Detection of complex cyber attacks

Science.gov (United States)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

Applying a weighted random forests method to extract karst sinkholes from LiDAR data

Science.gov (United States)

Zhu, Junfeng; Pierskalla, William P.

2016-02-01

Detailed mapping of sinkholes provides critical information for mitigating sinkhole hazards and understanding groundwater and surface water interactions in karst terrains. LiDAR (Light Detection and Ranging) measures the earth's surface in high-resolution and high-density and has shown great potentials to drastically improve locating and delineating sinkholes. However, processing LiDAR data to extract sinkholes requires separating sinkholes from other depressions, which can be laborious because of the sheer number of the depressions commonly generated from LiDAR data. In this study, we applied the random forests, a machine learning method, to automatically separate sinkholes from other depressions in a karst region in central Kentucky. The sinkhole-extraction random forest was grown on a training dataset built from an area where LiDAR-derived depressions were manually classified through a visual inspection and field verification process. Based on the geometry of depressions, as well as natural and human factors related to sinkholes, 11 parameters were selected as predictive variables to form the dataset. Because the training dataset was imbalanced with the majority of depressions being non-sinkholes, a weighted random forests method was used to improve the accuracy of predicting sinkholes. The weighted random forest achieved an average accuracy of 89.95% for the training dataset, demonstrating that the random forest can be an effective sinkhole classifier. Testing of the random forest in another area, however, resulted in moderate success with an average accuracy rate of 73.96%. This study suggests that an automatic sinkhole extraction procedure like the random forest classifier can significantly reduce time and labor costs and makes its more tractable to map sinkholes using LiDAR data for large areas. However, the random forests method cannot totally replace manual procedures, such as visual inspection and field verification.

Sinkholes

Science.gov (United States)

Kaufmann, James E.

2007-01-01

Sinkholes are a common feature in Missouri where limestone and dolomite outcrop. Though often considered a benign nuisance, sudden, catastrophic collapses can destroy property, delay construction projects, and contaminate ground water resources.

Sinkhole flooding in Murfreesboro, Rutherford County, Tennessee, 2001-02

Science.gov (United States)

Bradley, Michael W.; Hileman, Gregg Edward

2006-01-01

The U.S. Geological Survey, in cooperation with the City of Murfreesboro, Tennessee, conducted an investigation from January 2001 through April 2002 to delineate sinkholes and sinkhole watersheds in the Murfreesboro area and to characterize the hydrologic response of sinkholes to major rainfall events. Terrain analysis was used to define sinkholes and delineate the sinkhole drainage areas. Flooding in 78 sinkholes in three focus areas was identified and tracked using aerial photography following three major storms in February 2001, January 2002, and March 2002. The three focus areas are located to the east, north, and northwest of Murfreesboro and are underlain primarily by the Ridley Limestone with some outcrops of the underlying Pierce Limestone. The observed sinkhole flooding is controlled by water inflow, water outflow, and the degree of the hydraulic connection (connectivity) to a ground-water conduit system. The observed sinkholes in the focus areas are grouped into three categories based on the sinkhole morphology and the connectivity to the ground-water system as indicated by their response to flooding. The three types of sinkholes described for these focus areas are pan sinkholes with low connectivity, deep sinkholes with high connectivity, and deep sinkholes with low connectivity to the ground-water conduit system. Shallow, broad pan sinkholes flood as water inflow from a storm inundates the depression at land surface. Water overflow from one pan sinkhole can flow downgradient and become inflow to a sinkhole at a lower altitude. Land-surface modifications that direct more water into a pan sinkhole could increase peak-flood altitudes and extend flood durations. Land-surface modifications that increase the outflow by overland drainage could decrease the flood durations. Road construction or alterations that reduce flow within or between pan sinkholes could result in increased flood durations. Flood levels and durations in the deeper sinkholes observed in

Novel Method For Low-Rate Ddos Attack Detection

Science.gov (United States)

Chistokhodova, A. A.; Sidorov, I. D.

2018-05-01

The relevance of the work is associated with an increasing number of advanced types of DDoS attacks, in particular, low-rate HTTP-flood. Last year, the power and complexity of such attacks increased significantly. The article is devoted to the analysis of DDoS attacks detecting methods and their modifications with the purpose of increasing the accuracy of DDoS attack detection. The article details low-rate attacks features in comparison with conventional DDoS attacks. During the analysis, significant shortcomings of the available method for detecting low-rate DDoS attacks were found. Thus, the result of the study is an informal description of a new method for detecting low-rate denial-of-service attacks. The architecture of the stand for approbation of the method is developed. At the current stage of the study, it is possible to improve the efficiency of an already existing method by using a classifier with memory, as well as additional information.

Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

Directory of Open Access Journals (Sweden)

Jayakumar Kaliappan

2015-01-01

Full Text Available An intrusion detection system (IDS helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU, there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

Machine Learning Methods for Attack Detection in the Smart Grid.

Science.gov (United States)

Ozay, Mete; Esnaola, Inaki; Yarman Vural, Fatos Tunay; Kulkarni, Sanjeev R; Poor, H Vincent

2016-08-01

Attack detection problems in the smart grid are posed as statistical learning problems for different attack scenarios in which the measurements are observed in batch or online settings. In this approach, machine learning algorithms are used to classify measurements as being either secure or attacked. An attack detection framework is provided to exploit any available prior knowledge about the system and surmount constraints arising from the sparse structure of the problem in the proposed approach. Well-known batch and online learning algorithms (supervised and semisupervised) are employed with decision- and feature-level fusion to model the attack detection problem. The relationships between statistical and geometric properties of attack vectors employed in the attack scenarios and learning algorithms are analyzed to detect unobservable attacks using statistical learning methods. The proposed algorithms are examined on various IEEE test systems. Experimental analyses show that machine learning algorithms can detect attacks with performances higher than attack detection algorithms that employ state vector estimation methods in the proposed attack detection framework.

Thwarting Nonintrusive Occupancy Detection Attacks from Smart Meters

Directory of Open Access Journals (Sweden)

Dapeng Man

2017-01-01

Full Text Available Occupancy information is one of the most important privacy issues of a home. Unfortunately, an attacker is able to detect occupancy from smart meter data. The current battery-based load hiding (BLH methods cannot solve this problem. To thwart occupancy detection attacks, we propose a framework of battery-based schemes to prevent occupancy detection (BPOD. BPOD monitors the power consumption of a home and detects the occupancy in real time. According to the detection result, BPOD modifies those statistical metrics of power consumption, which highly correlate with the occupancy by charging or discharging a battery, creating a delusion that the home is always occupied. We evaluate BPOD in a simulation using several real-world smart meter datasets. Our experiment results show that BPOD effectively prevents the threshold-based and classifier-based occupancy detection attacks. Furthermore, BPOD is also able to prevent nonintrusive appliance load monitoring attacks (NILM as a side-effect of thwarting detection attacks.

Robust Detection of Stepping-Stone Attacks

National Research Council Canada - National Science Library

He, Ting; Tong, Lang

2006-01-01

The detection of encrypted stepping-stone attack is considered. Besides encryption and padding, the attacker is capable of inserting chaff packets and perturbing packet timing and transmission order...

Catastrophic sinkhole formation in Kansas: A case study

Science.gov (United States)

Lambrecht, J.L.; Miller, R.D.

2006-01-01

Sinkholes represent a hazard to property and human safety in a wide variety of geologic settings across the globe. In most cases, the subsidence rate of a sinkhole represents the most significant potential impact and risk to public safety. Since 1979, the Kansas Geological Survey has studied numerous sinkholes using high-resolution seismic reflection in an attempt to better understand the mechanisms that control their formation. Most sinkholes in central Kansas form as a result of dissolution of the Permian Hutchinson salt (Figure 1). The fluid source and associated pathway responsible for leaching these bedded evaporites have been natural, anthropogenic, and a combination of both. Sinkholes have been a part of the landscape in the North American midcontinent long before modern oil, gas, and mineral exploration, but clearly the activities of man have played a significant role in both increasing the number of sinkholes and affecting their subsidence rates.

Bubbles, Bubbles, Tremors & Trouble: The Bayou Corne Sinkhole

Science.gov (United States)

Nunn, J. A.

2013-12-01

In May 2012, thermogenic methane bubbles were first observed in Bayou Corne in Assumption Parish, Louisiana. As of July 2013, ninety one bubbling sites have been identified. Gas was also found in the top of the Mississippi River Alluvial Aquifer (MRAA) about 125 ft below the surface. Vent wells drilled into the MRAA have flared more 16 million SCF of gas. Trace amounts of hydrogen sulfide also have been detected. Bayou Corne flows above the Napoleonville salt dome which has been an active area for oil and gas exploration since the 1920s. The dome is also a site of dissolution salt mining which has produced large caverns with diameters of up to 300 ft and heights of 2000 ft. Some caverns are used for storage of natural gas. Microseismic activity was confirmed by an Earthscope seismic station in White Castle, LA in July 2012. An array of microseismic stations set up in the area recorded more than 60 microseismic events in late July and early August, 2012. These microseismic events were located on the western side of the dome. Estimated focal depths are just above the top of salt. In August 2012, a sinkhole developed overnight just to the northwest of a plugged and abandoned brine filled cavern (see figure below). The sinkhole continues to grow in area to more than 20 acres and has consumed a pipeline right of way. The sinkhole is more than 750 ft deep at its center. Microseismic activity was reduced for several months following the formation of the sinkhole. Microseismic events have reoccurred episodically since then with periods of frequent events preceding slumping of material into the sinkhole or a 'burp' where fluid levels in the sinkhole drop and then rebound followed by a decrease in microseismic activity. Some gas and/or oil may appear at the surface of the sinkhole following a 'burp'. Very long period events also have been observed which are believed to be related to subsurface fluid movement. A relief well drilled into the abandoned brine cavern found that

Sinkhole occurrence in consequence of heavy rainstorms

Science.gov (United States)

Parise, Mario; Pisano, Luca; Vennari, Carmela

2016-04-01

Sinkholes, the most typical geological hazard in karst, are widespread in Apulia (south-eastern Italy), due to the presence in about the whole region of soluble rocks. Sinkholes can cause damage to private property and civil infrastructures such as buildings and roads. Detailed mapping of sinkholes is critical in understanding the hydrological processes, beside being extremely useful to mitigate the related geological risk. Sinkholes typically function as a major connection between the water flowing at the surface and the groundwaters, by collecting rainfall and rapidly draining it within the bedrock. In Apulia, the main risk to the humans is generally linked to anthropogenic sinkholes, with the possibility of collapses related to man-made caves (quarries, mines, civil settlements, etc.; see Parise, 2012, 2015a). Natural sinkholes are less frequent, or appears at least to be less reported, since they generally occur in rural areas, and often are rapidly canceled by landowners. During the first week of September 2014, the Gargano Promontory (northern Apulia) was affected by an intense storm, characterized by rainfall cumulates well above the seasonal mean values. The total amount of measured rainfall for the whole event (covering the period from September 1, to September 6, 2014) reached a peak of over 500 mm (Martinotti et al., 2015). As a response to the storm, and due to peculiarity of the Gargano karst setting, several geo-hazards (different types of slope failures, floods and sinkholes) were recorded over an area of 2300 km2. As regards sinkholes, during the September 2014 storm, at least a dozen of phenomena, mostly of small size, were documented. These are prevailingly concentrated in two areas in the surroundings of the towns of San Marco in Lamis and Monte Sant'Angelo. In particular, at San Marco in Lamis, four sinkholes (the deepest about 6 m-deep and 5 m-wide, showing at the bottom the upper portion of the epikarst, with pinnacles of limestone rocks

Deformation analysis of a sinkhole in Thuringia using multi-temporal multi-view stereo 3D reconstruction data

Science.gov (United States)

Petschko, Helene; Goetz, Jason; Schmidt, Sven

2017-04-01

Sinkholes are a serious threat on life, personal property and infrastructure in large parts of Thuringia. Over 9000 sinkholes have been documented by the Geological Survey of Thuringia, which are caused by collapsing hollows which formed due to solution processes within the local bedrock material. However, little is known about surface processes and their dynamics at the flanks of the sinkhole once the sinkhole has shaped. These processes are of high interest as they might lead to dangerous situations at or within the vicinity of the sinkhole. Our objective was the analysis of these deformations over time in 3D by applying terrestrial photogrammetry with a simple DSLR camera. Within this study, we performed an analysis of deformations within a sinkhole close to Bad Frankenhausen (Thuringia) using terrestrial photogrammetry and multi-view stereo 3D reconstruction to obtain a 3D point cloud describing the morphology of the sinkhole. This was performed for multiple data collection campaigns over a 6-month period. The photos of the sinkhole were taken with a Nikon D3000 SLR Camera. For the comparison of the point clouds the Multiscale Model to Model Comparison (M3C2) plugin of the software CloudCompare was used. It allows to apply advanced methods of point cloud difference calculation which considers the co-registration error between two point clouds for assessing the significance of the calculated difference (given in meters). Three Styrofoam cuboids of known dimensions (16 cm wide/29 cm high/11.5 cm deep) were placed within the sinkhole to test the accuracy of the point cloud difference calculation. The multi-view stereo 3D reconstruction was performed with Agisoft Photoscan. Preliminary analysis indicates that about 26% of the sinkhole showed changes exceeding the co-registration error of the point clouds. The areas of change can mainly be detected on the flanks of the sinkhole and on an earth pillar that formed in the center of the sinkhole. These changes describe

ERT-based Investigation of a Sinkhole in Greene County, Missouri

Directory of Open Access Journals (Sweden)

Aleksandra V. Varnavina

2016-05-01

Full Text Available Investigating sinkhole morphology and formation mechanisms is key to understanding their long term impact and susceptibility to development, and aids in the design of effective mitigation measures. In this study, ERT (electrical resistivity tomography, MASW (multichannel analysis of surface waves and borehole data were used to image the subsurface morphology of an active sinkhole in Greene County, Missouri. The study reveals that the sinkhole developed along a natural surface drainage pathway above a pervasively fractured limestone. The subsurface image of the sinkhole depicts a zone of near-vertical water seepage and soil piping. Based on the nature of the overburden material, and the morphology and current/past surface expression of the sinkhole, it is concluded that the sinkhole is predominantly a cover subsidence type of sinkhole. However, it is possible that minor cover collapse occurred locally and in an area slightly to the north of the current active sinkhole.

Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis.

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

2015-01-01

Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

2015-01-01

Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim’ based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks. PMID:26222882

Detection of sinkholes or anomalies using full seismic wave fields : [research summary].

Science.gov (United States)

2013-04-01

Sinkholes are a common feature of Floridas geology. The limestone that runs throughout the state is acted upon by the constant flow of water, both above and below ground, that changes with wet and dry seasons. Subsurface voids can form, causing ov...

TAWS: TABLE ASSISTED WALK STRATEGY IN CLONE ATTACK DETECTION

Directory of Open Access Journals (Sweden)

J Sybi Cynthia

2016-12-01

Full Text Available Wireless Sensor Networks (WSNs deployed in the destructive atmosphere are susceptible to clone attacks. Clone attack in wireless sensor network is a complicated problem because it deployed in hostile environments, and also the nodes could be physically compromised by an adversary. For valuable clone attack detection, the selection criteria play an important role in the proposed work. In this paper, it has been classified the existing detection schemes regarding device type, detection methodologies, deployment strategies and detection ranges and far explore various proposals in deployment based selection criteria category. And also this paper provides a review of detection methodology based on various clone attack detection techniques. It is also widely agreed that clones should be detected quickly as possible with the best optional. Our work is exploratory in that the proposed algorithm concern with table assisted random walk with horizontal and vertical line, frequent level key change and revokes the duplicate node. Our simulation results show that it is more efficient than the detection criteria in terms of security feature, and in detection rate with high resiliency. Specifically, it concentrates on deployment strategy which includes grid based deployment technique. These all come under the selection criteria for better security performance. Our protocol analytically provides effective and clone attack detection capability of robustness.

Quantifying potential recharge in mantled sinkholes using ERT.

Science.gov (United States)

Schwartz, Benjamin F; Schreiber, Madeline E

2009-01-01

Potential recharge through thick soils in mantled sinkholes was quantified using differential electrical resistivity tomography (ERT). Conversion of time series two-dimensional (2D) ERT profiles into 2D volumetric water content profiles using a numerically optimized form of Archie's law allowed us to monitor temporal changes in water content in soil profiles up to 9 m in depth. Combining Penman-Monteith daily potential evapotranspiration (PET) and daily precipitation data with potential recharge calculations for three sinkhole transects indicates that potential recharge occurred only during brief intervals over the study period and ranged from 19% to 31% of cumulative precipitation. Spatial analysis of ERT-derived water content showed that infiltration occurred both on sinkhole flanks and in sinkhole bottoms. Results also demonstrate that mantled sinkholes can act as regions of both rapid and slow recharge. Rapid recharge is likely the result of flow through macropores (such as root casts and thin gravel layers), while slow recharge is the result of unsaturated flow through fine-grained sediments. In addition to developing a new method for quantifying potential recharge at the field scale in unsaturated conditions, we show that mantled sinkholes are an important component of storage in a karst system.

WAC Bennett Dam - the characterization of a crest sinkhole

Energy Technology Data Exchange (ETDEWEB)

Stewart, R.A.; Gaffran, P.C. [British Columbia Hydro, Burnaby, BC (Canada); Watts, B.D. [Klohn-Crippen Consultants Ltd., Richmond, BC (Canada); Sobkowicz, J.C. [Thurber Engineering Ltd., Vancouver, BC (Canada); Kupper, A.G. [AGRA Earth and Environmental, Edmonton, AB (Canada)

1998-11-01

In June, 1996, a small hole was discovered in the asphaltic concrete road on the crest of the 183 m high WAC Bennett Dam on the Peace River in northeastern British Columbia. Examination of the hole resulted in a sinkhole on the dam crest. The sinkhole was 2.5 m in diameter and 7 m deep. Speculation was that the cavity was likely associated in some way with a buried survey benchmark tube. An investigation was immediately planned and executed to characterize the sinkhole, to determine the extent of damage and the safety status of this very large dam. British Columbia`s Dam Safety Regulator made the decision to lower the reservoir level. During the reservoir drawdown, various surface geophysical techniques were used to investigate the condition of the dam beyond the sinkholes. Intrusive investigations of the sinkhole were also planned. This involved trial drilling and downhole geophysical surveys in intact portions of the core at locations far from the sinkhole. The objectives and criteria developed for the investigation program are summarized. Scope of key activities at the sinkhole and important lessons learned during the investigation are also described. 9 refs., 15 figs.

VoIP attacks detection engine based on neural network

Science.gov (United States)

Safarik, Jakub; Slachta, Jiri

2015-05-01

The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

Cyber Security Audit and Attack Detection Toolkit

Energy Technology Data Exchange (ETDEWEB)

Peterson, Dale

2012-05-31

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

Comparison of a new GIS-based technique and a manual method for determining sinkhole density: An example from Illinois' sinkhole plain

Science.gov (United States)

Angel, J.C.; Nelson, D.O.; Panno, S.V.

