter are taken to represent sulfate attack. Furthermore, sulfate attack is defined as deleterious action involving sulfate ions; if the reaction is physical, then, it is physical sulfate attack that takes place. The discussion of the two forms of sulfate attack leads to a recommendation for distinct nomenclature. Sulfate attack on concrete structures in service is not widespread, and the amount of laboratory-based research seems to be disproportionately large. The mechanisms of attack by different sulfates--sodium, calcium, and magnesium--are discussed, including the issue of topochemical and through-solution reactions. The specific aspects of the action of magnesium sulfate are discussed, and the differences between laboratory conditions and field exposure are pointed out. Part II discusses the progress of sulfate attack and its manifestations. This is followed by a discussion of making sulfate-resisting concrete. One of the measures is to use Type V cement, and this topic is extensively discussed. Likewise, the influence of w/c on sulfate resistance is considered. The two parameters are not independent of one another. Moreover, the cation in the sulfate salt has a strong bearing on the efficiency of the Type V cement. Recent interpretations of the Bureau of Reclamation tests, both long term and accelerated, are evaluated, and it appears that they need reworking. Part III reviews the standards and guides for the classification of the severity of exposure of structures to sulfates and points out the lack of calibration of the various classes of exposure. A particular problem is the classification of soils because much depends on the extraction ratio of sulfate in the soil: there is a

Entertainment-Retail Centers in Hong Kong and Los Angeles: Trends and Lessons

OpenAIRE

Clara Irazabal; Surajit Chakravarty

2007-01-01

This paper seeks to answer the question of why Entertainment Retail Centers (ERCs) develop as they do and what we can expect from these centers of consumption in the near future. Beginning with a "network" view of cities, where cities are nodes in an integrated economic system, the paper examines the evolution of and recent trends in the design of Entertainment Retail Centers (ERCs) in Los Angeles and Hong Kong. The analysis is organized along four related themes - land use, transportation, u...

Nursing Reference Center: a point-of-care resource.

Science.gov (United States)

Vardell, Emily; Paulaitis, Gediminas Geddy

2012-01-01

Nursing Reference Center is a point-of-care resource designed for the practicing nurse, as well as nursing administrators, nursing faculty, and librarians. Users can search across multiple resources, including topical Quick Lessons, evidence-based care sheets, patient education materials, practice guidelines, and more. Additional features include continuing education modules, e-books, and a new iPhone application. A sample search and comparison with similar databases were conducted.

Timing Analysis of SSL/TLS Man in the Middle Attacks

OpenAIRE

Benton, Kevin; Bross, Ty

2013-01-01

Man in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

Lesson study in prospective mathematics teacher education: didactic and paradidactic technology in the post-lesson reflection

DEFF Research Database (Denmark)

Rasmussen, Klaus

2016-01-01

This paper presents a detailed analysis of the post-lesson reflection, carried out in the context of eight cases of lesson study conducted by teams of Danish, lower secondaryprospective teachers and their supervisors. The participants, representing different institutions, were all new to the less...... and concern to the whole profession of mathematics teachers and the analysis adds to our insight into the potential of lesson study in prospective education as a meeting place where pertinent actors contribute to the expansion and dissemination of shared professional knowledge......This paper presents a detailed analysis of the post-lesson reflection, carried out in the context of eight cases of lesson study conducted by teams of Danish, lower secondaryprospective teachers and their supervisors. The participants, representing different institutions, were all new to the lesson...... study format. Nevertheless, it is demonstrated how their interaction shape the development of discourse about mathematical learning. The anthropological theory of the didactic is employed as the theoretical approach to analyse the mathematical and primarily didactical praxeologies developed...

Effect of Angle of Attack on Slope Climbing Performance

Science.gov (United States)

Creager, Colin M.; Jones, Lucas; Smith, Lauren M.

