Rodriguez, J.R.; Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States)); Dry, B. (BE, Inc., Barnwell, SC (United States))
The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.
Rodriguez, J.R.; Matter, J.C.; Dry, B.
The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs
Eaton, M.J.; Mangan, D.L.
This report highlights elements required for an intrusion detection system and discusses problems which can be encountered in attempting to make the elements effective. Topics discussed include: sensors, both for exterior detection and interior detection; alarm assessment systems, with the discussion focused on video assessment; and alarm reporting systems, including alarm communication systems and dislay/console considerations. Guidance on careful planning and design of a new or to-be-improved system is presented
A rapidly deployable security system is one that provides intrusion detection, assessment, communications, and annunciation capabilities; is easy to install and configure; can be rapidly deployed, and is reusable. A rapidly deployable intrusion detection system (RADIDS) has many potential applications within the DOE Complex: back-up protection for failed zones in a perimeter intrusion detection and assessment system, intrusion detection and assessment capabilities in temporary locations, protection of assets during Complex reconfiguration, and protection in hazardous locations, protection of assets during Complex reconfiguration, and protection in hazardous locations. Many DOE user-need documents have indicated an interest in a rapidly deployable intrusion detection system. The purpose of the RADIDS project is to design, develop, and implement such a system. 2 figs
Manish Kumar; Dr. M. Hanumanthappa; Dr. T.V. Suresh Kumar
The need for computer intrusion forensics arises from the alarming increase in the number of computer crimes that are committed annually. After a computer system has been breached and an intrusion has been detected, there is a need for a computer forensics investigation to follow. Computer forensics is used to bring to justice, those responsible for conducting attacks on computer systems throughout the world. Because of this the law must be follow precisely when conducting a forensics investi...
Bace, Rebecca Gurley
Intrusion detection systems (IDSs) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems...
Muhammad Asif Manzoor
Full Text Available Network security implements various strategies for the identification and prevention of security breaches. Network intrusion detection is a critical component of network management for security, quality of service and other purposes. These systems allow early detection of network intrusion and malicious activities; so that the Network Security infrastructure can react to mitigate these threats. Various systems are proposed to enhance the network security. We are proposing to use anomaly based network intrusion detection system in this work. Anomaly based intrusion detection system can identify the new network threats. We also propose to use Real-time Big Data Stream Processing Framework, Apache Storm, for the implementation of network intrusion detection system. Apache Storm can help to manage the network traffic which is generated at enormous speed and size and the network traffic speed and size is constantly increasing. We have used Support Vector Machine in this work. We use Knowledge Discovery and Data Mining 1999 (KDD’99 dataset to test and evaluate our proposed solution.
Full Text Available Information security is a challenging issue for all business organizations today amidst increasing cyber threats. While there are many alternative intrusion detection amp prevention systems available to choose from selecting the best solution to implement to detect amp prevent cyber-attacks is a difficult task. The best solution is of the one that gets the best reviews and suits the organizations needs amp budget. In this review paper we summarize various classes of intrusion detection and prevention systems compare features of alternative solutions and make recommendation for implementation of one as the best solution for business organization in Fiji.
Wang Wenjin; Liu Junrong; Liu Baoxu
With the development of network communication technology, more and more social activities run by Internet. In the meantime, the network information security is getting increasingly serious. Intrusion Detection System (IDS) has greatly improved the general security level of whole network. But there are still many problem exists in current IDS, e.g. high leak rate detection/false alarm rates and feature library need frequently upgrade. This paper presents an association-rule based IDS. This system can detect unknown attack by generate rules from training data. Experiment in last chapter proved the system has great accuracy on unknown attack detection. (authors)
A major improvement in outdoor perimeter security system probability of detection (PD) and reduction in false alarm rate (FAR) and nuisance alarm rate (NAR) may be obtained by analyzing the indications immediately preceding an event which might be interpreted as an intrusion. Existing systems go into alarm after crossing a threshold. Very slow changes, which accumulate until the threshold is reached, may be assessed falsely as an intrusion. A hierarchial program has begun at Stellar to develop a modular, expandable Smart Sensor system which may be interfaced to most types of sensor and alarm reporting systems. A major upgrade to the SSI Test Site is in progress so that intrusions may be simulated in a controlled and repeatable manner. A test platform is being constructed which will operate in conduction with a mobile instrumentation center with CCTVB, lighting control, weather and data monitoring and remote control of the test platform and intrusion simulators. Additional testing was contracted with an independent test facility to assess the effects of severe winter weather conditions
Eaton, M.J.; Jacobs, J.; McGovern, D.E.
To obtain an effective perimeter intrusion detection system requires careful sensor selection, procurement, and installation. The selection process involves a thorough understanding of the unique site features and how these features affect the performance of each type of sensor. It is necessary to develop procurement specifications to establish acceptable sensor performance limits. Careful explanation and inspection of critical installation dimensions is required during on-site construction. The implementation of these activities at a particular site is discussed
Shen, Zihao; Wang, Hui
This paper introduces the common intrusion detection technologies, discusses the work flow of Snort intrusion detection system, and analyzes IPv6 data packet encapsulation and protocol decoding technology. We propose the expanding Snort architecture to support IPv6 intrusion detection in accordance with CIDF standard combined with protocol analysis technology and pattern matching technology, and present its composition. The research indicates that the expanding Snort system can effectively detect various intrusion attacks; it is high in detection efficiency and detection accuracy and reduces false alarm and omission report, which effectively solves the problem of IPv6 intrusion detection.
Intrusion detection detects misbehaving nodes in a network. In Internet of Things(IoT), IPv6 Routing for Low-Power and Lossy Networks (RPL) is the standard routing protocol. In IoT, devices commonly have low energy, storage and memory, which is why the implemented intrusion algorithm in this thesis will try to minimize the usage of these resources. IDS for RPL-networks have been implemented before, but the use of resources or the number of packets sent was too high to be successful when findi...
Shyu, Mei-Ling; Huang, Zifang; Luo, Hongli
In recent years, pervasive computing infrastructures have greatly improved the interaction between human and system. As we put more reliance on these computing infrastructures, we also face threats of network intrusion and/or any new forms of undesirable IT-based activities. Hence, network security has become an extremely important issue, which is closely connected with homeland security, business transactions, and people's daily life. Accurate and efficient intrusion detection technologies are required to safeguard the network systems and the critical information transmitted in the network systems. In this chapter, a novel network intrusion detection framework for mining and detecting sequential intrusion patterns is proposed. The proposed framework consists of a Collateral Representative Subspace Projection Modeling (C-RSPM) component for supervised classification, and an inter-transactional association rule mining method based on Layer Divided Modeling (LDM) for temporal pattern analysis. Experiments on the KDD99 data set and the traffic data set generated by a private LAN testbed show promising results with high detection rates, low processing time, and low false alarm rates in mining and detecting sequential intrusion detections.
Barrios, Rita M.
Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent…
Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; Potok, Thomas E.
A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.
Liu, Junrong; Qiu, Xiufen; Shen, Heping
This paper provides a new intrusion detection system based on fiber hydrophone, focusing beam forming figure positioning according to the near field and high precision sound source location algorithm which can accurately position the intrusion; obtaining its behavior path , obtaining the intrusion events related information such as speed form tracking intrusion trace; And analyze identification the detected intrusion behavior. If the monitor area is larger, the algorithm will take too much time once, and influence the system response time, for reduce the calculating time. This paper provides way that coarse location first, and then scanned for accuracy, so as to realize the intrusion events (such as car, etc.) the remote monitoring of positioning. The system makes up the blank in process capture of the fiber optic intrusion detection technology, and improves the understanding of the invasion. Through the capture of the process of intrusion behavior, and the fusion detection of intrusion behavior itself, thus analysis, judgment, identification of the intrusion information can greatly reduce the rate of false positives, greatly improved the reliability and practicability of the perimeter security system.
Uma R. Salunkhe
Full Text Available In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.
Jose, Shijoe; Malathi, D.; Reddy, Bharath; Jayaseeli, Dorathi
An intrusion detection system (IDS) is hardware, software or a combination of two, for monitoring network or system activities to detect malicious signs. In computer security, designing a robust intrusion detection system is one of the most fundamental and important problems. The primary function of system is detecting intrusion and gives alerts when user tries to intrusion on timely manner. In these techniques when IDS find out intrusion it will send alert massage to the system administrator. Anomaly detection is an important problem that has been researched within diverse research areas and application domains. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection. From the existing anomaly detection techniques, each technique has relative strengths and weaknesses. The current state of the experiment practice in the field of anomaly-based intrusion detection is reviewed and survey recent studies in this. This survey provides a study of existing anomaly detection techniques, and how the techniques used in one area can be applied in another application domain.
Lowe. The myths and facts behind cyber security risks for industrial control systems . VDE Congress, 2004.  I. S. C37.1-1994. Ieee standard...Resilient Control and Intrusion Detection for SCADA Systems Bonnie Xia Zhu Electrical Engineering and Computer Sciences University of California at...3. DATES COVERED 00-00-2014 to 00-00-2014 4. TITLE AND SUBTITLE Resilient Control and Intrusion Detection for SCADA Systems 5a. CONTRACT
Mkuzangwe, Nenekazi NP
Full Text Available This paper provides a performance bound of a network intrusion detection system (NIDS) that uses an ensemble of classifiers. Currently researchers rely on implementing the ensemble of classifiers based NIDS before they can determine the performance...
.... The objective of this thesis is to design an intrusion detection system (IDS) architecture that permits administrators operating on MYSEA client machines to conveniently view and analyze IDS alerts from the single level networks...
people try to reveal sensitive information of Internet users, also called as phishing. Phishing detection has received great attention but there has...node. Figure 3 describes the result of modified nodes from the original RDR rule tree. Red- coloured ‘X’ sign represents the stopping rule, and the...green- coloured boxes describe the refined rule. However, when human knowledge is applied to those incorrectly classified data, not all of the
Full Text Available An intrusion detection system (IDS helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU, there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.
Intrusion detection systems (IDSs) are well-known and widely-deployed security tools to detect cyber-attacks and malicious activities in computer systems and networks. A signature-based IDS works similar to anti-virus software. It employs a signature database of known attacks, and a successful match
Sons, R.J.; Graham, R.H. Jr.
This paper discusses the subtractive approach to interior intrusion detection system design which assumes that all sensors are viable candidates until they are subjected to the constraints imposed by a particular facility. The constraints are determined by a sequence of questions concerning parameters such as threat definition, facility description and operation, environment, assets to be protected, security system capabilities, and cost. As a result of the questioning, some sensors will be eliminated from the candidate list, and the ''best'' set of sensors for the facility will remain. This form of questioning could be incorporated into an expert system aiding future intrusion detection system designs
Intrusion detection sensors are an integral part of most physical security systems. Under the sponsorship of the U.S. Department of Energy, Office of Safeguards and Security, Sandia Laboratories has conducted a survey of available intrusion detection sensors and has tested a number of different sensors. An overview of these sensors is provided. This overview includes (1) the operating principles of each type of sensor, (2) unique sensor characteristics, (3) desired sensor improvements which must be considered in planning an intrusion detection system, and (4) the site characteristics which affect the performance of both exterior and interior sensors. Techniques which have been developed to evaluate various intrusion detection sensors are also discussed
Bolzoni, D.; Etalle, S.; Di Pietro, R.; Mancini, L.V.
Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at
Abbasi, Ali; Wetzel, Jos; Bokslag, Wouter; Zambon, Emmanuele; Etalle, Sandro
Emulation-based network intrusion detection systems have been devised to detect the presence of shellcode in network traffic by trying to execute (portions of) the network packet payloads in an in- strumented environment and checking the execution traces for signs of shellcode activity.
Abbasi, A.; Wetzels, J.; Bokslag, W.; Zambon, E.; Etalle, S.; Stavrou, A.; Bos, H.; Portokalidis, G.
Emulation-based network intrusion detection systems have been devised to detect the presence of shellcode in network traffic by trying to execute (portions of) the network packet payloads in an instrumented environment and checking the execution traces for signs of shellcode activity.
Bolzoni, D.; Etalle, Sandro
Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at
Dhanalakshmi Krishnan Sadhasivan; Kannapiran Balasubramanian
Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to...
Yang, D.; Usynin, A.; Hines, J. W.
Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA. These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number of internet related computer attacks, there is evidence that our critical infrastructure may also be vulnerable. Researchers estimate that malicious online actions may cause $75 billion at 2007. One of the interesting countermeasures for enhancing information system security is called intrusion detection. This paper will briefly discuss the history of research in intrusion detection techniques and introduce the two basic detection approaches: signature detection and anomaly detection. Finally, it presents the application of techniques developed for monitoring critical process systems, such as nuclear power plants, to anomaly intrusion detection. The method uses an auto-associative kernel regression (AAKR) model coupled with the statistical probability ratio test (SPRT) and applied to a simulated SCADA system. The results show that these methods can be generally used to detect a variety of common attacks. (authors)
Eung Jun Cho
Full Text Available The increasing use of wireless sensor networks, which normally comprise several very small sensor nodes, makes their security an increasingly important issue. They can be practically and efficiently secured using intrusion detection systems. Conventional security mechanisms are not usually applicable due to the sensor nodes having limitations of computational power, memory capacity, and battery power. Therefore, specific security systems should be designed to function under constraints of energy or memory. A partially distributed intrusion detection system with low memory and power demands is proposed here. It employs a Bloom filter, which allows reduced signature code size. Multiple Bloom filters can be combined to reduce the signature code for each Bloom filter array. The mechanism could then cope with potential denial of service attacks, unlike many previous detection systems with Bloom filters. The mechanism was evaluated and validated through analysis and simulation.
Todd Vollmer; Ondrej Linda; Milos Manic
Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recorded from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.
Full Text Available Distributed denial-of-service (DDoS attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS, for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.
Full Text Available Cloud computing is a new way of integrating a set of old technologies to implement a new paradigm that creates an avenue for users to have access to shared and configurable resources through internet on-demand. This system has many common characteristics with distributed systems, hence, the cloud computing also uses the features of networking. Thus the security is the biggest issue of this system, because the services of cloud computing is based on the sharing. Thus, a cloud computing environment requires some intrusion detection systems (IDSs for protecting each machine against attacks. The aim of this work is to present a classification of attacks threatening the availability, confidentiality and integrity of cloud resources and services. Furthermore, we provide literature review of attacks related to the identified categories. Additionally, this paper also introduces related intrusion detection models to identify and prevent these types of attacks.
Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.
Song, Jianglong; Zhao, Wentao; Liu, Qiang; Wang, Xin
Redundant and irrelevant features not only cause high resource consumption but also degrade the performance of Intrusion Detection Systems (IDS), especially when coping with big data. These features slow down the process of training and testing in network traffic classification. Therefore, a hybrid feature selection approach in combination with wrapper and filter selection is designed in this paper to build a lightweight intrusion detection system. Two main phases are involved in this method. The first phase conducts a preliminary search for an optimal subset of features, in which the chi-square feature selection is utilized. The selected set of features from the previous phase is further refined in the second phase in a wrapper manner, in which the Random Forest(RF) is used to guide the selection process and retain an optimized set of features. After that, we build an RF-based detection model and make a fair comparison with other approaches. The experimental results on NSL-KDD datasets show that our approach results are in higher detection accuracy as well as faster training and testing processes.
Full Text Available With the tremendous growth of the usage of computers over network and development in application running on various platform captures the attention toward network security. This paradigm exploits security vulnerabilities on all computer systems that are technically difficult and expensive to solve. Hence intrusion is used as a key to compromise the integrity, availability and confidentiality of a computer resource. The Intrusion Detection System (IDS plays a vital role in detecting anomalies and attacks in the network. In this work, data mining concept is integrated with an IDS to identify the relevant, hidden data of interest for the user effectively and with less execution time. Four issues such as Classification of Data, High Level of Human Interaction, Lack of Labeled Data, and Effectiveness of Distributed Denial of Service Attack are being solved using the proposed algorithms like EDADT algorithm, Hybrid IDS model, Semi-Supervised Approach and Varying HOPERAA Algorithm respectively. Our proposed algorithm has been tested using KDD Cup dataset. All the proposed algorithm shows better accuracy and reduced false alarm rate when compared with existing algorithms.
Dhanalakshmi Krishnan Sadhasivan
Full Text Available Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.
Full Text Available Critical Information Infrastructure security will always be difficult to ensure, just because of the features that make it irreplaceable tor other critical infrastructures normal operation. It is decentralized, interconnected interdependent, controlled by multiple actors (mainly private and incorporating diverse types of technologies. It is almost axiomatic that the disruption of the Critical Information Infrastructure affects systems located much farther away, and the cyber problems have direct consequences on the real world. Indeed the Internet can be used as a multiplier in order to amplify the effects of an attack on some critical infrastructures. Security challenges increase with the technological progress. One of the last lines of defense which comes to complete the overall security scheme of the Critical Information Infrastructure is represented by the Network Intrusion Detection Systems.
Bolzoni, D.; Etalle, Sandro
We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the
Full Text Available Penelitian ini berjudul “Intrusion Detection Prevention System Local Area Network (LAN” yang bertujuan untuk memproteksi jaringan dari usaha- usaha penyusupan yang dilakukan oleh seorang intruder. Metode yang digunakan pada penelitian ini adalah menggunakan metode kerangka pikir sebagai acuan dari tahap- tahap penelitian yang penulis lakukan. IDS difungsikan sebagai pendeteksi adanya serangan sesuai rule yang ada kemudian pesan peringatan disimpan dalam database dan dikirim via sms kepada seorang network administrator, sedangkan Firewall digunakan sebagai packet filtering dengan cara menentukan security policy yang dinilai penting. Hasilnya adalah ketika IDS memberikanpesan peringatan ketika ada serangan, seorang network administrator dapat memblok adanya serangan tersebut dengan cara manual dengan firewall, ataupun firewall akan memblok sendiri serangan tersebut sesuai dengan security policy yang diterapkan oleh network adminisrator sebelumnya
abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV. Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.
Mahmoud, Seedahmed S.; Visagathilagar, Yuvaraja; Katsifolis, Jim
The suppression of nuisance alarms without degrading sensitivity in fibre-optic intrusion detection systems is important for maintaining acceptable performance. Signal processing algorithms that maintain the POD and minimize nuisance alarms are crucial for achieving this. A level crossings algorithm is presented for suppressing torrential rain-induced nuisance alarms in a fibre-optic fence-based perimeter intrusion detection system. Results show that rain-induced nuisance alarms can be suppressed for rainfall rates in excess of 100 mm/hr, and intrusion events can be detected simultaneously during rain periods. The use of a level crossing based detection and novel classification algorithm is also presented demonstrating the suppression of nuisance events and discrimination of nuisance and intrusion events in a buried pipeline fibre-optic intrusion detection system. The sensor employed for both types of systems is a distributed bidirectional fibre-optic Mach Zehnder interferometer.
52 Table 7. Place Reachability Statistics for Low Level CPN...54 Table 8. Place Reachability Statistics for High Level CPN................................................. 55 Table 9. Password Stealing...the efficiency of traditional anti-virus software tools that are dependent on gigantic , continuously updated databases. Fortunately, Intrusion
Jiang, Hayang; Xie, Gaogang; Salamatian, Kavé; Mathy, Laurent
Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. ...
Sunil Kumar Gautam
Full Text Available The current scenario of information gathering and storing in secure system is a challenging task due to increasing cyber-attacks. There exists computational neural network techniques designed for intrusion detection system, which provide security to single machine and entire network's machine. In this paper, we have used two types of computational neural network models, namely, Generalized Regression Neural Network (GRNN model and Multilayer Perceptron Neural Network (MPNN model for Host based Intrusion Detection System using log files that are generated by a single personal computer. The simulation results show correctly classified percentage of normal and abnormal (intrusion class using confusion matrix. On the basis of results and discussion, we found that the Host based Intrusion Systems Model (HISM significantly improved the detection accuracy while retaining minimum false alarm rate.
Based Approach to Intrusion Detection System Evaluation for Distributed Real - Time Systems Authors: G. A. Fink, B. L. Chappell, T. G. Turner, and...Distributed, Security. 1 Introduction Processing and cost requirements are driving future naval combat platforms to use distributed, real - time systems of...distributed, real - time systems . As these systems grow more complex, the timing requirements do not diminish; indeed, they may become more constrained
These attacks were simulated using hping. The proposed system is implemented in Java. The results show that the proposed system is able to detect attacks both from within (host-based) and outside sources (network-based). Key Words: Intrusion Detection System (IDS), Host-based, Network-based, Signature, Security log.
Full Text Available Due to the fast growth and tradition of the internet over the last decades, the network security problems are increasing vigorously. Humans can not handle the speed of processes and the huge amount of data required to handle network anomalies. Therefore, it needs substantial automation in both speed and accuracy. Intrusion Detection System is one of the approaches to recognize illegal access and rare attacks to secure networks. In this proposed paper, Naive Bayes, J48 and Random Forest classifiers are compared to compute the detection rate and accuracy of IDS. For experiments, the KDD_NSL dataset is used.
Yüksel, Ömer; den Hartog, Jeremy; Etalle, Sandro
Detection of previously unknown attacks and malicious messages is a challenging problem faced by modern network intrusion detection systems. Anomaly-based solutions, despite being able to detect unknown attacks, have not been used often in practice due to their high false positive rate, and because
Full Text Available Intrusion Detection Systems are challenging task for finding the user as normal user or attack user in any organizational information systems or IT Industry. The Intrusion Detection System is an effective method to deal with the kinds of problem in networks. Different classifiers are used to detect the different kinds of attacks in networks. In this paper, the performance of intrusion detection is compared with various neural network classifiers. In the proposed research the four types of classifiers used are Feed Forward Neural Network (FFNN, Generalized Regression Neural Network (GRNN, Probabilistic Neural Network (PNN and Radial Basis Neural Network (RBNN. The performance of the full featured KDD Cup 1999 dataset is compared with that of the reduced featured KDD Cup 1999 dataset. The MATLAB software is used to train and test the dataset and the efficiency and False Alarm Rate is measured. It is proved that the reduced dataset is performing better than the full featured dataset.
Amin, Syed Obaid; Siddiqui, Muhammad Shoaib; Hong, Choong Seon; Lee, Sungwon
The IP-based Ubiquitous Sensor Network (IP-USN) is an effort to build the "Internet of things". By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System) called RIDES (Robust Intrusion DEtection System) for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control) technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.
Full Text Available TheIP-based Ubiquitous Sensor Network (IP-USN is an effort to build the “Internet of things”. By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System called RIDES (Robust Intrusion DEtection System for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.
Full Text Available This paper presents an overview of the technologies and the methodologies used in Network Intrusion Detection and Prevention Systems (NIDPS. Intrusion Detection and Prevention System (IDPS technologies are differentiated by types of events that IDPSs can recognize, by types of devices that IDPSs monitor and by activity. NIDPSs monitor and analyze the streams of network packets in order to detect security incidents. The main methodology used by NIDPSs is protocol analysis. Protocol analysis requires good knowledge of the theory of the main protocols, their definition, how each protocol works.
Full Text Available In this paper, an Advanced Hybrid Intrusion Detection System (AHIDS that automatically detects the WSNs attacks is proposed. AHIDS makes use of cluster-based architecture with enhanced LEACH protocol that intends to reduce the level of energy consumption by the sensor nodes. AHIDS uses anomaly detection and misuse detection based on fuzzy rule sets along with the Multilayer Perceptron Neural Network. The Feed Forward Neural Network along with the Backpropagation Neural Network are utilized to integrate the detection results and indicate the different types of attackers (i.e., Sybil attack, wormhole attack, and hello flood attack. For detection of Sybil attack, Advanced Sybil Attack Detection Algorithm is developed while the detection of wormhole attack is done by Wormhole Resistant Hybrid Technique. The detection of hello flood attack is done by using signal strength and distance. An experimental analysis is carried out in a set of nodes; 13.33% of the nodes are determined as misbehaving nodes, which classified attackers along with a detection rate of the true positive rate and false positive rate. Sybil attack is detected at a rate of 99,40%; hello flood attack has a detection rate of 98, 20%; and wormhole attack has a detection rate of 99, 20%.
Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.; Kirda, E.; Jha, S.; Balzarotti, D.
Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an
Bolzoni, D.; Etalle, S.; Hartel, P.H.; Kirda, E.; Jha, S.; Balzarotti, D.
Anomaly-based intrusion detection systems are usually criticized because they lack a classification of attacks, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an
Bolzoni, D.; Etalle, S.; Hartel, P.H.
Anomaly-based intrusion detection systems are usually criticized because they lack a classification of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an
Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.
Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an
Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same time it offers many possible attack vectors that can be abused for cyber vandalism, cyber crime, cyber espionage or cyber terrorism. Those threats produce requirements for cyber security situational awareness and intrusion detection capability. This dissertation conc...
Li, Yuancheng; Qiu, Rixuan; Jing, Sitong
Advanced Metering Infrastructure (AMI) realizes a two-way communication of electricity data through by interconnecting with a computer network as the core component of the smart grid. Meanwhile, it brings many new security threats and the traditional intrusion detection method can't satisfy the security requirements of AMI. In this paper, an intrusion detection system based on Online Sequence Extreme Learning Machine (OS-ELM) is established, which is used to detecting the attack in AMI and carrying out the comparative analysis with other algorithms. Simulation results show that, compared with other intrusion detection methods, intrusion detection method based on OS-ELM is more superior in detection speed and accuracy.
Bolzoni, D.; Crispo, Bruno; Etalle, Sandro
We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network
Full Text Available Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.
Ganapathy, S.; Yogesh, P.; Kannan, A.
Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set. PMID:23056036
Judge, Matthew G.; Lamont, Gary B.
Computer network security has become a very serious concern of commercial, industrial, and military organizations due to the increasing number of network threats such as outsider intrusions and insider covert activities. An important security element of course is network intrusion detection which is a difficult real world problem that has been addressed through many different solution attempts. Using an artificial immune system has been shown to be one of the most promising results. By enhancing jREMISA, a multi-objective evolutionary algorithm inspired artificial immune system, with a secondary defense layer; we produce improved accuracy of intrusion classification and a flexibility in responsiveness. This responsiveness can be leveraged to provide a much more powerful and accurate system, through the use of increased processing time and dedicated hardware which has the flexibility of being located out of band.
configure (train), generates many false alarms – Misuse detection (signature analysis) (NFR, Emerald , Snort, STAT) • Generates few false alarms • Detects...to create .rhosts file in world-writable ftp home directory – rlogin using bogus .rhosts file S0 create_file read_rhosts S3S2 login S1 STAT KN-14...world-writable ftp home directory – rlogin using bogus .rhosts file S0 create_file read_rhosts S3S2 login S1 STAT KN-17 ftp-write in STATL use ustat
administrator whenever a system binary file (such as the ps, login , or ls program) is modified. Normal users have no legitimate reason to alter these files...development of EMERALD , which combines statistical anomaly detection from NIDES with signature verification. Specification-based intrusion detection...the creation of a single host that can act as many hosts. Daemons that provide network services—including telnetd, ftpd, and login — display banners
Caselli, M.; Zambon, Emmanuele; Kargl, Frank; Zhou, Jianying; Jones, D.
Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but
Liu, Bin; Li, Zhitang; Li, Yao; Li, Zhanchun
Network intrusion detection systems (NIDS) are important parts of network security architecture. Although many NIDS have been proposed, there is little effort to expand the current set of NIDS to support IPv6 protocol. This paper presents the design and implementation of a Network-based Intrusion Detection System that supports both IPv6 protocol and IPv4 protocol. It characters rules based logging to perform content pattern matching and detect a variety of attacks and probes from IPv4 and IPv6.There are four primary subsystems to make it up: packet capture, packet decoder, detection engine, and logging and alerting subsystem. A new approach to packet capture that combined NAPI with MMAP is proposed in this paper. The test results show that the efficiency of packet capture can be improved significantly by this method. Several new attack tools for IPv6 have been developed for intrusion detection evaluation. Test shows that more than 20 kinds of IPv6 attacks can be detected by this system and it also has a good performance under heavy traffic load.
Claassen, J.P.; Patterson, M.M.
Some intrusion detection systems are susceptible to nonstationary noise resulting in frequent nuisance alarms and poor detection when the noise is present. Adaptive inverse filtering for single channel systems and adaptive noise cancellation for two channel systems have both demonstrated good potential in removing correlated noise components prior detection. For such noise susceptible systems the suitability of a noise reduction algorithm must be established in a trade-off study weighing algorithm complexity against performance. The performance characteristics of several distinct classes of algorithms are established through comparative computer studies using real signals. The relative merits of the different algorithms are discussed in the light of the nature of intruder and noise signals
SUBJECT TERMS supervisory control and data acquisition (SCADA), Modbus, industrial control system, intrusion detection system 16. SECURITY...List of Tables iv Acknowledgments v 1. Background 1 2. iPoid Modbus Packet-Inspection Capability 2 2.1 Software Requirements 2 2.2 Startup ...Mr Curtis Arnold’s support of Industrial Control Systems–Supervisory Control and Data Acquisition research at the US Army Research Laboratory
Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. A fast-paced, practical guide to OSSEC-HIDS that will help you solve host-based security problems.This book is great for anyone concerned about the security of their servers-whether you are a system administrator, programmer, or security analyst, this book will provide you with tips to better utilize OSSEC-HIDS. Whether you're new to OSSEC-HIDS or a seasoned veteran, you'll find something in this book you can apply today!This book assumes some knowledge of basic security concepts an
Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.
The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.
Youssef, Tarek [Florida Intl Univ., Miami, FL (United States); El Hariri, Mohammad [Florida Intl Univ., Miami, FL (United States); Habib, Hani [Florida Intl Univ., Miami, FL (United States); Mohammed, Osama [Florida Intl Univ., Miami, FL (United States); Harmon, E [Florida Intl Univ., Miami, FL (United States)
Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware to trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.
Davicino, Pablo; Echaiz, Javier; Ardenghi, Jorge Raúl
Computer Intrusion Detection Systems (IDS) are primarily designed to protect availability, condentiality and integrity of critical information infrastructures. A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, with a central server or with a cluster of servers that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using cooperative intelligent sensors distributed across the network(s). ...
Jared Verba; Michael Milvich
Current Intrusion Detection System (IDS) technology is not suited to be widely deployed inside a Supervisory, Control and Data Acquisition (SCADA) environment. Anomaly- and signature-based IDS technologies have developed methods to cover information technology-based networks activity and protocols effectively. However, these IDS technologies do not include the fine protocol granularity required to ensure network security inside an environment with weak protocols lacking authentication and encryption. By implementing a more specific and more intelligent packet inspection mechanism, tailored traffic flow analysis, and unique packet tampering detection, IDS technology developed specifically for SCADA environments can be deployed with confidence in detecting malicious activity.
Chromik, Justyna Joanna; Haverkort, Boudewijn R.H.M.; Remke, Anne Katharina Ingrid; Pilch, Carina; Brackmann, Pascal; Duhme, Christof; Everinghoff, Franziska; Giberlein, Artur; Teodorowicz, Thomas; Wieland, Julian
This paper illustrates the use of a testbed that we have developed for context-aware local intrusion detection. This testbed is based on the co-simulation framework Mosaik and allows for the validation of local intrusion detection mechanisms at field stations in power distribution networks. For two
Full Text Available Presently, most computers authenticate user ID and password before users can login these systems. However, danger soon comes if the two items are known to hackers. In this paper, we propose a system, named Intrusion Detection and Identification System (IDIS, which builds a profile for each user in an intranet to keep track his/her usage habits as forensic features with which IDIS can identify who the underlying user in the intranet is. Our experimental results show that the recognition accuracy of students of computer science department is up to 98.99%.
Full Text Available Advanced Metering Infrastructure (AMI realizes a two-way communication of electricity data through by interconnecting with a computer network as the core component of the smart grid. Meanwhile, it brings many new security threats and the traditional intrusion detection method can't satisfy the security requirements of AMI. In this paper, an intrusion detection system based on Online Sequence Extreme Learning Machine (OS-ELM is established, which is used to detecting the attack in AMI and carrying out the comparative analysis with other algorithms. Simulation results show that, compared with other intrusion detection methods, intrusion detection method based on OS-ELM is more superior in detection speed and accuracy.
Shyu, Mei-Ling; Sainani, Varsha
The increasing number of network security related incidents have made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). IDSs are expected to analyze a large volume of data while not placing a significantly added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel data mining assisted multiagent-based intrusion detection system (DMAS-IDS) is proposed, particularly with the support of multiclass supervised classification. These agents can detect and take predefined actions against malicious activities, and data mining techniques can help detect them. Our proposed DMAS-IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDS with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on multiagent platform along with a supervised classification technique.
Full Text Available We demonstrate the ability of Fiber Bragg Gratings (FBGs sensors to protect large areas from unauthorized activities in railway scenarios such as stations or tunnels. We report on the technological strategy adopted to protect a specific depot, representative of a common scenario for security applications in the railway environment. One of the concerns in the protection of a railway area centers on the presence of rail-tracks, which cannot be obstructed with physical barriers. We propose an integrated optical fiber system composed of FBG strain sensors that can detect human intrusion for protection of the perimeter combined with FBG accelerometer sensors for protection of rail-track access. Several trials were carried out in indoor and outdoor environments. The results demonstrate that FBG strain sensors bonded under a ribbed rubber mat enable the detection of intruder break-in via the pressure induced on the mat, whereas the FBG accelerometers installed under the rails enable the detection of intruders walking close to the railroad tracks via the acoustic surface waves generated by footsteps. Based on a single enabling technology, this integrated system represents a valuable intrusion detection system for railway security and could be integrated with other sensing functionalities in the railway field using fiber optic technology.
Chen, Yan [Northwesten University
Identifying traffic anomalies and attacks rapidly and accurately is critical for large network operators. With the rapid growth of network bandwidth, such as the next generation DOE UltraScience Network, and fast emergence of new attacks/virus/worms, existing network intrusion detection systems (IDS) are insufficient because they: • Are mostly host-based and not scalable to high-performance networks; • Are mostly signature-based and unable to adaptively recognize flow-level unknown attacks; • Cannot differentiate malicious events from the unintentional anomalies. To address these challenges, we proposed and developed a new paradigm called high-performance network anomaly/intrustion detection and mitigation (HPNAIDM) system. The new paradigm is significantly different from existing IDSes with the following features (research thrusts). • Online traffic recording and analysis on high-speed networks; • Online adaptive flow-level anomaly/intrusion detection and mitigation; • Integrated approach for false positive reduction. Our research prototype and evaluation demonstrate that the HPNAIDM system is highly effective and economically feasible. Beyond satisfying the pre-set goals, we even exceed that significantly (see more details in the next section). Overall, our project harvested 23 publications (2 book chapters, 6 journal papers and 15 peer-reviewed conference/workshop papers). Besides, we built a website for technique dissemination, which hosts two system prototype release to the research community. We also filed a patent application and developed strong international and domestic collaborations which span both academia and industry.
Full Text Available The paper presents two methods for detecting anomalies in data series derived from network traffic. Intrusion detection systems based on network traffic analysis are able to respond to incidents never seen before by detecting anomalies in data series extracted from the traffic. Some anomalies manifest themselves as pulses of various sizes and shapes, superimposed on series corresponding to normal traffic. In order to detect those impulses we propose two methods based on discrete wavelet transformation. Their effectiveness expressed in relative thresholds on pulse amplitude for no false negatives and no false positives is then evaluated against pulse duration and Hurst characteristic of original series. Different base functions are also evaluated for efficiency in the context of the proposed methods.
Raman, M R Gauthama; Somu, Nivethitha; Kirthivasan, Kannan; Sriram, V S Shankar
Over the past few decades, the design of an intelligent Intrusion Detection System (IDS) remains an open challenge to the research community. Continuous efforts by the researchers have resulted in the development of several learning models based on Artificial Neural Network (ANN) to improve the performance of the IDSs. However, there exists a tradeoff with respect to the stability of ANN architecture and the detection rate for less frequent attacks. This paper presents a novel approach based on Helly property of Hypergraph and Arithmetic Residue-based Probabilistic Neural Network (HG AR-PNN) to address the classification problem in IDS. The Helly property of Hypergraph was exploited for the identification of the optimal feature subset and the arithmetic residue of the optimal feature subset was used to train the PNN. The performance of HG AR-PNN was evaluated using KDD CUP 1999 intrusion dataset. Experimental results prove the dominance of HG AR-PNN classifier over the existing classifiers with respect to the stability and improved detection rate for less frequent attacks. Copyright © 2017 Elsevier Ltd. All rights reserved.