2004-01-01

A new Geographic Information System (GIS) method was developed as an alternative to the hand-counting of sinkholes on topographic maps for density and distribution studies. Sinkhole counts were prepared by hand and compared to those generated from USGS DLG data using ArcView 3.2 and the ArcInfo Workstation component of ArcGIS 8.1 software. The study area for this investigation, chosen for its great density of sinkholes, included the 42 public land survey sections that reside entirely within the Renault Quadrangle in southwestern Illinois. Differences between the sinkhole counts derived from the two methods for the Renault Quadrangle study area were negligible. Although the initial development and refinement of the GIS method required considerably more time than counting sinkholes by hand, the flexibility of the GIS method is expected to provide significant long-term benefits and time savings when mapping larger areas and expanding research efforts. ?? 2004 by The National Speleological Society.

Attack Pattern Analysis Framework for a Multiagent Intrusion Detection System

Directory of Open Access Journals (Sweden)

Krzysztof Juszczyszyn

2008-08-01

Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.

Mapping and predicting sinkholes by integration of remote sensing and spectroscopy methods

Science.gov (United States)

Goldshleger, N.; Basson, U.; Azaria, I.

2013-08-01

The Dead Sea coastal area is exposed to the destructive process of sinkhole collapse. The increase in sinkhole activity in the last two decades has been substantial, resulting from the continuous decrease in the Dead Sea's level, with more than 1,000 sinkholes developing as a result of upper layer collapse. Large sinkholes can reach 25 m in diameter. They are concentrated mainly in clusters in several dozens of sites with different characteristics. In this research, methods for mapping, monitoring and predicting sinkholes were developed using active and passive remote-sensing methods: field spectrometer, geophysical ground penetration radar (GPR) and a frequency domain electromagnetic instrument (FDEM). The research was conducted in three stages: 1) literature review and data collection; 2) mapping regions abundant with sinkholes in various stages and regions vulnerable to sinkholes; 3) analyzing the data and translating it into cognitive and accessible scientific information. Field spectrometry enabled a comparison between the spectral signatures of soil samples collected near active or progressing sinkholes, and those collected in regions with no visual sign of sinkhole occurrence. FDEM and GPR investigations showed that electrical conductivity and soil moisture are higher in regions affected by sinkholes. Measurements taken at different time points over several seasons allowed monitoring the progress of an 'embryonic' sinkhole.

Advances in detecting localized road damage due to sinkholes induced by engineering works using high resolution RASARSAT-2 data

Science.gov (United States)

Chen, J.; Zebker, H. A.; Lakshmi, V.

2016-12-01

Sinkholes often occur in karst terrains such as found in central and eastern Pennsylvania. Voids produced by dissolution of carbonate rocks can result in soil transport leading to localized, gradual or rapid, sinking of the land surface. A cluster of sinkholes developed in 2000 around a small rural community beside Bushkill creek near a limestone quarry, and severely destroyed road bridges and railway tracks. At a cost of $6 million, the Pennsylvania DoT replaced the bridge, which was damaged again in 2004 by newly developed sinkholes likely associated with quarry's pumping activity. Here we present high-resolution spaceborne interferometric radar images of sinkhole development on this community. We show that this technique may be used to monitor regions with high sinkhole damage risk and assist future infrastructure route planning, especially in rural areas where hydrogeologic information is limited. Specifically, we processed 66 RADARSAT-2 interferograms to extract deformation occurred over Bushkill creek between Jun. 2015 and Mar. 2016 with a temporal resolution of 24 days. We advanced recent persistent scatterer techniques to preserve meter-level spatial resolution in the interferograms while minimizing temporal decorrelation and phase unwrapping error. We observe periodic deformation due to pumping activity at the quarry and localized subsidence along Bushkill creek that is co-located with recent reported sinkholes. We plan to use the automatic processing techniques developed for this study to study road damage in another region in Pennsylvania, along Lewiston Narrows, and also to monitor urban infrastructure improvements in Seattle, both again with RASARSAT-2 data. Our results demonstrate that recent advances in satellite geodesy can be transferred to benefit society beyond the science community.

Sleep Deprivation Attack Detection in Wireless Sensor Network

Science.gov (United States)

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-02-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maximize the power consumption of sensor nodes, so that their lifetime is minimized. Most of the existing works on sleep deprivation attack detection involve a lot of overhead, leading to poor throughput. The need of the day is to design a model for detecting intrusions accurately in an energy efficient manner. This paper proposes a hierarchical framework based on distributed collaborative mechanism for detecting sleep deprivation torture in wireless sensor network efficiently. Proposed model uses anomaly detection technique in two steps to reduce the probability of false intrusion.

Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions

NARCIS (Netherlands)

M.M.J. Stevens (Marc); D. Shumow

2017-01-01

textabstractCounter-cryptanalysis, the concept of using cryptanalytic techniques to detect cryptanalytic attacks, was introduced by Stevens at CRYPTO 2013 [22] with a hash collision detection algorithm. That is, an algorithm that detects whether a given single message is part of a colliding message

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

KAUST Repository

Bouyeddou, Benamar

2017-12-14

Accurate detection of cyber-attacks plays a central role in safeguarding computer networks and information systems. This paper addresses the problem of detecting SYN flood attacks, which are the most popular Denial of Service (DoS) attacks. Here, we compare the detection capacity of three commonly monitoring charts namely, a Shewhart chart, a Cumulative Sum (CUSUM) control chart and exponentially weighted moving average (EWMA) chart, in detecting SYN flood attacks. The comparison study is conducted using the publicly available benchmark datasets: the 1999 DARPA Intrusion Detection Evaluation Datasets.

Sinkhole Susceptibility Analysis for Karapinar/konya via Multi Criteria Decision

Science.gov (United States)

Sarı, F.

2017-11-01

Sinkholes are being a natural hazard which threads economic and human life. Sudden occurrence characteristic of sinkholes make it unable to escape. There are a lot of factor that activate sinkholes such as geology, irrigation, land use and human related factors. In Karapınar, Konya, there are over 200 sinkholes and this count is getting increased in recent years. Especially active agricultural lands, decreasing ground water level, extreme irrigation by 55267 water wells increase the risk factor of Karapınar. Nowadays, considering the economic contribution of Karapınar to Turkey economy in the field of agriculture, solar energy fields and thermal reactor which will be planned in next few years, prediction of sinkholes and searching for preventation ways are being more important issue. In this study, sinkhole susceptibility map via AHP was carried out for Karapınar in Konya. Slope, land use, elevation, geology, water wells, distance to roads and settlements criteria are included to determine susceptibility. The weights are calculated with AHP for each criterion and generated susceptibility map is overlapped with existing sinkholes. Suggestions and results are shared for this study.

SINKHOLE SUSCEPTIBILITY ANALYSIS FOR KARAPINAR/KONYA VIA MULTI CRITERIA DECISION

Directory of Open Access Journals (Sweden)

F. Sarı

2017-11-01

Full Text Available Sinkholes are being a natural hazard which threads economic and human life. Sudden occurrence characteristic of sinkholes make it unable to escape. There are a lot of factor that activate sinkholes such as geology, irrigation, land use and human related factors. In Karapınar, Konya, there are over 200 sinkholes and this count is getting increased in recent years. Especially active agricultural lands, decreasing ground water level, extreme irrigation by 55267 water wells increase the risk factor of Karapınar. Nowadays, considering the economic contribution of Karapınar to Turkey economy in the field of agriculture, solar energy fields and thermal reactor which will be planned in next few years, prediction of sinkholes and searching for preventation ways are being more important issue. In this study, sinkhole susceptibility map via AHP was carried out for Karapınar in Konya. Slope, land use, elevation, geology, water wells, distance to roads and settlements criteria are included to determine susceptibility. The weights are calculated with AHP for each criterion and generated susceptibility map is overlapped with existing sinkholes. Suggestions and results are shared for this study.

Messaging Attacks on Android: Vulnerabilities and Intrusion Detection

Directory of Open Access Journals (Sweden)

Khodor Hamandi

2015-01-01

Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.

Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

Science.gov (United States)

Kebert, Alan; Barnejee, Bikramjit; Solano, Juan; Solano, Wanda

2013-01-01

The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

International Nuclear Information System (INIS)

Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

2017-01-01

This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarm rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.

DETECTION AND LOCALIZATION OF MULTIPLE SPOOFING ATTACKERS FOR MOBILE WIRELESS NETWORKS

Directory of Open Access Journals (Sweden)

R. Maivizhi

2015-06-01

Full Text Available The openness nature of wireless networks allows adversaries to easily launch variety of spoofing attacks and causes havoc in network performance. Recent approaches used Received Signal Strength (RSS traces, which only detect spoofing attacks in mobile wireless networks. However, it is not always desirable to use these methods as RSS values fluctuate significantly over time due to distance, noise and interference. In this paper, we discusses a novel approach, Mobile spOofing attack DEtection and Localization in WIireless Networks (MODELWIN system, which exploits location information about nodes to detect identity-based spoofing attacks in mobile wireless networks. Also, this approach determines the number of attackers who used the same node identity to masquerade as legitimate device. Moreover, multiple adversaries can be localized accurately. By eliminating attackers the proposed system enhances network performance. We have evaluated our technique through simulation using an 802.11 (WiFi network and an 802.15.4 (Zigbee networks. The results prove that MODELWIN can detect spoofing attacks with a very high detection rate and localize adversaries accurately.

Detecting peripheral-based attacks on the host memory

CERN Document Server

Stewin, Patrick

2015-01-01

This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the host’s main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process – an aspect attackers are quick to exploit.  Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the host’s main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only me...

Sinkhole remediation at Swinging Bridge Dam

Energy Technology Data Exchange (ETDEWEB)

Jones, A. [Devine Tarbell and Associates, Portland, ME (United States)

2009-07-01

This case history summary described a piping-related sinkhole that occurred after a flood at the Swinging Bridge Dam. The earth-filled embankment dam was constructed using a hydraulic fill technique. A foundation drilling and grouting program was constructed in areas of the dam founded on jointed sandstone and shale. The storage volumes of the reservoir is 32,000 acre-feet. A sinkhole 25 to 300 feet in diameter was observed on May 5, 2005 along the edge of the dam crest. The sinkhole extended to within 10 feet of the reservoir and was separated by a shallow berm of soil and driftwood. Cracking of the crest extended across an area of 180 feet. Operations staff notified the appropriate agencies, implemented a monitoring program, and mobilized construction equipment and sands for use as emergency sinkhole filler. An increase in tailrace turbidity was observed. Historical records for the dam showed significant cracking during the initial filling of the reservoir. Failure modes included increased pore pressures and seepages resulting in the piping of soil along the outside of the dam conduit. Emergency repairs included chemical grouting and weld repairs in the penstocks. A Federal Emergency Management Agency (FEMA) is currently addressing safety issues associated with conduits through dams. 4 refs., 11 figs.

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

KAUST Repository

Bouyeddou, Benamar; Harrou, Fouzi; Sun, Ying; Kadri, Benamar

2017-01-01

Accurate detection of cyber-attacks plays a central role in safeguarding computer networks and information systems. This paper addresses the problem of detecting SYN flood attacks, which are the most popular Denial of Service (DoS) attacks. Here, we

Hybrid Intrusion Detection System for DDoS Attacks

Directory of Open Access Journals (Sweden)

Özge Cepheli

2016-01-01

Full Text Available Distributed denial-of-service (DDoS attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS, for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

Active Detection for Exposing Intelligent Attacks in Control Systems

Energy Technology Data Exchange (ETDEWEB)

Weerakkody, Sean [Carnegie Mellon Univ., Pittsburgh, PA (United States); Ozel, Omur [Carnegie Mellon Univ., Pittsburgh, PA (United States); Griffioen, Paul [Carnegie Mellon Univ., Pittsburgh, PA (United States); Sinopoli, Bruno [Carnegie Mellon Univ., Pittsburgh, PA (United States)

2017-07-01

In this paper, we consider approaches for detecting integrity attacks carried out by intelligent and resourceful adversaries in control systems. Passive detection techniques are often incorporated to identify malicious behavior. Here, the defender utilizes finely-tuned algorithms to process information and make a binary decision, whether the system is healthy or under attack. We demonstrate that passive detection can be ineffective against adversaries with model knowledge and access to a set of input/output channels. We then propose active detection as a tool to detect attacks. In active detection, the defender leverages degrees of freedom he has in the system to detect the adversary. Specifically, the defender will introduce a physical secret kept hidden from the adversary, which can be utilized to authenticate the dynamics. In this regard, we carefully review two approaches for active detection: physical watermarking at the control input, and a moving target approach for generating system dynamics. We examine practical considerations for implementing these technologies and discuss future research directions.

Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information

Directory of Open Access Journals (Sweden)

Chundong Wang

2018-03-01

Full Text Available With the development of the Internet-of-Things (IoT, wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI. This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI. Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks.

Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information.

Science.gov (United States)

Wang, Chundong; Zhu, Likun; Gong, Liangyi; Zhao, Zhentang; Yang, Lei; Liu, Zheli; Cheng, Xiaochun

2018-03-15

With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI). This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI). Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks.

Patrol Detection for Replica Attacks on Wireless Sensor Networks

OpenAIRE

Wang, Liang-Min; Shi, Yang

2011-01-01

Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by d...

Detection of network attacks based on adaptive resonance theory

Science.gov (United States)

Bukhanov, D. G.; Polyakov, V. M.

2018-05-01

The paper considers an approach to intrusion detection systems using a neural network of adaptive resonant theory. It suggests the structure of an intrusion detection system consisting of two types of program modules. The first module manages connections of user applications by preventing the undesirable ones. The second analyzes the incoming network traffic parameters to check potential network attacks. After attack detection, it notifies the required stations using a secure transmission channel. The paper describes the experiment on the detection and recognition of network attacks using the test selection. It also compares the obtained results with similar experiments carried out by other authors. It gives findings and conclusions on the sufficiency of the proposed approach. The obtained information confirms the sufficiency of applying the neural networks of adaptive resonant theory to analyze network traffic within the intrusion detection system.

Temporal Cyber Attack Detection.

Energy Technology Data Exchange (ETDEWEB)

Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-11-01

Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

Growth of a sinkhole in a seismic zone of the Northern Apennines (Italy)

OpenAIRE

Rosa, Alessandro; Pagli, Carolina; Molli, Giancarlo; Casu, Francesco; Luca, Claudio; Pieroni, Amerino

2018-01-01

Sinkhole collapse is a major hazard causing substantial social and economic losses. However, the surface deformations and sinkhole evolution are rarely recorded, as these sites are known mainly after a collapse, making the assessment of sinkholes-related hazard challenging. Furthermore, 40 % of the sinkholes of Italy are in seismically hazardous zones; it remains unclear whether seismicity may trigger sinkhole collapse. Here we use a multidisciplinary dataset of InSAR, surface mapping ...

Patrol Detection for Replica Attacks on Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Yang Shi

2011-02-01

Full Text Available Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by discussing and comparing the communication cost and detection probability with some existing methods.

Single-station seismic noise measures, microgravity, and 3D electrical tomographies to assess the sinkhole susceptibility: the "Il Piano" area (Elba Island - Italy) case study

Science.gov (United States)

Pazzi, Veronica; Di Filippo, Michele; Di Nezza, Maria; Carlà, Tommaso; Bardi, Federica; Marini, Federico; Fontanelli, Katia; Intrieri, Emanuele; Fanti, Riccardo

2017-04-01

Sudden subsurface collapse, cavities, and surface depressions, regardless of shape and origin, as well as doline are currently indicate by means of the term "sinkhole". This phenomenon can be classified according to a large variety of different schemes, depending on the dominant formation processes (soluble rocks karstic processes, acidic groundwater circulation, anthropogenic caves, bedrock poor geomechanical properties), and on the geological scenario behind the development of the phenomenon. Considering that generally sinkholes are densely clustered in "sinkhole prone areas", detection, forecasting, early warning, and effective monitoring are key aspects in sinkhole susceptibility assessment and risk mitigation. Nevertheless, techniques developed specifically for sinkhole detection, forecasting and monitoring are missing, probably because of a general lack of sinkhole risk awareness, and an intrinsic difficulties involved in detecting precursory sinkhole deformations before collapse. In this framework, integration of different indirect/non-invasive geophysical methods is the best practice approach. In this paper we present the results of an integrated geophysical survey at "Il Piano" (Elba Island - Italy), where at least nine sinkholes occurred between 2008 and 2014. 120 single-station seismic noise measures, 17 3D electrical tomographies (min area 140.3 m2, max area 10,188.9 m2; min electrode spacing 2 m, max electrode spacing 5 m), 964 measurement of microgravity spaced in a grid of 6 m to 8 m were carried out at the study area. The most likely origin for these sinkholes was considered related to sediment net erosion from the alluvium, caused by downward water circulation between aquifers. Therefore, the goals of the study were: i) obtaining a suitable geological and hydrogeological model of the area; ii) detecting possible cavities which could evolve in sinkholes, and finally iii) assess the sinkhole susceptibility of the area. Among the results of the

A remote sensing evaluation of potential for sinkhole occurrence

Science.gov (United States)

Casper, J.; Ruth, B.; Degner, J. (Principal Investigator)

1981-01-01

The relationship between lowering of the water table and sinkhole development in Pierson and in Hillsborough County, Florida was investigated. The locations of recently developed (1973) collapses were examined with respect to lineaments or fracture traces that are expressed in the terrain and visible in aerial photography and satellite imagery. It was anticipated that these relationships would provide the basis for establishment of criteria for mapping those land areas that have the greatest potential for sinkhole development. A very good correlation was found between mapped lineament intersections and known location of sinkhole occurrences for both study areas. This indicates that lineament and fracture trace mapping may be very useful in locating zones with the greatest potential for sinkhole development. It is further shown that this information is quite beneficial in land use planning applications.

Into the Abyss: The Case of the Collapsing Sinkhole.

Science.gov (United States)

Ozsvath, David L.

2000-01-01

Presents a case study to teach about the relationship between sinkhole development and groundwater levels in Orlando, Florida. Discusses the relationship between groundwater levels and sinkhole formation in a karst terrane. Includes discussion questions. (YDS)

On resilience studies of system detection and recovery techniques against stealthy insider attacks

Science.gov (United States)

Wei, Sixiao; Zhang, Hanlin; Chen, Genshe; Shen, Dan; Yu, Wei; Pham, Khanh D.; Blasch, Erik P.; Cruz, Jose B.

2016-05-01

With the explosive growth of network technologies, insider attacks have become a major concern to business operations that largely rely on computer networks. To better detect insider attacks that marginally manipulate network traffic over time, and to recover the system from attacks, in this paper we implement a temporal-based detection scheme using the sequential hypothesis testing technique. Two hypothetical states are considered: the null hypothesis that the collected information is from benign historical traffic and the alternative hypothesis that the network is under attack. The objective of such a detection scheme is to recognize the change within the shortest time by comparing the two defined hypotheses. In addition, once the attack is detected, a server migration-based system recovery scheme can be triggered to recover the system to the state prior to the attack. To understand mitigation of insider attacks, a multi-functional web display of the detection analysis was developed for real-time analytic. Experiments using real-world traffic traces evaluate the effectiveness of Detection System and Recovery (DeSyAR) scheme. The evaluation data validates the detection scheme based on sequential hypothesis testing and the server migration-based system recovery scheme can perform well in effectively detecting insider attacks and recovering the system under attack.