2017-01-01

Ascending steep slopes is often a very difficult challenge for off-road vehicles, whether on Earth or on extraterrestrial bodies. This challenge is even greater if the surface consists of loose granular soil that does not provide much shear strength. This study investigated how the path at which a vehicle traverses a slope, specifically the angle that it is commanded to drive relative to the base of the hill (the angle of attack), can affect its performance. A vehicle was driven in loose sand at slope angles up to 15 degrees and angles of attack ranging from 10 to 90 degrees. A novel photogrammetry technique was implemented to both track vehicle motion and create a three-dimensional profile of the terrain. This allowed for true wheel sinkage measurements. The study showed that though low angles of attack result in lower wheel slip and sinkage, the efficiency of the vehicles uphill motion increased at higher angles of attack. For slopes up to 15 degrees, a 90 degree angle of attack provided the greatest likelihood of successful ascent.

Practical Attacks on AES-like Cryptographic Hash Functions

DEFF Research Database (Denmark)

Kölbl, Stefan; Rechberger, Christian

2015-01-01

to drastically reduce the complexity of attacks to very practical values for reduced-round versions. Furthermore, we describe new and practical attacks on Whirlpool and the recently proposed GOST R hash function with one or more of the following properties: more rounds, less time/memory complexity, and more...

Internet Attack Traceback: Cross-Validation and Pebble-Trace

Science.gov (United States)

2013-02-28

stolen-cyber-attack. [3] Hacked: Data breach costly for Ohio State, victims of compromised info http://www.thelantern.com/campus/hacked- data ... breach -costly-for-ohio-state-victims-of-compromised-info-1.1831311. [4] S. C. Lee and C. Shields, “Tracing the Source of Network Attack: A Technical

A Survey of Man in the Middle Attacks

DEFF Research Database (Denmark)

Conti, Mauro; Dragoni, Nicola; Lesyk, Viktor

2016-01-01

extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. In particular, we classify MITM attacks based...

Automated Reasoning Across Tactical Stories to Derive Lessons Learned

Directory of Open Access Journals (Sweden)

J. Wesley Regian

2008-06-01

Full Text Available The Military Analogical Reasoning System (MARS is a performance support system and decision aid for commanders in Tactical Operations Centers. MARS enhances and supports the innate human ability for using stories to reason about tactical goals, plans, situations, and outcomes. The system operates by comparing many instances of stored tactical stories, determining which have analogous situations and lessons learned, and then returning a description of the lessons learned. The description of the lessons learned is at a level of abstraction that can be generalized to an appropriate range of tactical situations. The machine-understandable story representation is based on a military operations data model and associated tactical situation ontology. Thus each story can be thought of, and reasoned about, as an instance of an unfolding tactical situation. The analogical reasoning algorithm is based on Gentner's Structure Mapping Theory. Consider the following two stories. In the first, a U.S. platoon in Viet Nam diverts around a minefield and subsequently comes under ambush from a large hill overlooking their new position. In the second, a U.S. task force in Iraq diverts around a biochemical hazard and subsequently comes under ambush from the roof of an abandoned building. MARS recognizes these stories as analogical, and derives the following abstraction: When enemy-placed obstacles force us into an unplanned route, beware of ambush from elevation or concealment. In this paper we describe the MARS interface, military operations data model, tactical situation ontology, and analogical reasoning algorithm.

Rotational Rebound Attacks on Reduced Skein

DEFF Research Database (Denmark)

Khovratovich, Dmitry; Nikolić, Ivica; Rechberger, Christian

2014-01-01

ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash...... number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property...

A Distinguish Attack on COSvd Cipher

OpenAIRE

Mohammad Ali Orumiehchi ha; R. Mirghadri

2007-01-01

The COSvd Ciphers has been proposed by Filiol and others (2004). It is a strengthened version of COS stream cipher family denoted COSvd that has been adopted for at least one commercial standard. We propose a distinguish attack on this version, and prove that, it is distinguishable from a random stream. In the COSvd Cipher used one S-Box (10×8) on the final part of cipher. We focus on S-Box and use weakness this S-Box for distinguish attack. In addition, found a leak on HNLL that the sub s-bo...

Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

International Nuclear Information System (INIS)

Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

2017-01-01

This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarm rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.

DETECTION AND LOCALIZATION OF MULTIPLE SPOOFING ATTACKERS FOR MOBILE WIRELESS NETWORKS

Directory of Open Access Journals (Sweden)

R. Maivizhi

2015-06-01

Full Text Available The openness nature of wireless networks allows adversaries to easily launch variety of spoofing attacks and causes havoc in network performance. Recent approaches used Received Signal Strength (RSS traces, which only detect spoofing attacks in mobile wireless networks. However, it is not always desirable to use these methods as RSS values fluctuate significantly over time due to distance, noise and interference. In this paper, we discusses a novel approach, Mobile spOofing attack DEtection and Localization in WIireless Networks (MODELWIN system, which exploits location information about nodes to detect identity-based spoofing attacks in mobile wireless networks. Also, this approach determines the number of attackers who used the same node identity to masquerade as legitimate device. Moreover, multiple adversaries can be localized accurately. By eliminating attackers the proposed system enhances network performance. We have evaluated our technique through simulation using an 802.11 (WiFi network and an 802.15.4 (Zigbee networks. The results prove that MODELWIN can detect spoofing attacks with a very high detection rate and localize adversaries accurately.

Depletion-of-Battery Attack: Specificity, Modelling and Analysis

Directory of Open Access Journals (Sweden)

Vladimir Shakhov

2018-06-01

Full Text Available The emerging Internet of Things (IoT has great potential; however, the societal costs of the IoT can outweigh its benefits. To unlock IoT potential, there needs to be improvement in the security of IoT applications. There are several standardization initiatives for sensor networks, which eventually converge with the Internet of Things. As sensor-based applications are deployed, security emerges as an essential requirement. One of the critical issues of wireless sensor technology is limited sensor resources, including sensor batteries. This creates a vulnerability to battery-exhausting attacks. Rapid exhaustion of sensor battery power is not only explained by intrusions, but can also be due to random failure of embedded sensor protocols. Thus, most wireless sensor applications, without tools to defend against rash battery exhausting, would be unable to function during prescribed times. In this paper, we consider a special type of threat, in which the harm is malicious depletion of sensor battery power. In contrast to the traditional denial-of-service attack, quality of service under the considered attack is not necessarily degraded. Moreover, the quality of service can increase up to the moment of the sensor set crashes. We argue that this is a distinguishing type of attack. Hence, the application of a traditional defense mechanism against this threat is not always possible. Therefore, effective methods should be developed to counter the threat. We first discuss the feasibility of rash depletion of battery power. Next, we propose a model for evaluation of energy consumption when under attack. Finally, a technique to counter the attack is discussed.

Attack Pattern Analysis Framework for a Multiagent Intrusion Detection System

Directory of Open Access Journals (Sweden)

Krzysztof Juszczyszyn

2008-08-01

Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.

Modeling cascading failures in interdependent infrastructures under terrorist attacks

International Nuclear Information System (INIS)

Wu, Baichao; Tang, Aiping; Wu, Jie

2016-01-01

An attack strength degradation model has been introduced to further capture the interdependencies among infrastructures and model cascading failures across infrastructures when terrorist attacks occur. A medium-sized energy system including oil network and power network is selected for exploring the vulnerabilities from independent networks to interdependent networks, considering the structural vulnerability and the functional vulnerability. Two types of interdependencies among critical infrastructures are involved in this paper: physical interdependencies and geographical interdependencies, shown by tunable parameters based on the probabilities of failures of nodes in the networks. In this paper, a tolerance parameter α is used to evaluation of the overloads of the substations based on power flow redistribution in power transmission systems under the attack. The results of simulation show that the independent networks or interdependent networks will be collapsed when only a small fraction of nodes are attacked under the attack strength degradation model, especially for the interdependent networks. The methodology introduced in this paper with physical interdependencies and geographical interdependencies involved in can be applied to analyze the vulnerability of the interdependent infrastructures further, and provides the insights of vulnerability of interdependent infrastructures to mitigation actions for critical infrastructure protections. - Highlights: • An attack strength degradation model based on the specified locations has been introduced. • Interdependencies considering both physical and geographical have been analyzed. • The structural vulnerability and the functional vulnerability have been considered.