Full Text Available A novel intrusion detection system (IDS using a deep neural network (DNN is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN, therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN bus.
Kang, Min-Joo; Kang, Je-Won
A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus.
Jin, Jing; Wang, Yuanqing; Xu, Liujing; Cao, Liqun; Han, Lei; Zhou, Biye; Li, Minggao
A non-intrusive gesture recognition human-machine interaction system is proposed in this paper. In order to solve the hand positioning problem which is a difficulty in current algorithms, face detection is used for the pre-processing to narrow the search area and find user's hand quickly and accurately. Hidden Markov Model (HMM) is used for gesture recognition. A certain number of basic gesture units are trained as HMM models. At the same time, an improved 8-direction feature vector is proposed and used to quantify characteristics in order to improve the detection accuracy. The proposed system can be applied in interaction equipments without special training for users, such as household interactive television
An Adaptive Intrusion Data System (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data compression, storage, and formatting system. It also incorporates capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be utilized for the collection of environmental, bi-level, analog and video data. The output of the system is digital tapes formatted for direct data reduction on a CDC 6400 computer, and video tapes containing timed tagged information that can be correlated with the digital data
Singhal, Anoop; Jajodia, Sushil
Data Mining Techniques have been successfully applied in many different fields including marketing, manufacturing, fraud detection and network management. Over the past years there is a lot of interest in security technologies such as intrusion detection, cryptography, authentication and firewalls. This chapter discusses the application of Data Mining techniques to computer security. Conclusions are drawn and directions for future research are suggested.
Mar 5, 2018 ... forwarding, and open wireless medium are the factors that make ... Wireless Sensor Network (WSN) is a kind of network that ... These tiny sensors are mainly small sized and have low ..... they were integrated to WSN for intrusion detection in ..... Anomaly Detection Techniques for Smart City Wireless Sensor.
Yang, Dr. Li [University of Tennessee
The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. The second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker s behaviors.
Todd Vollmer; Jim Alves-Foss; Milos Manic
Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system.
Zhang Pengfei; Zhang Guogang; Dong Jinlong; Liu Wanying; Geng Yingsan
In current investigations of electric arc plasmas, experiments based on modern testing technology play an important role. To enrich the testing methods and contribute to the understanding and grasping of the inherent mechanism of air switching arcs, in this paper, a non-intrusive detecting system is described that combines the magneto-optic imaging (MOI) technique with the solution to inverse electromagnetic problems. The detecting system works in a sequence of main steps as follows: MOI of the variation of the arc flux density over a plane, magnetic field information extracted from the magneto-optic (MO) images, arc current density distribution and spatial pattern reconstruction by inverting the resulting field data. Correspondingly, in the system, an MOI set-up is designed based on the Faraday effect and the polarization properties of light, and an intelligent inversion algorithm is proposed that involves simulated annealing (SA). Experiments were carried out for high current (2 kA RMS) discharge cases in a typical low-voltage switchgear. The results show that the MO detection system possesses the advantages of visualization, high resolution and response, and electrical insulation, which provides a novel diagnostics tool for further studies of the arc. (low temperature plasma)
Full Text Available detection technique that analyses the fingerprint biometric network traffic for evidence of intrusion. The neural network algorithm that imitates the way a human brain works is used in this study to classify normal traffic and learn the correct traffic...
Full Text Available Fog computing, as the supplement of cloud computing, can provide low-latency services between mobile users and the cloud. However, fog devices may encounter security challenges as a result of the fog nodes being close to the end users and having limited computing ability. Traditional network attacks may destroy the system of fog nodes. Intrusion detection system (IDS is a proactive security protection technology and can be used in the fog environment. Although IDS in tradition network has been well investigated, unfortunately directly using them in the fog environment may be inappropriate. Fog nodes produce massive amounts of data at all times, and, thus, enabling an IDS system over big data in the fog environment is of paramount importance. In this study, we propose an IDS system based on decision tree. Firstly, we propose a preprocessing algorithm to digitize the strings in the given dataset and then normalize the whole data, to ensure the quality of the input data so as to improve the efficiency of detection. Secondly, we use decision tree method for our IDS system, and then we compare this method with Naïve Bayesian method as well as KNN method. Both the 10% dataset and the full dataset are tested. Our proposed method not only completely detects four kinds of attacks but also enables the detection of twenty-two kinds of attacks. The experimental results show that our IDS system is effective and precise. Above all, our IDS system can be used in fog computing environment over big data.
In meeting the requirements for the safeguarding of special nuclear material and the physical protection of licensed facilities, the licensee is required to design a physical security system that will meet minimum performance requirements. An integral part of any physical security system is the interior intrusion alarm system. The purpose of this report is to provide the potential user of an interior intrusion alarm system with information on the various types, components, and performance capabilities available so that he can design and install the optimum alarm system for his particular environment. In addition, maintenance and testing procedures are discussed and recommended which, if followed, will help the user obtain the optimum results from his system
Full Text Available Nowadays, the security has become a critical part of any organization or industry information systems. The Intrusion Detection System is an effective method to deal with the new kind of threats such as DoS, Porbe, R2L and U2R. In this paper, we analyze the various approaches such as Hidden Semi Markov Model, Conditional Random Fields and Layered Approach, Bayesian classification, Data Mining techniques, Clustering Algorithms such as K-Means and Fuzzy c-Means, Back Propagation Neural Network, SOM Neural Network, Rough Set Neural Network Algorithm, Genetic Algorithm, Pattern Matching, Principle Component Analysis, Linear Discriminant Analysis, Independent Component Analysis, Multivariate Statistical Analysis, SOM/PSO algorithm etc. The performance is measured for two different datasets using various approaches. The datasets are trained and tested for identifying the new attacks that will affect the hosts or networks. The well known KDD Cup 1999 or DARPA 1999 dataset has been used to improve the accuracy and performance. The four groups of attacks are identified as Probe, DoS, U2R and R2L. The dataset used for training set is 494,021 and testing set is 311,028. The aim is to improve the detection rate and performance of the proposed system.
Pathan, Al-Sakib Khan
The State of the Art in Intrusion Prevention and Detection analyzes the latest trends and issues surrounding intrusion detection systems in computer networks, especially in communications networks. Its broad scope of coverage includes wired, wireless, and mobile networks; next-generation converged networks; and intrusion in social networks.Presenting cutting-edge research, the book presents novel schemes for intrusion detection and prevention. It discusses tracing back mobile attackers, secure routing with intrusion prevention, anomaly detection, and AI-based techniques. It also includes infor
Wang, Xianpei; Xu, Hua; Zheng, Sheng; Cheng, Anyu
In this paper, we mainly aim at D-S theory of evidence and the network intrusion detection these two fields. It discusses the method how to apply this probable reasoning as an AI technology to the Intrusion Detection System (IDS). This paper establishes the application model, describes the new mechanism of reasoning and decision-making and analyses how to implement the model based on the synscan activities detection on the network. The results suggest that if only rational probability values were assigned at the beginning, the engine can, according to the rules of evidence combination and hierarchical reasoning, compute the values of belief and finally inform the administrators of the qualities of the traced activities -- intrusions, normal activities or abnormal activities.
Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks. We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS. The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.
High availability of tools and service providers in cloud computing and the fact that cloud computing services are provided by internet and deal with public, have caused important challenges for new computing model. Cloud computing faces problems and challenges such as user privacy, data security, data ownership, availability of services, and recovery after breaking down, performance, scalability, programmability. So far, many different methods are presented for detection of intrusion in clou...
Shawq Malik Mehibs
Full Text Available Nowadays cloud computing had become is an integral part of IT industry, cloud computing provides Working environment allow a user of environmental to share data and resources over the internet. Where cloud computing its virtual grouping of resources offered over the internet, this lead to different matters related to the security and privacy in cloud computing. And therefore, create intrusion detection very important to detect outsider and insider intruders of cloud computing with high detection rate and low false positive alarm in the cloud environment. This work proposed network intrusion detection module using fuzzy c mean algorithm. The kdd99 dataset used for experiments .the proposed system characterized by a high detection rate with low false positive alarm
Shawq Malik Mehibs
Full Text Available Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over the internet. This low-cost service fulfills the basic requirements of users. Because of the open nature and services introduced by cloud computing intruders impersonate legitimate users and misuse cloud resource and services. To detect intruders and suspicious activities in and around the cloud computing environment, intrusion detection system used to discover the illegitimate users and suspicious action by monitors different user activities on the network .this work proposed based back propagation artificial neural network to construct t network intrusion detection in the cloud environment. The proposed module evaluated with kdd99 dataset the experimental results shows promising approach to detect attack with high detection rate and low false alarm rate
Laftah Al-Yaseen, Wathiq; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree
Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.
Zu, Xingshui; Guo, Feng; Huang, Jingchang; Zhao, Qin; Liu, Huawei; Li, Baoqing; Yuan, Xiaobing
Automated surveillance of remote locations in a wireless sensor network is dominated by the detection algorithm because actual intrusions in such locations are a rare event. Therefore, a detection method with low power consumption is crucial for persistent surveillance to ensure longevity of the sensor networks. A simple and effective two-stage algorithm composed of energy detector (ED) and delay detector (DD) with all its operations in time-domain using small-aperture microphone array (SAMA) is proposed. The algorithm analyzes the quite different velocities between wind noise and sound waves to improve the detection capability of ED in the surveillance area. Experiments in four different fields with three types of vehicles show that the algorithm is robust to wind noise and the probability of detection and false alarm are 96.67% and 2.857%, respectively. PMID:28273838
Hamdi, Mohamed; Meddeb-Makhlouf, Amel; Boudriga, Noureddine
The rapid proliferation of mobile applications and services has introduced new vulnerabilities that do not exist in fixed wired networks. Traditional security mechanisms, such as access control and encryption, turn out to be inefficient in modern wireless networks. Given the shortcomings of the protection mechanisms, an important research focuses in intrusion detection systems (IDSs). This paper proposes a multilayer statistical intrusion detection framework for wireless networks. The architecture is adequate to wireless networks because the underlying detection models rely on radio parameters and traffic models. Accurate correlation between radio and traffic anomalies allows enhancing the efficiency of the IDS. A radio signal fingerprinting technique based on the maximal overlap discrete wavelet transform (MODWT) is developed. Moreover, a geometric clustering algorithm is presented. Depending on the characteristics of the fingerprinting technique, the clustering algorithm permits to control the false positive and false negative rates. Finally, simulation experiments have been carried out to validate the proposed IDS.
Ikonen, Jenni; Pitkänen, Tarja; Kosse, Pascal; Ciszek, Robert; Kolehmainen, Mikko; Miettinen, Ilkka T
Improvements in microbial drinking water quality monitoring are needed for the better control of drinking water distribution systems and for public health protection. Conventional water quality monitoring programmes are not always able to detect a microbial contamination of drinking water. In the drinking water production chain, in addition to the vulnerability of source waters, the distribution networks are prone to contamination. In this study, a pilot-scale drinking-water distribution network with an on-line monitoring system was utilized for detecting bacterial intrusion. During the experimental Escherichia coli intrusions, the contaminant was measured by applying a set of on-line sensors for electric conductivity (EC), pH, temperature (T), turbidity, UV-absorbance at 254 nm (UVAS SC) and with a device for particle counting. Monitored parameters were compared with the measured E. coli counts using the integral calculations of the detected peaks. EC measurement gave the strongest signal compared with the measured baseline during the E. coli intrusion. Integral calculations showed that the peaks in the EC, pH, T, turbidity and UVAS SC data were detected corresponding to the time predicted. However, the pH and temperature peaks detected were barely above the measured baseline and could easily be mixed with the background noise. The results indicate that on-line monitoring can be utilized for the rapid detection of microbial contaminants in the drinking water distribution system although the peak interpretation has to be performed carefully to avoid being mixed up with normal variations in the measurement data. Copyright © 2017 Elsevier Ltd. All rights reserved.
The Intrusion Detection System (IDS) is a common means of protecting networked systems from attack or malicious misuse. The deployment of an IDS can take many different forms dependent on protocols, usage and cost. This is particularly true of Wireless Intrusion Detection Systems (WIDS) which have many detection challenges associated with data transmission through an open, shared medium, facilitated by fundamental changes at the Physical and MAC layers. WIDS need to be considered in more deta...
Full Text Available Network intrusion detection is one of the most important parts for cyber security to protect computer systems against malicious attacks. With the emergence of numerous sophisticated and new attacks, however, network intrusion detection techniques are facing several significant challenges. The overall objective of this study is to learn useful feature representations automatically and efficiently from large amounts of unlabeled raw network traffic data by using deep learning approaches. We propose a novel network intrusion model by stacking dilated convolutional autoencoders and evaluate our method on two new intrusion detection datasets. Several experiments were carried out to check the effectiveness of our approach. The comparative experimental results demonstrate that the proposed model can achieve considerably high performance which meets the demand of high accuracy and adaptability of network intrusion detection systems (NIDSs. It is quite potential and promising to apply our model in the large-scale and real-world network environments.
This research concerns information security and computer-network defense. It addresses how to handle the information of log files and intrusion-detection systems to recognize when a system is under attack...
Full Text Available platform. Intrusion Detection Systems (IDS) analyse network traffic to identify suspicious patterns with the intention to compromise the system. Practitioners train classifiers to classify the data within different categories e.g. malicious or normal...
Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.
Meng, Weizhi; Tischhauser, Elmar Wolfgang; Wang, Qingju; Wang, Yu; Han, Jinguang
With the purpose of identifying cyber threats and possible incidents, intrusion detection systems (IDSs) are widely deployed in various computer networks. In order to enhance the detection capability of a single IDS, collaborative intrusion detection networks (or collaborative IDSs) have been developed, which allow IDS nodes to exchange data with each other. However, data and trust management still remain two challenges for current detection architectures, which may degrade the effectiveness ...
Mar 5, 2018 ... excessive packet collision, artificially increases contention, decrease signal .... Intelligent security architecture was conducted by , as an intrusion ... the main disadvantages of this scheme is: The IDS node is static (runs ...
Hafza A. Mahmood
Full Text Available Cloud Environment is next generation internet based computing system that supplies customiza-ble services to the end user to work or access to the various cloud applications. In order to provide security and decrease the damage of information system, network and computer system it is im-portant to provide intrusion detection system (IDS. Now Cloud environment are under threads from network intrusions, as one of most prevalent and offensive means Denial of Service (DoS attacks that cause dangerous impact on cloud computing systems. This paper propose Hidden naïve Bayes (HNB Classifier to handle DoS attacks which is a data mining (DM model used to relaxes the conditional independence assumption of Naïve Bayes classifier (NB, proposed sys-tem used HNB Classifier supported with discretization and feature selection where select the best feature enhance the performance of the system and reduce consuming time. To evaluate the per-formance of proposal system, KDD 99 CUP and NSL KDD Datasets has been used. The experi-mental results show that the HNB classifier improves the performance of NIDS in terms of accu-racy and detecting DoS attacks, where the accuracy of detect DoS is 100% in three test KDD cup 99 dataset by used only 12 feature that selected by use gain ratio while in NSL KDD Dataset the accuracy of detect DoS attack is 90 % in three Experimental NSL KDD dataset by select 10 fea-ture only.
Presenting cutting-edge research, Intrusion Detection in Wireless Ad-Hoc Networks explores the security aspects of the basic categories of wireless ad-hoc networks and related application areas. Focusing on intrusion detection systems (IDSs), it explains how to establish security solutions for the range of wireless networks, including mobile ad-hoc networks, hybrid wireless networks, and sensor networks.This edited volume reviews and analyzes state-of-the-art IDSs for various wireless ad-hoc networks. It includes case studies on honesty-based intrusion detection systems, cluster oriented-based
Full Text Available Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS. Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system.
“Networked control system‿ (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing
Full Text Available Research on network security and intrusion detection strategies presents many challenging issues to both theoreticians and practitioners. Hackers apply an array of intrusion and exploit techniques to cause disruption of normal system operations, but on the defense, firewalls and intrusion detection systems (IDS are typically only effective in defending known intrusion types using their signatures, and are far less than mature when faced with novel attacks. In this paper, we adapt the frequency analysis techniques such as the Discrete Fourier Transform (DFT used in signal processing to the design of intrusion detection algorithms. We demonstrate the effectiveness of the frequency-based detection strategy by running synthetic network intrusion data in simulated networks using the OPNET software. The simulation results indicate that the proposed intrusion detection strategy is effective in detecting anomalous traffic data that exhibit patterns over time, which include several types of DOS and probe attacks. The significance of this new strategy is that it does not depend on the prior knowledge of attack signatures, thus it has the potential to be a useful supplement to existing signature-based IDS and firewalls.
Dunklee, David R
.... The research then presents four recommendations to improve DCC operations. These include: Transition or improve the current signature-based IDS systems to include the capability to query and visualize network flows to detect malicious traffic...
“Networked control system‿ (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing essential services such as en- ergy and water (e.g., critical infrastructures) to monitoring the increasingly smart environments that surround us (e.g., the Internet of Things). Over the years, NCS techn...
Pratama, Azkario Rizky; Widyawan, Widyawan; Lazovik, Alexander; Aiello, Marco
Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers' mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS) of BLE (Bluetooth Low Energy) nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87-90% accuracy, demonstrating the effectiveness of the proposed approach.
Widyawan, Widyawan; Lazovik, Alexander
Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers’ mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS) of BLE (Bluetooth Low Energy) nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87–90% accuracy, demonstrating the effectiveness of the proposed approach. PMID:29509693
Azkario Rizky Pratama
Full Text Available Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers’ mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS of BLE (Bluetooth Low Energy nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87–90% accuracy, demonstrating the effectiveness of the proposed approach.
High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010 Springer-Verlag.
The adaptive intrusion data system (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique data system which uses computer controlled data systems, video cameras and recorders, analog-to-digital conversion, environmental sensors, and digital recorders to collect sensor data. The data can be viewed either manually or with a special computerized data-reduction system which adds new data to a data base stored on a magnetic disc recorder. This report provides a synoptic account of the AIDS as it presently exists. Modifications to the purchased subsystems are described, and references are made to publications which describe the Sandia-designed subsystems
Hawk, Hervey L.; Hawley, James G.; Portlock, John M.; Scheibner, James E.
A system for monitoring man-associated seismic movements within a control area including a geophone for generating an electrical signal in response to seismic movement, a bandpass amplifier and threshold detector for eliminating unwanted signals, pulse counting system for counting and storing the number of seismic movements within the area, and a monitoring system operable on command having a variable frequency oscillator generating an audio frequency signal proportional to the number of said seismic movements.
Full Text Available techniques in the network intrusion detection system (NIDS) is the feature selection technique. The ability of NIDS to accurately identify intrusion from the network traffic relies heavily on feature selection, which describes the pattern of the network...
Nunes Leal Franqueira, V.
Access control and intrusion detection are essential components for securing an organization's information assets. In practice, these components are used in isolation, while their fusion would contribute to increase the range and accuracy of both. One approach to accomplish this fusion is the
Meng, Weizhi; Tischhauser, Elmar Wolfgang; Wang, Qingju
developed, which allow IDS nodes to exchange data with each other. However, data and trust management still remain two challenges for current detection architectures, which may degrade the effectiveness of such detection systems. In recent years, blockchain technology has shown its adaptability in many...... fields such as supply chain management, international payment, interbanking and so on. As blockchain can protect the integrity of data storage and ensure process transparency, it has a potential to be applied to intrusion detection domain. Motivated by this, this work provides a review regarding...... the intersection of IDSs and blockchains. In particular, we introduce the background of intrusion detection and blockchain, discuss the applicability of blockchain to intrusion detection, and identify open challenges in this direction....
Williams, J.D.; Matter, J.C.
A number of conventional intrusion detection sensors exists for the detection of persons entering buildings, moving within a given volume, and crossing a perimeter isolation zone. Unconventional applications of some of these sensors have recently been investigated. Some of the applications which are discussed include detection on the edges and tops of buildings, detection in storm sewers, detection on steam and other types of large pipes, and detection of unauthorized movement within secure enclosures. The enclosures can be used around complicated control valves, electrical control panels, emergency generators, etc
conventional computing platform (Dell Inspiron 15N laptop running Mint Maya as the operating system, dual-core Core i5 CPU, 8 GB RAM), Snort exhibited a peak...distribute network monitoring duties amongst the participants in the network with the goal of conserving the network’s overall computational demand
Barbosa, R.R.R.; Pras, Aiko; Stiller, Burckhard; De Turck, Filip
Supervisory Control and Data Acquisition (SCADA) sys- tems are a critical part of large industrial facilities, such as water dis- tribution infrastructures. With the goal of reducing costs and increas- ing efficiency, these systems are becoming increasingly interconnected. However, this has also
Journal of Computer Science and Its Application ... Security has become not just a feature of an information system, but the core and a necessity especially the systems that communicate and transmit data over the Internet for they are more ... Keywords: Intrusion, Genetic Algorithm, detection, Security, DARPA dataset ...
Full Text Available Existing anomaly and intrusion detection schemes of wireless sensor networks have mainly focused on the detection of intrusions. Once the intrusion is detected, an alerts or claims will be generated. However, any unidentified malicious nodes in the network could send faulty anomaly and intrusion claims about the legitimate nodes to the other nodes. Verifying the validity of such claims is a critical and challenging issue that is not considered in the existing cooperative-based distributed anomaly and intrusion detection schemes of wireless sensor networks. In this paper, we propose a validation algorithm that addresses this problem. This algorithm utilizes the concept of intrusion-aware reliability that helps to provide adequate reliability at a modest communication cost. In this paper, we also provide a security resiliency analysis of the proposed intrusion-aware alert validation algorithm.
.... The Secure BGP projects designed a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP...
A safeguards vulnerability assessment was conducted at three separate licensed nuclear processing facilities. Emphasis was placed on: (1) performance of the total intrusion detection system, and (2) vulnerability of the system to compromise by insiders. The security guards were interviewed to evaluate their effectiveness in executing their duties in accordance with the plant's security plan and to assess their knowledge regarding the operation of the security equipment. A review of the training schedule showed that the guards, along with the other plant employees, are required to periodically attend in-plant training sessions. The vulnerability assessments continued with interviews of the personnel responsible for maintaining the security equipment, with discussions of detector false alarm and maintenance problems. The second part of the vulnerability assessments was to evaluate the effectiveness of the intrusion detection systems including the interior and the perimeter sensors, CCTV surveillance devices and the exterior lighting. Two types of perimeter detectors are used at the sites, a fence disturbance sensor and an infrared barrier type detector. Infrared barrier type detectors have a higher probability of detection, especially in conjunction with dedicated CCTV cameras. The exterior lights satisfy the 0.2 footcandle illumination requirement. The interior intrusion detection systems included ultrasonic motion detectors, microwave motion detectors,balanced magnetic switches, and CCTV cameras. Entrance doors to the materials access areas and vital areas are protected with balanced magnetic switches. The interior intrusion detection systems at the three nuclear processing sites are considered satisfactory with the exception of the areas protected with ultrasonic motion detectors
Mkuzangwe, Nenekazi NP
Full Text Available decision tree which is one of the well-known machine learning techniques. The results indicate that the performance difference, in terms of predicting the proportion of attacks in the data, of the proposed system with respect to the decision tree...
Şen, Sevil; Clark, John A.; Tapiador, Juan E.
Mobile ad hoc networks (MANETs) are a highly promising new form of networking. However they are more vulnerable to attacks than wired networks. In addition, conventional intrusion detection systems (IDS) are ineffective and inefficient for highly dynamic and resource-constrained environments. Achieving an effective operational MANET requires tradeoffs to be made between functional and non-functional criteria. In this paper we show how Genetic Programming (GP) together with a Multi-Objective Evolutionary Algorithm (MOEA) can be used to synthesise intrusion detection programs that make optimal tradeoffs between security criteria and the power they consume.
Zhou, Xingfang; Guo, Baoqing; Wei, Wei
In the stage of railway construction and operation, objects intruding railway clearance greatly threaten the safety of railway operation. Real-time intrusion detection is of great importance. For the shortcomings of depth insensitive and shadow interference of single image method, an intrusion detection method with binocular stereo vision is proposed to reconstruct the 3D scene for locating the objects and judging clearance intrusion. The binocular cameras are calibrated with Zhang Zhengyou's method. In order to improve the 3D reconstruction speed, a suspicious region is firstly determined by background difference method of a single camera's image sequences. The image rectification, stereo matching and 3D reconstruction process are only executed when there is a suspicious region. A transformation matrix from Camera Coordinate System(CCS) to Track Coordinate System(TCS) is computed with gauge constant and used to transfer the 3D point clouds into the TCS, then the 3D point clouds are used to calculate the object position and intrusion in TCS. The experiments in railway scene show that the position precision is better than 10mm. It is an effective way for clearance intrusion detection and can satisfy the requirement of railway application.
Yang, Dr. Li [University of Tennessee; Gasior, Wade C [ORNL; Dasireddy, Swetha [University of Tennessee
Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes it less effective. We propose a system which takes both raw data and Snort alerts to visualize and analyze possible intrusions in a network. Then we present with two models for the visualization of clustered alerts. Our first model gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. In the second model, flocking model, presents the network administrator with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.
Yu, Lu; Brooks, Richard R.
With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detecti...
Algorithms to pattern recognition comes from Radtke et al. . The authors apply Multi- Objective Genetic Algorithms (MOGAs) to two parts of a handwritten...Postel, J.B. “User Datagram Protocol. RFC 768”, 1980.  Radtke , Paulo V. W., Robert Sabourin, and Tony Wong. “Classification system optimization...Rennes 1, Suvisoft, La Baule (France), 10 2006. URL http://hal.inria.fr/inria-00104200/en/.  Radtke , P.V.W., T. Wong, and R. Sabourin. “A multi
Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.; Stallings, C.A.; Thompson, J.L.; Christoph, G.G.
An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in system audit records, in system vulnerability postures, and in other evidence found through active system testing. Since 1989 we have implemented a misuse and intrusion detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter, or NADIR. NADIR currently audits a Kerberos distributed authentication system, file activity on a mass, storage system, and four Cray supercomputers that run the UNICOS operating system. NADIR summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations, As NADIR is constantly evolving, this paper reports its development to date.
Full Text Available The existing power grid is going through a massive transformation. Smart grid technology is a radical approach for improvisation in prevailing power grid. Integration of electrical and communication infrastructure is inevitable for the deployment of Smart grid network. Smart grid technology is characterized by full duplex communication, automatic metering infrastructure, renewable energy integration, distribution automation and complete monitoring and control of entire power grid. Wireless sensor networks (WSNs are small micro electrical mechanical systems that are deployed to collect and communicate the data from surroundings. WSNs can be used for monitoring and control of smart grid assets. Security of wireless sensor based communication network is a major concern for researchers and developers. The limited processing capabilities of wireless sensor networks make them more vulnerable to cyber-attacks. The countermeasures against cyber-attacks must be less complex with an ability to offer confidentiality, data readiness and integrity. The address oriented design and development approach for usual communication network requires a paradigm shift to design data oriented WSN architecture. WSN security is an inevitable part of smart grid cyber security. This paper is expected to serve as a comprehensive assessment and analysis of communication standards, cyber security issues and solutions for WSN based smart grid infrastructure.
Full Text Available Rapid progress of networking technologies leads to an exponential growth in the number of unauthorized or malicious network actions. As a component of defense-in-depth, Network Intrusion Detection System (NIDS has been expected to detect malicious behaviors. Currently, NIDSs are implemented by various classification techniques, but these techniques are not advanced enough to accurately detect complex or synthetic attacks, especially in the situation of facing massive high-dimensional data. Besides, the inherent defects of NIDSs, namely, high false alarm rate and low detection rate, have not been effectively solved. In order to solve these problems, data fusion (DF has been applied into network intrusion detection and has achieved good results. However, the literature still lacks thorough analysis and evaluation on data fusion techniques in the field of intrusion detection. Therefore, it is necessary to conduct a comprehensive review on them. In this article, we focus on DF techniques for network intrusion detection and propose a specific definition to describe it. We review the recent advances of DF techniques and propose a series of criteria to compare their performance. Finally, based on the results of the literature review, a number of open issues and future research directions are proposed at the end of this work.
Weiss, Jonathan D.
Method and system for monitoring and identifying moisture intrusion in soil such as is contained in landfills housing radioactive and/or hazardous waste. The invention utilizes the principle that moist or wet soil has a higher thermal conductance than dry soil. The invention employs optical time delay reflectometry in connection with a distributed temperature sensing system together with heating means in order to identify discrete areas within a volume of soil wherein temperature is lower. According to the invention an optical element and, optionally, a heating element may be included in a cable or other similar structure and arranged in a serpentine fashion within a volume of soil to achieve efficient temperature detection across a large area or three dimensional volume of soil. Remediation, moisture countermeasures, or other responsive action may then be coordinated based on the assumption that cooler regions within a soil volume may signal moisture intrusion where those regions are located.
Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.
Full Text Available Internet of Things (IoT transforms network communication to Machine-to-Machine (M2M basis and provides open access and new services to citizens and companies. It extends the border of Internet and will be developed as one part of the future 5G networks. However, as the resources of IoT’s front devices are constrained, many security mechanisms are hard to be implemented to protect the IoT networks. Intrusion detection system (IDS is an efficient technique that can be used to detect the attackers when cryptography is broken, and it can be used to enforce the security of IoT networks. In this article, we analyzed the intrusion detection requirements of IoT networks and then proposed a uniform intrusion detection method for the vast heterogeneous IoT networks based on an automata model. The proposed method can detect and report the possible IoT attacks with three types: jam-attack, false-attack, and reply-attack automatically. We also design an experiment to verify the proposed IDS method and examine the attack of RADIUS application.
Yampolskiy, Roman V.; Govindaraju, Venu
Behavior based intrusion detection is a frequently used approach for insuring network security. We expend behavior based intrusion detection approach to a new domain of game networks. Specifically, our research shows that a unique behavioral biometric can be generated based on the strategy used by an individual to play a game. We wrote software capable of automatically extracting behavioral profiles for each player in a game of Poker. Once a behavioral signature is generated for a player, it is continuously compared against player's current actions. Any significant deviations in behavior are reported to the game server administrator as potential security breaches. Our algorithm addresses a well-known problem of user verification and can be re-applied to the fields beyond game networks, such as operating systems and non-game networks security.
Hu, Weiming; Hu, Wei; Maybank, Steve
Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.
Hu, Weiming; Gao, Jun; Wang, Yanguo; Wu, Ou; Maybank, Stephen
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two online Adaboost-based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
Nassr, Amr A; El-Dakhakhni, Wael W; Ahmed, Wael H
Composite materials are becoming more affordable and widely used for retrofitting, rehabilitating and repairing reinforced concrete structures designed and constructed under older specifications. However, the mechanical properties and long-term durability of composite materials may degrade severely in the presence of water intrusion. This study presents a new non-destructive evaluation (NDE) technique for detecting the water intrusion in composite structures by evaluating the dielectric properties of different composite system constituent materials. The variation in the dielectric signatures was employed to design a coplanar capacitance sensor with high sensitivity to detect such defects. An analytical model was used to study the effect of the sensor geometry on the output signal and to optimize sensor design. A finite element model was developed to validate analytical results and to evaluate other sensor design-related parameters. Experimental testing of a concrete specimen wrapped with composite laminate and containing a series of pre-induced water intrusion defects was conducted in order to validate the concept of the new technique. Experimental data showed excellent agreement with the finite element model predictions and confirmed sensor performance
An evaluation of classification algorithms for intrusion detection. ... Log in or Register to get access to full text downloads. ... Most of the available IDSs use all the 41 features in the network to evaluate and search for intrusive pattern in which ...
Wang, Yu; Xie, Lin; Li, Wenjuan
Nowadays, cyber threats (e.g., intrusions) are distributed across various networks with the dispersed networking resources. Intrusion detection systems (IDSs) have already become an essential solution to defend against a large amount of attacks. With the development of cloud computing, a modern IDS...
An Adaptive Intrusion Data System (AIDS) was developed to collect information from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data-compression, storage, and formatting system; it also incorporates a capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be used for the collection of environmental, bilevel, analog, and video data. This report describes the software routines that control the different AIDS data-collection modes, the diagnostic programs to test the operating hardware, and the data format. Sample data printouts are also included
Hallstensen, Christoffer V
Cybercrime damage costs the world several trillion dollars annually. And al-though technical solutions to protect organizations from hackers are being con-tinuously developed, criminals learn fast to circumvent them. The question is,therefore, how to create leverage to protect an organization by improving in-trusion detection and situational awareness? This thesis seeks to contribute tothe prior art in intrusion detection and situational awareness by using a multi-sensor data fusion...
Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.
Full Text Available The Windows Operating System (OS is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS. Unfortunately, a comprehensive data set that reflects the modern Windows OS’s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD; and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA. Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS design will be required.
Full Text Available The article deals with detection of network anomalies. Network anomalies include everything that is quite different from the normal operation. For detection of anomalies were used machine learning systems. Machine learning can be considered as a support or a limited type of artificial intelligence. A machine learning system usually starts with some knowledge and a corresponding knowledge organization so that it can interpret, analyse, and test the knowledge acquired. There are several machine learning techniques available. We tested Decision tree learning and Bayesian networks. The open source data-mining framework WEKA was the tool we used for testing the classify, cluster, association algorithms and for visualization of our results. The WEKA is a collection of machine learning algorithms for data mining tasks.
Graham, R.H.; Workhoven, R.M.
Interior Intrusion Detection Technology began at Sandia National Laboratories (SNL) in 1975 as part of the Fixed Facilities Physical Protection Research and Development program sponsored by the US Department of Energy in connection with their nuclear safeguards effort. This paper describes the evolution of Interior Intrusion Detection Technology at Sandia National Laboratories from the beginning of the Interior Sensor Laboratory to the present. This Laboratory was established in 1976 to evaluate commercial interior intrusion sensors and to assist in site-specific intrusion detection system designs. Examples of special test techniques and new test equipment that were developed at the Lab are presented, including the Sandia Intruder Motion Simulator (SIMS), the Sensor and Environment Monitor (SEM), and the Sandia Interior Robot (SIR). We also discuss new sensors and unique sensor combination developed when commercial sensors were unavailable and the future application of expert systems. 5 refs
Graham, R.H.; Workhoven, R.M.
Interior Intrusion Detection Technology began at Sandia National Laboratories (SNL) in 1975 as part of the Fixed Facilities Physical Protection Research and Development program sponsored by the US Department of Energy in connection with their nuclear safeguards effort. This paper describes the evolution of Interior Intrusion Detection Technology at Sandia National Laboratories from the beginning of the Interior Sensor Laboratory to the present. This Laboratory was established in 1976 to evaluate commercial interior intrusion sensors and to assist in site-specific intrusion detection system designs. Examples of special test techniques and new test equipment that were developed at the Lab are presented, including the Sandia Intruder Motion Simulator (SIMS), the Sensor and Environment Monitor (SEM), and the Sandia Interior Robot (SIR). We also discuss new sensors and unique sensor combinations developed when commercial sensors were unavailable and the future application of expert systems
Rajasekhar, P.; Shrikhande, S.V.; Biswas, B.B.; Patil, R.K.
Nuclear power plants have a lot of critical data to be sent to the operator workstations. A plant wide integrated communication network, with high throughput, determinism and redundancy, is required between the workstations and the field. Switched Ethernet network is a promising prospect for such an integrated communication network. But for such an integrated system, intrusion is a major issue. Hence the network should have an intrusion detection system to make the network data secure and enhance the network availability. Intrusion detection is the process of monitoring the events occurring in a network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of network security policies, acceptable user policies, or standard security practices. This paper states the various intrusion detection techniques and approaches which are applicable for analysis of a plant wide network. (author)
Graham, R.H.; Workhoven, R.M.
