WorldWideScience

Sample records for intrusion detection systems

  1. Interior intrusion detection systems

    Energy Technology Data Exchange (ETDEWEB)

    Rodriguez, J.R.; Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States)); Dry, B. (BE, Inc., Barnwell, SC (United States))

    1991-10-01

    The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.

  2. Interior intrusion detection systems

    International Nuclear Information System (INIS)

    Rodriguez, J.R.; Matter, J.C.; Dry, B.

    1991-10-01

    The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs

  3. Intrusion detection system elements

    International Nuclear Information System (INIS)

    Eaton, M.J.; Mangan, D.L.

    1980-09-01

    This report highlights elements required for an intrusion detection system and discusses problems which can be encountered in attempting to make the elements effective. Topics discussed include: sensors, both for exterior detection and interior detection; alarm assessment systems, with the discussion focused on video assessment; and alarm reporting systems, including alarm communication systems and dislay/console considerations. Guidance on careful planning and design of a new or to-be-improved system is presented

  4. Intrusion detection: systems and models

    Science.gov (United States)

    Sherif, J. S.; Dearmond, T. G.

    2002-01-01

    This paper puts forward a review of state of the art and state of the applicability of intrusion detection systems, and models. The paper also presents a classfication of literature pertaining to intrusion detection.

  5. Passive intrusion detection system

    Science.gov (United States)

    Laue, E. G. (Inventor)

    1980-01-01

    An intrusion detection system is described in which crystal oscillators are used to provide a frequency which varies as a function of fluctuations of a particular environmental property of the atmosphere, e.g., humidity, in the protected volume. The system is based on the discovery that the frequency of an oscillator whose crystal is humidity sensitive, varies at a frequency or rate which is within a known frequency band, due to the entry of an intruder into the protected volume. The variable frequency is converted into a voltage which is then filtered by a filtering arrangement which permits only voltage variations at frequencies within the known frequency band to activate an alarm, while inhibiting the alarm activation when the voltage frequency is below or above the known frequency band.

  6. Intrusion Detection Systems with Live Knowledge System

    Science.gov (United States)

    2016-05-31

    AFRL-AFOSR-JP-TR-2016-0058 Intrusion Detection Systems with Live Knowledge System Byeong Ho Kang UNIVERSITY OF TASMANIA Final Report 05/31/2016...COVERED (From - To) 20 May 2015 to 19 May 2016 4. TITLE AND SUBTITLE Intrusion Detection Systems with Live Knowledge System 5a.  CONTRACT NUMBER 5b...298 10/26/2016https://livelink.ebs.afrl.af.mil/livelink/llisapi.dll Final Report for AOARD Grant FA2386-15-1-4061 “ Intrusion Detection Systems with

  7. NIST Special Publication on Intrusion Detection Systems

    National Research Council Canada - National Science Library

    Bace, Rebecca Gurley

    2001-01-01

    Intrusion detection systems (IDSs) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems...

  8. An automatically tuning intrusion detection system.

    Science.gov (United States)

    Yu, Zhenwei; Tsai, Jeffrey J P; Weigert, Thomas

    2007-04-01

    An intrusion detection system (IDS) is a security layer used to detect ongoing intrusive activities in information systems. Traditionally, intrusion detection relies on extensive knowledge of security experts, in particular, on their familiarity with the computer system to be protected. To reduce this dependence, various data-mining and machine learning techniques have been deployed for intrusion detection. An IDS is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current systems depends on the system operators in working out the tuning solution and in integrating it into the detection model. In this paper, an automatically tuning IDS (ATIDS) is presented. The proposed system will automatically tune the detection model on-the-fly according to the feedback provided by the system operator when false predictions are encountered. The system is evaluated using the KDDCup'99 intrusion detection dataset. Experimental results show that the system achieves up to 35% improvement in terms of misclassification cost when compared with a system lacking the tuning feature. If only 10% false predictions are used to tune the model, the system still achieves about 30% improvement. Moreover, when tuning is not delayed too long, the system can achieve about 20% improvement, with only 1.3% of the false predictions used to tune the model. The results of the experiments show that a practical system can be built based on ATIDS: system operators can focus on verification of predictions with low confidence, as only those predictions determined to be false will be used to tune the detection model.

  9. Network Intrusion Detection System using Apache Storm

    Directory of Open Access Journals (Sweden)

    Muhammad Asif Manzoor

    2017-06-01

    Full Text Available Network security implements various strategies for the identification and prevention of security breaches. Network intrusion detection is a critical component of network management for security, quality of service and other purposes. These systems allow early detection of network intrusion and malicious activities; so that the Network Security infrastructure can react to mitigate these threats. Various systems are proposed to enhance the network security. We are proposing to use anomaly based network intrusion detection system in this work. Anomaly based intrusion detection system can identify the new network threats. We also propose to use Real-time Big Data Stream Processing Framework, Apache Storm, for the implementation of network intrusion detection system. Apache Storm can help to manage the network traffic which is generated at enormous speed and size and the network traffic speed and size is constantly increasing. We have used Support Vector Machine in this work. We use Knowledge Discovery and Data Mining 1999 (KDD’99 dataset to test and evaluate our proposed solution.

  10. Intrusion Detection amp Prevention Systems - Sourcefire Snort

    Directory of Open Access Journals (Sweden)

    Rajesh Vuppala

    2015-08-01

    Full Text Available Information security is a challenging issue for all business organizations today amidst increasing cyber threats. While there are many alternative intrusion detection amp prevention systems available to choose from selecting the best solution to implement to detect amp prevent cyber-attacks is a difficult task. The best solution is of the one that gets the best reviews and suits the organizations needs amp budget. In this review paper we summarize various classes of intrusion detection and prevention systems compare features of alternative solutions and make recommendation for implementation of one as the best solution for business organization in Fiji.

  11. Apriori-based network intrusion detection system

    International Nuclear Information System (INIS)

    Wang Wenjin; Liu Junrong; Liu Baoxu

    2012-01-01

    With the development of network communication technology, more and more social activities run by Internet. In the meantime, the network information security is getting increasingly serious. Intrusion Detection System (IDS) has greatly improved the general security level of whole network. But there are still many problem exists in current IDS, e.g. high leak rate detection/false alarm rates and feature library need frequently upgrade. This paper presents an association-rule based IDS. This system can detect unknown attack by generate rules from training data. Experiment in last chapter proved the system has great accuracy on unknown attack detection. (authors)

  12. Smart sensor systems for outdoor intrusion detection

    International Nuclear Information System (INIS)

    Lynn, J.K.

    1988-01-01

    A major improvement in outdoor perimeter security system probability of detection (PD) and reduction in false alarm rate (FAR) and nuisance alarm rate (NAR) may be obtained by analyzing the indications immediately preceding an event which might be interpreted as an intrusion. Existing systems go into alarm after crossing a threshold. Very slow changes, which accumulate until the threshold is reached, may be assessed falsely as an intrusion. A hierarchial program has begun at Stellar to develop a modular, expandable Smart Sensor system which may be interfaced to most types of sensor and alarm reporting systems. A major upgrade to the SSI Test Site is in progress so that intrusions may be simulated in a controlled and repeatable manner. A test platform is being constructed which will operate in conduction with a mobile instrumentation center with CCTVB, lighting control, weather and data monitoring and remote control of the test platform and intrusion simulators. Additional testing was contracted with an independent test facility to assess the effects of severe winter weather conditions

  13. Perimeter intrusion detection and assessment system

    Energy Technology Data Exchange (ETDEWEB)

    Eaton, M.J.; Jacobs, J.; McGovern, D.E.

    1977-11-01

    To obtain an effective perimeter intrusion detection system requires careful sensor selection, procurement, and installation. The selection process involves a thorough understanding of the unique site features and how these features affect the performance of each type of sensor. It is necessary to develop procurement specifications to establish acceptable sensor performance limits. Careful explanation and inspection of critical installation dimensions is required during on-site construction. The implementation of these activities at a particular site is discussed.

  14. Perimeter intrusion detection and assessment system

    International Nuclear Information System (INIS)

    Eaton, M.J.; Jacobs, J.; McGovern, D.E.

    1977-11-01

    To obtain an effective perimeter intrusion detection system requires careful sensor selection, procurement, and installation. The selection process involves a thorough understanding of the unique site features and how these features affect the performance of each type of sensor. It is necessary to develop procurement specifications to establish acceptable sensor performance limits. Careful explanation and inspection of critical installation dimensions is required during on-site construction. The implementation of these activities at a particular site is discussed

  15. Research on IPv6 intrusion detection system Snort-based

    Science.gov (United States)

    Shen, Zihao; Wang, Hui

    2010-07-01

    This paper introduces the common intrusion detection technologies, discusses the work flow of Snort intrusion detection system, and analyzes IPv6 data packet encapsulation and protocol decoding technology. We propose the expanding Snort architecture to support IPv6 intrusion detection in accordance with CIDF standard combined with protocol analysis technology and pattern matching technology, and present its composition. The research indicates that the expanding Snort system can effectively detect various intrusion attacks; it is high in detection efficiency and detection accuracy and reduces false alarm and omission report, which effectively solves the problem of IPv6 intrusion detection.

  16. Perimeter intrusion detection and assessment system

    Energy Technology Data Exchange (ETDEWEB)

    Eaton, M.J.; Jacobs, J.; McGovern, D.E.

    1977-01-01

    The key elements of the system considered at a materials storage site are intrusion sensors, alarm assessment, and system control and display. Three papers discussing each of these topics are compiled. They are abstracted individually. (JSR)

  17. Introduction To Intrusion Detection System Review

    Directory of Open Access Journals (Sweden)

    Rajni Tewatia

    2015-05-01

    Full Text Available Abstract Security of a network is always an important issue. With the continuously growing network the basic security such as firewall virus scanner is easily deceived by modern attackers who are experts in using software vulnerabilities to achieve their goals. For preventing such attacks we need even smarter security mechanism which act proactively and intelligently. Intrusion Detection System is the solution of such requirement. Many techniques have been used to implement IDS. These technique basically used in the detector part of IDS such as Neural Network Clustering Pattern Matching Rule Based Fuzzy Logic Genetic Algorithms and many more. To improve the performance of an IDS these approaches may be used in combination to build a hybrid IDS so that benefits of two o more approaches may be combined.

  18. Efficient Mining and Detection of Sequential Intrusion Patterns for Network Intrusion Detection Systems

    Science.gov (United States)

    Shyu, Mei-Ling; Huang, Zifang; Luo, Hongli

    In recent years, pervasive computing infrastructures have greatly improved the interaction between human and system. As we put more reliance on these computing infrastructures, we also face threats of network intrusion and/or any new forms of undesirable IT-based activities. Hence, network security has become an extremely important issue, which is closely connected with homeland security, business transactions, and people's daily life. Accurate and efficient intrusion detection technologies are required to safeguard the network systems and the critical information transmitted in the network systems. In this chapter, a novel network intrusion detection framework for mining and detecting sequential intrusion patterns is proposed. The proposed framework consists of a Collateral Representative Subspace Projection Modeling (C-RSPM) component for supervised classification, and an inter-transactional association rule mining method based on Layer Divided Modeling (LDM) for temporal pattern analysis. Experiments on the KDD99 data set and the traffic data set generated by a private LAN testbed show promising results with high detection rates, low processing time, and low false alarm rates in mining and detecting sequential intrusion detections.

  19. An Adaptive Database Intrusion Detection System

    Science.gov (United States)

    Barrios, Rita M.

    2011-01-01

    Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent…

  20. Specification Mining for Intrusion Detection in Networked Control Systems

    NARCIS (Netherlands)

    Caselli, M.; Zambon, Emmanuele; Amann, Johanna; Sommer, Robin; Kargl, Frank

    2016-01-01

    This paper discusses a novel approach to specification-based intrusion detection in the field of networked control systems. Our approach reduces the substantial human effort required to deploy a specification-based intrusion detection system by automating the development of its specification rules.

  1. An intrusion detection system based on fiber hydrophone

    Science.gov (United States)

    Liu, Junrong; Qiu, Xiufen; Shen, Heping

    2017-10-01

    This paper provides a new intrusion detection system based on fiber hydrophone, focusing beam forming figure positioning according to the near field and high precision sound source location algorithm which can accurately position the intrusion; obtaining its behavior path , obtaining the intrusion events related information such as speed form tracking intrusion trace; And analyze identification the detected intrusion behavior. If the monitor area is larger, the algorithm will take too much time once, and influence the system response time, for reduce the calculating time. This paper provides way that coarse location first, and then scanned for accuracy, so as to realize the intrusion events (such as car, etc.) the remote monitoring of positioning. The system makes up the blank in process capture of the fiber optic intrusion detection technology, and improves the understanding of the invasion. Through the capture of the process of intrusion behavior, and the fusion detection of intrusion behavior itself, thus analysis, judgment, identification of the intrusion information can greatly reduce the rate of false positives, greatly improved the reliability and practicability of the perimeter security system.

  2. In-situ trainable intrusion detection system

    Energy Technology Data Exchange (ETDEWEB)

    Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; Potok, Thomas E.

    2016-11-15

    A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.

  3. Security Enrichment in Intrusion Detection System Using Classifier Ensemble

    Directory of Open Access Journals (Sweden)

    Uma R. Salunkhe

    2017-01-01

    Full Text Available In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

  4. Intrusion Detection in Control Systems using Sequence Characteristics

    Science.gov (United States)

    Kiuchi, Mai; Onoda, Takashi

    Intrusion detection is considered effective in control systems. Sequences of the control application behavior observed in the communication, such as the order of the control device to be controlled, are important in control systems. However, most intrusion detection systems do not effectively reflect sequences in the application layer into the detection rules. In our previous work, we considered utilizing sequences for intrusion detection in control systems, and demonstrated the usefulness of sequences for intrusion detection. However, manually writing the detection rules for a large system can be difficult, so using machine learning methods becomes feasible. Also, in the case of control systems, there have been very few observed cyber attacks, so we have very little knowledge of the attack data that should be used to train the intrusion detection system. In this paper, we use an approach that combines CRF (Conditional Random Field) considering the sequence of the system, thus able to reflect the characteristics of control system sequences into the intrusion detection system, and also does not need the knowledge of attack data to construct the detection rules.

  5. Intrusion detection systems: complement to firewall security system ...

    African Journals Online (AJOL)

    Intrusion detection systems: complement to firewall security system. ... Information Impact: Journal of Information and Knowledge Management. Journal Home ... If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs.

  6. Ensemble of classifiers based network intrusion detection system performance bound

    CSIR Research Space (South Africa)

    Mkuzangwe, Nenekazi NP

    2017-11-01

    Full Text Available This paper provides a performance bound of a network intrusion detection system (NIDS) that uses an ensemble of classifiers. Currently researchers rely on implementing the ensemble of classifiers based NIDS before they can determine the performance...

  7. Implementing an Intrusion Detection System in the Mysea Architecture

    National Research Council Canada - National Science Library

    Tenhunen, Thomas

    2008-01-01

    .... The objective of this thesis is to design an intrusion detection system (IDS) architecture that permits administrators operating on MYSEA client machines to conveniently view and analyze IDS alerts from the single level networks...

  8. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

    Directory of Open Access Journals (Sweden)

    Jayakumar Kaliappan

    2015-01-01

    Full Text Available An intrusion detection system (IDS helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU, there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

  9. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection.

    Science.gov (United States)

    Kaliappan, Jayakumar; Thiagarajan, Revathi; Sundararajan, Karpagam

    2015-01-01

    An intrusion detection system (IDS) helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU), there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

  10. Revisiting Anomaly-based Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.

    2009-01-01

    Intrusion detection systems (IDSs) are well-known and widely-deployed security tools to detect cyber-attacks and malicious activities in computer systems and networks. A signature-based IDS works similar to anti-virus software. It employs a signature database of known attacks, and a successful match

  11. Poseidon: A 2-tier Anomaly-based Intrusion Detection System

    NARCIS (Netherlands)

    Bolzoni, D.; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter H.

    2005-01-01

    We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection

  12. A subtractive approach to interior intrusion detection system design

    International Nuclear Information System (INIS)

    Sons, R.J.; Graham, R.H. Jr.

    1986-01-01

    This paper discusses the subtractive approach to interior intrusion detection system design which assumes that all sensors are viable candidates until they are subjected to the constraints imposed by a particular facility. The constraints are determined by a sequence of questions concerning parameters such as threat definition, facility description and operation, environment, assets to be protected, security system capabilities, and cost. As a result of the questioning, some sensors will be eliminated from the candidate list, and the ''best'' set of sensors for the facility will remain. This form of questioning could be incorporated into an expert system aiding future intrusion detection system designs

  13. Intrusion detection sensors

    International Nuclear Information System (INIS)

    Williams, J.D.

    1978-07-01

    Intrusion detection sensors are an integral part of most physical security systems. Under the sponsorship of the U.S. Department of Energy, Office of Safeguards and Security, Sandia Laboratories has conducted a survey of available intrusion detection sensors and has tested a number of different sensors. An overview of these sensors is provided. This overview includes (1) the operating principles of each type of sensor, (2) unique sensor characteristics, (3) desired sensor improvements which must be considered in planning an intrusion detection system, and (4) the site characteristics which affect the performance of both exterior and interior sensors. Techniques which have been developed to evaluate various intrusion detection sensors are also discussed

  14. SSHCure: A Flow-Based SSH Intrusion Detection System

    NARCIS (Netherlands)

    Hellemons, Laurens; Hendriks, Luuk; Hendriks, Luuk; Hofstede, R.J.; Sperotto, Anna; Sadre, R.; Pras, Aiko

    SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the

  15. A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

    OpenAIRE

    Krishnan Sadhasivan, Dhanalakshmi; Balasubramanian, Kannapiran

    2017-01-01

    Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to...

  16. Intrusion Detection System for Applications using Linux Containers

    OpenAIRE

    Abed, Amr S.; Clancy, Charles; Levy, David S.

    2016-01-01

    Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated ...

  17. FuGeIDS: Fuzzy Genetic paradigms in Intrusion Detection Systems

    OpenAIRE

    Borgohain, Rajdeep

    2012-01-01

    With the increase in the number of security threats, Intrusion Detection Systems have evolved as a significant countermeasure against these threats. And as such, the topic of Intrusion Detection Systems has become one of the most prominent research topics in recent years. This paper gives an overview of the Intrusion Detection System and looks at two major machine learning paradigms used in Intrusion Detection System, Genetic Algorithms and Fuzzy Logic and how to apply them for intrusion dete...

  18. Anomaly-based intrusion detection for SCADA systems

    International Nuclear Information System (INIS)

    Yang, D.; Usynin, A.; Hines, J. W.

    2006-01-01

    Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA. These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number of internet related computer attacks, there is evidence that our critical infrastructure may also be vulnerable. Researchers estimate that malicious online actions may cause $75 billion at 2007. One of the interesting countermeasures for enhancing information system security is called intrusion detection. This paper will briefly discuss the history of research in intrusion detection techniques and introduce the two basic detection approaches: signature detection and anomaly detection. Finally, it presents the application of techniques developed for monitoring critical process systems, such as nuclear power plants, to anomaly intrusion detection. The method uses an auto-associative kernel regression (AAKR) model coupled with the statistical probability ratio test (SPRT) and applied to a simulated SCADA system. The results show that these methods can be generally used to detect a variety of common attacks. (authors)

  19. A Partially Distributed Intrusion Detection System for Wireless Sensor Networks

    Science.gov (United States)

    Cho, Eung Jun; Hong, Choong Seon; Lee, Sungwon; Jeon, Seokhee

    2013-01-01

    The increasing use of wireless sensor networks, which normally comprise several very small sensor nodes, makes their security an increasingly important issue. They can be practically and efficiently secured using intrusion detection systems. Conventional security mechanisms are not usually applicable due to the sensor nodes having limitations of computational power, memory capacity, and battery power. Therefore, specific security systems should be designed to function under constraints of energy or memory. A partially distributed intrusion detection system with low memory and power demands is proposed here. It employs a Bloom filter, which allows reduced signature code size. Multiple Bloom filters can be combined to reduce the signature code for each Bloom filter array. The mechanism could then cope with potential denial of service attacks, unlike many previous detection systems with Bloom filters. The mechanism was evaluated and validated through analysis and simulation.

  20. A Partially Distributed Intrusion Detection System for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Eung Jun Cho

    2013-11-01

    Full Text Available The increasing use of wireless sensor networks, which normally comprise several very small sensor nodes, makes their security an increasingly important issue. They can be practically and efficiently secured using intrusion detection systems. Conventional security mechanisms are not usually applicable due to the sensor nodes having limitations of computational power, memory capacity, and battery power. Therefore, specific security systems should be designed to function under constraints of energy or memory. A partially distributed intrusion detection system with low memory and power demands is proposed here. It employs a Bloom filter, which allows reduced signature code size. Multiple Bloom filters can be combined to reduce the signature code for each Bloom filter array. The mechanism could then cope with potential denial of service attacks, unlike many previous detection systems with Bloom filters. The mechanism was evaluated and validated through analysis and simulation.

  1. An artificial bioindicator system for network intrusion detection.

    Science.gov (United States)

    Blum, Christian; Lozano, José A; Davidson, Pedro Pinacho

    2015-01-01

    An artificial bioindicator system is developed in order to solve a network intrusion detection problem. The system, inspired by an ecological approach to biological immune systems, evolves a population of agents that learn to survive in their environment. An adaptation process allows the transformation of the agent population into a bioindicator that is capable of reacting to system anomalies. Two characteristics stand out in our proposal. On the one hand, it is able to discover new, previously unseen attacks, and on the other hand, contrary to most of the existing systems for network intrusion detection, it does not need any previous training. We experimentally compare our proposal with three state-of-the-art algorithms and show that it outperforms the competing approaches on widely used benchmark data.

  2. Hybrid Intrusion Detection System for DDoS Attacks

    Directory of Open Access Journals (Sweden)

    Özge Cepheli

    2016-01-01

    Full Text Available Distributed denial-of-service (DDoS attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS, for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

  3. Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Omar Achbarou

    2017-03-01

    Full Text Available Cloud computing is a new way of integrating a set of old technologies to implement a new paradigm that creates an avenue for users to have access to shared and configurable resources through internet on-demand. This system has many common characteristics with distributed systems, hence, the cloud computing also uses the features of networking. Thus the security is the biggest issue of this system, because the services of cloud computing is based on the sharing. Thus, a cloud computing environment requires some intrusion detection systems (IDSs for protecting each machine against attacks. The aim of this work is to present a classification of attacks threatening the availability, confidentiality and integrity of cloud resources and services. Furthermore, we provide literature review of attacks related to the identified categories. Additionally, this paper also introduces related intrusion detection models to identify and prevent these types of attacks.

  4. Attack Pattern Analysis Framework for a Multiagent Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Krzysztof Juszczyszyn

    2008-08-01

    Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.

  5. A model for anomaly classification in intrusion detection systems

    Science.gov (United States)

    Ferreira, V. O.; Galhardi, V. V.; Gonçalves, L. B. L.; Silva, R. C.; Cansian, A. M.

    2015-09-01

    Intrusion Detection Systems (IDS) are traditionally divided into two types according to the detection methods they employ, namely (i) misuse detection and (ii) anomaly detection. Anomaly detection has been widely used and its main advantage is the ability to detect new attacks. However, the analysis of anomalies generated can become expensive, since they often have no clear information about the malicious events they represent. In this context, this paper presents a model for automated classification of alerts generated by an anomaly based IDS. The main goal is either the classification of the detected anomalies in well-defined taxonomies of attacks or to identify whether it is a false positive misclassified by the IDS. Some common attacks to computer networks were considered and we achieved important results that can equip security analysts with best resources for their analyses.

  6. Hybrid feature selection for supporting lightweight intrusion detection systems

    Science.gov (United States)

    Song, Jianglong; Zhao, Wentao; Liu, Qiang; Wang, Xin

    2017-08-01

    Redundant and irrelevant features not only cause high resource consumption but also degrade the performance of Intrusion Detection Systems (IDS), especially when coping with big data. These features slow down the process of training and testing in network traffic classification. Therefore, a hybrid feature selection approach in combination with wrapper and filter selection is designed in this paper to build a lightweight intrusion detection system. Two main phases are involved in this method. The first phase conducts a preliminary search for an optimal subset of features, in which the chi-square feature selection is utilized. The selected set of features from the previous phase is further refined in the second phase in a wrapper manner, in which the Random Forest(RF) is used to guide the selection process and retain an optimized set of features. After that, we build an RF-based detection model and make a fair comparison with other approaches. The experimental results on NSL-KDD datasets show that our approach results are in higher detection accuracy as well as faster training and testing processes.

  7. Network Intrusion Detection System – A Novel Approach

    Directory of Open Access Journals (Sweden)

    Krish Pillai

    2013-08-01

    Full Text Available Network intrusion starts off with a series of unsuccessful breakin attempts and results eventually with the permanent or transient failure of an authentication or authorization system. Due to the current complexity of authentication systems, clandestine attempts at intrusion generally take considerable time before the system gets compromised or damaging change is affected to the system giving administrators a window of opportunity to proactively detect and prevent intrusion. Therefore maintaining a high level of sensitivity to abnormal access patterns is a very effective way of preventing possible break-ins. Under normal circumstances, gross errors on the part of the user can cause authentication and authorization failures on all systems. A normal distribution of failed attempts should be tolerated while abnormal attempts should be recognized as such and flagged. But one cannot manage what one cannot measure. This paper proposes a method that can efficiently quantify the behaviour of users on a network so that transient changes in usage can be detected, categorized based on severity, and closely investigated for possible intrusion. The author proposes the identification of patterns in protocol usage within a network to categorize it for surveillance. Statistical anomaly detection, under which category this approach falls, generally uses simple statistical tests such as mean and standard deviation to detect behavioural changes. The author proposes a novel approach using spectral density as opposed to using time domain data, allowing a clear separation or access patterns based on periodicity. Once a spectral profile has been identified for network, deviations from this profile can be used as an indication of a destabilized or compromised network. Spectral analysis of access patterns is done using the Fast Fourier Transform (FFT, which can be computed in Θ(N log N operations. The paper justifies the use of this approach and presents preliminary

  8. Effective approach toward Intrusion Detection System using data mining techniques

    Directory of Open Access Journals (Sweden)

    G.V. Nadiammai

    2014-03-01

    Full Text Available With the tremendous growth of the usage of computers over network and development in application running on various platform captures the attention toward network security. This paradigm exploits security vulnerabilities on all computer systems that are technically difficult and expensive to solve. Hence intrusion is used as a key to compromise the integrity, availability and confidentiality of a computer resource. The Intrusion Detection System (IDS plays a vital role in detecting anomalies and attacks in the network. In this work, data mining concept is integrated with an IDS to identify the relevant, hidden data of interest for the user effectively and with less execution time. Four issues such as Classification of Data, High Level of Human Interaction, Lack of Labeled Data, and Effectiveness of Distributed Denial of Service Attack are being solved using the proposed algorithms like EDADT algorithm, Hybrid IDS model, Semi-Supervised Approach and Varying HOPERAA Algorithm respectively. Our proposed algorithm has been tested using KDD Cup dataset. All the proposed algorithm shows better accuracy and reduced false alarm rate when compared with existing algorithms.

  9. A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Dhanalakshmi Krishnan Sadhasivan

    2017-01-01

    Full Text Available Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.

  10. A Survey of Artificial Immune System Based Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Hua Yang

    2014-01-01

    Full Text Available In the area of computer security, Intrusion Detection (ID is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS. The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs. This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

  11. A survey of artificial immune system based intrusion detection.

    Science.gov (United States)

    Yang, Hua; Li, Tao; Hu, Xinlei; Wang, Feng; Zou, Yang

    2014-01-01

    In the area of computer security, Intrusion Detection (ID) is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS). The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs). This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

  12. Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, Sandro

    2008-01-01

    We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the

  13. INTRUSION DETECTION PREVENTION SYSTEM (IDPS PADA LOCAL AREA NETWORK (LAN

    Directory of Open Access Journals (Sweden)

    Didit Suhartono

    2015-02-01

    Full Text Available Penelitian ini berjudul “Intrusion Detection Prevention System Local Area Network (LAN” yang bertujuan untuk memproteksi jaringan dari usaha- usaha penyusupan yang dilakukan oleh seorang intruder. Metode yang digunakan pada penelitian ini adalah menggunakan metode kerangka pikir sebagai acuan dari tahap- tahap penelitian yang penulis lakukan. IDS difungsikan sebagai pendeteksi adanya serangan sesuai rule yang ada kemudian pesan peringatan disimpan dalam database dan dikirim via sms kepada seorang network administrator, sedangkan Firewall digunakan sebagai packet filtering dengan cara menentukan security policy yang dinilai penting. Hasilnya adalah ketika IDS memberikanpesan peringatan ketika ada serangan, seorang network administrator dapat memblok adanya serangan tersebut dengan cara manual dengan firewall, ataupun firewall akan memblok sendiri serangan tersebut sesuai dengan security policy yang diterapkan oleh network adminisrator sebelumnya

  14. A Metrics-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems

    National Research Council Canada - National Science Library

    Fink, G

    2002-01-01

    ...) computer facilities to select the best intrusion detection system for their facilities. The metrics herein are the subset of our general metric set that particularly impact real-time and distributed processing issues...

  15. RePIDS: a multi tier real-time payload-based intrusion detection system

    NARCIS (Netherlands)

    Jamdagni, Aruna; Tan, Zhiyuan; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping

    2013-01-01

    Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative

  16. An immunological approach to intrusion detection

    OpenAIRE

    Watkins, A.

    2000-01-01

    This paper presents an examination of intrusion detection schemes. It discusses\\ud traditional views of intrusion detection, and examines the more novel, but perhaps more\\ud effective, approach to intrusion detection as modeled on the human immune system. The\\ud discussion looks at some of the implications raised by intrusion detection research for\\ud information security in general.

  17. A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network

    Directory of Open Access Journals (Sweden)

    Wenchao Li

    2014-01-01

    abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV. Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.

  18. Nuisance alarm suppression techniques for fibre-optic intrusion detection systems

    Science.gov (United States)

    Mahmoud, Seedahmed S.; Visagathilagar, Yuvaraja; Katsifolis, Jim

    2012-02-01

    The suppression of nuisance alarms without degrading sensitivity in fibre-optic intrusion detection systems is important for maintaining acceptable performance. Signal processing algorithms that maintain the POD and minimize nuisance alarms are crucial for achieving this. A level crossings algorithm is presented for suppressing torrential rain-induced nuisance alarms in a fibre-optic fence-based perimeter intrusion detection system. Results show that rain-induced nuisance alarms can be suppressed for rainfall rates in excess of 100 mm/hr, and intrusion events can be detected simultaneously during rain periods. The use of a level crossing based detection and novel classification algorithm is also presented demonstrating the suppression of nuisance events and discrimination of nuisance and intrusion events in a buried pipeline fibre-optic intrusion detection system. The sensor employed for both types of systems is a distributed bidirectional fibre-optic Mach Zehnder interferometer.

  19. Intrusion detection systems: complement to firewall security system ...

    African Journals Online (AJOL)

    The main purpose with firewall is to protect against unauthorized external attacks but it will normally leave the network unprotected from internal attacks or intrusions. Fire walls and access control have been the most important components used in order to secure network and its resources. They work to prevent attacks from ...

  20. An Intrusion Detection System Based on Multi-Level Clustering for Hierarchical Wireless Sensor Networks.

    Science.gov (United States)

    Butun, Ismail; Ra, In-Ho; Sankar, Ravi

    2015-11-17

    In this work, an intrusion detection system (IDS) framework based on multi-level clustering for hierarchical wireless sensor networks is proposed. The framework employs two types of intrusion detection approaches: (1) "downward-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes; and (2) "upward-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented.

  1. An Intrusion Detection System Based on Multi-Level Clustering for Hierarchical Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Ismail Butun

    2015-11-01

    Full Text Available In this work, an intrusion detection system (IDS framework based on multi-level clustering for hierarchical wireless sensor networks is proposed. The framework employs two types of intrusion detection approaches: (1 “downward-IDS (D-IDS” to detect the abnormal behavior (intrusion of the subordinate (member nodes; and (2 “upward-IDS (U-IDS” to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops and U-IDS (monitoring group size of the framework are evaluated and presented.

  2. Computer Network Equipment for Intrusion Detection Research

    National Research Council Canada - National Science Library

    Ye, Nong

    2000-01-01

    .... To test the process model, the system-level intrusion detection techniques and the working prototype of the intrusion detection system, a set of computer and network equipment has been purchased...

  3. Network intrusion detection by the coevolutionary immune algorithm of artificial immune systems with clonal selection

    Science.gov (United States)

    Salamatova, T.; Zhukov, V.

    2017-02-01

    The paper presents the application of the artificial immune systems apparatus as a heuristic method of network intrusion detection for algorithmic provision of intrusion detection systems. The coevolutionary immune algorithm of artificial immune systems with clonal selection was elaborated. In testing different datasets the empirical results of evaluation of the algorithm effectiveness were achieved. To identify the degree of efficiency the algorithm was compared with analogs. The fundamental rules based of solutions generated by this algorithm are described in the article.

  4. Environment-Sensitive Intrusion Detection

    National Research Council Canada - National Science Library

    Giffin, Jonathan T; Dagon, David; Jha, Somesh; Lee, Wenke; Miller, Barton P

    2006-01-01

    .... We improve the effectiveness of such model-based intrusion detection systems by incorporating into the model knowledge of the environment in which the program runs, and by increasing the accuracy...

  5. Scalable High-Performance Parallel Design for Network Intrusion Detection Systems on Many-Core Processors

    OpenAIRE

    Jiang, Hayang; Xie, Gaogang; Salamatian, Kavé; Mathy, Laurent

    2013-01-01

    Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. ...

  6. Computational neural network regression model for Host based Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Sunil Kumar Gautam

    2016-09-01

    Full Text Available The current scenario of information gathering and storing in secure system is a challenging task due to increasing cyber-attacks. There exists computational neural network techniques designed for intrusion detection system, which provide security to single machine and entire network's machine. In this paper, we have used two types of computational neural network models, namely, Generalized Regression Neural Network (GRNN model and Multilayer Perceptron Neural Network (MPNN model for Host based Intrusion Detection System using log files that are generated by a single personal computer. The simulation results show correctly classified percentage of normal and abnormal (intrusion class using confusion matrix. On the basis of results and discussion, we found that the Host based Intrusion Systems Model (HISM significantly improved the detection accuracy while retaining minimum false alarm rate.

  7. A Distributed Signature Detection Method for Detecting Intrusions in Sensor Systems

    Directory of Open Access Journals (Sweden)

    Won Woo Ro

    2013-03-01

    Full Text Available Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on theWu–Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

  8. A distributed signature detection method for detecting intrusions in sensor systems.

    Science.gov (United States)

    Kim, Ilkyu; Oh, Doohwan; Yoon, Myung Kuk; Yi, Kyueun; Ro, Won Woo

    2013-03-25

    Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

  9. Slick: An Intrusion Detection System for Virtualized Storage Devices

    NARCIS (Netherlands)

    Bacs, A.; Giuffrida, C.; Grill, B.; Bos, H.J.; Ossowski, Sascha

    2016-01-01

    Cloud computing is rapidly reshaping the server administration landscape. The widespread use of virtualization and the increasingly high server consolidation ratios, in particular, have introduced unprecedented security challenges for users, increasing the exposure to intrusions and opening up new

  10. A Universal High-Performance Correlation Analysis Detection Model and Algorithm for Network Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Hongliang Zhu

    2017-01-01

    Full Text Available In big data era, the single detection techniques have already not met the demand of complex network attacks and advanced persistent threats, but there is no uniform standard to make different correlation analysis detection be performed efficiently and accurately. In this paper, we put forward a universal correlation analysis detection model and algorithm by introducing state transition diagram. Based on analyzing and comparing the current correlation detection modes, we formalize the correlation patterns and propose a framework according to data packet timing and behavior qualities and then design a new universal algorithm to implement the method. Finally, experiment, which sets up a lightweight intrusion detection system using KDD1999 dataset, shows that the correlation detection model and algorithm can improve the performance and guarantee high detection rates.

  11. Anomaly-Based Intrusion Detection Systems Utilizing System Call Data

    Science.gov (United States)

    2012-03-01

    2.1.1 Viruses The first use of the term “computer virus ” is attributed to Fred Cohen in 1983. Fred Cohen originally defined a computer virus as a...agents. Once compromised, these systems become part of what is known as a “zombie” network. 2.1.3 Trojans A Trojan horse is malware pretending to...be benign or useful software. When activated, Trojans perform unauthorized actions such as collecting, modifying, and forging data. Unlike viruses

  12. Combining Host-based and network-based intrusion detection system

    African Journals Online (AJOL)

    These attacks were simulated using hping. The proposed system is implemented in Java. The results show that the proposed system is able to detect attacks both from within (host-based) and outside sources (network-based). Key Words: Intrusion Detection System (IDS), Host-based, Network-based, Signature, Security log.

  13. A Comparative Study of Data Mining Algorithms for High Detection Rate in Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Nabeela Ashraf

    2018-01-01

    Full Text Available Due to the fast growth and tradition of the internet over the last decades, the network security problems are increasing vigorously. Humans can not handle the speed of processes and the huge amount of data required to handle network anomalies. Therefore, it needs substantial automation in both speed and accuracy. Intrusion Detection System is one of the approaches to recognize illegal access and rare attacks to secure networks. In this proposed paper, Naive Bayes, J48 and Random Forest classifiers are compared to compute the detection rate and accuracy of IDS. For experiments, the KDD_NSL dataset is used.

  14. Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

    NARCIS (Netherlands)

    Bolzoni, D.; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter H.; Cole, Jack; Wolthusen, Stephen D.

    We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection

  15. PERFORMANCE COMPARISON FOR INTRUSION DETECTION SYSTEM USING NEURAL NETWORK WITH KDD DATASET

    Directory of Open Access Journals (Sweden)

    S. Devaraju

    2014-04-01

    Full Text Available Intrusion Detection Systems are challenging task for finding the user as normal user or attack user in any organizational information systems or IT Industry. The Intrusion Detection System is an effective method to deal with the kinds of problem in networks. Different classifiers are used to detect the different kinds of attacks in networks. In this paper, the performance of intrusion detection is compared with various neural network classifiers. In the proposed research the four types of classifiers used are Feed Forward Neural Network (FFNN, Generalized Regression Neural Network (GRNN, Probabilistic Neural Network (PNN and Radial Basis Neural Network (RBNN. The performance of the full featured KDD Cup 1999 dataset is compared with that of the reduced featured KDD Cup 1999 dataset. The MATLAB software is used to train and test the dataset and the efficiency and False Alarm Rate is measured. It is proved that the reduced dataset is performing better than the full featured dataset.

  16. RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks

    Directory of Open Access Journals (Sweden)

    Sungwon Lee

    2009-05-01

    Full Text Available TheIP-based Ubiquitous Sensor Network (IP-USN is an effort to build the “Internet of things”. By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System called RIDES (Robust Intrusion DEtection System for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.

  17. RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks.

    Science.gov (United States)

    Amin, Syed Obaid; Siddiqui, Muhammad Shoaib; Hong, Choong Seon; Lee, Sungwon

    2009-01-01

    The IP-based Ubiquitous Sensor Network (IP-USN) is an effort to build the "Internet of things". By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System) called RIDES (Robust Intrusion DEtection System) for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control) technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.

  18. Technologies, Methodologies and Challenges in Network Intrusion Detection and Prevention Systems

    Directory of Open Access Journals (Sweden)

    Nicoleta STANCIU

    2013-01-01

    Full Text Available This paper presents an overview of the technologies and the methodologies used in Network Intrusion Detection and Prevention Systems (NIDPS. Intrusion Detection and Prevention System (IDPS technologies are differentiated by types of events that IDPSs can recognize, by types of devices that IDPSs monitor and by activity. NIDPSs monitor and analyze the streams of network packets in order to detect security incidents. The main methodology used by NIDPSs is protocol analysis. Protocol analysis requires good knowledge of the theory of the main protocols, their definition, how each protocol works.

  19. Fuzzy Based Advanced Hybrid Intrusion Detection System to Detect Malicious Nodes in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Rupinder Singh

    2017-01-01

    Full Text Available In this paper, an Advanced Hybrid Intrusion Detection System (AHIDS that automatically detects the WSNs attacks is proposed. AHIDS makes use of cluster-based architecture with enhanced LEACH protocol that intends to reduce the level of energy consumption by the sensor nodes. AHIDS uses anomaly detection and misuse detection based on fuzzy rule sets along with the Multilayer Perceptron Neural Network. The Feed Forward Neural Network along with the Backpropagation Neural Network are utilized to integrate the detection results and indicate the different types of attackers (i.e., Sybil attack, wormhole attack, and hello flood attack. For detection of Sybil attack, Advanced Sybil Attack Detection Algorithm is developed while the detection of wormhole attack is done by Wormhole Resistant Hybrid Technique. The detection of hello flood attack is done by using signal strength and distance. An experimental analysis is carried out in a set of nodes; 13.33% of the nodes are determined as misbehaving nodes, which classified attackers along with a detection rate of the true positive rate and false positive rate. Sybil attack is detected at a rate of 99,40%; hello flood attack has a detection rate of 98, 20%; and wormhole attack has a detection rate of 99, 20%.

  20. Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.; Kirda, E.; Jha, S.; Balzarotti, D.

    Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

  1. Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.

    2009-01-01

    Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

  2. Intrusion detection system using Online Sequence Extreme Learning Machine (OS-ELM) in advanced metering infrastructure of smart grid.

    Science.gov (United States)

    Li, Yuancheng; Qiu, Rixuan; Jing, Sitong

    2018-01-01

    Advanced Metering Infrastructure (AMI) realizes a two-way communication of electricity data through by interconnecting with a computer network as the core component of the smart grid. Meanwhile, it brings many new security threats and the traditional intrusion detection method can't satisfy the security requirements of AMI. In this paper, an intrusion detection system based on Online Sequence Extreme Learning Machine (OS-ELM) is established, which is used to detecting the attack in AMI and carrying out the comparative analysis with other algorithms. Simulation results show that, compared with other intrusion detection methods, intrusion detection method based on OS-ELM is more superior in detection speed and accuracy.

  3. Functional requirements with survey results for integrated intrusion detection and access control annunciator systems

    Energy Technology Data Exchange (ETDEWEB)

    Arakaki, L.H.; Monaco, F.M.

    1995-09-01

    This report contains the guidance Functional Requirements for an Integrated Intrusion Detection and Access Control Annunciator System, and survey results of selected commercial systems. The survey questions were based upon the functional requirements; therefore, the results reflect which and sometimes how the guidance recommendations were met.