Impact modeling and prediction of attacks on cyber targets

Science.gov (United States)

Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

2010-04-01

In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

Lessons Learned from an LGBTQ Senior Center: A Bronx Tale.

Science.gov (United States)

McGovern, Justine; Brown, Dwayne; Gasparro, Vita

This article describes an interdisciplinary pilot study exploring the impact of LGBTQ senior centers on the lives of center members. Many LGBTQ adults face the future having experienced stigma and bias, restricted rights, and rejection from family of origin, and are now growing older without the support of a partner and adult children. As a result, older LGBTQ adults experience higher rates of depression, loneliness and isolation, and shortened life expectancy as compared to non-LGBTQ peers. Findings from focus group and key informant interviews highlight features of LGBTQ senior center experiences that can significantly improve members' quality of life. These include providing family, acceptance and a home, which can have an impact on outlook and outcomes. Moreover, findings suggest the need for re-thinking hetero-normative definitions of "community" in the context of LGBTQ aging. Beyond sharing findings from the study, suggesting a conceptual framework for deepening understanding about LGBTQ aging, and identifying lines of future inquiry, the article articulates implications for social work research, practice and education. Ultimately, the article argues that social work is well positioned to improve quality of life for this under-served population when it adopts a cultural humility stance in research, practice and education.

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

KAUST Repository

Bouyeddou, Benamar; Harrou, Fouzi; Sun, Ying; Kadri, Benamar

2017-01-01

Accurate detection of cyber-attacks plays a central role in safeguarding computer networks and information systems. This paper addresses the problem of detecting SYN flood attacks, which are the most popular Denial of Service (DoS) attacks. Here, we

Vulnerability of complex networks under intentional attack with incomplete information

International Nuclear Information System (INIS)

Wu, J; Deng, H Z; Tan, Y J; Zhu, D Z

2007-01-01

We study the vulnerability of complex networks under intentional attack with incomplete information, which means that one can only preferentially attack the most important nodes among a local region of a network. The known random failure and the intentional attack are two extreme cases of our study. Using the generating function method, we derive the exact value of the critical removal fraction f c of nodes for the disintegration of networks and the size of the giant component. To validate our model and method, we perform simulations of intentional attack with incomplete information in scale-free networks. We show that the attack information has an important effect on the vulnerability of scale-free networks. We also demonstrate that hiding a fraction of the nodes information is a cost-efficient strategy for enhancing the robustness of complex networks

A Reasoning Method of Cyber-Attack Attribution Based on Threat Intelligence

OpenAIRE

Li Qiang; Yang Ze-Ming; Liu Bao-Xu; Jiang Zheng-Wei

2016-01-01

With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain a...

On the potential of IPv6 open resolvers for DDoS attacks

NARCIS (Netherlands)

Hendriks, Luuk; de Oliveira Schmidt, Ricardo; van Rijswijk-Deij, Roland; Pras, Aiko; Kaafar, Mohamed Ali; Uhlig, Steve; Amann, Johanna

2017-01-01

Distributed Denial of Service (DDoS) attacks have become a daily problem in today’s Internet. These attacks aim at overwhelm- ing online services or network infrastrucure. Some DDoS attacks explore open services to perform reflected and amplified attacks; and the DNS is one of the most (mis)used

Cyber Security Audit and Attack Detection Toolkit

Energy Technology Data Exchange (ETDEWEB)

Peterson, Dale

2012-05-31

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

Establishing an Effective Combat Strategy for Prevalent Cyber- Attacks

OpenAIRE

Vivian Ogochukwu Nwaocha; Inyiama H.C.