Interior Intrusion Detection Technology began at Sandia National Laboratories (SNL) in 1975 as part of the Fixed Facilities Physical Protection Research and Development program sponsored by the U.S. Department of Energy in connection with their nuclear safeguards effort. This paper describes the evolution of Interior Intrusion Detection Technology at Sandia National Laboratories from the beginning of the Interior Sensor Laboratory to the present. This Laboratory was established in 1976 to evaluate commercial interior intrusion sensors and to assist in site-specific intrusion detection system designs. Examples of special test techniques and new test equipment that were developed at the Lab are presented, including the Sandia Intruder Motion Simulator (SIMS), the Sensor and Environment Monitor (SEM), and the Sandia Interior Robot (SIR). The authors also discuss new sensors and unique sensor combinations developed when commercial sensors were unavailable and the future application of expert systems
Gao, Jianzhong; Jiang, Zhuangde; Zhao, Yulong; Zhu, Li; Zhao, Guoxian
Based on the microbend effect of optical fiber, a distributed sensor for real-time continuous monitoring of intrusion in application to buried pipelines is proposed. The sensing element is a long cable with a special structure made up of an elastic polymer wire, an optical fiber, and a metal wire. The damage point is located with an embedded optical time domain reflectometry (OTDR) instrument. The intrusion types can be indicated by the amplitude of output voltage. Experimental results show that the detection system can alarm adequately under abnormal load and can locate the intrusion point within 22.4 m for distance of 3.023 km.
Wang, Wei; Zhang, Xiangliang; Pitsilis, Georgios
are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction. © 2010
applications in wireless networks such as military battlefields, emergency response, mobile commerce , online gaming, and collaborative work are based on the...www.elsevier.com/locate/peva Performance analysis of hierarchical group key management integrated with adaptive intrusion detection in mobile ad hoc...Accepted 19 September 2010 Available online 26 September 2010 Keywords: Mobile ad hoc networks Intrusion detection Group communication systems Group
Optimization Coello, Van Veldhuizen , and Lamont define global optimization as, “the process of finding the global minimum4 within some search space S [CVL02...Technology, Shapes Markets, and Manages People, Simon & Schuster, New York, 1995. [CVL02] Coello, C., Van Veldhuizen , D., Lamont, G.B., Evolutionary...Anomaly Detection, Technical Report CS- 2003-02, Computer Science Department, Florida Institute of Technology, 2003. [Marmelstein99] Marmelstein, R., Van
Kim, Sehun; Shin, Seong-Jun; Kim, Hyunwoo; Kwon, Ki Hoon; Han, Younggoo
Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.
Sperotto, Anna; Sadre, R.; van Vliet, Frank; Pras, Aiko; Nunzi, Giorgio; Scoglio, Caterina; Li, Xing
Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set
functions, procedures, and scripts, an Oracle database structure, Borne shell scripts, and configuration files which together communicate with ASIM Sensor...34Plugging the Holes in eCommerce Leads to 135% Growth in the Intrusion Detection and Vulnerability Assessment Software Market," PRNewswire. August
Abdulrahim Haroun Ali
Full Text Available Intrusions are a problem with the deployment of Networks which give misuse and abnormal behavior in running reliable network operations and services. In this work, a Dynamic Fuzzy Logic Controller (DFLC is proposed for an anomaly detection problem, with the aim of solving the problem of attack detection rate and faster response process. Data is collected by PingER project. PingER project actively measures the worldwide Internet’s end-to-end performance. It covers over 168 countries around the world. PingER uses simple ubiquitous Internet Ping facility to calculate number of useful performance parameters. From each set of 10 pings between a monitoring host and a remote host, the features being calculated include Minimum Round Trip Time (RTT, Jitter, Packet loss, Mean Opinion Score (MOS, Directness of Connection (Alpha, Throughput, ping unpredictability and ping reachability. A set of 10 pings is being sent from the monitoring node to the remote node every 30 minutes. The received data shows the current characteristic and behavior of the networks. Any changes in the received data signify the existence of potential threat or abnormal behavior. D-FLC uses the combination of parameters as an input to detect the existence of any abnormal behavior of the network. The proposed system is simulated in Matlab Simulink environment. Simulations results show that the system managed to catch 95% of the anomalies with the ability to distinguish normal and abnormal behavior of the network.
Kosek, Anna Magdalena; Gehrke, Oliver
The shift from centralised large production to distributed energy production has several consequences for current power system operation. The replacement of large power plants by growing numbers of distributed energy resources (DERs) increases the dependency of the power system on small scale......, distributed production. Many of these DERs can be accessed and controlled remotely, posing a cybersecurity risk. This paper investigates an intrusion detection system which evaluates the DER operation in order to discover unauthorized control actions. The proposed anomaly detection method is based...
Leandros A. Maglaras
Full Text Available In this paper we present an intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition system, based on the combination of One-Class Support Vector Machine (OCSVM with RBF kernel and recursive k-means clustering. Important parameters of OCSVM, such as Gaussian width o and parameter v affect the performance of the classifier. Tuning of these parameters is of great importance in order to avoid false positives and over fitting. The combination of OCSVM with recursive k- means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters o and v, making it ideal for real-time intrusion detection mechanisms for SCADA systems. Extensive simulations have been conducted with datasets extracted from small and medium sized HTB SCADA testbeds, in order to compare the accuracy, false alarm rate and execution time against the base line OCSVM method.
Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional . k-means, are employed to find the exemplars from the audit data. . k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD\\'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.
Kidmose, Egon; Stevanovic, Matija; Pedersen, Jens Myrup
Millions of computers are infected with bot malware, form botnets and enable botmaster to perform malicious and criminal activities. Intrusion Detection Systems are deployed to detect infections, but they raise many correlated alerts for each infection, requiring a large manual investigation effort...
Bos, H.; Huang, Kaiming
CardGuard is a signature detection system for intrusion detection and prevention that scans the entire payload of packets for suspicious patterns and is implemented in software on a network card equiped with an Intel IXP1200 network processor. One card can be used to protect either a single host, or
Hofstede, R.J.; Bartos, Vaclav; Sperotto, Anna; Pras, Aiko
DDoS attacks bring serious economic and technical damage to networks and enterprises. Timely detection and mitigation are therefore of great importance. However, when flow monitoring systems are used for intrusion detection, as it is often the case in campus, enterprise and backbone networks, timely
Schwartz, Daniel G.; Long, Jidong
Multi-sensor intrusion detection systems (IDSs) combine the alerts raised by individual IDSs and possibly other kinds of devices such as firewalls and antivirus software. A critical issue in building a multi-sensor IDS is alert-correlation, i.e., determining which alerts are caused by the same attack. This paper explores a novel approach to alert correlation using case-based reasoning (CBR). Each case in the CBR system's library contains a pattern of alerts raised by some known attack type, together with the identity of the attack. Then during run time, the alert streams gleaned from the sensors are compared with the patterns in the cases, and a match indicates that the attack described by that case has occurred. For this purpose the design of a fast and accurate matching algorithm is imperative. Two such algorithms were explored: (i) the well-known Hungarian algorithm, and (ii) an order-preserving matching of our own device. Tests were conducted using the DARPA Grand Challenge Problem attack simulator. These showed that the both matching algorithms are effective in detecting attacks; but the Hungarian algorithm is inefficient; whereas the order-preserving one is very efficient, in fact runs in linear time.
Full Text Available According to the problems of current distributed architecture intrusion detection systems (DIDS, a new online distributed intrusion detection model based on cellular neural network (CNN was proposed, in which discrete-time CNN (DTCNN was used as weak classifier in each local node and state-controlled CNN (SCCNN was used as global detection method, respectively. We further proposed a new method for design template parameters of SCCNN via solving Linear Matrix Inequality. Experimental results based on KDD CUP 99 dataset show its feasibility and effectiveness. Emerging evidence has indicated that this new approach is affordable to parallelism and analog very large scale integration (VLSI implementation which allows the distributed intrusion detection to be performed better.
Full Text Available Present Intrusion Detection Systems (IDSs for MANETs require continuous monitoring which leads to rapid depletion of a node's battery life. To address this issue, we propose a new IDS scheme comprising a novel cluster leader election process and a hybrid IDS. The cluster leader election process uses the Vickrey–Clarke–Groves mechanism to elect the cluster leader which provides the intrusion detection service. The hybrid IDS comprises a threshold based lightweight module and a powerful anomaly based heavyweight module. Initially, only the lightweight module is activated. The decision to activate the heavyweight module is taken by modeling the intrusion detection process as an incomplete information non-cooperative game between the elected leader node and the potential malicious node. Simulation results show that the proposed scheme significantly reduces the IDS traffic and overall power consumption in addition to maintaining a high detection rate and accuracy.
This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this
Giannetsos, Athanasios; Krontiris, Ioannis; Dimitriou, Tassos
to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance. In this paper, we present a lightweight intrusion detection system, called LIDeA, designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes......Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed...
Laughter, S. A.; Williams, R. D.
Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IP networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)
Hassanzadeh, Amin; Stoleru, Radu; Shihada, Basem
in such environments battery-powered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous
Hofstede, R.J.; Pras, Aiko
Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and
A Nuisance Alarm Data System (NADS) was developed to gather long-term background alarm data on exterior intrusion detectors as part of their evaluation. Since nuisance alarms play an important part in the selection of intrusion detectors for use at Department of Energy (DOE) facilities, an economical and reliable way to monitor and record these alarms was needed. NADS consists of an IBM personal computer and printer along with other commercial units to communicate with the detectors, to gather weather data, and to record video for assessment. Each alarm, its assessment, and the weather conditions occurring at alarm time are placed into a data base that is used in the evaluation of the detector. The operating software is written in Turbo Pascal for easy maintenance and modification. A portable system, based on the NADS design, has been built and shipped to other DOE locations to do on-site alarm monitoring. This has been valuable for the comparison of different detectors in the on-site environment and for testing new detectors when the appropriate conditions do not exist or cannot be simulated at the Exterior Intrusion Detection Testbed
Khattab M.Ali Alheeti
Full Text Available Security systems are a necessity for the deployment of smart vehicles in our society. Security in vehicular ad hoc networks is crucial to the reliable exchange of information and control data. In this paper, we propose an intelligent Intrusion Detection System (IDS to protect the external communication of self-driving and semi self-driving vehicles. This technology has the ability to detect Denial of Service (DoS and black hole attacks on vehicular ad hoc networks (VANETs. The advantage of the proposed IDS over existing security systems is that it detects attacks before they causes significant damage. The intrusion prediction technique is based on Linear Discriminant Analysis (LDA and Quadratic Discriminant Analysis (QDA which are used to predict attacks based on observed vehicle behavior. We perform simulations using Network Simulator 2 to demonstrate that the IDS achieves a low rate of false alarms and high accuracy in detection.
Timely intercept of an intruder requires the examination of perimeter barriers and sensors in terms of reliable detection, immediate assessment and prompt response provisions. Perimeter security equipment and operations must at the same time meet the requirements of the Code of Federal Regulations, 10 CFR 73.55 with some attention to the performance and testing figures of Nuclear Regulatory Guide 5.44, Revision 2, May 1980. A baseline system is defined which recommends a general approach to implementing perimeter security elements: barriers, lighting, intrusion detection, alarm assessment. The baseline approach emphasizes cost/effectiveness achieved by detector layering and logic processing of alarm signals to produce reliable alarms and low nuisance alarm rates. A cost benefit of layering along with video assessment is reduction in operating expense. The concept of layering is also shown to minimize testing costs where detectability performance as suggested by Regulatory Guide 5.44 is to be performed. Synthesis of the perimeter intrusion alarm system and limited testing of CCTV and Video Motion Detectors (VMD), were performed at E-Systems, Greenville Division, Greenville, Texas during 1981
Full Text Available In order to protect computing systems from malicious attacks, network intrusion detection systems have become an important part in the security infrastructure. Recently, hybrid models that integrating several machine learning techniques have captured more attention of researchers. In this paper, a novel hybrid model was proposed with the purpose of detecting network intrusion effectively. In the proposed model, Gini index is used to select the optimal subset of features, the gradient boosted decision tree (GBDT algorithm is adopted to detect network attacks, and the particle swarm optimization (PSO algorithm is utilized to optimize the parameters of GBDT. The performance of the proposed model is experimentally evaluated in terms of accuracy, detection rate, precision, F1-score, and false alarm rate using the NSL-KDD dataset. Experimental results show that the proposed model is superior to the compared methods.
Full Text Available The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI and the Programmable Logic Controllers (PLCs. This paper presents a model-based Intrusion Detection Systems (IDS designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA. The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on traffic from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the traffic was identified as normal.
Shuai, Chunyan; Yang, Hengcheng; Gong, Zeweiyi
In view of the problem of low detection accuracy and the long detection time of support vector machine, which directly applied to the network intrusion detection system. Optimization of SVM parameters can greatly improve the detection accuracy, but it can not be applied to high-speed network because of the long detection time. a method based on Kohonen neural network feature selection is proposed to reduce the optimization time of support vector machine parameters. Firstly, this paper is to calculate the weights of the KDD99 network intrusion data by Kohonen network and select feature by weight. Then, after the feature selection is completed, genetic algorithm (GA) and grid search method are used for parameter optimization to find the appropriate parameters and classify them by support vector machines. By comparing experiments, it is concluded that feature selection can reduce the time of parameter optimization, which has little influence on the accuracy of classification. The experiments suggest that the support vector machine can be used in the network intrusion detection system and reduce the missing rate.
A data acquisition system oriented specifically toward collection and processing of various meteorological and environmental parameters has been designed around a National Semiconductor IMP-16 microprocessor, This system, called the Environmental Data Processor (EDP), was developed specifically for use with the Adaptive Intrusion Data System (AIDS) in a perimeter intrusion alarm evaluation, although its design is sufficiently general to permit use elsewhere. This report describes in general detail the design of the EDP and its interaction with other AIDS components
Cluster sensors are one of nuclear security system components which are used to detect any intrusion process of the nuclear sites. In this work, an experimental measuring test for sensor performance and procedures are presented. Sensor performance testing performed to determine whether a particular sensor will be acceptable in a proposed design. We have access to a sensors test field in which the sensor of interest is already properly installed and the parameters have been set to optimal levels by preliminary testing. The glass-breakage (G.B) and open door (O.D) sensors construction, operation and design for the investigated nuclear site are explained. Intrusion tests were carried out inside the field areas of the sensors to evaluate the sensor performance during the intrusion process. Experimental trials were performed for achieving the intrusion process via sensor network system. The performance and intrusion senses of cluster sensors inside the internal zones was recorded and evaluated. The obtained results explained that the tested and experimented G.B sensors have a probability of detection P (D) value 65% founded, and 80% P (D) of Open-door sensor
Ma, Tao; Wang, Fen; Cheng, Jianjun; Yu, Yang; Chen, Xiaoyun
The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.
Ben Charhi Youssef
Full Text Available This paper is an extension of work originally presented in SYSCO CONF.We extend our previous work by presenting the initial results of the implementation of intrusion detection based on risk assessment on cloud computing. The idea focuses on a novel approach for detecting cyber-attacks on the cloud environment by analyzing attacks pattern using risk assessment methodologies. The aim of our solution is to combine evidences obtained from Intrusion Detection Systems (IDS deployed in a cloud with risk assessment related to each attack pattern. Our approach presents a new qualitative solution for analyzing each symptom, indicator and vulnerability analyzing impact and likelihood of distributed and multi-steps attacks directed to cloud environments. The implementation of this approach will reduce the number of false alerts and will improve the performance of the IDS.
Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For
To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which are utili......To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which...... are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we...... of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate...
SQL injection detection system Programmers do not always ensure security of developed systems. That is why it is important to look for solutions outside being reliant on developers. In this work SQL injection detection system is proposed. The system analyzes HTTP request parameters and detects intrusions. It is based on unsupervised machine learning. Trained by regular request data system detects outlier user parameters. Since training is not reliant on previous knowledge of SQL injections, t...
INSPIRE-00416173; Kebschull, Udo
Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Grids face complex security challenges. They are interesting targets for attackers seeking for huge computational resources. Since users can execute arbitrary code in the worker nodes on the Grid sites, special care should be put in this environment. Automatic tools to harden and monitor this scenario are required. Currently, there is no integrated solution for such requirement. This paper describes a new security framework to allow execution of job payloads in a sandboxed context. It also allows process behavior monitoring to detect intrusions, even when new attack methods or zero day vulnerabilities are exploited, by a Machin...
Full Text Available The interval temporal logic (ITL model checking (MC technique enhances the power of intrusion detection systems (IDSs to detect concurrent attacks due to the strong expressive power of ITL. However, an ITL formula suffers from difficulty in the description of the time constraints between different actions in the same attack. To address this problem, we formalize a novel real-time interval temporal logic—real-time attack signature logic (RASL. Based on such a new logic, we put forward a RASL model checking algorithm. Furthermore, we use RASL formulas to describe attack signatures and employ discrete timed automata to create an audit log. As a result, RASL model checking algorithm can be used to automatically verify whether the automata satisfy the formulas, that is, whether the audit log coincides with the attack signatures. The simulation experiments show that the new approach effectively enhances the detection power of the MC-based intrusion detection methods for a number of telnet attacks, p-trace attacks, and the other sixteen types of attacks. And these experiments indicate that the new algorithm can find several types of real-time attacks, whereas the existing MC-based intrusion detection approaches cannot do that.
Zhang, Huibin; Wang, Yuqiao; Chen, Haoran; Zhao, Yongli; Zhang, Jie
In software defined optical networks (SDON), the centralized control plane may encounter numerous intrusion threatens which compromise the security level of provisioned services. In this paper, the issue of control plane security is studied and two machine-learning-based control plane intrusion detection techniques are proposed for SDON with properly selected features such as bandwidth, route length, etc. We validate the feasibility and efficiency of the proposed techniques by simulations. Results show an accuracy of 83% for intrusion detection can be achieved with the proposed machine-learning-based control plane intrusion detection techniques.
Liu Baoxu; Xu Rongsheng; Yu Chuansong; Wu Chunzhen
With the development of network technologies, limitations on traditional methods of network security protection are becoming more and more obvious. An individual network security product or the simple combination of several products can hardly complete the goal of keeping from hackers' intrusion. Therefore, on the basis of the analyses about the security problems of IHEPNET which is an open and scientific research network, the author designs an intrusion defense system especially for IHEPNET
Meng, Weizhi; Li, Wenjuan; Su, Chunhua
many kinds of information among sensors, whereas such network is vulnerable to a wide range of attacks, especially insider attacks, due to its natural environment and inherent unreliable transmission. To safeguard its security, intrusion detection systems (IDSs) are widely adopted in a WSN to defend...... against insider attacks through implementing proper trustbased mechanisms. However, in the era of big data, sensors may generate excessive information and data, which could degrade the effectiveness of trust computation. In this paper, we focus on this challenge and propose a way of combining Bayesian......-based trust management with traffic sampling for wireless intrusion detection under a hierarchical structure. In the evaluation, we investigate the performance of our approach in both a simulated and a real network environment. Experimental results demonstrate that packet-based trust management would become...
Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For
The development of collaborative intrusion detection networks (CIDNs) aims to enhance the performance of a single intrusion detection system (IDS), through communicating and collecting information from other IDS nodes. To defend CIDNs against insider attacks, trust-based mechanisms are crucial...... and render CIDNs still vulnerable to advanced insider attacks in a practical deployment. In this paper, our motivation is to investigate the effect of On-Off attacks on challenge-based CIDNs. In particular, as a study, we explore a special On-Off attack (called SOOA), which can keep responding normally...... to one node while acting abnormally to another node. In the evaluation, we explore the attack performance under simulated CIDN environments. Experimental results indicate that our attack can interfere the effectiveness of trust computation for CIDN nodes....
Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For
To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat...... to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated...... and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values....
Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For
Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed...... network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may...... result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way...
Romero, Carlos E.; Haugen, Peter C.; Zumstein, James M.; Leach, Jr., Richard R.; Vigars, Mark L.
An in-container monitoring sensor system is based on an UWB radar intrusion detector positioned in a container and having a range gate set to the farthest wall of the container from the detector. Multipath reflections within the container make every point on or in the container appear to be at the range gate, allowing intrusion detection anywhere in the container. The system also includes other sensors to provide false alarm discrimination, and may include other sensors to monitor other parameters, e.g. radiation. The sensor system also includes a control subsystem for controlling system operation. Communications and information extraction capability may also be included. A method of detecting intrusion into a container uses UWB radar, and may also include false alarm discrimination. A secure container has an UWB based monitoring system
Mora-Rodriguez, Jesus; Lopez-Jimenez, P. Amparo [Departamento de Ingenieria Hidraulica y Medio Ambiente, Universidad Politecnica de Valencia, Camino de Vera, s/n, 46022, Valencia (Spain); Ramos, Helena M. [Civil Engineering Department and CEHIDRO, Instituto Superior Tecnico, Technical University of Lisbon, Av. Rovisco Pais, 1049-001, Lisbon (Portugal)
Intrusion through leaks occurrence is a phenomenon when external fluid comes into water pipe systems. This phenomenon can cause contamination problems in drinking pipe systems. Hence, this paper focuses on the entry of external fluids across small leaks during normal operation conditions. This situation is especially important in elevated points of the pipe profile. Pressure variations can origin water volume losses and intrusion of contaminants into the drinking water pipes. This work focuses in obtaining up the physical representation on a specific case intrusion in a pipe water system. The combination of two factors is required to generate this kind of intrusion in a water supply system: on one hand the existence of at least a leak in the system; on the other hand, a pressure variation could occur during the operation of the system due to consumption variation, pump start-up or shutdown. The potential of intrusion during a dynamic or transient event is here analyzed. To obtain this objective an experimental case study of pressure transient scenario is analyzed with a small leak located nearby the transient source.
Full Text Available Intrusion detection has become a main part of network security due to the huge number of attacks which affects the computers. This is due to the extensive growth of internet connectivity and accessibility to information systems worldwide. To deal with this problem, in this paper a hybrid algorithm is proposed to integrate Modified Artificial Bee Colony (MABC with Enhanced Particle Swarm Optimization (EPSO to predict the intrusion detection problem. The algorithms are combined together to find out better optimization results and the classification accuracies are obtained by 10-fold cross-validation method. The purpose of this paper is to select the most relevant features that can represent the pattern of the network traffic and test its effect on the success of the proposed hybrid classification algorithm. To investigate the performance of the proposed method, intrusion detection KDDCup’99 benchmark dataset from the UCI Machine Learning repository is used. The performance of the proposed method is compared with the other machine learning algorithms and found to be significantly different.
Planchon , Frederic; Costa , Fernand; Nicaise , Vincent; Bouzerna , Nabil
International audience; Co-designed with FPC Ingénierie, SODA-IIoT4Factory offers a secure way to update CyPRES rule engines & cyber security/attack models.CyPRES is an intelligent IDS that strengthens industrial information systems. It learns then verifies the operation and behaviour of the system to the lowest level of detail. It detects the first signs of attacks before damage is incurred.
Gomez, Andres; Lara, Camilo; Kebschull, Udo
Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Grids face complex security challenges. They are interesting targets for attackers seeking for huge computational resources. Since users can execute arbitrary code in the worker nodes on the Grid sites, special care should be put in this environment. Automatic tools to harden and monitor this scenario are required. Currently, there is no integrated solution for such requirement. This paper describes a new security framework to allow execution of job payloads in a sandboxed context. It also allows process behavior monitoring to detect intrusions, even when new attack methods or zero day vulnerabilities are exploited, by a Machine Learning approach. We plan to implement the proposed framework as a software prototype that will be tested as a component of the ALICE Grid middleware.
Gomez, Andres; Lara, Camilo; Kebschull, Udo
Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Grids face complex security challenges. They are interesting targets for attackers seeking for huge computational resources. Since users can execute arbitrary code in the worker nodes on the Grid sites, special care should be put in this environment. Automatic tools to harden and monitor this scenario are required. Currently, there is no integrated solution for such requirement. This paper describes a new security framework to allow execution of job payloads in a sandboxed context. It also allows process behavior monitoring to detect intrusions, even when new attack methods or zero day vulnerabilities are exploited, by a Machine Learning approach. We plan to implement the proposed framework as a software prototype that will be tested as a component of the ALICE Grid middleware. (paper)
spatiotemporal relations to form complex events which model the intrusion patterns. ... Wireless sensor networks; complex event processing; event stream; ...... of the 2006 ACM SIGMOD International Conference on Management of Data, 407– ...
Modi, C.; Patel, D.; Patel, H.; Borisaniya, B.; Patel, A.; Rajarajan, M.
Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and...
Muhammad Hilmi Kamarudin
Full Text Available The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification. Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR coupled with Euclidean Distance Analysis (EDA and the Chebyshev Inequality Theorem (CIT to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB is employed alongside Random Forest (RF as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.
Wang, Wei; Guyet, Thomas; Quiniou, René
In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.
In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.
De Rango, Floriano; Lupia, Andrea
MANETs allow mobile nodes communicating to each other using the wireless medium. A key aspect of these kind of networks is the security, because their setup is done without an infrastructure, so external nodes could interfere in the communication. Mobile nodes could be compromised, misbehaving during the multi-hop transmission of data, or they could have a selfish behavior to save energy, which is another important constraint in MANETs. The detection of these behaviors need a framework that takes into account the latest interactions among nodes, so malicious or selfish nodes could be detected also if their behavior is changed over time. The monitoring activity increases the energy consumption, so our proposal takes into account this issue reducing the energy required by the monitoring system, keeping the effectiveness of the intrusion detection system. The results show an improvement in the saved energy, improving the detection performance too.
Ikram Sumaiya Thaseen
Full Text Available Intrusion detection is a promising area of research in the domain of security with the rapid development of internet in everyday life. Many intrusion detection systems (IDS employ a sole classifier algorithm for classifying network traffic as normal or abnormal. Due to the large amount of data, these sole classifier models fail to achieve a high attack detection rate with reduced false alarm rate. However by applying dimensionality reduction, data can be efficiently reduced to an optimal set of attributes without loss of information and then classified accurately using a multi class modeling technique for identifying the different network attacks. In this paper, we propose an intrusion detection model using chi-square feature selection and multi class support vector machine (SVM. A parameter tuning technique is adopted for optimization of Radial Basis Function kernel parameter namely gamma represented by ‘ϒ’ and over fitting constant ‘C’. These are the two important parameters required for the SVM model. The main idea behind this model is to construct a multi class SVM which has not been adopted for IDS so far to decrease the training and testing time and increase the individual classification accuracy of the network attacks. The investigational results on NSL-KDD dataset which is an enhanced version of KDDCup 1999 dataset shows that our proposed approach results in a better detection rate and reduced false alarm rate. An experimentation on the computational time required for training and testing is also carried out for usage in time critical applications.
Hao, Jianzhong; Dong, Bo; Varghese, Paulose; Phua, Jiliang; Foo, Siang Fook
In this paper, an armored-cable-based optical fiber Bragg grating (FBG) sensor array, for perimeter fence intrusion detection, is demonstrated and some of the field trial results are reported. The field trial was conducted at a critical local installation in Singapore in December 2010. The sensor array was put through a series of both simulated and live intrusion scenarios to test the stability and suitability of operation in the local environmental conditions and to determine its capabilities in detecting and reporting these intrusions accurately to the control station. Such a sensor array can provide perimeter intrusion detection with fine granularity and preset pin-pointing accuracy. The various types of intrusions included aided or unaided climbs, tampering and cutting of the fence, etc. The unique sensor packaging structure provides high sensitivity, crush resistance and protection against rodents. It is also capable of resolving nuisance events such as rain, birds sitting on the fence or seismic vibrations. These sensors are extremely sensitive with a response time of a few seconds. They can be customized for a desired spatial resolution and pre-determined sensitivity. Furthermore, it is easy to cascade a series of such sensors to monitor and detect intrusion events over a long stretch of fence line. Such sensors can be applied to real-time intrusion detection for perimeter security, pipeline security and communications link security.
Full Text Available Securing a machine from various cyber-attacks has been of serious concern for researchers, statutory bodies such as governments, business organizations and users in both wired and wireless media. However, during the last decade, the amount of data handling by any device, particularly servers, has increased exponentially and hence the security of these devices has become a matter of utmost concern. This paper attempts to examine the challenges in the application of machine learning techniques to intrusion detection. We review different inherent issues in defining and applying the machine learning techniques to intrusion detection. We also attempt to identify the best technological solution for changing usage pattern by comparing different machine learning techniques on different datasets and summarizing their performance using various performance metrics. This paper highlights the research challenges and future trends of intrusion detection in dynamic scenarios of intrusion detection problems in diverse network technologies.
Elfers, Carsten; Horstmann, Mirko; Sohr, Karsten; Herzog, Otthein
Intrusion detection in computer networks faces the problem of a large number of both false alarms and unrecognized attacks. To improve the precision of detection, various machine learning techniques have been proposed. However, one critical issue is that the amount of reference data that contains serious intrusions is very sparse. In this paper we present an inference process with linear chain conditional random fields that aims to solve this problem by using domain knowledge about the alerts of different intrusion sensors represented in an ontology.
.... Our objective is the design and analysis of 'zero-trust' Intrusion Tolerant Systems. These are systems built under the extreme assumption that all intrusion detection techniques will eventually fail...
Bacs, Andrei; Vermeulen, Remco; Slowinska, Asia; Bos, Herbert
Recovering from attacks is hard and gets harder as the time between the initial infection and its detection increases. Which files did the attackers modify? Did any of user data depend on malicious inputs? Can I still trust my own documents or binaries? When malcode has been active for some time and
Umer, Muhammad Fahad; Sher, Muhammad; Bi, Yaxin
The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.
Ranjeeth Kumar Sundararajan
Full Text Available In wireless sensor network (WSN, the sensors are deployed and placed uniformly to transmit the sensed data to a centralized station periodically. So, the major threat of the WSN network layer is sinkhole attack and it is still being a challenging issue on the sensor networks, where the malicious node attracts the packets from the other normal sensor nodes and drops the packets. Thus, this paper proposes an Intrusion Detection System (IDS mechanism to detect the intruder in the network which uses Low Energy Adaptive Clustering Hierarchy (LEACH protocol for its routing operation. In the proposed algorithm, the detection metrics, such as number of packets transmitted and received, are used to compute the intrusion ratio (IR by the IDS agent. The computed numeric or nonnumeric value represents the normal or malicious activity. As and when the sinkhole attack is captured, the IDS agent alerts the network to stop the data transmission. Thus, it can be a resilient to the vulnerable attack of sinkhole. Above all, the simulation result is shown for the proposed algorithm which is proven to be efficient compared with the existing work, namely, MS-LEACH, in terms of minimum computational complexity and low energy consumption. Moreover, the algorithm was numerically analyzed using TETCOS NETSIM.
Wireless Mesh Networks (WMN) are easy-to-deploy, low cost solutions for providing networking and internet services in environments with no network infrastructure, e.g., disaster areas and battlefields. Since electric power is not readily available in such environments battery-powered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous monitoring, remains an open research problem. In this paper we propose that carefully chosen monitoring mesh nodes ensure continuous and complete detection coverage, while allowing non-monitoring mesh nodes to save energy through duty-cycling. We formulate the monitoring node selection problem as an optimization problem and propose distributed and centralized solutions for it, with different tradeoffs. Through extensive simulations and a proof-of-concept hardware/software implementation we demonstrate that our solutions extend the WMN lifetime by 8%, while ensuring, at the minimum, a 97% intrusion detection rate.
An increasing number of pipelines are constructed in remote regions affected by harsh environmental conditions where pipeline routes often cross mountain areas which are characterized by unstable grounds and where soil texture changes between winter and summer increase the probability of hazards. Third party intentional interference or accidental intrusions are a major cause of pipeline failures leading to large leaks or even explosions. Due to the long distances to be monitored and the linear nature of pipelines, distributed fiber optic sensing techniques offer significant advantages and the capability to detect and localize pipeline disturbance with great precision. Furthermore pipeline owner/operators lay fiber optic cable parallel to transmission pipelines for telecommunication purposes and at minimum additional cost monitoring capabilities can be added to the communication system. The Brillouin-based Omnisens DITEST monitoring system has been used in several long distance pipeline projects. The technique is capable of measuring strain and temperature over 100's kilometers with meter spatial resolution. Dedicated fiber optic cables have been developed for continuous strain and temperature monitoring and their deployment along the pipeline has enabled permanent and continuous pipeline ground movement, intrusion and leak detection. This paper presents a description of the fiber optic Brillouin-based DITEST sensing technique, its measurement performance and limits, while addressing future perspectives for pipeline monitoring. The description is supported by case studies and illustrated by field data.
N Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash
Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.
Malik N Ahmed
Full Text Available Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.
Full Text Available Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN has thus been developed by allowing intrusion detection system (IDS nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.
into point-of-sale systems of over 150 Subway sandwich franchises and fifty other retailers (U.S. v. Oprea et al.). The hacking group ultimately...automated “dumps site,” dumps.name. A “dumps site” is a Website devoted to the buying and selling of stolen card data (U.S. v. Horohorin). The United States...trafficking of numbers of credit and debit cards. Most of the buying and selling of bulk quantities of credit and debit card data is done through
Full Text Available An immune-inspired adaptive automated intrusion response system model, named as , is proposed. The descriptions of self, non-self, immunocyte, memory detector, mature detector and immature detector of the network transactions, and the realtime network danger evaluation equations are given. Then, the automated response polices are adaptively performed or adjusted according to the realtime network danger. Thus, not only accurately evaluates the network attacks, but also greatly reduces the response times and response costs.
The Mass Memory Formatter was developed as part of the Adaptive Intrusion Data System (AIDS) to control a 2.4-megabit mass memory. The data from a Memory Controlled Processor is formatted before it is stored in the memory and reformatted during the readout mode. The data is then transmitted to a NOVA 2 minicomputer-controlled magnetic tape recorder for storage. Techniques and circuits are described
Full Text Available In supervised learning-based classification, ensembles have been successfully employed to different application domains. In the literature, many researchers have proposed different ensembles by considering different combination methods, training datasets, base classifiers, and many other factors. Artificial-intelligence-(AI- based techniques play prominent role in development of ensemble for intrusion detection (ID and have many benefits over other techniques. However, there is no comprehensive review of ensembles in general and AI-based ensembles for ID to examine and understand their current research status to solve the ID problem. Here, an updated review of ensembles and their taxonomies has been presented in general. The paper also presents the updated review of various AI-based ensembles for ID (in particular during last decade. The related studies of AI-based ensembles are compared by set of evaluation metrics driven from (1 architecture & approach followed; (2 different methods utilized in different phases of ensemble learning; (3 other measures used to evaluate classification performance of the ensembles. The paper also provides the future directions of the research in this area. The paper will help the better understanding of different directions in which research of ensembles has been done in general and specifically: field of intrusion detection systems (IDSs.
Lee, Pius W Q; Tan, Hwee-Pink; Seah, Winston K G; Yao, Zexi
Motion and intrusion detection are often cited as wireless sensor network (WSN) applications with typical configurations comprising clusters of wireless nodes equipped with motion sensors to detect human motion. Currently, WSN performance is subjected to several constraints, namely radio irregularity and finite on-board computation/energy resources. Radio irregularity in radio frequency (RF) propagation rises to a higher level in the presence of human activity due to the absorption effect of the human body. In this paper, we investigate the feasibility of monitoring RF transmission for the purpose of intrusion detection through experimentation. With empirical data obtained from the Crossbow TelosB platform in several different environments, the impact of human activity on the signal strength of RF signals in a WSN is evaluated. We then propose a novel approach to intrusion detection by turning a constraint in WSN, namely radio irregularity, into an advantage for the purpose of intrusion detection, using signal fluctuations to detect the presence of human activity within the WSN. Unlike RF fingerprinting, the 'intruders' here neither transmit nor receive any RF signals. By enabling existing wireless infrastructures to serve as intrusion detectors instead of deploying numerous costly sensors, this approach shows great promise for providing novel solutions
Hengy, Sebastien; Laurenzis, Martin; Schertzer, Stéphane; Hommes, Alexander; Kloeppel, Franck; Shoykhetbrod, Alex; Geibig, Thomas; Johannes, Winfried; Rassy, Oussama; Christnacher, Frank
Small unmanned aerial vehicles (UAVs) are becoming increasingly popular and affordable the last years for professional and private consumer market, with varied capacities and performances. Recent events showed that illicit or hostile uses constitute an emergent, quickly evolutionary threat. Recent developments in UAV technologies tend to bring autonomous, highly agile and capable unmanned aerial vehicles to the market. These UAVs can be used for spying operations as well as for transporting illicit or hazardous material (smuggling, flying improvised explosive devices). The scenario of interest concerns the protection of sensitive zones against the potential threat constituted by small drones. In the recent past, field trials were carried out to investigate the detection and tracking of multiple UAV flying at low altitude. Here, we present results which were achieved using a heterogeneous sensor network consisting of acoustic antennas, small FMCW RADAR systems and optical sensors. While acoustics and RADAR was applied to monitor a wide azimuthal area (360°), optical sensors were used for sequentially identification. The localization results have been compared to the ground truth data to estimate the efficiency of each detection system. Seven-microphone acoustic arrays allow single source localization. The mean azimuth and elevation estimation error has been measured equal to 1.5 and -2.5 degrees respectively. The FMCW radar allows tracking of multiple UAVs by estimating their range, azimuth and motion speed. Both technologies can be linked to the electro-optical system for final identification of the detected object.