  4. ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Crispo, Bruno; Etalle, Sandro

    2007-01-01

    We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network

  5. A gray-box DPDA-based intrusion detection technique using system-call monitoring

    NARCIS (Netherlands)

    Jafarian, Jafar Haadi; Abbasi, Ali; Safaei Sheikhabadi, Siavash

    2011-01-01

    In this paper, we present a novel technique for automatic and efficient intrusion detection based on learning program behaviors. Program behavior is captured in terms of issued system calls augmented with point-of-system-call information, and is modeled according to an efficient deterministic

  6. ATLANTIDES: Automatic Configuration for Alert Verification in Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Crispo, B.; Etalle, Sandro

    2008-01-01

    We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network

  7. ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Crispo, Bruno; Etalle, Sandro

    We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network

  8. A fuzzy logic based network intrusion detection system for predicting the TCP SYN flooding attack

    CSIR Research Space (South Africa)

    Mkuzangwe, Nenekazi NP

    2017-04-01

    Full Text Available presents a fuzzy logic based network intrusion detection system to predict neptune which is a type of a Transmission Control Protocol Synchronized (TCP SYN) flooding attack. The performance of the proposed fuzzy logic based system is compared to that of a...

  9. On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Wei Gao

    2014-03-01

    Full Text Available Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks.  Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services.  This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

  10. A Proposal of Protocol and Policy-Based Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Tatsuya Baba

    2004-06-01

    Full Text Available Currently, intrusion detection systems (IDSs are widely deployed in enterprise networks for detecting network attacks. Most existing commercial IDSs are based on misuse detection model. In misuse detection, although known attacks can be detected, unknown ones cannot be detected because attack signatures for unknown attacks cannot be generated. In this paper, we propose a method for detecting network attacks including unknown ones against servers such as web servers, mail servers, FTP servers, and DNS servers, using protocol specifications and site access policy. Furthermore, we propose a method to predict damage from detected attacks using neural networks.

  11. Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM

    Directory of Open Access Journals (Sweden)

    S. Ganapathy

    2012-01-01

    Full Text Available Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set.

  12. Intelligent agent-based intrusion detection system using enhanced multiclass SVM.

    Science.gov (United States)

    Ganapathy, S; Yogesh, P; Kannan, A

    2012-01-01

    Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set.

  13. Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM

    Science.gov (United States)

    Ganapathy, S.; Yogesh, P.; Kannan, A.

    2012-01-01

    Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set. PMID:23056036

  14. Enhanced Intrusion Detection System for Input Validation Attacks in Web Application

    OpenAIRE

    Puspendra Kumar; R. K. Pateriya

    2013-01-01

    Internet continues to expand exponentially and access to the Internet become more prevalent in our daily life but at the same time web application are becoming most attractive targets for hacker and cyber criminals. This paper presents an enhanced intrusion detection system approach for detecting input validation attacks in the web application. The existing IDS for Input validation attacks are language dependent. The proposed IDS is language independent i.e. it works for any web application d...

  15. Sequence-aware intrusion detection in industrial control systems

    NARCIS (Netherlands)

    Caselli, M.; Zambon, Emmanuele; Kargl, Frank; Zhou, Jianying; Jones, D.

    Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but

  16. Design and implementation of an intrusion detection system based on IPv6 protocol

    Science.gov (United States)

    Liu, Bin; Li, Zhitang; Li, Yao; Li, Zhanchun

    2005-11-01

    Network intrusion detection systems (NIDS) are important parts of network security architecture. Although many NIDS have been proposed, there is little effort to expand the current set of NIDS to support IPv6 protocol. This paper presents the design and implementation of a Network-based Intrusion Detection System that supports both IPv6 protocol and IPv4 protocol. It characters rules based logging to perform content pattern matching and detect a variety of attacks and probes from IPv4 and IPv6.There are four primary subsystems to make it up: packet capture, packet decoder, detection engine, and logging and alerting subsystem. A new approach to packet capture that combined NAPI with MMAP is proposed in this paper. The test results show that the efficiency of packet capture can be improved significantly by this method. Several new attack tools for IPv6 have been developed for intrusion detection evaluation. Test shows that more than 20 kinds of IPv6 attacks can be detected by this system and it also has a good performance under heavy traffic load.

  17. Comparative study of adaptive-noise-cancellation algorithms for intrusion detection systems

    International Nuclear Information System (INIS)

    Claassen, J.P.; Patterson, M.M.

    1981-01-01

    Some intrusion detection systems are susceptible to nonstationary noise resulting in frequent nuisance alarms and poor detection when the noise is present. Adaptive inverse filtering for single channel systems and adaptive noise cancellation for two channel systems have both demonstrated good potential in removing correlated noise components prior detection. For such noise susceptible systems the suitability of a noise reduction algorithm must be established in a trade-off study weighing algorithm complexity against performance. The performance characteristics of several distinct classes of algorithms are established through comparative computer studies using real signals. The relative merits of the different algorithms are discussed in the light of the nature of intruder and noise signals

  18. An Intelligent Tutor for Intrusion Detection on Computer Systems.

    Science.gov (United States)

    Rowe, Neil C.; Schiavo, Sandra

    1998-01-01

    Describes an intelligent tutor incorporating a program using artificial-intelligence planning methods to generate realistic audit files reporting actions of simulated users and intruders of a UNIX system, and a program simulating the system afterwards that asks students to inspect the audit and fix problems. Experiments show that students using…

  19. The Unexplored Impact of IPv6 on Intrusion Detection Systems

    Science.gov (United States)

    2012-03-01

    to detect a wide range of attacks, including network mapping, port scans, TCP stack scans, DoS bandwidth- flooding attacks, worms, viruses, OS...or too many TCP SYN packets sent in a short period of time (port scan). [The Preprocessor’s function is to take packets potentially dan- gerous for the...Spoofing Layer 3 (Ip Addr) Spoof6 Layer 4 ( SYN flood ) Syn6 ARP & DHCP DHCP MITM DHCP6 SLAAC ICMP6 (RA, Discovery) ARP ICMP6 Nieghbor Discovery (NDP

  20. Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

    Science.gov (United States)

    2016-08-01

    SUBJECT TERMS supervisory control and data acquisition ( SCADA ), Modbus, industrial control system, intrusion detection system 16. SECURITY...Dependencies 3 2.3 iPoid Rules Format 3 2.3.1 Individual Function-Rule Format 4 2.3.2 Individual Value-Rule Format 6 2.3.3 Updating Modbus Inspection Rules...enable users to dynamically update the inspection rules without restarting Bro. This avoids a risk of Bro missing packets on the wire. Fig. 2

  1. Instant OSSEC host-based intrusion detection system

    CERN Document Server

    Lhotsky, Brad

    2013-01-01

    Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. A fast-paced, practical guide to OSSEC-HIDS that will help you solve host-based security problems.This book is great for anyone concerned about the security of their servers-whether you are a system administrator, programmer, or security analyst, this book will provide you with tips to better utilize OSSEC-HIDS. Whether you're new to OSSEC-HIDS or a seasoned veteran, you'll find something in this book you can apply today!This book assumes some knowledge of basic security concepts an

  2. Resilient Control and Intrusion Detection for SCADA Systems

    Science.gov (United States)

    2014-05-01

    square-error ( MMSE ) with a consistent observation vector dimension to have a lower computational load. Note the noise covariance of fused measurement...change times, or this distribution is nonstationary (i.e. it doesn’t have an invariant mean nor variance). This is particularly meaningful for our 51...j are time- invariant and are denoted by A. Then we can combine all t linear systems (7.1) into a single equation B = AX , (7.2) where B = [b1b2

  3. A Process Engineering Approach to the Development and Integration of Intrusion Detection Techniques

    National Research Council Canada - National Science Library

    Ye, Nong

    2001-01-01

    ...) investigate system-level intrusion detection techniques for the fusion and correlation of local information about intrusions, based on the integration infrastructure for intrusion detection; and (3...

  4. A Process Engineering Approach to the Development and Integration of Intrusion Detection Techniques

    National Research Council Canada - National Science Library

    Ye, Nong

    2002-01-01

    ...) investigate system-level intrusion detection techniques for the fusion and correlation of local information about intrusions, based on the integration infrastructure for intrusion detection; and (3...

  5. Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

    Science.gov (United States)

    Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

    2017-01-01

    The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

  6. A Targeted Attack For Enhancing Resiliency of Intelligent Intrusion Detection Modules in Energy Cyber Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Youssef, Tarek [Florida Intl Univ., Miami, FL (United States); El Hariri, Mohammad [Florida Intl Univ., Miami, FL (United States); Habib, Hani [Florida Intl Univ., Miami, FL (United States); Mohammed, Osama [Florida Intl Univ., Miami, FL (United States); Harmon, E [Florida Intl Univ., Miami, FL (United States)

    2017-02-28

    Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware to trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.

  7. A framework for implementing a Distributed Intrusion Detection System (DIDS) with interoperabilty and information analysis

    OpenAIRE

    Davicino, Pablo; Echaiz, Javier; Ardenghi, Jorge Raúl

    2011-01-01

    Computer Intrusion Detection Systems (IDS) are primarily designed to protect availability, condentiality and integrity of critical information infrastructures. A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, with a central server or with a cluster of servers that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using cooperative intelligent sensors distributed across the network(s). ...

  8. MFIRE-2: A Multi Agent System for Flow-Based Intrusion Detection Using Stochastic Search

    Science.gov (United States)

    2012-03-01

    users access to a server or services. The SYN flood attack is a common example of a network level denial of service attack. It is easy to launch and... TCP /IP connection establishment mechanism and floods the server’s pending connection queue. Viruses, Trojan Horses, and Worms—A virus is a program...is a complete sweep of all ports: the services can log the sender IP address and Intrusion detection systems can raise an alarm. TCP SYN scan— SYN

  9. Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS)

    Energy Technology Data Exchange (ETDEWEB)

    Jared Verba; Michael Milvich

    2008-05-01

    Current Intrusion Detection System (IDS) technology is not suited to be widely deployed inside a Supervisory, Control and Data Acquisition (SCADA) environment. Anomaly- and signature-based IDS technologies have developed methods to cover information technology-based networks activity and protocols effectively. However, these IDS technologies do not include the fine protocol granularity required to ensure network security inside an environment with weak protocols lacking authentication and encryption. By implementing a more specific and more intelligent packet inspection mechanism, tailored traffic flow analysis, and unique packet tampering detection, IDS technology developed specifically for SCADA environments can be deployed with confidence in detecting malicious activity.

  10. ANOMALY NETWORK INTRUSION DETECTION SYSTEM BASED ON DISTRIBUTED TIME-DELAY NEURAL NETWORK (DTDNN

    Directory of Open Access Journals (Sweden)

    LAHEEB MOHAMMAD IBRAHIM

    2010-12-01

    Full Text Available In this research, a hierarchical off-line anomaly network intrusion detection system based on Distributed Time-Delay Artificial Neural Network is introduced. This research aims to solve a hierarchical multi class problem in which the type of attack (DoS, U2R, R2L and Probe attack detected by dynamic neural network. The results indicate that dynamic neural nets (Distributed Time-Delay Artificial Neural Network can achieve a high detection rate, where the overall accuracy classification rate average is equal to 97.24%.

  11. Context-aware local Intrusion Detection in SCADA systems : a testbed and two showcases

    NARCIS (Netherlands)

    Chromik, Justyna Joanna; Haverkort, Boudewijn R.H.M.; Remke, Anne Katharina Ingrid; Pilch, Carina; Brackmann, Pascal; Duhme, Christof; Everinghoff, Franziska; Giberlein, Artur; Teodorowicz, Thomas; Wieland, Julian

    2017-01-01

    This paper illustrates the use of a testbed that we have developed for context-aware local intrusion detection. This testbed is based on the co-simulation framework Mosaik and allows for the validation of local intrusion detection mechanisms at field stations in power distribution networks. For two

  12. Intrusion Detection System Requirements. A Capabilities Description in Terms of the Network Monitoring and Assessment Module of CSAP21

    National Research Council Canada - National Science Library

    Metcalf, Therese R; LaPadula, Leonard J

    2000-01-01

    ...) module of the Computer Security Assistance Program for the Twenty-First Century (CSAP21) architecture. The advantage of this approach is that it provides a global and comprehensive context in which to describe intrusion detection system...

  13. A Real-Time Intrusion Detection System using Data Mining Technique

    Directory of Open Access Journals (Sweden)

    Fang-Yie Leu

    2008-04-01

    Full Text Available Presently, most computers authenticate user ID and password before users can login these systems. However, danger soon comes if the two items are known to hackers. In this paper, we propose a system, named Intrusion Detection and Identification System (IDIS, which builds a profile for each user in an intranet to keep track his/her usage habits as forensic features with which IDIS can identify who the underlying user in the intranet is. Our experimental results show that the recognition accuracy of students of computer science department is up to 98.99%.

  14. Intrusion Detection Architecture Utilizing Graphics Processors

    Directory of Open Access Journals (Sweden)

    Branislav Madoš

    2012-12-01

    Full Text Available With the thriving technology and the great increase in the usage of computer networks, the risk of having these network to be under attacks have been increased. Number of techniques have been created and designed to help in detecting and/or preventing such attacks. One common technique is the use of Intrusion Detection Systems (IDS. Today, number of open sources and commercial IDS are available to match enterprises requirements. However, the performance of these systems is still the main concern. This paper examines perceptions of intrusion detection architecture implementation, resulting from the use of graphics processor. It discusses recent research activities, developments and problems of operating systems security. Some exploratory evidence is presented that shows capabilities of using graphical processors and intrusion detection systems. The focus is on how knowledge experienced throughout the graphics processor inclusion has played out in the design of intrusion detection architecture that is seen as an opportunity to strengthen research expertise.

  15. An Intrusion Detection System for the Protection of Railway Assets Using Fiber Bragg Grating Sensors

    Directory of Open Access Journals (Sweden)

    Angelo Catalano

    2014-09-01

    Full Text Available We demonstrate the ability of Fiber Bragg Gratings (FBGs sensors to protect large areas from unauthorized activities in railway scenarios such as stations or tunnels. We report on the technological strategy adopted to protect a specific depot, representative of a common scenario for security applications in the railway environment. One of the concerns in the protection of a railway area centers on the presence of rail-tracks, which cannot be obstructed with physical barriers. We propose an integrated optical fiber system composed of FBG strain sensors that can detect human intrusion for protection of the perimeter combined with FBG accelerometer sensors for protection of rail-track access. Several trials were carried out in indoor and outdoor environments. The results demonstrate that FBG strain sensors bonded under a ribbed rubber mat enable the detection of intruder break-in via the pressure induced on the mat, whereas the FBG accelerometers installed under the rails enable the detection of intruders walking close to the railroad tracks via the acoustic surface waves generated by footsteps. Based on a single enabling technology, this integrated system represents a valuable intrusion detection system for railway security and could be integrated with other sensing functionalities in the railway field using fiber optic technology.

  16. An intrusion detection system for the protection of railway assets using Fiber Bragg Grating sensors.

    Science.gov (United States)

    Catalano, Angelo; Bruno, Francesco Antonio; Pisco, Marco; Cutolo, Antonello; Cusano, Andrea

    2014-09-29

    We demonstrate the ability of Fiber Bragg Gratings (FBGs) sensors to protect large areas from unauthorized activities in railway scenarios such as stations or tunnels. We report on the technological strategy adopted to protect a specific depot, representative of a common scenario for security applications in the railway environment. One of the concerns in the protection of a railway area centers on the presence of rail-tracks, which cannot be obstructed with physical barriers. We propose an integrated optical fiber system composed of FBG strain sensors that can detect human intrusion for protection of the perimeter combined with FBG accelerometer sensors for protection of rail-track access. Several trials were carried out in indoor and outdoor environments. The results demonstrate that FBG strain sensors bonded under a ribbed rubber mat enable the detection of intruder break-in via the pressure induced on the mat, whereas the FBG accelerometers installed under the rails enable the detection of intruders walking close to the railroad tracks via the acoustic surface waves generated by footsteps. Based on a single enabling technology, this integrated system represents a valuable intrusion detection system for railway security and could be integrated with other sensing functionalities in the railway field using fiber optic technology.

  17. HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System

    Energy Technology Data Exchange (ETDEWEB)

    Chen, Yan [Northwesten University

    2013-12-05

    Identifying traffic anomalies and attacks rapidly and accurately is critical for large network operators. With the rapid growth of network bandwidth, such as the next generation DOE UltraScience Network, and fast emergence of new attacks/virus/worms, existing network intrusion detection systems (IDS) are insufficient because they: • Are mostly host-based and not scalable to high-performance networks; • Are mostly signature-based and unable to adaptively recognize flow-level unknown attacks; • Cannot differentiate malicious events from the unintentional anomalies. To address these challenges, we proposed and developed a new paradigm called high-performance network anomaly/intrustion detection and mitigation (HPNAIDM) system. The new paradigm is significantly different from existing IDSes with the following features (research thrusts). • Online traffic recording and analysis on high-speed networks; • Online adaptive flow-level anomaly/intrusion detection and mitigation; • Integrated approach for false positive reduction. Our research prototype and evaluation demonstrate that the HPNAIDM system is highly effective and economically feasible. Beyond satisfying the pre-set goals, we even exceed that significantly (see more details in the next section). Overall, our project harvested 23 publications (2 book chapters, 6 journal papers and 15 peer-reviewed conference/workshop papers). Besides, we built a website for technique dissemination, which hosts two system prototype release to the research community. We also filed a patent application and developed strong international and domestic collaborations which span both academia and industry.

  18. A Comparative Analysis of the Snort and Suricata Intrusion-Detection Systems

    Science.gov (United States)

    2011-09-01

    Ubuntu 10.04 for the client machine, and for the web server with the PDF files we used a Dell Latitude laptop running Xubuntu. This test required an FTP ...service and a web server be installed and running on the intrusion-detection system server . We chose to install Vsftpd for our FTP client due to...From OISF, 2011c) The Suricata configuration file allows the user to configure which and how many threads, and how many CPUs will be involved in the

  19. Intrusion Detection in NEAR System by Anti-denoising Traffic Data Series using Discrete Wavelet Transform

    Directory of Open Access Journals (Sweden)

    VANCEA, F.

    2014-11-01

    Full Text Available The paper presents two methods for detecting anomalies in data series derived from network traffic. Intrusion detection systems based on network traffic analysis are able to respond to incidents never seen before by detecting anomalies in data series extracted from the traffic. Some anomalies manifest themselves as pulses of various sizes and shapes, superimposed on series corresponding to normal traffic. In order to detect those impulses we propose two methods based on discrete wavelet transformation. Their effectiveness expressed in relative thresholds on pulse amplitude for no false negatives and no false positives is then evaluated against pulse duration and Hurst characteristic of original series. Different base functions are also evaluated for efficiency in the context of the proposed methods.

  20. A Dynamic Intrusion Detection System Based on Multivariate Hotelling's T2 Statistics Approach for Network Environments.

    Science.gov (United States)

    Sivasamy, Aneetha Avalappampatty; Sundan, Bose

    2015-01-01

    The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer. Providing effective security protocols for any network environment, therefore, assumes paramount importance. Attempts are made continuously for designing more efficient and dynamic network intrusion detection models. In this work, an approach based on Hotelling's T(2) method, a multivariate statistical analysis technique, has been employed for intrusion detection, especially in network environments. Components such as preprocessing, multivariate statistical analysis, and attack detection have been incorporated in developing the multivariate Hotelling's T(2) statistical model and necessary profiles have been generated based on the T-square distance metrics. With a threshold range obtained using the central limit theorem, observed traffic profiles have been classified either as normal or attack types. Performance of the model, as evaluated through validation and testing using KDD Cup'99 dataset, has shown very high detection rates for all classes with low false alarm rates. Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

  1. A Hypergraph and Arithmetic Residue-based Probabilistic Neural Network for classification in Intrusion Detection Systems.

    Science.gov (United States)

    Raman, M R Gauthama; Somu, Nivethitha; Kirthivasan, Kannan; Sriram, V S Shankar

    2017-08-01

    Over the past few decades, the design of an intelligent Intrusion Detection System (IDS) remains an open challenge to the research community. Continuous efforts by the researchers have resulted in the development of several learning models based on Artificial Neural Network (ANN) to improve the performance of the IDSs. However, there exists a tradeoff with respect to the stability of ANN architecture and the detection rate for less frequent attacks. This paper presents a novel approach based on Helly property of Hypergraph and Arithmetic Residue-based Probabilistic Neural Network (HG AR-PNN) to address the classification problem in IDS. The Helly property of Hypergraph was exploited for the identification of the optimal feature subset and the arithmetic residue of the optimal feature subset was used to train the PNN. The performance of HG AR-PNN was evaluated using KDD CUP 1999 intrusion dataset. Experimental results prove the dominance of HG AR-PNN classifier over the existing classifiers with respect to the stability and improved detection rate for less frequent attacks. Copyright © 2017 Elsevier Ltd. All rights reserved.

  2. Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

    Directory of Open Access Journals (Sweden)

    Min-Joo Kang

    Full Text Available A novel intrusion detection system (IDS using a deep neural network (DNN is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN, therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN bus.

  3. Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

    Science.gov (United States)

    Kang, Min-Joo; Kang, Je-Won

    2016-01-01

    A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus.

  4. Non-intrusive gesture recognition system combining with face detection based on Hidden Markov Model

    Science.gov (United States)

    Jin, Jing; Wang, Yuanqing; Xu, Liujing; Cao, Liqun; Han, Lei; Zhou, Biye; Li, Minggao

    2014-11-01

    A non-intrusive gesture recognition human-machine interaction system is proposed in this paper. In order to solve the hand positioning problem which is a difficulty in current algorithms, face detection is used for the pre-processing to narrow the search area and find user's hand quickly and accurately. Hidden Markov Model (HMM) is used for gesture recognition. A certain number of basic gesture units are trained as HMM models. At the same time, an improved 8-direction feature vector is proposed and used to quantify characteristics in order to improve the detection accuracy. The proposed system can be applied in interaction equipments without special training for users, such as household interactive television

  5. Adaptive intrusion data system

    International Nuclear Information System (INIS)

    Johnson, C.S.

    1976-01-01

    An Adaptive Intrusion Data System (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data compression, storage, and formatting system. It also incorporates capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be utilized for the collection of environmental, bi-level, analog and video data. The output of the system is digital tapes formatted for direct data reduction on a CDC 6400 computer, and video tapes containing timed tagged information that can be correlated with the digital data

  6. TAD2: the first truly non-intrusive lie detection system deployed in real crime cases

    Science.gov (United States)

    Sumriddetchkajorn, Sarun; Somboonkaew, Armote

    2010-11-01

    Interrogation is an important step for seeking truth from the suspect. With the limit of the intrusive nature of the current polygraph, we show here a highly-sought-after non-intrusive lie detection system with a user-friendly interface called TAD2. The key idea behind our TAD2 is based on the analysis of far-infrared data obtained remotely from the periorbital and nostril areas of the suspect during the interrogation. In this way, measured change in skin temperature around two periorbital areas is converted to a relative blood flow velocity while a respiration pattern is simultaneously determined from the measured change in temperature around the nostril region. In addition, TAD2 is embedded with our automatic baseline assignment that is used for distinguishing the subject's response into normal or abnormal stage. In our TAD2, the officer can choose to perform one of the three standard lie detection tests, namely, a modified zone comparison test, a modified general question test, and an irrelevant & relevant test. Field test results from suspects in real crime cases are discussed.

  7. Wireless Intrusion Detection

    Science.gov (United States)

    2007-03-01

    LEO with Belkin/ Libra spoofing N or m al iz ed O cc ur re nc es Frequency Error (kHz) Figure 3-8 Frequency error Distributions...0.40 0.45 Linksys/CIAMPIAJ1 Linksys/LEO with Belkin/ Libra spoofing N or m al iz ed O cc ur re nc es Received Power (dBm) Figure 3-10...Belkin/ Libra spoofing N or m al iz ed O cc ur re nc es Rise-Time (samples) Figure 3-12 Packet Rise-Time Distributions During Intrusion

  8. Alerts Analysis and Visualization in Network-based Intrusion Detection Systems

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Dr. Li [University of Tennessee

    2010-08-01

    The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. The second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker s behaviors.

  9. Implementation of Multipattern String Matching Accelerated with GPU for Intrusion Detection System

    Science.gov (United States)

    Nehemia, Rangga; Lim, Charles; Galinium, Maulahikmah; Rinaldi Widianto, Ahmad

    2017-04-01

    As Internet-related security threats continue to increase in terms of volume and sophistication, existing Intrusion Detection System is also being challenged to cope with the current Internet development. Multi Pattern String Matching algorithm accelerated with Graphical Processing Unit is being utilized to improve the packet scanning performance of the IDS. This paper implements a Multi Pattern String Matching algorithm, also called Parallel Failureless Aho Corasick accelerated with GPU to improve the performance of IDS. OpenCL library is used to allow the IDS to support various GPU, including popular GPU such as NVIDIA and AMD, used in our research. The experiment result shows that the application of Multi Pattern String Matching using GPU accelerated platform provides a speed up, by up to 141% in term of throughput compared to the previous research.

  10. Autonomous Rule Creation for Intrusion Detection

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Jim Alves-Foss; Milos Manic

    2011-04-01

    Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system.

  11. On the Feasibility of Intrusion Detection Inside Workstation Disks

    National Research Council Canada - National Science Library

    Griffin, John L; Pennington, Adam; Bucy, John S; Choundappan, Deepa; Muralidharan, Nithya; Ganger, Gregory R

    2003-01-01

    Storage-based intrusion detection systems (IDSs) can be valuable tools in monitoring for and notifying administrators of malicious software executing on a host computer, including many common intrusion tool kits...

  12. Anomaly based intrusion detection for a biometric identification system using neural networks

    CSIR Research Space (South Africa)

    Mgabile, T

    2012-10-01

    Full Text Available detection technique that analyses the fingerprint biometric network traffic for evidence of intrusion. The neural network algorithm that imitates the way a human brain works is used in this study to classify normal traffic and learn the correct traffic...

  13. Intrusion Detection System Based on Decision Tree over Big Data in Fog Environment

    Directory of Open Access Journals (Sweden)

    Kai Peng

    2018-01-01

    Full Text Available Fog computing, as the supplement of cloud computing, can provide low-latency services between mobile users and the cloud. However, fog devices may encounter security challenges as a result of the fog nodes being close to the end users and having limited computing ability. Traditional network attacks may destroy the system of fog nodes. Intrusion detection system (IDS is a proactive security protection technology and can be used in the fog environment. Although IDS in tradition network has been well investigated, unfortunately directly using them in the fog environment may be inappropriate. Fog nodes produce massive amounts of data at all times, and, thus, enabling an IDS system over big data in the fog environment is of paramount importance. In this study, we propose an IDS system based on decision tree. Firstly, we propose a preprocessing algorithm to digitize the strings in the given dataset and then normalize the whole data, to ensure the quality of the input data so as to improve the efficiency of detection. Secondly, we use decision tree method for our IDS system, and then we compare this method with Naïve Bayesian method as well as KNN method. Both the 10% dataset and the full dataset are tested. Our proposed method not only completely detects four kinds of attacks but also enables the detection of twenty-two kinds of attacks. The experimental results show that our IDS system is effective and precise. Above all, our IDS system can be used in fog computing environment over big data.

  14. Interior intrusion alarm systems

    International Nuclear Information System (INIS)

    Prell, J.A.

    1978-01-01

    In meeting the requirements for the safeguarding of special nuclear material and the physical protection of licensed facilities, the licensee is required to design a physical security system that will meet minimum performance requirements. An integral part of any physical security system is the interior intrusion alarm system. The purpose of this report is to provide the potential user of an interior intrusion alarm system with information on the various types, components, and performance capabilities available so that he can design and install the optimum alarm system for his particular environment. In addition, maintenance and testing procedures are discussed and recommended which, if followed, will help the user obtain the optimum results from his system

  15. The Development of Agent Information for Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Bambang Sugiantoro

    2017-10-01

    Full Text Available As the challenges and problems surround intrusion rises rapidly, the intrusion detection system has been gradually developed. Agent-based approach for intrusion detection system has developed from single to multi agent, and later developed mobile agents in order to increase system's capability to face with a more complex challenge and change. A number of studies had been identified that mobile agent can reduce network traffic, however the study related to intrusion detection using static and mobile agent for finding intruder has not been fully achieved.Keywords:  Information, Intrusion, mobile, networks

  16. A harmful-intrusion detection method based on background reconstruction and two-dimensional K-S test in an optical fiber pre-warning system

    Science.gov (United States)

    Bi, Fukun; Zheng, Tong; Qu, Hongquan; Pang, Liping

    2016-06-01

    The key technology and main difficulty for optical fiber intrusion pre-warning systems (OFIPS) is the extraction of harmful-intrusion signals. After being processed by a phase-sensitive optical time-domain reflectometer (Φ-OTDR), vibration signals can be preliminarily extracted. Generally, these include noises and intrusions. Here, intrusions can be divided into harmful and harmless intrusions. With respect to the close study of signal characteristics, an effective extraction method of harmful intrusion is proposed in the paper. Firstly, in the part of the background reconstruction, all intrusion signals are first detected by a constant false alarm rate (CFAR). We then reconstruct the backgrounds by extracting two-part information of alarm points, time and amplitude. This ensures that the detection background consists of intrusion signals. Secondly, in the part of the two-dimensional Kolmogorov-Smirnov (K-S) test, in order to extract harmful ones from all extracted intrusions, we design a separation method. It is based on the signal characteristics of harmful intrusion, which are shorter time interval and higher amplitude. In the actual OFIPS, the detection method is used in some typical scenes, which includes a lot of harmless intrusions, for example construction sites and busy roads. Results show that we can effectively extract harmful intrusions.

  17. The state of the art in intrusion prevention and detection

    CERN Document Server

    Pathan, Al-Sakib Khan

    2013-01-01

    The State of the Art in Intrusion Prevention and Detection analyzes the latest trends and issues surrounding intrusion detection systems in computer networks, especially in communications networks. Its broad scope of coverage includes wired, wireless, and mobile networks; next-generation converged networks; and intrusion in social networks.Presenting cutting-edge research, the book presents novel schemes for intrusion detection and prevention. It discusses tracing back mobile attackers, secure routing with intrusion prevention, anomaly detection, and AI-based techniques. It also includes infor

  18. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

    Directory of Open Access Journals (Sweden)

    Nattawat Khamphakdee

    2015-07-01

    Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

  19. WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Iman Almomani

    2016-01-01

    Full Text Available Wireless Sensor Networks (WSN have become increasingly one of the hottest research areas in computer science due to their wide range of applications including critical military and civilian applications. Such applications have created various security threats, especially in unattended environments. To ensure the security and dependability of WSN services, an Intrusion Detection System (IDS should be in place. This IDS has to be compatible with the characteristics of WSNs and capable of detecting the largest possible number of security threats. In this paper a specialized dataset for WSN is developed to help better detect and classify four types of Denial of Service (DoS attacks: Blackhole, Grayhole, Flooding, and Scheduling attacks. This paper considers the use of LEACH protocol which is one of the most popular hierarchical routing protocols in WSNs. A scheme has been defined to collect data from Network Simulator 2 (NS-2 and then processed to produce 23 features. The collected dataset is called WSN-DS. Artificial Neural Network (ANN has been trained on the dataset to detect and classify different DoS attacks. The results show that WSN-DS improved the ability of IDS to achieve higher classification accuracy rate. WEKA toolbox was used with holdout and 10-Fold Cross Validation methods. The best results were achieved with 10-Fold Cross Validation with one hidden layer. The classification accuracies of attacks were 92.8%, 99.4%, 92.2%, 75.6%, and 99.8% for Blackhole, Flooding, Scheduling, and Grayhole attacks, in addition to the normal case (without attacks, respectively.

  20. Proposed Network Intrusion Detection System ‎In Cloud Environment Based on Back ‎Propagation Neural Network

    Directory of Open Access Journals (Sweden)

    Shawq Malik Mehibs

    2017-12-01

    Full Text Available Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over the internet. This low-cost service fulfills the basic requirements of users. Because of the open nature and services introduced by cloud computing intruders impersonate legitimate users and misuse cloud resource and services. To detect intruders and suspicious activities in and around the cloud computing environment, intrusion detection system used to discover the illegitimate users and suspicious action by monitors different user activities on the network .this work proposed based back propagation artificial neural network to construct t network intrusion detection in the cloud environment. The proposed module evaluated with kdd99 dataset the experimental results shows promising approach to detect attack with high detection rate and low false alarm rate

  1. Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems.

    Science.gov (United States)

    Laftah Al-Yaseen, Wathiq; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree

    2015-01-01

    Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

  2. Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems

    Directory of Open Access Journals (Sweden)

    Wathiq Laftah Al-Yaseen

    2015-01-01

    Full Text Available Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS. The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

  3. Harmful intrusion detection algorithm of optical fiber pre-warning system based on correlation of orthogonal polarization signals

    Science.gov (United States)

    Bi, Fukun; Feng, Chong; Qu, Hongquan; Zheng, Tong; Wang, Chonglei

    2017-09-01

    At present, advanced researches of optical fiber intrusion measurement are based on the constant false alarm rate (CFAR) algorithm. Although these conventional methods overcome the interference of non-stationary random signals, there are still a large number of false alarms in practical applications. This is because there is no specific study on orthogonal polarization signals of false alarm and intrusion. In order to further reduce false alarms, we analyze the correlation of optical fiber signals using birefringence of single-mode fiber. This paper proposes the harmful intrusion detection algorithm based on the correlation of two orthogonal polarization signals. The proposed method uses correlation coefficient to distinguish false alarms and intrusions, which can decrease false alarms. Experiments on real data, which are collected from the practical environment, demonstrate that the difference in correlation is a robust feature. Furthermore, the results show that the proposed algorithm can reduce the false alarms and ensure the detection performance when it is used in optical fiber pre-warning system (OFPS).

  4. Design of an Acoustic Target Intrusion Detection System Based on Small-Aperture Microphone Array

    Science.gov (United States)

    Zu, Xingshui; Guo, Feng; Huang, Jingchang; Zhao, Qin; Liu, Huawei; Li, Baoqing; Yuan, Xiaobing

    2017-01-01

    Automated surveillance of remote locations in a wireless sensor network is dominated by the detection algorithm because actual intrusions in such locations are a rare event. Therefore, a detection method with low power consumption is crucial for persistent surveillance to ensure longevity of the sensor networks. A simple and effective two-stage algorithm composed of energy detector (ED) and delay detector (DD) with all its operations in time-domain using small-aperture microphone array (SAMA) is proposed. The algorithm analyzes the quite different velocities between wind noise and sound waves to improve the detection capability of ED in the surveillance area. Experiments in four different fields with three types of vehicles show that the algorithm is robust to wind noise and the probability of detection and false alarm are 96.67% and 2.857%, respectively. PMID:28273838

  5. Design of an Acoustic Target Intrusion Detection System Based on Small-Aperture Microphone Array.

    Science.gov (United States)

    Zu, Xingshui; Guo, Feng; Huang, Jingchang; Zhao, Qin; Liu, Huawei; Li, Baoqing; Yuan, Xiaobing

    2017-03-04

    Automated surveillance of remote locations in a wireless sensor network is dominated by the detection algorithm because actual intrusions in such locations are a rare event. Therefore, a detection method with low power consumption is crucial for persistent surveillance to ensure longevity of the sensor networks. A simple and effective two-stage algorithm composed of energy detector (ED) and delay detector (DD) with all its operations in time-domain using small-aperture microphone array (SAMA) is proposed. The algorithm analyzes the quite different velocities between wind noise and sound waves to improve the detection capability of ED in the surveillance area. Experiments in four different fields with three types of vehicles show that the algorithm is robust to wind noise and the probability of detection and false alarm are 96.67% and 2.857%, respectively.

  6. On-line detection of Escherichia coli intrusion in a pilot-scale drinking water distribution system.

    Science.gov (United States)

    Ikonen, Jenni; Pitkänen, Tarja; Kosse, Pascal; Ciszek, Robert; Kolehmainen, Mikko; Miettinen, Ilkka T

    2017-08-01

    Improvements in microbial drinking water quality monitoring are needed for the better control of drinking water distribution systems and for public health protection. Conventional water quality monitoring programmes are not always able to detect a microbial contamination of drinking water. In the drinking water production chain, in addition to the vulnerability of source waters, the distribution networks are prone to contamination. In this study, a pilot-scale drinking-water distribution network with an on-line monitoring system was utilized for detecting bacterial intrusion. During the experimental Escherichia coli intrusions, the contaminant was measured by applying a set of on-line sensors for electric conductivity (EC), pH, temperature (T), turbidity, UV-absorbance at 254 nm (UVAS SC) and with a device for particle counting. Monitored parameters were compared with the measured E. coli counts using the integral calculations of the detected peaks. EC measurement gave the strongest signal compared with the measured baseline during the E. coli intrusion. Integral calculations showed that the peaks in the EC, pH, T, turbidity and UVAS SC data were detected corresponding to the time predicted. However, the pH and temperature peaks detected were barely above the measured baseline and could easily be mixed with the background noise. The results indicate that on-line monitoring can be utilized for the rapid detection of microbial contaminants in the drinking water distribution system although the peak interpretation has to be performed carefully to avoid being mixed up with normal variations in the measurement data. Copyright © 2017 Elsevier Ltd. All rights reserved.

  7. Reinforced Intrusion Detection Using Pursuit Reinforcement Competitive Learning

    Directory of Open Access Journals (Sweden)

    Indah Yulia Prafitaning Tiyas

    2014-06-01

    Full Text Available Today, information technology is growing rapidly,all information can be obtainedmuch easier. It raises some new problems; one of them is unauthorized access to the system. We need a reliable network security system that is resistant to a variety of attacks against the system. Therefore, Intrusion Detection System (IDS required to overcome the problems of intrusions. Many researches have been done on intrusion detection using classification methods. Classification methodshave high precision, but it takes efforts to determine an appropriate classification model to the classification problem. In this paper, we propose a new reinforced approach to detect intrusion with On-line Clustering using Reinforcement Learning. Reinforcement Learning is a new paradigm in machine learning which involves interaction with the environment.It works with reward and punishment mechanism to achieve solution. We apply the Reinforcement Learning to the intrusion detection problem with considering competitive learning using Pursuit Reinforcement Competitive Learning (PRCL. Based on the experimental result, PRCL can detect intrusions in real time with high accuracy (99.816% for DoS, 95.015% for Probe, 94.731% for R2L and 99.373% for U2R and high speed (44 ms.The proposed approach can help network administrators to detect intrusion, so the computer network security systembecome reliable. Keywords: Intrusion Detection System, On-Line Clustering, Reinforcement Learning, Unsupervised Learning.

  8. Intrusion detection using pattern recognition methods

    Science.gov (United States)

    Jiang, Nan; Yu, Li

    2007-09-01

    Today, cyber attacks such as worms, scanning, active attackers are pervasive in Internet. A number of security approaches are proposed to address this problem, among which the intrusion detection system (IDS) appears to be one of the major and most effective solutions for defending against malicious users. Essentially, intrusion detection problem can be generalized as a classification problem, whose goal is to distinguish normal behaviors and anomalies. There are many well-known pattern recognition algorithms for classification purpose. In this paper we describe the details of applying pattern recognition methods to the intrusion detection research field. Experimenting on the KDDCUP 99 data set, we first use information gain metric to reduce the dimensionality of the original feature space. Two supervised methods, the support vector machine as well as the multi-layer neural network have been tested and the results display high detection rate and low false alarm rate, which is promising for real world applications. In addition, three unsupervised methods, Single-Linkage, K-Means, and CLIQUE, are also implemented and evaluated in the paper. The low computational complexity reveals their application in initial data reduction process.

  9. Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders

    Directory of Open Access Journals (Sweden)

    Yang Yu

    2017-01-01

    Full Text Available Network intrusion detection is one of the most important parts for cyber security to protect computer systems against malicious attacks. With the emergence of numerous sophisticated and new attacks, however, network intrusion detection techniques are facing several significant challenges. The overall objective of this study is to learn useful feature representations automatically and efficiently from large amounts of unlabeled raw network traffic data by using deep learning approaches. We propose a novel network intrusion model by stacking dilated convolutional autoencoders and evaluate our method on two new intrusion detection datasets. Several experiments were carried out to check the effectiveness of our approach. The comparative experimental results demonstrate that the proposed model can achieve considerably high performance which meets the demand of high accuracy and adaptability of network intrusion detection systems (NIDSs. It is quite potential and promising to apply our model in the large-scale and real-world network environments.

  10. Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

    Science.gov (United States)

    Hu, Haibin

    2017-05-01

    Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

  11. How Intrusion Detection Can Improve Software Decoy Applications

    National Research Council Canada - National Science Library

    Monteiro, Valter

    2003-01-01

    This research concerns information security and computer-network defense. It addresses how to handle the information of log files and intrusion-detection systems to recognize when a system is under attack...

  12. A Dynamic Intrusion Detection System Based on Multivariate Hotelling’s T2 Statistics Approach for Network Environments

    Directory of Open Access Journals (Sweden)

    Aneetha Avalappampatty Sivasamy

    2015-01-01

    Full Text Available The ever expanding communication requirements in today’s world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer. Providing effective security protocols for any network environment, therefore, assumes paramount importance. Attempts are made continuously for designing more efficient and dynamic network intrusion detection models. In this work, an approach based on Hotelling’s T2 method, a multivariate statistical analysis technique, has been employed for intrusion detection, especially in network environments. Components such as preprocessing, multivariate statistical analysis, and attack detection have been incorporated in developing the multivariate Hotelling’s T2 statistical model and necessary profiles have been generated based on the T-square distance metrics. With a threshold range obtained using the central limit theorem, observed traffic profiles have been classified either as normal or attack types. Performance of the model, as evaluated through validation and testing using KDD Cup’99 dataset, has shown very high detection rates for all classes with low false alarm rates. Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

  13. BLACK HOLE ATTACK IN AODV & FRIEND FEATURES UNIQUE EXTRACTION TO DESIGN DETECTION ENGINE FOR INTRUSION DETECTION SYSTEM IN MOBILE ADHOC NETWORK

    Directory of Open Access Journals (Sweden)

    HUSAIN SHAHNAWAZ

    2012-10-01

    Full Text Available Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS. Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system.

  14. Intrusion detection in wireless ad-hoc networks

    CERN Document Server

    Chaki, Nabendu

    2014-01-01

    Presenting cutting-edge research, Intrusion Detection in Wireless Ad-Hoc Networks explores the security aspects of the basic categories of wireless ad-hoc networks and related application areas. Focusing on intrusion detection systems (IDSs), it explains how to establish security solutions for the range of wireless networks, including mobile ad-hoc networks, hybrid wireless networks, and sensor networks.This edited volume reviews and analyzes state-of-the-art IDSs for various wireless ad-hoc networks. It includes case studies on honesty-based intrusion detection systems, cluster oriented-based

  15. Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security

    NARCIS (Netherlands)

    Caselli, M.

    2016-01-01

    “Networked control system‿ (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing

  16. Information Assurance Intrusion Detection Sensor Database Design: Lessons Learned

    National Research Council Canada - National Science Library

    Spink, Brian

    2001-01-01

    Current architectural trends in information assurance for the DOD focuses on the fusion and correlation of large volumes of data collected across several intrusion detection systems and boundary devices...

  17. Improving Air Force Active Network Defense Systems through an Analysis of Intrusion Detection Techniques

    National Research Council Canada - National Science Library

    Dunklee, David R

    2007-01-01

    .... The research then presents four recommendations to improve DCC operations. These include: Transition or improve the current signature-based IDS systems to include the capability to query and visualize network flows to detect malicious traffic...