Identification, prediction, and mitigation of sinkhole hazards in evaporite karst areas

Science.gov (United States)

Gutierrez, F.; Cooper, A.H.; Johnson, K.S.

2008-01-01

Sinkholes usually have a higher probability of occurrence and a greater genetic diversity in evaporite terrains than in carbonate karst areas. This is because evaporites have a higher solubility and, commonly, a lower mechanical strength. Subsidence damage resulting from evaporite dissolution generates substantial losses throughout the world, but the causes are only well understood in a few areas. To deal with these hazards, a phased approach is needed for sinkhole identification, investigation, prediction, and mitigation. Identification techniques include field surveys and geomorphological mapping combined with accounts from local people and historical sources. Detailed sinkhole maps can be constructed from sequential historical maps, recent topographical maps, and digital elevation models (DEMs) complemented with building-damage surveying, remote sensing, and high-resolution geodetic surveys. On a more detailed level, information from exposed paleosubsidence features (paleokarst), speleological explorations, geophysical investigations, trenching, dating techniques, and boreholes may help in investigating dissolution and subsidence features. Information on the hydrogeological pathways including caves, springs, and swallow holes are particularly important especially when corroborated by tracer tests. These diverse data sources make a valuable database-the karst inventory. From this dataset, sinkhole susceptibility zonations (relative probability) may be produced based on the spatial distribution of the features and good knowledge of the local geology. Sinkhole distribution can be investigated by spatial distribution analysis techniques including studies of preferential elongation, alignment, and nearest neighbor analysis. More objective susceptibility models may be obtained by analyzing the statistical relationships between the known sinkholes and the conditioning factors. Chronological information on sinkhole formation is required to estimate the probability of

Detection of attack-targeted scans from the Apache HTTP Server access logs

Directory of Open Access Journals (Sweden)

Merve Baş Seyyar

2018-01-01

Full Text Available A web application could be visited for different purposes. It is possible for a web site to be visited by a regular user as a normal (natural visit, to be viewed by crawlers, bots, spiders, etc. for indexing purposes, lastly to be exploratory scanned by malicious users prior to an attack. An attack targeted web scan can be viewed as a phase of a potential attack and can lead to more attack detection as compared to traditional detection methods. In this work, we propose a method to detect attack-oriented scans and to distinguish them from other types of visits. In this context, we use access log files of Apache (or ISS web servers and try to determine attack situations through examination of the past data. In addition to web scan detections, we insert a rule set to detect SQL Injection and XSS attacks. Our approach has been applied on sample data sets and results have been analyzed in terms of performance measures to compare our method and other commonly used detection techniques. Furthermore, various tests have been made on log samples from real systems. Lastly, several suggestions about further development have been also discussed.

ERT-based Investigation of a Sinkhole in Greene County, Missouri

OpenAIRE

Aleksandra V. Varnavina; Evgeniy V. Torgashov; Neil L. Anderson; Shishay T. Kidanu

2016-01-01

Investigating sinkhole morphology and formation mechanisms is key to understanding their long term impact and susceptibility to development, and aids in the design of effective mitigation measures. In this study, ERT (electrical resistivity tomography), MASW (multichannel analysis of surface waves) and borehole data were used to image the subsurface morphology of an active sinkhole in Greene County, Missouri. The study reveals that the sinkhole developed along a natural surface drainage pathw...

A Cyber-Attack Detection Model Based on Multivariate Analyses

Science.gov (United States)

Sakai, Yuto; Rinsaka, Koichiro; Dohi, Tadashi

In the present paper, we propose a novel cyber-attack detection model based on two multivariate-analysis methods to the audit data observed on a host machine. The statistical techniques used here are the well-known Hayashi's quantification method IV and cluster analysis method. We quantify the observed qualitative audit event sequence via the quantification method IV, and collect similar audit event sequence in the same groups based on the cluster analysis. It is shown in simulation experiments that our model can improve the cyber-attack detection accuracy in some realistic cases where both normal and attack activities are intermingled.

Study of DSR and AODV under Sinkhole Attack and Its Proposed Prevention Technique

OpenAIRE

Winnie Main; Narendra M. Shekokar

2014-01-01

Mobile Ad-hoc Networks (MANET) are wireless mobile nodes that communicate without any predefined infrastructure. This allows MANETs to be easily setup in geographical and terrestrial constraints. To achieve this kind of communication MANET routing protocols play an important role. Two routing protocols, DSR and AODV are studied in detail. This basic trait of a MANET makes its routing protocols very vulnerable to security attacks. One such attack is the ‘Sinkhole’ attack which ...

Efficient Hybrid Detection of Node Replication Attacks in Mobile Sensor Networks

Directory of Open Access Journals (Sweden)

Ze Wang

2017-01-01

Full Text Available The node replication attack is one of the notorious attacks that can be easily launched by adversaries in wireless sensor networks. A lot of literatures have studied mitigating the node replication attack in static wireless sensor networks. However, it is more difficult to detect the replicas in mobile sensor networks because of their node mobility. Considering the limitations of centralized detection schemes for static wireless sensor networks, a few distributed solutions have been recently proposed. Some existing schemes identified replicated attacks by sensing mobile nodes with identical ID but different locations. To facilitate the discovery of contradictory conflicts, we propose a hybrid local and global detection method. The local detection is performed in a local area smaller than the whole deployed area to improve the meeting probability of contradictory nodes, while the distant replicated nodes in larger area can also be efficiently detected by the global detection. The complementary two levels of detection achieve quick discovery by searching of the replicas with reasonable overhead.

CORS911:Real-Time Subsidence Monitoring of the Napoleonville Salt Dome Sinkhole Using GPS

Science.gov (United States)

Kent, J. D.

2013-12-01

The sinkhole associated with the Napoleonville salt dome in Assumption Parish, Louisiana, threatens the stability of Highway 70 - a state maintained route. To mitigate the potential damaging effects to the highway and address issues of public safety, a program of research and decision support has been implemented to provide long-term measurements of the surface stability using continuous operating GPS reference stations (CORS). Four CORS sites were installed in the vicinity of the sinkhole to measure the horizontal and vertical motions of each site relative to each other and a fixed location outside the study area. Differential motions measured by a integrity monitoring software are summarized for response agencies tasked with ensuring public safety and stability of the Highway, a designated hurricane evacuation route. Implementation experience and intermediate findings will be shared and discussed. Strategies for monitoring random and systematic biases detected in the system are presented. Figure depicting the location of CORS sites used to monitor surface stability along Highway 70 near the Bayou Corne Sinkhole.

Flow-based detection of IPv6-specific network layer attacks

NARCIS (Netherlands)

Hendriks, Luuk; Velan, Petr; de O. Schmidt, Ricardo; de Boer, Pieter-Tjerk; Pras, Aiko; Tuncer, Daphne; Koch, Robert; Badonne, Rémi; Stiller, Burkhard

2017-01-01

With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been

Using lidar data to analyse sinkhole characteristics relevant for understory vegetation under forest cover-case study of a high karst area in the dinaric mountains.

Directory of Open Access Journals (Sweden)

Milan Kobal

Full Text Available In this article, we investigate the potential for detection and characterization of sinkholes under dense forest cover by using airborne laser scanning data. Laser pulse returns from the ground provide important data for the estimation of digital elevation model (DEM, which can be used for further processing. The main objectives of this study were to map and determine the geomorphometric characteristics of a large number of sinkholes and to investigate the correlations between geomorphology and vegetation in areas with such characteristics. The selected study area has very low anthropogenic influences and is particularly suitable for studying undisturbed karst sinkholes. The information extracted from this study regarding the shapes and depths of sinkholes show significant directionality for both orientation of sinkholes and their distribution over the area. Furthermore, significant differences in vegetation diversity and composition occur inside and outside the sinkholes, which indicates their presence has important ecological impacts.

Using lidar data to analyse sinkhole characteristics relevant for understory vegetation under forest cover-case study of a high karst area in the dinaric mountains.

Science.gov (United States)

Kobal, Milan; Bertoncelj, Irena; Pirotti, Francesco; Dakskobler, Igor; Kutnar, Lado

2015-01-01

In this article, we investigate the potential for detection and characterization of sinkholes under dense forest cover by using airborne laser scanning data. Laser pulse returns from the ground provide important data for the estimation of digital elevation model (DEM), which can be used for further processing. The main objectives of this study were to map and determine the geomorphometric characteristics of a large number of sinkholes and to investigate the correlations between geomorphology and vegetation in areas with such characteristics. The selected study area has very low anthropogenic influences and is particularly suitable for studying undisturbed karst sinkholes. The information extracted from this study regarding the shapes and depths of sinkholes show significant directionality for both orientation of sinkholes and their distribution over the area. Furthermore, significant differences in vegetation diversity and composition occur inside and outside the sinkholes, which indicates their presence has important ecological impacts.

Using Lidar Data to Analyse Sinkhole Characteristics Relevant for Understory Vegetation under Forest Cover—Case Study of a High Karst Area in the Dinaric Mountains

Science.gov (United States)

Kobal, Milan; Bertoncelj, Irena; Pirotti, Francesco; Dakskobler, Igor; Kutnar, Lado

2015-01-01

In this article, we investigate the potential for detection and characterization of sinkholes under dense forest cover by using airborne laser scanning data. Laser pulse returns from the ground provide important data for the estimation of digital elevation model (DEM), which can be used for further processing. The main objectives of this study were to map and determine the geomorphometric characteristics of a large number of sinkholes and to investigate the correlations between geomorphology and vegetation in areas with such characteristics. The selected study area has very low anthropogenic influences and is particularly suitable for studying undisturbed karst sinkholes. The information extracted from this study regarding the shapes and depths of sinkholes show significant directionality for both orientation of sinkholes and their distribution over the area. Furthermore, significant differences in vegetation diversity and composition occur inside and outside the sinkholes, which indicates their presence has important ecological impacts. PMID:25793871

Attack Detection/Isolation via a Secure Multisensor Fusion Framework for Cyberphysical Systems

Directory of Open Access Journals (Sweden)

Arash Mohammadi

2018-01-01

Full Text Available Motivated by rapid growth of cyberphysical systems (CPSs and the necessity to provide secure state estimates against potential data injection attacks in their application domains, the paper proposes a secure and innovative attack detection and isolation fusion framework. The proposed multisensor fusion framework provides secure state estimates by using ideas from interactive multiple models (IMM combined with a novel fuzzy-based attack detection/isolation mechanism. The IMM filter is used to adjust the system’s uncertainty adaptively via model probabilities by using a hybrid state model consisting of two behaviour modes, one corresponding to the ideal scenario and one associated with the attack behaviour mode. The state chi-square test is then incorporated through the proposed fuzzy-based fusion framework to detect and isolate potential data injection attacks. In other words, the validation probability of each sensor is calculated based on the value of the chi-square test. Finally, by incorporation of the validation probability of each sensor, the weights of its associated subsystem are computed. To be concrete, an integrated navigation system is simulated with three types of attacks ranging from a constant bias attack to a non-Gaussian stochastic attack to evaluate the proposed attack detection and isolation fusion framework.

Plant distribution-altitude and landform relationships in karstic sinkholes of Mediterranean region of Turkey.

Science.gov (United States)

Ozkan, Kürsad; Gulsoy, Serkan; Mert, Ahmet; Ozturk, Munir; Muys, Bart

2010-01-01

The purpose of this study was to investigate the relationships between the plant distribution and the altitude-shape-size characteristics of sinkholes, and the landform characteristics inside sinkholes in the Mediterranean region of Turkey. Block kriging, Factor analysis, Cluster Analysis and Detrended Correspondence Analysis were performed. The sinkhole type and altitudinal zone were found to be the significant factors affecting the plant distribution. However, the sinkhole type was more important than the altitudinal zone. Hence, the sinkholes were first subdivided into groups according to types and then the groups were divided into subgroups according to the altitudinal zones. Consequently, 4 groups were defined; A-type sinkholes [1400-1550 m (A1), 1550-1700 m (A2)] and B-type sinkholes [1400-1550 (B1), 1550-1700 m (B2)]. The B-type was wider vertically and shorter horizontally than A-type sinkholes. Significant differences were found between the plant distribution and slope position inside the sinkholes. Plant distribution in the lower slopes was different from that in the flats and ridges in the B1 sub-type of B-type. Plant distribution in B2 subtype was different among the slope positions (ridge, middle slope, lower slope, and flat). Although distribution of plants is different in different parts (ridges, upper slope, middle slope, lower slope and basal flats) of A sinkhole, the differences between the parts of intermediate slope position are not significant. A high plant variability along short distances in the sinkholes was observed in the study area. That is why the site of sinkholes have a big potential for the distribution of many species. Hence, the area must be separated as strictly protected zone.

Geology, Surficial - MO 2012 Springfield 100Yr Flood Sinkholes (SHP)

Data.gov (United States)

NSGIC State | GIS Inventory — The layer "100 Yr Flood Sinkholes" is an shapefile feature showing the location of many of the sinkholes found in the Springfield Missouri area. Each of the polygons...

Sinkhole development resulting from ground-water withdrawal in the Tampa area, Florida

Science.gov (United States)

Sinclair, William C.

1982-01-01

The area of municipal well fields on the Gulf Coastal Plain north of tampa, Fla., is densely pitted with natural sinkholes and sinkhole lakes that have resulted from collapse of surficial sand and clay into solution cavities in the underlying carbonate rocks of the Floridan aquifer. Although solution of the underlying rocks is the ultimate cause of sinkholes, some have been induced by abrupt changes in ground-water levels caused by pumping. Declines in water levels cause loss of support to the bedrock roofs over cavities and to surficial material overlying openings in the top of bedrock. The volume of calcium, magnesium , and carbonate (the constituents of limestone and dolomite) in solution in the water withdrawn from four well fields near Tampa totaled about 240,000 cubic feet in 1978. Most induced solution takes place at the limestone surface however, and the area of induced recharge is so extensive that the effect of induced limestone solution on sinkhole development is negligible. Alinement of established sinkholes along joint patterns in the bedrock suggests that a well along these lineations might have direct hydraulic connection with a zone of incipient sinkholes. Therefore, pumping of large-capacity wells along such lineations would increase the probability of sinkhole development. Although sinkholes generally form abruptly in the study area, local changes such as vegetative stress, ponding of rainfall, misalinement of structures, and turbidity in well water are all indications that percollapse subsidence may be taking place. (USGS)

An efficient algorithm for the detection of exposed and hidden wormhole attack

International Nuclear Information System (INIS)

Khan, Z.A.; Rehman, S.U.; Islam, M.H.

2016-01-01

MANETs (Mobile Ad Hoc Networks) are slowly integrating into our everyday lives, their most prominent uses are visible in the disaster and war struck areas where physical infrastructure is almost impossible or very hard to build. MANETs like other networks are facing the threat of malicious users and their activities. A number of attacks have been identified but the most severe of them is the wormhole attack which has the ability to succeed even in case of encrypted traffic and secure networks. Once wormhole is launched successfully, the severity increases by the fact that attackers can launch other attacks too. This paper presents a comprehensive algorithm for the detection of exposed as well as hidden wormhole attack while keeping the detection rate to maximum and at the same reducing false alarms. The algorithm does not require any extra hardware, time synchronization or any special type of nodes. The architecture consists of the combination of Routing Table, RTT (Round Trip Time) and RSSI (Received Signal Strength Indicator) for comprehensive detection of wormhole attack. The proposed technique is robust, light weight, has low resource requirements and provides real-time detection against the wormhole attack. Simulation results show that the algorithm is able to provide a higher detection rate, packet delivery ratio, negligible false alarms and is also better in terms of Ease of Implementation, Detection Accuracy/ Speed and processing overhead. (author)

Presentation Attack Detection for Iris Recognition System Using NIR Camera Sensor

Science.gov (United States)

Nguyen, Dat Tien; Baek, Na Rae; Pham, Tuyen Danh; Park, Kang Ryoung

2018-01-01

Among biometric recognition systems such as fingerprint, finger-vein, or face, the iris recognition system has proven to be effective for achieving a high recognition accuracy and security level. However, several recent studies have indicated that an iris recognition system can be fooled by using presentation attack images that are recaptured using high-quality printed images or by contact lenses with printed iris patterns. As a result, this potential threat can reduce the security level of an iris recognition system. In this study, we propose a new presentation attack detection (PAD) method for an iris recognition system (iPAD) using a near infrared light (NIR) camera image. To detect presentation attack images, we first localized the iris region of the input iris image using circular edge detection (CED). Based on the result of iris localization, we extracted the image features using deep learning-based and handcrafted-based methods. The input iris images were then classified into real and presentation attack categories using support vector machines (SVM). Through extensive experiments with two public datasets, we show that our proposed method effectively solves the iris recognition presentation attack detection problem and produces detection accuracy superior to previous studies. PMID:29695113

Presentation Attack Detection for Iris Recognition System Using NIR Camera Sensor

Directory of Open Access Journals (Sweden)

Dat Tien Nguyen

2018-04-01

Full Text Available Among biometric recognition systems such as fingerprint, finger-vein, or face, the iris recognition system has proven to be effective for achieving a high recognition accuracy and security level. However, several recent studies have indicated that an iris recognition system can be fooled by using presentation attack images that are recaptured using high-quality printed images or by contact lenses with printed iris patterns. As a result, this potential threat can reduce the security level of an iris recognition system. In this study, we propose a new presentation attack detection (PAD method for an iris recognition system (iPAD using a near infrared light (NIR camera image. To detect presentation attack images, we first localized the iris region of the input iris image using circular edge detection (CED. Based on the result of iris localization, we extracted the image features using deep learning-based and handcrafted-based methods. The input iris images were then classified into real and presentation attack categories using support vector machines (SVM. Through extensive experiments with two public datasets, we show that our proposed method effectively solves the iris recognition presentation attack detection problem and produces detection accuracy superior to previous studies.

Presentation Attack Detection for Iris Recognition System Using NIR Camera Sensor.

Science.gov (United States)

Nguyen, Dat Tien; Baek, Na Rae; Pham, Tuyen Danh; Park, Kang Ryoung

2018-04-24

Among biometric recognition systems such as fingerprint, finger-vein, or face, the iris recognition system has proven to be effective for achieving a high recognition accuracy and security level. However, several recent studies have indicated that an iris recognition system can be fooled by using presentation attack images that are recaptured using high-quality printed images or by contact lenses with printed iris patterns. As a result, this potential threat can reduce the security level of an iris recognition system. In this study, we propose a new presentation attack detection (PAD) method for an iris recognition system (iPAD) using a near infrared light (NIR) camera image. To detect presentation attack images, we first localized the iris region of the input iris image using circular edge detection (CED). Based on the result of iris localization, we extracted the image features using deep learning-based and handcrafted-based methods. The input iris images were then classified into real and presentation attack categories using support vector machines (SVM). Through extensive experiments with two public datasets, we show that our proposed method effectively solves the iris recognition presentation attack detection problem and produces detection accuracy superior to previous studies.