Siva S. Sivatha Sindhu; S. Geetha; M. Marikannan; A. Kannan
Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system (IDS) is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference (KDD 2009) intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS (NGIDS) involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this
Vries, H.S.M. de; Harren, F.J.M.; Wyers, G.P.; Otjes, R.P.; Slanina, J.; Reuss, J.
A recently developed non-intrusive photothermal deflection (PTD) instrument allows sensitive, rapid and quantitative detection of local ammonia concentrations in the air. Ammonia is vibrationally excited by an infrared CO 2 laser in an intracavity configuration. A HeNe beam passing over the CO 2 laser beam (multipass arrangement) is deflected by the induced refractive index gradient. The detection limit for ammonia in ambient air is 0.5 ppbv with a spatial resolution of a few mm 3 . The time resolution is 0.1 s (single line) or 15 s (multi line). The system is fully automated and suited for non-stop measuring periods of at least one week. Results were compared to those obtained with a continuous-flow denuder (CFD). (author)
Ahmad Shokuh Saljoughi
Full Text Available Today, cloud computing has become popular among users in organizations and companies. Security and efficiency are the two major issues facing cloud service providers and their customers. Since cloud computing is a virtual pool of resources provided in an open environment (Internet, cloud-based services entail security risks. Detection of intrusions and attacks through unauthorized users is one of the biggest challenges for both cloud service providers and cloud users. In the present study, artificial intelligence techniques, e.g. MLP Neural Network sand particle swarm optimization algorithm, were used to detect intrusion and attacks. The methods were tested for NSL-KDD, KDD-CUP datasets. The results showed improved accuracy in detecting attacks and intrusions by unauthorized users.
Khattab M. Ali Alheeti
Full Text Available Vehicular ad hoc networks (VANETs play a vital role in the success of self-driving and semi self-driving vehicles, where they improve safety and comfort. Such vehicles depend heavily on external communication with the surrounding environment via data control and Cooperative Awareness Messages (CAMs exchanges. VANETs are potentially exposed to a number of attacks, such as grey hole, black hole, wormhole and rushing attacks. This work presents an intelligent Intrusion Detection System (IDS that relies on anomaly detection to protect the external communication system from grey hole and rushing attacks. These attacks aim to disrupt the transmission between vehicles and roadside units. The IDS uses features obtained from a trace file generated in a network simulator and consists of a feed-forward neural network and a support vector machine. Additionally, the paper studies the use of a novel systematic response, employed to protect the vehicle when it encounters malicious behaviour. Our simulations of the proposed detection system show that the proposed schemes possess outstanding detection rates with a reduction in false alarms. This safe mode response system has been evaluated using four performance metrics, namely, received packets, packet delivery ratio, dropped packets and the average end to end delay, under both normal and abnormal conditions.
Full Text Available A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS, proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.
Lopez-Jimenez, Petra Amparo; Mora-Rodriguez, Jose de Jesus; Perez-Garcia, Rafael; Martinez-Solano, F. Javier [Universidad Politecnica de Valencia (Spain)
This paper describes a strategy for the hydrodynamic modeling of the pathogen intrusion phenomenon in water distribution systems by the combination of a breakage with a depression situation. This scenario will be modeled computationally and experimentally. The phenomenon to be represented by both simulations is the same: the entrance of an external volume into the circulation of a main volume, known as a pathogen intrusion, as long as the main volume is potable water. To this end, a prototype and a computational model based on Computational Fluid Dynamics (CFD) are used, which allow visualizing the fields of speeds and pressures in a simulated form. With the comparison of the results of both models, conclusions will be drawn on the detail of the studied pathogen intrusion phenomenon. [Spanish] En el presente documento se describe una estrategia de modelacion del fenomeno hidrodinamico de la intrusion patogena en redes de distribucion de agua por combinacion de una rotura con una situacion de depresion. Este escenario sera modelado computacional y experimentalmente. El fenomeno que se desea representar con ambas simulaciones es el mismo: la entrada de un caudal externo a una conduccion para la que circula un caudal principal, denominado intrusion patogena, siempre y cuando el caudal principal sea agua potable. Para ello se dispone de un prototipo y un modelo computacional basado en la Dinamica de Fluidos Computacional (DFC de aqui en adelante), que permite visualizar los campos de velocidades y presiones de forma simulada. Con la comparacion de los resultados de ambos modelos se extraeran conclusiones sobre el detalle del fenomeno de la intrusion patogena estudiado.
Full Text Available for Anomaly–Based Network Intrusion Detection Using Cluster Validity Indices Tyrone Naidoo_, Jules–Raymond Tapamoy, Andre McDonald_ Modelling and Digital Science, Council for Scientific and Industrial Research, South Africa email@example.com 3...
Morgan, M.D.; Mehta, S.A.; Moore, R.G. [Calgary Univ., AB (Canada). Dept. of Chemical and Petroleum Engineering; Al-Himyary, T.J. [Al-Himyary Consulting Inc., Calgary, AB (Canada)
Flames have been known to occur within small diameter pipes operating under conditions of high turbulent flow. Although there are several methods of flame detection, few offer remote, non-line-of-site detection. In particular, combustion cannot be detected in cases where flammable mixtures are carried in flare lines, storage tank vents, air drilling or improperly designed purging operations. Combustion noise is being examined as a means to address this problem. A study was conducted in which flames within a small diameter tube were automatically detected using high speed pressure measurements and a newly developed algorithm. Commercially available, high-pressure, dynamic-pressure transducers were used for the measurements. The results of an experimental study showed that combustion noise can be distinguished from other sources of noise by its inverse power law relationship with frequency. This paper presented a newly developed algorithm which provides early detection of flames when combined with high-speed pressure measurements. The algorithm can also separate combustion noise automatically from other sources of noise when combined with other filters. In this study, the noise generated by a fluttering check valve was attenuated using a stop band filter. This detection method was found to be very reliable under the conditions tests, as long as there was no flow restriction between the sensor and the flame. A flow restriction would have resulted in the detection of only the strongest flame noise. It was shown that acoustic flame detection can be applied successfully in flare stacks, industrial burners and turbine combustors. It can be 15 times more sensitive than optical or electrical methods in diagnosing combustion problems with lean burning combustors. It may also be the only method available in applications that require remote, non-line-of-sight detection. 11 refs., 3 tabs., 15 figs.
Sun, Xuemei; Yan, Bo; Zhang, Xinzhong; Rong, Chuitian
Considering wireless sensor network characteristics, this paper combines anomaly and mis-use detection and proposes an integrated detection model of cluster-based wireless sensor network, aiming at enhancing detection rate and reducing false rate. Adaboost algorithm with hierarchical structures is used for anomaly detection of sensor nodes, cluster-head nodes and Sink nodes. Cultural-Algorithm and Artificial-Fish-Swarm-Algorithm optimized Back Propagation is applied to mis-use detection of Sink node. Plenty of simulation demonstrates that this integrated model has a strong performance of intrusion detection.
Wang, Wei; Liu, Jiqiang; Pitsilis, Georgios; Zhang, Xiangliang
detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We
Full Text Available Computer network traffic is analyzed via mutual information techniques, implemented using linear and nonlinear canonical correlation analyses, with the specific objective of detecting UDP flooding attacks. NS simulation of HTTP, FTP, and CBR traffic shows that flooding attacks are accompanied by a change of mutual information, either at the link being flooded or at another upstream or downstream link. This observation appears to be topology independent, as the technique is demonstrated on the so-called parking-lot topology, random 50-node topology, and 100-node transit-stub topology. This technique is also employed to detect UDP flooding with low false alarm rate on a backbone link. These results indicate that a change in mutual information provides a useful detection criterion when no other signature of the attack is available.
Full Text Available In this paper we are using UML (Unified Modeling Language which is the blueprint language between the programmers, analysts, and designer’s for easy representation of pictures or diagrammatic notation with some textual data. Here we are using UML 5.0 to show “prototype of the Intrusion Detection Model” and by explaining it by combining various parts by drawing various UML diagrams such as Use cases and Activity diagrams and Class Diagram using which we show forward engineering using the class diagram of the IDM( Intrusion Detection Model. IDM is a device or software that works on detecting malicious activities by unauthorized users that can cause breach to the security policy within a network.
Studies have shown that computer intrusions have been on the increase in recent times. Many techniques and patterns are being used by intruders to gain access to data on host computer networks. In this work, intrusion patterns were identified and classified and inherent knowledge were represented using an ontology of ...
Senger, Kim; Millett, John; Planke, Sverre; Ogata, Kei; Eide, Christian Haug; Festøy, Marte; Galland, Olivier; Jerram, Dougal A.
Igneous intrusions feature in many sedimentary basins where hydrocarbon exploration and production is continuing. Owing to distinct geophysical property contrasts with siliciclastic host rocks (e.g., higher Vp, density and resistivity than host rocks), intrusions can be easily delineated within data
Full Text Available This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks.
Full Text Available Non-intrusive electrocardiogram (ECG monitoring has many advantages: easy to measure and apply in daily life. However, motion noise in the measured signal is the major problem of non-intrusive measurement. This paper proposes a method to reduce the noise and to detect the R peaks of ECG in a stable manner in a sitting arrangement using non-intrusive sensors. The method utilizes two capacitive ECG sensors (cECGs to measure ECG, and another two cECGs located adjacent to the sensors for ECG are added to obtain the information on motion. Then, active noise cancellation technique and the motion information are used to reduce motion noise. To verify the proposed method, ECG was measured indoors and during driving, and the accuracy of the detected R peaks was compared. After applying the method, the sum of sensitivity and positive predictivity increased 8.39% on average and 26.26% maximally in the data. Based on the results, it was confirmed that the motion noise was reduced and that more reliable R peak positions could be obtained by the proposed method. The robustness of the new ECG measurement method will elicit benefits to various health care systems that require noninvasive heart rate or heart rate variability measurements.
Sumaiya Thaseen Ikram
Full Text Available Intrusion detection is very essential for providing security to different network domains and is mostly used for locating and tracing the intruders. There are many problems with traditional intrusion detection models (IDS such as low detection capability against unknown network attack, high false alarm rate and insufficient analysis capability. Hence the major scope of the research in this domain is to develop an intrusion detection model with improved accuracy and reduced training time. This paper proposes a hybrid intrusiondetection model by integrating the principal component analysis (PCA and support vector machine (SVM. The novelty of the paper is the optimization of kernel parameters of the SVM classifier using automatic parameter selection technique. This technique optimizes the punishment factor (C and kernel parameter gamma (γ, thereby improving the accuracy of the classifier and reducing the training and testing time. The experimental results obtained on the NSL KDD and gurekddcup dataset show that the proposed technique performs better with higher accuracy, faster convergence speed and better generalization. Minimum resources are consumed as the classifier input requires reduced feature set for optimum classification. A comparative analysis of hybrid models with the proposed model is also performed.
Generating capability for reliable, non-intrusive detection of concealed-contraband, particularly, organic contraband like explosives and narcotics, has become a national priority. This capability spans a spectrum of technologies. If a technology mission addressing the needs of a highly sophisticated technology like PFNA is set up, the capabilities acquired would be adequate to meet the requirements of many other sets of technologies. This forms the background of the Indian program for development of technologies relevant to reliable, non-intrusive, concealed contraband detection. One of the central themes of the technology development programs would be modularization of the neutron source and detector technologies, so that common elements can be combined in different ways for meeting a variety of application requirements. (author)
Atul Patel; Ruchi Kansara; Dr. Paresh Virparia
Today’s wireless networks are vulnerable in many ways including illegal use, unauthorized access, denial of service attacks, eavesdropping so called war chalking. These problems are one of the main issues for wider uses of wireless network. On wired network intruder can access by wire but in wireless it has possibilities to access the computer anywhere in neighborhood. However, securing MANETs is highly challenging issue due to their inherent characteristics. Intrusion detection is an importa...
CHITEA, Florina; GEORGESCU, Paul; IOANE, Dumitru
Abstract. Communities living in coastal areas depend in a great extent on the fresh water resources exploited from aquifers which are usually in a natural hydrodynamic equilibrium with the sea water. The contamination of fresh water with marine saltwater determines a significant increase in the aquifers electric conductivity, allowing an efficient application of resistivity methods in detecting and monitoring the marine intrusions. We present case studies from Romania (Costinesti and Vama Vec...
Full Text Available An explosive growth in the field of wireless sensor networks (WSNs has been achieved in the past few years. Due to its important wide range of applications especially military applications, environments monitoring, health care application, home automation, etc., they are exposed to security threats. Intrusion detection system (IDS is one of the major and efficient defensive methods against attacks in WSN. Therefore, developing IDS for WSN have attracted much attention recently and thus, there are many publications proposing new IDS techniques or enhancement to the existing ones. This paper evaluates and compares the most prominent anomaly-based IDS systems for hierarchical WSNs and identifying their strengths and weaknesses. For each IDS, the architecture and the related functionality are briefly introduced, discussed, and compared, focusing on both the operational strengths and weakness. In addition, a comparison of the studied IDSs is carried out using a set of critical evaluation metrics that are divided into two groups; the first one related to performance and the second related to security. Finally based on the carried evaluation and comparison, a set of design principles are concluded, which have to be addressed and satisfied in future research of designing and implementing IDS for WSNs.
Full Text Available We first propose an efficient communication optimization algorithm in smart grid. Based on the optimization algorithm, we propose an intrusion detection algorithm to detect malicious data and possible cyberattacks. In this scheme, each node acts independently when it processes communication flows or cybersecurity threats. And neither special hardware nor nodes cooperation is needed. In order to justify the feasibility and the availability of this scheme, a series of experiments have been done. The results show that it is feasible and efficient to detect malicious data and possible cyberattacks with less computation and communication cost.
McKay, Thomas D
This thesis examines the use of Non-intrusive Load Monitoring (NILM) in auxiliary shipboard systems, such as a low pressure air system, to determine the state of equipment in larger connected systems, such as the main propulsion engines...
Full Text Available An intrusion tolerant system (ITS is a network security system that is composed of redundant virtual servers that are online only in a short time window, called exposure time. The servers are periodically recovered to their clean state, and any infected servers are refreshed again, so attackers have insufficient time to succeed in breaking into the servers. However, there is a conflicting interest in determining exposure time, short for security and long for performance. In other words, the short exposure time can increase security but requires more servers to run in order to process requests in a timely manner. In this paper, we propose Duo, an ITS incorporated in SDN, which can reduce exposure time without consuming computing resources. In Duo, there are two types of servers: some servers with long exposure time (White server and others with short exposure time (Gray server. Then, Duo classifies traffic into benign and suspicious with the help of SDN/NFV technology that also allows dynamically forwarding the classified traffic to White and Gray servers, respectively, based on the classification result. By reducing exposure time of a set of servers, Duo can decrease exposure time on average. We have implemented the prototype of Duo and evaluated its performance in a realistic environment.
Meng, Weizhi; Li, Wenjuan; Kwok, Lam For
Network intrusion detection systems (NIDSs) which aim to identify various attacks, have become an essential part of current security infrastructure. In particular, signature-based NIDSs are being widely implemented in industry due to their low rate of false alarms. However, the signature matching...... this problem, packet filtration is a promising solution to reduce unwanted traffic. Motivated by this, in this work, a list-based packet filter was designed and an engineering method of combining both blacklist and whitelist techniques was introduced. To further secure such filters against IP spoofing attacks...... in traffic filtration as well as workload reduction, and is robust against IP spoofing attacks....
Cayo, Eber Huanca; Alfaro, Sadek Crisostomo Absi
Most of the inspection methods used for detection and localization of welding disturbances are based on the evaluation of some direct measurements of welding parameters. This direct measurement requires an insertion of sensors during the welding process which could somehow alter the behavior of the metallic transference. An inspection method that evaluates the GMA welding process evolution using a non-intrusive process sensing would allow not only the identification of disturbances during welding runs and thus reduce inspection time, but would also reduce the interference on the process caused by the direct sensing. In this paper a nonintrusive method for weld disturbance detection and localization for weld quality evaluation is demonstrated. The system is based on the acoustic sensing of the welding electrical arc. During repetitive tests in welds without disturbances, the stability acoustic parameters were calculated and used as comparison references for the detection and location of disturbances during the weld runs.
Ralf C. Staudemeyer
Full Text Available We claim that modelling network traffic as a time series with a supervised learning approach, using known genuine and malicious behaviour, improves intrusion detection. To substantiate this, we trained long short-term memory (LSTM recurrent neural networks with the training data provided by the DARPA / KDD Cup ’99 challenge. To identify suitable LSTM-RNN network parameters and structure we experimented with various network topologies. We found networks with four memory blocks containing two cells each offer a good compromise between computational cost and detection performance. We applied forget gates and shortcut connections respectively. A learning rate of 0.1 and up to 1,000 epochs showed good results. We tested the performance on all features and on extracted minimal feature sets respectively. We evaluated different feature sets for the detection of all attacks within one network and also to train networks specialised on individual attack classes. Our results show that the LSTM classifier provides superior performance in comparison to results previously published results of strong static classifiers. With 93.82% accuracy and 22.13 cost, LSTM outperforms the winning entries of the KDD Cup ’99 challenge by far. This is due to the fact that LSTM learns to look back in time and correlate consecutive connection records. For the first time ever, we have demonstrated the usefulness of LSTM networks to intrusion detection.
National Aeronautics and Space Administration — ASRI proposes to develop an advanced and commercially viable Non-Intrusive Vibration Monitoring System (NI-VMS) which can provide effective on-line/off-line engine...
National Aeronautics and Space Administration — AI Signal Research, Inc. proposes to develop a Non-Intrusive Vibration Measurement System (NI-VMS) for turbopumps which will provide effective on-board/off-board...
National Aeronautics and Space Administration — The innovation is a Multi-Use Non-Intrusive Flow Characterization System (FCS) for densified, normal boiling point, and two-phase cryogenic flows, capable of...
Hortos, William S.
A wireless ad hoc sensor network is a configuration for area surveillance that affords rapid, flexible deployment in arbitrary threat environments. There is no infrastructure support and sensor nodes communicate with each other only when they are in transmission range. The nodes are severely resource-constrained, with limited processing, memory and power capacities and must operate cooperatively to fulfill a common mission in typically unattended modes. In a wireless sensor network (WSN), each sensor at a node can observe locally some underlying physical phenomenon and sends a quantized version of the observation to sink (destination) nodes via wireless links. Since the wireless medium can be easily eavesdropped, links can be compromised by intrusion attacks from nodes that may mount denial-of-service attacks or insert spurious information into routing packets, leading to routing loops, long timeouts, impersonation, and node exhaustion. A cross-layer design based on protocol-layer interactions is proposed for detection and identification of various intrusion attacks on WSN operation. A feature set is formed from selected cross-layer parameters of the WSN protocol to detect and identify security threats due to intrusion attacks. A separate protocol is not constructed from the cross-layer design; instead, security attributes and quantified trust levels at and among nodes established during data exchanges complement customary WSN metrics of energy usage, reliability, route availability, and end-to-end quality-of-service (QoS) provisioning. Statistical pattern recognition algorithms are applied that use observed feature-set patterns observed during network operations, viewed as security audit logs. These algorithms provide the "best" network global performance in the presence of various intrusion attacks. A set of mobile (software) agents distributed at the nodes implement the algorithms, by moving among the layers involved in the network response at each active node
Patanè, D; Barberi, G; Cocina, O; De Gori, P; Chiarabba, C
The continuous volcanic and seismic activity at Mount Etna makes this volcano an important laboratory for seismological and geophysical studies. We used repeated three-dimensional tomography to detect variations in elastic parameters during different volcanic cycles, before and during the October 2002-January 2003 flank eruption. Well-defined anomalous low P- to S-wave velocity ratio volumes were revealed. Absent during the pre-eruptive period, the anomalies trace the intrusion of volatile-rich (>/=4 weight percent) basaltic magma, most of which rose up only a few months before the onset of eruption. The observed time changes of velocity anomalies suggest that four-dimensional tomography provides a basis for more efficient volcano monitoring and short- and midterm eruption forecasting of explosive activity.
Tierney, Brian L; Vallentin, Matthias; Sommer, Robin; Lee, Jason; Leres, Craig; Paxson, Vern; Tierney, Brian
In this work we present a NIDS cluster as a scalable solution for realizing high-performance, stateful network intrusion detection on commodity hardware. The design addresses three challenges: (i) distributing traffic evenly across an extensible set of analysis nodes in a fashion that minimizes the communication required for coordination, (ii) adapting the NIDS's operation to support coordinating its low-level analysis rather than just aggregating alerts; and (iii) validating that the cluster produces sound results. Prototypes of our NIDS cluster now operate at the Lawrence Berkeley National Laboratory and the University of California at Berkeley. In both environments the clusters greatly enhance the power of the network security monitoring.
Nair, Binu M.; Santhaseelan, Varun; Cui, Chen; Asari, Vijayan K.
We present an object detection algorithm to automatically detect and identify possible intrusions such as construction vehicles and equipment on the regions designated as the pipeline right-of-way (ROW) from high resolution aerial imagery. The pipeline industry has buried millions of miles of oil pipelines throughout the country and these regions are under constant threat of unauthorized construction activities. We propose a multi-stage framework which uses a pyramidal template matching scheme in the local phase domain by taking a single high resolution training image to classify a construction vehicle. The proposed detection algorithm makes use of the monogenic signal representation to extract the local phase information. Computing the monogenic signal from a two dimensional object region enables us to separate out the local phase information (structural details) from the local energy (contrast) thereby achieving illumination invariance. The first stage involves the local phase based template matching using only a single high resolution training image in a local region at multiple scales. Then, using the local phase histogram matching, the orientation of the detected region is determined and a voting scheme gives a certain weightage to the resulting clusters. The final stage involves the selection of clusters based on the number of votes attained and using the histogram of oriented phase feature descriptor, the object is located at the correct orientation and scale. The algorithm is successfully tested on four different datasets containing imagery with varying image resolution and object orientation.
Aydin, K.; Shinde, S.; Suhail, M.; Vyas, A.; Zieher, K. W.
An acoustic pulse echo scheme for non-intrusive detection of flaws in metal pipelines has been investigated in the laboratory. The primary pulse is generated by a pulsed magnetic field enclosing a short section of a free pipe. The detection is by an electrostatic detector surrounding a short section of the pipe. Reflected pulses from thin areas, with a longitudinal extension of about one pipe radius and a reduction of the wall thickness of 40%, can be detected clearly.
To obtain an effective perimeter intrusion detection system requires careful sensor selection, procurement, and installation. The selection process involves a thorough understanding of the unique site features and how these features affect the performance of each type of sensor. It is necessary to develop procurement specifications to establish acceptable sensor performance limits. Careful explanation and inspection of critical installation dimensions is required during on-site construction. The implementation of these activities at a particular site is discussed
Tsai, F. T. C.; Pham, H. V.
Due to excessive groundwater withdrawals, many water wells in Baton Rouge, Louisiana experience undesirable chloride concentration because of saltwater intrusion. The study goal is to develop a conjunctive management framework that takes advantage of the Baton Rouge multi-aquifer system to mitigate saltwater intrusion. The conjunctive management framework utilizes several hydraulic control techniques to mitigate saltwater encroachment. These hydraulic control approaches include pumping well relocation, freshwater injection, saltwater scavenging, and their combinations. Specific objectives of the study are: (1) constructing scientific geologic architectures of the "800-foot" sand, the "1,000-foot" sand, the "1,200-foot" sand, the "1,500-foot" sand, the "1,700-foot" sand, and the "2,000-foot" sand, (2) developing scientific saltwater intrusion models for these sands. (3) using connector wells to draw native groundwater from one sand and inject to another sand to create hydraulic barriers to halt saltwater intrusion, (4) using scavenger wells or well couples to impede saltwater intrusion progress and reduce chloride concentration in pumping wells, and (5) reducing cones of depression by relocating and dispersing pumping wells to different sands. The study utilizes optimization techniques and newest LSU high performance computing (HPC) facilities to derive solutions. The conjunctive management framework serves as a scientific tool to assist policy makers to solve the urgent saltwater encroachment issue in the Baton Rouge area. The research results will help water companies as well as industries in East Baton Rouge Parish and neighboring parishes by reducing their saltwater intrusion threats, which in turn would sustain Capital Area economic development.
Information Impact: Journal of Information and Knowledge Management. Journal Home · ABOUT THIS JOURNAL · Advanced Search · Current Issue · Archives · Journal Home > Vol 2, No 1 (2011) >. Log in or Register to get access to full text downloads.
Corlis, N.E.; Johnson, C.S.
An Adaptive Intrusion Data System (AIDS) was developed to collect data from intrusion alarm sensors as part of an evaluation system to improve sensor performance. AIDS is a unique digital data compression, storage, and formatting system. It also incorporates a capability for video selection and recording for assessment of the sensors monitored by the system. The system is software reprogrammable to numerous configurations that may be utilized for the collection of environmental, bi-metal, analog, and video data. This manual covers the procedures for operating AIDS. Instructions are given to guide the operator in software programming and control option selections required to program AIDS for data collection. Software diagnostic programs are included in this manual as a method of isolating system problems
Louk, Maya; Lim, Hyotaek; Lee, HoonJae
There are many malware applications in Smartphone. Smartphone's users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone—whether for business or personal use—may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN) have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecti...
Guillemot, Ludivine; Galarneau, Anne; Vigier, Gérard; Abensur, Thierry; Charlaix, Élisabeth
Lyophobic heterogeneous systems (LHS) are made of mesoporous materials immersed in a non-wetting liquid. One application of LHS is the nonlinear damping of high frequency vibrations. The behaviour of LHS is characterized by P - ΔV cycles, where P is the pressure applied to the system, and ΔV its volume change due to the intrusion of the liquid into the pores of the material, or its extrusion out of the pores. Very few dynamic studies of LHS have been performed until now. We describe here a new apparatus that allows us to carry out dynamic intrusion/extrusion cycles with various liquid/porous material systems, controlling the temperature from ambient to 120 °C and the frequency from 0.01 to 20 Hz. We show that for two LHS: water/MTS and Galinstan/CPG, the energy dissipated during one cycle depends very weakly on the cycle frequency, in strong contrast to conventional dampers.
Full Text Available There are many malware applications in Smartphone. Smartphone’s users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone—whether for business or personal use—may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecting Smartphone and isolating malware and sending warning in the form of notification to the user about the danger in progress. In particular, (a MDTN process is possible and will be enabled for Smartphone environment. (b The methods are shown to be an advanced security for private sensitive data of the Smartphone user.
Louk, Maya; Lim, Hyotaek; Lee, HoonJae
There are many malware applications in Smartphone. Smartphone's users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone--whether for business or personal use--may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN) have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecting Smartphone and isolating malware and sending warning in the form of notification to the user about the danger in progress. In particular, (a) MDTN process is possible and will be enabled for Smartphone environment. (b) The methods are shown to be an advanced security for private sensitive data of the Smartphone user.
Kelly, A. P.; O'Driscoll, B.; Clay, P. L.; Burgess, R.
Layered intrusions host the world's largest known concentrations of the platinum-group elements (PGE). Emphasis has been attached to the role of halogen-bearing fluids in concentrating the precious metals, but whether this occurs at the magmatic stage, or via subsequent metasomatism, is actively debated. One obstacle to progress has been the analytical difficulty of measuring low abundances of the halogens in the cumulate products of layered intrusions. To elucidate the importance of the halogens in facilitating PGE-mineralisation, as well as fingerprint halogen provenance and assess the importance of halogen cycling in mafic magma systems more generally, a suite of samples encompassing different stages of activity of the Palaeogene Rum layered intrusion was investigated. Halogen abundances were measured by neutron irradiation noble gas mass spectrometric analysis, permitting the detection of relatively low (ppm-ppb) abundances of Cl, Br and I in mg-sized samples. The samples include PGE-enriched chromite seams, various cumulates (e.g., peridotites), picrites (approximating the Rum parental magma), and pegmatites representing volatile-rich melts that circulated the intrusion at a late-stage in its solidification history. The new data reveal that PGE-bearing chromite seams contain relatively low Cl concentrations (2-3 ppm), with high molar ratios of Br/Cl and I/Cl (0.005 and 0.009, respectively). The picrites and cumulates have Br/Cl and I/Cl ratios close to sub-continental lithospheric mantle values of approximately 0.0013 and 0.00002, respectively, and thus likely reflect the Rum magma source region. A positive correlation between Cl and Br signifies comparable partitioning behaviour in all samples. However, I is more variable, displaying a positive correlation with Cl for more primitive samples (e.g. picrite and peridotite), and seemingly decoupling from Br and Cl in chromite seams and pegmatites. The relative enrichment of I over Cl in the chromite seams points
Mowbray, Thomas J
A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a usef
Full Text Available A framework of non-intrusive polynomial chaos expansion method (PC was proposed to investigate the statistic characteristics of the response of structural-acoustic system containing random uncertainty. The PC method does not need to reformulate model equations, and the statistics of the response can be evaluated directly. The results show that compared to the direct Monte Carlo method (MCM based on the original numerical model, the PC method is effective and more efficient.
Wang, Bingjie; Pi, Shaohua; Sun, Qi; Jia, Bo
An improved classification algorithm that considers multiscale wavelet packet Shannon entropy is proposed. Decomposition coefficients at all levels are obtained to build the initial Shannon entropy feature vector. After subtracting the Shannon entropy map of the background signal, components of the strongest discriminating power in the initial feature vector are picked out to rebuild the Shannon entropy feature vector, which is transferred to radial basis function (RBF) neural network for classification. Four types of man-made vibrational intrusion signals are recorded based on a modified Sagnac interferometer. The performance of the improved classification algorithm has been evaluated by the classification experiments via RBF neural network under different diffusion coefficients. An 85% classification accuracy rate is achieved, which is higher than the other common algorithms. The classification results show that this improved classification algorithm can be used to classify vibrational intrusion signals in an automatic real-time monitoring system.
Hora, S.; Neill, R.; Williams, R.; Bauser, M.; Channell, J.
This paper focused on the possible approaches to evaluating the impacts of human intrusion on nuclear waste disposal. Several major issues were reviewed. First, it was noted that human intrusion could be addressed either quantitatively through performance assessments or qualitatively through design requirements. Second, it was decided that it was impossible to construct a complete set of possible future human intrusion scenarios. Third, the question of when the effect of possible human intrusion should be considered, before or after site selection was reviewed. Finally, the time frame over which human intrusion should be considered was discussed
Pol, Tejas R; Vandekar, Meghna; Patil, Anuradha; Desai, Sanjana; Shetty, Vikram; Hazarika, Saptarshi
The aim of present study was to investigate the difference of torque control during intrusive force on upper central incisors with normal, under and high torque in lingual and labial orthodontic systems through 3D finite element analysis. Six 3D models of an upper right central incisor with different torque were designed in Solid Works 2006. Software ANSYS Version 16.0 was used to evaluate intrusive force on upper central incisor model . An intrusive force of 0.15 N was applied to the bracket slot in different torque models and the displacements along a path of nodes in the upper central incisor was assessed. On application of Intrusive force on under torqued upper central incisor in Labial system produce labial crown movement but in Lingual system caused lingual movement in the apical and incisal parts. The same intrusive force in normal-torqued central incisor led to a palatal movement in apical and labial displacement of incisal edge in Lingual system and a palatal displacement in apical area and a labial movement in the incisal edge in Labial systemin. In overtorqued upper central incisor, the labial crown displacement in Labial system is more than Lingual system. In labial and lingual system on application of the same forces in upper central incisor with different inclinations showed different responses. The magnitudes of torque Loss during intrusive loads in incisors with normal, under and over-torque were higher in Labial system than Lingual orthodontic appliances. Key words: FEM, lingual orthodontics, intrusion, torque control, labial bracket systems.
Rowe, Neil C; Schiavo, Sandra
... critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders...
I Nyoman Trisna Wirawan
Pada penelitian ini akan dibahas mengenai penerapan naive bayes classifier dengan menggunakan pemilihan atribut berdasarkan pada korelasi serta preprocessing data dengan diskritisasi dengan menggunakan metode mean/standar deviasi untuk atribut kontinu dengan menggunakan 3-interval dan 5-interval. Hasil percobaan menunjukan bahwa penerapan naive bayes pada klasifikasi data yang telah melewati proses diskritisasi mampu memberikan akurasi hingga 89% dengan running time rata-rata adalah 31 detik.
Protocol Version 4 IPv4 Internet Protocol Version 6 IRC Internet Relay Chat LAN Local Area Network xv MiTM Man in the Middle MLD Multicast Listener...section. 1. Sniffing 2. Application Layer Attacks 3. Rogue Devices 4. Man In the Middle ( MITM ) 5. Flooding 6. Reconnaissance 7. Unauthorized access 8...the method by which worms find hosts may have to change. Man In The Middle ( MITM ) The general theory of the Man in the Middle ( MITM ) threat does not
Mechanics and its Applications, 340(1-3):388 – 394, 2004. ISSN 0378-4371.  Dawkins , Richard. The Selfish Gene . Oxford University Press, Oxford New...were considered but not chosen for this research assignment are: 31 • Gene Expression Programming  • Maximum Entropy Classifier Logistic...regression  • Naive Bayes Classifier  • Neural Networks  • Quadratic Discriminant Analysis • Binary Classifier Tree  Gene expression
and the value-focused method. Comparing results from the two evaluation methods, fallacies are revealed with 2 of the 5 notional weighting schemes...for them, because of their relentless support, love , and encouragement. I give a sincere thank you to my research advisor, Dr. Robert Mills, for his...though Ad- aBoost.BayesNet dominated the traditional PR space using a single curve approach. This evaluation fallacy has not been demonstrated prior to
monitoring. This analyzed payload is within the application layer of the OSI model . The analysis tries to establish whether or not the payload is...24 3.2.5 Model Drift Experiments...ADVERSARIAL ENVIRONMENTS (SPIE DSS 2014) .................................................. 58 APPENDIX C - EVALUATING MODEL DRIFT IN MACHINE LEARNING
Nutt, C.J.; Hofstra, A.H.
The Bald Mountain mining district has produced about 2 million ounces (Moz) of An. Geologic mapping, field relationships, geochemical data, petrographic observations, fluid inclusion characteristics, and Pb, S, O, and H isotope data indicate that An mineralization was associated with a reduced Jurassic intrusion. Gold deposits are localized within and surrounding a Jurassic (159 Ma) quartz monzonite porphyry pluton and dike complex that intrudes Cambrian to Mississippian carbonate and clastic rocks. The pluton, associated dikes, and An mineralization were controlled by a crustal-scale northwest-trending structure named the Bida trend. Gold deposits are localized by fracture networks in the pluton and the contact metamorphic aureole, dike margins, high-angle faults, and certain strata or shale-limestone contacts in sedimentary rocks. Gold mineralization was accompanied by silicification and phyllic alteration, ??argillic alteration at shallow levels. Although An is typically present throughout, the system exhibits a classic concentric geochemical zonation pattern with Mo, W, Bi, and Cu near the center, Ag, Pb, and Zn at intermediate distances, and As and Sb peripheral to the intrusion. Near the center of the system, micron-sized native An occurs with base metal sulfides and sulfosalts. In peripheral deposits and in later stages of mineralization, Au is typically submicron in size and resides in pyrite or arsenopyrite. Electron microprobe and laser ablation ICP-MS analyses show that arsenopyrite, pyrite, and Bi sulfide minerals contain 10s to 1,000s of ppm Au. Ore-forming fluids were aqueous and carbonic at deep levels and episodically hypersaline at shallow levels due to boiling. The isotopic compositions of H and O in quartz and sericite and S and Pb in sulfides are indicative of magmatic ore fluids with sedimentary sulfur. Together, the evidence suggests that Au was introduced by reduced S-bearing magmatic fluids derived from a reduced intrusion. The reduced
person operating on a host, e.g. identified by a login account; Systems: hardware, operating system; Network services (e.g. PKI, DNS); Applications...mobile-agent technology combined with network topology features. The Emerald environment is a distributed, scalable tool suite, for network surveillance...RAID ’99, Computer Networks, volume 34, number 4, 2000. 21. Source: http://www.sdl.sri.com/ emerald /project.html, 6-11-2000. 22. Lippmann
Fahrner, S.; Schaefer, D.; Wiegers, C.; Köber, R.; Dahmke, A.