  18. A Frequency-Based Approach to Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Mian Zhou

    2004-06-01

    Full Text Available Research on network security and intrusion detection strategies presents many challenging issues to both theoreticians and practitioners. Hackers apply an array of intrusion and exploit techniques to cause disruption of normal system operations, but on the defense, firewalls and intrusion detection systems (IDS are typically only effective in defending known intrusion types using their signatures, and are far less than mature when faced with novel attacks. In this paper, we adapt the frequency analysis techniques such as the Discrete Fourier Transform (DFT used in signal processing to the design of intrusion detection algorithms. We demonstrate the effectiveness of the frequency-based detection strategy by running synthetic network intrusion data in simulated networks using the OPNET software. The simulation results indicate that the proposed intrusion detection strategy is effective in detecting anomalous traffic data that exhibit patterns over time, which include several types of DOS and probe attacks. The significance of this new strategy is that it does not depend on the prior knowledge of attack signatures, thus it has the potential to be a useful supplement to existing signature-based IDS and firewalls.

  19. A New Method for Intrusion Detection using Manifold Learning Algorithm

    OpenAIRE

    Guoping Hou; Xuan Ma; Yuelei Zhang

    2013-01-01

    Computer and network security has received and will still receive much attention. Any unexpected intrusion will damage the network. It is therefore imperative to detect the network intrusion to ensure the normal operation of the internet. There are many studies in the intrusion detection and intrusion patter recognition. The artificial neural network (ANN) has proven to be powerful for the intrusion detection. However, very little work has discussed the optimization of the input intrusion fea...

  20. A novel interacting multiple model based network intrusion detection scheme

    Science.gov (United States)

    Xin, Ruichi; Venkatasubramanian, Vijay; Leung, Henry

    2006-04-01

    In today's information age, information and network security are of primary importance to any organization. Network intrusion is a serious threat to security of computers and data networks. In internet protocol (IP) based network, intrusions originate in different kinds of packets/messages contained in the open system interconnection (OSI) layer 3 or higher layers. Network intrusion detection and prevention systems observe the layer 3 packets (or layer 4 to 7 messages) to screen for intrusions and security threats. Signature based methods use a pre-existing database that document intrusion patterns as perceived in the layer 3 to 7 protocol traffics and match the incoming traffic for potential intrusion attacks. Alternately, network traffic data can be modeled and any huge anomaly from the established traffic pattern can be detected as network intrusion. The latter method, also known as anomaly based detection is gaining popularity for its versatility in learning new patterns and discovering new attacks. It is apparent that for a reliable performance, an accurate model of the network data needs to be established. In this paper, we illustrate using collected data that network traffic is seldom stationary. We propose the use of multiple models to accurately represent the traffic data. The improvement in reliability of the proposed model is verified by measuring the detection and false alarm rates on several datasets.

  1. Network Intrusion Detection with Threat Agent Profiling

    Directory of Open Access Journals (Sweden)

    Tomáš Bajtoš

    2018-01-01

    Full Text Available With the increase in usage of computer systems and computer networks, the problem of intrusion detection in network security has become an important issue. In this paper, we discuss approaches that simplify network administrator’s work. We applied clustering methods for security incident profiling. We consider K-means, PAM, and CLARA clustering algorithms. For this purpose, we used data collected in Warden system from various security tools. We do not aim to differentiate between normal and abnormal network traffic, but we focus on grouping similar threat agents based on attributes of security events. We suggest a case of a fine classification and a case of a coarse classification and discuss advantages of both cases.

  2. When Intrusion Detection Meets Blockchain Technology: A Review

    DEFF Research Database (Denmark)

    Meng, Weizhi; Tischhauser, Elmar Wolfgang; Wang, Qingju

    2018-01-01

    With the purpose of identifying cyber threats and possible incidents, intrusion detection systems (IDSs) are widely deployed in various computer networks. In order to enhance the detection capability of a single IDS, collaborative intrusion detection networks (or collaborative IDSs) have been...... developed, which allow IDS nodes to exchange data with each other. However, data and trust management still remain two challenges for current detection architectures, which may degrade the effectiveness of such detection systems. In recent years, blockchain technology has shown its adaptability in many...... fields such as supply chain management, international payment, interbanking and so on. As blockchain can protect the integrity of data storage and ensure process transparency, it has a potential to be applied to intrusion detection domain. Motivated by this, this work provides a review regarding...

  3. Multi-User Low Intrusive Occupancy Detection

    Directory of Open Access Journals (Sweden)

    Azkario Rizky Pratama

    2018-03-01

    Full Text Available Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers’ mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS of BLE (Bluetooth Low Energy nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87–90% accuracy, demonstrating the effectiveness of the proposed approach.

  4. Multi-User Low Intrusive Occupancy Detection.

    Science.gov (United States)

    Pratama, Azkario Rizky; Widyawan, Widyawan; Lazovik, Alexander; Aiello, Marco

    2018-03-06

    Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers' mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS) of BLE (Bluetooth Low Energy) nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87-90% accuracy, demonstrating the effectiveness of the proposed approach.

  5. Multi-User Low Intrusive Occupancy Detection

    Science.gov (United States)

    Widyawan, Widyawan; Lazovik, Alexander

    2018-01-01

    Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers’ mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS) of BLE (Bluetooth Low Energy) nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87–90% accuracy, demonstrating the effectiveness of the proposed approach. PMID:29509693

  6. Adaptive Intrusion Data System (AIDS)

    International Nuclear Information System (INIS)

    Corlis, N.E.

    1980-05-01

    The adaptive intrusion data system (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique data system which uses computer controlled data systems, video cameras and recorders, analog-to-digital conversion, environmental sensors, and digital recorders to collect sensor data. The data can be viewed either manually or with a special computerized data-reduction system which adds new data to a data base stored on a magnetic disc recorder. This report provides a synoptic account of the AIDS as it presently exists. Modifications to the purchased subsystems are described, and references are made to publications which describe the Sandia-designed subsystems

  7. An improved real time image detection system for elephant intrusion along the forest border areas.

    Science.gov (United States)

    Sugumar, S J; Jayaparvathy, R

    2014-01-01

    Human-elephant conflict is a major problem leading to crop damage, human death and injuries caused by elephants, and elephants being killed by humans. In this paper, we propose an automated unsupervised elephant image detection system (EIDS) as a solution to human-elephant conflict in the context of elephant conservation. The elephant's image is captured in the forest border areas and is sent to a base station via an RF network. The received image is decomposed using Haar wavelet to obtain multilevel wavelet coefficients, with which we perform image feature extraction and similarity match between the elephant query image and the database image using image vision algorithms. A GSM message is sent to the forest officials indicating that an elephant has been detected in the forest border and is approaching human habitat. We propose an optimized distance metric to improve the image retrieval time from the database. We compare the optimized distance metric with the popular Euclidean and Manhattan distance methods. The proposed optimized distance metric retrieves more images with lesser retrieval time than the other distance metrics which makes the optimized distance method more efficient and reliable.

  8. IMPLEMENTASI DAN ANALISA HASIL DATA MINING UNTUK KLASIFIKASI SERANGAN PADA INTRUSION DETECTION SYSTEM (IDS DENGAN ALGORITMA C4.5

    Directory of Open Access Journals (Sweden)

    Izza Khaerani

    2015-10-01

    Full Text Available Intrusion Detection System (IDS merupakan sebuah kemampuan yang dimiliki oleh sebuah sistem atau perangkat untuk dapat melakukan deteksi terhadap serangan yang mungkin terjadi dalam jaringan baik lokal maupun yang terhubung dengan internet. Masalah dimulai ketika paket data yang datang sangat banyak dan harus di analisa di kemudian hari. Teknik Data Mining merupakan teknik yang tepat untuk melakukan analisa terhadap sebuah data. Beberapa penelitian telah menggunakan teknik data mining untuk mengatasi masalah serangan IDS seperti analisis frequent itemset, analisis clustering, analisis klasifikasi dan analisis asosiasi. Tujuan dari penelitian ini adalah untuk mengklasifikasikan serangan pada data-data yang diujikan dengan menggunakan metode klasifikasi dan algoritma klasifikasi C4.5. Penelitian ini menggunakan koleksi data dari KDD’99 dan memiliki 41 atribut dimana atribut ini dilakukan fitur seleksi untuk menghapus atribut yang tidak relevan dengan menggunakan teknik evolusi. Hasil yang didapatkan dari fitur seleksi ini adalah 16 atribut dengan akurasi tinggi mencapai 98,67% dari 41 atribut yang ada. Kemudian hasilnya dilakukan pemodelan dengan menggunakan algoritma C4.5 dan menghasilkan sebuah aturan untuk digunakan dalam implementasi sistem analisa klasifikasi data. Aturan yang dihasilkan dapat digunakan dalam sistem untuk mengklasifikasikan data serangan seperti dos, u2r, r2l dan probe serta aktifitas jaringan normal. Kata Kunci: Klasifikasi, Algoritma C4.5, Fitur Seleksi, Evolusi, Intrution Detection System, IDS.

  9. Abstracting audit data for lightweight intrusion detection

    KAUST Repository

    Wang, Wei

    2010-01-01

    High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010 Springer-Verlag.

  10. Seismic intrusion detector system

    Science.gov (United States)

    Hawk, Hervey L.; Hawley, James G.; Portlock, John M.; Scheibner, James E.

    1976-01-01

    A system for monitoring man-associated seismic movements within a control area including a geophone for generating an electrical signal in response to seismic movement, a bandpass amplifier and threshold detector for eliminating unwanted signals, pulse counting system for counting and storing the number of seismic movements within the area, and a monitoring system operable on command having a variable frequency oscillator generating an audio frequency signal proportional to the number of said seismic movements.

  11. Unconventional applications of conventional intrusion detection sensors

    International Nuclear Information System (INIS)

    Williams, J.D.; Matter, J.C.

    1983-01-01

    A number of conventional intrusion detection sensors exists for the detection of persons entering buildings, moving within a given volume, and crossing a perimeter isolation zone. Unconventional applications of some of these sensors have recently been investigated. Some of the applications which are discussed include detection on the edges and tops of buildings, detection in storm sewers, detection on steam and other types of large pipes, and detection of unauthorized movement within secure enclosures. The enclosures can be used around complicated control valves, electrical control panels, emergency generators, etc

  12. Intrusion detection for the solution of security problems

    International Nuclear Information System (INIS)

    Buchmueller, R.

    1982-01-01

    Constantly growing security problems in public as well as private sectors can no longer be solved without the use of modern intrusion detection systems. BBC, as general contractor, offers the system solutions to fully meet these problems. These solutions include analysis of the site to be protected, installation, commissioning and maintenance of the security system. (orig.) [de

  13. Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (PAIDS)

    Science.gov (United States)

    2009-03-01

    course, network-based IDSs also have disadvantages. “Network agents can monitor and detect network attacks (e.g. SYN flood and packet storm attacks...destination Transport Control Protocol/Internet Protocol ( TCP /IP) addresses. Although parsing network traffic is highly effective for identifying...but these datasets, though they have faults and benefits, only provide TCP dumps and other characteristics of network traffic with no information

  14. A bagging approach to network intrusion detection | Adetunmbi ...

    African Journals Online (AJOL)

    The presences of these flaws make a secured system a mirage for now, hence the need for intrusion detection system. In this paper, an ensemble approach – Bagging was used on five different machine learning techniques to improve accuracy of classifiers. Machine learning seeks for methods of extracting hidden pattern ...

  15. A Multi Agent System for Flow-Based Intrusion Detection Using Reputation and Evolutionary Computation

    Science.gov (United States)

    2011-03-01

    such as a worldwide corporation , government agency, or military. Therefore, the network of interest to this research is the Autonomous System (AS)-level...section. Meadows’ research is concerned with large and sometimes abstract systems, including corporations , economies, living organisms, cities, and...Framework for Developing Multi-Objective Op- timization Metaheuristics. Technical Report ITI-2006-10, Departamento de Lenguajes y Ciencias de la

  16. Intrusion Detection in SCADA Networks

    NARCIS (Netherlands)

    Barbosa, R.R.R.; Pras, Aiko; Stiller, Burckhard; De Turck, Filip

    Supervisory Control and Data Acquisition (SCADA) sys- tems are a critical part of large industrial facilities, such as water dis- tribution infrastructures. With the goal of reducing costs and increas- ing efficiency, these systems are becoming increasingly interconnected. However, this has also

  17. Intrusion-Aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Young-Jae Song

    2009-07-01

    Full Text Available Existing anomaly and intrusion detection schemes of wireless sensor networks have mainly focused on the detection of intrusions. Once the intrusion is detected, an alerts or claims will be generated. However, any unidentified malicious nodes in the network could send faulty anomaly and intrusion claims about the legitimate nodes to the other nodes. Verifying the validity of such claims is a critical and challenging issue that is not considered in the existing cooperative-based distributed anomaly and intrusion detection schemes of wireless sensor networks. In this paper, we propose a validation algorithm that addresses this problem. This algorithm utilizes the concept of intrusion-aware reliability that helps to provide adequate reliability at a modest communication cost. In this paper, we also provide a security resiliency analysis of the proposed intrusion-aware alert validation algorithm.

  18. Characterizing and Managing Intrusion Detection System (IDS) Alerts with Multi-Server/Multi-Priority Queuing Theory

    Science.gov (United States)

    2014-12-26

    queue (shown in green) (Reed, 1995). ....................................................................... 17 Figure 4. Class diagram depicting how...the Main Script of the model orchestrates between the three classes to create a functioning queuing system...Unlike antivirus definitions where a growing database is of little concern due to the discrete and slow arrival times of new files, IDS rule-sets

  19. Railway clearance intrusion detection method with binocular stereo vision

    Science.gov (United States)

    Zhou, Xingfang; Guo, Baoqing; Wei, Wei

    2018-03-01

    In the stage of railway construction and operation, objects intruding railway clearance greatly threaten the safety of railway operation. Real-time intrusion detection is of great importance. For the shortcomings of depth insensitive and shadow interference of single image method, an intrusion detection method with binocular stereo vision is proposed to reconstruct the 3D scene for locating the objects and judging clearance intrusion. The binocular cameras are calibrated with Zhang Zhengyou's method. In order to improve the 3D reconstruction speed, a suspicious region is firstly determined by background difference method of a single camera's image sequences. The image rectification, stereo matching and 3D reconstruction process are only executed when there is a suspicious region. A transformation matrix from Camera Coordinate System(CCS) to Track Coordinate System(TCS) is computed with gauge constant and used to transfer the 3D point clouds into the TCS, then the 3D point clouds are used to calculate the object position and intrusion in TCS. The experiments in railway scene show that the position precision is better than 10mm. It is an effective way for clearance intrusion detection and can satisfy the requirement of railway application.

  20. Alerts Visualization and Clustering in Network-based Intrusion Detection

    Energy Technology Data Exchange (ETDEWEB)

    Yang, Dr. Li [University of Tennessee; Gasior, Wade C [ORNL; Dasireddy, Swetha [University of Tennessee

    2010-04-01

    Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes it less effective. We propose a system which takes both raw data and Snort alerts to visualize and analyze possible intrusions in a network. Then we present with two models for the visualization of clustered alerts. Our first model gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. In the second model, flocking model, presents the network administrator with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.

  1. Wireless Sensor Network Based Smart Grid Communications: Cyber Attacks, Intrusion Detection System and Topology Control

    Directory of Open Access Journals (Sweden)

    Lipi Chhaya

    2017-01-01

    Full Text Available The existing power grid is going through a massive transformation. Smart grid technology is a radical approach for improvisation in prevailing power grid. Integration of electrical and communication infrastructure is inevitable for the deployment of Smart grid network. Smart grid technology is characterized by full duplex communication, automatic metering infrastructure, renewable energy integration, distribution automation and complete monitoring and control of entire power grid. Wireless sensor networks (WSNs are small micro electrical mechanical systems that are deployed to collect and communicate the data from surroundings. WSNs can be used for monitoring and control of smart grid assets. Security of wireless sensor based communication network is a major concern for researchers and developers. The limited processing capabilities of wireless sensor networks make them more vulnerable to cyber-attacks. The countermeasures against cyber-attacks must be less complex with an ability to offer confidentiality, data readiness and integrity. The address oriented design and development approach for usual communication network requires a paradigm shift to design data oriented WSN architecture. WSN security is an inevitable part of smart grid cyber security. This paper is expected to serve as a comprehensive assessment and analysis of communication standards, cyber security issues and solutions for WSN based smart grid infrastructure.

  2. Distributed fiber optic moisture intrusion sensing system

    Science.gov (United States)

    Weiss, Jonathan D.

    2003-06-24

    Method and system for monitoring and identifying moisture intrusion in soil such as is contained in landfills housing radioactive and/or hazardous waste. The invention utilizes the principle that moist or wet soil has a higher thermal conductance than dry soil. The invention employs optical time delay reflectometry in connection with a distributed temperature sensing system together with heating means in order to identify discrete areas within a volume of soil wherein temperature is lower. According to the invention an optical element and, optionally, a heating element may be included in a cable or other similar structure and arranged in a serpentine fashion within a volume of soil to achieve efficient temperature detection across a large area or three dimensional volume of soil. Remediation, moisture countermeasures, or other responsive action may then be coordinated based on the assumption that cooler regions within a soil volume may signal moisture intrusion where those regions are located.

  3. Data mining approach to web application intrusions detection

    Science.gov (United States)

    Kalicki, Arkadiusz

    2011-10-01

    Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.

  4. An Automata Based Intrusion Detection Method for Internet of Things

    Directory of Open Access Journals (Sweden)

    Yulong Fu

    2017-01-01

    Full Text Available Internet of Things (IoT transforms network communication to Machine-to-Machine (M2M basis and provides open access and new services to citizens and companies. It extends the border of Internet and will be developed as one part of the future 5G networks. However, as the resources of IoT’s front devices are constrained, many security mechanisms are hard to be implemented to protect the IoT networks. Intrusion detection system (IDS is an efficient technique that can be used to detect the attackers when cryptography is broken, and it can be used to enforce the security of IoT networks. In this article, we analyzed the intrusion detection requirements of IoT networks and then proposed a uniform intrusion detection method for the vast heterogeneous IoT networks based on an automata model. The proposed method can detect and report the possible IoT attacks with three types: jam-attack, false-attack, and reply-attack automatically. We also design an experiment to verify the proposed IDS method and examine the attack of RADIUS application.

  5. Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2017-01-01

    Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed...

  6. AdaBoost-based algorithm for network intrusion detection.

    Science.gov (United States)

    Hu, Weiming; Hu, Wei; Maybank, Steve

    2008-04-01

    Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.

  7. State-of-the-art technologies for intrusion and obstacle detection for railroad operations

    Science.gov (United States)

    2007-07-01

    This report provides an update on the state-of-the-art technologies with intrusion and obstacle detection capabilities for rail rights of way (ROW) and crossings. A workshop entitled Intruder and Obstacle Detection Systems (IODS) for Railroads Requir...

  8. Porting Extremely Lightweight Intrusion Detection (ELIDe) to Android

    Science.gov (United States)

    2015-10-01

    ARL-TN-0681 ● OCT 2015 US Army Research Laboratory Porting Extremely Lightweight Intrusion Detection (ELIDe) to Android by...Lightweight Intrusion Detection (ELIDe) to Android by Ken F Yu and Garret S Payer Computational and Information Sciences Directorate, ARL...

  9. Attacks against intrusion detection networks: evasion, reverse engineering and optimal countermeasures

    OpenAIRE

    Pastrana Portillo, Sergio

    2016-01-01

    Intrusion Detection Networks (IDNs) constitute a primary element in current cyberdefense systems. IDNs are composed of different nodes distributed among a network infrastructure, performing functions such as local detection --mostly by Intrusion Detection Systems (IDS) --, information sharing with other nodes in the IDN, and aggregation and correlation of data from different sources. Overall, they are able to detect distributed attacks taking place at large scale or in different parts of the ...

  10. Data Mining Usage in Corporate Information Security: Intrusion Detection Applications

    Directory of Open Access Journals (Sweden)

    Al Quhtani Masoud

    2017-03-01

    Full Text Available Background: The globalization era has brought with it the development of high technology, and therefore new methods of preserving and storing data. New data storing techniques ensure data are stored for longer periods of time, more efficiently and with a higher quality, but also with a higher data abuse risk. Objective: The goal of the paper is to provide a review of the data mining applications for the purpose of corporate information security, and intrusion detection in particular. Methods/approach: The review was conducted using the systematic analysis of the previously published papers on the usage of data mining in the field of corporate information security. Results: This paper demonstrates that the use of data mining applications is extremely useful and has a great importance for establishing corporate information security. Data mining applications are directly related to issues of intrusion detection and privacy protection. Conclusions: The most important fact that can be specified based on this study is that corporations can establish a sustainable and efficient data mining system that will ensure privacy and successful protection against unwanted intrusions.

  11. Coplanar capacitance sensors for detecting water intrusion in composite structures

    International Nuclear Information System (INIS)

    Nassr, Amr A; El-Dakhakhni, Wael W; Ahmed, Wael H

    2008-01-01

    Composite materials are becoming more affordable and widely used for retrofitting, rehabilitating and repairing reinforced concrete structures designed and constructed under older specifications. However, the mechanical properties and long-term durability of composite materials may degrade severely in the presence of water intrusion. This study presents a new non-destructive evaluation (NDE) technique for detecting the water intrusion in composite structures by evaluating the dielectric properties of different composite system constituent materials. The variation in the dielectric signatures was employed to design a coplanar capacitance sensor with high sensitivity to detect such defects. An analytical model was used to study the effect of the sensor geometry on the output signal and to optimize sensor design. A finite element model was developed to validate analytical results and to evaluate other sensor design-related parameters. Experimental testing of a concrete specimen wrapped with composite laminate and containing a series of pre-induced water intrusion defects was conducted in order to validate the concept of the new technique. Experimental data showed excellent agreement with the finite element model predictions and confirmed sensor performance

  12. Statistical decision making for authentication and intrusion detection

    NARCIS (Netherlands)

    Dimitrakakis, C.; Mitrokotsa, A.

    2009-01-01

    User authentication and intrusion detection differ from standard classification problems in that while we have data generated from legitimate users, impostor or intrusion data is scarce or non-existent. We review existing techniques for dealing with this problem and propose alternatives based on a

  13. Adaptive intrusion data system (AIDS) software routines

    International Nuclear Information System (INIS)

    Corlis, N.E.

    1980-07-01

    An Adaptive Intrusion Data System (AIDS) was developed to collect information from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data-compression, storage, and formatting system; it also incorporates a capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be used for the collection of environmental, bilevel, analog, and video data. This report describes the software routines that control the different AIDS data-collection modes, the diagnostic programs to test the operating hardware, and the data format. Sample data printouts are also included

  14. ESTIMATION OF INTRUSION DETECTION PROBABILITY BY PASSIVE INFRARED DETECTORS

    Directory of Open Access Journals (Sweden)

    V. V. Volkhonskiy

    2015-07-01

    Full Text Available Subject of Research. The paper deals with estimation of detection probability of intruder by passive infrared detector in different conditions of velocity and direction for automated analyses of physical protection systems effectiveness. Method. Analytic formulas for detection distance distribution laws obtained by means of experimental histogram approximation are used. Main Results. Applicability of different distribution laws has been studied, such as Rayleigh, Gauss, Gamma, Maxwell and Weibull distribution. Based on walk tests results, approximation of experimental histograms of detection distance probability distribution laws by passive infrared detectors was done. Conformity of the histograms to the mentioned analytical laws according to fitting criterion 2 has been checked for different conditions of velocity and direction of intruder movement. Mean and variance of approximate distribution laws were equal to the same parameters of experimental histograms for corresponding intruder movement parameters. Approximation accuracy evaluation for above mentioned laws was done with significance level of 0.05. According to fitting criterion 2, the Rayleigh and Gamma laws are corresponded mostly close to the histograms for different velocity and direction of intruder movement. Dependences of approximation accuracy for different conditions of intrusion have been got. They are usable for choosing an approximation law in the certain condition. Practical Relevance. Analytic formulas for detection probability are usable for modeling of intrusion process and objective effectiveness estimation of physical protection systems by both developers and users.

  15. A graphical feature generation approach for intrusion detection

    OpenAIRE

    Chen Shi; Zuo Zhen; Huang Zhi Ping; Guo Xiao Jun

    2016-01-01

    In order to develop a novel effective and efficient intrusion detection system, a novel hybrid method based on a graphical features-based k-nearest neighbor approach, namely GFNN, is proposed in this paper. In GFNN, k-means clustering algorithm is used to extract cluster centre of each class in the given dataset. Then, the distance between a specific data sample and each cluster centre is calculated, and a radar chart is plotted based on the new data composed of distance based features. The s...

  16. Classification of Intrusion Detection Dataset using machine learning Approaches

    OpenAIRE

    Neethu B

    2012-01-01

    The paper describes about a method of intrusion detection that uses machine learning algorithms. Here we discuss about the combinational use of two machine learning algorithms called Principal Component Analysis and Naive Bayes classifier. The dimensionality of the dataset is reduced by using the principal component analysis and the classification of the dataset in to normal and attack classes is done by using Naïve Bayes Classifier. The experiments were conducted on the intrusion detection d...

  17. Conditional Variational Autoencoder for Prediction and Feature Recovery Applied to Intrusion Detection in IoT.

    Science.gov (United States)

    Lopez-Martin, Manuel; Carro, Belen; Sanchez-Esguevillas, Antonio; Lloret, Jaime

    2017-08-26

    The purpose of a Network Intrusion Detection System is to detect intrusive, malicious activities or policy violations in a host or host's network. In current networks, such systems are becoming more important as the number and variety of attacks increase along with the volume and sensitiveness of the information exchanged. This is of particular interest to Internet of Things networks, where an intrusion detection system will be critical as its economic importance continues to grow, making it the focus of future intrusion attacks. In this work, we propose a new network intrusion detection method that is appropriate for an Internet of Things network. The proposed method is based on a conditional variational autoencoder with a specific architecture that integrates the intrusion labels inside the decoder layers. The proposed method is less complex than other unsupervised methods based on a variational autoencoder and it provides better classification results than other familiar classifiers. More important, the method can perform feature reconstruction, that is, it is able to recover missing features from incomplete training datasets. We demonstrate that the reconstruction accuracy is very high, even for categorical features with a high number of distinct values. This work is unique in the network intrusion detection field, presenting the first application of a conditional variational autoencoder and providing the first algorithm to perform feature recovery.

  18. Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS to Zero-Day and Stealth Attacks

    Directory of Open Access Journals (Sweden)

    Waqas Haider

    2016-07-01

    Full Text Available The Windows Operating System (OS is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS. Unfortunately, a comprehensive data set that reflects the modern Windows OS’s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD; and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA. Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS design will be required.

  19. Messaging Attacks on Android: Vulnerabilities and Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Khodor Hamandi

    2015-01-01

    Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.

  20. Intrusion detection techniques for plant-wide network in a nuclear power plant

    International Nuclear Information System (INIS)

    Rajasekhar, P.; Shrikhande, S.V.; Biswas, B.B.; Patil, R.K.

    2012-01-01

    Nuclear power plants have a lot of critical data to be sent to the operator workstations. A plant wide integrated communication network, with high throughput, determinism and redundancy, is required between the workstations and the field. Switched Ethernet network is a promising prospect for such an integrated communication network. But for such an integrated system, intrusion is a major issue. Hence the network should have an intrusion detection system to make the network data secure and enhance the network availability. Intrusion detection is the process of monitoring the events occurring in a network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of network security policies, acceptable user policies, or standard security practices. This paper states the various intrusion detection techniques and approaches which are applicable for analysis of a plant wide network. (author)

  1. The evolution of Interior Intrusion Detection Technology at Sandia National Laboratories

    International Nuclear Information System (INIS)

    Graham, R.H.; Workhoven, R.M.

    1987-07-01

    Interior Intrusion Detection Technology began at Sandia National Laboratories (SNL) in 1975 as part of the Fixed Facilities Physical Protection Research and Development program sponsored by the US Department of Energy in connection with their nuclear safeguards effort. This paper describes the evolution of Interior Intrusion Detection Technology at Sandia National Laboratories from the beginning of the Interior Sensor Laboratory to the present. This Laboratory was established in 1976 to evaluate commercial interior intrusion sensors and to assist in site-specific intrusion detection system designs. Examples of special test techniques and new test equipment that were developed at the Lab are presented, including the Sandia Intruder Motion Simulator (SIMS), the Sensor and Environment Monitor (SEM), and the Sandia Interior Robot (SIR). We also discuss new sensors and unique sensor combinations developed when commercial sensors were unavailable and the future application of expert systems

  2. The evolution of interior intrusion detection technology at Sandia National Laboratories

    International Nuclear Information System (INIS)

    Graham, R.H.; Workhoven, R.M.

    1987-07-01

    Interior Intrusion Detection Technology began at Sandia National Laboratories (SNL) in 1975 as part of the Fixed Facilities Physical Protection Research and Development program sponsored by the US Department of Energy in connection with their nuclear safeguards effort. This paper describes the evolution of Interior Intrusion Detection Technology at Sandia National Laboratories from the beginning of the Interior Sensor Laboratory to the present. This Laboratory was established in 1976 to evaluate commercial interior intrusion sensors and to assist in site-specific intrusion detection system designs. Examples of special test techniques and new test equipment that were developed at the Lab are presented, including the Sandia Intruder Motion Simulator (SIMS), the Sensor and Environment Monitor (SEM), and the Sandia Interior Robot (SIR). We also discuss new sensors and unique sensor combination developed when commercial sensors were unavailable and the future application of expert systems. 5 refs

  3. The evolution of interior intrusion detection technology at Sandia National Laboratories

    International Nuclear Information System (INIS)

    Graham, R.H.; Workhoven, R.M.

    1987-01-01

    Interior Intrusion Detection Technology began at Sandia National Laboratories (SNL) in 1975 as part of the Fixed Facilities Physical Protection Research and Development program sponsored by the U.S. Department of Energy in connection with their nuclear safeguards effort. This paper describes the evolution of Interior Intrusion Detection Technology at Sandia National Laboratories from the beginning of the Interior Sensor Laboratory to the present. This Laboratory was established in 1976 to evaluate commercial interior intrusion sensors and to assist in site-specific intrusion detection system designs. Examples of special test techniques and new test equipment that were developed at the Lab are presented, including the Sandia Intruder Motion Simulator (SIMS), the Sensor and Environment Monitor (SEM), and the Sandia Interior Robot (SIR). The authors also discuss new sensors and unique sensor combinations developed when commercial sensors were unavailable and the future application of expert systems

  4. Anomaly-based Network Intrusion Detection Methods

    Directory of Open Access Journals (Sweden)

    Pavel Nevlud

    2013-01-01

    Full Text Available The article deals with detection of network anomalies. Network anomalies include everything that is quite different from the normal operation. For detection of anomalies were used machine learning systems. Machine learning can be considered as a support or a limited type of artificial intelligence. A machine learning system usually starts with some knowledge and a corresponding knowledge organization so that it can interpret, analyse, and test the knowledge acquired. There are several machine learning techniques available. We tested Decision tree learning and Bayesian networks. The open source data-mining framework WEKA was the tool we used for testing the classify, cluster, association algorithms and for visualization of our results. The WEKA is a collection of machine learning algorithms for data mining tasks.

  5. Full distributed fiber optical sensor for intrusion detection in application to buried pipelines

    Science.gov (United States)

    Gao, Jianzhong; Jiang, Zhuangde; Zhao, Yulong; Zhu, Li; Zhao, Guoxian

    2005-11-01

    Based on the microbend effect of optical fiber, a distributed sensor for real-time continuous monitoring of intrusion in application to buried pipelines is proposed. The sensing element is a long cable with a special structure made up of an elastic polymer wire, an optical fiber, and a metal wire. The damage point is located with an embedded optical time domain reflectometry (OTDR) instrument. The intrusion types can be indicated by the amplitude of output voltage. Experimental results show that the detection system can alarm adequately under abnormal load and can locate the intrusion point within 22.4 m for distance of 3.023 km.

  6. FPGA-based network intrusion detection for IEC 61850-based industrial network

    Directory of Open Access Journals (Sweden)

    Junsik Kim

    2018-03-01

    Full Text Available This paper proposes an FPGA-based network intrusion detection system for the IEC 61850-based industrial network that is specially designed for substation automation. The proposed system uses the Shift-And algorithm for detecting malicious network packets within IEC 61850 messages. To implement a complex rule matching module with a limited memory size of FPGA, a specially designed rule matching module was proposed in this paper. For feasibility evaluation, a prototype with 265 regular expression matching modules was implemented using Xilinx Zynq-7030 FPGA and its performance is presented in this paper. Keywords: Network intrusion detection system (NIDS, IEC 61850, Regular expression, Substation automation, FPGA

  7. Hybrid Intrusion Forecasting Framework for Early Warning System

    Science.gov (United States)

    Kim, Sehun; Shin, Seong-Jun; Kim, Hyunwoo; Kwon, Ki Hoon; Han, Younggoo

    Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.

  8. An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions

    Science.gov (United States)

    2007-03-01

    Immune System CCNA Cisco-Certified Network Associate CDIS Computer Defense Immune System DARPA Defense Advanced Research Projects Agency DFS...are fairly sure of a majority accuracy, as this Cisco-Certified Network Associate ( CCNA )-certified author has a decade of training and experience in

  9. Fast Content-Based Packet Handling for Intrusion Detection

    National Research Council Canada - National Science Library

    Fisk, Mike

    2001-01-01

    ... use of Royer-Moore currently used in the popular intrusion detection platform Snort. We then measure the actual performance of several search algorithms on actual packet traces and rulesets. Our results provide lessons on the structuring of content-based handlers.

  10. An Overview of IP Flow-Based Intrusion Detection

    NARCIS (Netherlands)

    Sperotto, Anna; Schaffrath, Gregor; Sadre, R.; Morariu, Cristian; Pras, Aiko; Stiller, Burkhard

    2010-01-01

    Intrusion detection is an important area of research. Traditionally, the approach taken to find attacks is to inspect the contents of every packet. However, packet inspection cannot easily be performed at high-speeds. Therefore, researchers and operators started investigating alternative approaches,

  11. A Labeled Data Set For Flow-based Intrusion Detection

    NARCIS (Netherlands)

    Sperotto, Anna; Sadre, R.; van Vliet, Frank; Pras, Aiko; Nunzi, Giorgio; Scoglio, Caterina; Li, Xing

    2009-01-01

    Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set

  12. A novel intrusion detection method based on OCSVM and K-means recursive clustering

    Directory of Open Access Journals (Sweden)

    Leandros A. Maglaras

    2015-01-01

    Full Text Available In this paper we present an intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition system, based on the combination of One-Class Support Vector Machine (OCSVM with RBF kernel and recursive k-means clustering. Important parameters of OCSVM, such as Gaussian width o and parameter v affect the performance of the classifier. Tuning of these parameters is of great importance in order to avoid false positives and over fitting. The combination of OCSVM with recursive k- means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters o and v, making it ideal for real-time intrusion detection mechanisms for SCADA systems. Extensive simulations have been conducted with datasets extracted from small and medium sized HTB SCADA testbeds, in order to compare the accuracy, false alarm rate and execution time against the base line OCSVM method.

  13. LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks

    DEFF Research Database (Denmark)

    Giannetsos, Athanasios; Krontiris, Ioannis; Dimitriou, Tassos

    2008-01-01

    Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed...... to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance. In this paper, we present a lightweight intrusion detection system, called LIDeA, designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes...... overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. We show how such a system can be implemented in TinyOS, which components and interfaces are needed, and what is the resulting overhead imposed....

  14. Towards real-time intrusion detection for NetFlow and IPFIX

    NARCIS (Netherlands)

    Hofstede, R.J.; Bartos, Vaclav; Sperotto, Anna; Pras, Aiko

    2013-01-01

    DDoS attacks bring serious economic and technical damage to networks and enterprises. Timely detection and mitigation are therefore of great importance. However, when flow monitoring systems are used for intrusion detection, as it is often the case in campus, enterprise and backbone networks, timely

  15. Abstracting massive data for lightweight intrusion detection in computer networks

    KAUST Repository

    Wang, Wei

    2016-10-15

    Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional . k-means, are employed to find the exemplars from the audit data. . k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD\\'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.

  16. Research on chronicles correlation based network intrusion detection techniques

    International Nuclear Information System (INIS)

    Han Zhengping; Jin Yan; Chen Taiwei; Xu Rongsheng

    2007-01-01

    According to some problems existed in network intrusion detection technique, such as alerts overwhelming, false-positives and lack of alert description, this paper introduces chronicle correlation method to alert events analysis by some correlative examples. With designed chronicle recognition language, portscan's alerts can be reduced, false-positives in buffer overflow's alerts can be detected, and NetBios DCERPC attack's alerts semantics can be improved. (authors)

  17. Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation

    Directory of Open Access Journals (Sweden)

    Basant Subba

    2016-06-01

    Full Text Available Present Intrusion Detection Systems (IDSs for MANETs require continuous monitoring which leads to rapid depletion of a node's battery life. To address this issue, we propose a new IDS scheme comprising a novel cluster leader election process and a hybrid IDS. The cluster leader election process uses the Vickrey–Clarke–Groves mechanism to elect the cluster leader which provides the intrusion detection service. The hybrid IDS comprises a threshold based lightweight module and a powerful anomaly based heavyweight module. Initially, only the lightweight module is activated. The decision to activate the heavyweight module is taken by modeling the intrusion detection process as an incomplete information non-cooperative game between the elected leader node and the potential malicious node. Simulation results show that the proposed scheme significantly reduces the IDS traffic and overall power consumption in addition to maintaining a high detection rate and accuracy.

  18. Cellular Neural Network-Based Methods for Distributed Network Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Kang Xie

    2015-01-01

    Full Text Available According to the problems of current distributed architecture intrusion detection systems (DIDS, a new online distributed intrusion detection model based on cellular neural network (CNN was proposed, in which discrete-time CNN (DTCNN was used as weak classifier in each local node and state-controlled CNN (SCCNN was used as global detection method, respectively. We further proposed a new method for design template parameters of SCCNN via solving Linear Matrix Inequality. Experimental results based on KDD CUP 99 dataset show its feasibility and effectiveness. Emerging evidence has indicated that this new approach is affordable to parallelism and analog very large scale integration (VLSI implementation which allows the distributed intrusion detection to be performed better.

  19. Towards Reliable Evaluation of Anomaly-Based Intrusion Detection Performance

    Science.gov (United States)

    Viswanathan, Arun

    2012-01-01

    This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this

  20. An Approach for Cross-Domain Intrusion Detection

    Science.gov (United States)

    2012-01-01

    supported by open source software (i.e., BASE, snort, PostgreSQL and pgpool-II). Our prototype enables an analyst to view and manipulate network trace data...multilevel (trusted) components, supported by open source software (i.e., BASE, snort, PostgreSQL and pgpool-II). Our prototype enables an analyst to view...component is implemented by the open source object-relational database system PostgreSQL 0). 4.4.3 Intrusion analysis engine The intrusion analysis

  1. Anomaly based Intrusion Detection using Modified Fuzzy Clustering

    Directory of Open Access Journals (Sweden)

    B.S. Harish

    2017-12-01

    Full Text Available This paper presents a network anomaly detection method based on fuzzy clustering. Computer security has become an increasingly vital field in computer science in response to the proliferation of private sensitive information. As a result, Intrusion Detection System has become an indispensable component of computer security. The proposed method consists of three steps: Pre-Processing, Feature Selection and Clustering. In pre-processing step, the duplicate samples are eliminated from the sample set. Next, principal component analysis is adopted to select the most discriminative features. In clustering step, the network samples are clustered using Robust Spatial Kernel Fuzzy C-Means (RSKFCM algorithm. RSKFCM is a variant of traditional Fuzzy C-Means which considers the neighbourhood membership information and uses kernel distance metric. To evaluate the proposed method, we conducted experiments on standard dataset and compared the results with state-of-the-art methods. We used cluster validity indices, accuracy and false positive rate as performance metrics. Experimental results inferred that, the proposed method achieves better results compared to other methods.

  2. PMFA: Toward Passive Message Fingerprint Attacks on Challenge-Based Collaborative Intrusion Detection Networks

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2016-01-01

    To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat....... In the literature, challenge-based trust mechanisms have been established to identify malicious nodes by evaluating the satisfaction between challenges and responses. However, we find that such mechanisms rely on two major assumptions, which may result in a weak threat model and make CIDNs still vulnerable...

  3. Dimensionality reduction using Principal Component Analysis for network intrusion detection

    Directory of Open Access Journals (Sweden)

    K. Keerthi Vasan

    2016-09-01

    Full Text Available Intrusion detection is the identification of malicious activities in a given network by analyzing its traffic. Data mining techniques used for this analysis study the traffic traces and identify hostile flows in the traffic. Dimensionality reduction in data mining focuses on representing data with minimum number of dimensions such that its properties are not lost and hence reducing the underlying complexity in processing the data. Principal Component Analysis (PCA is one of the prominent dimensionality reduction techniques widely used in network traffic analysis. In this paper, we focus on the efficiency of PCA for intrusion detection and determine its Reduction Ratio (RR, ideal number of Principal Components needed for intrusion detection and the impact of noisy data on PCA. We carried out experiments with PCA using various classifier algorithms on two benchmark datasets namely, KDD CUP and UNB ISCX. Experiments show that the first 10 Principal Components are effective for classification. The classification accuracy for 10 Principal Components is about 99.7% and 98.8%, nearly same as the accuracy obtained using original 41 features for KDD and 28 features for ISCX, respectively.

  4. A graphical feature generation approach for intrusion detection

    Directory of Open Access Journals (Sweden)

    Chen Shi

    2016-01-01

    Full Text Available In order to develop a novel effective and efficient intrusion detection system, a novel hybrid method based on a graphical features-based k-nearest neighbor approach, namely GFNN, is proposed in this paper. In GFNN, k-means clustering algorithm is used to extract cluster centre of each class in the given dataset. Then, the distance between a specific data sample and each cluster centre is calculated, and a radar chart is plotted based on the new data composed of distance based features. The sub-barycentre based features for each sample are extracted from the radar chart. As a result, our proposed approach transforms the original multi-dimensional feature space into 5-dimensional sub-barycentre feature space. The experimental results of 10-fold cross-validation based on the KDDcup99 dataset show that the GFNN not only performs better than or similar to several other approaches in terms of classification accuracy, precision, and recall. It also provides high computational efficiency for the time of classifier training and testing.

  5. Correlating intrusion detection alerts on bot malware infections using neural network

    DEFF Research Database (Denmark)

    Kidmose, Egon; Stevanovic, Matija; Pedersen, Jens Myrup

    2016-01-01

    part, as such knowledge is inferred by Neural Networks. Evaluation has been performed with traffic traces of real bot binaries executed in a lab setup. The method is trained on labelled Intrusion Detection System alerts and is capable of correctly predicting which of seven incidents an alert pertains...