Mapping subsurface in proximity to newly-developed sinkhole along roadway.

Science.gov (United States)

2013-02-01

MS&T acquired electrical resistivity tomography profiles in immediate proximity to a newly-developed sinkhole in Nixa Missouri : The sinkhole has closed a well-traveled municipal roadway and threatens proximal infrastructure. The intent of this inves...

Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

NARCIS (Netherlands)

Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.; Kirda, E.; Jha, S.; Balzarotti, D.

Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

Panacea : Automating attack classification for anomaly-based network intrusion detection systems

NARCIS (Netherlands)

Bolzoni, D.; Etalle, S.; Hartel, P.H.; Kirda, E.; Jha, S.; Balzarotti, D.

2009-01-01

Anomaly-based intrusion detection systems are usually criticized because they lack a classification of attacks, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

Panacea : Automating attack classification for anomaly-based network intrusion detection systems

NARCIS (Netherlands)

Bolzoni, D.; Etalle, S.; Hartel, P.H.

2009-01-01

Anomaly-based intrusion detection systems are usually criticized because they lack a classification of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

NARCIS (Netherlands)

Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.

2009-01-01

Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

Global warming causes sinkhole collapse – Case study in Florida, USA

OpenAIRE

Meng, Yan; Jia, Long

2018-01-01

The occurrence frequency and intensity of many natural geohazards, such as landslides, debris flows and earthquakes, have increased in response to global warming. However, the effects of such on development and spread of sinkholes has been largely overlooked. Most research shows that water pumping and related drawdown is the most important factor in sinkhole development, but in this paper evidence is presented which highlights the role played by global warming in causing sinkholes. The state ...

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Directory of Open Access Journals (Sweden)

Lu Zhou

2017-01-01

Full Text Available Low-rate Distributed Denial-of-Service (low-rate DDoS attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.

Monitoring and modeling of sinkhole-related subsidence in west-central Florida mapped from InSAR and surface observations

Science.gov (United States)

Kiflu, H.; Oliver-Cabrera, T.; Robinson, T.; Wdowinski, S.; Kruse, S.

2017-12-01

Sinkholes in Florida cause millions of dollars in damage to infrastructure each year. Methods of early detection of sinkhole-related subsidence are clearly desirable. We have completed two years of monitoring of selected sinkhole-prone areas in west central Florida with XXX data and analysis with XXX algorithms. Filters for selecting targets with high signal-to-noise ratio and subsidence over this time window (XX-2015-XX-2017) are being used to select sites for ground study. A subset of the buildings with InSAR-detected subsidence indicated show clear structural indications of subsidence in the form of cracks in walls and roofs. Comsol Multiphysics models have been developed to describe subsidence at the rates identified from the InSAR analysis (a few mm/year) and on spatial scales observed from surface observations, including structural deformation of buildings and ground penetrating radar images of subsurface deformation (length scales of meters to tens of meters). These models assume cylindrical symmetry and deformation of elastic and poroelastic layers over a growing sphering void.

Evaluation of sinkhole occurrence in the Valley and Ridge Province, East Tennessee: Phase 3

International Nuclear Information System (INIS)

Newton, J.G.; Tanner, J.M.

1987-11-01

Data from a reconnaissance-type inventory of sinkhole occurrence and from more detailed inventories in selected areas were used to determine regional density and frequency of sinkhole occurrence in the Valley and Ridge Province, Tennessee. The overall database consisted of 333 sinkholes of which 211, or 63 percent of the total, were classified as induced. Almost all induced sinkholes resulted from construction activities, such as grading, ditching, and impoundment of water. Extrapolation of data to provide estimates of regional sinkhole density necessitated adjustment of the reconnaissance inventory. Adjustment factors were calculated by comparing reconnaissance inventories from selected areas with those obtained from detailed inventories in the same areas. The number of sinkholes in the detailed inventories was 5 and 8.5 times greater than the number in the reconnaissance inventories

A DoS/DDoS Attack Detection System Using Chi-Square Statistic Approach

Directory of Open Access Journals (Sweden)

Fang-Yie Leu

2010-04-01

Full Text Available Nowadays, users can easily access and download network attack tools, which often provide friendly interfaces and easily operated features, from the Internet. Therefore, even a naive hacker can also launch a large scale DoS or DDoS attack to prevent a system, i.e., the victim, from providing Internet services. In this paper, we propose an agent based intrusion detection architecture, which is a distributed detection system, to detect DoS/DDoS attacks by invoking a statistic approach that compares source IP addresses' normal and current packet statistics to discriminate whether there is a DoS/DDoS attack. It first collects all resource IPs' packet statistics so as to create their normal packet distribution. Once some IPs' current packet distribution suddenly changes, very often it is an attack. Experimental results show that this approach can effectively detect DoS/DDoS attacks.

Detecting unknown attacks in wireless sensor networks that contain mobile nodes.

Science.gov (United States)

Banković, Zorana; Fraga, David; Moya, José M; Vallejo, Juan Carlos

2012-01-01

As wireless sensor networks are usually deployed in unattended areas, security policies cannot be updated in a timely fashion upon identification of new attacks. This gives enough time for attackers to cause significant damage. Thus, it is of great importance to provide protection from unknown attacks. However, existing solutions are mostly concentrated on known attacks. On the other hand, mobility can make the sensor network more resilient to failures, reactive to events, and able to support disparate missions with a common set of sensors, yet the problem of security becomes more complicated. In order to address the issue of security in networks with mobile nodes, we propose a machine learning solution for anomaly detection along with the feature extraction process that tries to detect temporal and spatial inconsistencies in the sequences of sensed values and the routing paths used to forward these values to the base station. We also propose a special way to treat mobile nodes, which is the main novelty of this work. The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques. These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion. The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

SYN Flood Attack Detection in Cloud Computing using Support Vector Machine

Directory of Open Access Journals (Sweden)

Zerina Mašetić

2017-11-01

Full Text Available Cloud computing is a trending technology, as it reduces the cost of running a business. However, many companies are skeptic moving about towards cloud due to the security concerns. Based on the Cloud Security Alliance report, Denial of Service (DoS attacks are among top 12 attacks in the cloud computing. Therefore, it is important to develop a mechanism for detection and prevention of these attacks. The aim of this paper is to evaluate Support Vector Machine (SVM algorithm in creating the model for classification of DoS attacks and normal network behaviors. The study was performed in several phases: a attack simulation, b data collection, cfeature selection, and d classification. The proposedmodel achieved 100% classification accuracy with true positive rate (TPR of 100%. SVM showed outstanding performance in DoS attack detection and proves that it serves as a valuable asset in the network security area.

Development of sinkholes resulting from man's activities in the Eastern United States

Science.gov (United States)

Newton, John G.

1987-01-01

Development of induced sinkholes in carbonate terranes in the Eastern United States has resulted in costly damage and water pollution. Previously, detailed investigations of sinkholes were limited to Alabama and Missouri, with the most comprehensive being in Alabama. An investigation of the remainder of the area was made in 1981 to regionalize previous findings. More than 850 sites of sinkhole development have been identified in 19 States. It is estimated that more than 6,500 sinkholes or related features have formed at these sites. Most have occurred since 1950. Based on information available, States most impacted are Alabama, Florida, Georgia, Missouri, Pennsylvania, and Tennessee.

Results of Integrated Investigation of Collapse Sinkhole in Sarkayevo Village

Directory of Open Access Journals (Sweden)

O. N. Kovin

2014-03-01

Full Text Available The integrated investigations of karstic collapse sinkhole were conducted at the area of Sarkayevo village. The obtained hydrogeologic data show the local concentration of underground water flow at the investigated site, and high sulfate ion content in the water samples that suggests that a sinkhole is karstic in nature. Geophysical investigations allowed determining basic parameters of the site geological structure, to reveal the depth distribution of the disturbed ground in vicinity of the sinkhole, and delineate zones of different soil compaction. The recommendations for detail site study, aimed to the mitigation of further karst development hazards, are presented.

Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

Directory of Open Access Journals (Sweden)

Tongguang Ni

2013-01-01

Full Text Available Distributed denial of service (DDoS attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI. By approximating the adaptive autoregressive (AAR model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2017-01-01

Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed...... network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may...... result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way...

Intrusion detection in cloud computing based attack patterns and risk assessment

Directory of Open Access Journals (Sweden)

Ben Charhi Youssef

2017-05-01

Full Text Available This paper is an extension of work originally presented in SYSCO CONF.We extend our previous work by presenting the initial results of the implementation of intrusion detection based on risk assessment on cloud computing. The idea focuses on a novel approach for detecting cyber-attacks on the cloud environment by analyzing attacks pattern using risk assessment methodologies. The aim of our solution is to combine evidences obtained from Intrusion Detection Systems (IDS deployed in a cloud with risk assessment related to each attack pattern. Our approach presents a new qualitative solution for analyzing each symptom, indicator and vulnerability analyzing impact and likelihood of distributed and multi-steps attacks directed to cloud environments. The implementation of this approach will reduce the number of false alerts and will improve the performance of the IDS.

A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning

Directory of Open Access Journals (Sweden)

Bin Jia

2017-01-01

Full Text Available The explosive growth of network traffic and its multitype on Internet have brought new and severe challenges to DDoS attack detection. To get the higher True Negative Rate (TNR, accuracy, and precision and to guarantee the robustness, stability, and universality of detection system, in this paper, we propose a DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning and design a heuristic detection algorithm based on Singular Value Decomposition (SVD to construct our detection system. Experimental results show that our detection method is excellent in TNR, accuracy, and precision. Therefore, our algorithm has good detective performance for DDoS attack. Through the comparisons with Random Forest, k-Nearest Neighbor (k-NN, and Bagging comprising the component classifiers when the three algorithms are used alone by SVD and by un-SVD, it is shown that our model is superior to the state-of-the-art attack detection techniques in system generalization ability, detection stability, and overall detection performance.

Investigation Model for DDoS Attack Detection in Real-Time

Directory of Open Access Journals (Sweden)

Abdulghani Ali Ahmed

2015-02-01

Full Text Available Investigating traffic of distributed denial of services (DDoS attack requires extra overhead which mostly results in network performance degradation. This study proposes an investigation model for detecting DDoS attack in real-time without causing negative degradation against network performance. The model investigates network traffic in a scalable way to detect user violations on quality of service regulations. Traffic investigation is triggered only when the network is congested; at that exact moment, burst gateways actually generate a congestion notification to misbehaving users. The misbehaving users are thus further investigated by measuring their consumption ratios of bandwidth. By exceeding the service level agreement bandwidth ratio, user traffic is filtered as DDoS traffic. Simulation results demonstrate that the proposed model efficiently monitors intrusive traffic and precisely detects DDoS attack.

Natural and human-induced sinkholes in gypsum terrain and associated environmental problems in NE Spain

Science.gov (United States)

Benito, G.; Del Campo, P. Pérez; Gutiérrez-Elorza, M.; Sancho, C.

1995-04-01

The central Ebro Basin comprises thick evaporite materials whose high solubility produces typically karstic landforms. The sinkhole morphology developed in the overlying alluvium has been studied using gravimetry and ground-penetrating radar (GPR) on stream terraces, as well as analyzing the evolution of sinkhole morphologies observed in aerial photographs taken in 1928, 1957, and 1985. The sinkhole morphologies give some idea of possible subsurface processes as well as an indication of the final mechanisms involve in sinkhole development. On stream terraces and cover pediments the most commonly encountered dolines are bowl-shaped in their morphology with both diffuse and scarped edges. In contrast, dolines developed in the gypsiferous silt infilled valleys have a funnel and well-shaped morphology. The diffuse-edged bowl-shaped dolines are developed through the progressive subsidence of the alluvial cover, due to washing down of alluvial particles through small voids and cracks into deeper subsurface caves, resulting in a decrease alluvial density. Future compaction of the alluvial cover will produce surface subsidences. This type of dolines are associated with negative gravity anomalies. In contrast, the scarped-edge dolines are formed by the sudden collapse of a cavity roof. The cavities and cracks formed in the gypsum karst may migrate to the surface through the alluvial deposits by piping, and they may subsequently collapse. In this instance, the cavities can be detected by both gravity and GPR anomalies where the voids are not deeper than 4 5 m from the surface. These processes forming sinkholes can be enhanced by man-induced changes in the groundwater hydrologic regime by both inflows, due to irrigation, ditch losses, or pipe leakages, and by outflows from pumping activities.

Monitoring upstream sinkhole development by detailed sonar profiling

Energy Technology Data Exchange (ETDEWEB)

Rigbey, S. [Acres International Ltd., Niagara Falls, ON (Canada)

2004-09-01

This paper describes the development and use of a simple sonar system that has been used by engineers for routine monitoring of small sinkholes on the upstream face of a distressed earth dam. Improper construction of the dam led to the development of several sinkholes measuring 10 to 20 m in diameter upstream from the dam which is founded on deep alluvial sands and gravels. The dam has a central core of silt and leakage varies between 200 and 500 l/s, depending on the water level of the reservoir. The main issues with the upstream blanket are: improper fill placement due to the inability to dewater the area properly; omission of a filter material between the blanket and the alluvium foundation; thin placement of fill and runnelling of the blanket prior to impoundment; and, short upstream extent of the blanket. A downstream weighting toe of material was placed to address the seepage and piping that developed immediately following impounding. Other incidents continued over the years, such as downstream sinkholes, slumping of the crest and repairs about 12 years after construction. An inverter filter was also constructed to better control the seepage. Simple bathymetric surveys conducted by sounding the bottom of the reservoir from the ice surface each winter revealed the presence of several large sinkholes. Although infilling programs were conducted, sinkholes redeveloped after each program. The bathymetric surveys were found to be limited in accuracy and repeatability. Therefore, it was not possible to monitor small developments on a yearly basis. A 3-dimensional seepage model was developed to reconcile some of the unexplained piezometric patterns and to better understand the seepage patterns. However, this was also unsuccessful on its own. A trial sonar survey was then undertaken in 2002 by a Vancouver-based sonar company using an Imagenix profiling sonar head. It was successful in locating a small, previously unknown sinkhole measuring a few metres in diameter at

On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems

Directory of Open Access Journals (Sweden)

Wei Gao

2014-03-01

Full Text Available Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks.  Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services.  This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

Science.gov (United States)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

PMFA: Toward Passive Message Fingerprint Attacks on Challenge-Based Collaborative Intrusion Detection Networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2016-01-01

To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat...... to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated...... and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values....

High-speed web attack detection through extracting exemplars from HTTP traffic

KAUST Repository

Wang, Wei

2011-01-01

In this work, we propose an effective method for high-speed web attack detection by extracting exemplars from HTTP traffic before the detection model is built. The smaller set of exemplars keeps valuable information of the original traffic while it significantly reduces the size of the traffic so that the detection remains effective and improves the detection efficiency. The Affinity Propagation (AP) is employed to extract the exemplars from the HTTP traffic. K-Nearest Neighbor(K-NN) and one class Support Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our methods. The extensive test results show that the AP based exemplar extraction significantly improves the real-time performance of the detection compared to using all the HTTP traffic and achieves a more robust detection performance than information gain based attribute selection for web attack detection. © 2011 ACM.

A Dynamic Programming Model for Internal Attack Detection in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Qiong Shi

2017-01-01

Full Text Available Internal attack is a crucial security problem of WSN (wireless sensor network. In this paper, we focus on the internal attack detection which is an important way to locate attacks. We propose a state transition model, based on the continuous time Markov chain (CTMC, to study the behaviors of the sensors in a WSN under internal attack. Then we conduct the internal attack detection model as the epidemiological model. In this model, we explore the detection rate as the rate of a compromised state transition to a response state. By using the Bellman equation, the utility for the state transitions of a sensor can be written in standard forms of dynamic programming. It reveals a natural way to find the optimal detection rate that is by maximizing the total utility of the compromised state of the node (the sum of current utility and future utility. In particular, we encapsulate the current state, survivability, availability, and energy consumption of the WSN into an information set. We conduct extensive experiments and the results show the effectiveness of our solutions.

Cyber attack analysis on cyber-physical systems: Detectability, severity, and attenuation strategy

Science.gov (United States)

Kwon, Cheolhyeon

Security of Cyber-Physical Systems (CPS) against malicious cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is usually intractable to describe and diagnose them systematically. Motivated by such difficulties, this thesis presents a set of theories and algorithms for a cyber-secure architecture of the CPS within the control theoretic perspective. Here, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Firstly, we investigate the detectability of the cyber attacks from the system's behavior under cyber attacks. Specifically, we conduct a study on the vulnerabilities in the CPS's monitoring system against the stealthy cyber attack that is carefully designed to avoid being detected by its detection scheme. After classifying three kinds of cyber attacks according to the attacker's ability to compromise the system, we derive the necessary and sufficient conditions under which such stealthy cyber attacks can be designed to cause the unbounded estimation error while not being detected. Then, the analytical design method of the optimal stealthy cyber attack that maximizes the estimation error is developed. The proposed stealthy cyber attack analysis is demonstrated with illustrative examples on Air Traffic Control (ATC) system and Unmanned Aerial Vehicle (UAV) navigation system applications. Secondly, in an attempt to study the CPSs' vulnerabilities in more detail, we further discuss a methodology to identify potential cyber threats inherent in the given CPSs and quantify the attack severity accordingly. We then develop an analytical algorithm to test the behavior of the CPS under various cyber attack combinations. Compared to a numerical approach, the analytical algorithm enables the prediction of the most effective cyber attack combinations without computing the severity of all possible attack combinations, thereby greatly reducing the

Towards an integrated approach for characterization of sinkhole hazards in urban environments: the unstable coastal site of Casalabate, Lecce, Italy

International Nuclear Information System (INIS)

Delle Rose, Marco; Leucci, Giovanni

2010-01-01

Sinkholes occur in many areas of the world, especially where carbonate rocks crop out. They are formed due to natural processes or caused by man's activities. In both cases, severe consequences have to be registered on the anthropogenic environment and related infrastructures. Knowledge of both the mechanism of the sinkhole formation and the localization of this subtle geohazard is therefore necessary for planners and decision makers to perform the most appropriate and suitable programs of land use and development. The Apulia region of southern Italy is characterized for most of its extension by carbonate rocks, which makes it one of the most remarkable examples of karst in the Mediterranean basin. The sinkhole formation in Apulia urban areas has recently produced severe damages, especially along its coastal planes, where different types of sinkholes occur. The detection of cavities, that could collapse and create a sinkhole, in an urban environment presents numerous difficulties (buried networks, reworked soils, etc). A methodology has been developed to respond to this need based on the integration of four complementary methods: geological analysis of outcrops and existing borehole descriptions, aerophotogrammetric interpretation of aerial photos, electrical resistivity tomography (ERT) and ground penetrating radar (GPR). The combination of these methods, applied to a test sector in the city of Casalabate, made it possible to locate the principal karstic conduits beneath the study area and identify a zone of high sinkhole geohazard associated with one such feature

Current Sinkhole Boundaries in Iowa

Data.gov (United States)

Iowa State University GIS Support and Research Facility — This dataset is a polygon coverage of the sinkhole boundaries as determined by using LiDAR data. The polygons relate to the point coverage using the KPolyID field in...

Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems

Directory of Open Access Journals (Sweden)

Omar Achbarou

2017-03-01

Full Text Available Cloud computing is a new way of integrating a set of old technologies to implement a new paradigm that creates an avenue for users to have access to shared and configurable resources through internet on-demand. This system has many common characteristics with distributed systems, hence, the cloud computing also uses the features of networking. Thus the security is the biggest issue of this system, because the services of cloud computing is based on the sharing. Thus, a cloud computing environment requires some intrusion detection systems (IDSs for protecting each machine against attacks. The aim of this work is to present a classification of attacks threatening the availability, confidentiality and integrity of cloud resources and services. Furthermore, we provide literature review of attacks related to the identified categories. Additionally, this paper also introduces related intrusion detection models to identify and prevent these types of attacks.

CORS 911 : continuously operating reference stations for the Bayou Corne sinkhole.

Science.gov (United States)

2013-06-01

The sinkhole located near the Napoleonville Salt Dome in Assumption Parish, Louisiana : threatens the stability of LA 70 a state maintained route. In order to mitigate the : possible damaging eff ects of the sinkhole to the route and address publ...

Implementation of anomaly detection algorithms for detecting transmission control protocol synchronized flooding attacks

CSIR Research Space (South Africa)

Mkuzangwe, NNP

2015-08-01

Full Text Available This work implements two anomaly detection algorithms for detecting Transmission Control Protocol Synchronized (TCP SYN) flooding attack. The two algorithms are an adaptive threshold algorithm and a cumulative sum (CUSUM) based algorithm...

AMC Model for Denial of Sleep Attack Detection

OpenAIRE

Bhattasali, Tapalina; Chaki, Rituparna

2012-01-01

Due to deployment in hostile environment, wireless sensor network is vulnerable to various attacks. Exhausted sensor nodes in sensor network become a challenging issue because it disrupts the normal connectivity of the network. Affected nodes give rise to denial of service that resists to get the objective of sensor network in real life. A mathematical model based on Absorbing Markov Chain (AMC)is proposed for Denial of Sleep attack detection in sensor network. In this mechanism, whether sens...

Denial-of-service attack detection based on multivariate correlation analysis

NARCIS (Netherlands)

Tan, Zhiyuan; Jamdagni, Aruna; He, Xiangjian; Nanda, Priyadarsi; Liu, Ren Ping; Lu, Bao-Liang; Zhang, Liqing; Kwok, James

2011-01-01

The reliability and availability of network services are being threatened by the growing number of Denial-of-Service (DoS) attacks. Effective mechanisms for DoS attack detection are demanded. Therefore, we propose a multivariate correlation analysis approach to investigate and extract second-order

Sediment Dynamics Within Buffer Zone and Sinkhole Splay Areas Under Extreme Soil Disturbance Conditions.

Science.gov (United States)

Schoonover, Jon E; Crim, Jackie F; Williard, Karl W J; Groninger, John W; Zaczek, James J; Pattumma, Klairoong

2015-09-01

Sedimentation dynamics were assessed in sinkholes within training areas at Ft. Knox Military Installation, a karst landscape subjected to decades of tracked vehicle use and extreme soil disturbance. Sinkholes sampled were sediment-laden and behaved as intermittent ponds. Dendrogeomorphic analyses were conducted using willow trees (Salix spp.) located around the edge of 18 sinkholes to estimate historical sedimentation rates, and buried bottles were installed in 20 sinkholes at the center, outer edge, and at the midpoint between the center and edge to estimate annual sedimentation rates. Sedimentation data were coupled with vegetation characteristics of sinkhole buffers to determine relationships among these variables. The dendrogeomorphic method estimated an average accumulation rate of 1.27 cm year(-1) translating to a sediment loss rate of 46.1 metric ton year(-1) from the training areas. However, sediment export to sinkholes was estimated to be much greater (118.6 metric ton year(-1)) via the bottle method. These data suggest that the latter method provided a more accurate estimate since accumulation was greater in the center of sinkholes compared to the periphery where dendrogeomorphic data were collected. Vegetation data were not tightly correlated with sedimentation rates, suggesting that further research is needed to identify a viable proxy for direct measures of sediment accumulation in this extreme deposition environment. Mitigation activities for the sinkholes at Ft. Knox's tank training area, and other heavily disturbed karst environments where extreme sedimentation exists, should consider focusing on flow path and splay area management.

Spatial analysis of geologic and hydrologic features relating to sinkhole occurrence in Jefferson County, West Virginia

Science.gov (United States)

Doctor, Daniel H.; Doctor, Katarina Z.

2012-01-01

In this study the influence of geologic features related to sinkhole susceptibility was analyzed and the results were mapped for the region of Jefferson County, West Virginia. A model of sinkhole density was constructed using Geographically Weighted Regression (GWR) that estimated the relations among discrete geologic or hydrologic features and sinkhole density at each sinkhole location. Nine conditioning factors on sinkhole occurrence were considered as independent variables: distance to faults, fold axes, fracture traces oriented along bedrock strike, fracture traces oriented across bedrock strike, ponds, streams, springs, quarries, and interpolated depth to groundwater. GWR model parameter estimates for each variable were evaluated for significance, and the results were mapped. The results provide visual insight into the influence of these variables on localized sinkhole density, and can be used to provide an objective means of weighting conditioning factors in models of sinkhole susceptibility or hazard risk.

Detecting Attacks in CyberManufacturing Systems: Additive Manufacturing Example

Directory of Open Access Journals (Sweden)

Wu Mingtao

2017-01-01

Full Text Available CyberManufacturing System is a vision for future manufacturing where physical components are fully integrated with computational processes in a connected environment. However, realizing the vision requires that its security be adequately ensured. This paper presents a vision-based system to detect intentional attacks on additive manufacturing processes, utilizing machine learning techniques. Particularly, additive manufacturing systems have unique vulnerabilities to malicious attacks, which can result in defective infills but without affecting the exterior. In order to detect such infill defects, the research uses simulated 3D printing process images as well as actual 3D printing process images to compare accuracies of machine learning algorithms in classifying, clustering and detecting anomalies on different types of infills. Three algorithms - (i random forest, (ii k nearest neighbor, and (iii anomaly detection - have been adopted in the research and shown to be effective in detecting such defects.

Real-time DDoS attack detection for Cisco IOS using NetFlow

NARCIS (Netherlands)

van der Steeg, Daniël; Hofstede, R.J.; Sperotto, Anna; Pras, Aiko

Flow-based DDoS attack detection is typically performed by analysis applications that are installed on or close to a flow collector. Although this approach allows for easy deployment, it makes detection far from real-time and susceptible to DDoS attacks for the following reasons. First, the fact

A two-tier system for web attack detection using linear discriminant method

NARCIS (Netherlands)

Tan, Zhiyuan; Jamdagni, Aruna; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping; Jia, Wenjing; Yeh, Wei-chang

2010-01-01

Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This

Seismic surface-wave prospecting methods for sinkhole hazard assessment along the Dead Sea shoreline

Science.gov (United States)

Ezersky, M.; Bodet, L.; Al-Zoubi, A.; Camerlynck, C.; Dhemaied, A.; Galibert, P.-Y.; Keydar, S.

2012-04-01

waves generation and picking issues in shear-wave refraction seismic methods. As an alternative, indirect estimation of Vs can then be proposed thanks to surface-wave dispersion measurements and inversion, an emerging seismic prospecting method for near-surface engineering and environment applications. Surface-wave prospecting methods have thus been proposed to address the sinkholes development processes along the Dead Sea shorelines. Two approaches have been used: (1) Vs mapping has been performed to discriminate soft and hard zones within salt layers, after calibration of inverted Vs near boreholes. Preliminarily, soft zones, associated with karstified salt, were characterized by Vs values lower than 1000 m/s, whereas hard zones presented values greater than 1400 m/s (will be specified during following studies); (2) roll along acquisition and dispersion stacking has been performed to achieve multi-modal dispersion measurements along linear profiles. Inverted pseudo-2D Vs sections presented low Vs anomalies in the vicinity of existing sinkholes and made it possible to detect loose sediment associated with potential sinkholes occurrences. Acknowledgements This publication was made possible through support provided by the U.S. Agency for International Development (USAID) and MERC Program under terms of Award No M27-050.

SOOA: Exploring Special On-Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2017-01-01

The development of collaborative intrusion detection networks (CIDNs) aims to enhance the performance of a single intrusion detection system (IDS), through communicating and collecting information from other IDS nodes. To defend CIDNs against insider attacks, trust-based mechanisms are crucial...... and render CIDNs still vulnerable to advanced insider attacks in a practical deployment. In this paper, our motivation is to investigate the effect of On-Off attacks on challenge-based CIDNs. In particular, as a study, we explore a special On-Off attack (called SOOA), which can keep responding normally...... to one node while acting abnormally to another node. In the evaluation, we explore the attack performance under simulated CIDN environments. Experimental results indicate that our attack can interfere the effectiveness of trust computation for CIDN nodes....

Overview of the geophysical studies in the Dead Sea coastal area related to evaporite karst and recent sinkhole development

Directory of Open Access Journals (Sweden)

Mikhail G. Ezersky

2017-05-01

Full Text Available Since the early 80s, a progressively increasing number of sinkholes appeared along the Dead Sea coastal line. It has been found that their appearance is strongly correlating with the lowering of the Dead Sea level taking place with the rate of approximately 1 m/yr. Location of areas affected by sinkhole development corresponds to location of the salt formation deposited during the latest Pleistocene, when the Lake Lisan receded to later become the Dead Sea. Water flowing to the Dead Sea from adjacent and underlying aquifers dissolves salt and creates caverns that cause ground subsidence and consequent formation of sinkholes. Before subsidence, these caverns are not visible on the surface but can be investigated with surface geophysical methods. For that, we applied Surface Nuclear Magnetic Resonance (SNMR, Transient Electromagnetic (TEM Seismic refraction and reflection, Multichannel Analysis of Surface waves (MASW, microgravity and magnetic surveys and their combinations. Our geophysical results allowed us to locate the salt formation and to detect caverns in salt thus contributing to better understanding sinkhole development mechanisms. Comparison of sinkhole appearance along the western DS shore derived from the recent database (2017 shows that predictions made on the base of geophysical data (2005-2008 are now confirmed thus demonstrating efficiency of our study. In this paper, we briefly present a summary of up to date knowledge of the geology and hydrogeology of Dead Sea basin, of the physical properties of the salt rock and the most popular models explaining mechanisms of sinkhole development. We also share our experience gained during geophysical studies carried out in the framework of national and international research projects in this area for the last 20 years.

Detection of Variations of Local Irregularity of Traffic under DDOS Flood Attack

Directory of Open Access Journals (Sweden)

Ming Li

2008-01-01

Full Text Available The aim of distributed denial-of-service (DDOS flood attacks is to overwhelm the attacked site or to make its service performance deterioration considerably by sending flood packets to the target from the machines distributed all over the world. This is a kind of local behavior of traffic at the protected site because the attacked site can be recovered to its normal service state sooner or later even though it is in reality overwhelmed during attack. From a view of mathematics, it can be taken as a kind of short-range phenomenon in computer networks. In this paper, we use the Hurst parameter (H to measure the local irregularity or self-similarity of traffic under DDOS flood attack provided that fractional Gaussian noise (fGn is used as the traffic model. As flood attack packets of DDOS make the H value of arrival traffic vary significantly away from that of traffic normally arriving at the protected site, we discuss a method to statistically detect signs of DDOS flood attacks with predetermined detection probability and false alarm probability.

Distinct Element modeling of geophysical signatures during sinkhole collapse

Science.gov (United States)

Al-Halbouni, Djamil; Holohan, Eoghan P.; Taheri, Abbas; Dahm, Torsten

2017-04-01

A sinkhole forms due to the collapse of rocks or soil near the Earth's surface into an underground cavity. Such cavities represent large secondary pore spaces derived by dissolution and subrosion in the underground. By changing the stress field in the surrounding material, the growth of cavities can lead to a positive feedback, in which expansion and mechanical instability in the surrounding material increases or generates new secondary pore space (e.g. by fracturing), which in turn increases the cavity size, etc. A sinkhole forms due to the eventual subsidence or collapse of the overburden that becomes destabilized and fails all the way to the Earth's surface. Both natural processes like (sub)surface water movement and earthquakes, and human activities, such as mining, construction and groundwater extraction, intensify such feedbacks. The development of models for the mechanical interaction of a growing cavity and fracturing of its surrounding material, thus capturing related precursory geophysical signatures, has been limited, however. Here we report on the advances of a general, simplified approach to simulating cavity growth and sinkhole formation by using 2D Distinct Element Modeling (DEM) PFC5.0 software and thereby constraining pre-, syn- and post-collapse geophysical and geodetic signatures. This physically realistic approach allows for spontaneous cavity development and dislocation of rock mass to be simulated by bonded particle formulation of DEM. First, we present calibration and validation of our model. Surface subsidence above an instantaneously excavated circular cavity is tracked and compared with an incrementally increasing dissolution zone both for purely elastic and non-elastic material.This validation is important for the optimal choice of model dimensions and particles size with respect to simulation time. Second, a cavity growth approach is presented and compared to a well-documented case study, the deliberately intensified sinkhole collapse at

Safety Valve or Sinkhole? Vocational Schooling in South Africa

OpenAIRE

Pugatch, Todd

2012-01-01

As an alternative to traditional academic schooling, vocational schooling in South Africa may serve as a safety valve for students encountering difficulty in the transition from school to work. Yet if ineffective, vocational schooling could also be a sinkhole, offering little chance for success on the labor market. After defining the terms "safety valve" and "sinkhole" in a model of human capital investment with multiple schooling types, I test for evidence of these characteristics using a pa...

A Bernoulli Gaussian Watermark for Detecting Integrity Attacks in Control Systems

Energy Technology Data Exchange (ETDEWEB)

Weerakkody, Sean [Carnegie Mellon Univ., Pittsburgh, PA (United States); Ozel, Omur [Carnegie Mellon Univ., Pittsburgh, PA (United States); Sinopoli, Bruno [Carnegie Mellon Univ., Pittsburgh, PA (United States)

2017-11-02

We examine the merit of Bernoulli packet drops in actively detecting integrity attacks on control systems. The aim is to detect an adversary who delivers fake sensor measurements to a system operator in order to conceal their effect on the plant. Physical watermarks, or noisy additive Gaussian inputs, have been previously used to detect several classes of integrity attacks in control systems. In this paper, we consider the analysis and design of Gaussian physical watermarks in the presence of packet drops at the control input. On one hand, this enables analysis in a more general network setting. On the other hand, we observe that in certain cases, Bernoulli packet drops can improve detection performance relative to a purely Gaussian watermark. This motivates the joint design of a Bernoulli-Gaussian watermark which incorporates both an additive Gaussian input and a Bernoulli drop process. We characterize the effect of such a watermark on system performance as well as attack detectability in two separate design scenarios. Here, we consider a correlation detector for attack recognition. We then propose efficiently solvable optimization problems to intelligently select parameters of the Gaussian input and the Bernoulli drop process while addressing security and performance trade-offs. Finally, we provide numerical results which illustrate that a watermark with packet drops can indeed outperform a Gaussian watermark.

Low Complexity Signed Response Based Sybil Attack Detection Mechanism in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

M. Saud Khan

2016-01-01

Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Identity based attacks such as spoofing and sybil not only compromise the network but also slow down its performance. This paper proposes a low complexity sybil attack detection scheme, that is, based on signed response (SRES authentication mechanism developed for Global System for Mobile (GSM communications. A probabilistic model is presented which analyzes the proposed authentication mechanism for its probability of sybil attack. The paper also presents a simulation based comparative analysis of the existing sybil attack schemes with respect to the proposed scheme. It is observed that the proposed sybil detection scheme exhibits lesser computational cost and power consumption as compared to the existing schemes for the same sybil detection performance.

Quantitative assessment of pedodiversity and soil erosion within a karst sinkhole in the dry steppe subzone

Science.gov (United States)

Smirnova, M. A.; Gennadiev, A. N.

2017-08-01

A detailed study of the soil cover of a sinkhole (300 m2) in the dry steppe landscape of the Bogdinsk-Baskunchak Natural Reserve in Astrakhan oblast has been performed, and the factors of its differentiation have been analyzed. The indices of pedodiversity have been calculated and compared for karst sinkholes in the dry steppe and northern taiga landscapes. Quantitative parameters of the lateral migration of solid soil substances on the slopes of the sinkhole have been determined. The rate of soil erosion decreases from the slope of southern aspect to the slopes of western, northern, and eastern aspects. On the average, it is estimated at 0.4 mm/yr. The average rate of accumulation of solid substances on the lower parts of the slopes and in the bottom of the sinkhole reaches 0.74 mm/yr. A comparative analysis of the soil properties attests to their dependence on the particular position of a given soil within the sinkhole. Downward the slopes of the sinkhole, full-profile brown arid soils (Cambic Calcisols) are replaced by sierozem-like soils (Haplic Calcisols), light-humus poorly developed soils (Luvisols), lithozems (Leptosols), and stratified soils (stratozems, or Colluvic Regosols). The soils within the upper ring-shape soil microzone are more diverse and contrasting with respect to their morphological, physical, chemical, and physicochemical properties. The degree of soil contrasts decreases down the slopes of the sinkhole towards its bottom. The studied sinkhole is characterized by considerable pedodiversity. Quantitative parameters of pedodiversity for the sinkhole in the dry steppe zone are higher than those form the sinkholes in the northern taiga zone.

GA-DoSLD: Genetic Algorithm Based Denial-of-Sleep Attack Detection in WSN

Directory of Open Access Journals (Sweden)

Mahalakshmi Gunasekaran

2017-01-01

Full Text Available Denial-of-sleep (DoSL attack is a special category of denial-of-service attack that prevents the battery powered sensor nodes from going into the sleep mode, thus affecting the network performance. The existing schemes used for the DoSL attack detection do not provide an optimal energy conservation and key pairing operation. Hence, in this paper, an efficient Genetic Algorithm (GA based denial-of-sleep attack detection (GA-DoSLD algorithm is suggested for analyzing the misbehaviors of the nodes. The suggested algorithm implements a Modified-RSA (MRSA algorithm in the base station (BS for generating and distributing the key pair among the sensor nodes. Before sending/receiving the packets, the sensor nodes determine the optimal route using Ad Hoc On-Demand Distance Vector Routing (AODV protocol and then ensure the trustworthiness of the relay node using the fitness calculation. The crossover and mutation operations detect and analyze the methods that the attackers use for implementing the attack. On determining an attacker node, the BS broadcasts the blocked information to all the other sensor nodes in the network. Simulation results prove that the suggested algorithm is optimal compared to the existing algorithms such as X-MAC, ZKP, and TE2P schemes.