A monitoring at geological CO2 storage sites has to meet environmental, regulative, financial and public demands and thus has to enable the detection of CO2 leakages. Current monitoring concepts for the detection of CO2 intrusion into freshwater aquifers located above saline storage formations in course of leakage events lack the identification of monitoring parameters. Their response to CO2 intrusion still has to be enlightened. Scenario simulations of CO2 intrusion in virtual synthetic aquifers are performed using the simulators PhreeqC and TOUGH2 to reveal relevant CO2-water-mineral interactions and multiphase behaviour on potential monitoring parameters. The focus is set on pH, total dissolved inorganic carbon (TIC) and the hydroelectric conductivity (EC). The study aims at identifying at which conditions the parameters react rapidly, durable and in a measurable degree. The depth of the aquifer, the mineralogy, the intrusion rates, the sorption specification and capacities, and groundwater flow velocities are varied in the course of the scenario modelling. All three parameters have been found suited in most scenarios. However, in case of a lack of calcite combined with low saturation of the water with respect to CO2 and shallow conditions, changes are close to the measurement resolution. Predicted changes in EC result from the interplay between carbonic acid production and its dissociation, and pH buffering by mineral dissolution. The formation of a discrete gas phase in cases of full saturation of the groundwater in confined aquifers illustrates the potential bipartite resistivity response: An increased hydroelectric conductivity at locations with dissolved CO2, and a high resistivity where the gas phase dominates the pore volume occupation. Increased hydrostatic pressure with depth and enhanced groundwater flow velocities enforce gas dissolution and diminish the formation of a discrete gas phase. Based on the results, a monitoring strategy is proposed which
Pihala, H. [VTT Energy, Espoo (Finland). Energy Systems
Non-intrusive appliance load monitoring (NIALM) is a fairly new method to estimate load profiles of individual electric appliances in a small building, like a household, by monitoring the whole load at a single point with one recording device without sub-meters. Appliances have special electrical characteristics, the positive and negative active and reactive power changes during the time they are switched on or off. These changes are called events and are detected with a monitoring device called an event recorder. Different NIALM-concepts developed in Europe and in the United States are generally discussed. The NIALM-concept developed in this study is based on a 3-phase, power quality monitoring kWh-meter and unique load identification algorithms. This modern kWh-meter with a serial data bus to a laptop personal computer is used as die event recorder. The NIALM-concept of this presentation shows for the first time how a kWh-meter can be used at the same time for billing, power quality and appliance end-use monitoring. An essential part of the developed NIALM-system prototype is the software of load identification algorithms which runs in an off-line personal computer. These algorithms are able to identify, with a certain accuracy, both two-state and multi-state appliances. This prototype requires manual-setup in which the naming of appliances is performed. The results of the prototype NIALMS were verified in a large, single family detached house and they were compared to the results of other prototypes in France and the United States, although this comparison is difficult because of different supply systems, appliance stock and number of tested sites. Different applications of NIALM are discussed. Gathering of load research data, verification of DSM-programs, home automation, failure analysis of appliances and security surveillance of buildings are interesting areas of NIALM. Both utilities and customers can benefit from these applications. It is possible to
Rudd, Kristen L; Alkon, Abbey; Yates, Tuppett M
This study examined children's parasympathetic nervous system (PNS) regulation, which was indexed by respiratory sinus arrhythmia (RSA) during rest, reactivity, and recovery episodes, and sex as moderators of predicted relations between observed intrusive parenting and later observer-rated child behavior problems. Child-caregiver dyads (N=250; 50% girls; 46% Latino/a) completed a series of laboratory assessments yielding independent measures of intrusive parenting at age 4, PNS regulation at age 6, and child behavior problems at age 8. Results indicated that intrusive parenting was related to more internalizing problems among boys who showed low RSA reactivity (i.e., PNS withdrawal from pre-startle to startle challenge), but RSA reactivity did not moderate this relation among girls. Interestingly, RSA recovery (i.e., PNS activation from startle challenge to post-startle) moderated these relations differently for boys and girls. For girls with relatively low RSA post-startle (i.e., less recovery), intrusive parenting was positively related to both internalizing and externalizing problems. However, the reverse was true for boys, such that there was a significant positive relation between intrusive parenting and later externalizing problems among boys who evidenced relatively high RSA post-startle (i.e., more recovery). Findings provide evidence for the moderation of intrusive caregiving effects by children's PNS regulation while highlighting the differential patterning of these relations across distinct phases of the regulatory response and as a function of child sex. Copyright © 2017 Elsevier Inc. All rights reserved.
Lusk, Steve [ViaSat Inc., Boston, MA (United States); Lawrence, David [Duke Energy, Charlotte, NC (United States); Suvana, Prakash [Southern California Edison, Rosemead, CA (United States)
The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and value of the system for the future.
Hieb, Jeffrey; Graham, James; Guan, Jian
This paper presents an ontological framework that permits formal representations of process control systems, including elements of the process being controlled and the control system itself. A fault diagnosis algorithm based on the ontological model is also presented. The algorithm can identify traditional process elements as well as control system elements (e.g., IP network and SCADA protocol) as fault sources. When these elements are identified as a likely fault source, the possibility exists that the process fault is induced by a cyber intrusion. A laboratory-scale distillation column is used to illustrate the model and the algorithm. Coupled with a well-defined statistical process model, this fault diagnosis approach provides cyber security enhanced fault diagnosis information to plant operators and can help identify that a cyber attack is underway before a major process failure is experienced.
Hernandez, B. C. B.
Degrading groundwater quality due to saltwater intrusion is one of the key challenges affecting many island aquifers. These islands hold limited capacity for groundwater storage and highly dependent on recharge due to precipitation. But its ease of use, natural storage and accessibility make it more vulnerable to exploitation and more susceptible to encroachment from its surrounding oceanic waters. Estimating the extent of saltwater intrusion and the state of groundwater resources are important in predicting and managing water supply options for the community. In Guimaras island, central Philippines, increasing settlements, agriculture and tourism are causing stresses on its groundwater resource. Indications of saltwater intrusion have already been found at various coastal areas in the island. A Geographic Information Systems (GIS)-based approach using the GALDIT index was carried out. This includes six parameters assessing the seawater intrusion vulnerability of each hydrogeologic setting: Groundwater occurrence, Aquifer hydraulic conductivity, Groundwater Level above sea, Distance to shore, Impact of existing intrusion and Thickness of Aquifer. To further determine the extent of intrusion, Landsat images of various thematic layers were stacked and processed for unsupervised classification and electrical resistivity tomography using a 28-electrode system with array lengths of 150 and 300 meters was conducted. The GIS index showed where the vulnerable areas are located, while the geophysical measurements and images revealed extent of seawater encroachment along the monitoring wells. These results are further confirmed by the measurements collected from the monitoring wells. This study presents baseline information on the state of groundwater resources and increase understanding of saltwater intrusion dynamics in island ecosystems by providing a guideline for better water resource management in the Philippines.
Konno, Yuichi; Daimaruya, Takayoshi; Iikubo, Masahiro; Kanzaki, Reiko; Takahashi, Ichiro; Sugawara, Junji; Sasano, Takashi
We have successfully treated skeletal open bite by intruding posterior teeth with the skeletal anchorage system. Our aim in this study was to morphologically and hemodynamically evaluate the changes in pulp tissues when molars are radically intruded. The mandibular fourth premolars of 9 adult beagle dogs were divided into 3 groups: a sham operated group (n = 6, 3 dogs), 4-month intrusion group (n = 6, 3 dogs), and a further 4-month retention group (n = 6, 3 dogs). We evaluated the morphological changes of the pulp and dentin-the amount of vacuolar degeneration in the odontoblast layer, the predentin width and nervous continuity in the pulp tissue, and the pulpal blood-flow response evoked by electrical stimulation in the dental pulp. Extreme molar intrusion with the skeletal anchorage system caused slight degenerative changes in the pulp tissue, followed by recovery after the orthodontic force was released. Circulatory system and nervous functions were basically maintained during the intrusion, although a certain level of downregulation was observed. These morphologic and functional regressive changes in the pulp tissue after molar intrusion improved during the retention period. Histologic changes and changes in pulpal blood flow and function are reversible, even during radical intrusion of molars.
This volume covers acoustic components, microwave/radar components, electro-optic barriers, electric field components, orientation components, ferrous metal detection components, proximity detection components, vibration detection components, seismic components, pressure-sensitive components, pressure mats, continuity components, electrical/magnetic switches, fire detection components, and mechanical contact switches
Lee, Chanyoung; Seong, Poong Hyun
One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is possible to
Lee, Chanyoung; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)
One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is
Todd Vollmer; Milos Manic
An enhanced version of an algorithm to provide anomaly based intrusion detection alerts for cyber security state awareness is detailed. A unique aspect is the training of an error back-propagation neural network with intrusion detection rule features to provide a recognition basis. Network packet details are subsequently provided to the trained network to produce a classification. This leverages rule knowledge sets to produce classifications for anomaly based systems. Several test cases executed on ICMP protocol revealed a 60% identification rate of true positives. This rate matched the previous work, but 70% less memory was used and the run time was reduced to less than 1 second from 37 seconds.
Ray, Loye Lynn
The need for detecting malicious behavior on a computer networks continued to be important to maintaining a safe and secure environment. The purpose of this study was to determine the relationship of multilayer feed forward neural network architecture to the ability of detecting abnormal behavior in networks. This involved building, training, and…
Brennan, James S [Rodeo, CA; Singh, Anup [Danville, CA; Throckmorton, Daniel J [Tracy, CA; Stamps, James F [Livermore, CA
Disclosed herein are portable and modular detection devices and systems for detecting electromagnetic radiation, such as fluorescence, from an analyte which comprises at least one optical element removably attached to at least one alignment rail. Also disclosed are modular detection devices and systems having an integrated lock-in amplifier and spatial filter and assay methods using the portable and modular detection devices.
LeChevallier, Mark W; Gullick, Richard W; Karim, Mohammad R; Friedman, Melinda; Funk, James E
The potential for public health risks associated with intrusion of contaminants into water supply distribution systems resulting from transient low or negative pressures is assessed. It is shown that transient pressure events occur in distribution systems; that during these negative pressure events pipeline leaks provide a potential portal for entry of groundwater into treated drinking water; and that faecal indicators and culturable human viruses are present in the soil and water exterior to the distribution system. To date, all observed negative pressure events have been related to power outages or other pump shutdowns. Although there are insufficient data to indicate whether pressure transients are a substantial source of risk to water quality in the distribution system, mitigation techniques can be implemented, principally the maintenance of an effective disinfectant residual throughout the distribution system, leak control, redesign of air relief venting, and more rigorous application of existing engineering standards. Use of high-speed pressure data loggers and surge modelling may have some merit, but more research is needed.
International Conference on Computational Intelligence and Natural Computing, volume 2, pages 413–416, June 2009. • Rung Ching Chen, Kai -Fan Cheng, and...Chia-Fen Hsieh . “Using rough set and support vector machine for network intrusion detection.” International Journal of Network Security & Its...intrusion detection using FP tree rules.” Journal Of Advanced Networking and Applications, 1(1):30–39, 2009. • Ming-Yang Su, Gwo-Jong Yu , and Chun-Yuen
Tian, Qing; Yang, Dan; Zhang, Yuan; Qu, Hongquan
This paper presents detection and recognition method to locate and identify harmful intrusions in the optical fiber pre-warning system (OFPS). Inspired by visual attention architecture (VAA), the process flow is divided into two parts, i.e., data-driven process and task-driven process. At first, data-driven process takes all the measurements collected by the system as input signals, which is handled by detection method to locate the harmful intrusion in both spatial domain and time domain. Then, these detected intrusion signals are taken over by task-driven process. Specifically, we get pitch period (PP) and duty cycle (DC) of the intrusion signals to identify the mechanical and manual digging (MD) intrusions respectively. For the passing vehicle (PV) intrusions, their strong low frequency component can be used as good feature. In generally, since the harmful intrusion signals only account for a small part of whole measurements, the data-driven process reduces the amount of input data for subsequent task-driven process considerably. Furthermore, the task-driven process determines the harmful intrusions orderly according to their severity, which makes a priority mechanism for the system as well as targeted processing for different harmful intrusion. At last, real experiments are performed to validate the effectiveness of this method.
Lu Zhigang; Wu Huan; Liu Baoxu
This paper first analyzes the present research state of IDS (intrusion detection system), classifies and compares existing methods. According to the problems existing in IDS, such as false-positives, false-negatives and low information visualization, this paper suggests a system named NAADS which supports multi data sources. Through a series of methods such as clustering analysis, association analysis and visualization, rate of detection and usability of NAADS are increased. (authors)
Full Text Available We consider a model mixing sharp and diffuse interface approaches for seawater intrusion phenomenons in confined and unconfined aquifers. More precisely, a phase field model is introduced in the boundary conditions on the virtual sharp interfaces. We thus include in the model the existence of diffuse transition zones but we preserve the simplified structure allowing front tracking. The three-dimensional problem then reduces to a two-dimensional model involving a strongly coupled system of partial differential equations of parabolic and elliptic type describing the evolution of the depth of the interface between salt- and freshwater and the evolution of the freshwater hydraulic head. Assuming a low hydraulic conductivity inside the aquifer, we prove the uniqueness of a weak solution for the model completed with initial and boundary conditions. Thanks to a generalization of a Meyer's regularity result, we establish that the gradient of the solution belongs to the space $L^r$, r>2. This additional regularity combined with the Gagliardo-Nirenberg inequality for r=4 allows to handle the nonlinearity of the system in the proof of uniqueness.
Hortos, William S.
In the author's previous work, a cross-layer protocol approach to wireless sensor network (WSN) intrusion detection an identification is created with multiple bio-inspired/evolutionary computational methods applied to the functions of the protocol layers, a single method to each layer, to improve the intrusion-detection performance of the protocol over that of one method applied to only a single layer's functions. The WSN cross-layer protocol design embeds GAs, anti-phase synchronization, ACO, and a trust model based on quantized data reputation at the physical, MAC, network, and application layer, respectively. The construct neglects to assess the net effect of the combined bioinspired methods on the quality-of-service (QoS) performance for "normal" data streams, that is, streams without intrusions. Analytic expressions of throughput, delay, and jitter, coupled with simulation results for WSNs free of intrusion attacks, are the basis for sensitivity analyses of QoS metrics for normal traffic to the bio-inspired methods.
includes Complex System SCILAB Toolbox, GraphViz, Igraph, NetDraw, Network Workbench, OpenDX, Prefuse, Sci² Tool, and Visualization Toolkit (VTK...Kits’ Capabilities Name Web Sites (all accessed 01/29/2014 Strengths Weaknesses Complex Systems SCILAB Tool http://www.randomfactory.com/openastro...osx/ scilab -info.html Measures graph parameters Academic Free License (AFL); works on UNIX and Windows; programming language is MATLAB; no
Heussen, Kai; Tyge, Emil; Kosek, Anna Magdalena
by a mix of physical system parameters, exogenous influences, user behaviour and preferences, which can be characterized by unstructured models such as a time-varying finite impulse response. In this study, which is based on field data, it is shown how this characteristic response behaviours can...
Syrine Chatti; Habib Ounelli
The cloud computing is a paradigm for large scale distributed computing that includes several existing technologies. A database management is a collection of programs that enables you to store, modify and extract information from a database. Now, the database has moved to cloud computing, but it introduces at the same time a set of threats that target a cloud of database system. The unification of transaction based application in these environments present also a set of vulnerabilities and th...
Sun, Y. & Yu, X.
This paper describes an in-vehicle nonintrusive biopotential measurement system for driver health monitoring and fatigue detection. Previous research has found that the physiological signals including eye features, electrocardiography (ECG), electroencephalography (EEG) and their secondary
... Estimated Costs to Remediate Existing Sites Exceed Current Funding Levels, and More Sites are Expected to Be.... Methods for incorporating vapor intrusion into the HRS while, to the extent possible, maintaining the... will also be able to sign up for a mailing list that will be used to distribute logistical information...
朱文杰; 王强; 翟献军
在传统基于SVM的入侵检测中,核函数构造和特征选择采用先验知识,普遍存在准确度不高、效率低下的问题.通过信息熵理论与SVM算法相结合的方法改进为基于信息熵的SVM入侵检测算法,可以提高入侵检测的准确性,提升入侵检测的效率.基于信息熵的SVM入侵检测算法包括两个方面:一方面,根据样本包含的用户信息熵和方差,将样本特征统一,以特征是否属于置信区间来度量.将得到的样本特征置信向量作为SVM核函数的构造参数,既可保证训练样本集与最优分类面之间的对应关系,又可得到入侵检测需要的最大分类间隔；另一方面,将样本包含的用户信息量作为度量大幅度约简样本特征子集,不但降低了样本计算规模,而且提高了分类器的训练速度.实验表明,该算法在入侵检测系统中的应用优于传统的SVM算法.%In traditional SVM based intrusion detection approaches,both core function construction and feature selection use prior knowdege.Due to this,they are not only inefficient but also inaccurate.It is observed that integrating information entropy theory into SVM-based intrusion detection can enhance both the precision and the speed.Concludely speaking,SVM-based entropy intrusion detection algorithms are made up of two aspects:on one hand,setting sample confidence vector as core function's constructor of SVM algorithm can guarantee the mapping relationship between training sample and optimization classification plane.Also,the intrusion detection's maximum interval can be acquired.On the other hand,simplifying feature subset with samples's entropy as metric standard can not only shrink the computing scale but also improve the speed.Experiments prove that the SVM based entropy intrusion detection algoritm outperfomrs other tradional algorithms.
Qu, Hongquan; Yuan, Shijiao; Wang, Yanping; Yang, Dan
To improve the recognition performance of optical fiber prewarning system (OFPS), this study proposed a hierarchical recognition algorithm (HRA). Compared with traditional methods, which employ only a complex algorithm that includes multiple extracted features and complex classifiers to increase the recognition rate with a considerable decrease in recognition speed, HRA takes advantage of the continuity of intrusion events, thereby creating a staged recognition flow inspired by stress reaction. HRA is expected to achieve high-level recognition accuracy with less time consumption. First, this work analyzed the continuity of intrusion events and then presented the algorithm based on the mechanism of stress reaction. Finally, it verified the time consumption through theoretical analysis and experiments, and the recognition accuracy was obtained through experiments. Experiment results show that the processing speed of HRA is 3.3 times faster than that of a traditional complicated algorithm and has a similar recognition rate of 98%. The study is of great significance to fast intrusion event recognition in OFPS.
Covers research in semiconductor detector and integrated circuit design in the context of medical imaging using ionizing radiation. This book explores other applications of semiconductor radiation detection systems in security applications such as luggage scanning, dirty bomb detection and border control.
Tan, Zhiyuan; Jamdagni, Aruna; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping; Jia, Wenjing; Yeh, Wei-chang
Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This
Bozeman, Richard J., Jr.
Sustained vibrations at two critical frequencies trigger diagnostic response or shutdown. Vibration-analyzing electronic system detects instabilities of combustion in rocket engine. Controls pulse-mode firing of engine and identifies vibrations above threshold amplitude at 5.9 and/or 12kHz. Adapted to other detection and/or control schemes involving simultaneous real-time detection of signals above or below preset amplitudes at two or more specified frequencies. Potential applications include rotating machinery and encoders and decoders in security systems.
A π-zero meson detection system used for the measurement of charge exchange reaction is described. The detection of π-zero is made by observing the coincidence events of two gamma-ray emission following the decay of π-zero meson. The angles of the emitted gamma-rays are detected with a wire spark chamber system, and the energies of the gamma-rays are measured with hodoscope type lead glass Cherenkov counters. In front of the π-zero counter system, a lead converter is set, and the incident gamma-rays convert to electron positron pairs, which can be detected with the wire spark chambers. The system is a multi-track detection system. The high voltage pulser of the wire spark chamber system is a charge line thyratron pulser, and the chamber itself is a transmission line type. Read-out can be made by a mag-line system. Wave forms and efficiencies were measured. The three-track efficiency was about 90% by the condenser method and 95% by the charge line method. (Kato, T.)
Kim, Minyoung; Choi, Christopher Y; Gerba, Charles P
Assuming a scenario of a hypothetical pathogenic outbreak, we aimed this study at developing a decision-support model for identifying the location of the pathogenic intrusion as a means of facilitating rapid detection and efficient containment. The developed model was applied to a real sewer system (the Campbell wash basin in Tucson, AZ) in order to validate its feasibility. The basin under investigation was divided into 14 sub-basins. The geometric information associated with the sewer network was digitized using GIS (Geological Information System) and imported into an urban sewer network simulation model to generate microbial breakthrough curves at the outlet. A pre-defined amount of Escherichia coli (E. coli), which is an indicator of fecal coliform bacteria, was hypothetically introduced into 56 manholes (four in each sub-basin, chosen at random), and a total of 56 breakthrough curves of E. coli were generated using the simulation model at the outlet. Transport patterns were classified depending upon the location of the injection site (manhole), various known characteristics (peak concentration and time, pipe length, travel time, etc.) extracted from each E. coli breakthrough curve and the layout of sewer network. Using this information, we back-predicted the injection location once an E. coli intrusion was detected at a monitoring site using Artificial Neural Networks (ANNs). The results showed that ANNs identified the location of the injection sites with 57% accuracy; ANNs correctly recognized eight out of fourteen expressions with relying on data from a single detection sensor. Increasing the available sensors within the basin significantly improved the accuracy of the simulation results (from 57% to 100%). Copyright © 2013 Elsevier Ltd. All rights reserved.
Carver, D.W.; Whittaker, J.W.
An intrusion detector is provided for detecting a forcible entry into a secured structure while minimizing false alarms. The detector uses a piezoelectric crystal transducer to sense acoustic emissions. The transducer output is amplified by a selectable gain amplifier to control the sensitivity. The rectified output of the amplifier is applied to a Schmitt trigger circuit having a preselected threshold level to provide amplitude discrimination. Timing circuitry is provided which is activated by successive pulses from the Schmitt trigger which lie within a selected time frame for frequency discrimination. Detected signals having proper amplitude and frequency trigger an alarm within the first complete cycle time of a detected acoustical disturbance signal
McEvoy, Thomas Richard; Wolthusen, Stephen D.
Recent research on intrusion detection in supervisory data acquisition and control (SCADA) and DCS systems has focused on anomaly detection at protocol level based on the well-defined nature of traffic on such networks. Here, we consider attacks which compromise sensors or actuators (including physical manipulation), where intrusion may not be readily apparent as data and computational states can be controlled to give an appearance of normality, and sensor and control systems have limited accuracy. To counter these, we propose to consider indirect relations between sensor readings to detect such attacks through concurrent observations as determined by control laws and constraints.
Farrington, R.B.; Pruett, J.C. Jr.
A fault detecting apparatus and method are provided for use with an active solar system. The apparatus provides an indication as to whether one or more predetermined faults have occurred in the solar system. The apparatus includes a plurality of sensors, each sensor being used in determining whether a predetermined condition is present. The outputs of the sensors are combined in a pre-established manner in accordance with the kind of predetermined faults to be detected. Indicators communicate with the outputs generated by combining the sensor outputs to give the user of the solar system and the apparatus an indication as to whether a predetermined fault has occurred. Upon detection and indication of any predetermined fault, the user can take appropriate corrective action so that the overall reliability and efficiency of the active solar system are increased.
Dyakso Anindito Nugroho
Full Text Available The use of information technology gives the advantage of open access for its users, but a new problem arises that there is a threat from unauthorized users. Intrusion Detection System (IDS is applied to assist administrator to monitoring network security. IDS displays illegal access information in a raw form which is require more time to read the detected threats. This final project aims to design an IDS with web application which is made for pulling information on IDS sensor database, then processing and representing them in tables and graphs that are easy to understand. The web application also has IpTables firewall module to block attacker's IP address. The hardware used is Cisco IPS 4240, two computers Compaq Presario 4010F as client and gateway, and Cisco Catalyst 2960 switch. The software used is Ubuntu 12.0 LTS Precise operating system, BackTrack 5 R1 operating system, PHP 5.4 programming language, MySQL 5 database, and web-based system configuration tool Webmin. Testing is done using several BackTrack applications with the aim of Cisco IPS 4240 is capable of detecting accordance with the applicable rules. Each events of any attack attempt or threat was obtained from IDS sensor database in XML form. XML file is sent using Security Device Event Exchange (SDEE protocol. The web application is tested by looking at the output tables and graphs that displays the appropriate results of sensor detection. This study generated an intrusion detection system that is easier to monitor. Network packets copied by the Cisco 2960 switch and then forwarded to the sensor. Intruder detection is done by Cisco IPS 4240 sensor. Log detection processed by the web application into tables and graphs. Intrusion detection systems are intended to improve network security.
Reber, Edward L.; Blackwood, Larry G.; Edwards, Andrew J.; Jewell, J. Keith; Rohde, Kenneth W.; Seabury, Edward H.; Klinger, Jeffery B.
The Idaho Explosives Detection System was developed at the Idaho National Laboratory (INL) to respond to threats imposed by delivery trucks potentially carrying explosives into military bases. A full-scale prototype system has been built and is currently undergoing testing. The system consists of two racks, one on each side of a subject vehicle. Each rack includes a neutron generator and an array of NaI detectors. The two neutron generators are pulsed and synchronized. A laptop computer controls the entire system. The control software is easily operable by minimally trained staff. The system was developed to detect explosives in a medium size truck within a 5-min measurement time. System performance was successfully demonstrated with explosives at the INL in June 2004 and at Andrews Air Force Base in July 2004
Reber, Edward L. [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States)]. E-mail: firstname.lastname@example.org; Blackwood, Larry G. [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States); Edwards, Andrew J. [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States); Jewell, J. Keith [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States); Rohde, Kenneth W. [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States); Seabury, Edward H. [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States); Klinger, Jeffery B. [Idaho National Laboratory, 2525 N. Freemont Ave., Idaho Falls, ID 83415-2114 (United States)
The Idaho Explosives Detection System was developed at the Idaho National Laboratory (INL) to respond to threats imposed by delivery trucks potentially carrying explosives into military bases. A full-scale prototype system has been built and is currently undergoing testing. The system consists of two racks, one on each side of a subject vehicle. Each rack includes a neutron generator and an array of NaI detectors. The two neutron generators are pulsed and synchronized. A laptop computer controls the entire system. The control software is easily operable by minimally trained staff. The system was developed to detect explosives in a medium size truck within a 5-min measurement time. System performance was successfully demonstrated with explosives at the INL in June 2004 and at Andrews Air Force Base in July 2004.
Gurevich, A.; Kanda, V.; Sharp, B.; Lopez, A. [Advanced Measurement and Analysis Group Inc., ON (Canada); Gurevich, Y. [Daystar Technologies Inc., ON (Canada)
Ultrasonic cross correlation flow meters, are a non-intrusive flow measurement technology based on measurement of the transport velocity of turbulent structures, and have many advantages over other ultrasonic flow measurement methods. The cross correlation flow meter CROSSFLOW, produced and operated by the Canadian company Advanced Measurement and Analysis Group Inc., is used in nuclear power plants around the world, for various application. This paper describes the operating principals of the ultrasonic cross correlation flow meter, its advantages over other ultrasonic flow measurement methods, its application around the world. (author)
Denis Kent [Mine Site Technologies (Australia)
Mine Site Technologies (MST) with the support ACARP and Xstrata Coal NSW, as well as assistance from Centennial Coal, has developed a Proximity Detection System to proof of concept stage as per plan. The basic aim of the project was to develop a system to reduce the risk of the people coming into contact with vehicles in an uncontrolled manner (i.e. being 'run over'). The potential to extend the developed technology into other areas, such as controls for vehicle-vehicle collisions and restricting access of vehicle or people into certain zones (e.g. non FLP vehicles into Hazardous Zones/ERZ) was also assessed. The project leveraged off MST's existing Intellectual Property and experience gained with our ImPact TRACKER tagging technology, allowing the development to be fast tracked. The basic concept developed uses active RFID Tags worn by miners underground to be detected by vehicle mounted Readers. These Readers in turn provide outputs that can be used to alert a driver (e.g. by light and/or audible alarm) that a person (Tag) approaching within their vicinity. The prototype/test kit developed proved the concept and technology, the four main components being: Active RFID Tags to send out signals for detection by vehicle mounted receivers; Receiver electronics to detect RFID Tags approaching within the vicinity of the unit to create a long range detection system (60 m to 120 m); A transmitting/exciter device to enable inner detection zone (within 5 m to 20 m); and A software/hardware device to process & log incoming Tags reads and create certain outputs. Tests undertaken in the laboratory and at a number of mine sites, confirmed the technology path taken could form the basis of a reliable Proximity Detection/Alert System.
Allan, C.J.; Bayly, J.G.
The gas detection system provides for the effective detection of gas leaks over a large area. It includes a laser which has a laser line corresponding to an absorption line of the gas to be detected. A He-Xe laser scans a number of retroreflectors which are strategically located around a D 2 O plant to detect H 2 S leaks. The reflected beam is focused by a telescope, filtered, and passed into an infrared detector. The laser may be made to emit two frequencies, one of which corresponds with an H 2 S absorption line; or it may be modulated on and off the H 2 S absorption line. The relative amplitude of the absorbed light will be a measure of the H 2 S present
Whole-rock oxygen isotope mapping provides a useful method for the delineation and quantitative evaluation of paleo-hydrothermal systems associated with syn-volcanic intrusions and volcanic-associated massive sulfide (VMS) deposits. During the course of a four-year study of regional alteration systems associated with VMS Deposits, four syn-volcanic intrusive complexes in Canada were mapped using stable isotope techniques. The complexes included Noranda, Quebec; Clifford-Ben Nevis, Ontario; Snow Lake, Manitoba, and Sturgeon Lake, Ontario. This study was regional in extent, involving large areas and large numbers of whole-rock samples: Noranda (625 km 2 ;≥600 samples, plus others (total = 1198); Sturgeon Lake (525 km 2 ; 452 samples); Clifford-Ben Nevis (160 km 2 ; 251 samples); and Snow Lake (84 km 2 ; 575 samples). Isotopic data on whole-rock carbonates and hydrous minerals were also collected. The regional isotopic studies were carried out in concert with other studies on mineral assemblages and mineral composition, and on associated intrusive and extrusive rocks. The Clifford-Ben Nevis area was selected as a control area, in as much as it contains no known VMS deposits; all other areas are well-known, productive VMS districts. Oxygen isotope maps are, in a sense, thermal maps, illustrating the paleo-distribution of heat and fluids, and offering a potential aid to exploration. The isotopic data may be contoured to reveal zones of 18 O depletion and enrichment, relative to unaltered rocks. Zones of δ 18 O≤60% comprise rocks that have reacted with seawater at high (e.g., 300+ o C) temperatures. The volume of foot-wall rocks isotopically-depleted by water/rock interaction during the life of one or more episodes of submarine hydrothermal activity is proportional to the amount of heat available from the syn-volcanic intrusive center. These altered rocks comprise the reaction zone often inferred to have supplied metals and other constituents for the VMS deposits
Nixon, K.V.; France, S.W.; Garcia, C.; Hastings, R.D.
A newly designed remote detection system has been developed at Los Alamos that allows the collection of high-resolution gamma-ray spectra and neutron data from a remote location. The system consists of the remote unit and a command unit. The remote unit collects data in a potentially hostile environment while the operator controls the unit by either radio or wire link from a safe position. Both units are battery powered and are housed in metal carrying cases
Blackmon, Fletcher A
A device and system to remotely detect vocalizations of speech. The skin located on the throat region of a speaking person or a reflective layer on the skin on the throat region vibrates in response to vocalizations of speech by the person...
Coulon, Romain; Kondrasovs, Vladimir; Boudergui, Karim; Normand, Stephane
To monitor radioactivity passing through a pipe or in a given container such as a train or a truck, radiation detection systems are commonly employed. These detectors could be used in a network set along the source track to increase the overall detection efficiency. However detection methods are based on counting statistics analysis. The method usually implemented consists in trigging an alarm when an individual signal rises over a threshold initially estimated in regards to the natural background signal. The detection efficiency is then proportional to the number of detectors in use, due to the fact that each sensor is taken as a standalone sensor. A new approach is presented in this paper taking into account the temporal periodicity of the signals taken by all distributed sensors as a whole. This detection method is not based only on counting statistics but also on the temporal series analysis aspect. Therefore, a specific algorithm is then developed in our lab for this kind of applications and shows a significant improvement, especially in terms of detection efficiency and false alarms reduction. We also plan on extracting information from the source vector. This paper presents the theoretical approach and some preliminary results obtain in our laboratory. (authors)
Singh, Jagdish P.; Yueh, Fang-Yu; Kalluru, Rajamohan R.; Harrison, Louie
An integrated fiber-optic Raman sensor has been designed for real-time, nonintrusive detection of liquid nitrogen in liquid oxygen (LOX) at high pressures and high flow rates in order to monitor the quality of LOX used during rocket engine ground testing. The integrated sensor employs a high-power (3-W) Melles Griot diode-pumped, solid-state (DPSS), frequency-doubled Nd:YAG 532- nm laser; a modified Raman probe that has built-in Raman signal filter optics; two high-resolution spectrometers; and photomultiplier tubes (PMTs) with selected bandpass filters to collect both N2 and O2 Raman signals. The PMT detection units are interfaced with National Instruments Lab- VIEW for fast data acquisition. Studies of sensor performance with different detection systems (i.e., spectrometer and PMT) were carried out. The concentration ratio of N2 and O2 can be inferred by comparing the intensities of the N2 and O2 Raman signals. The final system was fabricated to measure N2 and O2 gas mixtures as well as mixtures of liquid N2 and LOX
Vozňák, Miroslav; Řezáč, Filip
The paper deals with detection of threats in IP telephony, the authors developed a penetration testing system that is able to check up the level of protection from security threats in IP telephony. The SIP server is a key komponent of VoIP infrastructure and often becomes the aim of attacks and providers have to ensure the appropriate level of security. We have developed web-based penetration system which is able to check the SIP server if can face to the most common attacks.The d...
Moss, Thomas; Ihlefeld, Curtis; Slack, Barry
This system provides a portable means to detect gas flow through a thin-walled tube without breaking into the tubing system. The flow detection system was specifically designed to detect flow through two parallel branches of a manifold with only one inlet and outlet, and is a means for verifying a space shuttle program requirement that saves time and reduces the risk of flight hardware damage compared to the current means of requirement verification. The prototype Purge Vent and Drain Window Cavity Conditioning System (PVD WCCS) Flow Detection System consists of a heater and a temperature-sensing thermistor attached to a piece of Velcro to be attached to each branch of a WCCS manifold for the duration of the requirement verification test. The heaters and thermistors are connected to a shielded cable and then to an electronics enclosure, which contains the power supplies, relays, and circuit board to provide power, signal conditioning, and control. The electronics enclosure is then connected to a commercial data acquisition box to provide analog to digital conversion as well as digital control. This data acquisition box is then connected to a commercial laptop running a custom application created using National Instruments LabVIEW. The operation of the PVD WCCS Flow Detection System consists of first attaching a heater/thermistor assembly to each of the two branches of one manifold while there is no flow through the manifold. Next, the software application running on the laptop is used to turn on the heaters and to monitor the manifold branch temperatures. When the system has reached thermal equilibrium, the software application s graphical user interface (GUI) will indicate that the branch temperatures are stable. The operator can then physically open the flow control valve to initiate the test flow of gaseous nitrogen (GN2) through the manifold. Next, the software user interface will be monitored for stable temperature indications when the system is again at
Yamamoto, I.; Tomiyama, T.; Iga, Y.; Komatsubara, T.; Kanada, M.; Yamashita, Y.; Wada, T.; Furukawa, S.