  6. Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

    NARCIS (Netherlands)

    Hofstede, R.J.; Pras, Aiko

    Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and

  7. Unsupervised intrusion detection for wireless sensor networks based on artificial intelligence techniques

    OpenAIRE

    Bankovic, Zorana

    2011-01-01

    The objective of this work is to design an autonomous intrusion detection system for wireless sensor networks that would be able to detect wide range of attacks, including the previously unseen ones. The existing solutions have limited scope, in a sense they provide protection against already identified attacks, which renders the system vulnerable to unknown attacks. Furthermore, in those that can be adjusted in order to expand their scope, the modification has to be done through human intera...

  8. Nuclear-power-plant perimeter-intrusion alarm systems

    International Nuclear Information System (INIS)

    Halsey, D.J.

    1982-04-01

    Timely intercept of an intruder requires the examination of perimeter barriers and sensors in terms of reliable detection, immediate assessment and prompt response provisions. Perimeter security equipment and operations must at the same time meet the requirements of the Code of Federal Regulations, 10 CFR 73.55 with some attention to the performance and testing figures of Nuclear Regulatory Guide 5.44, Revision 2, May 1980. A baseline system is defined which recommends a general approach to implementing perimeter security elements: barriers, lighting, intrusion detection, alarm assessment. The baseline approach emphasizes cost/effectiveness achieved by detector layering and logic processing of alarm signals to produce reliable alarms and low nuisance alarm rates. A cost benefit of layering along with video assessment is reduction in operating expense. The concept of layering is also shown to minimize testing costs where detectability performance as suggested by Regulatory Guide 5.44 is to be performed. Synthesis of the perimeter intrusion alarm system and limited testing of CCTV and Video Motion Detectors (VMD), were performed at E-Systems, Greenville Division, Greenville, Texas during 1981

  9. Nuclear-power-plant perimeter-intrusion alarm systems

    Energy Technology Data Exchange (ETDEWEB)

    Halsey, D.J.

    1982-04-01

    Timely intercept of an intruder requires the examination of perimeter barriers and sensors in terms of reliable detection, immediate assessment and prompt response provisions. Perimeter security equipment and operations must at the same time meet the requirements of the Code of Federal Regulations, 10 CFR 73.55 with some attention to the performance and testing figures of Nuclear Regulatory Guide 5.44, Revision 2, May 1980. A baseline system is defined which recommends a general approach to implementing perimeter security elements: barriers, lighting, intrusion detection, alarm assessment. The baseline approach emphasizes cost/effectiveness achieved by detector layering and logic processing of alarm signals to produce reliable alarms and low nuisance alarm rates. A cost benefit of layering along with video assessment is reduction in operating expense. The concept of layering is also shown to minimize testing costs where detectability performance as suggested by Regulatory Guide 5.44 is to be performed. Synthesis of the perimeter intrusion alarm system and limited testing of CCTV and Video Motion Detectors (VMD), were performed at E-Systems, Greenville Division, Greenville, Texas during 1981.

  10. Using discriminant analysis to detect intrusions in external communication for self-driving vehicles

    Directory of Open Access Journals (Sweden)

    Khattab M.Ali Alheeti

    2017-08-01

    Full Text Available Security systems are a necessity for the deployment of smart vehicles in our society. Security in vehicular ad hoc networks is crucial to the reliable exchange of information and control data. In this paper, we propose an intelligent Intrusion Detection System (IDS to protect the external communication of self-driving and semi self-driving vehicles. This technology has the ability to detect Denial of Service (DoS and black hole attacks on vehicular ad hoc networks (VANETs. The advantage of the proposed IDS over existing security systems is that it detects attacks before they causes significant damage. The intrusion prediction technique is based on Linear Discriminant Analysis (LDA and Quadratic Discriminant Analysis (QDA which are used to predict attacks based on observed vehicle behavior. We perform simulations using Network Simulator 2 to demonstrate that the IDS achieves a low rate of false alarms and high accuracy in detection.

  11. A buried intrusion monitoring system based on high sensitivity optical fiber geophone

    Science.gov (United States)

    Li, Shujuan; Zhang, Faxiang; Zhang, Xiaolei; Sun, Zhihui; Min, Li; Wang, Chang

    2017-10-01

    A new intrusion monitoring system is designed, based on a high sensitivity fiber grating geophone and PGC interferometric demodulation. A kind of high sensitive fiber Bragg grating geophone is designed. The sensitivity of the geophone is analyzed by finite element software. The PGC interferometric demodulation algorithm is used to detect the wavelength of the geophone, to reduce the noise of the system and improve the signal-to-noise ratio. Invasive monitoring test was carried out, the personnel and vehicles invading signal were collected and analyzed. Test results show that the intrusion monitoring system based on fiber geophone can effectively identify remote intrusion, and has low false alarm rate.

  12. Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic

    Directory of Open Access Journals (Sweden)

    Amit Kleinmann

    2014-09-01

    Full Text Available The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI and the Programmable Logic Controllers (PLCs. This paper presents a model-based Intrusion Detection Systems (IDS designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA. The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on traffic from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the traffic was identified as normal.

  13. Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2017-01-01

    To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which...... are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we...... of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate...

  14. SQL injection detection system

    OpenAIRE

    Vargonas, Vytautas

    2017-01-01

    SQL injection detection system Programmers do not always ensure security of developed systems. That is why it is important to look for solutions outside being reliant on developers. In this work SQL injection detection system is proposed. The system analyzes HTTP request parameters and detects intrusions. It is based on unsupervised machine learning. Trained by regular request data system detects outlier user parameters. Since training is not reliant on previous knowledge of SQL injections, t...

  15. Novel Non-Intrusive Vibration Monitoring System for Turbopumps Project

    Data.gov (United States)

    National Aeronautics and Space Administration — ASRI proposes to develop an advanced and commercially viable Non-Intrusive Vibration Monitoring System (NI-VMS) which can provide effective on-line/off-line engine...

  16. A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks

    Directory of Open Access Journals (Sweden)

    Tao Ma

    2016-10-01

    Full Text Available The development of intrusion detection systems (IDS that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC and deep neural network (DNN algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN, support vector machine (SVM, random forest (RF and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

  17. SALVAGE D2.2 Description of the developed algorithms for intrusion detection in smart grid components

    DEFF Research Database (Denmark)

    Kosek, Anna Magdalena; Korman, Matus; Heussen, Kai

    2016-01-01

    This report presents developed model-based anomaly detection techniques used for intrusion detection in smart grid.......This report presents developed model-based anomaly detection techniques used for intrusion detection in smart grid....

  18. A Privacy-Preserving Framework for Collaborative Intrusion Detection Networks Through Fog Computing

    DEFF Research Database (Denmark)

    Wang, Yu; Xie, Lin; Li, Wenjuan

    2017-01-01

    of dispersed IDS nodes to exchange required information. With the advent of fog computing, in this paper, we propose a privacy-preserving framework for collaborative networks based on fog devices. Our study shows that the proposed framework can help reduce the workload on cloud’s side.......Nowadays, cyber threats (e.g., intrusions) are distributed across various networks with the dispersed networking resources. Intrusion detection systems (IDSs) have already become an essential solution to defend against a large amount of attacks. With the development of cloud computing, a modern IDS...... is able to implement more complicated detection algorithms by offloading the expensive operations such as the process of signature matching to the cloud (i.e., utilizing computing resources from the cloud). However, during the detection process, no party wants to disclose their own data especially...

  19. Intrusion detection in cloud computing based attack patterns and risk assessment

    Directory of Open Access Journals (Sweden)

    Ben Charhi Youssef

    2017-05-01

    Full Text Available This paper is an extension of work originally presented in SYSCO CONF.We extend our previous work by presenting the initial results of the implementation of intrusion detection based on risk assessment on cloud computing. The idea focuses on a novel approach for detecting cyber-attacks on the cloud environment by analyzing attacks pattern using risk assessment methodologies. The aim of our solution is to combine evidences obtained from Intrusion Detection Systems (IDS deployed in a cloud with risk assessment related to each attack pattern. Our approach presents a new qualitative solution for analyzing each symptom, indicator and vulnerability analyzing impact and likelihood of distributed and multi-steps attacks directed to cloud environments. The implementation of this approach will reduce the number of false alerts and will improve the performance of the IDS.

  20. Autonomous acoustic/seismic networks for intrusion detection and assessment

    International Nuclear Information System (INIS)

    Swanson, D.C.; Kurtz, P.H.

    1995-01-01

    Passive acoustic and seismic sensors have the unique capability for inexpensive non-line-of-sight (NLOS) detection and identification of vehicle movements as well as human and machine activity. By networking multiple sensor sites, one can use on-site processing to minimize internode communications for data fusion to localize the target of interest. Since all acoustic and seismic sources have characteristic directivity responses to their respective noise signatures, the network also offers the ability to observe and identify these characteristics. However, in many perimeter defense situations, a simple detection is all that's really needed. Therefore, the intelligent sensor processing goal is to reduce the false alarm rate in the presence of significant changes in background noise and the environment. The authors have developed a generic hardware platform for acoustic/seismic detection and environmental characterization. They have also developed adaptive models for predicting target detectability in a dynamic environment for performance prediction of the sensor networks. Initial performance tests of the hardware are very encouraging and the authors expect acoustic/seismic sensor networks and the environmental models to have a wide variety uses in surveillance and intrusion detection

  1. A Novel Algorithm for Intrusion Detection Based on RASL Model Checking

    Directory of Open Access Journals (Sweden)

    Weijun Zhu

    2013-01-01

    Full Text Available The interval temporal logic (ITL model checking (MC technique enhances the power of intrusion detection systems (IDSs to detect concurrent attacks due to the strong expressive power of ITL. However, an ITL formula suffers from difficulty in the description of the time constraints between different actions in the same attack. To address this problem, we formalize a novel real-time interval temporal logic—real-time attack signature logic (RASL. Based on such a new logic, we put forward a RASL model checking algorithm. Furthermore, we use RASL formulas to describe attack signatures and employ discrete timed automata to create an audit log. As a result, RASL model checking algorithm can be used to automatically verify whether the automata satisfy the formulas, that is, whether the audit log coincides with the attack signatures. The simulation experiments show that the new approach effectively enhances the detection power of the MC-based intrusion detection methods for a number of telnet attacks, p-trace attacks, and the other sixteen types of attacks. And these experiments indicate that the new algorithm can find several types of real-time attacks, whereas the existing MC-based intrusion detection approaches cannot do that.

  2. Intrusion Prevention and Detection in Grid Computing - The ALICE Case

    CERN Document Server

    INSPIRE-00416173; Kebschull, Udo

    2015-01-01

    Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Grids face complex security challenges. They are interesting targets for attackers seeking for huge computational resources. Since users can execute arbitrary code in the worker nodes on the Grid sites, special care should be put in this environment. Automatic tools to harden and monitor this scenario are required. Currently, there is no integrated solution for such requirement. This paper describes a new security framework to allow execution of job payloads in a sandboxed context. It also allows process behavior monitoring to detect intrusions, even when new attack methods or zero day vulnerabilities are exploited, by a Machin...

  3. Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks

    Science.gov (United States)

    Zhang, Huibin; Wang, Yuqiao; Chen, Haoran; Zhao, Yongli; Zhang, Jie

    2017-12-01

    In software defined optical networks (SDON), the centralized control plane may encounter numerous intrusion threatens which compromise the security level of provisioned services. In this paper, the issue of control plane security is studied and two machine-learning-based control plane intrusion detection techniques are proposed for SDON with properly selected features such as bandwidth, route length, etc. We validate the feasibility and efficiency of the proposed techniques by simulations. Results show an accuracy of 83% for intrusion detection can be achieved with the proposed machine-learning-based control plane intrusion detection techniques.

  4. The design about the intrusion defense system for IHEP

    International Nuclear Information System (INIS)

    Liu Baoxu; Xu Rongsheng; Yu Chuansong; Wu Chunzhen

    2003-01-01

    With the development of network technologies, limitations on traditional methods of network security protection are becoming more and more obvious. An individual network security product or the simple combination of several products can hardly complete the goal of keeping from hackers' intrusion. Therefore, on the basis of the analyses about the security problems of IHEPNET which is an open and scientific research network, the author designs an intrusion defense system especially for IHEPNET

  5. Real Time Intrusion Detection (la detection des intrusions en temps reel)

    Science.gov (United States)

    2003-06-01

    experts keeping track of new attacks and writing signatures. More convenient (although perhaps less reliable) would be that manufacturers update the...performance of the systems. Of course, this solution is limited, but it may be cost effective. Equally, less human resources should be required to back-up...of Vulnerabilities in Priviledged Programs by Execution Monitoring. In Proceedings 10th Annual Computer Security Applications Conference (ACSAC󈨢

  6. Smart container UWB sensor system for situational awareness of intrusion alarms

    Science.gov (United States)

    Romero, Carlos E.; Haugen, Peter C.; Zumstein, James M.; Leach, Jr., Richard R.; Vigars, Mark L.

    2013-06-11

    An in-container monitoring sensor system is based on an UWB radar intrusion detector positioned in a container and having a range gate set to the farthest wall of the container from the detector. Multipath reflections within the container make every point on or in the container appear to be at the range gate, allowing intrusion detection anywhere in the container. The system also includes other sensors to provide false alarm discrimination, and may include other sensors to monitor other parameters, e.g. radiation. The sensor system also includes a control subsystem for controlling system operation. Communications and information extraction capability may also be included. A method of detecting intrusion into a container uses UWB radar, and may also include false alarm discrimination. A secure container has an UWB based monitoring system

  7. Enhancing Trust Management for Wireless Intrusion Detection via Traffic Sampling in the Era of Big Data

    DEFF Research Database (Denmark)

    Meng, Weizhi; Li, Wenjuan; Su, Chunhua

    2017-01-01

    many kinds of information among sensors, whereas such network is vulnerable to a wide range of attacks, especially insider attacks, due to its natural environment and inherent unreliable transmission. To safeguard its security, intrusion detection systems (IDSs) are widely adopted in a WSN to defend...... against insider attacks through implementing proper trustbased mechanisms. However, in the era of big data, sensors may generate excessive information and data, which could degrade the effectiveness of trust computation. In this paper, we focus on this challenge and propose a way of combining Bayesian......-based trust management with traffic sampling for wireless intrusion detection under a hierarchical structure. In the evaluation, we investigate the performance of our approach in both a simulated and a real network environment. Experimental results demonstrate that packet-based trust management would become...

  8. Watchdog Sensor Network with Multi-Stage RF Signal Identification and Cooperative Intrusion Detection

    Science.gov (United States)

    2012-03-01

    143] Nadkarni , K. and A. Mishra. Intrusion detection in MANETS - the second wall of defence. in Industrial Electronics Society, 2003. IECON ’03...2002) [161] Mishra, A.; Nadkarni , K.; Patcha, A.; Intrusion Detection in Wireless Ad hoc networks, in Wireless Communications, IEEE, Volume 11

  9. Passive intrusion detection in wireless networks by exploiting clustering-based learning

    Science.gov (United States)

    Yang, Jie; Chen, Yingying; Desai, Sachi; Quoraishee, Shafik

    2010-04-01

    The large-scale wireless sensing data collected from wireless networks can be used for detecting intruders (e.g., enemies in tactical fields), and further facilitating real-time situation awareness in Army's networkcentric warfare applications such as intrusion detection, battlefield protection and emergency evacuation. In this work, we focus on exploiting Received Signal Strength (RSS) obtained from the existing wireless infrastructures for performing intrusion detection when the intruders or objects do not carry any radio devices. This is also known as passive intrusion detection. Passive intrusion detection based on the RSS data is an attractive approach as it reuses the existing wireless environmental data without requiring a specialized infrastructure. We propose a clustering-based learning mechanism for passive intrusion detection in wireless networks. Specifically, our detection scheme utilizes the clustering method to analyze the changes of RSS, caused by intrusions, at multiple devices to diagnose the presence of intrusions collaboratively. Our experimental results using an IEEE 802.15.4 (Zigbee) network in a real office environment show that our clustering-based learning can effectively detect the presence of intrusions.

  10. Intrusion problematic during water supply systems' operation

    Energy Technology Data Exchange (ETDEWEB)

    Mora-Rodriguez, Jesus; Lopez-Jimenez, P. Amparo [Departamento de Ingenieria Hidraulica y Medio Ambiente, Universidad Politecnica de Valencia, Camino de Vera, s/n, 46022, Valencia (Spain); Ramos, Helena M. [Civil Engineering Department and CEHIDRO, Instituto Superior Tecnico, Technical University of Lisbon, Av. Rovisco Pais, 1049-001, Lisbon (Portugal)

    2011-07-01

    Intrusion through leaks occurrence is a phenomenon when external fluid comes into water pipe systems. This phenomenon can cause contamination problems in drinking pipe systems. Hence, this paper focuses on the entry of external fluids across small leaks during normal operation conditions. This situation is especially important in elevated points of the pipe profile. Pressure variations can origin water volume losses and intrusion of contaminants into the drinking water pipes. This work focuses in obtaining up the physical representation on a specific case intrusion in a pipe water system. The combination of two factors is required to generate this kind of intrusion in a water supply system: on one hand the existence of at least a leak in the system; on the other hand, a pressure variation could occur during the operation of the system due to consumption variation, pump start-up or shutdown. The potential of intrusion during a dynamic or transient event is here analyzed. To obtain this objective an experimental case study of pressure transient scenario is analyzed with a small leak located nearby the transient source.

  11. A Hybrid Swarm Intelligence Algorithm for Intrusion Detection Using Significant Features.

    Science.gov (United States)

    Amudha, P; Karthik, S; Sivakumari, S

    2015-01-01

    Intrusion detection has become a main part of network security due to the huge number of attacks which affects the computers. This is due to the extensive growth of internet connectivity and accessibility to information systems worldwide. To deal with this problem, in this paper a hybrid algorithm is proposed to integrate Modified Artificial Bee Colony (MABC) with Enhanced Particle Swarm Optimization (EPSO) to predict the intrusion detection problem. The algorithms are combined together to find out better optimization results and the classification accuracies are obtained by 10-fold cross-validation method. The purpose of this paper is to select the most relevant features that can represent the pattern of the network traffic and test its effect on the success of the proposed hybrid classification algorithm. To investigate the performance of the proposed method, intrusion detection KDDCup'99 benchmark dataset from the UCI Machine Learning repository is used. The performance of the proposed method is compared with the other machine learning algorithms and found to be significantly different.

  12. A Hybrid Swarm Intelligence Algorithm for Intrusion Detection Using Significant Features

    Directory of Open Access Journals (Sweden)

    P. Amudha

    2015-01-01

    Full Text Available Intrusion detection has become a main part of network security due to the huge number of attacks which affects the computers. This is due to the extensive growth of internet connectivity and accessibility to information systems worldwide. To deal with this problem, in this paper a hybrid algorithm is proposed to integrate Modified Artificial Bee Colony (MABC with Enhanced Particle Swarm Optimization (EPSO to predict the intrusion detection problem. The algorithms are combined together to find out better optimization results and the classification accuracies are obtained by 10-fold cross-validation method. The purpose of this paper is to select the most relevant features that can represent the pattern of the network traffic and test its effect on the success of the proposed hybrid classification algorithm. To investigate the performance of the proposed method, intrusion detection KDDCup’99 benchmark dataset from the UCI Machine Learning repository is used. The performance of the proposed method is compared with the other machine learning algorithms and found to be significantly different.

  13. Intrusion Prevention and Detection in Grid Computing - The ALICE Case

    International Nuclear Information System (INIS)

    Gomez, Andres; Lara, Camilo; Kebschull, Udo

    2015-01-01

    Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Grids face complex security challenges. They are interesting targets for attackers seeking for huge computational resources. Since users can execute arbitrary code in the worker nodes on the Grid sites, special care should be put in this environment. Automatic tools to harden and monitor this scenario are required. Currently, there is no integrated solution for such requirement. This paper describes a new security framework to allow execution of job payloads in a sandboxed context. It also allows process behavior monitoring to detect intrusions, even when new attack methods or zero day vulnerabilities are exploited, by a Machine Learning approach. We plan to implement the proposed framework as a software prototype that will be tested as a component of the ALICE Grid middleware. (paper)

  14. Quantal Response Equilibrium-Based Strategies for Intrusion Detection in WSNs

    Directory of Open Access Journals (Sweden)

    Shigen Shen

    2015-01-01

    Full Text Available This paper is to solve the problem stating that applying Intrusion Detection System (IDS to guarantee security of Wireless Sensor Networks (WSNs is computationally costly for sensor nodes due to their limited resources. For this aim, we obtain optimal strategies to save IDS agents’ power, through Quantal Response Equilibrium (QRE that is more realistic than Nash Equilibrium. A stage Intrusion Detection Game (IDG is formulated to describe interactions between the Attacker and IDS agents. The preference structures of different strategy profiles are analyzed. Upon these structures, the payoff matrix is obtained. As the Attacker and IDS agents interact continually, the stage IDG is extended to a repeated IDG and its payoffs are correspondingly defined. The optimal strategies based on QRE are then obtained. These optimal strategies considering bounded rationality make IDS agents not always be in Defend. Sensor nodes’ power consumed in performing intrusion analyses can thus be saved. Experiment results show that the probabilities of the actions adopted by the Attacker can be predicted and thus the IDS can respond correspondingly to protect WSNs.

  15. A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks

    Directory of Open Access Journals (Sweden)

    Muhammad Hilmi Kamarudin

    2017-01-01

    Full Text Available The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification. Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR coupled with Euclidean Distance Analysis (EDA and the Chebyshev Inequality Theorem (CIT to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB is employed alongside Random Forest (RF as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.

  16. Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

    KAUST Repository

    Wang, Wei

    2014-06-22

    In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.

  17. An armored-cable-based fiber Bragg grating sensor array for perimeter fence intrusion detection

    Science.gov (United States)

    Hao, Jianzhong; Dong, Bo; Varghese, Paulose; Phua, Jiliang; Foo, Siang Fook

    2012-01-01

    In this paper, an armored-cable-based optical fiber Bragg grating (FBG) sensor array, for perimeter fence intrusion detection, is demonstrated and some of the field trial results are reported. The field trial was conducted at a critical local installation in Singapore in December 2010. The sensor array was put through a series of both simulated and live intrusion scenarios to test the stability and suitability of operation in the local environmental conditions and to determine its capabilities in detecting and reporting these intrusions accurately to the control station. Such a sensor array can provide perimeter intrusion detection with fine granularity and preset pin-pointing accuracy. The various types of intrusions included aided or unaided climbs, tampering and cutting of the fence, etc. The unique sensor packaging structure provides high sensitivity, crush resistance and protection against rodents. It is also capable of resolving nuisance events such as rain, birds sitting on the fence or seismic vibrations. These sensors are extremely sensitive with a response time of a few seconds. They can be customized for a desired spatial resolution and pre-determined sensitivity. Furthermore, it is easy to cascade a series of such sensors to monitor and detect intrusion events over a long stretch of fence line. Such sensors can be applied to real-time intrusion detection for perimeter security, pipeline security and communications link security.

  18. Zero Trust Intrusion Containment for Telemedicine

    National Research Council Canada - National Science Library

    Sood, Arun

    2002-01-01

    .... Our objective is the design and analysis of 'zero-trust' Intrusion Tolerant Systems. These are systems built under the extreme assumption that all intrusion detection techniques will eventually fail...

  19. Unsupervised algorithms for intrusion detection and identification in wireless ad hoc sensor networks

    Science.gov (United States)

    Hortos, William S.

    2009-05-01

    In previous work by the author, parameters across network protocol layers were selected as features in supervised algorithms that detect and identify certain intrusion attacks on wireless ad hoc sensor networks (WSNs) carrying multisensor data. The algorithms improved the residual performance of the intrusion prevention measures provided by any dynamic key-management schemes and trust models implemented among network nodes. The approach of this paper does not train algorithms on the signature of known attack traffic, but, instead, the approach is based on unsupervised anomaly detection techniques that learn the signature of normal network traffic. Unsupervised learning does not require the data to be labeled or to be purely of one type, i.e., normal or attack traffic. The approach can be augmented to add any security attributes and quantified trust levels, established during data exchanges among nodes, to the set of cross-layer features from the WSN protocols. A two-stage framework is introduced for the security algorithms to overcome the problems of input size and resource constraints. The first stage is an unsupervised clustering algorithm which reduces the payload of network data packets to a tractable size. The second stage is a traditional anomaly detection algorithm based on a variation of support vector machines (SVMs), whose efficiency is improved by the availability of data in the packet payload. In the first stage, selected algorithms are adapted to WSN platforms to meet system requirements for simple parallel distributed computation, distributed storage and data robustness. A set of mobile software agents, acting like an ant colony in securing the WSN, are distributed at the nodes to implement the algorithms. The agents move among the layers involved in the network response to the intrusions at each active node and trustworthy neighborhood, collecting parametric values and executing assigned decision tasks. This minimizes the need to move large amounts

  20. Weighted link graphs: a distributed IDS for secondary intrusion detection and defense

    Science.gov (United States)

    Zhou, Mian; Lang, Sheau-Dong

    2005-03-01

    While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer"s compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusion detection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.

  1. Semantic intrusion detection with multisensor data fusion using ...

    Indian Academy of Sciences (India)

    2016-08-26

    Aug 26, 2016 ... A multisensor-based IDS enables identification of the intrusion patterns semantically by correlating the events and context information provided by multiple sensors. ... R Bhargavi1 V Vaidehi1. Department of Information Technology, Madras Institute of Technology, Anna University, Chennai 600 044, India ...

  2. System-level support for intrusion recovery

    NARCIS (Netherlands)

    Bacs, Andrei; Vermeulen, Remco; Slowinska, Asia; Bos, Herbert

    2013-01-01

    Recovering from attacks is hard and gets harder as the time between the initial infection and its detection increases. Which files did the attackers modify? Did any of user data depend on malicious inputs? Can I still trust my own documents or binaries? When malcode has been active for some time and

  3. Detection of stratospheric ozone intrusions by windprofiler radars.

    Science.gov (United States)

    Hocking, W K; Carey-Smith, T; Tarasick, D W; Argall, P S; Strong, K; Rochon, Y; Zawadzki, I; Taylor, P A

    2007-11-08

    Stratospheric ozone attenuates harmful ultraviolet radiation and protects the Earth's biosphere. Ozone is also of fundamental importance for the chemistry of the lowermost part of the atmosphere, the troposphere. At ground level, ozone is an important by-product of anthropogenic pollution, damaging forests and crops, and negatively affecting human health. Ozone is critical to the chemical and thermal balance of the troposphere because, via the formation of hydroxyl radicals, it controls the capacity of tropospheric air to oxidize and remove other pollutants. Moreover, ozone is an important greenhouse gas, particularly in the upper troposphere. Although photochemistry in the lower troposphere is the major source of tropospheric ozone, the stratosphere-troposphere transport of ozone is important to the overall climatology, budget and long-term trends of tropospheric ozone. Stratospheric intrusion events, however, are still poorly understood. Here we introduce the use of modern windprofiler radars to assist in such transport investigations. By hourly monitoring the radar-derived tropopause height in combination with a series of frequent ozonesonde balloon launches, we find numerous intrusions of ozone from the stratosphere into the troposphere in southeastern Canada. On some occasions, ozone is dispersed at altitudes of two to four kilometres, but on other occasions it reaches the ground, where it can dominate the ozone density variability. We observe rapid changes in radar tropopause height immediately preceding these intrusion events. Such changes therefore serve as a valuable diagnostic for the occurrence of ozone intrusion events. Our studies emphasize the impact that stratospheric ozone can have on tropospheric ozone, and show that windprofiler data can be used to infer the possibility of ozone intrusions, as well as better represent tropopause motions in association with stratosphere-troposphere transport.

  4. Preventing Point-of-Sale System Intrusions

    Science.gov (United States)

    2014-06-01

    hours, some point-of-sale system vendors install a remote desktop environment (RDE) product on the business’s point-of-sale system. Many hackers...who target point-of-sale systems begin by gathering a list 8 of common network ports associated with well-known remote desktop products . For...acquiring and analyzing the Windows Registry hives from the live machine, are particularly useful for analyzing compromised Windows based point-of

  5. Intrusion Detection Algorithm for Mitigating Sinkhole Attack on LEACH Protocol in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Ranjeeth Kumar Sundararajan

    2015-01-01

    Full Text Available In wireless sensor network (WSN, the sensors are deployed and placed uniformly to transmit the sensed data to a centralized station periodically. So, the major threat of the WSN network layer is sinkhole attack and it is still being a challenging issue on the sensor networks, where the malicious node attracts the packets from the other normal sensor nodes and drops the packets. Thus, this paper proposes an Intrusion Detection System (IDS mechanism to detect the intruder in the network which uses Low Energy Adaptive Clustering Hierarchy (LEACH protocol for its routing operation. In the proposed algorithm, the detection metrics, such as number of packets transmitted and received, are used to compute the intrusion ratio (IR by the IDS agent. The computed numeric or nonnumeric value represents the normal or malicious activity. As and when the sinkhole attack is captured, the IDS agent alerts the network to stop the data transmission. Thus, it can be a resilient to the vulnerable attack of sinkhole. Above all, the simulation result is shown for the proposed algorithm which is proven to be efficient compared with the existing work, namely, MS-LEACH, in terms of minimum computational complexity and low energy consumption. Moreover, the algorithm was numerically analyzed using TETCOS NETSIM.

  6. Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

    KAUST Repository

    Hassanzadeh, Amin

    2011-07-18

    Wireless Mesh Networks (WMN) are easy-to-deploy, low cost solutions for providing networking and internet services in environments with no network infrastructure, e.g., disaster areas and battlefields. Since electric power is not readily available in such environments battery-powered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous monitoring, remains an open research problem. In this paper we propose that carefully chosen monitoring mesh nodes ensure continuous and complete detection coverage, while allowing non-monitoring mesh nodes to save energy through duty-cycling. We formulate the monitoring node selection problem as an optimization problem and propose distributed and centralized solutions for it, with different tradeoffs. Through extensive simulations and a proof-of-concept hardware/software implementation we demonstrate that our solutions extend the WMN lifetime by 8%, while ensuring, at the minimum, a 97% intrusion detection rate.

  7. Sample Selected Extreme Learning Machine Based Intrusion Detection in Fog Computing and MEC

    Directory of Open Access Journals (Sweden)

    Xingshuo An

    2018-01-01

    Full Text Available Fog computing, as a new paradigm, has many characteristics that are different from cloud computing. Due to the resources being limited, fog nodes/MEC hosts are vulnerable to cyberattacks. Lightweight intrusion detection system (IDS is a key technique to solve the problem. Because extreme learning machine (ELM has the characteristics of fast training speed and good generalization ability, we present a new lightweight IDS called sample selected extreme learning machine (SS-ELM. The reason why we propose “sample selected extreme learning machine” is that fog nodes/MEC hosts do not have the ability to store extremely large amounts of training data sets. Accordingly, they are stored, computed, and sampled by the cloud servers. Then, the selected sample is given to the fog nodes/MEC hosts for training. This design can bring down the training time and increase the detection accuracy. Experimental simulation verifies that SS-ELM performs well in intrusion detection in terms of accuracy, training time, and the receiver operating characteristic (ROC value.

  8. A two-stage flow-based intrusion detection model for next-generation networks.

    Science.gov (United States)

    Umer, Muhammad Fahad; Sher, Muhammad; Bi, Yaxin

    2018-01-01

    The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.

  9. A new physical barrier system for seawater intrusion control

    Science.gov (United States)

    Abdoulhalik, Antoifi; Ahmed, Ashraf; Hamill, G. A.

    2017-06-01

    The construction of subsurface physical barriers is one of various methods used to control seawater intrusion (SWI) in coastal aquifers. This study proposes the mixed physical barrier (MPB) as a new barrier system for seawater intrusion control, which combines an impermeable cutoff wall and a semi-permeable subsurface dam. The effect of the traditionally-used physical barriers on transient saltwater wedge dynamics was first explored for various hydraulic gradients, and the workability of the MPB was thereafter thoroughly analysed. A newly developed automated image analysis based on light-concentration conversion was used in the experiments, which were completed in a porous media tank. The numerical code SEAWAT was used to assess the consistency of the experimental data and examine the sensitivity of the performance of the barriers to various key parameters. The results show that the MPB induced a visible lifting of the dense saline flux upward towards the outlet by the light freshwater. This saltwater lifting mechanism, observed for the first time, induced significant reduction to the saline water intrusion length. The use of the MPB yielded up to 62% and 42% more reduction of the saltwater intrusion length than the semi-permeable dam and the cutoff wall, respectively. The performance achieved by the MPB with a wall depth of 40% of the aquifer thickness was greater than that of a single cutoff wall with a penetration depth of 90% of the aquifer thickness (about 13% extra reduction). This means that the MPB could produce better seawater intrusion reduction than the traditionally used barriers at even lower cost.

  10. FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

    Directory of Open Access Journals (Sweden)

    Malik N Ahmed

    Full Text Available Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

  11. FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

    Science.gov (United States)

    N Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

    2016-01-01

    Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

  12. Long-distance fiber optic sensing solutions for pipeline leakage, intrusion, and ground movement detection

    Science.gov (United States)

    Nikles, Marc

    2009-05-01

    An increasing number of pipelines are constructed in remote regions affected by harsh environmental conditions where pipeline routes often cross mountain areas which are characterized by unstable grounds and where soil texture changes between winter and summer increase the probability of hazards. Third party intentional interference or accidental intrusions are a major cause of pipeline failures leading to large leaks or even explosions. Due to the long distances to be monitored and the linear nature of pipelines, distributed fiber optic sensing techniques offer significant advantages and the capability to detect and localize pipeline disturbance with great precision. Furthermore pipeline owner/operators lay fiber optic cable parallel to transmission pipelines for telecommunication purposes and at minimum additional cost monitoring capabilities can be added to the communication system. The Brillouin-based Omnisens DITEST monitoring system has been used in several long distance pipeline projects. The technique is capable of measuring strain and temperature over 100's kilometers with meter spatial resolution. Dedicated fiber optic cables have been developed for continuous strain and temperature monitoring and their deployment along the pipeline has enabled permanent and continuous pipeline ground movement, intrusion and leak detection. This paper presents a description of the fiber optic Brillouin-based DITEST sensing technique, its measurement performance and limits, while addressing future perspectives for pipeline monitoring. The description is supported by case studies and illustrated by field data.

  13. Investigating the Influence of Special On–Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

    Directory of Open Access Journals (Sweden)

    Wenjuan Li

    2018-01-01

    Full Text Available Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN has thus been developed by allowing intrusion detection system (IDS nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.

  14. Mass memory formatter subsystem of the adaptive intrusion data system

    International Nuclear Information System (INIS)

    Corlis, N.E.

    1980-09-01

    The Mass Memory Formatter was developed as part of the Adaptive Intrusion Data System (AIDS) to control a 2.4-megabit mass memory. The data from a Memory Controlled Processor is formatted before it is stored in the memory and reformatted during the readout mode. The data is then transmitted to a NOVA 2 minicomputer-controlled magnetic tape recorder for storage. Techniques and circuits are described

  15. Residential Demand Response Behaviour Modeling applied to Cyber-physical Intrusion Detection

    DEFF Research Database (Denmark)

    Heussen, Kai; Tyge, Emil; Kosek, Anna Magdalena

    2017-01-01

    A real-time demand response system can be viewed as a cyber-physical system, with physical systems dependent on cyber infrastructure for coordination and control, which may be vulnerable to cyber-attacks. The time domain dynamic behaviour of individual residential demand responses is governed...... by a mix of physical system parameters, exogenous influences, user behaviour and preferences, which can be characterized by unstructured models such as a time-varying finite impulse response. In this study, which is based on field data, it is shown how this characteristic response behaviours can...... be identified and how the characterization can be updated continuously. Finally, we propose an approach to apply this behaviour characterization to the identification of anomalous and potentially malicious behaviour modifications as part of a cyber-physical intrusion detection mechanism....

  16. The Use of Artificial-Intelligence-Based Ensembles for Intrusion Detection: A Review

    Directory of Open Access Journals (Sweden)

    Gulshan Kumar

    2012-01-01

    Full Text Available In supervised learning-based classification, ensembles have been successfully employed to different application domains. In the literature, many researchers have proposed different ensembles by considering different combination methods, training datasets, base classifiers, and many other factors. Artificial-intelligence-(AI- based techniques play prominent role in development of ensemble for intrusion detection (ID and have many benefits over other techniques. However, there is no comprehensive review of ensembles in general and AI-based ensembles for ID to examine and understand their current research status to solve the ID problem. Here, an updated review of ensembles and their taxonomies has been presented in general. The paper also presents the updated review of various AI-based ensembles for ID (in particular during last decade. The related studies of AI-based ensembles are compared by set of evaluation metrics driven from (1 architecture & approach followed; (2 different methods utilized in different phases of ensemble learning; (3 other measures used to evaluate classification performance of the ensembles. The paper also provides the future directions of the research in this area. The paper will help the better understanding of different directions in which research of ensembles has been done in general and specifically: field of intrusion detection systems (IDSs.

  17. Non-intrusive, fast and sensitive ammonia detection by laser photothermal deflection

    International Nuclear Information System (INIS)

    Vries, H.S.M. de; Harren, F.J.M.; Wyers, G.P.; Otjes, R.P.; Slanina, J.; Reuss, J.

    1995-01-01

    A recently developed non-intrusive photothermal deflection (PTD) instrument allows sensitive, rapid and quantitative detection of local ammonia concentrations in the air. Ammonia is vibrationally excited by an infrared CO 2 laser in an intracavity configuration. A HeNe beam passing over the CO 2 laser beam (multipass arrangement) is deflected by the induced refractive index gradient. The detection limit for ammonia in ambient air is 0.5 ppbv with a spatial resolution of a few mm 3 . The time resolution is 0.1 s (single line) or 15 s (multi line). The system is fully automated and suited for non-stop measuring periods of at least one week. Results were compared to those obtained with a continuous-flow denuder (CFD). (author)

  18. Low-Cost Ground Sensor Network for Intrusion Detection

    Science.gov (United States)

    2017-09-01

    during the World War II (WWII) after painful and costly lessons were learned during WWI (Purser, 1989). This capability has since been growing...sensors and establish a communication link to create an alert system within the nature reserve. The device is programmed using the Python language...The camera works with the OpenCV library to perform real time image analysis and human facial detection. The Python -based OpenCV library (OpenCV, n.d

  19. Multimodal UAV detection: study of various intrusion scenarios

    Science.gov (United States)

    Hengy, Sebastien; Laurenzis, Martin; Schertzer, Stéphane; Hommes, Alexander; Kloeppel, Franck; Shoykhetbrod, Alex; Geibig, Thomas; Johannes, Winfried; Rassy, Oussama; Christnacher, Frank

    2017-10-01

    Small unmanned aerial vehicles (UAVs) are becoming increasingly popular and affordable the last years for professional and private consumer market, with varied capacities and performances. Recent events showed that illicit or hostile uses constitute an emergent, quickly evolutionary threat. Recent developments in UAV technologies tend to bring autonomous, highly agile and capable unmanned aerial vehicles to the market. These UAVs can be used for spying operations as well as for transporting illicit or hazardous material (smuggling, flying improvised explosive devices). The scenario of interest concerns the protection of sensitive zones against the potential threat constituted by small drones. In the recent past, field trials were carried out to investigate the detection and tracking of multiple UAV flying at low altitude. Here, we present results which were achieved using a heterogeneous sensor network consisting of acoustic antennas, small FMCW RADAR systems and optical sensors. While acoustics and RADAR was applied to monitor a wide azimuthal area (360°), optical sensors were used for sequentially identification. The localization results have been compared to the ground truth data to estimate the efficiency of each detection system. Seven-microphone acoustic arrays allow single source localization. The mean azimuth and elevation estimation error has been measured equal to 1.5 and -2.5 degrees respectively. The FMCW radar allows tracking of multiple UAVs by estimating their range, azimuth and motion speed. Both technologies can be linked to the electro-optical system for final identification of the detected object.

  20. SALVAGE Report D2.1 Description of existing and extended smart grid component models for use in the intrusion detection system

    DEFF Research Database (Denmark)

    Kosek, Anna Magdalena; Heussen, Kai

    2015-01-01

    The purpose of the SALVAGE project is to develop better support for managing and designing a secure future smart grid. This approach includes cyber security technologies dedicated to power grid operation as well as support for the migration to the future smart grid solutions, including the legacy....... In particular the focus of the project will be on smart grid with many small distributed energy resources, in particular LV substation automation systems and LV distribution system....

  1. Intelligent Intrusion Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks

    Directory of Open Access Journals (Sweden)

    Khattab M. Ali Alheeti

    2016-07-01

    Full Text Available Vehicular ad hoc networks (VANETs play a vital role in the success of self-driving and semi self-driving vehicles, where they improve safety and comfort. Such vehicles depend heavily on external communication with the surrounding environment via data control and Cooperative Awareness Messages (CAMs exchanges. VANETs are potentially exposed to a number of attacks, such as grey hole, black hole, wormhole and rushing attacks. This work presents an intelligent Intrusion Detection System (IDS that relies on anomaly detection to protect the external communication system from grey hole and rushing attacks. These attacks aim to disrupt the transmission between vehicles and roadside units. The IDS uses features obtained from a trace file generated in a network simulator and consists of a feed-forward neural network and a support vector machine. Additionally, the paper studies the use of a novel systematic response, employed to protect the vehicle when it encounters malicious behaviour. Our simulations of the proposed detection system show that the proposed schemes possess outstanding detection rates with a reduction in false alarms. This safe mode response system has been evaluated using four performance metrics, namely, received packets, packet delivery ratio, dropped packets and the average end to end delay, under both normal and abnormal conditions.

  2. An intrusion prevention system as a proactive security mechanism in network infrastructure

    Directory of Open Access Journals (Sweden)

    Dulanović Nenad

    2008-01-01

    Full Text Available A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS, proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.

  3. Laser spectroscopy for totally non-intrusive detection of oxygen in modified atmosphere food packages

    Science.gov (United States)

    Cocola, L.; Fedel, M.; Poletto, L.; Tondello, G.

    2015-04-01

    A device for measuring the oxygen concentration inside packages in modified atmosphere working in a completely non-intrusive way has been developed and tested. The device uses tunable diode laser spectroscopy in a geometry similar to a short distance LIDAR: A laser beam is sent through the top film of a food package, and the absorption is measured by detecting the light scattered by the bottom of the container or by a portion of the food herein contained. The device can operate completely in a contactless way from the package, and the distances of absorption both outside and inside the package are measured with a triangulation system. The performances of the device have been tested for various types of containers, and absolute values for the oxygen concentration have been compared with standard albeit destructive measurements.