2011-01-01

As organisations continue to incorporate the Internet as a key component of their operations, the global cyber-threat level is increasing. One of the most common types of cyber-threats is known as the Distributed Denial of Service (DDoS) attack – an attack preventing users from accessing a system for a period of time. Recent DDoS attacks have left large corporate and government networks inaccessible to customers, partners and users for hours or days, resulting in significant financial, reputa...

Cascading Denial of Service Attacks on Wi-Fi Networks

OpenAIRE

Xin, Liangxiao; Starobinski, David; Noubir, Guevara

2016-01-01

We unveil the existence of a vulnerability in Wi-Fi, which allows an adversary to remotely launch a Denial-of-Service (DoS) attack that propagates both in time and space. This vulnerability stems from a coupling effect induced by hidden nodes. Cascading DoS attacks can congest an entire network and do not require the adversary to violate any protocol. We demonstrate the feasibility of such attacks through experiments with real Wi-Fi cards, extensive ns-3 simulations, and theoretical analysis....

Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

NARCIS (Netherlands)

van Wieren, Maarten; Doerr, Christian; Jacobs, Vivian; Pieters, Wolter; Livraga, Giovanni; Torra, Vicenç; Aldini, Alessandro; Martinelli, Fabio; Suri, Neeraj

2016-01-01

Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the

Spiraling through the Glass Ceiling: Seven Critical Lessons for Negotiating a Leadership Position in Higher Education

Science.gov (United States)

Crutcher, Ronald A.

2006-01-01

In this article, the author discusses seven critical lessons for navigating a leadership position in higher education. The author focuses on developing a personal means of remaining centered regardless of circumstances or situations as well as building an ethical foundation for one's work. He uses spiraling as a metaphor to describe his own…

Lessons Learned on Communication and Engagement for Educator Evaluation: Colorado Case Study. Policy-to-Practice Brief

Science.gov (United States)

Behrstock-Sherratt, Ellen; Biggers, Kietha; Fetters, Jenni

2012-01-01

With many efforts underway across the United States, state education agency (SEA) leaders have the opportunity to utilize the expertise of their contacts in other SEAs and regional comprehensive centers (RCCs) in their region and throughout the country to exchange ideas and share the lessons they have learned about involving stakeholders in…

Incidence and impact of dog attacks on guide dogs in the UK.

Science.gov (United States)

Brooks, A; Moxon, R; England, G C W

2010-06-19

In a retrospective survey, researchers identified 100 incidents of attacks on guide dogs by other dogs. These were reviewed in order to determine the number, severity and impact on the handler and dog, and the characteristics of the aggressors and victims. During the study period there were more than three attacks reported each month, with 61 per cent of the attacks being upon dogs that were in harness and working with an owner or trainer. The majority of the dogs that were attacked were male (62 per cent), and the breeds that were over-represented (relative to their prevalence in the general guide dog population) were the labrador and the golden retriever x flat-coated retriever crossbreed. Most of the attacks occurred in public places between 09.00 and 15.00 and the majority (61 per cent) of the attacking dogs were off the lead at the time of the attack. Thirty-eight per cent of the attacking dogs were of bull breeds, which were over-represented among attackers compared with the proportion of this breed type in the general dog population. Veterinary attention was sought after 41 per cent of the attacks, and in 19 per cent of instances there was injury to the handler or to a member of the public. The attacks were reported to have affected the working performance and behaviour of the victim dog in 45 per cent of the instances, and two dogs had to be subsequently withdrawn from working as guide dogs.

Identifying and tracking attacks on networks: C3I displays and related technologies

Science.gov (United States)

Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

2003-09-01

Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

Novel Psychological Formulation and Treatment of "Tic Attacks" in Tourette Syndrome.