We constructed the single particle detecting telescope system for detecting a fractionally charged particle. The telescope consists of position detecting counters, wall-less multi-cell chambers, single detecting circuits and microcomputer system as data I/0 processor. Especially, a frequency of double particle is compared the case of the single particle detecting with the case of an ordinary measurement
Kofi Afrifa Agyeman
Full Text Available The concern of energy price hikes and the impact of climate change because of energy generation and usage forms the basis for residential building energy conservation. Existing energy meters do not provide much information about the energy usage of the individual appliance apart from its power rating. The detection of the appliance energy usage will not only help in energy conservation, but also facilitate the demand response (DR market participation as well as being one way of building energy conservation. However, energy usage by individual appliance is quite difficult to estimate. This paper proposes a novel approach: an unsupervised disaggregation method, which is a variant of the hidden Markov model (HMM, to detect an appliance and its operation state based on practicable measurable parameters from the household energy meter. Performing experiments in a practical environment validates our proposed method. Our results show that our model can provide appliance detection and power usage information in a non-intrusive manner, which is ideal for enabling power conservation efforts and participation in the demand response market.
Pidlisecky, A; Moran, T; Hansen, B; Knight, R
We use electrical resistivity tomography to obtain a 6.8-km electrical resistivity image to a depth of approximately 150 m.b.s.l. along the coast of Monterey Bay. The resulting image is used to determine the subsurface distribution of saltwater- and freshwater-saturated sediments and the geologic controls on fluid distributions in the region. Data acquisition took place over two field seasons in 2011 and 2012. To maximize our ability to image both vertical and horizontal variations in the subsurface, a combination of dipole-dipole, Wenner, Wenner-gamma, and gradient measurements were made, resulting in a large final dataset of approximately 139,000 data points. The resulting resistivity section extends to a depth of 150 m.b.s.l., and is used, in conjunction with the gamma logs from four coastal monitoring wells to identify four dominant lithologic units. From these data, we are able to infer the existence of a contiguous clay layer in the southern portion of our transect, which prevents downward migration of the saltwater observed in the upper 25 m of the subsurface to the underlying freshwater aquifer. The saltwater and brackish water in the northern portion of the transect introduce the potential for seawater intrusion into the hydraulically connected freshwater aquifer to the south, not just from the ocean, but also laterally from north to south. © 2015, National Ground Water Association.
An arc fault detection system for use on ungrounded or high-resistance-grounded power distribution systems is provided which can be retrofitted outside electrical switchboard circuits having limited space constraints. The system includes a differential current relay that senses a current differential between current flowing from secondary windings located in a current transformer coupled to a power supply side of a switchboard, and a total current induced in secondary windings coupled to a load side of the switchboard. When such a current differential is experienced, a current travels through a operating coil of the differential current relay, which in turn opens an upstream circuit breaker located between the switchboard and a power supply to remove the supply of power to the switchboard. 1 fig.
Jha, Kamal N.
An arc fault detection system for use on ungrounded or high-resistance-grounded power distribution systems is provided which can be retrofitted outside electrical switchboard circuits having limited space constraints. The system includes a differential current relay that senses a current differential between current flowing from secondary windings located in a current transformer coupled to a power supply side of a switchboard, and a total current induced in secondary windings coupled to a load side of the switchboard. When such a current differential is experienced, a current travels through a operating coil of the differential current relay, which in turn opens an upstream circuit breaker located between the switchboard and a power supply to remove the supply of power to the switchboard.
With the goal of protecting computer and networked systems from various attacks, the following intrusion detection techniques were developed and tested using the 1998 and 2000 MIT Lincoln Lab Evaluation Data...
A counterbalanced radiation detection system is described comprising: (a) a stand; (b) a first radiation detector; (c) a first radiation detector arm means for tiltably connecting the first radiation detector with the stand; (d) a second radiation detector; (e) a second radiation detector arm means for tiltably connecting the second radiation detector with the stand, whereby the tilting angles of the radiation detector arm means define a distance between the radiation detectors; and (f) a torque transforming means connected between the first and second radiation detector arm means for transforming the torque created by one of the radiation detectors in a sense opposed to the torque created by the other radiation detector
Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.; Stallings, C.A.; Thompson, J.L.; Christoph, G.G.
An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. This activity is reflected in the system audit record, in the system vulnerability posture, and in other evidence found through active testing of the system. During the last several years we have implemented an automatic misuse detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter (NADIR). We are currently expanding NADIR to include processing of the Cray UNICOS operating system. This new component is called the UNICOS Realtime NADIR, or UNICORN. UNICORN summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. The first phase of UNICORN development is nearing completion, and will be operational in late 1994.
A circuit is disclosed that detects radiation transients and provides a clamping signal in response to each transient. The clamping signal is present from the time the transient rises above a given threshold level and for a known duration thereafter. The system includes radiation sensors, a blocking oscillator that generates a pulse in response to each sensor signal, and an output pulse duration control circuit. The oscillator pulses are fed simultaneously to the output pulse duration control circuit and to an OR gate, the output of which comprises the system output. The output pulse duration is controlled by the time required to magnetize a magnetic core to saturation in first one direction and then the other
Lefteri H. Tsoukalas; S.T. Revankar; X Wang; R. Sattuluri
The main goal of this research was to develop a method for detecting reactor system transients at the earliest possible time through a comprehensive experimental, testing and benchmarking program. This approach holds strong promise for developing new diagnostic technologies that are non-intrusive, generic and highly portable across different systems. It will help in the design of new generation nuclear power reactors, which utilize passive safety systems with a reliable and non-intrusive multiphase flow diagnostic system to monitor the function of the passive safety systems. The main objective of this research was to develop an improved fuzzy logic based detection method based on a comprehensive experimental testing program to detect reactor transients at the earliest possible time, practically at their birth moment. A fuzzy logic and neural network based transient identification methodology and implemented in a computer code called PROTREN was considered in this research and was compared with SPRT (Sequentially Probability Ratio Testing) decision and Bayesian inference. The project involved experiment, theoretical modeling and a thermal-hydraulic code assessment. It involved graduate and undergraduate students participation providing them with exposure and training in advanced reactor concepts and safety systems. In this final report, main tasks performed during the project period are summarized and the selected results are presented. Detailed descriptions for the tasks and the results are presented in previous yearly reports (Revankar et al 2003 and Revankar et al 2004).
intrusion has revolutionized orthodontic anchorage and biomechanics by making anchorage perfectly stable. This article addresses various conventional clinical intrusion mechanics and especially intrusion using mini-implants that have proven effective over the years for intrusion of maxillary anteriors.
One type of vapor intrusion is PVI, in which vapors from petroleum hydrocarbons such as gasoline, diesel, or jet fuel enter a building. Intrusion of contaminant vapors into indoor spaces is of concern.
Stucki, Reto A; Urwyler, Prabitha; Rampa, Luca; Müri, René; Mosimann, Urs P; Nef, Tobias
The number of older adults in the global population is increasing. This demographic shift leads to an increasing prevalence of age-associated disorders, such as Alzheimer's disease and other types of dementia. With the progression of the disease, the risk for institutional care increases, which contrasts with the desire of most patients to stay in their home environment. Despite doctors' and caregivers' awareness of the patient's cognitive status, they are often uncertain about its consequences on activities of daily living (ADL). To provide effective care, they need to know how patients cope with ADL, in particular, the estimation of risks associated with the cognitive decline. The occurrence, performance, and duration of different ADL are important indicators of functional ability. The patient's ability to cope with these activities is traditionally assessed with questionnaires, which has disadvantages (eg, lack of reliability and sensitivity). Several groups have proposed sensor-based systems to recognize and quantify these activities in the patient's home. Combined with Web technology, these systems can inform caregivers about their patients in real-time (e.g., via smartphone). We hypothesize that a non-intrusive system, which does not use body-mounted sensors, video-based imaging, and microphone recordings would be better suited for use in dementia patients. Since it does not require patient's attention and compliance, such a system might be well accepted by patients. We present a passive, Web-based, non-intrusive, assistive technology system that recognizes and classifies ADL. The components of this novel assistive technology system were wireless sensors distributed in every room of the participant's home and a central computer unit (CCU). The environmental data were acquired for 20 days (per participant) and then stored and processed on the CCU. In consultation with medical experts, eight ADL were classified. In this study, 10 healthy participants (6 women
Conrads, Paul; Edwin Roehl, Jr.
Natural-resource managers and stakeholders face difficult challenges when managing interactions between natural and societal systems. Potential changes in climate could alter interactions between environmental and societal systems and adversely affect the availability of water resources in many coastal communities. The availability of freshwater in coastal streams can be threatened by saltwater intrusion. Even though the collective interests and computer skills of the community of managers, scientists and other stakeholders are quite varied, there is an overarching need for equal access by all to the scientific knowledge needed to make the best possible decisions. This paper describes a decision support system, PRISM-2, developed to evaluate salinity intrusion due to potential climate change along the South Carolina coast in southeastern USA. The decision support system is disseminated as a spreadsheet application and integrates the output of global circulation models, watershed models and salinity intrusion models with real-time databases for simulation, graphical user interfaces, and streaming displays of results. The results from PRISM-2 showed that a 31-cm and 62-cm increase in sea level reduced the daily availability of freshwater supply to a coastal municipal intake by 4% and 12% of the time, respectively. Future climate change projections by a global circulation model showed a seasonal change in salinity intrusion events from the summer to the fall for the majority of events.
Smith, Timothy J; Bryant, Stephany
The Ferret workflow anomaly detection system project 2003-2004 has provided validation and anomaly detection in accredited workflows in secure knowledge management systems through the use of continuous, automated audits...
Beaujean, J.; Kemna, A.; Engesgaard, P. K.; Hermans, T.; Vandenbohede, A.; Nguyen, F.
While coastal aquifers are being stressed due to climate changes and excessive groundwater withdrawals require characterizing efficiently seawater intrusion (SWI) dynamics, production of geothermal energy is increasingly being used to hinder global warming. To study these issues, we need both robust measuring technologies and reliable predictions based on numerical models. SWI models are currently calibrated using borehole observations. Similarly, geothermal models depend mainly on the temperature field at few locations. Electrical resistivity tomography (ERT) can be used to improve these models given its high sensitivity to TDS and temperature and its relatively high lateral resolution. Inherent geophysical limitations, such as the resolution loss, can affect the overall quality of the ERT images and also prevent the correct recovery of the desired hydrochemical property. We present an uncoupled and coupled hydrogeophysical inversion to calibrate SWI and thermohydrogeologic models using ERT. In the SWI models, we demonstrate with two synthetic benchmarks (homogeneous and heterogeneous coastal aquifers) the ability of cumulative sensitivity-filtered ERT images using surface-only data to recover the hydraulic conductivity. Filtering of ERT-derived data at depth, where resolution is poorer, and the model errors make the dispersivity more difficult to estimate. In the coupled approach, we showed that parameter estimation is significantly improved because regularization bias is replaced by forward modeling only. Our efforts are currently focusing on applying the uncoupled/coupled approaches on a real life case study using field data from the site of Almeria, SE Spain. In the thermohydrogeologic models, the most sensitive hydrologic parameters responsible for heat transport are estimated from surface ERT-derived temperatures and ERT resistance data. A real life geothermal experiment that took place on the Campus De Sterre of Ghent University, Belgium and a synthetic
Inadvertent human intrusion has been an issue for the disposal of solid radioactive waste for many years. This paper discusses proposals for an approach for evaluating the radiological significance of human intrusion as put forward by ICRP with contribution from work at IAEA. The approach focuses on the consequences of the intrusion. Protective actions could, however, include steps to reduce the probability of human intrusion as well as the consequences. (author)
.... On the system side, survivability specifications can be defined by essential-service traces that map essential-service workflows, derived from user requirements, into system component dependencies...
Peirce, Anne Griswold
This paper focused on the possibility that intrusive thoughts (ITs) are a form of an evolutionary, adaptive, and complex strategy to prepare for and resolve stressful life events through schema formation. Intrusive thoughts have been studied in relation to individual conditions, such as traumatic stress disorder and obsessive-compulsive disorder. They have also been documented in the average person experiencing everyday stress. In many descriptions of thought intrusion, it is accompanied by thought suppression. Several theories have been put forth to describe ITs, although none provides a satisfactory explanation as to whether ITs are a normal process, a normal process gone astray, or a sign of pathology. There is also no consistent view of the role that thought suppression plays in the process. I propose that thought intrusion and thought suppression may be better understood by examining them together as a complex and adaptive mechanism capable of escalating in times of need. The ability of a biological mechanism to scale up in times of need is one hallmark of a complex and adaptive system. Other hallmarks of complexity, including self-similarity across scales, sensitivity to initial conditions, presence of feedback loops, and system oscillation, are also discussed in this article. Finally, I propose that thought intrusion and thought suppression are better described together as an oscillatory cycle.
The power system industry has been going through dynamic infrastructural and operational changes in recent years that have caused more prominent lightly damped electromechanical oscillations. Real-time monitoring of electromechanical oscillations is of great significance for power system operators;
Presentation of the information processing pipleline for detection including discussing of various issues and the use of mathematical modeling. A simple example of detection a signal in noise illustrated that simple modeling outperforms human visual and auditory perception. Particiants are going...... to discuss issues in detection which is followed by an auditory object recognition exercise. The results of the exercise and its relation to issues in the information processing pipleline is also discussed....
Bellino, Jason C.; Spechler, Rick M.
The U.S. Army Corps of Engineers (USACE) has proposed dredging a 13-mile reach of the St. Johns River navigation channel in Jacksonville, Florida, deepening it to depths between 50 and 54 feet below North American Vertical Datum of 1988. The dredging operation will remove about 10 feet of sediments from the surficial aquifer system, including limestone in some locations. The limestone unit, which is in the lowermost part of the surficial aquifer system, supplies water to domestic wells in the Jacksonville area. Because of density-driven hydrodynamics of the St. Johns River, saline water from the Atlantic Ocean travels upstream as a saltwater “wedge” along the bottom of the channel, where the limestone is most likely to be exposed by the proposed dredging. A study was conducted to determine the potential effects of navigation channel deepening in the St. Johns River on salinity in the adjacent surficial aquifer system. Simulations were performed with each of four cross-sectional, variable-density groundwater-flow models, developed using SEAWAT, to simulate hypothetical changes in salinity in the surficial aquifer system as a result of dredging. The cross-sectional models were designed to incorporate a range of hydrogeologic conceptualizations to estimate the effect of uncertainty in hydrogeologic properties. The cross-sectional models developed in this study do not necessarily simulate actual projected conditions; instead, the models were used to examine the potential effects of deepening the navigation channel on saltwater intrusion in the surficial aquifer system under a range of plausible hypothetical conditions. Simulated results for modeled conditions indicate that dredging will have little to no effect on salinity variations in areas upstream of currently proposed dredging activities. Results also indicate little to no effect in any part of the surficial aquifer system along the cross section near River Mile 11 or in the water-table unit along the cross
Xu, Haiyan; Xie, Yingjuan; Li, Min; Zhang, Zhuo; Zhang, Xuewu
Distributed fiber-optic vibration sensors receive extensive investigation and play a significant role in the sensor panorama. A fiber optic perimeter detection system based on all-fiber interferometric sensor is proposed, through the back-end analysis, processing and intelligent identification, which can distinguish effects of different intrusion activities. In this paper, an intrusion recognition based on the auditory selective attention mechanism is proposed. Firstly, considering the time-frequency of vibration, the spectrogram is calculated. Secondly, imitating the selective attention mechanism, the color, direction and brightness map of the spectrogram is computed. Based on these maps, the feature matrix is formed after normalization. The system could recognize the intrusion activities occurred along the perimeter sensors. Experiment results show that the proposed method for the perimeter is able to differentiate intrusion signals from ambient noises. What's more, the recognition rate of the system is improved while deduced the false alarm rate, the approach is proved by large practical experiment and project.
V. S. Matveeva
Full Text Available It is suggested to implement an intrusion prevention system based on the access control mechanism of Microsoft Windows operating system to restrict the execution of malicious code. Most of the existing computer security facilities use behavioral and heuristic analyses based on an undocumented method of system calls interception that is not an uniform approach in designing of proactive security mechanism. The IPS is portable among different versions of the OS because it is implemented with documented functions only, it does not need to be updated and uses less system resources in comparison with another protection systems. The system protects from zero-day malware and therefore prevents companies from online-banking fraud that is a very actual problem of information security nowadays.
T.B. Randrup; E.G. McPherson; L.R. Costello
Interference between trees and sewer systems is likely to occur in old systems and in cracked pipes. Factors that contribute to damage include old pipes with joints, shallow pipes, small-dimension pipes, and fast-growing tree species. Because roots are reported to cause >50% of all sewer blockages, costs associated with root removal from sewers is substantial. In...
Full Text Available Anomaly detection has been widely used in a variety of research and application domains, such as network intrusion detection, insurance/credit card fraud detection, health-care informatics, industrial damage detection, image processing and novel topic detection in text mining. In this paper, we focus on remote facilities management that identifies anomalous events in buildings by detecting anomalies in building electricity consumption data. We investigated five models within electricity consumption data from different schools to detect anomalies in the data. Furthermore, we proposed a hybrid model that combines polynomial regression and Gaussian distribution, which detects anomalies in the data with 0 false negative and an average precision higher than 91%. Based on the proposed model, we developed a data detection and visualization system for a facilities management company to detect and visualize anomalies in school electricity consumption data. The system is tested and evaluated by facilities managers. According to the evaluation, our system has improved the efficiency of facilities managers to identify anomalies in the data.
Mair, John L.; Farmer, G. Lang; Groves, David I.; Hart, Craig J.R.; Goldfarb, Richard J.
The type examples for the class of deposits termed intrusion-related gold systems occur in the Tombstone-Tungsten belt of Alaska and Yukon, on the eastern side of the Tintina gold province. In this part of the northern Cordillera, extensive mid-Cretaceous postcollisional plutonism took place following the accretion of exotic terranes to the continental margin. The most cratonward of the resulting plutonic belts comprises small isolated intrusive centers, with compositionally diverse, dominantly potassic rocks, as exemplified at Scheelite Dome, located in central Yukon. Similar to other spatially and temporally related intrusive centers, the Scheelite Dome intrusions are genetically associated with intrusion-related gold deposits. Intrusions have exceptional variability, ranging from volumetrically dominant clinopyroxene-bearing monzogranites, to calc-alkaline minettes and spessartites, with an intervening range of intermediate to felsic stocks and dikes, including leucominettes, quartz monzonites, quartz monzodiorites, and granodiorites. All rock types are potassic, are strongly enriched in LILEs and LREEs, and feature high LILE/HFSE ratios. Clinopyroxene is common to all rock types and ranges from salite in felsic rocks to high Mg augite and Cr-rich diopside in lamprophyres. Less common, calcic amphibole ranges from actinolitic hornblende to pargasite. The rocks have strongly radiogenic Sr (initial 87Sr/86Sr from 0.711-0.714) and Pb isotope ratios (206Pb/204Pb from 19.2-19.7), and negative initial εNd values (-8.06 to -11.26). Whole-rock major and trace element, radiogenic isotope, and mineralogical data suggest that the felsic to intermediate rocks were derived from mafic potassic magmas sourced from the lithospheric mantle via fractional crystallization and minor assimilation of metasedimentary crust. Mainly unmodified minettes and spessartites represent the most primitive and final phases emplaced. Metasomatic enrichments in the underlying lithospheric mantle
Faneca Sànchez, Marta; Bashar, Khairul; Janssen, Gijs; Vogels, Marjolein; Snel, Jan; Zhou, Yangxiao; Stuurman, Roelof J.; Oude Essink, Gualbert
Bangladesh is densely populated and it is expected that the population increases significantly in the coming decade, up to 60% more by 2050 according to IIASA (2013). Demand for drinking water will increase accordingly. These developments may cause significant changes in the hydrological system,
The Process Vacuum Liquid Detection interlock systems prevent intrusion of process liquids into the HEPA filters downstream of demisters No.6 and No.7 during Process Vacuum System operation. This prevents liquid intrusion into the filters, which could cause a criticality. The Safety Envelope (SE) includes the equipment, which detects the presence of liquids in the vacuum headers; isolates the filters; shuts down the vacuum pumps; and alarms the condition. This report identifies the equipment in the SE operating, maintenance, and surveillance procedures needed to maintain the SE equipment; and rationale for exclusion of some equipment and testing from the SE
Bauser, M.; Williams, R.
This paper addresses options for dealing with human intrusion in terms of performance requirements and repository siting and design requirements. Options are presented, along with the advantages and disadvantages of certain approaches. At the conclusion, a conceptual approach is offered emphasizing both the minimization of subjective judgements concerning future human activity, and specification of repository requirements to minimize the likelihood of human intrusion and any resulting, harmful effects should intrusion occur
Tim D. Hunt
Full Text Available The purpose of this work was to test the hypothesis: \\'Off-the-shelf domestic electricity meters can be utilised to assist in monitoring the wellbeing of elderly people\\'. Many studies have shown that it is, in theory, possible to use domestic electricity consumption to determine \\'activities of daily living\\' but the availability of systems for actual use is very limited. This work followed the Design Science Research Methodology to create a Java application running on the Google App Engine cloud service that interfaced with both electricity meters and voice and text services. The system was implemented and tested over a three month period with one older person and their carer. Results demonstrated that the technology readily succeeds in meeting the study\\'s initial objectives. The need for more sophisticated decision logic was apparent and a method to determine whether a home is currently occupied is likely to improve the ability to create more timely alerts.
Hubballi, Neminath; Biswas, Santosh; Roopa, S; Ratti, Ritesh; Nandi, Sukumar
Address Resolution Protocol (ARP) is used for determining the link layer or Medium Access Control (MAC) address of a network host, given its Internet Layer (IP) or Network Layer address. ARP is a stateless protocol and any IP-MAC pairing sent by a host is accepted without verification. This weakness in the ARP may be exploited by malicious hosts in a Local Area Network (LAN) by spoofing IP-MAC pairs. Several schemes have been proposed in the literature to circumvent these attacks; however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose a Discrete Event System (DES) approach for Intrusion Detection System (IDS) for LAN specific attacks which do not require any extra constraint like static IP-MAC, changing the ARP etc. A DES model is built for the LAN under both a normal and compromised (i.e., spoofed request/response) situation based on the sequences of ARP related packets. Sequences of ARP events in normal and spoofed scenarios are similar thereby rendering the same DES models for both the cases. To create different ARP events under normal and spoofed conditions the proposed technique uses active ARP probing. However, this probing adds extra ARP traffic in the LAN. Following that a DES detector is built to determine from observed ARP related events, whether the LAN is operating under a normal or compromised situation. The scheme also minimizes extra ARP traffic by probing the source IP-MAC pair of only those ARP packets which are yet to be determined as genuine/spoofed by the detector. Also, spoofed IP-MAC pairs determined by the detector are stored in tables to detect other LAN attacks triggered by spoofing namely, man-in-the-middle (MiTM), denial of service etc. The scheme is successfully validated in a test bed. Copyright © 2010 ISA. Published by Elsevier Ltd. All rights reserved.
Infectious agents or their constituent parts (antigens or nucleic acids) can be detected in fresh, frozen, or fixed tissues or other specimens, using a variety of direct or indirect assays. The assays can be modified to yield the greatest sensitivity and specificity but in most cases a particular m...
Abreu, M.A.N. de
Detection devices based on gaseous ionization are analysed, such as: electroscopes ionization chambers, proportional counters and Geiger-Mueller counters. Scintillation methods are also commented. A revision of the basic concepts in electronics is done and the main equipment for counting is detailed. In the study of gama spectrometry, scintillation and semiconductor detectors are analysed [pt
Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang
Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.
Waterhammer pressures were experienced during periodic starting of Residual Heat Removal (RHR) pumps at a nuclear plant. Prior to an analytical investigation careful analysis performed by plant engineers indicated that the spring effect of entrapped air in a heat exchanger resulted in water hammer due to check valve slam following flow reversal. In order to determine in more detail the values of pertinent parameters controlling this water hammer a hydraulic transient analysis was performed of the RHR piping system, including essential elements such as the pump, check valve, and heat exchanger. Using characteristic torque and pressure loss curves the motion of the check valve was determined. By comparing output of the water hammer analysis with site recordings of pump discharge pressure the computer model was calibrated, allowing for a realistic estimate of the quantity of entrapped air in the heat exchanger. (author)
Bryan, Eliza; Meredith, Karina T; Baker, Andy; Andersen, Martin S; Post, Vincent E A
This study investigates the inorganic and organic aspects of the carbon cycle in groundwaters throughout the freshwater lens and transition zone of a carbonate island aquifer and identifies the transformation of carbon throughout the system. We determined 14 C and 13 C carbon isotope values for both DIC and DOC in groundwaters, and investigated the composition of DOC throughout the aquifer. In combination with hydrochemical and 3 H measurements, the chemical evolution of groundwaters was then traced from the unsaturated zone to the deeper saline zone. The data revealed three distinct water types: Fresh (F), Transition zone 1 (T1) and Transition zone 2 (T2) groundwaters. The 3 H values in F and T1 samples indicate that these groundwaters are mostly modern. 14 C DOC values are higher than 14 C DIC values and are well correlated with 3 H values. F and T1 groundwater geochemistry is dominated by carbonate mineral recrystallisation reactions that add dead carbon to the groundwater. T2 groundwaters are deeper, saline and characterised by an absence of 3 H, lower 14 C DOC values and a different DOC composition, namely a higher proportion of Humic Substances relative to total DOC. The T2 groundwaters are suggested to result from either the slow circulation of water within the seawater wedge, or from old remnant seawater caused by past sea level highstands. While further investigations are required to identify the origin of the T2 groundwaters, this study has identified their occurrence and shown that they did not evolve along the same pathway as fresh groundwaters. This study has also shown that a combined approach using 14 C and 13 C carbon isotope values for both DIC and DOC and the composition of DOC, as well as hydrochemical and 3 H measurements, can provide invaluable information regarding the transformation of carbon in a groundwater system and the evolution of fresh groundwater recharge. Copyright © 2017 Elsevier B.V. All rights reserved.
Slocum, Alexander H.; Whittle, Andrew J.
Intermittent water supplies (IWS) deliver piped water to one billion people; this water is often microbially contaminated. Contaminants that accumulate while IWS are depressurized are flushed into customers’ homes when these systems become pressurized. In addition, during the steady-state phase of IWS, contaminants from higher-pressure sources (e.g., sewers) may continue to intrude where pipe pressure is low. To guide the operation and improvement of IWS, this paper proposes an analytic model relating supply pressure, supply duration, leakage, and the volume of intruded, potentially-contaminated, fluids present during flushing and steady-state. The proposed model suggests that increasing the supply duration may improve water quality during the flushing phase, but decrease the subsequent steady-state water quality. As such, regulators and academics should take more care in reporting if water quality samples are taken during flushing or steady-state operational conditions. Pipe leakage increases with increased supply pressure and/or duration. We propose using an equivalent orifice area (EOA) to quantify pipe quality. This provides a more stable metric for regulators and utilities tracking pipe repairs. Finally, we show that the volume of intruded fluid decreases in proportion to reductions in EOA. The proposed relationships are applied to self-reported performance indicators for IWS serving 108 million people described in the IBNET database and in the Benchmarking and Data Book of Water Utilities in India. This application shows that current high-pressure, continuous water supply targets will require extensive EOA reductions. For example, in order to achieve national targets, utilities in India will need to reduce their EOA by a median of at least 90%. PMID:29775462
Taylor, David D J; Slocum, Alexander H; Whittle, Andrew J
Intermittent water supplies (IWS) deliver piped water to one billion people; this water is often microbially contaminated. Contaminants that accumulate while IWS are depressurized are flushed into customers' homes when these systems become pressurized. In addition, during the steady-state phase of IWS, contaminants from higher-pressure sources (e.g., sewers) may continue to intrude where pipe pressure is low. To guide the operation and improvement of IWS, this paper proposes an analytic model relating supply pressure, supply duration, leakage, and the volume of intruded, potentially-contaminated, fluids present during flushing and steady-state. The proposed model suggests that increasing the supply duration may improve water quality during the flushing phase, but decrease the subsequent steady-state water quality. As such, regulators and academics should take more care in reporting if water quality samples are taken during flushing or steady-state operational conditions. Pipe leakage increases with increased supply pressure and/or duration. We propose using an equivalent orifice area (EOA) to quantify pipe quality. This provides a more stable metric for regulators and utilities tracking pipe repairs. Finally, we show that the volume of intruded fluid decreases in proportion to reductions in EOA. The proposed relationships are applied to self-reported performance indicators for IWS serving 108 million people described in the IBNET database and in the Benchmarking and Data Book of Water Utilities in India. This application shows that current high-pressure, continuous water supply targets will require extensive EOA reductions. For example, in order to achieve national targets, utilities in India will need to reduce their EOA by a median of at least 90%.
Morris, Christopher L.; Makela, Mark F.
Techniques, apparatus and systems for detecting particles such as muons and neutrons. In one implementation, a particle detection system employs a plurality of drift cells, which can be for example sealed gas-filled drift tubes, arranged on sides of a volume to be scanned to track incoming and outgoing charged particles, such as cosmic ray-produced muons. The drift cells can include a neutron sensitive medium to enable concurrent counting of neutrons. The system can selectively detect devices or materials, such as iron, lead, gold, uranium, plutonium, and/or tungsten, occupying the volume from multiple scattering of the charged particles passing through the volume and can concurrently detect any unshielded neutron sources occupying the volume from neutrons emitted therefrom. If necessary, the drift cells can be used to also detect gamma rays. The system can be employed to inspect occupied vehicles at border crossings for nuclear threat objects.
In spectrophotometry systems, a usual arrangement for modulating the radiation is a rotating disc having one or more sectors removed. A beam of radiation may be blocked by the disc except when a cut-away sector is in the path of the beam. With a double-beam system, a cut-away sector of 180 0 may be used so that when the first path is blocked, the second is allowed through, and vice versa. One or both sides of the disc may be formed as mirrors to facilitate beam switching and to allow use of more than two beams for background compensation purposes or for analysis of more than one substance within a sample. (G.T.H.)
A system for obtaining improved resolution in relatively thick semiconductor radiation detectors, such as HgI/sub 2/, which exhibit significant hole trapping. Two amplifiers are used: the first measures the charge collected and the second the contribution of the electrons to the charge collected. The outputs of the two amplifiers are utilized to unfold the total charge generated within the detector in response to a radiation event.
Yoshita, Takashi; Ishihara, Yoshinao; Ishiguro, Katsuhiko; Ohi, Takao; Nakajima, Kunihiko
Corrosion of the carbon steel overpack leads to a volume expansion since the specific gravity of corrosion products is smaller than carbon steel. The buffer material is compressed due to the corrosive swelling, reducing its thickness and porosity. On the other hand, buffer material may be extruded into fractures of the surrounding rock and this may lead to a deterioration of the planned functions of the buffer, including retardation of nuclides migration and colloid filtration. In this study, the sensitivity analyses for the effect of volume expansion and intrusion of the buffer material on nuclide migration in the engineering barrier system are carried out. The sensitivity analyses were performed on the decrease in the thickness of the buffer material in the radial direction caused by the corrosive swelling, and the change in the porosity and dry density of the buffer caused by both compacting due to corrosive swelling and intrusion of buffer material. As results, it was found the maximum release rates of relatively shorter half-life nuclides from the outside of the buffer material decreased for taking into account of a volume expansion due to overpack corrosion. On the other hand, the maximum release rates increased when the intrusion of buffer material was also taking into account. It was, however, the maximum release rates of longer half-life nuclides, such as Cs-137 and Np-237, were insensitive to the change of buffer material thickness, and porosity and dry density of buffer. (author)
Leli Yuniarsari; Istofa; Sukandar
Is part of radiation detection of the nuclear facilities engineering activities within nuclear facilities. The system comprised of gamma-ray radiation detector and weather detection which includes anemometer to detect the wind direction and speed, as well as rain gauge to measure the rainfall in a period of time. Data acquisition of the output is processed by Arduino Uno system which transformed the data into a particular standard and then displayed online in the website. The radiation detection system uses gamma-ray detector of NaI(Tl) and GM which convert the radiation detected into electric pulse to be fed into a pre-amp and amplifier and modified into square pulse. The weather detection system on the other hand works based on switch principle. For example, the wind with a certain speed could turn on a switch in the system and produce a voltage or pulse which can be measured. This value will then be interpreted as the wind direction and speed. Likewise for the rainfall gauge, the volume of water entering the bucket will turn the switch on, at the same time producing 1 pulse. The result of the experiment shows that for radiation detection system the output is a square pulse 4 volts by using detector NaI(Tl) and 4.4 volts by using detector GM. For weather detection system, basically was able to detect the wind direction, wind speed and rainfall just to find out further research is needed accuracy and the results compared with the standard tools available in BMKG. (author)
Nowicki, Michał; Szewczyk, Roman
This paper presents the application of a weak magnetic fields magnetovision scanning system for detection of dangerous ferromagnetic objects. A measurement system was developed and built to study the magnetic field vector distributions. The measurements of the Earth's field distortions caused by various ferromagnetic objects were carried out. The ability for passive detection of hidden or buried dangerous objects and the determination of their location was demonstrated.
Full Text Available This paper presents the application of a weak magnetic fields magnetovision scanning system for detection of dangerous ferromagnetic objects. A measurement system was developed and built to study the magnetic field vector distributions. The measurements of the Earth’s field distortions caused by various ferromagnetic objects were carried out. The ability for passive detection of hidden or buried dangerous objects and the determination of their location was demonstrated.
The spread of 1-10Gbps technology has in recent years paved the way to a flourishing landscape of new, high-bandwidth Internet services. As users, we depend on the Internet in our daily life for simple tasks such as checking e-mails, but also for managing private and financial information. However,
Today, virtually every company world-wide is connected to the Internet. This wide-spread connectivity has given rise to sophisticated, targeted, Internet-based attacks. For example, between 2012 and 2013 security researchers counted an average of about 74 targeted attacks per day. These attacks are motivated by economical, financial, or political interests and commonly referred to as “Advanced Persistent Threat (APT)” attacks. Unfortunately, many of these attacks are successful and the advers...
Sperotto, Anna; Pras, Aiko
The spread of 1-10 Gbps technology has in recent years paved the way to a flourishing landscape of new, high-bandwidth Internet services.At the same time, we have also observed increasingly frequent and widely diversified attacks. To this threat, the research community has answered with a growing
Jesus Mora-Rodriguez, P. Amparo López-Jimenez, Helena M. Ramos
Intrusion through leaks occurrence is a phenomenon when external fluid comes into water pipe systems. This phenomenon can cause contamination problems in drinking pipe systems. Hence, this paper focuses on the entry of external fluids across small leaks during normal operation conditions. This situation is especially important in elevated points of the pipe profile. Pressure variations can origin water volume losses and intrusion of contaminants into the drinking water pipes. This work focuse...
administrators dashboard , so that they can be effectively triaged, analyzed, and used to implement defensive actions to keep the network safe and...For the bank teller, some customers will require straight forward services (a quick deposit or cashing a check) while others will have questions or
Attacker FTPs Files Off- Site . . . . . . . . . . . . . . . . . . . 68 4.22. Background Scanner Activity . . . . . . . . . . . . . . . . . . . 69 4.23...Phishing with Plug and Play Exploit. In this attack, the at- tacker sets up a website offering the visitor free “ porn ” if they sign up. The user is allowed...to choose their own username and password. When a user from OSIS visits this site he supplies the same username and password that he uses to login to
IPsec has now become a standard information security technology throughout the Internet society. It provides a well-defined architecture that takes into account confidentiality, authentication, integrity, secure key exchange and protection mechanism against replay attack also. For the connectionless security services on packet basis, IETF IPsec Working Group has standardized two extension headers (AH&ESP), key exchange and authentication protocols. It is also working on l...