  4. Hydrodynamic modeling of the intrusion phenomenon in water distribution systems; Modelacion hidrodinamica del fenomeno de intrusion en tuberia de abastecimiento

    Energy Technology Data Exchange (ETDEWEB)

    Lopez-Jimenez, Petra Amparo; Mora-Rodriguez, Jose de Jesus; Perez-Garcia, Rafael; Martinez-Solano, F. Javier [Universidad Politecnica de Valencia (Spain)

    2008-10-15

    This paper describes a strategy for the hydrodynamic modeling of the pathogen intrusion phenomenon in water distribution systems by the combination of a breakage with a depression situation. This scenario will be modeled computationally and experimentally. The phenomenon to be represented by both simulations is the same: the entrance of an external volume into the circulation of a main volume, known as a pathogen intrusion, as long as the main volume is potable water. To this end, a prototype and a computational model based on Computational Fluid Dynamics (CFD) are used, which allow visualizing the fields of speeds and pressures in a simulated form. With the comparison of the results of both models, conclusions will be drawn on the detail of the studied pathogen intrusion phenomenon. [Spanish] En el presente documento se describe una estrategia de modelacion del fenomeno hidrodinamico de la intrusion patogena en redes de distribucion de agua por combinacion de una rotura con una situacion de depresion. Este escenario sera modelado computacional y experimentalmente. El fenomeno que se desea representar con ambas simulaciones es el mismo: la entrada de un caudal externo a una conduccion para la que circula un caudal principal, denominado intrusion patogena, siempre y cuando el caudal principal sea agua potable. Para ello se dispone de un prototipo y un modelo computacional basado en la Dinamica de Fluidos Computacional (DFC de aqui en adelante), que permite visualizar los campos de velocidades y presiones de forma simulada. Con la comparacion de los resultados de ambos modelos se extraeran conclusiones sobre el detalle del fenomeno de la intrusion patogena estudiado.

  5. Radar-Based Intruder Detection for a Robotic Security System

    National Research Council Canada - National Science Library

    Cory, Phil

    1998-01-01

    .... The system includes multiple supervised-autonomous platforms equipped with intrusion detection, barrier assessment, and inventory assessment subsystems commanded from an integrated control station...

  6. Towards multi-layered intrusion detection in high-speed networks

    NARCIS (Netherlands)

    Golling, Mario; Hofstede, R.J.; Koch, Robert

    Traditional Intrusion Detection approaches rely on the inspection of individual packets, often referred to as Deep Packet Inspection (DPI), where individual packets are scanned for suspicious patterns. However, the rapid increase of link speeds and throughputs - especially in larger networks such as

  7. Feature selection for anomaly–based network intrusion detection using cluster validity indices

    CSIR Research Space (South Africa)

    Naidoo, T

    2015-09-01

    Full Text Available A feature selection algorithm that is novel in the context of anomaly–based network intrusion detection is proposed in this paper. The distinguishing factor of the proposed feature selection algorithm is its complete lack of dependency on labelled...

  8. A Survey of Visualization Tools Assessed for Anomaly-Based Intrusion Detection Analysis

    Science.gov (United States)

    2014-04-01

    known set behaviors and detected intrusions (5). Host-based was the first IDS ever designed to audit information provided by a mainframe (6). It...performed its audit locally or on separate machines (6). A shift in computing from mainframe environments to distributed workstation networks was the

  9. A Retroactive-Burst Framework for Automated Intrusion Response System

    Directory of Open Access Journals (Sweden)

    Alireza Shameli-Sendi

    2013-01-01

    Full Text Available The aim of this paper is to present an adaptive and cost-sensitive model to prevent security intrusions. In most automated intrusion response systems, response selection is performed locally based on current threat without using the knowledge of attacks history. Another challenge is that a group of responses are applied without any feedback mechanism to measure the response effect. We address these problems through retroactive-burst execution of responses and a Response Coordinator (RC mechanism, the main contributions of this work. The retroactive-burst execution consists of several burst executions of responses with, at the end of each burst, a mechanism for measuring the effectiveness of the applied responses by the risk assessment component. The appropriate combination of responses must be considered for each burst execution to mitigate the progress of the attack without necessarily running the next round of responses, because of the impact on legitimate users. In the proposed model, there is a multilevel response mechanism. To indicate which level is appropriate to apply based on the retroactive-burst execution, we get help from a Response Coordinator mechanism. The applied responses can improve the health of Applications, Kernel, Local Services, Network Services, and Physical Status. Based on these indexes, the RC gives a general overview of an attacker’s goal in a distributed environment.

  10. Effects of igneous intrusions on the petroleum system: a review

    NARCIS (Netherlands)

    Senger, Kim; Millett, John; Planke, Sverre; Ogata, Kei; Eide, Christian Haug; Festøy, Marte; Galland, Olivier; Jerram, Dougal A.

    2017-01-01

    Igneous intrusions feature in many sedimentary basins where hydrocarbon exploration and production is continuing. Owing to distinct geophysical property contrasts with siliciclastic host rocks (e.g., higher Vp, density and resistivity than host rocks), intrusions can be easily delineated within data

  11. Prototype of Intrusion Detection Model using UML 5.0 and Forward Engineering

    Directory of Open Access Journals (Sweden)

    Muthaiyan MADIAJAGAN,

    2011-01-01

    Full Text Available In this paper we are using UML (Unified Modeling Language which is the blueprint language between the programmers, analysts, and designer’s for easy representation of pictures or diagrammatic notation with some textual data. Here we are using UML 5.0 to show “prototype of the Intrusion Detection Model” and by explaining it by combining various parts by drawing various UML diagrams such as Use cases and Activity diagrams and Class Diagram using which we show forward engineering using the class diagram of the IDM( Intrusion Detection Model. IDM is a device or software that works on detecting malicious activities by unauthorized users that can cause breach to the security policy within a network.

  12. A Protocol Layer Trust-Based Intrusion Detection Scheme for Wireless Sensor Networks.

    Science.gov (United States)

    Wang, Jian; Jiang, Shuai; Fapojuwo, Abraham O

    2017-05-27

    This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks.

  13. A Protocol Layer Trust-Based Intrusion Detection Scheme for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Jian Wang

    2017-05-01

    Full Text Available This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks.

  14. Reduction of Motion Artifacts and Improvement of R Peak Detecting Accuracy Using Adjacent Non-Intrusive ECG Sensors

    Directory of Open Access Journals (Sweden)

    Minho Choi

    2016-05-01

    Full Text Available Non-intrusive electrocardiogram (ECG monitoring has many advantages: easy to measure and apply in daily life. However, motion noise in the measured signal is the major problem of non-intrusive measurement. This paper proposes a method to reduce the noise and to detect the R peaks of ECG in a stable manner in a sitting arrangement using non-intrusive sensors. The method utilizes two capacitive ECG sensors (cECGs to measure ECG, and another two cECGs located adjacent to the sensors for ECG are added to obtain the information on motion. Then, active noise cancellation technique and the motion information are used to reduce motion noise. To verify the proposed method, ECG was measured indoors and during driving, and the accuracy of the detected R peaks was compared. After applying the method, the sum of sensitivity and positive predictivity increased 8.39% on average and 26.26% maximally in the data. Based on the results, it was confirmed that the motion noise was reduced and that more reliable R peak positions could be obtained by the proposed method. The robustness of the new ECG measurement method will elicit benefits to various health care systems that require noninvasive heart rate or heart rate variability measurements.

  15. An artificial immune system for securing mobile ad hoc networks against intrusion attacks

    Science.gov (United States)

    Hortos, William S.

    2003-08-01

    To mitigate the problem of intrusion attacks by malicious nodes in mobile ad hoc networks (MANETs), security attributes and quantifiable trust levels, unique to the MANET's transient, self-organizing topology, augment or replace traditional protocol metrics of throughput, packet delay and hop-count in the ad hoc route discovery procedures. The new features are unique to the candidate security protocol, which views security as a quality metric to improve the relevance of the routes discovered by established reactive ad hoc routing protocols. Attributes of a secure route are identified in order to define the appropriate metrics to quantify the "level of security" associated with the protocol messaging and the detection of malicious activities by some intrusive nodes. A state vector of features and metrics based on the published Secure Routing Protocol (SRP) for MANETs is constructed to encode network security characteristics. This route discovery protocol mitigates the detrimental effects of various malicious behaviors to provide trustworthy connectivity information. The protocol ensures that fabricated, compromised, or replayed route replies would either be rejected or never reach the querying source node. In this paper, the pattern of values, taken by the state vector of the SRP features in the route request, discovery and reply operations, are analyzed to detect evidence of intrusion attacks by malicious nodes that could lead to denial of service and network shutdown. The pattern analysis applies a technique based on negative selection found in natural immune systems that can detect extraneous patterns in the (nonself) space that is the complement of vector values associated with correct route discovery and route maintenance. The immune system is well-suited to the distributed nature of the MANET. It does not rely on a central controller, but instead uses a distributed detection and response mechanism in order to respond to foreign invaders, mirroring the

  16. Semantic intrusion detection with multisensor data fusion using ...

    Indian Academy of Sciences (India)

    (DBMS) do not target the efficient processing of streams of events in real time. CEP which is a ... and process events in real- time so that downstream applications are driven by true, real-time intelligence (Luckham 2010). .... tiple points where the people might exist, the system uses pressure sensors. Load on each tile is.

  17. Extracting salient features for network intrusion detection using machine learning methods

    Directory of Open Access Journals (Sweden)

    Ralf C. Staudemeyer

    2014-06-01

    Full Text Available This work presents a data preprocessing and feature selection framework to support data mining and network security experts in minimal feature set selection of intrusion detection data. This process is supported by detailed visualisation and examination of class distributions. Distribution histograms, scatter plots and information gain are presented as supportive feature reduction tools. The feature reduction process applied is based on decision tree pruning and backward elimination. This paper starts with an analysis of the KDD Cup '99 datasets and their potential for feature reduction. The dataset consists of connection records with 41 features whose relevance for intrusion detection are not clear. All traffic is either classified `normal' or into the four attack types denial-of-service, network probe, remote-to-local or user-to-root. Using our custom feature selection process, we show how we can significantly reduce the number features in the dataset to a few salient features. We conclude by presenting minimal sets with 4--8 salient features for two-class and multi-class categorisation for detecting intrusions, as well as for the detection of individual attack classes; the performance using a static classifier compares favourably to the performance using all features available. The suggested process is of general nature and can be applied to any similar dataset.

  18. Improving Accuracy of Intrusion Detection Model Using PCA and optimized SVM

    Directory of Open Access Journals (Sweden)

    Sumaiya Thaseen Ikram

    2016-06-01

    Full Text Available Intrusion detection is very essential for providing security to different network domains and is mostly used for locating and tracing the intruders. There are many problems with traditional intrusion detection models (IDS such as low detection capability against unknown network attack, high false alarm rate and insufficient analysis capability. Hence the major scope of the research in this domain is to develop an intrusion detection model with improved accuracy and reduced training time. This paper proposes a hybrid intrusiondetection model by integrating the principal component analysis (PCA and support vector machine (SVM. The novelty of the paper is the optimization of kernel parameters of the SVM classifier using automatic parameter selection technique. This technique optimizes the punishment factor (C and kernel parameter gamma (γ, thereby improving the accuracy of the classifier and reducing the training and testing time. The experimental results obtained on the NSL KDD and gurekddcup dataset show that the proposed technique performs better with higher accuracy, faster convergence speed and better generalization. Minimum resources are consumed as the classifier input requires reduced feature set for optimum classification. A comparative analysis of hybrid models with the proposed model is also performed.

  19. PLC backplane analyzer for field forensics and intrusion detection

    Energy Technology Data Exchange (ETDEWEB)

    Mulder, John; Schwartz, Moses Daniel; Berg, Michael; Van Houten, Jonathan Roger; Urrea, Jorge Mario; King, Michael Aaron; Clements, Abraham Anthony; Trent, Jason; Depoy, Jennifer M; Jacob, Joshua

    2015-05-12

    The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded to an analyzer system to determine whether the control data contains a data anomaly. The content of the copy of the control data can be compared with a previously captured baseline data content, where the baseline data can be captured for a same operational state as the subsequently captured control data.

  20. A comparative performance evaluation of intrusion detection techniques for hierarchical wireless sensor networks

    Directory of Open Access Journals (Sweden)

    H.H. Soliman

    2012-11-01

    Full Text Available An explosive growth in the field of wireless sensor networks (WSNs has been achieved in the past few years. Due to its important wide range of applications especially military applications, environments monitoring, health care application, home automation, etc., they are exposed to security threats. Intrusion detection system (IDS is one of the major and efficient defensive methods against attacks in WSN. Therefore, developing IDS for WSN have attracted much attention recently and thus, there are many publications proposing new IDS techniques or enhancement to the existing ones. This paper evaluates and compares the most prominent anomaly-based IDS systems for hierarchical WSNs and identifying their strengths and weaknesses. For each IDS, the architecture and the related functionality are briefly introduced, discussed, and compared, focusing on both the operational strengths and weakness. In addition, a comparison of the studied IDSs is carried out using a set of critical evaluation metrics that are divided into two groups; the first one related to performance and the second related to security. Finally based on the carried evaluation and comparison, a set of design principles are concluded, which have to be addressed and satisfied in future research of designing and implementing IDS for WSNs.

  1. Research on regional intrusion prevention and control system based on target tracking

    Science.gov (United States)

    Liu, Yanfei; Wang, Jieling; Jiang, Ke; He, Yanhui; Wu, Zhilin

    2017-08-01

    In view of the fact that China’s border is very long and the border prevention and control measures are single, we designed a regional intrusion prevention and control system which based on target-tracking. The system consists of four parts: solar panel, radar, electro-optical equipment, unmanned aerial vehicle and intelligent tracking platform. The solar panel provides independent power for the entire system. The radar detects the target in real time and realizes the high precision positioning of suspicious targets, then through the linkage of electro-optical equipment, it can achieve full-time automatic precise tracking of targets. When the target appears within the range of detection, the drone will be launched to continue the tracking. The system is mainly to realize the full time, full coverage, whole process integration and active realtime control of the border area.

  2. Diagnostic Indicators for Shipboard Mechanical Systems Using Non-Intrusive Load Monitoring

    National Research Council Canada - National Science Library

    McKay, Thomas D

    2006-01-01

    This thesis examines the use of Non-intrusive Load Monitoring (NILM) in auxiliary shipboard systems, such as a low pressure air system, to determine the state of equipment in larger connected systems, such as the main propulsion engines...

  3. A Distributed Intrusion Detection Scheme about Communication Optimization in Smart Grid

    Directory of Open Access Journals (Sweden)

    Yunfa Li

    2013-01-01

    Full Text Available We first propose an efficient communication optimization algorithm in smart grid. Based on the optimization algorithm, we propose an intrusion detection algorithm to detect malicious data and possible cyberattacks. In this scheme, each node acts independently when it processes communication flows or cybersecurity threats. And neither special hardware nor nodes cooperation is needed. In order to justify the feasibility and the availability of this scheme, a series of experiments have been done. The results show that it is feasible and efficient to detect malicious data and possible cyberattacks with less computation and communication cost.

  4. Does the Magma intrusion at Long Valley caldera (California) drive the detected ground deformation?

    Science.gov (United States)

    Tizzani, Pietro

    2010-05-01

    The Long Valley caldera (California) formed ~760,000 yr ago following the massive eruption of the Bishop Tuff. Postcaldera volcanism in the Long Valley volcanic field includes lava domes as young as 650 yr. In the last two decades the caldera region has experienced an unrest phenomenon characterized by uplift of the resurgent dome and earthquake activity followed by periods of relative quiescence. More specifically, the analysis performed on spatial dense InSAR deformation map and time series, detected via Small BAseline Subset (SBAS) techniques, revealed that the deformation trend has been characterized by a slow background uplift (1992-1997) followed by an a 1997-1998 unrest phenomenon and a 1998-2000 subsidence phase. The cause of unrest is still debated, and hypotheses range from hybrid sources (e.g., magma with a high percentage of volatiles) to hydrothermal fluid intrusion. In order to clarify the shape, size and spatial orientation of the stress source, an analytical optimization model of ground deformation based on differential synthetic aperture radar interferometry (InSAR), global positioning system (GPS), two-color electronic distance meter (EDM) was performed. Finally, the joint analysis that considers space based geodetic measurements and microgravity data, we are able to discriminate the nature of the causative unrest's source.

  5. Towards effective and robust list-based packet filter for signature-based network intrusion detection: an engineering approach

    DEFF Research Database (Denmark)

    Meng, Weizhi; Li, Wenjuan; Kwok, Lam For

    2017-01-01

    Network intrusion detection systems (NIDSs) which aim to identify various attacks, have become an essential part of current security infrastructure. In particular, signature-based NIDSs are being widely implemented in industry due to their low rate of false alarms. However, the signature matching...... this problem, packet filtration is a promising solution to reduce unwanted traffic. Motivated by this, in this work, a list-based packet filter was designed and an engineering method of combining both blacklist and whitelist techniques was introduced. To further secure such filters against IP spoofing attacks...

  6. Distributed intrusion monitoring system with fiber link backup and on-line fault diagnosis functions

    Science.gov (United States)

    Xu, Jiwei; Wu, Huijuan; Xiao, Shunkun

    2014-12-01

    A novel multi-channel distributed optical fiber intrusion monitoring system with smart fiber link backup and on-line fault diagnosis functions was proposed. A 1× N optical switch was intelligently controlled by a peripheral interface controller (PIC) to expand the fiber link from one channel to several ones to lower the cost of the long or ultra-long distance intrusion monitoring system and also to strengthen the intelligent monitoring link backup function. At the same time, a sliding window auto-correlation method was presented to identify and locate the broken or fault point of the cable. The experimental results showed that the proposed multi-channel system performed well especially whenever any a broken cable was detected. It could locate the broken or fault point by itself accurately and switch to its backup sensing link immediately to ensure the security system to operate stably without a minute idling. And it was successfully applied in a field test for security monitoring of the 220-km-length national borderline in China.

  7. Tracking salinity intrusions in a coastal forested freshwater wetland system

    Science.gov (United States)

    Anand D. Jayakaran; Thomas M. Williams; William H. Conner

    2016-01-01

    Coastal forested freshwater wetlands are sentinel sites for salinity intrusions associated with large, tidally influenced, storm-driven or drought-induced incursions of estuarine waters into freshwater ecosystems. These incursions may also be exacerbated by rising sea levels associated with climate change.

  8. Applying long short-term memory recurrent neural networks to intrusion detection

    Directory of Open Access Journals (Sweden)

    Ralf C. Staudemeyer

    2015-07-01

    Full Text Available We claim that modelling network traffic as a time series with a supervised learning approach, using known genuine and malicious behaviour, improves intrusion detection. To substantiate this, we trained long short-term memory (LSTM recurrent neural networks with the training data provided by the DARPA / KDD Cup ’99 challenge. To identify suitable LSTM-RNN network parameters and structure we experimented with various network topologies. We found networks with four memory blocks containing two cells each offer a good compromise between computational cost and detection performance. We applied forget gates and shortcut connections respectively. A learning rate of 0.1 and up to 1,000 epochs showed good results. We tested the performance on all features and on extracted minimal feature sets respectively. We evaluated different feature sets for the detection of all attacks within one network and also to train networks specialised on individual attack classes. Our results show that the LSTM classifier provides superior performance in comparison to results previously published results of strong static classifiers. With 93.82% accuracy and 22.13 cost, LSTM outperforms the winning entries of the KDD Cup ’99 challenge by far. This is due to the fact that LSTM learns to look back in time and correlate consecutive connection records. For the first time ever, we have demonstrated the usefulness of LSTM networks to intrusion detection.

  9. Novel Non-Intrusive Vibration Monitoring System for Turbopumps, Phase I

    Data.gov (United States)

    National Aeronautics and Space Administration — AI Signal Research, Inc. proposes to develop a Non-Intrusive Vibration Measurement System (NI-VMS) for turbopumps which will provide effective on-board/off-board...

  10. Multi-Use Non-Intrusive Flow Characterization System (FCS), Phase I

    Data.gov (United States)

    National Aeronautics and Space Administration — The innovation is a Multi-Use Non-Intrusive Flow Characterization System (FCS) for densified, normal boiling point, and two-phase cryogenic flows, capable of...

  11. Multi-Use Non-Intrusive Flow Characterization System (FCS) Project

    Data.gov (United States)

    National Aeronautics and Space Administration — The product of the Phase II effort will be a Multi-Use Non-Intrusive Flow Characterization System (FCS) for densified, normal boiling point, and two-phase cryogenic...

  12. Novel Non-Intrusive Vibration Monitoring System for Turbopumps, Phase II

    Data.gov (United States)

    National Aeronautics and Space Administration — ASRI proposes to develop an advanced and commercially viable Non-Intrusive Vibration Monitoring System (NI-VMS) which can provide effective on-line/off-line engine...

  13. Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection

    Science.gov (United States)

    Levchuk, Georgiy; Colonna-Romano, John; Eslami, Mohammed

    2017-05-01

    The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP's host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.

  14. Multi-Centrality Graph Spectral Decompositions and Their Application to Cyber Intrusion Detection

    Energy Technology Data Exchange (ETDEWEB)

    Chen, Pin-Yu; Choudhury, Sutanay; Hero, Alfred

    2016-03-01

    Many modern datasets can be represented as graphs and hence spectral decompositions such as graph principal component analysis (PCA) can be useful. Distinct from previous graph decomposition approaches based on subspace projection of a single topological feature, e.g., the centered graph adjacency matrix (graph Laplacian), we propose spectral decomposition approaches to graph PCA and graph dictionary learning that integrate multiple features, including graph walk statistics, centrality measures and graph distances to reference nodes. In this paper we propose a new PCA method for single graph analysis, called multi-centrality graph PCA (MC-GPCA), and a new dictionary learning method for ensembles of graphs, called multi-centrality graph dictionary learning (MC-GDL), both based on spectral decomposition of multi-centrality matrices. As an application to cyber intrusion detection, MC-GPCA can be an effective indicator of anomalous connectivity pattern and MC-GDL can provide discriminative basis for attack classification.

  15. The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware

    Energy Technology Data Exchange (ETDEWEB)

    Tierney, Brian L; Vallentin, Matthias; Sommer, Robin; Lee, Jason; Leres, Craig; Paxson, Vern; Tierney, Brian

    2007-09-19

    In this work we present a NIDS cluster as a scalable solution for realizing high-performance, stateful network intrusion detection on commodity hardware. The design addresses three challenges: (i) distributing traffic evenly across an extensible set of analysis nodes in a fashion that minimizes the communication required for coordination, (ii) adapting the NIDS's operation to support coordinating its low-level analysis rather than just aggregating alerts; and (iii) validating that the cluster produces sound results. Prototypes of our NIDS cluster now operate at the Lawrence Berkeley National Laboratory and the University of California at Berkeley. In both environments the clusters greatly enhance the power of the network security monitoring.

  16. Intrusion detection on oil pipeline right of way using monogenic signal representation

    Science.gov (United States)

    Nair, Binu M.; Santhaseelan, Varun; Cui, Chen; Asari, Vijayan K.

    2013-05-01

    We present an object detection algorithm to automatically detect and identify possible intrusions such as construction vehicles and equipment on the regions designated as the pipeline right-of-way (ROW) from high resolution aerial imagery. The pipeline industry has buried millions of miles of oil pipelines throughout the country and these regions are under constant threat of unauthorized construction activities. We propose a multi-stage framework which uses a pyramidal template matching scheme in the local phase domain by taking a single high resolution training image to classify a construction vehicle. The proposed detection algorithm makes use of the monogenic signal representation to extract the local phase information. Computing the monogenic signal from a two dimensional object region enables us to separate out the local phase information (structural details) from the local energy (contrast) thereby achieving illumination invariance. The first stage involves the local phase based template matching using only a single high resolution training image in a local region at multiple scales. Then, using the local phase histogram matching, the orientation of the detected region is determined and a voting scheme gives a certain weightage to the resulting clusters. The final stage involves the selection of clusters based on the number of votes attained and using the histogram of oriented phase feature descriptor, the object is located at the correct orientation and scale. The algorithm is successfully tested on four different datasets containing imagery with varying image resolution and object orientation.

  17. Preliminary experimental results for a non-intrusive scheme for the detection of flaws in metal pipelines

    Science.gov (United States)

    Aydin, K.; Shinde, S.; Suhail, M.; Vyas, A.; Zieher, K. W.

    2002-05-01

    An acoustic pulse echo scheme for non-intrusive detection of flaws in metal pipelines has been investigated in the laboratory. The primary pulse is generated by a pulsed magnetic field enclosing a short section of a free pipe. The detection is by an electrostatic detector surrounding a short section of the pipe. Reflected pulses from thin areas, with a longitudinal extension of about one pipe radius and a reduction of the wall thickness of 40%, can be detected clearly.

  18. Perimeter intrusion sensors

    International Nuclear Information System (INIS)

    Eaton, M.J.

    1977-01-01

    To obtain an effective perimeter intrusion detection system requires careful sensor selection, procurement, and installation. The selection process involves a thorough understanding of the unique site features and how these features affect the performance of each type of sensor. It is necessary to develop procurement specifications to establish acceptable sensor performance limits. Careful explanation and inspection of critical installation dimensions is required during on-site construction. The implementation of these activities at a particular site is discussed

  19. AN ENERGY EFFICIENT, MINIMALLY INTRUSIVE MULTI-SENSOR INTELLIGENT SYSTEM FOR HEALTH MONITORING OF ELDERLY PEOPLE

    OpenAIRE

    Samanta, N.; Chanda, A.K.; RoyChaudhuri, C.

    2017-01-01

    Most of the existing systems for elderly health monitoring deploy a large number of cognitive sensors including wearable sensors for physiological parameter measurement. Increasing number of sensors not only make the system power consuming and expensive but also intrusive in nature. However, there exists very limited research on power saving algorithms in such systems incorporating customer friendly features. In this paper, we report a modified health monitoring system which addresses both th...

  20. Intrusion Learning: An Overview of an Emergent Discipline

    Directory of Open Access Journals (Sweden)

    Tony Bailetti

    2016-02-01

    Full Text Available The purpose of this article is to provide a definition of intrusion learning, identify its distinctive aspects, and provide recommendations for advancing intrusion learning as a practice domain. The authors define intrusion learning as the collection of online network algorithms that learn from and monitor streaming network data resulting in effective intrusion-detection methods for enabling the security and resiliency of enterprise systems. The network algorithms build on advances in cyber-defensive and cyber-offensive capabilities. Intrusion learning is an emerging domain that draws from machine learning, intrusion detection, and streaming network data. Intrusion learning offers to significantly enhance enterprise security and resiliency through augmented perimeter defense and may mitigate increasing threats facing enterprise perimeter protection. The article will be of interest to researchers, sponsors, and entrepreneurs interested in enhancing enterprise security and resiliency.

  1. Description, operation, and diagnostic routines for the adaptive intrusion data system

    International Nuclear Information System (INIS)

    Corlis, N.E.; Johnson, C.S.

    1978-03-01

    An Adaptive Intrusion Data System (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data compression, storage, and formatting system. It also incorporates a capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be utilized for the collection of environmental, bi-metal, analog, and video data. This manual covers the procedures for operating AIDS. Instructions are given to guide the operator in software programming and control option selections required to program AIDS for data collection. Software diagnostic programs are included in this manual as a method of isolating system problems

  2. Pemanfaatan IPTables Sebagai Intrusion Detection System (IDS dan Intrusion Prevention System (IPS Pada Linux Server

    Directory of Open Access Journals (Sweden)

    Ery Setiyawan Jullev Atmadji

    2018-01-01

    Full Text Available Keamanan jaringan menjadi hal yang penting untuk semua industri dan perusahaan untuk melindungi data dan informasi penting yang berada didalamnnya. Perlindungan keamanan dalam suatu jaringan umumnya berbasis pada keamanan transmisi data yang dibuat dan diaplikasikan untuk membantu mengamankan suatu jaringan tertentu. Untuk lebih mengoptimalkan pengambilan keputusan maka diperlukan sebuah mesin yang mampu berkolaborasi dengan database IDS maupun IPS, sehingga tipikal serangan yang sangat beragam dapat dipetakan dengan lebih optimal. Salah satu database yang mempunyai rule yang sudah ada adalah IPTABLES, hal ini dikarenakan pada IPTABLES terdapat fungsi firewall yang mampu menangani jenis serangan yang berlipat serta masif. Server yang akan digunakan adalah server dengan sistem operasi Linux. Sedangkan database serangan IDS yang digunakan adalah database KDD 99 yang sudah diakui sebagai salah satu database serangan yang sangat kompleks. Dengan pemanfaatan IPTABLES ini maka diharapkan keamanan server akan bisa dimonitor dengan lebih optimal. IPTABLES biasanya digunakan sebagai salah satu firewall yang digunakan pada server.

  3. Ensemble regression model-based anomaly detection for cyber-physical intrusion detection in smart grids

    DEFF Research Database (Denmark)

    Kosek, Anna Magdalena; Gehrke, Oliver

    2016-01-01

    on an ensemble of non-linear artificial neural network DER models which detect and evaluate anomalies in DER operation. The proposed method is validated against measurement data which yields a precision of 0.947 and an accuracy of 0.976. This improves the precision and accuracy of a classic model-based anomaly...

  4. Performance Assessment of Network Intrusion-Alert Prediction

    Science.gov (United States)

    2012-09-01

    through honeypots, machines explicitly designated solely to learn the methods used by black-hats to probe and hack a system so that a network...Maintaining access Miscellanous Reverse engineering RFID tools Table 3. BackTrack Intrusion-detection System/Intrusion-prevention System Penetration

  5. Characterization of Extremely Lightweight Intrusion Detection (ELIDe) Power Utilization by Varying N-gram and Hash Length

    Science.gov (United States)

    2015-09-01

    Utilization by Varying N- gram and Hash Length by Garrett S Payer, Ken F Yu, and Richard E Harang Approved for public... gram and Hash Length by Garrett S Payer, Ken F Yu, and Richard E Harang Computational and Information Sciences Directorate, ARL...Characterization of Extremely Lightweight Intrusion Detection (ELIDe) Power Utilization by Varying N- gram and Hash Length 5a. CONTRACT NUMBER 5b. GRANT

  6. An Analysis of Security System for Intrusion in Smartphone Environment

    Directory of Open Access Journals (Sweden)

    Maya Louk

    2014-01-01

    Full Text Available There are many malware applications in Smartphone. Smartphone’s users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone—whether for business or personal use—may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecting Smartphone and isolating malware and sending warning in the form of notification to the user about the danger in progress. In particular, (a MDTN process is possible and will be enabled for Smartphone environment. (b The methods are shown to be an advanced security for private sensitive data of the Smartphone user.

  7. Implementation of Karp-Rabin string matching algorithm in reconfigurable hardware for network intrusion prevention system

    Science.gov (United States)

    Botwicz, Jakub; Buciak, Piotr; Sapiecha, Piotr

    2006-03-01

    Intrusion Prevention Systems (IPSs) have become widely recognized as a powerful tool and an important element of IT security safeguards. The essential feature of network IPSs is searching through network packets and matching multiple strings, that are fingerprints of known attacks. String matching is highly resource consuming and also the most significant bottleneck of IPSs. In this article an extension of the classical Karp-Rabin algorithm and its implementation architectures were examined. The result is a software, which generates a source code of a string matching module in hardware description language, that could be easily used to create an Intrusion Prevention System implemented in reconfigurable hardware. The prepared module matches the complete set of Snort IPS signatures achieving throughput of over 2 Gbps on an Altera Stratix I1 evaluation board. The most significant advantage of the proposed architecture is that the update of the patterns database does not require reconfiguration of the circuitry.

  8. iSSH v. Auditd: Intrusion Detection in High Performance Computing

    Energy Technology Data Exchange (ETDEWEB)

    Karns, David M. [Los Alamos National Laboratory; Protin, Kathryn S. [Los Alamos National Laboratory; Wolf, Justin G. [Los Alamos National Laboratory

    2012-07-30

    The goal is to provide insight into intrusions in high performance computing, focusing on tracking intruders motions through the system. The current tools, such as pattern matching, do not provide sufficient tracking capabilities. We tested two tools: an instrumented version of SSH (iSSH) and Linux Auditing Framework (Auditd). First discussed is Instrumented Secure Shell (iSSH): a version of SSH developed at Lawrence Berkeley National Laboratory. The goal is to audit user activity within a computer system to increase security. Capabilities are: Keystroke logging, Records user names and authentication information, and Catching suspicious remote and local commands. Strengths for iSSH are: (1) Good for keystroke logging, making it easier to track malicious users by catching suspicious commands; (2) Works with Bro to send alerts; could be configured to send pages to systems administrators; and (3) Creates visibility into SSH sessions. Weaknesses are: (1) Relatively new, so not very well documented; and (2) No capabilities to see if files have been edited, moved, or copied within the system. Second we discuss Auditd, the user component of the Linux Auditing System. It creates logs of user behavior, and monitors systems calls and file accesses. Its goal is to improve system security by keeping track of users actions within the system. Strenghts of Auditd are: (1) Very thorough logs; (2) Wider variety of tracking abilities than iSSH; and (3) Older, so better documented. Weaknesses are: (1) Logs record everything, not just malicious behavior; (2) The size of the logs can lead to overflowing directories; and (3) This level of logging leads to a lot of false alarms. Auditd is better documented than iSSH, which would help administrators during set up and troubleshooting. iSSH has a cleaner notification system, but the logs are not as detailed as Auditd. From our performance testing: (1) File transfer speed using SCP is increased when using iSSH; and (2) Network benchmarks

  9. Cybersecurity managing systems, conducting testing, and investigating intrusions

    CERN Document Server

    Mowbray, Thomas J

    2013-01-01

    A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a usef

  10. Neural methods based on modified reputation rules for detection and identification of intrusion attacks in wireless ad hoc sensor networks

    Science.gov (United States)

    Hortos, William S.

    2010-04-01

    Determining methods to secure the process of data fusion against attacks by compromised nodes in wireless sensor networks (WSNs) and to quantify the uncertainty that may exist in the aggregation results is a critical issue in mitigating the effects of intrusion attacks. Published research has introduced the concept of the trustworthiness (reputation) of a single sensor node. Reputation is evaluated using an information-theoretic concept, the Kullback- Leibler (KL) distance. Reputation is added to the set of security features. In data aggregation, an opinion, a metric of the degree of belief, is generated to represent the uncertainty in the aggregation result. As aggregate information is disseminated along routes to the sink node(s), its corresponding opinion is propagated and regulated by Josang's belief model. By applying subjective logic on the opinion to manage trust propagation, the uncertainty inherent in aggregation results can be quantified for use in decision making. The concepts of reputation and opinion are modified to allow their application to a class of dynamic WSNs. Using reputation as a factor in determining interim aggregate information is equivalent to implementation of a reputation-based security filter at each processing stage of data fusion, thereby improving the intrusion detection and identification results based on unsupervised techniques. In particular, the reputation-based version of the probabilistic neural network (PNN) learns the signature of normal network traffic with the random probability weights normally used in the PNN replaced by the trust-based quantified reputations of sensor data or subsequent aggregation results generated by the sequential implementation of a version of Josang's belief model. A two-stage, intrusion detection and identification algorithm is implemented to overcome the problems of large sensor data loads and resource restrictions in WSNs. Performance of the twostage algorithm is assessed in simulations of WSN

  11. Human intrusion

    International Nuclear Information System (INIS)

    Hora, S.; Neill, R.; Williams, R.; Bauser, M.; Channell, J.

    1993-01-01

    This paper focused on the possible approaches to evaluating the impacts of human intrusion on nuclear waste disposal. Several major issues were reviewed. First, it was noted that human intrusion could be addressed either quantitatively through performance assessments or qualitatively through design requirements. Second, it was decided that it was impossible to construct a complete set of possible future human intrusion scenarios. Third, the question of when the effect of possible human intrusion should be considered, before or after site selection was reviewed. Finally, the time frame over which human intrusion should be considered was discussed

  12. Torque Control During Intrusion on Upper Central Incisor in Labial and Lingual bracket System - A 3D Finite Element Study.

    Science.gov (United States)

    Pol, Tejas R; Vandekar, Meghna; Patil, Anuradha; Desai, Sanjana; Shetty, Vikram; Hazarika, Saptarshi

    2018-01-01

    The aim of present study was to investigate the difference of torque control during intrusive force on upper central incisors with normal, under and high torque in lingual and labial orthodontic systems through 3D finite element analysis. Six 3D models of an upper right central incisor with different torque were designed in Solid Works 2006. Software ANSYS Version 16.0 was used to evaluate intrusive force on upper central incisor model . An intrusive force of 0.15 N was applied to the bracket slot in different torque models and the displacements along a path of nodes in the upper central incisor was assessed. On application of Intrusive force on under torqued upper central incisor in Labial system produce labial crown movement but in Lingual system caused lingual movement in the apical and incisal parts. The same intrusive force in normal-torqued central incisor led to a palatal movement in apical and labial displacement of incisal edge in Lingual system and a palatal displacement in apical area and a labial movement in the incisal edge in Labial systemin. In overtorqued upper central incisor, the labial crown displacement in Labial system is more than Lingual system. In labial and lingual system on application of the same forces in upper central incisor with different inclinations showed different responses. The magnitudes of torque Loss during intrusive loads in incisors with normal, under and over-torque were higher in Labial system than Lingual orthodontic appliances. Key words: FEM, lingual orthodontics, intrusion, torque control, labial bracket systems.

  13. A Multi Agent System for Flow-Based Intrusion Detection

    Science.gov (United States)

    2013-03-01

    Trojans often utilize social -engineering in order to install themselves on the host-computer [131]. Rather than focusing on the Trojan itself, the...requires subtle differences in its methodology. For instance, the autonomous behavior of the agents as well as their distribution, social and...Lenguajes y Ciencias de la Computación, University of Málaga, E.T.S.I. Informática, Campus de Teatinos, December 2006. [52] Erdos, P. and A. Rényi. “On

  14. PENERAPAN NAIVE BAYES PADA INTRUSION DETECTION SYSTEM DENGAN DISKRITISASI VARIABEL

    Directory of Open Access Journals (Sweden)

    I Nyoman Trisna Wirawan

    2015-07-01

    Pada penelitian ini akan dibahas mengenai penerapan naive bayes classifier dengan menggunakan pemilihan atribut berdasarkan pada korelasi serta preprocessing data dengan diskritisasi dengan menggunakan metode mean/standar deviasi untuk atribut kontinu dengan menggunakan 3-interval dan 5-interval. Hasil percobaan menunjukan bahwa penerapan naive bayes pada klasifikasi data yang telah melewati proses diskritisasi mampu memberikan akurasi hingga 89% dengan running time rata-rata adalah 31 detik.

  15. Thutmose - Investigation of Machine Learning-Based Intrusion Detection Systems

    Science.gov (United States)

    2016-06-01

    3.2.8 ICS and SCADA ...classification model re-trained? Is the existing model updated or is it replaced with a new one? • How often is the model re-trained and how much new...run as each one processed more quickly, leading to less variance in results. 3.2.8 ICS and SCADA . Having been granted access to Industrial Control

  16. Non-intrusive appliance load monitoring system based on a modern kWh-meter

    Energy Technology Data Exchange (ETDEWEB)

    Pihala, H. [VTT Energy, Espoo (Finland). Energy Systems

    1998-12-01

    Non-intrusive appliance load monitoring (NIALM) is a fairly new method to estimate load profiles of individual electric appliances in a small building, like a household, by monitoring the whole load at a single point with one recording device without sub-meters. Appliances have special electrical characteristics, the positive and negative active and reactive power changes during the time they are switched on or off. These changes are called events and are detected with a monitoring device called an event recorder. Different NIALM-concepts developed in Europe and in the United States are generally discussed. The NIALM-concept developed in this study is based on a 3-phase, power quality monitoring kWh-meter and unique load identification algorithms. This modern kWh-meter with a serial data bus to a laptop personal computer is used as die event recorder. The NIALM-concept of this presentation shows for the first time how a kWh-meter can be used at the same time for billing, power quality and appliance end-use monitoring. An essential part of the developed NIALM-system prototype is the software of load identification algorithms which runs in an off-line personal computer. These algorithms are able to identify, with a certain accuracy, both two-state and multi-state appliances. This prototype requires manual-setup in which the naming of appliances is performed. The results of the prototype NIALMS were verified in a large, single family detached house and they were compared to the results of other prototypes in France and the United States, although this comparison is difficult because of different supply systems, appliance stock and number of tested sites. Different applications of NIALM are discussed. Gathering of load research data, verification of DSM-programs, home automation, failure analysis of appliances and security surveillance of buildings are interesting areas of NIALM. Both utilities and customers can benefit from these applications. It is possible to

  17. Reactive and multiphase modelling for the identification of monitoring parameters to detect CO2 intrusion into freshwater aquifers

    Science.gov (United States)

    Fahrner, S.; Schaefer, D.; Wiegers, C.; Köber, R.; Dahmke, A.

    2011-12-01

    A monitoring at geological CO2 storage sites has to meet environmental, regulative, financial and public demands and thus has to enable the detection of CO2 leakages. Current monitoring concepts for the detection of CO2 intrusion into freshwater aquifers located above saline storage formations in course of leakage events lack the identification of monitoring parameters. Their response to CO2 intrusion still has to be enlightened. Scenario simulations of CO2 intrusion in virtual synthetic aquifers are performed using the simulators PhreeqC and TOUGH2 to reveal relevant CO2-water-mineral interactions and multiphase behaviour on potential monitoring parameters. The focus is set on pH, total dissolved inorganic carbon (TIC) and the hydroelectric conductivity (EC). The study aims at identifying at which conditions the parameters react rapidly, durable and in a measurable degree. The depth of the aquifer, the mineralogy, the intrusion rates, the sorption specification and capacities, and groundwater flow velocities are varied in the course of the scenario modelling. All three parameters have been found suited in most scenarios. However, in case of a lack of calcite combined with low saturation of the water with respect to CO2 and shallow conditions, changes are close to the measurement resolution. Predicted changes in EC result from the interplay between carbonic acid production and its dissociation, and pH buffering by mineral dissolution. The formation of a discrete gas phase in cases of full saturation of the groundwater in confined aquifers illustrates the potential bipartite resistivity response: An increased hydroelectric conductivity at locations with dissolved CO2, and a high resistivity where the gas phase dominates the pore volume occupation. Increased hydrostatic pressure with depth and enhanced groundwater flow velocities enforce gas dissolution and diminish the formation of a discrete gas phase. Based on the results, a monitoring strategy is proposed which

  18. Cyber-intrusion Auto-response and Policy Management System (CAPMS)

    Energy Technology Data Exchange (ETDEWEB)

    Lusk, Steve [ViaSat Inc., Boston, MA (United States); Lawrence, David [Duke Energy, Charlotte, NC (United States); Suvana, Prakash [Southern California Edison, Rosemead, CA (United States)

    2015-11-11

    The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and value of the system for the future.

  19. Monitoring and Assessment of Saltwater Intrusion using Geographic Information Systems (GIS), Remote Sensing and Geophysical measurements of Guimaras Island, Philippines

    Science.gov (United States)

    Hernandez, B. C. B.