Direct Push supported geotechnical and hydrogeological characterisation of an active sinkhole area

Science.gov (United States)

Tippelt, Thomas; Vienken, Thomas; Kirsch, Reinhard; Dietrich, Peter; Werban, Ulrike

2017-04-01

Sinkholes represent a natural geologic hazard in areas where soluble layers are present in the subsurface. A detailed knowledge of the composition of the subsurface and its hydrogeological and geotechnical properties is essential for the understanding of sinkhole formation and propagation. This serves as base for risk evaluation and the development of an early warning system. However, site models often depend on data from drillings and surface geophysical surveys that in many cases cannot resolve the spatial distribution of relevant hydrogeological and geotechnical parameters sufficiently. Therefore, an active sinkhole area in Münsterdorf, Northern Germany, was investigated in detail using Direct Push technology, a minimally invasive sounding method. The obtained vertical high-resolution profiles of geotechnical and hydrogeological characteristics, in combination with Direct Push based sampling and surface geophysical measurements lead to a strong improvement of the geologic site model. The conceptual site model regarding sinkhole formation and propagation will then be tested based on the gathered data and, if necessary, adapted accordingly.

Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks

Directory of Open Access Journals (Sweden)

Khundrakpam Johnson Singh

2016-10-01

Full Text Available Distributed denial-of-service (DDoS attack is one of the major threats to the web server. The rapid increase of DDoS attacks on the Internet has clearly pointed out the limitations in current intrusion detection systems or intrusion prevention systems (IDS/IPS, mostly caused by application-layer DDoS attacks. Within this context, the objective of the paper is to detect a DDoS attack using a multilayer perceptron (MLP classification algorithm with genetic algorithm (GA as learning algorithm. In this work, we analyzed the standard EPA-HTTP (environmental protection agency-hypertext transfer protocol dataset and selected the parameters that will be used as input to the classifier model for differentiating the attack from normal profile. The parameters selected are the HTTP GET request count, entropy, and variance for every connection. The proposed model can provide a better accuracy of 98.31%, sensitivity of 0.9962, and specificity of 0.0561 when compared to other traditional classification models.

Enhancing the Statistical Filtering Scheme to Detect False Negative Attacks in Sensor Networks

Directory of Open Access Journals (Sweden)

Muhammad Akram

2017-06-01

Full Text Available In this paper, we present a technique that detects both false positive and false negative attacks in statistical filtering-based wireless sensor networks. In statistical filtering scheme, legitimate reports are repeatedly verified en route before they reach the base station, which causes heavy energy consumption. While the original statistical filtering scheme detects only false reports, our proposed method promises to detect both attacks.

A Cluster-based Approach Towards Detecting and Modeling Network Dictionary Attacks

Directory of Open Access Journals (Sweden)

A. Tajari Siahmarzkooh

2016-12-01

Full Text Available In this paper, we provide an approach to detect network dictionary attacks using a data set collected as flows based on which a clustered graph is resulted. These flows provide an aggregated view of the network traffic in which the exchanged packets in the network are considered so that more internally connected nodes would be clustered. We show that dictionary attacks could be detected through some parameters namely the number and the weight of clusters in time series and their evolution over the time. Additionally, the Markov model based on the average weight of clusters,will be also created. Finally, by means of our suggested model, we demonstrate that artificial clusters of the flows are created for normal and malicious traffic. The results of the proposed approach on CAIDA 2007 data set suggest a high accuracy for the model and, therefore, it provides a proper method for detecting the dictionary attack.

Sinkhole development induced by underground quarrying, and the related hazard

Science.gov (United States)

Parise, M.; Delle Rose, M.

2009-04-01

Sinkholes are extremely widespread in Apulia, a very flat and carbonate region, that acted as the foreland during the phases of building up of the Southern Apenninic Chain in Miocene time. This is due to the presence of soluble rocks throughout the region, that highly predispose the area to this very subtle natural hazard. In addition to the natural setting, which favours their development, sinkholes may also be induced by anthropogenic activities. In the latter sense, underground quarrying represents one of the most dangerous activities in karst areas. Apulia has a long history of quarrying. Since the roman time, the local rocks, from the Cretaceous micritic limestones to the Quaternary calcarenites, have been intensely quarried and used as building and ornamental materials. In several settings of the region, the rocks with the best petrographic characteristics are located at depths ranging from a few to some tens of meters. This caused the opening of many underground quarries, and the development of a complex network of subterranean galleries. Underground quarrying had a great impulse at the turn between the XIX and the XX century, when a large number of quarries was opened. Later on, after the Second World War, most of the quarries were progressively abandoned, even because of the first signs of instability, both underground and at the ground surface. With time, the memory of the presence and development of the underground quarries was progressively lost, with severe repercussions on the safety of the land above the excavated areas. Lack of knowledge of the subterranean pattern of galleries, combined with the expansion of the built-up areas at the surface, resulted in increasing significantly the vulnerability of exposed elements at risk. Events such as the 29 March, 2007, at Gallipoli only by chance did not result in any casualties, when a 15-mt wide and 5-mt deep sinkhole opened in a few hours at a road crossing, above the site of an old underground quarry

4D Monitoring of Active Sinkholes with a Terrestrial Laser Scanner (TLS: A Case Study in the Evaporite Karst of the Ebro Valley, NE Spain

Directory of Open Access Journals (Sweden)

Alfonso Benito-Calvo

2018-04-01

Full Text Available This work explores, for the first time, the application of a Terrestrial Laser Scanner (TLS and a comparison of point clouds in the 4D monitoring of active sinkholes. The approach is tested in three highly-active sinkholes related to the dissolution of salt-bearing evaporites overlain by unconsolidated alluvium. The sinkholes are located in urbanized areas and have caused severe damage to critical infrastructure (flood-control dike, a major highway. The 3D displacement models derived from the comparison of point clouds with exceptionally high spatial resolution allow complex spatial and temporal subsidence patterns within one of the sinkholes to be resolved. Detected changes in the subsidence activity (e.g., sinkhole expansion, translation of the maximum subsidence zone, development of incipient secondary collapses are related to potential controlling factors such as floods, water table changes or remedial measures. In contrast, with detailed mapping and high-precision leveling, the displacement models, covering a relatively short time span of around 6 months, do not capture the subtle subsidence (<0.6–1 cm that affects the marginal zones of the sinkholes, precluding precise mapping of the edges of the subsidence areas. However, the performance of TLS can be adversely affected by some methodological limitations and local conditions: (1 limited accuracy in large investigation areas that require the acquisition of a high number of scans, increasing the registration error; (2 surface changes unrelated to sinkhole activity (e.g., vegetation, loose material; (3 traffic-related vibrations and wind blast that affect the stability of the scanner.

A SURVEY ON DELAY AND NEIGHBOR NODE MONITORING BASED WORMHOLE ATTACK PREVENTION AND DETECTION

Directory of Open Access Journals (Sweden)

Sudhir T Bagade

2016-12-01

Full Text Available In Mobile Ad-hoc Networks (MANET, network layer attacks, for example wormhole attacks, disrupt the network routing operations and can be used for data theft. Wormhole attacks are of two types: hidden and exposed wormhole. There are various mechanisms in literature which are used to prevent and detect wormhole attacks. In this paper, we survey wormhole prevention and detection techniques and present our critical observations for each. These techniques are based on cryptographic mechanisms, monitoring of packet transmission delay and control packet forwarding behavior of neighbor nodes. We compare the techniques using the following criteria- extra resources needed applicability to different network topologies and routing protocols, prevention/detection capability, etc. We conclude the paper with potential research directions.

Ongoing Deformation of Sinkholes in Wink, Texas, Observed by Time-Series Sentinel-1A SAR Interferometry (Preliminary Results

Directory of Open Access Journals (Sweden)

Jin-Woo Kim

2016-04-01

Full Text Available Spatiotemporal deformation of existing sinkholes and the surrounding region in Wink, TX are probed using time-series interferometric synthetic aperture radar (InSAR methods with radar images acquired from the Sentinel-1A satellite launched in April 2014. The two-dimensional deformation maps, calculated using InSAR observations from ascending and descending tracks, reveal that much of the observed deformation is vertical. Our results indicate that the sinkholes are still influenced by ground depression, implying that the sinkholes continue to expand. Particularly, a region 1 km northeast of sinkhole #2 is sinking at a rate of up to 13 cm/year, and its aerial extent has been enlarged in the past eight years when compared with a previous survey. Furthermore, there is a high correlation between groundwater level and surficial subsidence during the summer months, representing the complicated characteristics of sinkhole deformation under the influence of successive roof failures in underlying cavities. We also modeled the sinkhole deformation in a homogenous elastic half-space with two dislocation sources, and the ground depression above cavities could be numerically analyzed. Measurements of ongoing deformation in sinkholes and assessments of the stability of the land surface at sinkhole-prone locations in near real-time, are essential for mitigating the threat posed to people and property by the materialization of sinkholes.

A Novel Multiple-Bits Collision Attack Based on Double Detection with Error-Tolerant Mechanism

Directory of Open Access Journals (Sweden)

Ye Yuan

2018-01-01

Full Text Available Side-channel collision attacks are more powerful than traditional side-channel attack without knowing the leakage model or establishing the model. Most attack strategies proposed previously need quantities of power traces with high computational complexity and are sensitive to mistakes, which restricts the attack efficiency seriously. In this paper, we propose a multiple-bits side-channel collision attack based on double distance voting detection (DDVD and also an improved version, involving the error-tolerant mechanism, which can find all 120 relations among 16 key bytes when applied to AES (Advanced Encryption Standard algorithm. In addition, we compare our collision detection method called DDVD with the Euclidean distance and the correlation-enhanced collision method under different intensity of noise, which indicates that our detection technique performs better in the circumstances of noise. Furthermore, 4-bit model of our collision detection method is proven to be optimal in theory and in practice. Meanwhile the corresponding practical attack experiments are also performed on a hardware implementation of AES-128 on FPGA board successfully. Results show that our strategy needs less computation time but more traces than LDPC method and the online time for our strategy is about 90% less than CECA and 96% less than BCA with 90% success rate.

Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

2017-01-01

To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which are utili......To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which...... are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we...... of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate...

Hydrogeology - SINKHOLE_DENSITY_KM2_IN_KY_2011: Density of sinkholes per square kilometer in southern Indiana and Kentucky, Derived from the 2011 Sinkhole Inventory (Indiana Geological Survey, 30-Meter TIFF Image)

Data.gov (United States)

NSGIC State | GIS Inventory — This raster file was created to display in a geographic information systems (GIS) the density in square kilometers of mapped and modeled (indirectly mapped) sinkhole...

Exploiting Wireless Received Signal Strength Indicators to Detect Evil-Twin Attacks in Smart Homes

Directory of Open Access Journals (Sweden)

Zhanyong Tang

2017-01-01

Full Text Available Evil-Twin is becoming a common attack in smart home environments where an attacker can set up a fake AP to compromise the security of the connected devices. To identify the fake APs, The current approaches of detecting Evil-Twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP, or network traffic patterns. However, such information can be faked by the attacker, often leading to low detection rates and weak protection. This paper presents a novel Evil-Twin attack detection method based on the received signal strength indicator (RSSI. Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the Wi-Fi signal. As a departure from prior work, our approach does not rely on any professional measurement devices. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of a one-off, modest connection delay.

WRHT: A Hybrid Technique for Detection of Wormhole Attack in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Rupinder Singh

2016-01-01

Full Text Available Wormhole attack is a challenging security threat to wireless sensor networks which results in disrupting most of the routing protocols as this attack can be triggered in different modes. In this paper, WRHT, a wormhole resistant hybrid technique, is proposed, which can detect the presence of wormhole attack in a more optimistic manner than earlier techniques. WRHT is based on the concept of watchdog and Delphi schemes and ensures that the wormhole will not be left untreated in the sensor network. WRHT makes use of the dual wormhole detection mechanism of calculating probability factor time delay probability and packet loss probability of the established path in order to find the value of wormhole presence probability. The nodes in the path are given different ranking and subsequently colors according to their behavior. The most striking feature of WRHT consists of its capacity to defend against almost all categories of wormhole attacks without depending on any required additional hardware such as global positioning system, timing information or synchronized clocks, and traditional cryptographic schemes demanding high computational needs. The experimental results clearly indicate that the proposed technique has significant improvement over the existing wormhole attack detection techniques.

Improved Deep Belief Networks (IDBN Dynamic Model-Based Detection and Mitigation for Targeted Attacks on Heavy-Duty Robots

Directory of Open Access Journals (Sweden)

Lianpeng Li

2018-04-01

Full Text Available In recent years, the robots, especially heavy-duty robots, have become the hardest-hit areas for targeted attacks. These attacks come from both the cyber-domain and the physical-domain. In order to improve the security of heavy-duty robots, this paper proposes a detection and mitigation mechanism which based on improved deep belief networks (IDBN and dynamic model. The detection mechanism consists of two parts: (1 IDBN security checks, which can detect targeted attacks from the cyber-domain; (2 Dynamic model and security detection, used to detect the targeted attacks which can possibly lead to a physical-domain damage. The mitigation mechanism was established on the base of the detection mechanism and could mitigate transient and discontinuous attacks. Moreover, a test platform was established to carry out the performance evaluation test for the proposed mechanism. The results show that, the detection accuracy for the attack of the cyber-domain of IDBN reaches 96.2%, and the detection accuracy for the attack of physical-domain control commands reaches 94%. The performance evaluation test has verified the reliability and high efficiency of the proposed detection and mitigation mechanism for heavy-duty robots.

Investigating the Influence of Special On–Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

Directory of Open Access Journals (Sweden)

Wenjuan Li

2018-01-01

Full Text Available Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN has thus been developed by allowing intrusion detection system (IDS nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.

Defending a single object against an attacker trying to detect a subset of false targets

International Nuclear Information System (INIS)

Peng, R.; Zhai, Q.Q.; Levitin, G.

2016-01-01

Deployment of false targets can be a very important and effective measure for enhancing the survivability of an object subjected to intentional attacks. Existing papers have assumed that false targets are either perfect or can be detected with a constant probability. In practice, the attacker may allocate part of its budget into intelligence actions trying to detect a subset of false targets. Analogously, the defender can allocate part of its budget into disinformation actions to prevent the false targets from being detected. In this paper, the detection probability of each false target is assumed to be a function of the intelligence and disinformation efforts allocated on the false target. The optimal resource distribution between target identification/disinformation and attack/protection efforts is studied as solutions of a non-cooperative two period min–max game between the two competitors for the case of constrained defense and attack resources. - Highlights: • A defense-attack problem is studied as a two-period min–max game. • Both intelligence contest over false targets and impact contest are considered. • Optimal defense and attack strategies are investigated with different parameters.

Study of the factors affecting the karst volume assessment in the Dead Sea sinkhole problem using microgravity field analysis and 3-D modeling

Directory of Open Access Journals (Sweden)

L. V. Eppelbaum

2008-11-01

Full Text Available Thousands of sinkholes have appeared in the Dead Sea (DS coastal area in Israel and Jordan during two last decades. The sinkhole development is recently associated with the buried evaporation karst at the depth of 25–50 m from earth's surface caused by the drop of the DS level at the rate of 0.8–1.0 m/yr. Drop in the Dead Sea level has changed hydrogeological conditions in the subsurface and caused surface to collapse. The pre-existing cavern was detected using microgravity mapping in the Nahal Hever South site where seven sinkholes of 1–2 m diameter had been opened. About 5000 gravity stations were observed in the area of 200×200 m² by the use of Scintrex CG-3M AutoGrav gravimeter. Besides the conventional set of corrections applied in microgravity investigations, a correction for a strong gravity horizontal gradient (DS Transform Zone negative gravity anomaly influence was inserted. As a result, residual gravity anomaly of –(0.08÷0.14 mGal was revealed. The gravity field analysis was supported by resistivity measurements. We applied the Emigma 7.8 gravity software to create the 3-D physical-geological models of the sinkholes development area. The modeling was confirmed by application of the GSFC program developed especially for 3-D combined gravity-magnetic modeling in complicated environments. Computed numerous gravity models verified an effective applicability of the microgravity technology for detection of karst cavities and estimation of their physical-geological parameters. A volume of the karst was approximately estimated as 35 000 m³. The visual analysis of large sinkhole clusters have been forming at the microgravity anomaly site, confirmed the results of microgravity mapping and 3-D modeling.

Sinkholes - a trapping mechanism for oil and gas in the Ordovician of Kent an Essex counties, Ontario

Energy Technology Data Exchange (ETDEWEB)

Cochrane, R. O.

1997-06-01

The stratigraphy and lithology of the Trenton and Black River carbonates were described and the geological and physical processes for the formation of caves and sinkholes were reviewed, using modern examples. The existence of sinkholes was demonstrated with three examples from wells drilled into the Trenton and Black River groups. Using this information as the basis, the sequence of events for the accumulation of hydrocarbons in the brecciated (fragmented rock) segment of a sinkhole was presented. It was concluded that sinkholes provide an excellent trapping mechanism for hydrocarbons. 13 refs., 23 figs.

PHACK: An Efficient Scheme for Selective Forwarding Attack Detection in WSNs

Directory of Open Access Journals (Sweden)

Anfeng Liu

2015-12-01

Full Text Available In this paper, a Per-Hop Acknowledgement (PHACK-based scheme is proposed for each packet transmission to detect selective forwarding attacks. In our scheme, the sink and each node along the forwarding path generate an acknowledgement (ACK message for each received packet to confirm the normal packet transmission. The scheme, in which each ACK is returned to the source node along a different routing path, can significantly increase the resilience against attacks because it prevents an attacker from compromising nodes in the return routing path, which can otherwise interrupt the return of nodes’ ACK packets. For this case, the PHACK scheme also has better potential to detect abnormal packet loss and identify suspect nodes as well as better resilience against attacks. Another pivotal issue is the network lifetime of the PHACK scheme, as it generates more acknowledgements than previous ACK-based schemes. We demonstrate that the network lifetime of the PHACK scheme is not lower than that of other ACK-based schemes because the scheme just increases the energy consumption in non-hotspot areas and does not increase the energy consumption in hotspot areas. Moreover, the PHACK scheme greatly simplifies the protocol and is easy to implement. Both theoretical and simulation results are given to demonstrate the effectiveness of the proposed scheme in terms of high detection probability and the ability to identify suspect nodes.

Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

Directory of Open Access Journals (Sweden)

Zhengmin Xia

2010-01-01

Full Text Available Distributed denial-of-service (DDoS flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li's work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.

Cyber situation awareness: modeling detection of cyber attacks with instance-based learning theory.