Ambusaidi, Mohammed A.; He, Xiangjian; Nanda, Priyadarsi; Tan, Zhiyuan
Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a
pertinent example of the application of Evolutionary Algorithms to pattern recognition comes from Radtke et al. . The authors apply Multi- Objective...J., T. Zseby, and B. Claise. S. Zander,” Requirements for IP Flow Information Export (IPFIX). Technical report, RFC 3917, October 2004.  Radtke ...hal.inria.fr/inria-00104200/en/.  Radtke , P.V.W., T. Wong, and R. Sabourin. “A multi-objective memetic al- gorithm for intelligent feature extraction
Full Text Available ]. Depending on the knowledge and equipment available to the hacker war driving can be done either with a great deal of stealth or not. The end point is that the hacker will connect to the access point with the least security settings. B. Honeypots Honey... pots are devices that were designed to be used on wired networks. The idea was that the honeypot would have a lower security protection than the rest of the machines on the network. A potential hacker would then target the honey pot first since...
Full Text Available Falls are a foremost source of injuries and hospitalization for seniors. The adoption of automatic fall detection mechanisms can noticeably reduce the response time of the medical staff or caregivers when a fall takes place. Smartphones are being increasingly proposed as wearable, cost-effective and not-intrusive systems for fall detection. The exploitation of smartphones’ potential (and in particular, the Android Operating System can benefit from the wide implantation, the growing computational capabilities and the diversity of communication interfaces and embedded sensors of these personal devices. After revising the state-of-the-art on this matter, this study develops an experimental testbed to assess the performance of different fall detection algorithms that ground their decisions on the analysis of the inertial data registered by the accelerometer of the smartphone. Results obtained in a real testbed with diverse individuals indicate that the accuracy of the accelerometry-based techniques to identify the falls depends strongly on the fall pattern. The performed tests also show the difficulty to set detection acceleration thresholds that allow achieving a good trade-off between false negatives (falls that remain unnoticed and false positives (conventional movements that are erroneously classified as falls. In any case, the study of the evolution of the battery drain reveals that the extra power consumption introduced by the Android monitoring applications cannot be neglected when evaluating the autonomy and even the viability of fall detection systems.
Luque, Rafael; Casilari, Eduardo; Morón, María-José; Redondo, Gema
Falls are a foremost source of injuries and hospitalization for seniors. The adoption of automatic fall detection mechanisms can noticeably reduce the response time of the medical staff or caregivers when a fall takes place. Smartphones are being increasingly proposed as wearable, cost-effective and not-intrusive systems for fall detection. The exploitation of smartphones' potential (and in particular, the Android Operating System) can benefit from the wide implantation, the growing computational capabilities and the diversity of communication interfaces and embedded sensors of these personal devices. After revising the state-of-the-art on this matter, this study develops an experimental testbed to assess the performance of different fall detection algorithms that ground their decisions on the analysis of the inertial data registered by the accelerometer of the smartphone. Results obtained in a real testbed with diverse individuals indicate that the accuracy of the accelerometry-based techniques to identify the falls depends strongly on the fall pattern. The performed tests also show the difficulty to set detection acceleration thresholds that allow achieving a good trade-off between false negatives (falls that remain unnoticed) and false positives (conventional movements that are erroneously classified as falls). In any case, the study of the evolution of the battery drain reveals that the extra power consumption introduced by the Android monitoring applications cannot be neglected when evaluating the autonomy and even the viability of fall detection systems.
Luque, Rafael; Casilari, Eduardo; Morón, María-José; Redondo, Gema
Falls are a foremost source of injuries and hospitalization for seniors. The adoption of automatic fall detection mechanisms can noticeably reduce the response time of the medical staff or caregivers when a fall takes place. Smartphones are being increasingly proposed as wearable, cost-effective and not-intrusive systems for fall detection. The exploitation of smartphones' potential (and in particular, the Android Operating System) can benefit from the wide implantation, the growing computational capabilities and the diversity of communication interfaces and embedded sensors of these personal devices. After revising the state-of-the-art on this matter, this study develops an experimental testbed to assess the performance of different fall detection algorithms that ground their decisions on the analysis of the inertial data registered by the accelerometer of the smartphone. Results obtained in a real testbed with diverse individuals indicate that the accuracy of the accelerometry-based techniques to identify the falls depends strongly on the fall pattern. The performed tests also show the difficulty to set detection acceleration thresholds that allow achieving a good trade-off between false negatives (falls that remain unnoticed) and false positives (conventional movements that are erroneously classified as falls). In any case, the study of the evolution of the battery drain reveals that the extra power consumption introduced by the Android monitoring applications cannot be neglected when evaluating the autonomy and even the viability of fall detection systems. PMID:25299953
Kent, P. J.; Fretwell, P.; Barrett, D. J.; Faulkner, D. A.
The report describes the results of a multi-year programme of research aimed at the development of an integrated multi-sensor perimeter detection system capable of being deployed at an operational site. The research was driven by end user requirements in protective security, particularly in threat detection and assessment, where effective capability was either not available or prohibitively expensive. Novel video analytics have been designed to provide robust detection of pedestrians in clutter while new radar detection and tracking algorithms provide wide area day/night surveillance. A modular integrated architecture based on commercially available components has been developed. A graphical user interface allows intuitive interaction and visualisation with the sensors. The fusion of video, radar and other sensor data provides the basis of a threat detection capability for real life conditions. The system was designed to be modular and extendable in order to accommodate future and legacy surveillance sensors. The current sensor mix includes stereoscopic video cameras, mmWave ground movement radar, CCTV and a commercially available perimeter detection cable. The paper outlines the development of the system and describes the lessons learnt after deployment in a pilot trial.
Benito-Saz, Maria A.; Parks, Michelle M.; Sigmundsson, Freysteinn; Hooper, Andrew; García-Cañada, Laura
After more than 200 years of quiescence, in July 2011 an intense seismic swarm was detected beneath the center of El Hierro Island (Canary Islands), culminating on 10 October 2011 in a submarine eruption, 2 km off the southern coast. Although the eruption officially ended on 5 March 2012, magmatic activity continued in the area. From June 2012 to March 2014, six earthquake swarms, indicative of magmatic intrusions, were detected underneath the island. We have studied these post-eruption intrusive events using GPS and InSAR techniques to characterize the ground surface deformation produced by each of these intrusions, and to determine the optimal source parameters (geometry, location, depth, volume change). Source inversions provide insight into the depth of the intrusions ( 11-16 km) and the volume change associated with each of them (between 0.02 and 0.13 km3). During this period, > 20 cm of uplift was detected in the central-western part of the island, corresponding to approximately 0.32-0.38 km3 of magma intruded beneath the volcano. We suggest that these intrusions result from deep magma migrating from the mantle, trapped at the mantle/lower crust discontinuity in the form of sill-like bodies. This study, using joint inversion of GPS and InSAR data in a post-eruption period, provides important insight into the characteristics of the magmatic plumbing system of El Hierro, an oceanic intraplate volcanic island.
This paper reports that gasoline and other petroleum products are leaking from underground storage tanks (USTs) at an alarming rate, seeping into soil and groundwater. Buried pipes are an even greater culprit, accounting for most suspected and detected leaks according to Environmental Protection Agency (EPA) estimates. In response to this problem, the EPA issued regulations setting standards for preventing, detecting, reporting, and cleaning up leaks, as well as fiscal responsibility. However, federal regulations are only a minimum; some states have cracked down even harder Plant managers and engineers have a big job ahead of them. The EPA estimates that there are more than 75,000 fuel USTs at US industrial facilities. When considering leak detection systems, the person responsible for making the decision has five primary choices: inventory reconciliation combined with regular precision tightness tests; automatic tank gauging; groundwater monitoring; interstitial monitoring of double containment systems; and vapor monitoring
Todt, W.H. Sr.
A neutron detection system for reactor control is described which is operable over a wide range of neutron flux levels. The system includes a fission type ionization chamber neutron detector, means for gamma and alpha signal compensation, and means for operating the neutron detector in the pulse counting mode for low neutron flux levels, and in the direct current mode for high neutron flux levels
Silva, Nuno; Shah, Vaibhav; Soares, João; Rodrigues, Helena
Anomalies on road pavement cause discomfort to drivers and passengers, and may cause mechanical failure or even accidents. Governments spend millions of Euros every year on road maintenance, often causing traffic jams and congestion on urban roads on a daily basis. This paper analyses the difference between the deployment of a road anomalies detection and identification system in a “conditioned” and a real world setup, where the system performed worse compared to the “conditioned” setup. It also presents a system performance analysis based on the analysis of the training data sets; on the analysis of the attributes complexity, through the application of PCA techniques; and on the analysis of the attributes in the context of each anomaly type, using acceleration standard deviation attributes to observe how different anomalies classes are distributed in the Cartesian coordinates system. Overall, in this paper, we describe the main insights on road anomalies detection challenges to support the design and deployment of a new iteration of our system towards the deployment of a road anomaly detection service to provide information about roads condition to drivers and government entities.
The design, fabrication, and testing of an automatic bacteria detection system with a zero-g capability and based on the filter-capsule approach is described. This system is intended for monitoring the sterility of regenerated water in a spacecraft. The principle of detection is based on measuring the increase in chemiluminescence produced by the action of bacterial porphyrins (i.e., catalase, cytochromes, etc.) on a luminol-hydrogen peroxide mixture. Since viable as well as nonviable organisms initiate this luminescence, viable organisms are detected by comparing the signal of an incubated water sample with an unincubated control. Higher signals for the former indicate the presence of viable organisms. System features include disposable sealed sterile capsules, each containing a filter membrane, for processing discrete water samples and a tape transport for moving these capsules through a processing sequence which involves sample concentration, nutrient addition, incubation, a 4 Molar Urea wash and reaction with luminol-hydrogen peroxide in front of a photomultiplier tube. Liquids are introduced by means of a syringe needle which pierces a rubber septum contained in the wall of the capsule. Detection thresholds obtained with this unit towards E. coli and S. marcescens assuming a 400 ml water sample are indicated.
Dudley, Kenneth L. (Inventor); Szatkowski, George N. (Inventor); Woodard, Marie (Inventor); Nguyen, Truong X. (Inventor); Ely, Jay J. (Inventor); Wang, Chuantong (Inventor); Mielnik, John J. (Inventor); Koppen, Sandra V. (Inventor); Smith, Laura J. (Inventor)
A lightning protection and detection system includes a non-conductive substrate material of an apparatus; a sensor formed of a conductive material and deposited on the non-conductive substrate material of the apparatus. The sensor includes a conductive trace formed in a continuous spiral winding starting at a first end at a center region of the sensor and ending at a second end at an outer corner region of the sensor, the first and second ends being open and unconnected. An electrical measurement system is in communication with the sensor and receives a resonant response from the sensor, to perform detection, in real-time, of lightning strike occurrences and damage therefrom to the sensor and the non-conductive substrate material.
Mogensen, Klaus Bo; Kutter, Jörg Peter
Optical detection schemes continue to be favoured for measurements in microfluidic systems. A selection of the latest progress mainly within the last two years is critically reviewed. Emphasis is on integrated solutions, such as planar waveguides, coupling schemes to the outside world, evanescent...... to ease commercialisation of the devices. This work will hopefully result in more commercial products that benefit from integrated optics, because the impact on commercial devices so far has been modest....
Cai, Hong; Song, Jian
The invention provides a rapid, sensitive and specific nucleic acid detection system which utilizes isothermal nucleic acid amplification in combination with a lateral flow chromatographic device, or DNA dipstick, for DNA-hybridization detection. The system of the invention requires no complex instrumentation or electronic hardware, and provides a low cost nucleic acid detection system suitable for highly sensitive pathogen detection. Hybridization to single-stranded DNA amplification products using the system of the invention provides a sensitive and specific means by which assays can be multiplexed for the detection of multiple target sequences.
Cai, Zengyu; Feng, Yuan; Liu, Shuru; Gan, Yong
Intelligent plan is a very important research in artificial intelligence, which has applied in network security. This paper proposes a new intrusion prevention model base on planning knowledge graph and discuses the system architecture and characteristics of this model. The Intrusion Prevention based on plan knowledge graph is completed by plan recognition based on planning knowledge graph, and the Intrusion response strategies and actions are completed by the hierarchical task network (HTN) planner in this paper. Intrusion prevention system has the advantages of intelligent planning, which has the advantage of the knowledge-sharing, the response focused, learning autonomy and protective ability.
McNeilly, David R.; Miller, William R.
Intruder-detection systems in which intruder-induced signals are transmitted through a medium also receive spurious signals induced by changes in a climatic condition affecting the medium. To combat this, signals received from the detection medium are converted to a first signal. The system also provides a reference signal proportional to climate-induced changes in the medium. The first signal and the reference signal are combined for generating therefrom an output signal which is insensitive to the climatic changes in the medium. An alarm is energized if the output signal exceeds a preselected value. In one embodiment, an acoustic cable is coupled to a fence to generate a first electrical signal proportional to movements thereof. False alarms resulting from wind-induced movements of the fence (detection medium) are eliminated by providing an anemometer-driven voltage generator to provide a reference voltage proportional to the velocity of wind incident on the fence. An analog divider receives the first electrical signal and the reference signal as its numerator and denominator inputs, respectively, and generates therefrom an output signal which is insensitive to the wind-induced movements in the fence.
login identity to the one under which the system call is executed, the parameters of the system call execution - file names including full path...Anomaly detection COAST-EIMDT Distributed on target hosts EMERALD Distributed on target hosts and security servers Signature recognition Anomaly...uses a centralized architecture, and employs an anomaly detection technique for intrusion detection. The EMERALD project  proposes a
This invention relates to an improved smoke-detection system of the ionization-chamber type. In the preferred embodiment, the system utilizes a conventional detector head comprising a measuring ionization chamber, a reference ionization chamber, and a normally non-conductive gas triode for discharging when a threshold concentration of airborne particulates is present in the measuring chamber. The improved system utilizes a measuring ionization chamber which is modified to minimize false alarms and reductions in sensitivity resulting from changes in ambient temperature. In the preferred form of the modification, an annular radiation shield is mounted about the usual radiation source provided to effect ionization in the measuring chamber. The shield is supported by a bimetallic strip which flexes in response to changes in ambient temperature, moving the shield relative to the source so as to vary the radiative area of the source in a manner offsetting temperature-induced variations in the sensitivity of the chamber. 8 claims, 7 figures
Adenin, Hasibah; Zahari, Rahimi; Lim, Tiong Hoo
The advancement of embedded system for detecting and preventing drowsiness in a vehicle is a major challenge for road traffic accident systems. To prevent drowsiness while driving, it is necessary to have an alert system that can detect a decline in driver concentration and send a signal to the driver. Studies have shown that traffc accidents usually occur when the driver is distracted while driving. In this paper, we have reviewed a number of detection systems to monitor the concentration of a car driver and propose a portable Driver Alertness Detection System (DADS) to determine the level of concentration of the driver based on pixelated coloration detection technique using facial recognition. A portable camera will be placed at the front visor to capture facial expression and the eye activities. We evaluate DADS using 26 participants and have achieved 100% detection rate with good lighting condition and a low detection rate at night.
Full Text Available This paper proposes statistical feature extraction methods combined with artificial intelligence (AI approaches for fault locations in non-intrusive single-line-to-ground fault (SLGF detection of low voltage distribution systems. The input features of the AI algorithms are extracted using statistical moment transformation for reducing the dimensions of the power signature inputs measured by using non-intrusive fault monitoring (NIFM techniques. The data required to develop the network are generated by simulating SLGF using the Electromagnetic Transient Program (EMTP in a test system. To enhance the identification accuracy, these features after normalization are given to AI algorithms for presenting and evaluating in this paper. Different AI techniques are then utilized to compare which identification algorithms are suitable to diagnose the SLGF for various power signatures in a NIFM system. The simulation results show that the proposed method is effective and can identify the fault locations by using non-intrusive monitoring techniques for low voltage distribution systems.
Recent international advice on the treatment of human intrusion in relation to the safety of radioactive waste repositories is reviewed. The outstanding issues which need to be resolved in order to establish an agreed international approach to assessing the consequences and judging the impact of human intrusion are summarized. Finally, a way forward towards an internationally agreed assessment approach is proposed. (author)
Recent exchange of operational safety experience among countries, within the framework of the IRS, revealed a noticeable increase in incidents involving foreign material intrusion (FMI) in nuclear power plant systems. These incidents appeared to have safety impact, sometimes widespread, on many systems and components, including the reactor core, control rods, the secondary side, and other support systems such as the electrical, air, and water systems. Notwithstanding the economic penalties and the operational problems that can arise from the FMI, many events indicated severe component damages, challenges to safety systems and to fuel integrity. Difficulties encountered with the removal of foreign material present further challenges due to the long term effects of such material remaining in the system and interacting with either fuel cladding, with the potential of releasing fission products in coolant systems, or with the system pressure boundary with the potential for material wear and sudden failure of the pressure boundary. The FMI topic was, therefore, one of a number of topics that was recommended by the TCM in 1996 for investigation. A consultant meeting was held at the IAEA during the period 14-18 April 1997 to address this topic. Figs
Brewin, Chris R.; Gregory, James D.; Lipton, Michelle; Burgess, Neil
Involuntary images and visual memories are prominent in many types of psychopathology. Patients with posttraumatic stress disorder, other anxiety disorders, depression, eating disorders, and psychosis frequently report repeated visual intrusions corresponding to a small number of real or imaginary events, usually extremely vivid, detailed, and with highly distressing content. Both memory and imagery appear to rely on common networks involving medial prefrontal regions, posterior regions in the medial and lateral parietal cortices, the lateral temporal cortex, and the medial temporal lobe. Evidence from cognitive psychology and neuroscience implies distinct neural bases to abstract, flexible, contextualized representations (C-reps) and to inflexible, sensory-bound representations (S-reps). We revise our previous dual representation theory of posttraumatic stress disorder to place it within a neural systems model of healthy memory and imagery. The revised model is used to explain how the different types of distressing visual intrusions associated with clinical disorders arise, in terms of the need for correct interaction between the neural systems supporting S-reps and C-reps via visuospatial working memory. Finally, we discuss the treatment implications of the new model and relate it to existing forms of psychological therapy. PMID:20063969
Farkas, T.; Pernicka, L.; Svec, A.
Illicit trafficking in nuclear materials (nuclear criminality) has become a problem, due to the circulation of a high number of radioactive sources caused by the changes of the organisational infrastructures to supervise these material within the successor states of the former Soviet Union. Aim of this paper is to point out the technical requirements and the practicability of an useful monitoring system at preselected traffic check points (railway and highway border crossings, industrial sites entry gates, international airports). The ITRAP lab test was designed to work as strict benchmark to qualify border monitoring systems 67 with very low false alarm rates, in addition the minimum sensitivity to give an alarm has been defined for fix-installed systems, pocket type and hand held instruments. For the neutron tests a special prepared Californium source ( 252 Cf) was used to simulate the weapons plutonium. The source is shielded against gamma radiation, use a moderator and provides the required neutron rate of 20000 n/s at 2 rn distance. To test the false alarm rate (rate of false positive ) the same test facility , under the same background conditions, was used but without a radioactive test source. The ITRAP lab tests for the fix-installed systems started at May 1998 and first results were given in September 1998. Only 2 of 14 fix-installed monitoring systems could fulfil the minimum requirement for neutron detection. 7 of 14 fix-installed monitoring systems (50%) passed the ITRAP lab test. The analytical method developed and used for certification of installed radiation monitors in the Slovak Institute of Metrology consists in measurement of radiation activity of selected radionuclide in defined conditions. (authors)
Brown, A. L.; Martin, J. B.; Screaton, E.; Spellman, P.; Gulley, J.
Springs located adjacent to rivers can serve as recharge points for aquifers when allogenic runoff increases river stage above the hydraulic head of the spring, forcing river water into the spring vent. Depending on relative compositions of the recharged water and groundwater, the recharged river water could be a source of dissolved trace metals to the aquifer, could mobilize solid phases such as metal oxide coatings, or both. Whether metals are mobilized or precipitated should depend on changes in redox and pH conditions as dissolved oxygen and organic carbon react following intrusion of the river water. To assess how river intrusion events affect metal cycling in springs, we monitored a small recharge event in April 2011 into Madison Blue Spring, which discharges to the Withlacoochee River in north-central Florida. Madison Blue Spring is the entrance to a phreatic cave system that includes over 7.8 km of surveyed conduits. During the event, river stage increased over base flow conditions for approximately 25 days by a maximum of 8%. Intrusion of the river water was monitored with conductivity, temperature and depth sensors that were installed within the cave system and adjacent wells. Decreased specific conductivity within the cave system occurred for approximately 20 days, reflecting the length of time that river water was present in the cave system. During this time, grab samples were collected seven times over a period of 34 days for measurements of major ion and trace metal concentrations at the spring vent and at Martz sink, a karst window connected to the conduit system approximately 150 meters from the spring vent. Relative fractions of surface water and groundwater were estimated based on Cl concentrations of the samples, assuming conservative two end-member mixing during the event. This mixing model indicates that maximum river water contribution to the groundwater system was approximately 20%. River water had concentrations of iron, manganese, and other
This report presents data from equipment tests and software development for the Thermal Animal Detection System (TADS) development project: 'Development of a method for estimating collision frequency between migrating birds and offshore wind turbines'. The technical tests were performed to investigate the performance of remote controlling, video file compression tool and physical stress of the thermal camera when operating outdoors and under the real time vibration conditions at a 2 MW turbine. Furthermore, experimental tests on birds were performed to describe the decreasing detectability with distance on free flying birds, the performance of the thermal camera during poor visibility, and finally, the performance of the thermal sensor software developed for securing high -quality data. In general, it can be concluded that the thermal camera and its related hardware and software, the TADS, are capable of recording migrating birds approaching the rotating blades of a turbine, even under conditions with poor visibility. If the TADS is used in a vertical viewing scenario it would comply with the requirements for a setup used for estimating the avian collision frequency at offshore wind turbines. (au)
This report presents data from equipment tests and software development for the Thermal Animal Detection System (TADS) development project: 'Development of a method for estimating collision frequency between migrating birds and offshore wind turbines'. The technical tests were performed to investigate the performance of remote controlling, video file compression tool and physical stress of the thermal camera when operating outdoors and under the real time vibration conditions at a 2 MW turbine. Furthermore, experimental tests on birds were performed to describe the decreasing detectability with distance on free flying birds, the performance of the thermal camera during poor visibility, and finally, the performance of the thermal sensor software developed for securing high -quality data. In general, it can be concluded that the thermal camera and its related hardware and software, the TADS, are capable of recording migrating birds approaching the rotating blades of a turbine, even under conditions with poor visibility. If the TADS is used in a vertical viewing scenario it would comply with the requirements for a setup used for estimating the avian collision frequency at offshore wind turbines. (au)
Stasicki, Bolesław; Boden, Fritz; Ludwikowski, Krzysztof
The non-intrusive in-flight deformation measurement and the resulting local pitch of an aircraft propeller or helicopter rotor blade is a demanding task. The idea of an imaging system integrated and rotating with the air-craft propeller has already been presented at the 30th International Congress on High-Speed Imaging and Photonics (ICHSIP30) in 2012. Since then this system has been designed, constructed and tested in the laboratory as well as in-flight on the Cobra VUT100 of Evektor Aerotechnik, Kunovice (CZ). The major aim of the EU FP7 project AIM2 ("Advanced In-flight Measurement techniques 2" - contract No. 266107) was to ascertain the feasibility of this technique under extreme conditions - vibration and large centrifugal forces - to real flight testing. Based on the gained experience a new rotating system for the application on helicopter rotors has recently been constructed and tested on the whirl tower of Airbus Helicopters, Donauwoerth (D). In this paper the principle of the applied Image Pattern Correlation Technique (IPCT), a specialized type of Digital Image Correlation (DIC), is outlined and the construction of both rotating 3D image acquisition systems dedicated to the in-flight deformation measurement of the aircraft propeller and helicopter rotor are described. Furthermore, the results of the ground and in-flight tests of these systems will be shown and discussed. The obtained results will be helpful for manufacturers in the design of their future aircrafts.
Full Text Available The trend of implementing the IPv6 into wireless sensor networks (WSNs has recently occurred as a consequence of a tendency of their integration with other types of IP-based networks. The paper deals with the security aspects of these IPv6-based WSNs. A brief analysis of security threats and attacks which are present in the IPv6-based WSN is given. The solution to an adaptive distributed system for malicious node detection in the IPv6-based WSN is proposed. The proposed intrusion detection system is based on distributed algorithms and a collective decision-making process. It introduces an innovative concept of probability estimation for malicious behaviour of sensor nodes. The proposed system is implemented and tested through several different scenarios in three different network topologies. Finally, the performed analysis showed that the proposed system is energy efficient and has a good capability to detect malicious nodes.
Full Text Available Nowadays, users can easily access and download network attack tools, which often provide friendly interfaces and easily operated features, from the Internet. Therefore, even a naive hacker can also launch a large scale DoS or DDoS attack to prevent a system, i.e., the victim, from providing Internet services. In this paper, we propose an agent based intrusion detection architecture, which is a distributed detection system, to detect DoS/DDoS attacks by invoking a statistic approach that compares source IP addresses' normal and current packet statistics to discriminate whether there is a DoS/DDoS attack. It first collects all resource IPs' packet statistics so as to create their normal packet distribution. Once some IPs' current packet distribution suddenly changes, very often it is an attack. Experimental results show that this approach can effectively detect DoS/DDoS attacks.
Shu, Shaolong; Lin, Feng
In our previous work, we investigated detectability of discrete event systems, which is defined as the ability to determine the current and subsequent states of a system based on observation. For different applications, we defined four types of detectabilities: (weak) detectability, strong detectability, (weak) periodic detectability, and strong periodic detectability. In this paper, we extend our results in three aspects. (1) We extend detectability from deterministic systems to nondeterministic systems. Such a generalization is necessary because there are many systems that need to be modeled as nondeterministic discrete event systems. (2) We develop polynomial algorithms to check strong detectability. The previous algorithms are based on observer whose construction is of exponential complexity, while the new algorithms are based on a new automaton called detector. (3) We extend detectability to D-detectability. While detectability requires determining the exact state of a system, D-detectability relaxes this requirement by asking only to distinguish certain pairs of states. With these extensions, the theory on detectability of discrete event systems becomes more applicable in solving many practical problems. PMID:21691432
Chen, Binyu; Han, Xiaoming; Su, Zhen; Liu, Quanjun
In microfluidic detection technology, because of the universality of optical methods in laboratory, optical detection is an attractive solution for microfluidic chip laboratory equipment. In addition, the equipment with high stability and low cost can be realized by integrating appropriate optical detection technology on the chip. This paper reports a detection system for microfluidic droplets. Photomultiplier tubes (PMT) is used as a detection device to improve the sensitivity of detection. This system improves the signal to noise ratio by software filtering and spatial filter. The fluorescence intensity is proportional to the concentration of the fluorescence and intensity of the laser. The fluorescence micro droplets of different concentrations can be distinguished by this system.
Prinos, Scott T.
The installation of drainage canals, poorly cased wells, and water-supply withdrawals have led to saltwater intrusion in the primary water-use aquifers in southwest Florida. Increasing population and water use have exacerbated this problem. Installation of water-control structures, well-plugging projects, and regulation of water use have slowed saltwater intrusion, but the chloride concentration of samples from some of the monitoring wells in this area indicates that saltwater intrusion continues to occur. In addition, rising sea level could increase the rate and extent of saltwater intrusion. The existing saltwater intrusion monitoring network was examined and found to lack the necessary organization, spatial distribution, and design to properly evaluate saltwater intrusion. The most recent hydrogeologic framework of southwest Florida indicates that some wells may be open to multiple aquifers or have an incorrect aquifer designation. Some of the sampling methods being used could result in poor-quality data. Some older wells are badly corroded, obstructed, or damaged and may not yield useable samples. Saltwater in some of the canals is in close proximity to coastal well fields. In some instances, saltwater occasionally occurs upstream from coastal salinity control structures. These factors lead to an incomplete understanding of the extent and threat of saltwater intrusion in southwest Florida. A proposed plan to improve the saltwater intrusion monitoring network in the South Florida Water Management District’s Big Cypress Basin describes improvements in (1) network management, (2) quality assurance, (3) documentation, (4) training, and (5) data accessibility. The plan describes improvements to hydrostratigraphic and geospatial network coverage that can be accomplished using additional monitoring, surface geophysical surveys, and borehole geophysical logging. Sampling methods and improvements to monitoring well design are described in detail. Geochemical analyses
John, C.D. Jr.
Disclosed is a leak detection system integral with a wall of a building used to fabricate nuclear fuel elements for detecting radiation leakage from the nuclear fuel elements as the fuel elements exit the building. The leak detecting system comprises a shielded compartment constructed to withstand environmental hazards extending into a similarly constructed building and having sealed doors on both ends along with leak detecting apparatus connected to the compartment. The leak detecting system provides a system for removing a nuclear fuel element from its fabrication building while testing for radiation leaks in the fuel element
Santos, G. Jr.; Ramos, A.F.; Fernandez, L.G.; Almoneda, R.V.; Garcia, T.Y.; Cruz, C.C.; Petrache, C.A.; Andal, T.T.; Alcantara, E.
Preliminary analyses of waters for uranium and other trace elements from deepwells operated by the Metropolitan Waterworks and Sewerage System (MWSS) in Metro Manila were performed. Uranium, which ranged from 0.2 ppb to 6 ppb, was correlated with saltwater intrusion. Values >=0.8 ppb for uranium were considered indicative of saline water intrusion in the aquifers. Saline water intrusions in Malabon, Navotas, Paranaque, Las Pinas, Bacoor, Imus, Kawit, Pasig, Antipolo, San Mateo, Taguig, Cainta, Taytay, Alabang and Muntinlupa were noted. Most of these areas were also identified by MWSS as being affected by saltwater intrusion. Tritium values ranged from 0 (below detection limits) to 44 tritium units. Except for one well in Muntinlupa, all the values obtained were below the lower limit of detection of 30.83 T.U. Mercury contents in six well locations had values above the maximum limit set by the National Standards for Drinking Water. Four wells exceeded the permissible level for manganese while two wells had iron concentrations greater than the National Standards. Other trace element concentrations such as Cr, Pb, Zn, Co and Ni either did not exceed their permissible levels or were not included in the National Standards. (Auth.). 6 refs.; 1 tab.; 3 figs
Marco Danilo Burbano Acuña
Full Text Available There is not discussion about the need of energyconservation, it is well known that energy resources are limitedmoreover the global energy demands will double by the end of2030, which certainly will bring implications on theenvironment and hence to all of us.Non-Intrusive load monitoring (NILM is the process ofrecognize electrical devices and its energy consumption basedon whole home electric signals, where this aggregated load datais acquired from a single point of measurement outside thehousehold. The aim of this approach is to get optimal energyconsumption and avoid energy wastage. Intrusive loadmonitoring (ILM is the process of identify and locate singledevices through the use of sensing systems to support control,monitor and intervention of such devices. The aim of thisapproach is to offer a base for the development of importantapplications for remote and automatic intervention of energyconsumption inside buildings and homes as well. For generalpurposes this paper states a general framework of NILM andILM approaches.Appliance discerns can be tackled using approaches fromdata mining and machine learning, finding out the techniquesthat fit the best this requirements, is a key factor for achievingfeasible and suitable appliance load monitoring solutions. Thispaper presents common and interesting methods used.Privacy concerns have been one of the bigger obstacles forimplementing a widespread adoption of these solutions; despitethis fact, developed countries like those inside the EU and theUK have established a deadline for the implementation ofsmart meters in the whole country, whereas USA governmentstill struggles with the acceptance of this solution by itscitizens.The implementation of security over these approachesalong with fine-grained energy monitoring would lead to abetter public agreement of these solutions and hence a fasteradoption of such approaches. This paper reveals a lack ofsecurity over these approaches with a real scenario.
Apparatus for detecting underground nuclear explosions is described that is comprised of an antenna located in the dielectric substance of a deep waveguide in the earth and adapted to detect low frequency electromagnetic waves generated by a nuclear explosion, the deep waveguide comprising the high conductivity upper sedimentary layers of the earth, the dielectric basement rock, and a high conductivity layer of basement rock due to the increased temperature thereof at great depths, and means for receiving the electromagnetic waves detected by said antenna means
Urness, Adam C.; Wilson, William L.; Ayres, Mark R.
We present a homodyne detection system implemented for a page-wise holographic memory architecture. Homodyne detection by holographic memory systems enables phase quadrature multiplexing (doubling address space), and lower exposure times (increasing read transfer rates). It also enables phase modulation, which improves signal-to-noise ratio (SNR) to further increase data capacity. We believe this is the first experimental demonstration of homodyne detection for a page-wise holographic memory system suitable for a commercial design.
Full Text Available Intrusion Detection Systems (IDS takes the lion’s share of the current security infrastructure. Detection of intrusions is vital for initiating the defensive procedures. Intrusion detection was done by statistical and distance based methods. A threshold value is used in these methods to indicate the level of normalcy. When the network traffic crosses the level of normalcy then above which it is flagged as anomalous. When there are occurrences of new intrusion events which are increasingly a key part of system security, the statistical techniques cannot detect them. To overcome this issue, learning techniques are used which helps in identifying new intrusion activities in a computer system. The objective of the proposed system designed in this paper is to classify the intrusions using an Intelligent Multi Layered Attack Classification System (IMLACS which helps in detecting and classifying the intrusions with improved classification accuracy. The intelligent multi layered approach contains three intelligent layers. The first layer involves Binary Support Vector Machine classification for detecting the normal and attack. The second layer involves neural network classification to classify the attacks into classes of attacks. The third layer involves fuzzy inference system to classify the attacks into various subclasses. The proposed IMLACS can be able to detect an intrusion behavior of the networks since the system contains a three intelligent layer classification and better set of rules. Feature selection is also used to improve the time of detection. The experimental results show that the IMLACS achieves the Classification Rate of 97.31%.
Long, Lijia; Thöns, Sebastian; Döhler, Michael
This paper addresses the quantification of the value of damage detection system and algorithm information on the basis of Value of Information (VoI) analysis to enhance the benefit of damage detection information by providing the basis for its optimization before it is performed and implemented....... The approach of the quantification the value of damage detection information builds upon the Bayesian decision theory facilitating the utilization of damage detection performance models, which describe the information and its precision on structural system level, facilitating actions to ensure the structural...... detection information is determined utilizing Bayesian updating. The damage detection performance is described with the probability of indication for different component and system damage states taking into account type 1 and type 2 errors. The value of damage detection information is then calculated...
The Nuclear Burst Detection System (NBDS) was developed to meet the Army requirements of an unattended, automatic nuclear burst reporting system. It provides pertinent data for battlefield commanders on a timely basis with high reliability
Robiah, Y.; Rahayu, S. Siti; Zaki, M. Mohd; Shahrin, S.; Faizal, M. A.; Marliza, R.
Malware is a type of malicious program that replicate from host machine and propagate through network. It has been considered as one type of computer attack and intrusion that can do a variety of malicious activity on a computer. This paper addresses the current trend of malware detection techniques and identifies the significant criteria in each technique to improve malware detection in Intrusion Detection System (IDS). Several existing techniques are analyzing from 48 various researches and...
Full text: In this paper, we discuss briefly the developed level of physical protection system (PPS) in different Chinese history stage, and the relation between PPS and society, politics, military and security. It reveals the current status of application of PPS in China, and the level of design, implementation, evaluation and products. We also discuss the developing direction and applying tendency of PPS in future China. We mainly introduce a software using the ASD to evaluate the effectiveness of the PPS at a facility. It is used for training, design, and implementation of physical system. It identifies the path which adversaries can follow to accomplish sabotage or theft. For a specific PPS and threat, the most vulnerable path can be determined. The path probability of interruption P(I) establishes of the total PPS. Especially, we introduce how to specify threat characteristics bases the situation of present Chinese society, based global and local threat development. We also introduce how to build a data base of different elements based on the level of crime at present China. (author)
Francisco M. Borrego-Jaraba
Full Text Available In this paper we present a pervasive proposal for advertising using mobile phones, Near Field Communication, geolocation and air hand gestures. Advertising post built by users in public/private spaces can store multiple ads containing any kind of textual, graphic or multimedia information. Ads are automatically shows in the mobile phone of the users using a notification based process considering relative user location between the posts and the user preferences. Moreover, ads can be stored and retrieved from the post using hand gestures and Near Field Communication technology. Secure management of information about users, posts, and notifications and the use of instant messaging enable the development of systems to extend the current advertising strategies based on Web, large displays or digital signage.