    2015-12-01

    Degrading groundwater quality due to saltwater intrusion is one of the key challenges affecting many island aquifers. These islands hold limited capacity for groundwater storage and highly dependent on recharge due to precipitation. But its ease of use, natural storage and accessibility make it more vulnerable to exploitation and more susceptible to encroachment from its surrounding oceanic waters. Estimating the extent of saltwater intrusion and the state of groundwater resources are important in predicting and managing water supply options for the community. In Guimaras island, central Philippines, increasing settlements, agriculture and tourism are causing stresses on its groundwater resource. Indications of saltwater intrusion have already been found at various coastal areas in the island. A Geographic Information Systems (GIS)-based approach using the GALDIT index was carried out. This includes six parameters assessing the seawater intrusion vulnerability of each hydrogeologic setting: Groundwater occurrence, Aquifer hydraulic conductivity, Groundwater Level above sea, Distance to shore, Impact of existing intrusion and Thickness of Aquifer. To further determine the extent of intrusion, Landsat images of various thematic layers were stacked and processed for unsupervised classification and electrical resistivity tomography using a 28-electrode system with array lengths of 150 and 300 meters was conducted. The GIS index showed where the vulnerable areas are located, while the geophysical measurements and images revealed extent of seawater encroachment along the monitoring wells. These results are further confirmed by the measurements collected from the monitoring wells. This study presents baseline information on the state of groundwater resources and increase understanding of saltwater intrusion dynamics in island ecosystems by providing a guideline for better water resource management in the Philippines.

  20. Morphologic and hemodynamic analysis of dental pulp in dogs after molar intrusion with the skeletal anchorage system.

    Science.gov (United States)

    Konno, Yuichi; Daimaruya, Takayoshi; Iikubo, Masahiro; Kanzaki, Reiko; Takahashi, Ichiro; Sugawara, Junji; Sasano, Takashi

    2007-08-01

    We have successfully treated skeletal open bite by intruding posterior teeth with the skeletal anchorage system. Our aim in this study was to morphologically and hemodynamically evaluate the changes in pulp tissues when molars are radically intruded. The mandibular fourth premolars of 9 adult beagle dogs were divided into 3 groups: a sham operated group (n = 6, 3 dogs), 4-month intrusion group (n = 6, 3 dogs), and a further 4-month retention group (n = 6, 3 dogs). We evaluated the morphological changes of the pulp and dentin-the amount of vacuolar degeneration in the odontoblast layer, the predentin width and nervous continuity in the pulp tissue, and the pulpal blood-flow response evoked by electrical stimulation in the dental pulp. Extreme molar intrusion with the skeletal anchorage system caused slight degenerative changes in the pulp tissue, followed by recovery after the orthodontic force was released. Circulatory system and nervous functions were basically maintained during the intrusion, although a certain level of downregulation was observed. These morphologic and functional regressive changes in the pulp tissue after molar intrusion improved during the retention period. Histologic changes and changes in pulpal blood flow and function are reversible, even during radical intrusion of molars.

  1. Web interactive non intrusive load disaggregation system for active demand in smart grids

    Directory of Open Access Journals (Sweden)

    G.M. Tina

    2014-12-01

    Full Text Available A Smart Grid combines the use of traditional technology with innovative digital solutions, making the management of the electricity grid more flexible. It allows for monitoring, analysis, control and communication within the supply chain to improve efficiency, reduce the energy consumption and cost, and maximize the transparency and reliability of the energy supply chain. The optimization of energy consumption in Smart Grids is possible by using an innovative system based on Non Intrusive Appliance Load Monitoring (NIALM algorithms, in which individual appliance power consumption information is disaggregated from single-point measurements, that provide a feedback in such a way to make energy more visible and more amenable to understanding and control. We contribute with an approach for monitoring consumption of electric power in households based on both a NILM algorithm, that uses a simple load signatures, and a web interactive systems that allows an active role played by users.

  2. Catalog of physical protection equipment. Book 1: Volume II. Intrusion detection components

    Energy Technology Data Exchange (ETDEWEB)

    Haberman, W.

    1977-06-01

    This volume covers acoustic components, microwave/radar components, electro-optic barriers, electric field components, orientation components, ferrous metal detection components, proximity detection components, vibration detection components, seismic components, pressure-sensitive components, pressure mats, continuity components, electrical/magnetic switches, fire detection components, and mechanical contact switches. (DLC)

  3. Catalog of physical protection equipment. Book 1: Volume II. Intrusion detection components

    International Nuclear Information System (INIS)

    Haberman, W.

    1977-06-01

    This volume covers acoustic components, microwave/radar components, electro-optic barriers, electric field components, orientation components, ferrous metal detection components, proximity detection components, vibration detection components, seismic components, pressure-sensitive components, pressure mats, continuity components, electrical/magnetic switches, fire detection components, and mechanical contact switches

  4. Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

    International Nuclear Information System (INIS)

    Lee, Chanyoung; Seong, Poong Hyun

    2016-01-01

    One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is

  5. Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Chanyoung; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is

  6. Portable modular detection system

    Energy Technology Data Exchange (ETDEWEB)

    Brennan, James S [Rodeo, CA; Singh, Anup [Danville, CA; Throckmorton, Daniel J [Tracy, CA; Stamps, James F [Livermore, CA

    2009-10-13

    Disclosed herein are portable and modular detection devices and systems for detecting electromagnetic radiation, such as fluorescence, from an analyte which comprises at least one optical element removably attached to at least one alignment rail. Also disclosed are modular detection devices and systems having an integrated lock-in amplifier and spatial filter and assay methods using the portable and modular detection devices.

  7. Network Analysis of Reconnaissance and Intrusion of an Industrial Control System

    Science.gov (United States)

    2016-09-01

    COVERED (From - To) 07/2014–06/2016 4 . TITLE AND SUBTITLE Network Analysis of Reconnaissance and Intrusion of an Industrial Control System 5a... 0 / 0 10.10.14.0 Fa0/ 0 /1 10.10.15.1 Fa0/ 0 /2 10.10.16.1 2.1.4 Security Configuration 4 : Centralized Switch, IP Netmask Segregation, Separate VLANs...NA 2 4.00 2.83 0 NA NA Local master announcement 138 96 1.00 0.00 1 1.00 NA Microsoft LAN Manager (LANMAN) 139 365 2.61 0.93 4 2.50 1.00 Cisco

  8. Computationally Efficient Neural Network Intrusion Security Awareness

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Milos Manic

    2009-08-01

    An enhanced version of an algorithm to provide anomaly based intrusion detection alerts for cyber security state awareness is detailed. A unique aspect is the training of an error back-propagation neural network with intrusion detection rule features to provide a recognition basis. Network packet details are subsequently provided to the trained network to produce a classification. This leverages rule knowledge sets to produce classifications for anomaly based systems. Several test cases executed on ICMP protocol revealed a 60% identification rate of true positives. This rate matched the previous work, but 70% less memory was used and the run time was reduced to less than 1 second from 37 seconds.

  9. Vapor Intrusion

    Science.gov (United States)

    Vapor intrusion occurs when there is a migration of volatile chemicals from contaminated groundwater or soil into an overlying building. Volatile chemicals can emit vapors that may migrate through subsurface soils and into indoor air spaces.

  10. Using Hybrid Algorithm to Improve Intrusion Detection in Multi Layer Feed Forward Neural Networks

    Science.gov (United States)

    Ray, Loye Lynn

    2014-01-01

    The need for detecting malicious behavior on a computer networks continued to be important to maintaining a safe and secure environment. The purpose of this study was to determine the relationship of multilayer feed forward neural network architecture to the ability of detecting abnormal behavior in networks. This involved building, training, and…

  11. Design and implementation of network attack analysis and detect system

    International Nuclear Information System (INIS)

    Lu Zhigang; Wu Huan; Liu Baoxu

    2007-01-01

    This paper first analyzes the present research state of IDS (intrusion detection system), classifies and compares existing methods. According to the problems existing in IDS, such as false-positives, false-negatives and low information visualization, this paper suggests a system named NAADS which supports multi data sources. Through a series of methods such as clustering analysis, association analysis and visualization, rate of detection and usability of NAADS are increased. (authors)

  12. Detection and recognition of mechanical, digging and vehicle signals in the optical fiber pre-warning system

    Science.gov (United States)

    Tian, Qing; Yang, Dan; Zhang, Yuan; Qu, Hongquan

    2018-04-01

    This paper presents detection and recognition method to locate and identify harmful intrusions in the optical fiber pre-warning system (OFPS). Inspired by visual attention architecture (VAA), the process flow is divided into two parts, i.e., data-driven process and task-driven process. At first, data-driven process takes all the measurements collected by the system as input signals, which is handled by detection method to locate the harmful intrusion in both spatial domain and time domain. Then, these detected intrusion signals are taken over by task-driven process. Specifically, we get pitch period (PP) and duty cycle (DC) of the intrusion signals to identify the mechanical and manual digging (MD) intrusions respectively. For the passing vehicle (PV) intrusions, their strong low frequency component can be used as good feature. In generally, since the harmful intrusion signals only account for a small part of whole measurements, the data-driven process reduces the amount of input data for subsequent task-driven process considerably. Furthermore, the task-driven process determines the harmful intrusions orderly according to their severity, which makes a priority mechanism for the system as well as targeted processing for different harmful intrusion. At last, real experiments are performed to validate the effectiveness of this method.

  13. Non-Intrusive Detection of Soil Properties for Pressure-Driven Processes

    Science.gov (United States)

    2006-11-01

    Fracture Propagation,” Southeastern Geology Society of America Annual Meeting, March 14-15, Jackson, MS, p. 196. Iversen, B.V., P. Schjonning, T.G...landmine detection. J. Acoust. Soc. Am 116(6), p. 3354-3369. Kravchenko, N., C.W. Boast, D.G. Bullock, 1991. Fractal analysis of soil spatial

  14. Quality-of-service sensitivity to bio-inspired/evolutionary computational methods for intrusion detection in wireless ad hoc multimedia sensor networks

    Science.gov (United States)

    Hortos, William S.

    2012-06-01

    In the author's previous work, a cross-layer protocol approach to wireless sensor network (WSN) intrusion detection an identification is created with multiple bio-inspired/evolutionary computational methods applied to the functions of the protocol layers, a single method to each layer, to improve the intrusion-detection performance of the protocol over that of one method applied to only a single layer's functions. The WSN cross-layer protocol design embeds GAs, anti-phase synchronization, ACO, and a trust model based on quantized data reputation at the physical, MAC, network, and application layer, respectively. The construct neglects to assess the net effect of the combined bioinspired methods on the quality-of-service (QoS) performance for "normal" data streams, that is, streams without intrusions. Analytic expressions of throughput, delay, and jitter, coupled with simulation results for WSNs free of intrusion attacks, are the basis for sensitivity analyses of QoS metrics for normal traffic to the bio-inspired methods.

  15. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri

    OpenAIRE

    Ohaeri, Ifeoma Ugochi

    2012-01-01

    With the rapid proliferation of new technologies and services in the wireless domain, spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as a promising solution to the scarcity of spectrum. A basic operation of the CRs is spectrum sensing. Whenever a primary signal is detected, CRs have to vacate the specific spectrum band. Malicious users can mimic incumbent transmitters so as to enforce CRs to vacate the specific band. Cognitive radio networks (CRNs) a...

  16. An innovative non-intrusive driver assistance system for vital signal monitoring.

    NARCIS (Netherlands)

    Sun, Y. & Yu, X.

    2016-01-01

    This paper describes an in-vehicle nonintrusive biopotential measurement system for driver health monitoring and fatigue detection. Previous research has found that the physiological signals including eye features, electrocardiography (ECG), electroencephalography (EEG) and their secondary

  17. Semiconductor radiation detection systems

    CERN Document Server

    2010-01-01

    Covers research in semiconductor detector and integrated circuit design in the context of medical imaging using ionizing radiation. This book explores other applications of semiconductor radiation detection systems in security applications such as luggage scanning, dirty bomb detection and border control.

  18. Underwater laser detection system

    Science.gov (United States)

    Gomaa, Walid; El-Sherif, Ashraf F.; El-Sharkawy, Yasser H.

    2015-02-01

    The conventional method used to detect an underwater target is by sending and receiving some form of acoustic energy. But the acoustic systems have limitations in the range resolution and accuracy; while, the potential benefits of a laserbased underwater target detection include high directionality, high response, and high range accuracy. Lasers operating in the blue-green region of the light spectrum(420 : 570nm)have a several applications in the area of detection and ranging of submersible targets due to minimum attenuation through water ( less than 0.1 m-1) and maximum laser reflection from estimated target (like mines or submarines) to provide a long range of detection. In this paper laser attenuation in water was measured experimentally by new simple method by using high resolution spectrometer. The laser echoes from different targets (metal, plastic, wood, and rubber) were detected using high resolution CCD camera; the position of detection camera was optimized to provide a high reflection laser from target and low backscattering noise from the water medium, digital image processing techniques were applied to detect and discriminate the echoes from the metal target and subtract the echoes from other objects. Extraction the image of target from the scattering noise is done by background subtraction and edge detection techniques. As a conclusion, we present a high response laser imaging system to detect and discriminate small size, like-mine underwater targets.

  19. A two-tier system for web attack detection using linear discriminant method

    NARCIS (Netherlands)

    Tan, Zhiyuan; Jamdagni, Aruna; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping; Jia, Wenjing; Yeh, Wei-chang

    2010-01-01

    Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This

  20. Global positioning system measurements of ground deformation caused by magma intrusion and lava discharge: the 1990 1995 eruption at Unzendake volcano, Kyushu, Japan

    Science.gov (United States)

    Nishi, K.; Ono, H.; Mori, H.

    1999-04-01

    Global positioning system (GPS) measurements made around Unzendake volcano, Kyushu, Japan, since January 1991 have detected ground deformation caused by magma intrusion and lava discharge. In the intermittent phreatic and phreatomagmatic eruption stage, the ground was inflating. After growth of the lava dome and following frequent pyroclastic flows at Unzendake volcano, the ground began deflating. These ground deformations are explained by the inflation and deflation of a Mogi's source model (a point source model) located about 6 km west of the active crater at a depth of 11 km, at an aseismic region. The observed horizontal displacement vectors pointed radially away from the estimated pressure source during inflation and pointed to the pressure source during deflation. The horizontal displacements at the reference GPS station calculated from contraction of the estimated pressure source coincide well with the actual horizontal displacements observed from other GPS baseline systems. These observations validate our estimates for the pressure source. Based on the relation between the deformation volume of the ground surface and the discharged volume of the lava, it is estimated that during the eruption there was magma supply from the deeper portion as well as magma discharge at the crater. Magma is estimated to be supplied to the reservoir at an average rate of 1.1×10 5 m 3/day; magma intrusion began in December 1989 at the latest and continued for 1.9×10 3 days.

  1. Wireless Intrusion Detection

    National Research Council Canada - National Science Library

    Tomko, Albert A; Rieser, Christian J; Buell, Louis H; Zaret, David R; Turner, William M

    2007-01-01

    .... It is shown that the statistics of a set of packet features can be used to fingerprint each packet source in the network, thereby providing a mechanism for identifying rogue node activity, such as a spoofing attack...

  2. Applying a non-intrusive energy-management system to economic dispatch for a cogeneration system and power utility

    Energy Technology Data Exchange (ETDEWEB)

    Chang, Hsueh-Hsien [Dept. of Electrical Engineering, Chung Yuan Christian University, Taoyuan (China); Dept. of Electronic Engineering, Jin Wen University of Science and Technology, Taipei (China); Yang, Hong-Tzer [Dept. of Electrical Engineering, National Cheng Kung University, Tainan (China)

    2009-11-15

    Non-intrusive energy-management (NIEM) techniques are based on energy signatures. While such approaches lack transient energy signatures, the reliability and accuracy of recognition results cannot be determined. By using neural networks (NNs) in combination with turn-on transient energy analysis, this study attempts to identify load demands and improve recognition accuracy of NIEM results. Case studies are presented that apply various methods to compare training algorithms and classifiers in terms of artificial neural networks (ANN) due to various factors that determine whether a network is being used for pattern recognition. Additionally, in combination with electromagnetic transient program (EMTP) simulations, calculating the turn-on transient energy facilitate load can lead to identification and a significant improvement in the accuracy of NIEM results. Analysis results indicate that an NIEM system can effectively manage energy demands within economic dispatch for a cogeneration system and power utility. Additionally, a new method based on genetic algorithms (GAs) is used to develop a novel operational strategy of economic dispatch for a cogeneration system in a regulated market and approach the global optimum with typical environmental constraints for a cogeneration plant. Economic dispatch results indicate that the NIEM system based on energy demands can estimate accurately the energy contribution from the cogeneration system and power utility, and further reduce air pollution. Moreover, applying the NIEM system for economic dispatch can markedly reduce computational time and power costs. (author)

  3. Solar system fault detection

    Science.gov (United States)

    Farrington, R.B.; Pruett, J.C. Jr.

    1984-05-14

    A fault detecting apparatus and method are provided for use with an active solar system. The apparatus provides an indication as to whether one or more predetermined faults have occurred in the solar system. The apparatus includes a plurality of sensors, each sensor being used in determining whether a predetermined condition is present. The outputs of the sensors are combined in a pre-established manner in accordance with the kind of predetermined faults to be detected. Indicators communicate with the outputs generated by combining the sensor outputs to give the user of the solar system and the apparatus an indication as to whether a predetermined fault has occurred. Upon detection and indication of any predetermined fault, the user can take appropriate corrective action so that the overall reliability and efficiency of the active solar system are increased.

  4. Perancangan dan Implementasi Instrusion Detection System di Jaringan Universitas Diponegoro

    Directory of Open Access Journals (Sweden)

    Dyakso Anindito Nugroho

    2015-04-01

    Full Text Available The use of information technology gives the advantage of open access for its users, but a new problem arises that there is a threat from unauthorized users. Intrusion Detection System (IDS is applied to assist administrator to monitoring network security. IDS displays illegal access information in a raw form which is require more time to read the detected threats. This final project aims to design an IDS with web application which is made for pulling information on IDS sensor database, then processing and representing them in tables and graphs that are easy to understand. The web application also has IpTables firewall module to block attacker's IP address. The hardware used is Cisco IPS 4240, two computers Compaq Presario 4010F as client and gateway, and Cisco Catalyst 2960 switch. The software used is Ubuntu 12.0 LTS Precise operating system, BackTrack 5 R1 operating system, PHP 5.4 programming language, MySQL 5 database, and web-based system configuration tool Webmin. Testing is done using several BackTrack applications with the aim of Cisco IPS 4240 is capable of detecting accordance with the applicable rules. Each events of any attack attempt or threat was obtained from IDS sensor database in XML form. XML file is sent using Security Device Event Exchange (SDEE protocol. The web application is tested by looking at the output tables and graphs that displays the appropriate results of sensor detection. This study generated an intrusion detection system that is easier to monitor. Network packets copied by the Cisco 2960 switch and then forwarded to the sensor. Intruder detection is done by Cisco IPS 4240 sensor. Log detection processed by the web application into tables and graphs. Intrusion detection systems are intended to improve network security.

  5. Microcomputer-based video motion detection system

    International Nuclear Information System (INIS)

    Howington, L.C.

    1979-01-01

    This system was developed to enhance the volumetric intrusion detection capability of the Oak Ridge Y-12 Plant's security program. Not only does the system exhibit an extended range of detection over present infrared, microwave, and ultrasonic devices, it also provides an instantaneous assessment capability by providing the operator with a closed-circuit television (CCTV) image of the alarm scene as soon as motion is detected. The system consists of a custom-built, microcomputer-based, video processor which analyzes the signals received from a network of video cameras. The operator can view the camera images as they are displayed on a CCTV monitor while alarm scenes are displayed on a second monitor. Motion is detected by digitizing and comparing successive video frames and making an alarm decision based on the degree of mismatch. The software-based nature of the microcomputer lends a great deal of flexibility and adaptability in making the alarm decision. Alarm decision variables which are easily adjusted through software are the percent change in gray level required to label a pixel (picture element) as suspect, the number of suspect pixels required to generate an alarm, the pixel pattern to be sampled from the image, and the rate at which a new reference frame is taken. The system is currently being evaluated in a warehouse for potential application in several areas of the Plant. This paper discusses the hardware and software design of the system as well as problems encountered in its implementation and results obtained

  6. Pressure detection system

    International Nuclear Information System (INIS)

    Lawford, V.N.; Long, C.E.

    1975-01-01

    The pressure detection system described comprises a first bellows assembly that can be connected to a source of fluid under pressure, a pressure detection apparatus, a second bellows assembly connected to the first assembly and pipes with a coupling device connecting the second bellows assembly to the apparatus. The first and second assemblies can only be disconnected with difficulty from the source or not at all [fr

  7. Proximity detection system underground

    Energy Technology Data Exchange (ETDEWEB)

    Denis Kent [Mine Site Technologies (Australia)

    2008-04-15

    Mine Site Technologies (MST) with the support ACARP and Xstrata Coal NSW, as well as assistance from Centennial Coal, has developed a Proximity Detection System to proof of concept stage as per plan. The basic aim of the project was to develop a system to reduce the risk of the people coming into contact with vehicles in an uncontrolled manner (i.e. being 'run over'). The potential to extend the developed technology into other areas, such as controls for vehicle-vehicle collisions and restricting access of vehicle or people into certain zones (e.g. non FLP vehicles into Hazardous Zones/ERZ) was also assessed. The project leveraged off MST's existing Intellectual Property and experience gained with our ImPact TRACKER tagging technology, allowing the development to be fast tracked. The basic concept developed uses active RFID Tags worn by miners underground to be detected by vehicle mounted Readers. These Readers in turn provide outputs that can be used to alert a driver (e.g. by light and/or audible alarm) that a person (Tag) approaching within their vicinity. The prototype/test kit developed proved the concept and technology, the four main components being: Active RFID Tags to send out signals for detection by vehicle mounted receivers; Receiver electronics to detect RFID Tags approaching within the vicinity of the unit to create a long range detection system (60 m to 120 m); A transmitting/exciter device to enable inner detection zone (within 5 m to 20 m); and A software/hardware device to process & log incoming Tags reads and create certain outputs. Tests undertaken in the laboratory and at a number of mine sites, confirmed the technology path taken could form the basis of a reliable Proximity Detection/Alert System.

  8. Water system virus detection

    Science.gov (United States)

    Fraser, A. S.; Wells, A. F.; Tenoso, H. J.

    1975-01-01

    A monitoring system developed to test the capability of a water recovery system to reject the passage of viruses into the recovered water is described. A nonpathogenic marker virus, bacteriophage F2, is fed into the process stream before the recovery unit and the reclaimed water is assayed for its presence. Detection of the marker virus consists of two major components, concentration and isolation of the marker virus, and detection of the marker virus. The concentration system involves adsorption of virus to cellulose acetate filters in the presence of trivalent cations and low pH with subsequent desorption of the virus using volumes of high pH buffer. The detection of the virus is performed by a passive immune agglutination test utilizing specially prepared polystyrene particles. An engineering preliminary design was performed as a parallel effort to the laboratory development of the marker virus test system. Engineering schematics and drawings of a fully functional laboratory prototype capable of zero-G operation are presented. The instrument consists of reagent pump/metering system, reagent storage containers, a filter concentrator, an incubation/detector system, and an electronic readout and control system.

  9. Gas detection system

    International Nuclear Information System (INIS)

    Allan, C.J.; Bayly, J.G.

    1975-01-01

    The gas detection system provides for the effective detection of gas leaks over a large area. It includes a laser which has a laser line corresponding to an absorption line of the gas to be detected. A He-Xe laser scans a number of retroreflectors which are strategically located around a D 2 O plant to detect H 2 S leaks. The reflected beam is focused by a telescope, filtered, and passed into an infrared detector. The laser may be made to emit two frequencies, one of which corresponds with an H 2 S absorption line; or it may be modulated on and off the H 2 S absorption line. The relative amplitude of the absorbed light will be a measure of the H 2 S present

  10. Remote detection system

    International Nuclear Information System (INIS)

    Nixon, K.V.; France, S.W.; Garcia, C.; Hastings, R.D.

    1981-05-01

    A newly designed remote detection system has been developed at Los Alamos that allows the collection of high-resolution gamma-ray spectra and neutron data from a remote location. The system consists of the remote unit and a command unit. The remote unit collects data in a potentially hostile environment while the operator controls the unit by either radio or wire link from a safe position. Both units are battery powered and are housed in metal carrying cases

  11. Moving Sources Detection System

    International Nuclear Information System (INIS)

    Coulon, Romain; Kondrasovs, Vladimir; Boudergui, Karim; Normand, Stephane

    2013-06-01

    To monitor radioactivity passing through a pipe or in a given container such as a train or a truck, radiation detection systems are commonly employed. These detectors could be used in a network set along the source track to increase the overall detection efficiency. However detection methods are based on counting statistics analysis. The method usually implemented consists in trigging an alarm when an individual signal rises over a threshold initially estimated in regards to the natural background signal. The detection efficiency is then proportional to the number of detectors in use, due to the fact that each sensor is taken as a standalone sensor. A new approach is presented in this paper taking into account the temporal periodicity of the signals taken by all distributed sensors as a whole. This detection method is not based only on counting statistics but also on the temporal series analysis aspect. Therefore, a specific algorithm is then developed in our lab for this kind of applications and shows a significant improvement, especially in terms of detection efficiency and false alarms reduction. We also plan on extracting information from the source vector. This paper presents the theoretical approach and some preliminary results obtain in our laboratory. (authors)

  12. SHRIMP U-Pb zircon geochronology and thermal modeling of multilayer granitoid intrusions. Implications for the building and thermal evolution of the Central System batholith, Iberian Massif, Spain

    Science.gov (United States)

    Díaz Alvarado, Juan; Fernández, Carlos; Castro, Antonio; Moreno-Ventas, Ignacio

    2013-08-01

    This work shows the results of a U-Pb SHRIMP zircon geochronological study of the central part of the Gredos massif (Spanish Central System batholith). The studied batholith is composed of several granodiorite and monzogranite tabular bodies, around 1 km thick each, intruded into partially molten pelitic metasediments. Granodiorites and monzogranites, belonging to three distinct intrusive bodies, and samples of anatectic leucogranites have been selected for SHRIMP U-Pb zircon geochronology. Distinct age groups, separated by up to 20 Ma, have been distinguished in each sample. Important age differences have also been determined among the most representative age groups of the three analyzed granitoid bodies: 312.6 ± 2.8 Ma for the Circo de Gredos Bt-granodiorites (floor intrusive layer), 306.9 ± 1.5 Ma for the Barbellido-Plataforma granitoids (top intrusive layer) and 303.5 ± 2.8 Ma for Las Pozas Crd-monzogranites (middle intrusive layer). These age differences are interpreted in terms of sequential emplacement of the three intrusive bodies, contemporary with the Late Paleozoic D3 deformation phase. The anatectic leucogranites are coeval to slightly younger than the adjacent intrusive granodiorites and monzogranites (305.4 ± 1.6 Ma for Refugio del Rey leucogranites and 303 ± 2 Ma for migmatitic hornfelses). It is suggested that these anatectic magmas were generated in response to the thermal effects of granodiorite intrusions. Thermal modeling with COMSOL Multiphysics® reveals that sequential emplacement was able to keep the thermal conditions of the batholith around the temperature of zircon crystallization in granitic melts (around 750 °C) for several million of years, favoring the partial melting of host rocks and the existence of large magma chambers composed of crystal mush prone to be rejuvenated after new intrusions.

  13. Oxygen isotope mapping and evaluation of paleo-hydrothermal systems associated with synvolcanic intrusion and VMS deposits

    International Nuclear Information System (INIS)

    Taylor, B.E

    2001-01-01

    Whole-rock oxygen isotope mapping provides a useful method for the delineation and quantitative evaluation of paleo-hydrothermal systems associated with syn-volcanic intrusions and volcanic-associated massive sulfide (VMS) deposits. During the course of a four-year study of regional alteration systems associated with VMS Deposits, four syn-volcanic intrusive complexes in Canada were mapped using stable isotope techniques. The complexes included Noranda, Quebec; Clifford-Ben Nevis, Ontario; Snow Lake, Manitoba, and Sturgeon Lake, Ontario. This study was regional in extent, involving large areas and large numbers of whole-rock samples: Noranda (625 km 2 ;≥600 samples, plus others (total = 1198); Sturgeon Lake (525 km 2 ; 452 samples); Clifford-Ben Nevis (160 km 2 ; 251 samples); and Snow Lake (84 km 2 ; 575 samples). Isotopic data on whole-rock carbonates and hydrous minerals were also collected. The regional isotopic studies were carried out in concert with other studies on mineral assemblages and mineral composition, and on associated intrusive and extrusive rocks. The Clifford-Ben Nevis area was selected as a control area, in as much as it contains no known VMS deposits; all other areas are well-known, productive VMS districts. Oxygen isotope maps are, in a sense, thermal maps, illustrating the paleo-distribution of heat and fluids, and offering a potential aid to exploration. The isotopic data may be contoured to reveal zones of 18 O depletion and enrichment, relative to unaltered rocks. Zones of δ 18 O≤60% comprise rocks that have reacted with seawater at high (e.g., 300+ o C) temperatures. The volume of foot-wall rocks isotopically-depleted by water/rock interaction during the life of one or more episodes of submarine hydrothermal activity is proportional to the amount of heat available from the syn-volcanic intrusive center. These altered rocks comprise the reaction zone often inferred to have supplied metals and other constituents for the VMS deposits

  14. SIP threats detection system

    OpenAIRE

    Vozňák, Miroslav; Řezáč, Filip

    2010-01-01

    The paper deals with detection of threats in IP telephony, the authors developed a penetration testing system that is able to check up the level of protection from security threats in IP telephony. The SIP server is a key komponent of VoIP infrastructure and often becomes the aim of attacks and providers have to ensure the appropriate level of security. We have developed web-based penetration system which is able to check the SIP server if can face to the most common attacks.The d...

  15. Ultrasonic Leak Detection System

    Science.gov (United States)

    Youngquist, Robert C. (Inventor); Moerk, J. Steven (Inventor)

    1998-01-01

    A system for detecting ultrasonic vibrations. such as those generated by a small leak in a pressurized container. vessel. pipe. or the like. comprises an ultrasonic transducer assembly and a processing circuit for converting transducer signals into an audio frequency range signal. The audio frequency range signal can be used to drive a pair of headphones worn by an operator. A diode rectifier based mixing circuit provides a simple, inexpensive way to mix the transducer signal with a square wave signal generated by an oscillator, and thereby generate the audio frequency signal. The sensitivity of the system is greatly increased through proper selection and matching of the system components. and the use of noise rejection filters and elements. In addition, a parabolic collecting horn is preferably employed which is mounted on the transducer assembly housing. The collecting horn increases sensitivity of the system by amplifying the received signals. and provides directionality which facilitates easier location of an ultrasonic vibration source.

  16. Arc fault detection system

    Science.gov (United States)

    Jha, K.N.

    1999-05-18

    An arc fault detection system for use on ungrounded or high-resistance-grounded power distribution systems is provided which can be retrofitted outside electrical switchboard circuits having limited space constraints. The system includes a differential current relay that senses a current differential between current flowing from secondary windings located in a current transformer coupled to a power supply side of a switchboard, and a total current induced in secondary windings coupled to a load side of the switchboard. When such a current differential is experienced, a current travels through a operating coil of the differential current relay, which in turn opens an upstream circuit breaker located between the switchboard and a power supply to remove the supply of power to the switchboard. 1 fig.

  17. The Monitoring, Detection, Isolation and Assessment of Information Warfare Attacks Through Multi-Level, Multi-Scale System Modeling and Model Based Technology

    National Research Council Canada - National Science Library

    Ye, Nong

    2004-01-01

    With the goal of protecting computer and networked systems from various attacks, the following intrusion detection techniques were developed and tested using the 1998 and 2000 MIT Lincoln Lab Evaluation Data...

  18. Real-Time, Non-Intrusive Detection of Liquid Nitrogen in Liquid Oxygen at High Pressure and High Flow

    Science.gov (United States)

    Singh, Jagdish P.; Yueh, Fang-Yu; Kalluru, Rajamohan R.; Harrison, Louie

    2012-01-01

    An integrated fiber-optic Raman sensor has been designed for real-time, nonintrusive detection of liquid nitrogen in liquid oxygen (LOX) at high pressures and high flow rates in order to monitor the quality of LOX used during rocket engine ground testing. The integrated sensor employs a high-power (3-W) Melles Griot diode-pumped, solid-state (DPSS), frequency-doubled Nd:YAG 532- nm laser; a modified Raman probe that has built-in Raman signal filter optics; two high-resolution spectrometers; and photomultiplier tubes (PMTs) with selected bandpass filters to collect both N2 and O2 Raman signals. The PMT detection units are interfaced with National Instruments Lab- VIEW for fast data acquisition. Studies of sensor performance with different detection systems (i.e., spectrometer and PMT) were carried out. The concentration ratio of N2 and O2 can be inferred by comparing the intensities of the N2 and O2 Raman signals. The final system was fabricated to measure N2 and O2 gas mixtures as well as mixtures of liquid N2 and LOX

  19. Radiation detection system

    International Nuclear Information System (INIS)

    Haeuszer, F.A.

    1976-01-01

    A circuit is disclosed that detects radiation transients and provides a clamping signal in response to each transient. The clamping signal is present from the time the transient rises above a given threshold level and for a known duration thereafter. The system includes radiation sensors, a blocking oscillator that generates a pulse in response to each sensor signal, and an output pulse duration control circuit. The oscillator pulses are fed simultaneously to the output pulse duration control circuit and to an OR gate, the output of which comprises the system output. The output pulse duration is controlled by the time required to magnetize a magnetic core to saturation in first one direction and then the other

  20. Electrical Resistivity Imaging of Seawater Intrusion into the Monterey Bay Aquifer System.

    Science.gov (United States)

    Pidlisecky, A; Moran, T; Hansen, B; Knight, R

    2016-03-01

    We use electrical resistivity tomography to obtain a 6.8-km electrical resistivity image to a depth of approximately 150 m.b.s.l. along the coast of Monterey Bay. The resulting image is used to determine the subsurface distribution of saltwater- and freshwater-saturated sediments and the geologic controls on fluid distributions in the region. Data acquisition took place over two field seasons in 2011 and 2012. To maximize our ability to image both vertical and horizontal variations in the subsurface, a combination of dipole-dipole, Wenner, Wenner-gamma, and gradient measurements were made, resulting in a large final dataset of approximately 139,000 data points. The resulting resistivity section extends to a depth of 150 m.b.s.l., and is used, in conjunction with the gamma logs from four coastal monitoring wells to identify four dominant lithologic units. From these data, we are able to infer the existence of a contiguous clay layer in the southern portion of our transect, which prevents downward migration of the saltwater observed in the upper 25 m of the subsurface to the underlying freshwater aquifer. The saltwater and brackish water in the northern portion of the transect introduce the potential for seawater intrusion into the hydraulically connected freshwater aquifer to the south, not just from the ocean, but also laterally from north to south. © 2015, National Ground Water Association.

  1. Ferret Workflow Anomaly Detection System

    National Research Council Canada - National Science Library

    Smith, Timothy J; Bryant, Stephany

    2005-01-01

    The Ferret workflow anomaly detection system project 2003-2004 has provided validation and anomaly detection in accredited workflows in secure knowledge management systems through the use of continuous, automated audits...

  2. The use of data-mining techniques for developing effective decisionsupport systems: A case study of simulating the effects ofclimate change on coastal salinity intrusion

    Science.gov (United States)

    Conrads, Paul; Edwin Roehl, Jr.

    2017-01-01

    Natural-resource managers and stakeholders face difficult challenges when managing interactions between natural and societal systems. Potential changes in climate could alter interactions between environmental and societal systems and adversely affect the availability of water resources in many coastal communities. The availability of freshwater in coastal streams can be threatened by saltwater intrusion. Even though the collective interests and computer skills of the community of managers, scientists and other stakeholders are quite varied, there is an overarching need for equal access by all to the scientific knowledge needed to make the best possible decisions. This paper describes a decision support system, PRISM-2, developed to evaluate salinity intrusion due to potential climate change along the South Carolina coast in southeastern USA. The decision support system is disseminated as a spreadsheet application and integrates the output of global circulation models, watershed models and salinity intrusion models with real-time databases for simulation, graphical user interfaces, and streaming displays of results. The results from PRISM-2 showed that a 31-cm and 62-cm increase in sea level reduced the daily availability of freshwater supply to a coastal municipal intake by 4% and 12% of the time, respectively. Future climate change projections by a global circulation model showed a seasonal change in salinity intrusion events from the summer to the fall for the majority of events.

  3. Saltwater intrusion in the Floridan aquifer system near downtown Brunswick, Georgia, 1957–2015

    Science.gov (United States)

    Cherry, Gregory S.; Peck, Michael

    2017-02-16

    IntroductionThe Floridan aquifer system (FAS) consists of the Upper Floridan aquifer (UFA), an intervening confining unit of highly variable properties, and the Lower Floridan aquifer (LFA). The UFA and LFA are primarily composed of Paleocene- to Oligocene-age carbonate rocks that include, locally, Upper Cretaceous rocks. The FAS extends from coastal areas in southeastern South Carolina and continues southward and westward across the coastal plain of Georgia and Alabama, and underlies all of Florida. The thickness of the FAS varies from less than 100 feet (ft) in aquifer outcrop areas of South Carolina to about 1,700 ft near the city of Brunswick, Georgia.Locally, in southeastern Georgia and the Brunswick– Glynn County area, the UFA consists of an upper water-bearing zone (UWBZ) and a lower water-bearing zone (LWBZ), as identified by Wait and Gregg (1973), with aquifer test data indicating the upper zone has higher productivity than the lower zone. Near the city of Brunswick, the LFA is composed of two permeable zones: an early middle Eocene-age upper permeable zone (UPZ) and a highly permeable lower zone of limestone (LPZ) of Paleocene and Late Cretaceous age that includes a deeply buried, cavernous, saline water-bearing unit known as the Fernandina permeable zone. Maslia and Prowell (1990) inferred the presence of major northeast–southwest trending faults through the downtown Brunswick area based on structural analysis of geophysical data, northeastward elongation of the potentiometric surface of the UFA, and breaches in the local confining unit that influence the area of chloride contamination. Pronounced horizontal and vertical hydraulic head gradients, caused by pumping in the UFA, allow saline water from the FPZ to migrate upward into the UFA through this system of faults and conduits.Saltwater was first detected in the FAS in wells completed in the UFA near the southern part of the city of Brunswick in late 1957. By the 1970s, a plume of groundwater

  4. Orthodontic intrusion : Conventional and mini-implant assisted intrusion mechanics

    Directory of Open Access Journals (Sweden)

    Anup Belludi

    2012-01-01

    intrusion has revolutionized orthodontic anchorage and biomechanics by making anchorage perfectly stable. This article addresses various conventional clinical intrusion mechanics and especially intrusion using mini-implants that have proven effective over the years for intrusion of maxillary anteriors.

  5. Petroleum Vapor Intrusion

    Science.gov (United States)

    One type of vapor intrusion is PVI, in which vapors from petroleum hydrocarbons such as gasoline, diesel, or jet fuel enter a building. Intrusion of contaminant vapors into indoor spaces is of concern.

  6. Some Features of Pressure Evolution in Systems “Non-Wetting Liquid - Nanoporous Medium” at Impact Intrusion

    Science.gov (United States)

    Byrkin, V. A.; Belogorlov, A. A.; Paryohin, D. A.; Mitrofanova, A. S.

    2017-04-01

    The last few decades systems consisting of nanoporous medium dispersed in a non-wetting liquid cause an increased interest from both the practical and theoretical points of view. Non-wetting liquid can infiltrate into the porous medium only with an excess pressure. Liquid infiltration tends to increase the solid-liquid interfacial energy and the absorbed energy is proportional to the specific surface area of the medium. Therefore this energy for nanoporous media can reach several orders of magnitude superior to traditional damping materials and shape-memory materials. As a consequence, the prospects of using devices based on systems consisting of a nanoporous medium immersed in a non-wetting liquid associated mainly with the absorption of mechanical energy of impact or explosion. The paper presents the results of experimental studies of impact intrusion the systems of industrially produced hydrophobic silicas Fluka 100 C8 and Fluka 100 C18 with distilled water. With increasing the impact energies nontrivial pattern of pressure changes in the system over time is observed.

  7. Introduction to detection systems

    DEFF Research Database (Denmark)

    Larsen, Jan

    Presentation of the information processing pipleline for detection including discussing of various issues and the use of mathematical modeling. A simple example of detection a signal in noise illustrated that simple modeling outperforms human visual and auditory perception. Particiants are going ...

  8. Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models

    National Research Council Canada - National Science Library

    Linger, Richard

    2001-01-01

    .... On the system side, survivability specifications can be defined by essential-service traces that map essential-service workflows, derived from user requirements, into system component dependencies...

  9. Coupled human-water system dynamics of saltwater intrusion in the low coastal plain of the Po River, Ravenna, Italy

    Science.gov (United States)

    Lauriola, Ilaria; Ciriello, Valentina; Antonellini, Marco; Pande, Saket

    2017-04-01

    Human activities affect the whole hydrological cycle with possible severe consequences on ecosystem services. Human-water interaction follows complex dynamics that can't be addressed only through the analysis of water withdrawals and contamination processes. As such, comprehensive analysis strategies based on a socio-hydrology approach may allow to deeply understand the co-evolution of human and water systems. Here, we focus on the low coastal plain of the Po river in the south of Ravenna (Italy), which is adjacent to the North Adriatic sea. In particular, our study regards a basin characterized by a land reclamation drainage system, given the low topography which reaches in some places 1 m below sea level. In this area, the thin phreatic coastal aquifer is affected by a relevant salinization process and characterized by the presence of valuable water-dependent ecosystems such as pine forests and wetlands. Groundwater salinization is mainly caused by seawater intrusion due to the hydraulic gradient landwards that is enhanced by land subsidence, land use and drainage allowing for agriculture and settlements. Such a complex scenario involves environmental, social and economic interests. We study the intricate system of relationships occurring between a set of socio-hydrological state variables of interest based on the dynamic analysis of land use changes in the study area that mainly affect groundwater recharge and the availability of freshwater for ecosystem and agriculture activities.

  10. A New Anomaly Detection System for School Electricity Consumption Data

    Directory of Open Access Journals (Sweden)

    Wenqiang Cui

    2017-11-01

    Full Text Available Anomaly detection has been widely used in a variety of research and application domains, such as network intrusion detection, insurance/credit card fraud detection, health-care informatics, industrial damage detection, image processing and novel topic detection in text mining. In this paper, we focus on remote facilities management that identifies anomalous events in buildings by detecting anomalies in building electricity consumption data. We investigated five models within electricity consumption data from different schools to detect anomalies in the data. Furthermore, we proposed a hybrid model that combines polynomial regression and Gaussian distribution, which detects anomalies in the data with 0 false negative and an average precision higher than 91%. Based on the proposed model, we developed a data detection and visualization system for a facilities management company to detect and visualize anomalies in school electricity consumption data. The system is tested and evaluated by facilities managers. According to the evaluation, our system has improved the efficiency of facilities managers to identify anomalies in the data.