Science.gov (United States)

Dutt, Varun; Ahn, Young-Suk; Gonzalez, Cleotilde

2013-06-01

To determine the effects of an adversary's behavior on the defender's accurate and timely detection of network threats. Cyber attacks cause major work disruption. It is important to understand how a defender's behavior (experience and tolerance to threats), as well as adversarial behavior (attack strategy), might impact the detection of threats. In this article, we use cognitive modeling to make predictions regarding these factors. Different model types representing a defender, based on Instance-Based Learning Theory (IBLT), faced different adversarial behaviors. A defender's model was defined by experience of threats: threat-prone (90% threats and 10% nonthreats) and nonthreat-prone (10% threats and 90% nonthreats); and different tolerance levels to threats: risk-averse (model declares a cyber attack after perceiving one threat out of eight total) and risk-seeking (model declares a cyber attack after perceiving seven threats out of eight total). Adversarial behavior is simulated by considering different attack strategies: patient (threats occur late) and impatient (threats occur early). For an impatient strategy, risk-averse models with threat-prone experiences show improved detection compared with risk-seeking models with nonthreat-prone experiences; however, the same is not true for a patient strategy. Based upon model predictions, a defender's prior threat experiences and his or her tolerance to threats are likely to predict detection accuracy; but considering the nature of adversarial behavior is also important. Decision-support tools that consider the role of a defender's experience and tolerance to threats along with the nature of adversarial behavior are likely to improve a defender's overall threat detection.

Integrating geomorphological mapping, InSAR, GPR and trenching for the identification and investigation of buried sinkholes in the mantled evaporite karst of the Ebro Valley (NE Spain)

Science.gov (United States)

Gutiérrez, Francisco; Galve, Jorge Pedro; Lucha, Pedro; Bonachea, Jaime; Castañeda, Carmen

2010-05-01

bedrock sagging. (2) Around 70% of the sinkholes have been filled by man-made ground. (3) Subsidence has caused severe damage to many human structures, primarily due to the ongoing activity of pre-existing buried sinkholes. Consequently, the identification of sinkholes is the key for preventive planning and the delineation of the main risk areas. A total of eleven sinkholes (S1-S11) covering around 20% of the study area were mapped. Six of the sinkholes were buried and the largest one (S8), which occupies approximately 35,500 m2, partially coincides with the area previously selected for the construction of a housing state. The investigation was developed in three main phases. A preliminary sinkhole map was produced in phase I using: (a) aerial photographs and satellite images from different dates (1927, 1957, 1984, 2003, 2006, 2007), (b) detailed topographical maps from 1969 (1:2000) and 1971-73 (1:1000) with contour intervals of 1 m, (c) thorough field surveys including interviews to local people and inspection to human structures, and (d) radar interferometry. Deformation measurements were obtained from 54 interferograms generated by means of the Stable Point Network technique with 23 ENVISAT images acquired from May 2003 to July 2008. The InSAR analysis provides data on the temporal evolution of the subsidence (magnitude and rate) for coherent 20 m-sized pixels. During phase II, 26 GPR profiles with a total length of 2,290 m were conducted using a 400 MHz antenna. In phase III, 13 backhoe trenches up to 2.8 m deep and totalling 323 m were investigated following the methodology commonly used in paleoseismological studies. Two samples were obtained for radiocarbon dating in a trench dug at the margin of sinkhole S8. The aerial photographs, specially the stereoscopic images taken in 1957, were the most useful tool for the identification of buried sinkholes. They allowed us the detection of 9 sinkholes out of 11. The topographical maps depict 7 of the inventoried sinkholes

Sinkhole genesis and evolution in Apulia, and their interrelations with the anthropogenic environment

Directory of Open Access Journals (Sweden)

M. Delle Rose

2004-01-01

Full Text Available Sinkhole development occurs in many areas of the world where soluble rocks crop out. Sinkholes are generally the surface expression of the presence of caves and other groundwater flow conduits in carbonate rocks, which are solutionally enlarged secondary permeability features. Their formation may be either natural or caused by man's activities. In both cases, heavy consequences have to be registered on the anthropogenic environment and related infrastructures. Knowledge of the mechanism of formation of this subtle geohazard is therefore necessary to planners and decision makers for performing the most appropriate and suitable programs of land use and development. The Apulia region of southern Italy is characterized for most of its extension by carbonate rocks, which makes it one of the most remarkable example of karst in the Mediterranean Basin. Based on analysis of literature and in situ surveys, including caving explorations, we have identified in Apulia three main types of possible mechanisms for sinkhole formation: 1 collapse of a chamber in a natural cave or in man-made cavities; 2 slow and gradual enlargement of doline through dissolution; 3 settlement and internal erosion of filling deposits of pre-existing dolines. Since sinkhole formation very often affects directly the human settlements in Apulia, and have recently produced severe damage, some considerations are eventually presented as regards the interrelationships between sinkholes and the anthropogenic environment.

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Directory of Open Access Journals (Sweden)

Nattawat Khamphakdee

2015-07-01

Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

F-DDIA: A Framework for Detecting Data Injection Attacks in Nonlinear Cyber-Physical Systems

Directory of Open Access Journals (Sweden)

Jingxuan Wang

2017-01-01

Full Text Available Data injection attacks in a cyber-physical system aim at manipulating a number of measurements to alter the estimated real-time system states. Many researchers recently focus on how to detect such attacks. However, most of the detection methods do not work well for the nonlinear systems. In this paper, we present a compressive sampling methodology to identify the attack, which allows determining how many and which measurement signals are launched. The sparsity feature is used. Generally, our methodology can be applied to both linear and nonlinear systems. The experimental testing, which includes realistic load patterns from NYISO with various attack scenarios in the IEEE 14-bus system, confirms that our detector performs remarkably well.

A Computationally Intelligent Approach to the Detection of Wormhole Attacks in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Mohammad Nurul Afsar Shaon

2017-05-01

Full Text Available A wormhole attack is one of the most critical and challenging security threats for wireless sensor networks because of its nature and ability to perform concealed malicious activities. This paper proposes an innovative wormhole detection scheme to detect wormhole attacks using computational intelligence and an artificial neural network (ANN. Most wormhole detection schemes reported in the literature assume the sensors are uniformly distributed in a network, and, furthermore, they use statistical and topological information and special hardware for their detection. However, these schemes may perform poorly in non-uniformly distributed networks, and, moreover, they may fail to defend against “out of band” and “in band” wormhole attacks. The aim of the proposed research is to develop a detection scheme that is able to detect all kinds of wormhole attacks in both uniformly and non-uniformly distributed sensor networks. Furthermore, the proposed research does not require any special hardware and causes no significant network overhead throughout the network. Most importantly, the probable location of the malicious nodes can be identified by the proposed ANN based detection scheme. We evaluate the efficacy of the proposed detection scheme in terms of detection accuracy, false positive rate, and false negative rate. The performance of the proposed algorithm is also compared with other machine learning techniques (i.e. SVM and regularized nonlinear logistic regression (LR based detection models. The simulation results show that proposed ANN based algorithm outperforms the SVM or LR based detection schemes in terms of detection accuracy, false positive rate, and false negative rates.

Detection and isolation of routing attacks through sensor watermarking

NARCIS (Netherlands)

Ferrari, R.; Herdeiro Teixeira, A.M.; Sun, J; Jiang, Z-P

2017-01-01

In networked control systems, leveraging the peculiarities of the cyber-physical domains and their interactions may lead to novel detection and defense mechanisms against malicious cyber-attacks. In this paper, we propose a multiplicative sensor watermarking scheme, where each sensor's output is

A UNIFIED APPROACH FOR DETECTION AND PREVENTION OF DDOS ATTACKS USING ENHANCED SUPPORT VECTOR MACHINES AND FILTERING MECHANISMS

Directory of Open Access Journals (Sweden)

T. Subbulakshmi

2014-10-01

Full Text Available Distributed Denial of Service (DDoS attacks were considered to be a tremendous threat to the current information security infrastructure. During DDoS attack, multiple malicious hosts that are recruited by the attackers launch a coordinated attack against one host or a network victim, which cause denial of service to legitimate users. The existing techniques suffer from more number of false alarms and more human intervention for attack detection. The objective of this paper is to monitor the network online which automatically initiates detection mechanism if there is any suspicious activity and also defense the hosts from being arrived at the network. Both spoofed and non spoofed IP’s are detected in this approach. Non spoofed IP’s are detected using Enhanced Support Vector Machines (ESVM and spoofed IP’s are detected using Hop Count Filtering (HCF mechanism. The detected IP’s are maintained separately to initiate the defense process. The attack strength is calculated using Lanchester Law which initiates the defense mechanism. Based on the calculated attack strength any of the defense schemes such as Rate based limiting or History based IP filtering is automatically initiated to drop the packets from the suspected IP. The integrated online monitoring approach for detection and defense of DDoS attacks is deployed in an experimental testbed. The online approach is found to be obvious in the field of integrated DDoS detection and defense.

A study of sinkhole hazard at area of locked colliery

International Nuclear Information System (INIS)

Kotyrba, A.

2005-01-01

Transformations of polish industry began the process of mine closures. Among various mines being in process of abandoning, there are a large number of collieries, which exploited coal since 17. century. The depth of mining openings ranged from some to hundreds meters. The height of primary mining openings ranged from 1 to 9 m. Mining operations have left in geological basement large number of cavities, which still create a hazard to the surface stability. Post mining deformations of the surface can take continuous and discontinuous forms. The last ones are the topic of paper. Although those deformations can take various forms, they are commonly called as sinkholes. In paper, the sinkholes hazard has been analyzed in a scale of selected one mine area, in regard to various parameters. The selected 'Siemianowice' mine is located in northern part of the Upper Silesian Coal Basin. A database containing full set of sinkholes, recorded within area of mine in a period of 50 years, has been tested in geomechanical and statistical approaches. (author)

A study of sinkhole hazard at area of locked colliery

Energy Technology Data Exchange (ETDEWEB)

Kotyrba, A. [Central Mining Institute, Gwarkow (Poland)

2005-07-01

Transformations of polish industry began the process of mine closures. Among various mines being in process of abandoning, there are a large number of collieries, which exploited coal since 17. century. The depth of mining openings ranged from some to hundreds meters. The height of primary mining openings ranged from 1 to 9 m. Mining operations have left in geological basement large number of cavities, which still create a hazard to the surface stability. Post mining deformations of the surface can take continuous and discontinuous forms. The last ones are the topic of paper. Although those deformations can take various forms, they are commonly called as sinkholes. In paper, the sinkholes hazard has been analyzed in a scale of selected one mine area, in regard to various parameters. The selected 'Siemianowice' mine is located in northern part of the Upper Silesian Coal Basin. A database containing full set of sinkholes, recorded within area of mine in a period of 50 years, has been tested in geomechanical and statistical approaches. (author)

Bayou Corne sinkhole : control measurements of State Highway 70 in Assumption Parish, Louisiana, tech summary.

Science.gov (United States)

2014-01-01

The sinkhole located in Assumption Parish, Louisiana, threatens the stability of Highway 70, a state maintained route. In order to : mitigate the potential damaging e ects of the sinkhole on this infrastructure, the Louisiana Department of Transpo...

High-speed web attack detection through extracting exemplars from HTTP traffic

KAUST Repository

Wang, Wei; Zhang, Xiangliang

2011-01-01

Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our

SiC: An Agent Based Architecture for Preventing and Detecting Attacks to Ubiquitous Databases

Science.gov (United States)

Pinzón, Cristian; de Paz, Yanira; Bajo, Javier; Abraham, Ajith; Corchado, Juan M.

One of the main attacks to ubiquitous databases is the structure query language (SQL) injection attack, which causes severe damages both in the commercial aspect and in the user’s confidence. This chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hierarchical distributed multiagent architecture, which involves an entirely new approach with respect to existing architectures for the prevention and detection of SQL injections. SiC incorporates a kind of intelligent agent, which integrates a case-based reasoning system. This agent, which is the core of the architecture, allows the application of detection techniques based on anomalies as well as those based on patterns, providing a great degree of autonomy, flexibility, robustness and dynamic scalability. The characteristics of the multiagent system allow an architecture to detect attacks from different types of devices, regardless of the physical location. The architecture has been tested on a medical database, guaranteeing safe access from various devices such as PDAs and notebook computers.

Detecting and Mitigating Smart Insider Jamming Attacks in MANETs Using Reputation-Based Coalition Game

Directory of Open Access Journals (Sweden)

Ashraf Al Sharah

2016-01-01

Full Text Available Security in mobile ad hoc networks (MANETs is challenging due to the ability of adversaries to gather necessary intelligence to launch insider jamming attacks. The solutions to prevent external attacks on MANET are not applicable for defense against insider jamming attacks. There is a need for a formal framework to characterize the information required by adversaries to launch insider jamming attacks. In this paper, we propose a novel reputation-based coalition game in MANETs to detect and mitigate insider jamming attacks. Since there is no centralized controller in MANETs, the nodes rely heavily on availability of transmission rates and a reputation for each individual node in the coalition to detect the presence of internal jamming node. The nodes will form a stable grand coalition in order to make a strategic security defense decision, maintain the grand coalition based on node reputation, and exclude any malicious node based on reputation value. Simulation results show that our approach provides a framework to quantify information needed by adversaries to launch insider attacks. The proposed approach will improve MANET’s defense against insider attacks, while also reducing incorrect classification of legitimate nodes as jammers.

Technique of experimental evaluation of cloud environment attacks detection accuracy

Directory of Open Access Journals (Sweden)

Sergey A. Klimachev

2018-05-01

Full Text Available The article is devoted to research of efficiency evaluation of IDS used for dynamic and complex organizational and technical structure computing platform guard. The components of the platform have a set of heterogeneous parameters. Analysis of existing IDS evaluation technique revealed shortcomings in justification of quantitative metrics that describe the efficiency and reliability IDS resolving. This makes if difficult to prove IDS evaluation technique. The purpose of the study is to increase IDS evaluation objectivity. To achive the purpose it is necessary to develop the correct technique, tools, experimental stand. The article proposes the results of development and approbation of the technique of IDS efficiency evaluation and software for it. The technique is based on defining of optimal set of attack detection accuracy scores. The technique and the software allow solving problems of comparative analysis of IDS that have similar functionality. As a result of the research, a number of task have been solved, including the selection of universal quantitative metrics for attack detection accuracy evaluation, the defining of summarised attack detection accuracy evaluation metric based on defining of pareto-optimal set of scores that ensure the confidentiality, integrity and accessibility of cloud environment information and information resources,  the development of a functional model,  a functional scheme and a software for cloud environment IDS research.

Integrated approach for sinkhole evaluation and evolution prediction in the Central Ebro Basin (NE Spain

Directory of Open Access Journals (Sweden)

Oscar Pueyo Anchuela

2017-06-01

Full Text Available Evaluation of karst hazards benefits from the integration of different techniques, methodologies and approaches. Each one presents a different signature and is sensitive to certain indicators related to karst hazards. In some cases, detailed analysis permits the evaluation of representativeness either from isolated approaches or by means of integrated analyses. In this study, we present the evaluation of an area with high density of karstic collapses at different evolutionary stages through the integration of surficial, historical, geomorphological and geophysical data in order to finally define the evolutionary model for karst activity development. The obtained dataset permits to identify different steps in sinkhole evolution: (i cavities and open sinkholes, (ii filling of these cavities, with materials having different signatures, (iii the progression from collapses to subsidence sinkholes and (iv enlargement through collapses in marginal areas of previous sinkholes. The presence of different stages of this evolutionary model permits to determine their own signatures that can be of application in contexts where analysis cannot be so systematic and also to evaluate the definition of the marginal areas of previous sinkholes as the most hazardous sectors.

Sinkhole investigated at B.C. Hydro's Bennett Dam

International Nuclear Information System (INIS)

Anon.

1996-01-01

The cause of a sinkhole which appeared in a roadway crossing an earth filled dam in B. C., was discussed. The hole measured 6 ft. across and 20 ft. deep, and occurred in B.C. Hydro's W.A.C. Bennett Dam which measures 600 ft. high, 2,600 ft. wide at the base and 35 ft. wide at the crest. The cause of the sinkhole is not known, but it is believed that a weakness in the dam may have found its way to the surface via a pipe connected to a bedrock settlement gauge buried within the dam. Sonar and ground penetrating radar were used to examine the area. The hole has been filled with gravel and monitoring continues. Experts do not anticipate immediate risk of dam failure. 1 fig

Security attack detection algorithm for electric power gis system based on mobile application

Science.gov (United States)

Zhou, Chao; Feng, Renjun; Wang, Liming; Huang, Wei; Guo, Yajuan

2017-05-01

Electric power GIS is one of the key information technologies to satisfy the power grid construction in China, and widely used in power grid construction planning, weather, and power distribution management. The introduction of electric power GIS based on mobile applications is an effective extension of the geographic information system that has been widely used in the electric power industry. It provides reliable, cheap and sustainable power service for the country. The accurate state estimation is the important conditions to maintain the normal operation of the electric power GIS. Recent research has shown that attackers can inject the complex false data into the power system. The injection attack of this new type of false data (load integrity attack LIA) can successfully bypass the routine detection to achieve the purpose of attack, so that the control center will make a series of wrong decision. Eventually, leading to uneven distribution of power in the grid. In order to ensure the safety of the electric power GIS system based on mobile application, it is very important to analyze the attack mechanism and propose a new type of attack, and to study the corresponding detection method and prevention strategy in the environment of electric power GIS system based on mobile application.

Method and apparatus for detecting cyber attacks on an alternating current power grid

Science.gov (United States)

McEachern, Alexander; Hofmann, Ronald

2017-04-11

A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.

SINKHOLE SUSCEPTIBILITY HAZARD ZONES USING GIS AND ANALYTICAL HIERARCHICAL PROCESS (AHP: A CASE STUDY OF KUALA LUMPUR AND AMPANG JAYA

Directory of Open Access Journals (Sweden)

M. A. H. M. Rosdi

2017-10-01

Full Text Available Sinkhole is not classified as new phenomenon in this country, especially surround Klang Valley. Since 1968, the increasing numbers of sinkhole incident have been reported in Kuala Lumpur and the vicinity areas. As the results, it poses a serious threat for human lives, assets and structure especially in the capital city of Malaysia. Therefore, a Sinkhole Hazard Model (SHM was generated with integration of GIS framework by applying Analytical Hierarchical Process (AHP technique in order to produced sinkhole susceptibility hazard map for the particular area. Five consecutive parameters for main criteria each categorized by five sub classes were selected for this research which is Lithology (LT, Groundwater Level Decline (WLD, Soil Type (ST, Land Use (LU and Proximity to Groundwater Wells (PG. A set of relative weights were assigned to each inducing factor and computed through pairwise comparison matrix derived from expert judgment. Lithology and Groundwater Level Decline has been identified gives the highest impact to the sinkhole development. A sinkhole susceptibility hazard zones was classified into five prone areas namely very low, low, moderate, high and very high hazard. The results obtained were validated with thirty three (33 previous sinkhole inventory data. This evaluation shows that the model indicates 64 % and 21 % of the sinkhole events fall within high and very high hazard zones respectively. Based on this outcome, it clearly represents that AHP approach is useful to predict natural disaster such as sinkhole hazard.

Sinkhole Susceptibility Hazard Zones Using GIS and Analytical Hierarchical Process (ahp): a Case Study of Kuala Lumpur and Ampang Jaya

Science.gov (United States)

Rosdi, M. A. H. M.; Othman, A. N.; Zubir, M. A. M.; Latif, Z. A.; Yusoff, Z. M.