Full Text Available This paper describes the advantages of using Evolutionary Algorithms (EA for feature selection on network intrusion dataset. Most current Network Intrusion Detection Systems (NIDS are unable to detect intrusions in real time because of high dimensional data produced during daily operation. Extracting knowledge from huge data such as intrusion data requires new approach. The more complex the datasets, the higher computation time and the harder they are to be interpreted and analyzed. This paper investigates the performance of feature selection algoritms in network intrusiona data. We used Genetic Algorithms (GA and Particle Swarm Optimizations (PSO as feature selection algorithms. When applied to network intrusion datasets, both GA and PSO have significantly reduces the number of features. Our experiments show that GA successfully reduces the number of attributes from 41 to 15 while PSO reduces the number of attributes from 41 to 9. Using k Nearest Neighbour (k-NN as a classifier,the GA-reduced dataset which consists of 37% of original attributes, has accuracy improvement from 99.28% to 99.70% and its execution time is also 4.8 faster than the execution time of original dataset. Using the same classifier, PSO-reduced dataset which consists of 22% of original attributes, has the fastest execution time (7.2 times faster than the execution time of original datasets. However, its accuracy is slightly reduced 0.02% from 99.28% to 99.26%. Overall, both GA and PSO are good solution as feature selection techniques because theyhave shown very good performance in reducing the number of features significantly while still maintaining and sometimes improving the classification accuracy as well as reducing the computation time.
Environmental neutron detection system was proposed and developed. The main goal of this system was set to detect fast and thermal neutrons with the identical detectors setup without degraders. This system consists of a 10 B doped liquid scintillator for n detection and CsI scintillators for simultaneous γ emission from 10 B doped in the liquid scintillator after the n capture reaction. The first setup was optimized for the thermal n detection, while the second setup was for the fast n detection. It was shown that the thermal n flux was obtained in the first setup by using the method of the γ coincidence method with the help of the Monte Carlo calculation. The second setup was designed to improve the detection efficiency for the fast n, and was shown qualitatively that both the pulse shape discrimination and the coincidence methods are efficient. There will be more improvements, particularly for the quantitative discussion. (author)
A real-time autonomous oil and fuel spill detection system has been developed to rapidly detect of a wide range of petroleum products floating on, or suspended in water. The system consists of an array of spill detection buoys distributed within the area to be monitored. The buoys are composed of a float and a multispectral fluorometer, which looks up through the top 5 cm of water to detect floating and suspended petroleum products. The buoys communicate to a base station computer that controls the sampling of the buoys and analyses the data from each buoy to determine if a spill has occurred. If statistically significant background petroleum levels are detected, the system raises an oil spill alarm. The system is useful because early detection of a marine oil spill allows for faster containment, thereby minimizing the contaminated area and reducing cleanup costs. This paper also provided test results for biofouling, various petroleum product detection, water turbidity and wave tolerance. The technology has been successfully demonstrated. The UV light source keeps the optic window free from biofouling, and the electronics are fully submerged so there is no risk that the unit could ignite the vapours of a potential oil spill. The system can also tolerate moderately turbid waters and can therefore be used in many rivers, harbours, water intakes and sumps. The system can detect petroleum products with an average thickness of less than 3 micrometers floating on the water surface. 3 refs., 15 figs
Yao, Zhuo-sen; Qin, Ke-zhang; Xue, Sheng-chao
The deformation features (e.g., undulose extinction and subgrain boundaries) and low Ca content (causing the widespread deformation observed in Ca-depleted olivine from Poyi and other intrusions. What is more important, this work fills the gaps in the interpretation of this type of olivine in volcanic rocks.
National Aeronautics and Space Administration — In performance maintenance in large, complex systems, sensor information from sub-components tends to be readily available, and can be used to make predictions about...
Krejci, Petr; Machek, Jindrich
The project includes the use of the PEANO (Process Evaluation and Analysis by Neural Operators) system to verify the monitoring of the status of dependent measurements with a view to early measurement fault detection and estimation of selected signal levels. At the present stage, the system's capabilities of detecting measurement errors was assessed and the quality of the estimates was evaluated for various system configurations and the formation of empiric models, and rules were sought for system training at chosen process data recording parameters and operating modes. The aim was to find a suitable system configuration and to document the quality of the tuned system on artificial failures
Mahmoud, Seedahmed S.; Visagathilagar, Yuvaraja; Katsifolis, Jim
The success of any perimeter intrusion detection system depends on three important performance parameters: the probability of detection (POD), the nuisance alarm rate (NAR), and the false alarm rate (FAR). The most fundamental parameter, POD, is normally related to a number of factors such as the event of interest, the sensitivity of the sensor, the installation quality of the system, and the reliability of the sensing equipment. The suppression of nuisance alarms without degrading sensitivity in fiber optic intrusion detection systems is key to maintaining acceptable performance. Signal processing algorithms that maintain the POD and eliminate nuisance alarms are crucial for achieving this. In this paper, a robust event classification system using supervised neural networks together with a level crossings (LCs) based feature extraction algorithm is presented for the detection and recognition of intrusion and non-intrusion events in a fence-based fiber-optic intrusion detection system. A level crossings algorithm is also used with a dynamic threshold to suppress torrential rain-induced nuisance alarms in a fence system. Results show that rain-induced nuisance alarms can be suppressed for rainfall rates in excess of 100 mm/hr with the simultaneous detection of intrusion events. The use of a level crossing based detection and novel classification algorithm is also presented for a buried pipeline fiber optic intrusion detection system for the suppression of nuisance events and discrimination of intrusion events. The sensor employed for both types of systems is a distributed bidirectional fiber-optic Mach-Zehnder (MZ) interferometer.
Graham, J; Levick, D; Schreiber, R
Clinical decision support that provides enhanced patient safety at the point of care frequently encounters significant pushback from clinicians who find the process intrusive or time-consuming. We present a hypothetical medical center's dilemma about its allergy alerting system and discuss similar problems faced by real hospitals. We then share some lessons learned and best practices for institutions who wish to implement these tools themselves.
Graham, J.; Levick, D.; Schreiber, R.
Clinical decision support that provides enhanced patient safety at the point of care frequently encounters significant pushback from clinicians who find the process intrusive or time-consuming. We present a hypothetical medical center’s dilemma about its allergy alerting system and discuss similar problems faced by real hospitals. We then share some lessons learned and best practices for institutions who wish to implement these tools themselves.
Full Text Available Missile defense systems are often related to major military resources aimed at shielding a specific region from incoming attacks. They are intended to detect, track, intercept, and destruct incoming enemy missiles. These systems vary in cost, efficiency, dependability, and technology. In present times, the possession of these types of systems is associated with large capacity military countries. Demonstrated here are the mathematical techniques behind missile systems which calculate trajectories of incoming missiles and potential intercept positions after initial missile detection. This procedure involved the use of vector-valued functions, systems of equations, and knowledge of projectile motion concepts.
Assumpcao Filho, E.O.; Nakata, H.
A failure detection and isolation system (FDI) simulation program has been developed for IBM-PC microcomputers. The program, based on the sequential likelihood ratio testing method developed by A. Wald, was implemented with the Monte-Carlo technique. The calculated failure detection rate was favorably compared against the wind-tunnel experimental redundant temperature sensors. (author) [pt
Garoudja, Elyes; Harrou, Fouzi; Sun, Ying; Kara, Kamel; Chouder, Aissa; Silvestre, Santiago
and efficiency. Here, an innovative model-based fault-detection approach for early detection of shading of PV modules and faults on the direct current (DC) side of PV systems is proposed. This approach combines the flexibility, and simplicity of a one-diode model
Faults in photovoltaic (PV) systems, which can result in energy loss, system shutdown or even serious safety breaches, are often difficult to avoid. Fault detection in such systems is imperative to improve their reliability, productivity, safety and efficiency. Here, an innovative model-based fault-detection approach for early detection of shading of PV modules and faults on the direct current (DC) side of PV systems is proposed. This approach combines the flexibility, and simplicity of a one-diode model with the extended capacity of an exponentially weighted moving average (EWMA) control chart to detect incipient changes in a PV system. The one-diode model, which is easily calibrated due to its limited calibration parameters, is used to predict the healthy PV array\\'s maximum power coordinates of current, voltage and power using measured temperatures and irradiances. Residuals, which capture the difference between the measurements and the predictions of the one-diode model, are generated and used as fault indicators. Then, the EWMA monitoring chart is applied on the uncorrelated residuals obtained from the one-diode model to detect and identify the type of fault. Actual data from the grid-connected PV system installed at the Renewable Energy Development Center, Algeria, are used to assess the performance of the proposed approach. Results show that the proposed approach successfully monitors the DC side of PV systems and detects temporary shading.
Geng, Shu-Qin; Tao, Ren-Hai; Zhao, Chao; Wei, Qun
This paper describes a patient security detection system developed with two dimensional bar codes, wireless communication and removal storage technique. Based on the system, nurses and correlative personnel check code wait operation patient to prevent the defaults. The tests show the system is effective. Its objectivity and currency are more scientific and sophisticated than current traditional method in domestic hospital.
National Aeronautics and Space Administration — IMPROVING CAUSE DETECTION SYSTEMS WITH ACTIVE LEARNING ISAAC PERSING AND VINCENT NG Abstract. Active learning has been successfully applied to many natural language...
The California Department of Transportation (Caltrans) has implemented a fog detection and warning system on Highway 99 near Fresno. The entire central valley region is susceptible to Tule fog, which can reduce visibility tremendously, sometimes to n...
Ledezma, Fernando; Laleg-Kirati, Taous-Meriem
In this paper, we propose a hybrid interpretation of the cardiovascular system. Based on a model proposed by Simaan et al. (2009), we study the problem of detecting cardiovascular anomalies that can be caused by variations in some physiological
Voeller, John G
Detection and Intelligent Systems for Homeland Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering advanced technology for image and video interpretation systems used for surveillance, which help in solving such problems as identifying faces from live streaming or stored videos. Biometrics for human identification, including eye retinas and irises, and facial patterns are also presented. The book then provides information on sensors for detection of explosive and radioactive materials and methods for sensing chemical
Full Text Available This study proposes a drowsiness detection approach based on the combination of several different detection methods, with robustness to the input signal loss. Hence, if one of the methods fails for any reason, the whole system continues to work properly. To choose correct combination of the available methods and to utilize the benefits of methods of different categories, an image processing-based technique as well as a method based on driver-vehicle interaction is used. In order to avoid driving distraction, any use of an intrusive method is prevented. A driving simulator is used to gather real data and then artificial neural networks are used in the structure of the designed system. Several tests were conducted on twelve volunteers while their sleeping situations during one day prior to the tests, were fully under control. Although the impact of the proposed system on the improvement of the detection accuracy is not remarkable, the results indicate the main advantages of the system are the reliability of the detections and robustness to the loss of the input signals. The high reliability of the drowsiness detection systems plays an important role to reduce drowsiness related road accidents and their associated costs.
Kuepke, K.; Kuchnir, M.; Martin, P.
The experimental study leading to the determination of the sensitivity needed for protecting the Fermilab Doubler from damage during quenches is presented. The quench voltage thresholds involved were obtained from measurements made on Doubler cable of resistance x temperature and voltage x time during quenches under several currents and from data collected during operation of the Doubler Quench Protection System as implemented in the B-12 string of 20 magnets. At 4kA, a quench voltage threshold in excess of 5.OV will limit the peak Doubler cable temperature to 452K for quenches originating in the magnet coils whereas a threshold of 0.5V is required for quenches originating outside of coils
Martínez-Moreno, F. J.; Monteiro-Santos, F. A.; Bernardo, I.; Farzamian, M.; Nascimento, C.; Fernandes, J.; Casal, B.; Ribeiro, J. A.
Seawater intrusion is an increasingly widespread problem in coastal aquifers caused by climate changes -sea-level rise, extreme phenomena like flooding and droughts- and groundwater depletion near to the coastline. To evaluate and mitigate the environmental risks of this phenomenon it is necessary to characterize the coastal aquifer and the salt intrusion. Geophysical methods are the most appropriate tool to address these researches. Among all geophysical techniques, electrical methods are able to detect seawater intrusions due to the high resistivity contrast between saltwater, freshwater and geological layers. The combination of two or more geophysical methods is recommended and they are more efficient when both data are inverted jointly because the final model encompasses the physical properties measured for each methods. In this investigation, joint inversion of vertical electric and time domain soundings has been performed to examine seawater intrusion in an area within the Ferragudo-Albufeira aquifer system (Algarve, South of Portugal). For this purpose two profiles combining electrical resistivity tomography (ERT) and time domain electromagnetic (TDEM) methods were measured and the results were compared with the information obtained from exploration drilling. Three different inversions have been carried out: single inversion of the ERT and TDEM data, 1D joint inversion and quasi-2D joint inversion. Single inversion results identify seawater intrusion, although the sedimentary layers detected in exploration drilling were not well differentiated. The models obtained with 1D joint inversion improve the previous inversion due to better detection of sedimentary layer and the seawater intrusion appear to be better defined. Finally, the quasi-2D joint inversion reveals a more realistic shape of the seawater intrusion and it is able to distinguish more sedimentary layers recognised in the exploration drilling. This study demonstrates that the quasi-2D joint
Niemann, Hans Henrik; Poulsen, Niels Kjølstad
The focus in this paper is on active fault detection (AFD) for MIMO systems with parametric faults. The problem of design of auxiliary inputs with respect to detection of parametric faults is investigated. An analysis of the design of auxiliary inputs is given based on analytic transfer functions...... from auxiliary input to residual outputs. The analysis is based on a singular value decomposition of these transfer functions Based on this analysis, it is possible to design auxiliary input as well as design of the associated residual vector with respect to every single parametric fault in the system...... such that it is possible to detect these faults....
Rapidly changing geopolitical issues throughout the world have made the ability to effectively respond to political, military, terrorist and peace-keeping requirements increasingly important. Recent Middle East events indicate a continuing escalation in these activities. These activities are defining the requirements for a rapidly deployable, portable, real-time detection and assessment operational security system that is reconfigurable to site specific threats. This paper describes such a system Mobile Operational Detection and Assessment system (MODAS); a commercially-off-the shelf (COTS) integrated and reconfigurable hardware/software system solution for the ever-changing geopolitical security issues of the Nineties
Williams, Martha; Lewis, Mark; Gibson, Tracy; Lane, John; Medelius, Pedro; Snyder, Sarah; Ciarlariello, Dan; Parks, Steve; Carrejo, Danny; Rojdev, Kristina
The Flat Surface Damage Detection system (FSDDS} is a sensory system that is capable of detecting impact damages to surfaces utilizing a novel sensor system. This system will provide the ability to monitor the integrity of an inflatable habitat during in situ system health monitoring. The system consists of three main custom designed subsystems: the multi-layer sensing panel, the embedded monitoring system, and the graphical user interface (GUI). The GUI LABVIEW software uses a custom developed damage detection algorithm to determine the damage location based on the sequence of broken sensing lines. It estimates the damage size, the maximum depth, and plots the damage location on a graph. Successfully demonstrated as a stand alone technology during 2011 D-RATS. Software modification also allowed for communication with HDU avionics crew display which was demonstrated remotely (KSC to JSC} during 2012 integration testing. Integrated FSDDS system and stand alone multi-panel systems were demonstrated remotely and at JSC, Mission Operations Test using Space Network Research Federation (SNRF} network in 2012. FY13, FSDDS multi-panel integration with JSC and SNRF network Technology can allow for integration with other complementary damage detection systems.
Lee, B.B.; Furgason, E.S.
A new portable digital random signal flaw detection system is described which uses a digital delay line to replace the acoustic delay line of the original random signal system. Using this new system, a comparison was made between the two types of transmit signals which have been used in previous systems--m-sequences and random signals. This comparison has not been possible with these previous correlation flaw detection systems. Results indicated that for high-speed short code operation, the m-sequences produced slightly lower range sidelobes than typical samples of a clipped random signal. For normal long code operation, results indicated that system performance is essentially equivalent in resolution and signal-to-noise ratio using either m-sequences or clipped and sampled random signals. Further results also showed that for normal long code operation, the system produces outputs equivalent in resolution to pulse-echo systems, but with the added benefit of signal-to-noise ratio enhancement
Prinos, Scott T.
Florida's communities are largely dependent on freshwater from groundwater aquifers. Existing saltwater in the aquifers, or seawater that intrudes parts of the aquifers that were fresh, can make the water unusable without additional processing. The quality of Florida's saltwater intrusion monitoring networks varies. In Miami-Dade and Broward Counties, for example, there is a well-designed network with recently constructed short open-interval monitoring wells that bracket the saltwater interface in the Biscayne aquifer. Geochemical analyses of water samples from the network help scientists evaluate pathways of saltwater intrusion and movement of the saltwater interface. Geophysical measurements, collected in these counties, aid the mapping of the saltwater interface and the design of monitoring networks. In comparison, deficiencies in the Collier County monitoring network include the positioning of monitoring wells, reliance on wells with long open intervals that when sampled might provide questionable results, and the inability of existing analyses to differentiate between multiple pathways of saltwater intrusion. A state-wide saltwater intrusion monitoring network is being planned; the planned network could improve saltwater intrusion monitoring by adopting the applicable strategies of the networks of Miami-Dade and Broward Counties, and by addressing deficiencies such as those described for the Collier County network.
Electronic monitoring system automatically detects and locates minute leaks in seams of large fluid storage tanks and pipelines covered with thermal insulation. The system uses a capacitive tape-sensing element that is adhesively bonded over seams where fluid leaks are likely to occur.
Described is a new biosensor-based detection system for effector compounds, useful for in vivo applications in e.g. screening and selecting of cells which produce a small molecule effector compound or which take up a small molecule effector compound from its environment. The detection system...... comprises a protein or RNA-based biosensor for the effector compound which indirectly regulates the expression of a reporter gene via two hybrid proteins, providing for fewer false signals or less 'noise', tuning of sensitivity or other advantages over conventional systems where the biosensor directly...
Desmas, T.; Kong, N.; Maupre, J.P.; Schindler, P.; Blanc, D.
A loss in tightness of a water tube inside a Steam Generator Unit of a Fast Reactor is usually monitored by hydrogen detection systems. Such systems have demonstrated in the past their ability to detect a leak in a SGU. However, the increase in size of the SGU or the choice of ferritic material entails improvement of these systems in order to avoid secondary leak or to limit damages to the tube bundle. The R and D undertaken in France on this subject is presented. (author). 11 refs, 10 figs
Liu, Zuting; Luo, Ying; Yu, Shihai
The low strain reflection wave method plays a principal rule in the integrating detection of base piles. However, there are some deficiencies with this method. For example, there is a blind area of detection on top of the tested pile; it is difficult to recognize the defects at deep-seated parts of the pile; there is still the planar of 3D domino effect, etc. It is very difficult to solve these problems only with the single-transducer pile integrity testing system. A new multi-signal piles integrity testing system is proposed in this paper, which is able to impulse and collect signals on multiple points on top of the pile. By using the multiple superposition data processing method, the detecting system can effectively restrain the interference and elevate the precision and SNR of pile integrity testing. The system can also be applied to the evaluation of engineering structure health.
In order to improve the security of handling special nuclear materials at the Oak Ridge Y-12 Plant, a sensitive acoustic emission detector has been developed that will detect forcible entry through block or tile walls, concrete floors, or concrete/steel vault walls. A small, low-powered processor was designed to convert the output from a sensitive, crystal-type acoustic transducer to an alarm relay signal for use with a supervised alarm loop. The unit may be used to detect forcible entry through concrete, steel, block, tile, and/or glass
Ali A. Ghorbani
Full Text Available Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.
Lu, Wei; Ghorbani, Ali A.
Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.
Cohen, P.; Polotski, V.; Piotte, M.; Melamed, F. [Ecole Polytechnique de Montreal, Montreal, PQ (Canada)
A device for detecting obstacles by autonomous vehicles navigating in mine drifts is described. The device is based upon structured lighting and the extraction of relevant features from images of obstacles. The system uses image profile changes, ground and wall irregularities, disturbances of the vehicle`s trajectory, and impaired visibility to detect obstacles, rather than explicit three-dimensional scene reconstruction. 7 refs., 5 figs.
Purpose: To make it possible to rapidly detect any failure in a reactor system prior to the leakage of coolants. Constitution: The dose of beta line is computed from the difference between the power of a detector for reacting with both beta and gamma lines and a detector for reacting only with gamma line to detect the failure of a reactor system, thereby to raise the detection speed and improve the detection accuracy. More specifically, a radiation detector A detects gamma and beta lines by means of piezoelectric elements. A radiation detector B caused the opening of the detector A to be covered with a metal, and detects only gamma line. The detected values of detectors A and B are amplified by an amplifier and applied to a rate meter and a counter, the values being converted into DC and introduced into a comparison circuit, where the outputs of the rate meter are compared with each other. When the difference is more than the predetermined range, it is supplied as output to an alarm circuit where an alarm signal is produced. (Nakamura, S.)
Tania, U T; Motakabber, S M A; Ibrahimy, M I
Nowadays security and authentication are the major parts of our daily life. Iris is one of the most reliable organ or part of human body which can be used for identification and authentication purpose. To develop an iris authentication algorithm for personal identification, this paper examines two edge detection techniques for iris recognition system. Between the Sobel and the Canny edge detection techniques, the experimental result shows that the Canny's technique has better ability to detect points in a digital image where image gray level changes even at slow rate
Osman, E.A.; El-Gazar, M.I.; Shaat, M.K.; El-Kafas, A.A.; Zidan, W.I.; Wadoud, A.A.
Passive Infera-Red (PIR) sensors are one of many detection sensors are used to detect any intrusion process of the nuclear sites. In this work, an estimation of a PIR Sensor's Probability of Detection of a hypothetical facility is presented. sensor performance testing performed to determine whether a particular sensor will be acceptable in a proposed design. We have access to a sensor test field in which the sensor of interest is already properly installed and the parameters have been set to optimal levels by preliminary testing. The PIR sensor construction, operation and design for the investigated nuclear site are explained. Walking and running intrusion tests were carried out inside the field areas of the PIR sensor to evaluate the sensor performance during the intrusion process. 10 trials experimentally performed for achieving the intrusion process via a passive infra-red sensor's network system. The performance and intrusion senses of PIR sensors inside the internal zones was recorded and evaluated.
Frankiewicz, Maciej; Kos, Andrzej
The paper describes structure and measurement results of the system detecting present maximum temperature on the surface of an integrated circuit. The system consists of the set of proportional to absolute temperature sensors, temperature processing path and a digital part designed in VHDL. Analogue parts of the circuit where designed with full-custom technique. The system is a part of temperature-controlled oscillator circuit - a power management system based on dynamic frequency scaling method. The oscillator cooperates with microprocessor dedicated for thermal experiments. The whole system is implemented in UMC CMOS 0.18 μm (1.8 V) technology.
Full Text Available Complex systems consist of multiple interacting subsystems, whose nonlinear interactions can result in unanticipated (emergent system events. Extant systems analysis approaches fail to detect such emergent properties, since they analyze each subsystem separately and arrive at decisions typically through linear aggregations of individual analysis results. In this paper, we propose a quantitative definition of emergence for complex systems. We also propose a framework to detect emergent properties given observations of its subsystems. This framework, based on a probabilistic graphical model called Bayesian Knowledge Bases (BKBs, learns individual subsystem dynamics from data, probabilistically and structurally fuses said dynamics into a single complex system dynamics, and detects emergent properties. Fusion is the central element of our approach to account for situations when a common variable may have different probabilistic distributions in different subsystems. We evaluate our detection performance against a baseline approach (Bayesian Network ensemble on synthetic testbeds from UCI datasets. To do so, we also introduce a method to simulate and a metric to measure discrepancies that occur with shared/common variables. Experiments demonstrate that our framework outperforms the baseline. In addition, we demonstrate that this framework has uniform polynomial time complexity across all three learning, fusion, and reasoning procedures.
An experimental realization of a simple non-intrusive refractometer sensor .... and after amplification is finally read by a digital multimeter (Fluke make: 179 true ... To study the response of the present FO refractometer, propylene glycol has been ... values of all the samples were initially measured by Abbe's refractometer.
The invention relates to a coaxial direct-detection LIDAR system for measuring velocity, temperature and/or particulate density. The system comprises a laser source for emitting a laser light beam having a lasing center frequency along an emission path. The system further comprises an optical....... Finally, the system comprises a detector system arranged to receive the return signal from the optical delivery system, the detector system comprising a narrowband optical filter and a detector, the narrowband optical filter having a filter center frequency of a pass-band, wherein the center lasing...... frequency and/or the center filter frequency may be scanned. The invention further relates to an aircraft airspeed measurement device, and a wind turbine airspeed measurement device comprising the LIDAR system....
Van der Walt, C
Full Text Available ? Online services include internet banking, e-commerce, video streaming, Gmail ? Data services include Dropbox, Google Docs, Google Drive ? Threats: hacking, Denial of Service (DoS) attacks ? Victims of DoS attacks include Yahoo, eBay, e-trade, CNN...S attacks use the TCP protocol ? SYN flood is the most commonly-used TCP attack ? Exploits the limitation of the three-way hand shake , that maintains half-open connections for a certain time period ? Neptune - SYN flood denial of service on one or more...
Nair, Kishor Krishnan
Full Text Available . Bluetooth Logging Agent (BLA) is a mechanism that has been developed for this purpose. It alleviates the current security issues by making the users aware of their incoming Bluetooth connections and gives them an option to either accept or reject...
Thomas, Eric D.; Van Randwyk, Jamie A.; Lee, Erik J.; Stephano, Amanda (Indiana University); Tabriz, Parisa (University of Illinois at Urbana-Champaign); Pelon, Kristen (Cedarville University); McCoy, Damon (University of Colorado, Boulder); Lodato, Mark (Lafayette College); Hemingway, Franklin (University of New Mexico); Custer, Ryan P.; Averin, Dimitry (Polytechnic University); Franklin, Jason (Carnegie Mellon University); Kilman, Dominique Marie
Wireless computer networks are increasing exponentially around the world. They are being implemented in both the unlicensed radio frequency (RF) spectrum (IEEE 802.11a/b/g) and the licensed spectrum (e.g., Firetide  and Motorola Canopy ). Wireless networks operating in the unlicensed spectrum are by far the most popular wireless computer networks in existence. The open (i.e., proprietary) nature of the IEEE 802.11 protocols and the availability of ''free'' RF spectrum have encouraged many producers of enterprise and common off-the-shelf (COTS) computer networking equipment to jump into the wireless arena. Competition between these companies has driven down the price of 802.11 wireless networking equipment and has improved user experiences with such equipment. The end result has been an increased adoption of the equipment by businesses and consumers, the establishment of the Wi-Fi Alliance , and widespread use of the Alliance's ''Wi-Fi'' moniker to describe these networks. Consumers use 802.11 equipment at home to reduce the burden of running wires in existing construction, facilitate the sharing of broadband Internet services with roommates or neighbors, and increase their range of ''connectedness''. Private businesses and government entities (at all levels) are deploying wireless networks to reduce wiring costs, increase employee mobility, enable non-employees to access the Internet, and create an added revenue stream to their existing business models (coffee houses, airports, hotels, etc.). Municipalities (Philadelphia; San Francisco; Grand Haven, MI) are deploying wireless networks so they can bring broadband Internet access to places lacking such access; offer limited-speed broadband access to impoverished communities; offer broadband in places, such as marinas and state parks, that are passed over by traditional broadband providers; and provide themselves with higher quality, more complete network coverage for use by emergency responders and other municipal agencies. In short, these Wi-Fi networks are being deployed everywhere. Much thought has been and is being put into evaluating cost-benefit analyses of wired vs. wireless networks and issues such as how to effectively cover an office building or municipality, how to efficiently manage a large network of wireless access points (APs), and how to save money by replacing an Internet service provider (ISP) with 802.11 technology. In comparison, very little thought and money are being focused on wireless security and monitoring for security purposes.
We have witnessed in the recent years that open source tools have gained popularity among all types of users, from individuals or small businesses to large organizations and enterprises. In this paper we will present three open source IDS tools: OSSEC, Prelude and SNORT.
form for VLC , Swftools-png2swf, Swftools-jpeg2swf, Dillo and GIMP. The superscript indicates the bit width of each expression atom. “sext(v, w... challenges in input rectification is the need to deal with nested fields. In general, input formats are in tree structures containing arbitrarily...length indicator constraints is challeng - ing, because of the presence of nested fields in hierarchical input format. For example, an integer field may
Coates, Jr., John T.; DeVol, Timothy A.
Disclosed are materials and systems useful in determining the existence of radionuclides in an aqueous sample. The materials provide the dual function of both extraction and scintillation to the systems. The systems can be both portable and simple to use, and as such can beneficially be utilized to determine presence and optionally concentration of radionuclide contamination in an aqueous sample at any desired location and according to a relatively simple process without the necessity of complicated sample handling techniques. The disclosed systems include a one-step process, providing simultaneous extraction and detection capability, and a two-step process, providing a first extraction step that can be carried out in a remote field location, followed by a second detection step that can be carried out in a different location.
This article gives a survey of digital X-ray detection systems for projection radiography. The different principles are compared and some general characteristics are derived. The basic conversion mechanisms in the absorption layers are described. The basic principles of solid state X-ray detectors and their general characteristics are elucidated as well as some similarities with detectors for computed tomography. Some important application and system aspects are considered. An outlook on further possible developments in this field is given. (orig.) [de
Tsilingaridis, Georgios; Malmgren, Barbro; Andreasen, Jens O
Intrusive luxation in the permanent dentition is an uncommon injury but it is considered one of the most severe types of dental trauma because of the risk for damage to the periodontal ligament, pulp and alveolar bone. Management of intrusive luxation in the permanent dentition is controversial....... The purpose of this study was to evaluate pulp survival and periodontal healing in intrusive luxated permanent teeth in relation to treatment alternatives, degree of intrusion and root development....
Grau Carles, P.; Grau Malonda, A.
In this paper three new statistical theorems are demonstrated and applied. These theorems simplify very much the obtention of the formulae to compute the counting efficiency when the detection system is formed by several photomultipliers associated in coincidence and sume. These theorems are applied to several photomultiplier arrangements in order to show their potential and the application. way
James J. Clark
Full Text Available This paper presents an FPGA-based system for detecting people from video. The system is designed to use JPEG-compressed frames from a network camera. Unlike previous approaches that use techniques such as background subtraction and motion detection, we use a machine-learning-based approach to train an accurate detector. We address the hardware design challenges involved in implementing such a detector, along with JPEG decompression, on an FPGA. We also present an algorithm that efficiently combines JPEG decompression with the detection process. This algorithm carries out the inverse DCT step of JPEG decompression only partially. Therefore, it is computationally more efficient and simpler to implement, and it takes up less space on the chip than the full inverse DCT algorithm. The system is demonstrated on an automated video surveillance application and the performance of both hardware and software implementations is analyzed. The results show that the system can detect people accurately at a rate of about 2.5 frames per second on a Virtex-II 2V1000 using a MicroBlaze processor running at 75Ã¢Â€Â‰MHz, communicating with dedicated hardware over FSL links.
Naumann, Christopher Lindsay
As a part of the ANTARES neutrino telescope, the AMADEUS (ANTARES Modules for Acoustic Detection Under the Sea) system is an array of acoustical sensors designed to investigate the possibilities of acoustic detection of ultra-high energy neutrinos in the deep sea. The complete system will comprise a total of 36 acoustic sensors in six clusters on two of the ANTARES detector lines. With an inter-sensor spacing of about one metre inside the clusters and between 15 and 340 metres between the different clusters, it will cover a wide range of distances as will as provide a considerable lever arm for point source triangulation. Three of these clusters have already been deployed in 2007 and have been in operation since, currently yielding around 2GB of acoustic data per day. The remaining three clusters are scheduled to be deployed in May 2008 together with the final ANTARES detector line. Apart from proving the feasibility of operating an acoustic detection system in the deep sea, the main aim of this project is an in-depth survey of both the acoustic properties of the sea water and the acoustic background present at the detector site. It will also serve as a platform for the development and refinement of triggering, filtering and reconstruction algorithms for acoustic particle detection. In this presentation, a description of the acoustic sensor and read-out system is given, together with examples for the reconstruction and evaluation of the acoustic data.
In this paper, we propose a hybrid interpretation of the cardiovascular system. Based on a model proposed by Simaan et al. (2009), we study the problem of detecting cardiovascular anomalies that can be caused by variations in some physiological parameters, using an observerbased approach. We present the first numerical results obtained. © 2012 IFAC.
Grau Carles, P.; Grau Malonda, A.
In this paper three new statistical theorems are demonstrated and applied. These theorems simplify very much the obtention of the formulae to compute the counting efficiency when the detection system is formed by several photomultipliers associated in coincidence and sum. These theorems are applied to several photomultiplier arrangements in order to show their potential and the application way. (Author) 6 refs
Hakonson, T.E.; Cline, J.F.; Rickard, W.H.
intrusion of plants and animals into shallow land burial sites with subsequent mobilization of toxic and radiotoxic materials has occured. Based on recent pathway modeling studies, such intrusions can contribute to the dose received by man. This paper describes past work on developing biological intrusion barrier systems for application to large volume waste site stabilization. State-of-the-art concepts employing rock and chemical barriers are discussed relative to long term serviceability and cost of application. The interaction of bio-intrusion barrier systems with other processes affecting trench cover stability are discussed to ensure that trench cover designs minimize the potential dose to man. 3 figures, 6 tables
Morel, R.S.; Gonzales, D.; Mniszewski, S.
The chemical detection, identification, and analysis system (CDIAS) has three major goals. The first is to display safety information regarding chemical environment before personnel entry. The second is to archive personnel exposure to the environment. Third, the system assists users in identifying the stage of a chemical process in progress and suggests safety precautions associated with that process. In addition to these major goals, the system must be sufficiently compact to provide transportability, and it must be extremely simple to use in order to keep user interaction at a minimum. The system created to meet these goals includes several pieces of hardware and the integration of four software packages. The hardware consists of a low-oxygen, carbon monoxide, explosives, and hydrogen sulfide detector; an ion mobility spectrometer for airborne vapor detection; and a COMPAQ 386/20 portable computer. The software modules are a graphics kernel, an expert system shell, a data-base management system, and an interface management system. A supervisory module developed using the interface management system coordinates the interaction of the other software components. The system determines the safety of the environment using conventional data acquisition and analysis techniques. The low-oxygen, carbon monoxide, hydrogen sulfide, explosives, and vapor detectors are monitored for hazardous levels, and warnings are issued accordingly
Ertoz, Levent; Lazarevic, Aleksandar; Eilertson, Eric; Tan, Pang-Ning; Dokas, Paul; Kumar, Vipin; Srivastava, Jaideep
This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.
Gozani, T.; Shea, P.M.; Sawa, Z.P.
This patent describes an explosive detection system. It comprises a source of neutrons; a detector array comprising a plurality of gamma ray detectors, each of the gamma ray detectors providing a detection signal in the event a gamma ray is captured by the detector, and at least one neutron detector, the neutron detector providing a neutron detection signal in the event a neutron is captured by the neutron detector; means for irradiating an object being examined with neutrons from the neutron source and for positioning the detector array relative to the object so that gamma rays emitted from the elements within the object as a result of the neutron irradiation are detected by the gamma ray detectors of the detector array; and parallel distributed processing means responsive to the detection signals of the detector array for discriminating between objects carrying explosives and objects not carrying explosives, the parallel distributed processing means including an artificial neural system (ANS), the ANS having a parallel network of processors, each processor of the parallel network of processors, each processor of the parallel network of processors including means for receiving at least one input signal, and means for generating an output signal as a function of the at least one input signal