  11. Intrusion Prevention System Based on the Aççess Control Mechanism in the Operating System Miçrosoft Windows

    Directory of Open Access Journals (Sweden)

    V. S. Matveeva

    2012-03-01

    Full Text Available It is suggested to implement an intrusion prevention system based on the access control mechanism of Microsoft Windows operating system to restrict the execution of malicious code. Most of the existing computer security facilities use behavioral and heuristic analyses based on an undocumented method of system calls interception that is not an uniform approach in designing of proactive security mechanism. The IPS is portable among different versions of the OS because it is implemented with documented functions only, it does not need to be updated and uses less system resources in comparison with another protection systems. The system protects from zero-day malware and therefore prevents companies from online-banking fraud that is a very actual problem of information security nowadays.

  12. Potential effects of deepening the St. Johns River navigation channel on saltwater intrusion in the surficial aquifer system, Jacksonville, Florida

    Science.gov (United States)

    Bellino, Jason C.; Spechler, Rick M.

    2013-01-01

    The U.S. Army Corps of Engineers (USACE) has proposed dredging a 13-mile reach of the St. Johns River navigation channel in Jacksonville, Florida, deepening it to depths between 50 and 54 feet below North American Vertical Datum of 1988. The dredging operation will remove about 10 feet of sediments from the surficial aquifer system, including limestone in some locations. The limestone unit, which is in the lowermost part of the surficial aquifer system, supplies water to domestic wells in the Jacksonville area. Because of density-driven hydrodynamics of the St. Johns River, saline water from the Atlantic Ocean travels upstream as a saltwater “wedge” along the bottom of the channel, where the limestone is most likely to be exposed by the proposed dredging. A study was conducted to determine the potential effects of navigation channel deepening in the St. Johns River on salinity in the adjacent surficial aquifer system. Simulations were performed with each of four cross-sectional, variable-density groundwater-flow models, developed using SEAWAT, to simulate hypothetical changes in salinity in the surficial aquifer system as a result of dredging. The cross-sectional models were designed to incorporate a range of hydrogeologic conceptualizations to estimate the effect of uncertainty in hydrogeologic properties. The cross-sectional models developed in this study do not necessarily simulate actual projected conditions; instead, the models were used to examine the potential effects of deepening the navigation channel on saltwater intrusion in the surficial aquifer system under a range of plausible hypothetical conditions. Simulated results for modeled conditions indicate that dredging will have little to no effect on salinity variations in areas upstream of currently proposed dredging activities. Results also indicate little to no effect in any part of the surficial aquifer system along the cross section near River Mile 11 or in the water-table unit along the cross

  13. Intrusion recognition for optic fiber vibration sensor based on the selective attention mechanism

    Science.gov (United States)

    Xu, Haiyan; Xie, Yingjuan; Li, Min; Zhang, Zhuo; Zhang, Xuewu

    2017-11-01

    Distributed fiber-optic vibration sensors receive extensive investigation and play a significant role in the sensor panorama. A fiber optic perimeter detection system based on all-fiber interferometric sensor is proposed, through the back-end analysis, processing and intelligent identification, which can distinguish effects of different intrusion activities. In this paper, an intrusion recognition based on the auditory selective attention mechanism is proposed. Firstly, considering the time-frequency of vibration, the spectrogram is calculated. Secondly, imitating the selective attention mechanism, the color, direction and brightness map of the spectrogram is computed. Based on these maps, the feature matrix is formed after normalization. The system could recognize the intrusion activities occurred along the perimeter sensors. Experiment results show that the proposed method for the perimeter is able to differentiate intrusion signals from ambient noises. What's more, the recognition rate of the system is improved while deduced the false alarm rate, the approach is proved by large practical experiment and project.

  14. Non-Intrusive Appliance Recognition

    NARCIS (Netherlands)

    Hoogsteen, G; Hoogsteen, Gerwin; Krist, J.O.; Bakker, Vincent; Smit, Gerardus Johannes Maria

    2012-01-01

    Energy conservation becomes more important nowadays. The use of smart meters and, in the near future, smart appliances, are the key to achieve reduction in energy consumption. This research proposes a non-intrusive appliance monitor and recognition system for implementation on an embedded system.

  15. A Non-Intrusive Approach to Enhance Legacy Embedded Control Systems with Cyber Protection Features

    Science.gov (United States)

    Ren, Shangping; Chen, Nianen; Yu, Yue; Poirot, Pierre; Kwiat, Kevin; Tsai, Jeffrey J. P.

    Trust is cast as a continuous re-evaluation: a system’s reliability and security are scrutinized, not just prior to, but during its deployment. This approach to maintaining trust is specifically applied to distributed and embedded control systems. Unlike general purpose systems, distributed and embedded control systems, such as power grid control systems and water treatment systems, etc., generally have a 24x7 availability requirement. Hence, upgrading or adding new cyber protection features into these systems in order to sustain them when faults caused by cyber attacks occur, is often difficult to achieve and inhibits the evolution of these systems into a cyber environment. In this chapter, we present a solution for extending the capabilities of existing systems while simultaneously maintaining the stability of the current systems. An externalized survivability management scheme based on the observe-reason-modify paradigm is applied, which decomposes the cyber attack protection process into three orthogonal subtasks: observation, evaluation and protection. This architecture provides greater flexibility and has a resolvability attribute- it can utilize emerging techniques; yet requires either minimal modifications or even no modifications whatsoever to the controlled infrastructures. The approach itself is general and can be applied to a broad class of observable systems.

  16. Definition and means of maintaining the process vacuum liquid detection interlock systems portion of the PFP safety envelope

    International Nuclear Information System (INIS)

    THOMAS, R.J.

    1999-01-01

    The Process Vacuum Liquid Detection interlock systems prevent intrusion of process liquids into the HEPA filters downstream of demisters No.6 and No.7 during Process Vacuum System operation. This prevents liquid intrusion into the filters, which could cause a criticality. The Safety Envelope (SE) includes the equipment, which detects the presence of liquids in the vacuum headers; isolates the filters; shuts down the vacuum pumps; and alarms the condition. This report identifies the equipment in the SE operating, maintenance, and surveillance procedures needed to maintain the SE equipment; and rationale for exclusion of some equipment and testing from the SE

  17. Detection and counting systems

    International Nuclear Information System (INIS)

    Abreu, M.A.N. de

    1976-01-01

    Detection devices based on gaseous ionization are analysed, such as: electroscopes ionization chambers, proportional counters and Geiger-Mueller counters. Scintillation methods are also commented. A revision of the basic concepts in electronics is done and the main equipment for counting is detailed. In the study of gama spectrometry, scintillation and semiconductor detectors are analysed [pt

  18. Phenomena and Detection of Gas Accumulation in Piping Systems

    International Nuclear Information System (INIS)

    Lee, D. Y.; Jeon, S. S.; Hong, S. J.; Song, Y. J.

    2011-01-01

    U.S. Nuclear Regulatory Commission (NRC) issued Generic Letter (GL) 2008-01 which provides recommendation and guidance to nuclear power plants for managing gas intrusion and accumulation in safety systems such as Emergency Core Cooling (ECC), Decay Heat Removal (DHR) and Containment Spray (CS) systems. Following the GL2008-01, Nuclear Energy Institute (NEI) reported NEI 09-10 that gives industry guidance for effective prevention and management of system gas accumulation. All of U.S. utilities responded to the GL2008-01 with evaluation results for gas accumulation in safety systems mentioned above. This paper summarizes key phenomena to be evaluated against gas accumulation in safety systems and detection methods for gas accumulation in subjected systems

  19. Protein detection system

    Science.gov (United States)

    Fruetel, Julie A [Livermore, CA; Fiechtner, Gregory J [Bethesda, MD; Kliner, Dahv A. V. [San Ramon, CA; McIlroy, Andrew [Livermore, CA

    2009-05-05

    The present embodiment describes a miniature, microfluidic, absorption-based sensor to detect proteins at sensitivities comparable to LIF but without the need for tagging. This instrument utilizes fiber-based evanescent-field cavity-ringdown spectroscopy, in combination with faceted prism microchannels. The combination of these techniques will increase the effective absorption path length by a factor of 10.sup.3 to 10.sup.4 (to .about.1-m), thereby providing unprecedented sensitivity using direct absorption. The coupling of high-sensitivity absorption with high-performance microfluidic separation will enable real-time sensing of biological agents in aqueous samples (including aerosol collector fluids) and will provide a general method with spectral fingerprint capability for detecting specific bio-agents.

  20. SWIBANGLA: Managing salt water intrusion impacts in coastal groundwater systems of Bangladesh

    NARCIS (Netherlands)

    Faneca Sànchez, Marta; Bashar, Khairul; Janssen, Gijs; Vogels, Marjolein; Snel, Jan; Zhou, Yangxiao; Stuurman, Roelof J.; Oude Essink, Gualbert

    Bangladesh is densely populated and it is expected that the population increases significantly in the coming decade, up to 60% more by 2050 according to IIASA (2013). Demand for drinking water will increase accordingly. These developments may cause significant changes in the hydrological system,

  1. A minimally intrusive monitoring system that utilizes electricity consumption as a proxy for wellbeing

    Directory of Open Access Journals (Sweden)

    Tim D. Hunt

    Full Text Available The purpose of this work was to test the hypothesis: \\'Off-the-shelf domestic electricity meters can be utilised to assist in monitoring the wellbeing of elderly people\\'. Many studies have shown that it is, in theory, possible to use domestic electricity consumption to determine \\'activities of daily living\\' but the availability of systems for actual use is very limited. This work followed the Design Science Research Methodology to create a Java application running on the Google App Engine cloud service that interfaced with both electricity meters and voice and text services. The system was implemented and tested over a three month period with one older person and their carer. Results demonstrated that the technology readily succeeds in meeting the study\\'s initial objectives. The need for more sophisticated decision logic was apparent and a method to determine whether a home is currently occupied is likely to improve the ability to create more timely alerts.

  2. Occurrence of seawater intrusion overshoot

    NARCIS (Netherlands)

    Morgan, L.K.; Bakker, M.; Werner, A.D.

    2015-01-01

    A number of numerical modeling studies of transient sea level rise (SLR) and seawater intrusion (SI) in flux-controlled aquifer systems have reported an overshoot phenomenon, whereby the freshwater-saltwater interface temporarily extends further inland than the eventual steady state position.

  3. Orthodontic treatment of gummy smile by maxillary total intrusion with a midpalatal absolute anchorage system.

    Science.gov (United States)

    Hong, Ryoon-Ki; Lim, Seung-Min; Heo, Jung-Min; Baek, Seung-Hak

    2013-06-01

    This article describes the orthodontic treatment of a 31-year-old Korean female patient with gummy smile and crowding. The patient showed excessive gingival display in both the anterior and posterior areas and a large difference in gingival heights between the anterior and posterior teeth in the maxilla. To correct the gummy smile, we elected to intrude the entire maxillary dentition instead of focusing only on the maxillary anterior teeth. Alignment and leveling were performed, and a midpalatal absolute anchorage system as well as a modified lingual arch was designed to achieve posterosuperior movement of the entire upper dentition. The active treatment period was 18 months. The gummy smile and crowding were corrected, and the results were stable at 21 months post-treatment.

  4. Check valve slam caused by air intrusion in emergency cooling water system

    International Nuclear Information System (INIS)

    Martin, C.S.

    2011-01-01

    Waterhammer pressures were experienced during periodic starting of Residual Heat Removal (RHR) pumps at a nuclear plant. Prior to an analytical investigation careful analysis performed by plant engineers indicated that the spring effect of entrapped air in a heat exchanger resulted in water hammer due to check valve slam following flow reversal. In order to determine in more detail the values of pertinent parameters controlling this water hammer a hydraulic transient analysis was performed of the RHR piping system, including essential elements such as the pump, check valve, and heat exchanger. Using characteristic torque and pressure loss curves the motion of the check valve was determined. By comparing output of the water hammer analysis with site recordings of pump discharge pressure the computer model was calibrated, allowing for a realistic estimate of the quantity of entrapped air in the heat exchanger. (author)

  5. Radiation detecting system

    International Nuclear Information System (INIS)

    1975-01-01

    In spectrophotometry systems, a usual arrangement for modulating the radiation is a rotating disc having one or more sectors removed. A beam of radiation may be blocked by the disc except when a cut-away sector is in the path of the beam. With a double-beam system, a cut-away sector of 180 0 may be used so that when the first path is blocked, the second is allowed through, and vice versa. One or both sides of the disc may be formed as mirrors to facilitate beam switching and to allow use of more than two beams for background compensation purposes or for analysis of more than one substance within a sample. (G.T.H.)

  6. Fault Detection for Nonlinear Systems

    DEFF Research Database (Denmark)

    Stoustrup, Jakob; Niemann, H.H.

    1998-01-01

    The paper describes a general method for designing fault detection and isolation (FDI) systems for nonlinear processes. For a rich class of nonlinear systems, a nonlinear FDI system can be designed using convex optimization procedures. The proposed method is a natural extension of methods based o...

  7. An environmental monitoring detection system

    International Nuclear Information System (INIS)

    Leli Yuniarsari; Istofa; Sukandar

    2015-01-01

    Is part of radiation detection of the nuclear facilities engineering activities within nuclear facilities. The system comprised of gamma-ray radiation detector and weather detection which includes anemometer to detect the wind direction and speed, as well as rain gauge to measure the rainfall in a period of time. Data acquisition of the output is processed by Arduino Uno system which transformed the data into a particular standard and then displayed online in the website. The radiation detection system uses gamma-ray detector of NaI(Tl) and GM which convert the radiation detected into electric pulse to be fed into a pre-amp and amplifier and modified into square pulse. The weather detection system on the other hand works based on switch principle. For example, the wind with a certain speed could turn on a switch in the system and produce a voltage or pulse which can be measured. This value will then be interpreted as the wind direction and speed. Likewise for the rainfall gauge, the volume of water entering the bucket will turn the switch on, at the same time producing 1 pulse. The result of the experiment shows that for radiation detection system the output is a square pulse 4 volts by using detector NaI(Tl) and 4.4 volts by using detector GM. For weather detection system, basically was able to detect the wind direction, wind speed and rainfall just to find out further research is needed accuracy and the results compared with the standard tools available in BMKG. (author)

  8. Ferromagnetic Objects Magnetovision Detection System

    Directory of Open Access Journals (Sweden)

    Michał Nowicki

    2013-12-01

    Full Text Available This paper presents the application of a weak magnetic fields magnetovision scanning system for detection of dangerous ferromagnetic objects. A measurement system was developed and built to study the magnetic field vector distributions. The measurements of the Earth’s field distortions caused by various ferromagnetic objects were carried out. The ability for passive detection of hidden or buried dangerous objects and the determination of their location was demonstrated.

  9. A New Anomaly Detection System for School Electricity Consumption Data

    OpenAIRE

    Cui, Wenqiang; Wang, Hao

    2017-01-01

    Anomaly detection has been widely used in a variety of research and application domains, such as network intrusion detection, insurance/credit card fraud detection, health-care informatics, industrial damage detection, image processing and novel topic detection in text mining. In this paper, we focus on remote facilities management that identifies anomalous events in buildings by detecting anomalies in building electricity consumption data. We investigated five models within electricity consu...

  10. Performance Analysis of Hierarchical Group Key Management Integrated with Adaptive Intrusion Detection in Mobile ad hoc Networks

    Science.gov (United States)

    2016-04-05

    leader and all leaders in the system share a leader secret key ( KRL ) for efficiency purposes. In summary, there are three keys for hierarchical group...keymanagement: leader key ( KRL ), regional key (KR), and group key (KG). These keys are rekeyedproperly, in part or in whole, as events happen in the...each partitioned group will execute GDH to agree on a new leader key KRL . Groupmerge: Two groupsmaymerge into onewhen connectivity resumes. A

  11. Scoping calculation of nuclides migration in engineering barrier system for effect of volume expansion due to overpack corrosion and intrusion of the buffer material

    Energy Technology Data Exchange (ETDEWEB)

    Yoshita, Takashi; Ishihara, Yoshinao; Ishiguro, Katsuhiko; Ohi, Takao [Waste Isolation Research Division, Waste Management and Fuel Cycle Research Center, Tokai Works, Japan Nuclear Cycle Development Inst., Tokai, Ibaraki (Japan); Nakajima, Kunihiko [Nuclear Energy System Incorporated, Tokyo (Japan)

    1999-11-01

    Corrosion of the carbon steel overpack leads to a volume expansion since the specific gravity of corrosion products is smaller than carbon steel. The buffer material is compressed due to the corrosive swelling, reducing its thickness and porosity. On the other hand, buffer material may be extruded into fractures of the surrounding rock and this may lead to a deterioration of the planned functions of the buffer, including retardation of nuclides migration and colloid filtration. In this study, the sensitivity analyses for the effect of volume expansion and intrusion of the buffer material on nuclide migration in the engineering barrier system are carried out. The sensitivity analyses were performed on the decrease in the thickness of the buffer material in the radial direction caused by the corrosive swelling, and the change in the porosity and dry density of the buffer caused by both compacting due to corrosive swelling and intrusion of buffer material. As results, it was found the maximum release rates of relatively shorter half-life nuclides from the outside of the buffer material decreased for taking into account of a volume expansion due to overpack corrosion. On the other hand, the maximum release rates increased when the intrusion of buffer material was also taking into account. It was, however, the maximum release rates of longer half-life nuclides, such as Cs-137 and Np-237, were insensitive to the change of buffer material thickness, and porosity and dry density of buffer. (author)

  12. Flow-Based Intrusion Detection

    NARCIS (Netherlands)

    Sperotto, Anna; Pras, Aiko

    The spread of 1-10 Gbps technology has in recent years paved the way to a flourishing landscape of new, high-bandwidth Internet services.At the same time, we have also observed increasingly frequent and widely diversified attacks. To this threat, the research community has answered with a growing

  13. Flow-based intrusion detection

    NARCIS (Netherlands)

    Sperotto, Anna

    2010-01-01

    The spread of 1-10Gbps technology has in recent years paved the way to a flourishing landscape of new, high-bandwidth Internet services. As users, we depend on the Internet in our daily life for simple tasks such as checking e-mails, but also for managing private and financial information. However,

  14. Community-Based Intrusion Detection

    OpenAIRE

    Weigert, Stefan

    2017-01-01

    Today, virtually every company world-wide is connected to the Internet. This wide-spread connectivity has given rise to sophisticated, targeted, Internet-based attacks. For example, between 2012 and 2013 security researchers counted an average of about 74 targeted attacks per day. These attacks are motivated by economical, financial, or political interests and commonly referred to as “Advanced Persistent Threat (APT)” attacks. Unfortunately, many of these attacks are successful and the advers...

  15. Developing Network Situational Awareness through Visualizations of Fused Intrusion Detection System Alerts

    Science.gov (United States)

    2008-06-01

    Phishing with Plug and Play Exploit. In this attack, the at- tacker sets up a website offering the visitor free “ porn ” if they sign up. The user is allowed... porn alert so its unclear at the moment if 100.20.3.127 is compromised and if so, how it is compromised because there are no other alerts at this time...unauthorized porn website. The investigation would conclude that the attacker at 51.251.22.183 used the information gained from the website to open an

  16. Secure Border Gateway Protocol and the External Routing Intrusion Detection System

    National Research Council Canada - National Science Library

    Kent, Stephen

    2000-01-01

    ...), is a critical component of the Internet's routing infrastructure. It is highly vulnerable to a variety of malicious attacks due to the lack of a secure means of verifying the authenticity and legitimacy of BGP control traffic...

  17. High Order Non-Stationary Markov Models and Anomaly Propagation Analysis in Intrusion Detection System (IDS)

    National Research Council Canada - National Science Library

    Skormin, Victor A

    2007-01-01

    .... Unless anomaly propagation is observed, alarms are to be treated as false positives. The rationale behind the concept lies in the fact that the most common feature of worms and viruses is self-replication...

  18. A Generic Software Architecture for Deception-Based Intrusion Detection and Response Systems

    Science.gov (United States)

    2003-03-01

    known as Aikido [37]. Michael et al. [2] proposed a high-level architecture for software decoys, shown in Figure II.3. The architecture is based on...14, no.3, pp. 54-62, 1999. [37] Westbrook, A., Ratti, O., Aikido and the Dynamic Sphere, Charles E. Tuttle Co., September 1994. [38] Ellison, R.J

  19. Implementing honeypots as part of a simple cost effective wireless intrusion detection system

    CSIR Research Space (South Africa)

    Velupillai, HM

    2007-09-01

    Full Text Available of wireless networks to implement the wired network design of a honeypot. The paper also provides a script that allows the Atheros chipset to be modified to implement multiple wireless access points on one wireless card...

  20. Building an intrusion detection system using a filter-based feature selection algorithm

    NARCIS (Netherlands)

    Ambusaidi, Mohammed A.; He, Xiangjian; Nanda, Priyadarsi; Tan, Zhiyuan

    2016-01-01

    Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a

  1. Basis UST leak detection systems

    International Nuclear Information System (INIS)

    Silveria, V.

    1992-01-01

    This paper reports that gasoline and other petroleum products are leaking from underground storage tanks (USTs) at an alarming rate, seeping into soil and groundwater. Buried pipes are an even greater culprit, accounting for most suspected and detected leaks according to Environmental Protection Agency (EPA) estimates. In response to this problem, the EPA issued regulations setting standards for preventing, detecting, reporting, and cleaning up leaks, as well as fiscal responsibility. However, federal regulations are only a minimum; some states have cracked down even harder Plant managers and engineers have a big job ahead of them. The EPA estimates that there are more than 75,000 fuel USTs at US industrial facilities. When considering leak detection systems, the person responsible for making the decision has five primary choices: inventory reconciliation combined with regular precision tightness tests; automatic tank gauging; groundwater monitoring; interstitial monitoring of double containment systems; and vapor monitoring

  2. Computer Intrusions and Attacks.

    Science.gov (United States)

    Falk, Howard

    1999-01-01

    Examines some frequently encountered unsolicited computer intrusions, including computer viruses, worms, Java applications, trojan horses or vandals, e-mail spamming, hoaxes, and cookies. Also discusses virus-protection software, both for networks and for individual users. (LRW)

  3. Optical detection in microfluidic systems

    DEFF Research Database (Denmark)

    Mogensen, Klaus Bo; Kutter, Jörg Peter

    2009-01-01

    Optical detection schemes continue to be favoured for measurements in microfluidic systems. A selection of the latest progress mainly within the last two years is critically reviewed. Emphasis is on integrated solutions, such as planar waveguides, coupling schemes to the outside world, evanescent...

  4. Semi autonomous mine detection system

    Energy Technology Data Exchange (ETDEWEB)

    Douglas Few; Roelof Versteeg; Herman Herman

    2010-04-01

    CMMAD is a risk reduction effort for the AMDS program. As part of CMMAD, multiple instances of semi autonomous robotic mine detection systems were created. Each instance consists of a robotic vehicle equipped with sensors required for navigation and marking, a countermine sensors and a number of integrated software packages which provide for real time processing of the countermine sensor data as well as integrated control of the robotic vehicle, the sensor actuator and the sensor. These systems were used to investigate critical interest functions (CIF) related to countermine robotic systems. To address the autonomy CIF, the INL developed RIK was extended to allow for interaction with a mine sensor processing code (MSPC). In limited field testing this system performed well in detecting, marking and avoiding both AT and AP mines. Based on the results of the CMMAD investigation we conclude that autonomous robotic mine detection is feasible. In addition, CMMAD contributed critical technical advances with regard to sensing, data processing and sensor manipulation, which will advance the performance of future fieldable systems. As a result, no substantial technical barriers exist which preclude – from an autonomous robotic perspective – the rapid development and deployment of fieldable systems.

  5. Tape Cassette Bacteria Detection System

    Science.gov (United States)

    1973-01-01

    The design, fabrication, and testing of an automatic bacteria detection system with a zero-g capability and based on the filter-capsule approach is described. This system is intended for monitoring the sterility of regenerated water in a spacecraft. The principle of detection is based on measuring the increase in chemiluminescence produced by the action of bacterial porphyrins (i.e., catalase, cytochromes, etc.) on a luminol-hydrogen peroxide mixture. Since viable as well as nonviable organisms initiate this luminescence, viable organisms are detected by comparing the signal of an incubated water sample with an unincubated control. Higher signals for the former indicate the presence of viable organisms. System features include disposable sealed sterile capsules, each containing a filter membrane, for processing discrete water samples and a tape transport for moving these capsules through a processing sequence which involves sample concentration, nutrient addition, incubation, a 4 Molar Urea wash and reaction with luminol-hydrogen peroxide in front of a photomultiplier tube. Liquids are introduced by means of a syringe needle which pierces a rubber septum contained in the wall of the capsule. Detection thresholds obtained with this unit towards E. coli and S. marcescens assuming a 400 ml water sample are indicated.

  6. Repeated magmatic intrusions at El Hierro Island following the 2011-2012 submarine eruption

    Science.gov (United States)

    Benito-Saz, Maria A.; Parks, Michelle M.; Sigmundsson, Freysteinn; Hooper, Andrew; García-Cañada, Laura

    2017-09-01

    After more than 200 years of quiescence, in July 2011 an intense seismic swarm was detected beneath the center of El Hierro Island (Canary Islands), culminating on 10 October 2011 in a submarine eruption, 2 km off the southern coast. Although the eruption officially ended on 5 March 2012, magmatic activity continued in the area. From June 2012 to March 2014, six earthquake swarms, indicative of magmatic intrusions, were detected underneath the island. We have studied these post-eruption intrusive events using GPS and InSAR techniques to characterize the ground surface deformation produced by each of these intrusions, and to determine the optimal source parameters (geometry, location, depth, volume change). Source inversions provide insight into the depth of the intrusions ( 11-16 km) and the volume change associated with each of them (between 0.02 and 0.13 km3). During this period, > 20 cm of uplift was detected in the central-western part of the island, corresponding to approximately 0.32-0.38 km3 of magma intruded beneath the volcano. We suggest that these intrusions result from deep magma migrating from the mantle, trapped at the mantle/lower crust discontinuity in the form of sill-like bodies. This study, using joint inversion of GPS and InSAR data in a post-eruption period, provides important insight into the characteristics of the magmatic plumbing system of El Hierro, an oceanic intraplate volcanic island.

  7. Evaluation of of μ-controller PIR Intrusion Detector | Eludire | West ...

    African Journals Online (AJOL)

    Intrusion detection systems are designed to provide security around valuables and premises, traditionally using human observers. This however has been found to be difficult to justify due to cumulative cost and human weaknesses. This work addressed the design and implementation of a device that will replace human ...

  8. Lightning Protection and Detection System

    Science.gov (United States)

    Dudley, Kenneth L. (Inventor); Szatkowski, George N. (Inventor); Woodard, Marie (Inventor); Nguyen, Truong X. (Inventor); Ely, Jay J. (Inventor); Wang, Chuantong (Inventor); Mielnik, John J. (Inventor); Koppen, Sandra V. (Inventor); Smith, Laura J. (Inventor)

    2017-01-01

    A lightning protection and detection system includes a non-conductive substrate material of an apparatus; a sensor formed of a conductive material and deposited on the non-conductive substrate material of the apparatus. The sensor includes a conductive trace formed in a continuous spiral winding starting at a first end at a center region of the sensor and ending at a second end at an outer corner region of the sensor, the first and second ends being open and unconnected. An electrical measurement system is in communication with the sensor and receives a resonant response from the sensor, to perform detection, in real-time, of lightning strike occurrences and damage therefrom to the sensor and the non-conductive substrate material.

  9. Blind Leak Detection for Closed Systems

    Science.gov (United States)

    Oelgoetz, Peter; Johnson, Ricky; Todd, Douglas; Russell, Samuel; Walker, James

    2003-01-01

    The current inspection technique for locating interstitial leaking in the Space Shuttle Main Engine nozzles is the application of a liquid leak check solution in the openings where the interstitials space between the tubing and the structural jacket vent out the aft end of the nozzle, while its cooling tubes are pressurized to 25 psig with Helium. When a leak is found, it is classified, and if the leak is severe enough the suspect tube is cut open so that a boroscope can be inserted to find the leak point. Since the boroscope can only cover a finite tube length and since it is impossible to identify which tube (to the right or left of the identified interstitial) is leaking, many extra and undesired repairs have been made to fix just one leak. In certain instances when the interstitials are interlinked by poor braze bonding, many interstitials will show indications of leaking from a single source. What is desired is a technique that can identify the leak source so that a single repair can be performed. Dr, Samuel Russell and James Walker, both with NASA/MSFC have developed a thermographic inspection system that addresses a single repair approach. They have teamed with Boeing/Rocketdyne to repackage the inspection processes to be suitable to address full scale Shuttle development and flight hardware and implement the process at NASA centers. The methods and results presented address the thermographic identification of interstitial leaks in the Space Shuttle Main Engine nozzles. A highly sensitive digital infrared camera (capable of detecting a delta temperature difference of 0.025 C) is used to record the cooling effects associated with a leak source, such as a crack or pinhole, hidden within the nozzle wall by observing the inner hot wall surface as the nozzle is pressurized, These images are enhanced by digitally subtracting a thermal reference image taken before pressurization. The method provides a non-intrusive way of locating the tube that is leaking and the

  10. The Autonomous Pathogen Detection System

    Energy Technology Data Exchange (ETDEWEB)

    Dzenitis, J M; Makarewicz, A J

    2009-01-13

    We developed, tested, and now operate a civilian biological defense capability that continuously monitors the air for biological threat agents. The Autonomous Pathogen Detection System (APDS) collects, prepares, reads, analyzes, and reports results of multiplexed immunoassays and multiplexed PCR assays using Luminex{copyright} xMAP technology and flow cytometer. The mission we conduct is particularly demanding: continuous monitoring, multiple threat agents, high sensitivity, challenging environments, and ultimately extremely low false positive rates. Here, we introduce the mission requirements and metrics, show the system engineering and analysis framework, and describe the progress to date including early development and current status.

  11. Negative pressures in full-scale distribution system: field investigation, modelling, estimation of intrusion volumes and risk for public health

    Directory of Open Access Journals (Sweden)

    M. C. Besner

    2010-07-01

    Full Text Available Various investigations encompassing microbial characterization of external sources of contamination (soil and trenchwater surrounding water mains, flooded air-valve vaults, field pressure monitoring, and hydraulic and transient analyses were conducted in the same distribution system where two epidemiological studies showing an increase in gastrointestinal illness for people drinking tap water were conducted in the 1990's. Interesting results include the detection of microorganisms indicators of fecal contamination in all external sources investigated but at a higher frequency in the water from flooded air-valve vaults, and the recording of 18 negative pressure events in the distribution system during a 17-month monitoring period. Transient analysis of this large and complex distribution system was challenging and highlighted the need to consider field pressure data in the process.

  12. Nucleic acid detection system and method for detecting influenza

    Energy Technology Data Exchange (ETDEWEB)

    Cai, Hong; Song, Jian

    2015-03-17

    The invention provides a rapid, sensitive and specific nucleic acid detection system which utilizes isothermal nucleic acid amplification in combination with a lateral flow chromatographic device, or DNA dipstick, for DNA-hybridization detection. The system of the invention requires no complex instrumentation or electronic hardware, and provides a low cost nucleic acid detection system suitable for highly sensitive pathogen detection. Hybridization to single-stranded DNA amplification products using the system of the invention provides a sensitive and specific means by which assays can be multiplexed for the detection of multiple target sequences.

  13. Ultrasonic System Approach to Obstacle Detection and Edge Detection

    Directory of Open Access Journals (Sweden)

    Yin Thu Win

    2011-04-01

    Full Text Available In this paper, ultrasonic system approach to obstacle detection and edge detection for industrial and rescue operations has been presented. The developed system consists of tough sonic sensor configure with personal computer for monitoring. First, the mathematical model has been presented for the object detection system. Then the numerical simulation has been performed using Matlab platform. The experiments have been conducted using ultrasonic frequency. The curtain, paper and bamboo sheet have been considered as a media during experiments. The presented system is highly accurate for object detection and edge detection behind the obstacle.

  14. Intrusion signature creation via clustering anomalies

    Science.gov (United States)

    Hendry, Gilbert R.; Yang, Shanchieh J.

    2008-03-01

    Current practices for combating cyber attacks typically use Intrusion Detection Systems (IDSs) to detect and block multistage attacks. Because of the speed and impacts of new types of cyber attacks, current IDSs are limited in providing accurate detection while reliably adapting to new attacks. In signature-based IDS systems, this limitation is made apparent by the latency from day zero of an attack to the creation of an appropriate signature. This work hypothesizes that this latency can be shortened by creating signatures via anomaly-based algorithms. A hybrid supervised and unsupervised clustering algorithm is proposed for new signature creation. These new signatures created in real-time would take effect immediately, ideally detecting new attacks. This work first investigates a modified density-based clustering algorithm as an IDS, with its strengths and weaknesses identified. A signature creation algorithm leveraging the summarizing abilities of clustering is investigated. Lessons learned from the supervised signature creation are then leveraged for the development of unsupervised real-time signature classification. Automating signature creation and classification via clustering is demonstrated as satisfactory but with limitations.

  15. Ionization detection system for aerosols

    International Nuclear Information System (INIS)

    Jacobs, M.E.

    1977-01-01

    This invention relates to an improved smoke-detection system of the ionization-chamber type. In the preferred embodiment, the system utilizes a conventional detector head comprising a measuring ionization chamber, a reference ionization chamber, and a normally non-conductive gas triode for discharging when a threshold concentration of airborne particulates is present in the measuring chamber. The improved system utilizes a measuring ionization chamber which is modified to minimize false alarms and reductions in sensitivity resulting from changes in ambient temperature. In the preferred form of the modification, an annular radiation shield is mounted about the usual radiation source provided to effect ionization in the measuring chamber. The shield is supported by a bimetallic strip which flexes in response to changes in ambient temperature, moving the shield relative to the source so as to vary the radiative area of the source in a manner offsetting temperature-induced variations in the sensitivity of the chamber. 8 claims, 7 figures

  16. Statistical Feature Extraction for Fault Locations in Nonintrusive Fault Detection of Low Voltage Distribution Systems

    Directory of Open Access Journals (Sweden)

    Hsueh-Hsien Chang

    2017-04-01

    Full Text Available This paper proposes statistical feature extraction methods combined with artificial intelligence (AI approaches for fault locations in non-intrusive single-line-to-ground fault (SLGF detection of low voltage distribution systems. The input features of the AI algorithms are extracted using statistical moment transformation for reducing the dimensions of the power signature inputs measured by using non-intrusive fault monitoring (NIFM techniques. The data required to develop the network are generated by simulating SLGF using the Electromagnetic Transient Program (EMTP in a test system. To enhance the identification accuracy, these features after normalization are given to AI algorithms for presenting and evaluating in this paper. Different AI techniques are then utilized to compare which identification algorithms are suitable to diagnose the SLGF for various power signatures in a NIFM system. The simulation results show that the proposed method is effective and can identify the fault locations by using non-intrusive monitoring techniques for low voltage distribution systems.

  17. Pulsed helium ionization detection system

    Science.gov (United States)

    Ramsey, R.S.; Todd, R.A.

    1985-04-09

    A helium ionization detection system is provided which produces stable operation of a conventional helium ionization detector while providing improved sensitivity and linearity. Stability is improved by applying pulsed dc supply voltage across the ionization detector, thereby modifying the sampling of the detectors output current. A unique pulse generator is used to supply pulsed dc to the detector which has variable width and interval adjust features that allows up to 500 V to be applied in pulse widths ranging from about 150 nsec to about dc conditions.

  18. development of an integrated campus security alerting system

    African Journals Online (AJOL)

    user

    . Students and staff need a safe environment for academic, administrative and social activities. A standard security plan for campuses would include access control system, intrusion detection system, burglar alarm system, fire detection system,.

  19. Oceanic thermohaline intrusions: theory

    Science.gov (United States)

    Ruddick, Barry; Kerr, Oliver

    2003-03-01

    This is a review of theories governing growth and evolution of thermohaline intrusive motions. We discuss theories based on eddy coefficients and salt finger flux ratios and also on molecular Fickian diffusion, drawing relationships and parallels where possible. We discuss linear theories of various physical configurations, effects of rotation and shear, and nonlinear theories. A key requirement for such theories to become quantitatively correct is the development and field testing of relationships between double-diffusive fluxes and average vertical gradients of temperature and salinity. While we have some ideas about the functional dependencies and rough observational constraints on the magnitudes of such flux/gradient relationships, many questions will not be answered until usable ‘flux laws’ exist. Furthermore, numerical experiments on double-diffusive intrusions are currently feasible, but will have more quantitative meaning when fluxes are parameterised with such laws. We conclude that more work needs to be done in at least two areas. Firstly, tests of linear theory against observations should continue, particularly to discover the extent to which linear theories actually explain the genesis of intrusions. Secondly, theoretical studies are needed on the nonlinear effects that control the evolution and finite amplitude state of intrusions, since these determine the lateral fluxes of salt, heat, and momentum.

  20. Complicated systems for neutron detection

    International Nuclear Information System (INIS)

    Kozlov, I.M.; Nikotin, O.P.; Chekrenev, A.S.

    1982-01-01

    The design of the system for detecting delayed neutrons due to heavy nuclei photofission is described. The system comprises a large number of 3 He proportional counters of thermal neutrons. Each counter is equipped with an individual amplifier, discriminator and pUlse shaper. The tuning of a detector comprising several counters has been realized by changing the discrimination voltage in such a manner that the point of the ν radiation initial counting for all counters is under the same voltage of the high voltage source. Such method permits not only to reduce the tuning time but to obtain also an optimum value of perfect separation of signals from neutrons and ν radiation. Data processing has been performed by the commutator which permits to add signals in different versions. The choice of the version has been determined by output control potentials. The commutator functions have been recorded in the symbols of algebra logics. The described detector with the commutator has been employed in kinetic measurements of photofission delayed neutrons, for detecting fission neutrons with neutron background, from (α, n) for measuring the distribution of a number of instantaneous neutrons per fission act. The above principles of the detectors structure and data processing and recording facilities permit to unite according power supplies any number of thermal neutron counters and apply more complicated circuats of counter signal commutators

  1. FLEXible Damage Detection and Verification System

    Data.gov (United States)

    National Aeronautics and Space Administration — This project expands on the previously demonstrated Flat Surface Damage Detection System (FSDDS) capabilities.  The Flexible Damage Detection and Verification System...

  2. Formal Methods for Information Protection Technology. Task 2: Mathematical Foundations, Architecture and Principles of Implementation of Multi-Agent Learning Components for Attack Detection in Computer Networks. Part 1

    National Research Council Canada - National Science Library

    Kotenko, I

    2003-01-01

    .... Integrity, confidentiality and availability of the network resources must be assured. To detect and suppress different types of computer unauthorized intrusions, modern network security systems (NSS...

  3. Thermal animal detection system (TADS)

    Energy Technology Data Exchange (ETDEWEB)

    Desholm, M.

    2003-03-01

    This report presents data from equipment tests and software development for the Thermal Animal Detection System (TADS) development project: 'Development of a method for estimating collision frequency between migrating birds and offshore wind turbines'. The technical tests were performed to investigate the performance of remote controlling, video file compression tool and physical stress of the thermal camera when operating outdoors and under the real time vibration conditions at a 2 MW turbine. Furthermore, experimental tests on birds were performed to describe the decreasing detectability with distance on free flying birds, the performance of the thermal camera during poor visibility, and finally, the performance of the thermal sensor software developed for securing high -quality data. In general, it can be concluded that the thermal camera and its related hardware and software, the TADS, are capable of recording migrating birds approaching the rotating blades of a turbine, even under conditions with poor visibility. If the TADS is used in a vertical viewing scenario it would comply with the requirements for a setup used for estimating the avian collision frequency at offshore wind turbines. (au)

  4. Topical study on IRS events involving foreign material intrusion in plant systems. First issue. Report of a consultants meeting. Working material

    International Nuclear Information System (INIS)

    1997-01-01

    Recent exchange of operational safety experience among countries, within the framework of the IRS, revealed a noticeable increase in incidents involving foreign material intrusion (FMI) in nuclear power plant systems. These incidents appeared to have safety impact, sometimes widespread, on many systems and components, including the reactor core, control rods, the secondary side, and other support systems such as the electrical, air, and water systems. Notwithstanding the economic penalties and the operational problems that can arise from the FMI, many events indicated severe component damages, challenges to safety systems and to fuel integrity. Difficulties encountered with the removal of foreign material present further challenges due to the long term effects of such material remaining in the system and interacting with either fuel cladding, with the potential of releasing fission products in coolant systems, or with the system pressure boundary with the potential for material wear and sudden failure of the pressure boundary. The FMI topic was, therefore, one of a number of topics that was recommended by the TCM in 1996 for investigation. A consultant meeting was held at the IAEA during the period 14-18 April 1997 to address this topic. Figs

  5. A Portable Infrasonic Detection System

    Science.gov (United States)

    Shams, Qamar A.; Burkett, Cecil G.; Zuckerwar, Allan J.; Lawrenson, Christopher C.; Masterman, Michael

    2008-01-01

    During last couple of years, NASA Langley has designed and developed a portable infrasonic detection system which can be used to make useful infrasound measurements at a location where it was not possible previously. The system comprises an electret condenser microphone, having a 3-inch membrane diameter, and a small, compact windscreen. Electret-based technology offers the lowest possible background noise, because Johnson noise generated in the supporting electronics (preamplifier) is minimized. The microphone features a high membrane compliance with a large backchamber volume, a prepolarized backplane and a high impedance preamplifier located inside the backchamber. The windscreen, based on the high transmission coefficient of infrasound through matter, is made of a material having a low acoustic impedance and sufficiently thick wall to insure structural stability. Close-cell polyurethane foam has been found to serve the purpose well. In the proposed test, test parameters will be sensitivity, background noise, signal fidelity (harmonic distortion), and temporal stability. The design and results of the compact system, based upon laboratory and field experiments, will be presented.

  6. The definition of commonly agreed stylized human intrusion scenarios for use in the long term safety assessments of radioactive waste disposal systems

    International Nuclear Information System (INIS)

    Carboneras, P.

    2002-01-01

    Recent international advice on the treatment of human intrusion in relation to the safety of radioactive waste repositories is reviewed. The outstanding issues which need to be resolved in order to establish an agreed international approach to assessing the consequences and judging the impact of human intrusion are summarized. Finally, a way forward towards an internationally agreed assessment approach is proposed. (author)

  7. System for Malicious Node Detection in IPv6-Based Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Kresimir Grgic

    2016-01-01

    Full Text Available The trend of implementing the IPv6 into wireless sensor networks (WSNs has recently occurred as a consequence of a tendency of their integration with other types of IP-based networks. The paper deals with the security aspects of these IPv6-based WSNs. A brief analysis of security threats and attacks which are present in the IPv6-based WSN is given. The solution to an adaptive distributed system for malicious node detection in the IPv6-based WSN is proposed. The proposed intrusion detection system is based on distributed algorithms and a collective decision-making process. It introduces an innovative concept of probability estimation for malicious behaviour of sensor nodes. The proposed system is implemented and tested through several different scenarios in three different network topologies. Finally, the performed analysis showed that the proposed system is energy efficient and has a good capability to detect malicious nodes.

  8. Multiplexed polarization OTDR system with high DOP and ability of multi-event detection.

    Science.gov (United States)

    Wang, Xuefeng; Wang, Chaodong; Tang, Ming; Fu, Songnian; Shum, Perry

    2017-05-01

    A novel polarization optical time domain reflectometry (POTDR) with high degree of polarization is proposed for multi-event detection. By employing multiple 2×2 optical fiber couplers and fiber mirrors, an arbitrary number and customized length of sensing fiber can be multiplexed into the system without modification of the other components, e.g., the light source, photodetector, signal processing device, etc. More importantly, the signal-to-noise ratio of this system is significantly improved, and the temporal depolarization effect can be almost completely suppressed. Additionally, the system response time is considerably reduced by dispensing with data averaging, so that intrusion events such as touching and moving fiber can be detected instantaneously and precisely located. Experiments have been conducted that proved the capability of multi-event simultaneous detection and vibration frequency measurement. This system promises application potential in multi-zone perimeter security and physical field measurement.

  9. Network Intrusion Dataset Assessment

    Science.gov (United States)

    2013-03-01

    protection in the United States. AFIT-ENG-13-M-49 NETWORK INTRUSION DATASET ASSESSMENT THESIS Presented to the Faculty Department of Electrical and...conclusions as to its use as a benchmark dataset vary: Cho et al. [10] recommend not using the KDD99 dataset at all, while Engen et al. [16] suggest that...more care be taken in interpretation of results, but recommend continued use. As discussed by Engen et al. [16], researchers continue to use the KDD99

  10. A DoS/DDoS Attack Detection System Using Chi-Square Statistic Approach

    Directory of Open Access Journals (Sweden)

    Fang-Yie Leu

    2010-04-01

    Full Text Available Nowadays, users can easily access and download network attack tools, which often provide friendly interfaces and easily operated features, from the Internet. Therefore, even a naive hacker can also launch a large scale DoS or DDoS attack to prevent a system, i.e., the victim, from providing Internet services. In this paper, we propose an agent based intrusion detection architecture, which is a distributed detection system, to detect DoS/DDoS attacks by invoking a statistic approach that compares source IP addresses' normal and current packet statistics to discriminate whether there is a DoS/DDoS attack. It first collects all resource IPs' packet statistics so as to create their normal packet distribution. Once some IPs' current packet distribution suddenly changes, very often it is an attack. Experimental results show that this approach can effectively detect DoS/DDoS attacks.

  11. Numerical modelling of seawater intrusion in Shenzhen (China ...

    Indian Academy of Sciences (India)

    A fairly good fitness between the observed and computed values was obtained by a manual trial-and-error method. ... controlling seawater intrusion in such coastal aquifer systems. 1. Introduction. Seawater intrusion constitutes a ..... reveals that FEFLOW is an effective and robust simulation tool for studying variable-density.

  12. Vulnerbility of production wells in the Potomac-Raritan-Magothy aquifer system to saltwater intrusion from the Delaware River in Camden, Gloucester, and Salem Counties, New Jersey

    Science.gov (United States)

    Navoy, Anthony S.; Voronin, Lois M.; Modica, Edward

    2005-01-01

    The Potomac-Raritan-Magothy aquifer system is hydraulically connected to the Delaware River in parts of Camden and Gloucester Counties, New Jersey, and has more limited contact with the river in Salem County, New Jersey. The aquifer system is used widely for water supply, and 122 production wells that are permitted by the New Jersey Department of Environmental Protection to pump more than 100,000 gallons per year in the three counties are within 2 miles of the river. During drought, saltwater may encroach upstream from the Atlantic Ocean and Delaware Bay to areas where the aquifer system is recharged by induced infiltration through the Delaware River streambed. During the drought of the mid-1960's, water with a chloride concentration in excess of potability standards (250 mg/L (milligrams per liter)) encroached into the reach of the river that recharges the aquifer system. The vulnerability of the major production wells in the area to similar saltwater encroachment in the future is a concern to water managers. This vulnerability was evaluated by investigating two scenarios: (1) a one-time recurrence of the conditions approximating those that occurred in the1960's, and (2) the recurrence of those same conditions on an annual basis. Results of ground-water-flow simulation in conjunction with particle tracking and one-dimensional transport analysis indicate that the wells that are most vulnerable to saltwater intrusion are those in the Morris and Delair well fields in Camden County. A single 30-day event during which the concentration of dissolved chloride or sodium exceeds 2,098 mg/L or 407 mg/L, respectively, in the Delaware River would threaten the potability of water from these wells, given New Jersey drinking-water standards of 250 mg/L for dissolved chloride and 50 mg/L for dissolved sodium. This chloride concentration is about six times that observed in the river during the 1960's drought. An annually occurring 1-month event during which the concentrations of

  13. System for detecting nuclear explosions

    International Nuclear Information System (INIS)

    Rawls, L.E.

    1978-01-01

    Apparatus for detecting underground nuclear explosions is described that is comprised of an antenna located in the dielectric substance of a deep waveguide in the earth and adapted to detect low frequency electromagnetic waves generated by a nuclear explosion, the deep waveguide comprising the high conductivity upper sedimentary layers of the earth, the dielectric basement rock, and a high conductivity layer of basement rock due to the increased temperature thereof at great depths, and means for receiving the electromagnetic waves detected by said antenna means

  14. Saltwater intrusion in the surficial aquifer system of the Big Cypress Basin, southwest Florida, and a proposed plan for improved salinity monitoring

    Science.gov (United States)

    Prinos, Scott T.

    2013-01-01

    The installation of drainage canals, poorly cased wells, and water-supply withdrawals have led to saltwater intrusion in the primary water-use aquifers in southwest Florida. Increasing population and water use have exacerbated this problem. Installation of water-control structures, well-plugging projects, and regulation of water use have slowed saltwater intrusion, but the chloride concentration of samples from some of the monitoring wells in this area indicates that saltwater intrusion continues to occur. In addition, rising sea level could increase the rate and extent of saltwater intrusion. The existing saltwater intrusion monitoring network was examined and found to lack the necessary organization, spatial distribution, and design to properly evaluate saltwater intrusion. The most recent hydrogeologic framework of southwest Florida indicates that some wells may be open to multiple aquifers or have an incorrect aquifer designation. Some of the sampling methods being used could result in poor-quality data. Some older wells are badly corroded, obstructed, or damaged and may not yield useable samples. Saltwater in some of the canals is in close proximity to coastal well fields. In some instances, saltwater occasionally occurs upstream from coastal salinity control structures. These factors lead to an incomplete understanding of the extent and threat of saltwater intrusion in southwest Florida. A proposed plan to improve the saltwater intrusion monitoring network in the South Florida Water Management District’s Big Cypress Basin describes improvements in (1) network management, (2) quality assurance, (3) documentation, (4) training, and (5) data accessibility. The plan describes improvements to hydrostratigraphic and geospatial network coverage that can be accomplished using additional monitoring, surface geophysical surveys, and borehole geophysical logging. Sampling methods and improvements to monitoring well design are described in detail. Geochemical analyses

  15. Homodyne detection of holographic memory systems

    Science.gov (United States)

    Urness, Adam C.; Wilson, William L.; Ayres, Mark R.

    2014-09-01

    We present a homodyne detection system implemented for a page-wise holographic memory architecture. Homodyne detection by holographic memory systems enables phase quadrature multiplexing (doubling address space), and lower exposure times (increasing read transfer rates). It also enables phase modulation, which improves signal-to-noise ratio (SNR) to further increase data capacity. We believe this is the first experimental demonstration of homodyne detection for a page-wise holographic memory system suitable for a commercial design.

  16. Notes on saltwater intrusion and trace element distribution in Metro Manila groundwaters

    International Nuclear Information System (INIS)

    Santos, G. Jr.; Ramos, A.F.; Fernandez, L.G.; Almoneda, R.V.; Garcia, T.Y.; Cruz, C.C.; Petrache, C.A.; Andal, T.T.; Alcantara, E.

    1989-01-01

    Preliminary analyses of waters for uranium and other trace elements from deepwells operated by the Metropolitan Waterworks and Sewerage System (MWSS) in Metro Manila were performed. Uranium, which ranged from 0.2 ppb to 6 ppb, was correlated with saltwater intrusion. Values >=0.8 ppb for uranium were considered indicative of saline water intrusion in the aquifers. Saline water intrusions in Malabon, Navotas, Paranaque, Las Pinas, Bacoor, Imus, Kawit, Pasig, Antipolo, San Mateo, Taguig, Cainta, Taytay, Alabang and Muntinlupa were noted. Most of these areas were also identified by MWSS as being affected by saltwater intrusion. Tritium values ranged from 0 (below detection limits) to 44 tritium units. Except for one well in Muntinlupa, all the values obtained were below the lower limit of detection of 30.83 T.U. Mercury contents in six well locations had values above the maximum limit set by the National Standards for Drinking Water. Four wells exceeded the permissible level for manganese while two wells had iron concentrations greater than the National Standards. Other trace element concentrations such as Cr, Pb, Zn, Co and Ni either did not exceed their permissible levels or were not included in the National Standards. (Auth.). 6 refs.; 1 tab.; 3 figs

  17. Discriminating ultrasonic proximity detection system

    Energy Technology Data Exchange (ETDEWEB)

    Annala, W C

    1986-12-04

    This invention uses an ultrasonic transmitter and receiver and a microprocessor to detect the presence of an object. In the reset mode the invention uses a plurality of echoes from each ultrasonic burst to create a reference table of the echo-burst-signature of the empty monitored environment. The invention then processes the reference table so that it only uses the most reliable data. In the detection mode the invention compares the echo-burst-signature of the present environment with the reference table, detecting an object if there is a consistent difference between the echo-burst-signature of the empty monitored environment recorded in the reference table and the echo-burst-signature of the present environment.

  18. Discriminating ultrasonic proximity detection system

    Energy Technology Data Exchange (ETDEWEB)

    Annala, W.C.

    1989-01-24

    This invention uses an ultrasonic transmitter and receiver and a microprocessor to detect the presence of an object. In the reset mode the invention uses a plurality of echoes from each ultrasonic burst to create a reference table of the echo-burst-signature of the empty monitored environment. The invention then processes the reference table so that it only uses the most reliable data. In the detection mode the invention compares the echo-burst-signature of the present environment with the reference table, detecting an object if there is a consistent difference between the echo-burst-signature of the empty monitored environment recorded in the reference table and the echo-burst-signature of the present environment.

  19. Discriminating ultrasonic proximity detection system

    Energy Technology Data Exchange (ETDEWEB)

    Annala, Wayne C. (Durango, CO)

    1989-01-01

    This invention uses an ultrasonic transmitter and receiver and a microprocessor to detect the presence of an object. In the reset mode the invention uses a plurality of echoes from each ultrasonic burst to create a reference table of the echo-burst-signature of the empty monitored environment. The invention then processes the reference table so that it only uses the most reliable data. In the detection mode the invention compares the echo-burst-signature of the present environment with the reference table, detecting an object if there is a consistent difference between the echo-burst-signature of the empty monitored environment recorded in the reference table and the echo-burst-signature of the present environment.

  20. Damage Detection and Deteriorating Structural Systems

    DEFF Research Database (Denmark)

    Long, Lijia; Thöns, Sebastian; Döhler, Michael

    2017-01-01

    detection information is determined utilizing Bayesian updating. The damage detection performance is described with the probability of indication for different component and system damage states taking into account type 1 and type 2 errors. The value of damage detection information is then calculated...

  1. A COMPARISON STUDY FOR INTRUSION DATABASE (KDD99, NSL-KDD BASED ON SELF ORGANIZATION MAP (SOM ARTIFICIAL NEURAL NETWORK

    Directory of Open Access Journals (Sweden)

    LAHEEB M. IBRAHIM

    2013-02-01

    Full Text Available Detecting anomalous traffic on the internet has remained an issue of concern for the community of security researchers over the years. The advances in the area of computing performance, in terms of processing power and storage, have fostered their ability to host resource-intensive intelligent algorithms, to detect intrusive activity, in a timely manner. As part of this project, we study and analyse the performance of Self Organization Map (SOM Artificial Neural Network, when implemented as part of an Intrusion Detection System, to detect anomalies on acknowledge Discovery in Databases KDD 99 and NSL-KDD datasets of internet traffic activity simulation. Results obtained are compared and analysed based on several performance metrics, where the detection rate for KDD 99 dataset is 92.37%, while detection rate for NSL-KDD dataset is 75.49%.

  2. Expandable coating cocoon leak detection system

    Science.gov (United States)

    Hauser, R. L.; Kochansky, M. C.

    1972-01-01

    Development of system and materials for detecting leaks in cocoon protective coatings are discussed. Method of applying materials for leak determination is presented. Pressurization of system following application of materials will cause formation of bubble if leak exists.

  3. Intrusive and Non-Intrusive Load Monitoring (A Survey

    Directory of Open Access Journals (Sweden)

    Marco Danilo Burbano Acuña

    2015-05-01

    Full Text Available There is not discussion about the need of energyconservation, it is well known that energy resources are limitedmoreover the global energy demands will double by the end of2030, which certainly will bring implications on theenvironment and hence to all of us.Non-Intrusive load monitoring (NILM is the process ofrecognize electrical devices and its energy consumption basedon whole home electric signals, where this aggregated load datais acquired from a single point of measurement outside thehousehold. The aim of this approach is to get optimal energyconsumption and avoid energy wastage. Intrusive loadmonitoring (ILM is the process of identify and locate singledevices through the use of sensing systems to support control,monitor and intervention of such devices. The aim of thisapproach is to offer a base for the development of importantapplications for remote and automatic intervention of energyconsumption inside buildings and homes as well. For generalpurposes this paper states a general framework of NILM andILM approaches.Appliance discerns can be tackled using approaches fromdata mining and machine learning, finding out the techniquesthat fit the best this requirements, is a key factor for achievingfeasible and suitable appliance load monitoring solutions. Thispaper presents common and interesting methods used.Privacy concerns have been one of the bigger obstacles forimplementing a widespread adoption of these solutions; despitethis fact, developed countries like those inside the EU and theUK have established a deadline for the implementation ofsmart meters in the whole country, whereas USA governmentstill struggles with the acceptance of this solution by itscitizens.The implementation of security over these approachesalong with fine-grained energy monitoring would lead to abetter public agreement of these solutions and hence a fasteradoption of such approaches. This paper reveals a lack ofsecurity over these approaches with a real scenario.

  4. Motion effects on intrusion development

    NARCIS (Netherlands)

    Krans, J.; Näring, G.W.B.; Holmes, E.A.; Becker, E.S.

    2010-01-01

    Analogue studies on intrusion development have found that visuospatial tasks performed during the encoding of aversive information reduce subsequent intrusion development. However, these studies cannot rule out a physical explanation in terms of simple movement. In the current study we addressed

  5. A New Generic Taxonomy on Hybrid Malware Detection Technique

    OpenAIRE

    Robiah, Y.; Rahayu, S. Siti; Zaki, M. Mohd; Shahrin, S.; Faizal, M. A.; Marliza, R.

    2009-01-01

    Malware is a type of malicious program that replicate from host machine and propagate through network. It has been considered as one type of computer attack and intrusion that can do a variety of malicious activity on a computer. This paper addresses the current trend of malware detection techniques and identifies the significant criteria in each technique to improve malware detection in Intrusion Detection System (IDS). Several existing techniques are analyzing from 48 various researches and...

  6. Adaptive, Model-Based Monitoring and Threat Detection

    National Research Council Canada - National Science Library

    Valdes, Alfonso

    2002-01-01

    .... We describe a network intrusion detection system (IDS) using Bayes inference, wherein the knowledge base is encoded not as rules but as conditional probability relations between observables and hypotheses of normal and malicious usage...

  7. Real-time petroleum spill detection system

    International Nuclear Information System (INIS)

    Dakin, D.T.

    2001-01-01

    A real-time autonomous oil and fuel spill detection system has been developed to rapidly detect of a wide range of petroleum products floating on, or suspended in water. The system consists of an array of spill detection buoys distributed within the area to be monitored. The buoys are composed of a float and a multispectral fluorometer, which looks up through the top 5 cm of water to detect floating and suspended petroleum products. The buoys communicate to a base station computer that controls the sampling of the buoys and analyses the data from each buoy to determine if a spill has occurred. If statistically significant background petroleum levels are detected, the system raises an oil spill alarm. The system is useful because early detection of a marine oil spill allows for faster containment, thereby minimizing the contaminated area and reducing cleanup costs. This paper also provided test results for biofouling, various petroleum product detection, water turbidity and wave tolerance. The technology has been successfully demonstrated. The UV light source keeps the optic window free from biofouling, and the electronics are fully submerged so there is no risk that the unit could ignite the vapours of a potential oil spill. The system can also tolerate moderately turbid waters and can therefore be used in many rivers, harbours, water intakes and sumps. The system can detect petroleum products with an average thickness of less than 3 micrometers floating on the water surface. 3 refs., 15 figs

  8. Anomaly Detection for Complex Systems

    Data.gov (United States)

    National Aeronautics and Space Administration — In performance maintenance in large, complex systems, sensor information from sub-components tends to be readily available, and can be used to make predictions about...

  9. Analysis of vulnerability to intrusion - a software for aid in training, design, and implementation of physical system

    International Nuclear Information System (INIS)

    Tangdan

    2002-01-01

    Full text: In this paper, we discuss briefly the developed level of physical protection system (PPS) in different Chinese history stage, and the relation between PPS and society, politics, military and security. It reveals the current status of application of PPS in China, and the level of design, implementation, evaluation and products. We also discuss the developing direction and applying tendency of PPS in future China. We mainly introduce a software using the ASD to evaluate the effectiveness of the PPS at a facility. It is used for training, design, and implementation of physical system. It identifies the path which adversaries can follow to accomplish sabotage or theft. For a specific PPS and threat, the most vulnerable path can be determined. The path probability of interruption P(I) establishes of the total PPS. Especially, we introduce how to specify threat characteristics bases the situation of present Chinese society, based global and local threat development. We also introduce how to build a data base of different elements based on the level of crime at present China. (author)

  10. Damage Detection and Deteriorating Structural Systems

    DEFF Research Database (Denmark)

    Long, Lijia; Thöns, Sebastian; Döhler, Michael

    2017-01-01

    This paper addresses the quantification of the value of damage detection system and algorithm information on the basis of Value of Information (VoI) analysis to enhance the benefit of damage detection information by providing the basis for its optimization before it is performed and implemented....... The approach of the quantification the value of damage detection information builds upon the Bayesian decision theory facilitating the utilization of damage detection performance models, which describe the information and its precision on structural system level, facilitating actions to ensure the structural...... integrity and facilitating to describe the structural system performance and its functionality throughout the service life. The structural system performance is described with its functionality, its deterioration and its behavior under extreme loading. The structural system reliability given the damage...

  11. An Ubiquitous and Non Intrusive System for Pervasive Advertising using NFC and Geolocation Technologies and Air Hand Gestures

    Directory of Open Access Journals (Sweden)

    Francisco M. Borrego-Jaraba

    2014-01-01

    Full Text Available In this paper we present a pervasive proposal for advertising using mobile phones, Near Field Communication, geolocation and air hand gestures. Advertising post built by users in public/private spaces can store multiple ads containing any kind of textual, graphic or multimedia information. Ads are automatically shows in the mobile phone of the users using a notification based process considering relative user location between the posts and the user preferences. Moreover, ads can be stored and retrieved from the post using hand gestures and Near Field Communication technology. Secure management of information about users, posts, and notifications and the use of instant messaging enable the development of systems to extend the current advertising strategies based on Web, large displays or digital signage.

  12. Real-time distributed fiber optic sensor for security systems: Performance, event classification and nuisance mitigation

    Science.gov (United States)

    Mahmoud, Seedahmed S.; Visagathilagar, Yuvaraja; Katsifolis, Jim

    2012-09-01

    The success of any perimeter intrusion detection system depends on three important performance parameters: the probability of detection (POD), the nuisance alarm rate (NAR), and the false alarm rate (FAR). The most fundamental parameter, POD, is normally related to a number of factors such as the event of interest, the sensitivity of the sensor, the installation quality of the system, and the reliability of the sensing equipment. The suppression of nuisance alarms without degrading sensitivity in fiber optic intrusion detection systems is key to maintaining acceptable performance. Signal processing algorithms that maintain the POD and eliminate nuisance alarms are crucial for achieving this. In this paper, a robust event classification system using supervised neural networks together with a level crossings (LCs) based feature extraction algorithm is presented for the detection and recognition of intrusion and non-intrusion events in a fence-based fiber-optic intrusion detection system. A level crossings algorithm is also used with a dynamic threshold to suppress torrential rain-induced nuisance alarms in a fence system. Results show that rain-induced nuisance alarms can be suppressed for rainfall rates in excess of 100 mm/hr with the simultaneous detection of intrusion events. The use of a level crossing based detection and novel classification algorithm is also presented for a buried pipeline fiber optic intrusion detection system for the suppression of nuisance events and discrimination of intrusion events. The sensor employed for both types of systems is a distributed bidirectional fiber-optic Mach-Zehnder (MZ) interferometer.

  13. Voice activity detection for speaker verification systems

    Science.gov (United States)

    Borowski, Filip

    2008-01-01

    Complex algorithm for speech activity detection was presented in this article. It is based on speech enhancement, features extraction and final detection algorithm. The first one was published in ETSI standard as a module of "Advanced front-end feature extraction algorithm" in distributed speech recognition system. It consists of two main parts, noise estimatiom and Wiener filtering. For the final detection modified linear prediction coefficients and spectral entropy features are extracted form denoised signal.

  14. Embedded Systems - Missile Detection/Interception

    Directory of Open Access Journals (Sweden)

    Luis Cintron

    2010-01-01

    Full Text Available Missile defense systems are often related to major military resources aimed at shielding a specific region from incoming attacks. They are intended to detect, track, intercept, and destruct incoming enemy missiles. These systems vary in cost, efficiency, dependability, and technology. In present times, the possession of these types of systems is associated with large capacity military countries. Demonstrated here are the mathematical techniques behind missile systems which calculate trajectories of incoming missiles and potential intercept positions after initial missile detection. This procedure involved the use of vector-valued functions, systems of equations, and knowledge of projectile motion concepts.

  15. A failure detection and isolation system simulator

    International Nuclear Information System (INIS)

    Assumpcao Filho, E.O.; Nakata, H.

    1990-04-01

    A failure detection and isolation system (FDI) simulation program has been developed for IBM-PC microcomputers. The program, based on the sequential likelihood ratio testing method developed by A. Wald, was implemented with the Monte-Carlo technique. The calculated failure detection rate was favorably compared against the wind-tunnel experimental redundant temperature sensors. (author) [pt

  16. Statistical fault detection in photovoltaic systems

    KAUST Repository

    Garoudja, Elyes

    2017-05-08

    Faults in photovoltaic (PV) systems, which can result in energy loss, system shutdown or even serious safety breaches, are often difficult to avoid. Fault detection in such systems is imperative to improve their reliability, productivity, safety and efficiency. Here, an innovative model-based fault-detection approach for early detection of shading of PV modules and faults on the direct current (DC) side of PV systems is proposed. This approach combines the flexibility, and simplicity of a one-diode model with the extended capacity of an exponentially weighted moving average (EWMA) control chart to detect incipient changes in a PV system. The one-diode model, which is easily calibrated due to its limited calibration parameters, is used to predict the healthy PV array\\'s maximum power coordinates of current, voltage and power using measured temperatures and irradiances. Residuals, which capture the difference between the measurements and the predictions of the one-diode model, are generated and used as fault indicators. Then, the EWMA monitoring chart is applied on the uncorrelated residuals obtained from the one-diode model to detect and identify the type of fault. Actual data from the grid-connected PV system installed at the Renewable Energy Development Center, Algeria, are used to assess the performance of the proposed approach. Results show that the proposed approach successfully monitors the DC side of PV systems and detects temporary shading.

  17. IMPROVING CAUSE DETECTION SYSTEMS WITH ACTIVE LEARNING

    Data.gov (United States)

    National Aeronautics and Space Administration — IMPROVING CAUSE DETECTION SYSTEMS WITH ACTIVE LEARNING ISAAC PERSING AND VINCENT NG Abstract. Active learning has been successfully applied to many natural language...

  18. DETECTION OF HISTORICAL PIPELINE LEAK PLUMES USING NON-INTRUSIVE SURFACE-BASED GEOPHYSICAL TECHNIQUES AT THE HANFORD NUCLEAR SITE WASHINGTON USA

    Energy Technology Data Exchange (ETDEWEB)

    SKORSKA MB; FINK JB; RUCKER DF; LEVITT MT

    2010-12-02

    Historical records from the Department of Energy Hanford Nuclear Reservation (in eastern WA) indicate that ruptures in buried waste transfer pipelines were common between the 1940s and 1980s, which resulted in unplanned releases (UPRs) of tank: waste at numerous locations. A number of methods are commercially available for the detection of active or recent leaks, however, there are no methods available for the detection of leaks that occurred many years ago. Over the decades, leaks from the Hanford pipelines were detected by visual observation of fluid on the surface, mass balance calculations (where flow volumes were monitored), and incidental encounters with waste during excavation or drilling. Since these detection methods for historic leaks are so limited in resolution and effectiveness, it is likely that a significant number of pipeline leaks have not been detected. Therefore, a technology was needed to detect the specific location of unknown pipeline leaks so that characterization technologies can be used to identify any risks to groundwater caused by waste released into the vadose zone. A proof-of-concept electromagnetic geophysical survey was conducted at an UPR in order to image a historical leak from a waste transfer pipeline. The survey was designed to test an innovative electromagnetic geophysical technique that could be used to rapidly map the extent of historical leaks from pipelines within the Hanford Site complex. This proof-of-concept test included comprehensive testing and analysis of the transient electromagnetic method (TEM) and made use of supporting and confirmatory geophysical methods including ground penetrating radar, magnetics, and electrical resistivity characterization (ERC). The results for this initial proof-of-concept test were successful and greatly exceeded the expectations of the project team by providing excellent discrimination of soils contaminated with leaked waste despite the interference from an electrically conductive pipe.

  19. Detection and intelligent systems for homeland security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Detection and Intelligent Systems for Homeland Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering advanced technology for image and video interpretation systems used for surveillance, which help in solving such problems as identifying faces from live streaming or stored videos. Biometrics for human identification, including eye retinas and irises, and facial patterns are also presented. The book then provides information on sensors for detection of explosive and radioactive materials and methods for sensing chemical

  20. Detecting data anomalies methods in distributed systems

    Science.gov (United States)

    Mosiej, Lukasz

    2009-06-01

    Distributed systems became most popular systems in big companies. Nowadays many telecommunications companies want to hold large volumes of data about all customers. Obviously, those data cannot be stored in single database because of many technical difficulties, such as data access efficiency, security reasons, etc. On the other hand there is no need to hold all data in one place, because companies already have dedicated systems to perform specific tasks. In the distributed systems there is a redundancy of data and each system holds only interesting data in appropriate form. Data updated in one system should be also updated in the rest of systems, which hold that data. There are technical problems to update those data in all systems in transactional way. This article is about data anomalies in distributed systems. Avail data anomalies detection methods are shown. Furthermore, a new initial concept of new data anomalies detection methods is described on the last section.

  1. Multispectral imaging system for contaminant detection

    Science.gov (United States)

    Poole, Gavin H. (Inventor)

    2003-01-01

    An automated inspection system for detecting digestive contaminants on food items as they are being processed for consumption includes a conveyor for transporting the food items, a light sealed enclosure which surrounds a portion of the conveyor, with a light source and a multispectral or hyperspectral digital imaging camera disposed within the enclosure. Operation of the conveyor, light source and camera are controlled by a central computer unit. Light reflected by the food items within the enclosure is detected in predetermined wavelength bands, and detected intensity values are analyzed to detect the presence of digestive contamination.

  2. Portable reconfigurable detection and assessment system

    International Nuclear Information System (INIS)

    Blattman, D.A.

    1991-01-01

    Rapidly changing geopolitical issues throughout the world have made the ability to effectively respond to political, military, terrorist and peace-keeping requirements increasingly important. Recent Middle East events indicate a continuing escalation in these activities. These activities are defining the requirements for a rapidly deployable, portable, real-time detection and assessment operational security system that is reconfigurable to site specific threats. This paper describes such a system Mobile Operational Detection and Assessment system (MODAS); a commercially-off-the shelf (COTS) integrated and reconfigurable hardware/software system solution for the ever-changing geopolitical security issues of the Nineties

  3. Active fault detection in MIMO systems

    DEFF Research Database (Denmark)

    Niemann, Hans Henrik; Poulsen, Niels Kjølstad

    2014-01-01

    The focus in this paper is on active fault detection (AFD) for MIMO systems with parametric faults. The problem of design of auxiliary inputs with respect to detection of parametric faults is investigated. An analysis of the design of auxiliary inputs is given based on analytic transfer functions...... from auxiliary input to residual outputs. The analysis is based on a singular value decomposition of these transfer functions Based on this analysis, it is possible to design auxiliary input as well as design of the associated residual vector with respect to every single parametric fault in the system...... such that it is possible to detect these faults....

  4. Work zone intrusion alarm effectiveness.

    Science.gov (United States)

    2010-09-01

    16. Abstract : The New Jersey Department of Transportation (NJDOT) commissioned a study to evaluate how : effective a work zone safety device known as the SonoBlaster! Work Zone Intrusion Alarm would be : in protecting maintenance workers fro...

  5. Flat Surface Damage Detection System (FSDDS)

    Science.gov (United States)

    Williams, Martha; Lewis, Mark; Gibson, Tracy; Lane, John; Medelius, Pedro; Snyder, Sarah; Ciarlariello, Dan; Parks, Steve; Carrejo, Danny; Rojdev, Kristina

    2013-01-01

    The Flat Surface Damage Detection system (FSDDS} is a sensory system that is capable of detecting impact damages to surfaces utilizing a novel sensor system. This system will provide the ability to monitor the integrity of an inflatable habitat during in situ system health monitoring. The system consists of three main custom designed subsystems: the multi-layer sensing panel, the embedded monitoring system, and the graphical user interface (GUI). The GUI LABVIEW software uses a custom developed damage detection algorithm to determine the damage location based on the sequence of broken sensing lines. It estimates the damage size, the maximum depth, and plots the damage location on a graph. Successfully demonstrated as a stand alone technology during 2011 D-RATS. Software modification also allowed for communication with HDU avionics crew display which was demonstrated remotely (KSC to JSC} during 2012 integration testing. Integrated FSDDS system and stand alone multi-panel systems were demonstrated remotely and at JSC, Mission Operations Test using Space Network Research Federation (SNRF} network in 2012. FY13, FSDDS multi-panel integration with JSC and SNRF network Technology can allow for integration with other complementary damage detection systems.

  6. Automated Hydrogen Gas Leak Detection System

    Science.gov (United States)

    1995-01-01

    The Gencorp Aerojet Automated Hydrogen Gas Leak Detection System was developed through the cooperation of industry, academia, and the Government. Although the original purpose of the system was to detect leaks in the main engine of the space shuttle while on the launch pad, it also has significant commercial potential in applications for which there are no existing commercial systems. With high sensitivity, the system can detect hydrogen leaks at low concentrations in inert environments. The sensors are integrated with hardware and software to form a complete system. Several of these systems have already been purchased for use on the Ford Motor Company assembly line for natural gas vehicles. This system to detect trace hydrogen gas leaks from pressurized systems consists of a microprocessor-based control unit that operates a network of sensors. The sensors can be deployed around pipes, connectors, flanges, and tanks of pressurized systems where leaks may occur. The control unit monitors the sensors and provides the operator with a visual representation of the magnitude and locations of the leak as a function of time. The system can be customized to fit the user's needs; for example, it can monitor and display the condition of the flanges and fittings associated with the tank of a natural gas vehicle.

  7. Capacitive system detects and locates fluid leaks

    Science.gov (United States)

    1966-01-01

    Electronic monitoring system automatically detects and locates minute leaks in seams of large fluid storage tanks and pipelines covered with thermal insulation. The system uses a capacitive tape-sensing element that is adhesively bonded over seams where fluid leaks are likely to occur.

  8. Expert System Detects Power-Distribution Faults

    Science.gov (United States)

    Walters, Jerry L.; Quinn, Todd M.

    1994-01-01

    Autonomous Power Expert (APEX) computer program is prototype expert-system program detecting faults in electrical-power-distribution system. Assists human operators in diagnosing faults and deciding what adjustments or repairs needed for immediate recovery from faults or for maintenance to correct initially nonthreatening conditions that could develop into faults. Written in Lisp.

  9. Hydrogen detection systems leak response codes

    International Nuclear Information System (INIS)

    Desmas, T.; Kong, N.; Maupre, J.P.; Schindler, P.; Blanc, D.

    1990-01-01

    A loss in tightness of a water tube inside a Steam Generator Unit of a Fast Reactor is usually monitored by hydrogen detection systems. Such systems have demonstrated in the past their ability to detect a leak in a SGU. However, the increase in size of the SGU or the choice of ferritic material entails improvement of these systems in order to avoid secondary leak or to limit damages to the tube bundle. The R and D undertaken in France on this subject is presented. (author). 11 refs, 10 figs

  10. Improved biosensor-based detection system

    DEFF Research Database (Denmark)

    2015-01-01

    Described is a new biosensor-based detection system for effector compounds, useful for in vivo applications in e.g. screening and selecting of cells which produce a small molecule effector compound or which take up a small molecule effector compound from its environment. The detection system...... comprises a protein or RNA-based biosensor for the effector compound which indirectly regulates the expression of a reporter gene via two hybrid proteins, providing for fewer false signals or less 'noise', tuning of sensitivity or other advantages over conventional systems where the biosensor directly...

  11. A cable detection lidar system for helicopters

    Science.gov (United States)

    Grossmann, Benoist; Capbern, Alain; Defour, Martin; Fertala, Remi

    1992-01-01

    Helicopters in low-level flight are endangered by power lines or telephone wires, especially when flying at night and under poor visibility conditions. In order to prevent 'wire strike', Thomson has developed a lidar system consisting of a pulsed diode laser emitting in the near infrared region (lambda = 0.9 microns). The HOWARD (Helicopter Obstacle Warning and Detection) System utilizes a high repetition rate diode laser (PRE = 20 KHz) along with counter-rotating prisms for laser beam deflection with a total field of view of 30 degrees. This system was successfully field tested in 1991. HOWARD can detect one inch wires at ranges up to 200 meters. We are presently in the process of developing a flyable compact lidar system capable of detection ranges in the order of 400 meters.

  12. Identifying seawater intrusion in coastal areas by means of 1D and quasi-2D joint inversion of TDEM and VES data

    Science.gov (United States)

    Martínez-Moreno, F. J.; Monteiro-Santos, F. A.; Bernardo, I.; Farzamian, M.; Nascimento, C.; Fernandes, J.; Casal, B.; Ribeiro, J. A.

    2017-09-01

    Seawater intrusion is an increasingly widespread problem in coastal aquifers caused by climate changes -sea-level rise, extreme phenomena like flooding and droughts- and groundwater depletion near to the coastline. To evaluate and mitigate the environmental risks of this phenomenon it is necessary to characterize the coastal aquifer and the salt intrusion. Geophysical methods are the most appropriate tool to address these researches. Among all geophysical techniques, electrical methods are able to detect seawater intrusions due to the high resistivity contrast between saltwater, freshwater and geological layers. The combination of two or more geophysical methods is recommended and they are more efficient when both data are inverted jointly because the final model encompasses the physical properties measured for each methods. In this investigation, joint inversion of vertical electric and time domain soundings has been performed to examine seawater intrusion in an area within the Ferragudo-Albufeira aquifer system (Algarve, South of Portugal). For this purpose two profiles combining electrical resistivity tomography (ERT) and time domain electromagnetic (TDEM) methods were measured and the results were compared with the information obtained from exploration drilling. Three different inversions have been carried out: single inversion of the ERT and TDEM data, 1D joint inversion and quasi-2D joint inversion. Single inversion results identify seawater intrusion, although the sedimentary layers detected in exploration drilling were not well differentiated. The models obtained with 1D joint inversion improve the previous inversion due to better detection of sedimentary layer and the seawater intrusion appear to be better defined. Finally, the quasi-2D joint inversion reveals a more realistic shape of the seawater intrusion and it is able to distinguish more sedimentary layers recognised in the exploration drilling. This study demonstrates that the quasi-2D joint

  13. Iron isotope systematics of the Skaergaard intrusion

    DEFF Research Database (Denmark)

    Lesher, Charles; Lundstrom, C.C.; Barfod, Gry

    crystallization on non-traditional stable isotope systems, particularly iron. FeTi oxide minerals (titanomagnetite and ilmenite) appear after ~60% of the magma had solidified. This was a significant event affecting the liquid line of descent and potentially accompanied by iron isotope fractionation. Here we...... report the results of a broad study of the iron isotope compositions of gabbros within the layered and upper border series of the Skaergaard intrusion, pegmatite and granophyre associated with these gabbroic rocks, and the sandwich horizon thought to represent the product of extreme differentiation and....../or liquid immiscibility. Forty-eight whole rock samples from well-constrained stratigraphic levels in the intrusion were crushed, powdered and dissolved, followed by iron separation by ion chromatography. Purified solutions were analyzed by MC- ICPMS in high-resolution mode using the sample-std bracket...

  14. Fault detection and isolation for complex system

    Science.gov (United States)

    Jing, Chan Shi; Bayuaji, Luhur; Samad, R.; Mustafa, M.; Abdullah, N. R. H.; Zain, Z. M.; Pebrianti, Dwi

    2017-07-01

    Fault Detection and Isolation (FDI) is a method to monitor, identify, and pinpoint the type and location of system fault in a complex multiple input multiple output (MIMO) non-linear system. A two wheel robot is used as a complex system in this study. The aim of the research is to construct and design a Fault Detection and Isolation algorithm. The proposed method for the fault identification is using hybrid technique that combines Kalman filter and Artificial Neural Network (ANN). The Kalman filter is able to recognize the data from the sensors of the system and indicate the fault of the system in the sensor reading. Error prediction is based on the fault magnitude and the time occurrence of fault. Additionally, Artificial Neural Network (ANN) is another algorithm used to determine the type of fault and isolate the fault in the system.

  15. Multilayer optical disc system using homodyne detection

    Science.gov (United States)

    Kurokawa, Takahiro; Ide, Tatsuro; Tanaka, Yukinobu; Watanabe, Koichi

    2014-09-01

    A write/read system using high-productivity multilayer optical discs was developed. The recording medium used in the system consists of planar recording layers and a separated guide layer, and is fabricated by web coating and lamination process. The recording layers in the medium are made of one-photon-absorption material, on which data can be recorded with a normal laser diode. The developed system is capable of focusing and tracking on the medium and amplifying readout signals by using phase-diversity homodyne detection. A highly layer-selective focusing method using homodyne detection was also proposed. This method obtains stable focus-error signals with clearly separated S-shaped curves even when layer spacing is quite narrow, causing large interlayer crosstalk. Writing on the medium and reading with the signal amplification effect of homodyne detection was demonstrated. In addition, the effectiveness of the method was experimentally evaluated.

  16. Expert system structures for fault detection in spaceborne power systems

    Science.gov (United States)

    Watson, Karan; Russell, B. Don; Hackler, Irene

    1988-01-01

    This paper presents an architecture for an expert system structure suitable for use with power system fault detection algorithms. The system described is not for the purpose of reacting to faults which have occurred, but rather for the purpose of performing on-line diagnostics and parameter evaluation to determine potential or incipient fault conditions. The system is also designed to detect high impedance or arcing faults which cannot be detected by conventional protection devices. This system is part of an overall monitoring computer hierarchy which would provide a full evaluation of the status of the power system and react to both incipient and catastrophic faults. An approximate hardware structure is suggested and software requirements are discussed. Modifications to CLIPS software, to capitalize on features offered by expert systems, are presented. It is suggested that such a system would have significant advantages over existing protection philosophy.

  17. Network Anomaly Detection Based on Wavelet Analysis

    Directory of Open Access Journals (Sweden)

    Ali A. Ghorbani

    2008-11-01

    Full Text Available Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.

  18. System for particle concentration and detection

    Science.gov (United States)

    Morales, Alfredo M.; Whaley, Josh A.; Zimmerman, Mark D.; Renzi, Ronald F.; Tran, Huu M.; Maurer, Scott M.; Munslow, William D.

    2013-03-19

    A new microfluidic system comprising an automated prototype insulator-based dielectrophoresis (iDEP) triggering microfluidic device for pathogen monitoring that can eventually be run outside the laboratory in a real world environment has been used to demonstrate the feasibility of automated trapping and detection of particles. The system broadly comprised an aerosol collector for collecting air-borne particles, an iDEP chip within which to temporarily trap the collected particles and a laser and fluorescence detector with which to induce a fluorescence signal and detect a change in that signal as particles are trapped within the iDEP chip.

  19. Saltwater intrusion monitoring in Florida

    Science.gov (United States)

    Prinos, Scott T.

    2016-01-01

    Florida's communities are largely dependent on freshwater from groundwater aquifers. Existing saltwater in the aquifers, or seawater that intrudes parts of the aquifers that were fresh, can make the water unusable without additional processing. The quality of Florida's saltwater intrusion monitoring networks varies. In Miami-Dade and Broward Counties, for example, there is a well-designed network with recently constructed short open-interval monitoring wells that bracket the saltwater interface in the Biscayne aquifer. Geochemical analyses of water samples from the network help scientists evaluate pathways of saltwater intrusion and movement of the saltwater interface. Geophysical measurements, collected in these counties, aid the mapping of the saltwater interface and the design of monitoring networks. In comparison, deficiencies in the Collier County monitoring network include the positioning of monitoring wells, reliance on wells with long open intervals that when sampled might provide questionable results, and the inability of existing analyses to differentiate between multiple pathways of saltwater intrusion. A state-wide saltwater intrusion monitoring network is being planned; the planned network could improve saltwater intrusion monitoring by adopting the applicable strategies of the networks of Miami-Dade and Broward Counties, and by addressing deficiencies such as those described for the Collier County network.

  20. Automatic Emergence Detection in Complex Systems

    Directory of Open Access Journals (Sweden)

    Eugene Santos

    2017-01-01

    Full Text Available Complex systems consist of multiple interacting subsystems, whose nonlinear interactions can result in unanticipated (emergent system events. Extant systems analysis approaches fail to detect such emergent properties, since they analyze each subsystem separately and arrive at decisions typically through linear aggregations of individual analysis results. In this paper, we propose a quantitative definition of emergence for complex systems. We also propose a framework to detect emergent properties given observations of its subsystems. This framework, based on a probabilistic graphical model called Bayesian Knowledge Bases (BKBs, learns individual subsystem dynamics from data, probabilistically and structurally fuses said dynamics into a single complex system dynamics, and detects emergent properties. Fusion is the central element of our approach to account for situations when a common variable may have different probabilistic distributions in different subsystems. We evaluate our detection performance against a baseline approach (Bayesian Network ensemble on synthetic testbeds from UCI datasets. To do so, we also introduce a method to simulate and a metric to measure discrepancies that occur with shared/common variables. Experiments demonstrate that our framework outperforms the baseline. In addition, we demonstrate that this framework has uniform polynomial time complexity across all three learning, fusion, and reasoning procedures.