2017-10-01

Sinkhole is not classified as new phenomenon in this country, especially surround Klang Valley. Since 1968, the increasing numbers of sinkhole incident have been reported in Kuala Lumpur and the vicinity areas. As the results, it poses a serious threat for human lives, assets and structure especially in the capital city of Malaysia. Therefore, a Sinkhole Hazard Model (SHM) was generated with integration of GIS framework by applying Analytical Hierarchical Process (AHP) technique in order to produced sinkhole susceptibility hazard map for the particular area. Five consecutive parameters for main criteria each categorized by five sub classes were selected for this research which is Lithology (LT), Groundwater Level Decline (WLD), Soil Type (ST), Land Use (LU) and Proximity to Groundwater Wells (PG). A set of relative weights were assigned to each inducing factor and computed through pairwise comparison matrix derived from expert judgment. Lithology and Groundwater Level Decline has been identified gives the highest impact to the sinkhole development. A sinkhole susceptibility hazard zones was classified into five prone areas namely very low, low, moderate, high and very high hazard. The results obtained were validated with thirty three (33) previous sinkhole inventory data. This evaluation shows that the model indicates 64 % and 21 % of the sinkhole events fall within high and very high hazard zones respectively. Based on this outcome, it clearly represents that AHP approach is useful to predict natural disaster such as sinkhole hazard.

Sinkhole formation mechanism at Steinaker Dam : the complete story

Energy Technology Data Exchange (ETDEWEB)

Dise, K. [United States Dept. of the Interior, Washington, DC (United States). Bureau of Reclamation

2009-07-01

This case history summary described an internal erosion event that occurred at a zoned earthfill dam located within the Ashley Creek watershed area of the Uinta Mountain uplift. The incident occurred under static loading. The rocks in the region are heavily fractured with close to moderately spaced joints along the bedding planes. The joints were not grouted during the dam's construction, and the foundation was not treated with dental concrete or slush grouting. The dam's core material consisted of a mixture of clay, silt and sand. A sinkhole area appeared on the downstream face of the dam and was filled. A second sinkhole appeared in 1965. Abutment grouting was performed. A core investigation study in 1992 showed that voids were present in the core. Deep dynamic compaction was used to densify the foundation materials. Voids in the gravel envelope were filled with fine sand. The investigation showed that the sinkholes were formed by seeps travelling through abutment bedrock fractures. The voids were large enough to provide an exit for the fine-grained foundation alluvial materials. It was concluded that grouting the abutment prevented higher velocity seepages that may have eventually initiated a dam breach. 6 figs.

Structural analysis of S-wave seismics around an urban sinkhole: evidence of enhanced dissolution in a strike-slip fault zone

Science.gov (United States)

Wadas, Sonja H.; Tanner, David C.; Polom, Ulrich; Krawczyk, Charlotte M.

2017-12-01

In November 2010, a large sinkhole opened up in the urban area of Schmalkalden, Germany. To determine the key factors which benefited the development of this collapse structure and therefore the dissolution, we carried out several shear-wave reflection-seismic profiles around the sinkhole. In the seismic sections we see evidence of the Mesozoic tectonic movement in the form of a NW-SE striking, dextral strike-slip fault, known as the Heßleser Fault, which faulted and fractured the subsurface below the town. The strike-slip faulting created a zone of small blocks ( sinkholes and dissolution-induced depressions. Since the processes are still ongoing, the occurrence of a new sinkhole cannot be ruled out. This case study demonstrates how S-wave seismics can characterize a sinkhole and, together with geological information, can be used to study the processes that result in sinkhole formation, such as a near-surface fault zone located in soluble rocks. The more complex the fault geometry and interaction between faults, the more prone an area is to sinkhole occurrence.

Groundwater fluxes into a submerged sinkhole area, Central Italy, using radon and water chemistry

Energy Technology Data Exchange (ETDEWEB)

Tuccimei, P. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy)]. E-mail: tuccimei@uniroma3.it; Salvati, R. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy); Capelli, G. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy); Delitala, M.C. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy); Primavera, P. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy)

2005-10-15

The groundwater contribution into Green Lake and Black Lake (Vescovo Lakes Group), two cover collapse sinkholes in Pontina Plain (Central Italy), was estimated using water chemistry and a {sup 222}Rn budget. These data can constrain the interactions between sinkholes and deep seated fluid circulation, with a special focus on the possibility of the bedrock karst aquifer feeding the lake. The Rn budget accounted for all quantifiable surface and subsurface input and output fluxes including the flux across the sediment-water interface. The total value of groundwater discharge into Green Lake and Black Lake ({approx}540 {+-} 160 L s{sup -1}) obtained from the Rn budget is lower than, but comparable with historical data on the springs group discharge estimated in the same period of the year (800 {+-} 90 L s{sup -1}). Besides being an indirect test for the reliability of the Rn-budget 'tool', it confirms that both Green and Black Lake are effectively springs and not simply 'water filled' sinkholes. New data on the water chemistry and the groundwater fluxes into the sinkhole area of Vescovo Lakes allows the assessment of the mechanism responsible for sinkhole formation in Pontina Plain and suggests the necessity of monitoring the changes of physical and chemical parameters of groundwater below the plain in order to mitigate the associated risk.

Groundwater fluxes into a submerged sinkhole area, Central Italy, using radon and water chemistry

International Nuclear Information System (INIS)

Tuccimei, P.; Salvati, R.; Capelli, G.; Delitala, M.C.; Primavera, P.

2005-01-01

The groundwater contribution into Green Lake and Black Lake (Vescovo Lakes Group), two cover collapse sinkholes in Pontina Plain (Central Italy), was estimated using water chemistry and a 222 Rn budget. These data can constrain the interactions between sinkholes and deep seated fluid circulation, with a special focus on the possibility of the bedrock karst aquifer feeding the lake. The Rn budget accounted for all quantifiable surface and subsurface input and output fluxes including the flux across the sediment-water interface. The total value of groundwater discharge into Green Lake and Black Lake (∼540 ± 160 L s -1 ) obtained from the Rn budget is lower than, but comparable with historical data on the springs group discharge estimated in the same period of the year (800 ± 90 L s -1 ). Besides being an indirect test for the reliability of the Rn-budget 'tool', it confirms that both Green and Black Lake are effectively springs and not simply 'water filled' sinkholes. New data on the water chemistry and the groundwater fluxes into the sinkhole area of Vescovo Lakes allows the assessment of the mechanism responsible for sinkhole formation in Pontina Plain and suggests the necessity of monitoring the changes of physical and chemical parameters of groundwater below the plain in order to mitigate the associated risk

A DDoS Attack Detection Method Based on SVM in Software Defined Network

Directory of Open Access Journals (Sweden)

Jin Ye

2018-01-01

Full Text Available The detection of DDoS attacks is an important topic in the field of network security. The occurrence of software defined network (SDN (Zhang et al., 2018 brings up some novel methods to this topic in which some deep learning algorithm is adopted to model the attack behavior based on collecting from the SDN controller. However, the existing methods such as neural network algorithm are not practical enough to be applied. In this paper, the SDN environment by mininet and floodlight (Ning et al., 2014 simulation platform is constructed, 6-tuple characteristic values of the switch flow table is extracted, and then DDoS attack model is built by combining the SVM classification algorithms. The experiments show that average accuracy rate of our method is 95.24% with a small amount of flow collecting. Our work is of good value for the detection of DDoS attack in SDN.

Use of sinkhole and specific capacity distributions to assess vertical gradients in a karst aquifer

Science.gov (United States)

McCoy, K.J.; Kozar, M.D.

2008-01-01

The carbonate-rock aquifer in the Great Valley, West Virginia, USA, was evaluated using a database of 687 sinkholes and 350 specific capacity tests to assess structural, lithologic, and topographic influences on the groundwater flow system. The enhanced permeability of the aquifer is characterized in part by the many sinkholes, springs, and solutionally enlarged fractures throughout the valley. Yet, vertical components of subsurface flow in this highly heterogeneous aquifer are currently not well understood. To address this problem, this study examines the apparent relation between geologic features of the aquifer and two spatial indices of enhanced permeability attributed to aquifer karstification: (1) the distribution of sinkholes and (2) the occurrence of wells with relatively high specific capacity. Statistical results indicate that sinkholes (funnel and collapse) occur primarily along cleavage and bedding planes parallel to subparallel to strike where lateral or downward vertical gradients are highest. Conversely, high specific capacity values are common along prominent joints perpendicular or oblique to strike. The similarity of the latter distribution to that of springs suggests these fractures are areas of upward-convergent flow. These differences between sinkhole and high specific capacity distributions suggest vertical flow components are primarily controlled by the orientation of geologic structure and associated subsurface fracturing. ?? 2007 Springer-Verlag.

A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks

Directory of Open Access Journals (Sweden)

Muhammad Hilmi Kamarudin

2017-01-01

Full Text Available The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification. Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR coupled with Euclidean Distance Analysis (EDA and the Chebyshev Inequality Theorem (CIT to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB is employed alongside Random Forest (RF as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.

The sinkhole of Schmalkalden, Germany - Imaging of near-surface subrosion structures and faults

Science.gov (United States)

Wadas, Sonja H.; Tschache, Saskia; Polom, Ulrich; Krawczyk, Charlotte M.

2017-04-01

In November 2010 a sinkhole of 30 m diameter and 20 m depth opened in a residential area in the village Schmalkalden, Germany, which fortunately led to damage of buildings and property only. The collapse was caused by leaching of soluble rocks in the subsurface, called subrosion. For an improved understanding of the processes leading to subrosion and sinkhole development a detailed characterization of the subsurface structures and elastic parameters is required. We used shear wave reflection seismic, which has proven to be a suitable method for high-resolution imaging of the near-surface. The village Schmalkalden is located in southern Thuringia in Germany. Since the Upper Cretaceous the area is dominated by fault tectonics, fractures and joints, which increase the rock permeability. The circulating groundwater leaches the Permian saline deposits in the subsurface and forms upward migrating cavities, which can develop into sinkholes, if the overburden collapses. In the direct vicinity of the backfilled sinkhole, five 2-D shear wave reflection seismic profiles with total length of ca. 900 m and a zero-offset VSP down to 150 m depth were acquired. For the surface profiles a 120-channel landstreamer attached with horizontal geophones and an electrodynamic micro-vibrator, exciting horizontally polarized shear waves, were used. For the VSP survey an oriented borehole probe equipped with a 3C-geophone and electrodynamic and hydraulic vibrators, exciting compression- and shear waves, were utilized. The seismic sections show high-resolution images from the surface to ca. 100 m depth. They display heterogeneous structures as indicated by strong vertical and lateral variations of the reflectors. In the near-surface, depressions are visible and zones of low seismic velocities sinkhole. The VSP data shows anomalies of the Vp-Vs ratio with values above 2,5. This indicates unstable zones correlated with the anomalies revealed by the 2-D sections. Possible factors for the

[Transport and differentiation of polycyclic aromatic hydrocarbons in air from Dashiwei karst Sinkholes in Guangxi, China].

Science.gov (United States)

Kong, Xiang-Sheng; Qi, Shi-Hua; Sun, Qian; Huang, Bao-Jian

2012-12-01

The typical karst Dashiwei Sinkholes located in Leye County, Guangxi were chosen as the study object. The air samples from the opening of Dashiwei Sinkholes to the underground river profiles were collected by polyurethane foam passive samplers (PUF-PAS), and the meteorological parameters were observed. The 16 PAHs were analyzed using GC-MS. The results showed that the total PAHs concentration in air in Dashiwei Sinkholes ranged from 33.76 ng x d(-1) to 150.86 ng x d(-1), with an average of 80.36 ng x d(-1). The mean concentrations in the cliff, the bottom and the underground river profiles were 67.17, 85.36 and 101.67 ng x d(-1), respectively. The 2-3 rings PAHs (including phenanthrene, anthracene, napnthalene and fluorene) accounted for 87.97% of the total of PAHs. The transport and accumulation processes of PAHs in air in Dashiwei Sinkholes were: the ground to the cliff section to the bottom section and then to the underground river, and the total PAHs concentrations showed an obvious increasing tendency with the decrease in altitude or increase in the length of the underground river. Low molecular weight PAHs compounds (including phenanthrene, anthracene, flourene and fluoranthene) in air went through differentiation at the bottom of the west peak, the bottom of the sinkhole and the underground river. The primary sources of PAHs were pyrogenic sources with atmosphere transport. Ambient temperature was the predominating factor influencing the transport and accumulation of gas phase PAHs in Dashiwei Sinkholes, following by wind speed, wind direction and relative humidity. Relative humidity and the temperature were the predominating factors influencing the differentiation, following by wind speed and wind direction. As a whole, a "cold trapping effect" of POPs was showed obviously in Dashiwei Sinkholes.

Rapid subsidence in damaging sinkholes: Measurement by high-precision leveling and the role of salt dissolution

Science.gov (United States)

Desir, G.; Gutiérrez, F.; Merino, J.; Carbonel, D.; Benito-Calvo, A.; Guerrero, J.; Fabregat, I.

2018-02-01

Investigations dealing with subsidence monitoring in active sinkholes are very scarce, especially when compared with other ground instability phenomena like landslides. This is largely related to the catastrophic behaviour that typifies most sinkholes in carbonate karst areas. Active subsidence in five sinkholes up to ca. 500 m across has been quantitatively characterised by means of high-precision differential leveling. The sinkholes occur on poorly indurated alluvium underlain by salt-bearing evaporites and cause severe damage on various human structures. The leveling data have provided accurate information on multiple features of the subsidence phenomena with practical implications: (1) precise location of the vaguely-defined edges of the subsidence zones and their spatial relationships with surveyed surface deformation features; (2) spatial deformation patterns and relative contribution of subsidence mechanisms (sagging versus collapse); (3) accurate subsidence rates and their spatial variability with maximum and mean vertical displacement rates ranging from 1.0 to 11.8 cm/yr and 1.9 to 26.1 cm/yr, respectively; (4) identification of sinkholes that experience continuous subsidence at constant rates or with significant temporal changes; and (5) rates of volumetric surface changes as an approximation to rates of dissolution-induced volumetric depletion in the subsurface, reaching as much as 10,900 m3/yr in the largest sinkhole. The high subsidence rates as well as the annual volumetric changes are attributed to rapid dissolution of high-solubility salts.

A Novel Real-Time DDoS Attack Detection Mechanism Based on MDRA Algorithm in Big Data

Directory of Open Access Journals (Sweden)

Bin Jia

2016-01-01

Full Text Available In the wake of the rapid development and wide application of information technology and Internet, our society has come into the information explosion era. Meanwhile, it brings in new and severe challenges to the field of network attack behavior detection due to the explosive growth and high complexity of network traffic. Therefore, an effective and efficient detection mechanism that can detect attack behavior from large scale of network traffic plays an important role. In this paper, we focus on how to distinguish the attack traffic from normal data flows in Big Data and propose a novel real-time DDoS attack detection mechanism based on Multivariate Dimensionality Reduction Analysis (MDRA. In this mechanism, we first reduce the dimensionality of multiple characteristic variables in a network traffic record by Principal Component Analysis (PCA. Then, we analyze the correlation of the lower dimensional variables. Finally, the attack traffic can be differentiated from the normal traffic by MDRA and Mahalanobis distance (MD. Compared with previous research methods, our experimental results show that higher precision rate is achieved and it approximates to 100% in True Negative Rate (TNR for detection; CPU computing time is one-eightieth and memory resource consumption is one-third of the previous detection method based on Multivariate Correlation Analysis (MCA; computing complexity is constant.

The Investigation of a Sinkhole Area in Germany by Near-Surface Active Seismic Tomography

Science.gov (United States)

Tschache, S.; Becker, D.; Wadas, S. H.; Polom, U.; Krawczyk, C. M.

2017-12-01

In November 2010, a 30 m wide and 17 m deep sinkhole occurred in a residential area of Schmalkalden, Germany, which fortunately did not harm humans, but led to damage of buildings and property. Subsequent geoscientific investigations showed that the collapse was naturally caused by the subrosion of sulfates in a depth of about 80 m. In 2012, an early warning system was established including 3C borehole geophones deployed in 50 m depth around the backfilled sinkhole. During the acquisition of two shallow 2D shear wave seismic profiles, the signals generated by a micro-vibrator at the surface were additionally recorded by the four borehole geophones of the early warning system and a VSP probe in a fifth borehole. The travel time analysis of the direct arrivals enhanced the understanding of wave propagation in the area. Seismic velocity anomalies were detected and related to structural seismic images of the 2D profiles. Due to the promising first results, the experiment was further extended by distributing vibration points throughout the whole area around the sinkhole. This time, micro-vibrators for P- and S-wave generation were used. The signals were recorded by the borehole geophones and temporary installed seismometers at surface positions close to the boreholes. The travel times and signal attenuations are evaluated to detect potential instable zones. Furthermore, array analyses are performed. The first results reveal features in the active tomography datasets consistent with structures observed in the 2D seismic images. The advantages of the presented method are the low effort and good repeatability due to the permanently installed borehole geophones. It has the potential to determine P-wave and S-wave velocities in 3D. It supports the interpretation of established investigation methods as 2D surface seismics and VSP. In our further research we propose to evaluate the suitability of the method for the time lapse monitoring of changes in the seismic wave

Intelligent Intrusion Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks

Directory of Open Access Journals (Sweden)

Khattab M. Ali Alheeti

2016-07-01

Full Text Available Vehicular ad hoc networks (VANETs play a vital role in the success of self-driving and semi self-driving vehicles, where they improve safety and comfort. Such vehicles depend heavily on external communication with the surrounding environment via data control and Cooperative Awareness Messages (CAMs exchanges. VANETs are potentially exposed to a number of attacks, such as grey hole, black hole, wormhole and rushing attacks. This work presents an intelligent Intrusion Detection System (IDS that relies on anomaly detection to protect the external communication system from grey hole and rushing attacks. These attacks aim to disrupt the transmission between vehicles and roadside units. The IDS uses features obtained from a trace file generated in a network simulator and consists of a feed-forward neural network and a support vector machine. Additionally, the paper studies the use of a novel systematic response, employed to protect the vehicle when it encounters malicious behaviour. Our simulations of the proposed detection system show that the proposed schemes possess outstanding detection rates with a reduction in false alarms. This safe mode response system has been evaluated using four performance metrics, namely, received packets, packet delivery ratio, dropped packets and the average end to end delay, under both normal and abnormal conditions.

LAN attack detection using Discrete Event Systems.

Science.gov (United States)

Hubballi, Neminath; Biswas, Santosh; Roopa, S; Ratti, Ritesh; Nandi, Sukumar

2011-01-01

Address Resolution Protocol (ARP) is used for determining the link layer or Medium Access Control (MAC) address of a network host, given its Internet Layer (IP) or Network Layer address. ARP is a stateless protocol and any IP-MAC pairing sent by a host is accepted without verification. This weakness in the ARP may be exploited by malicious hosts in a Local Area Network (LAN) by spoofing IP-MAC pairs. Several schemes have been proposed in the literature to circumvent these attacks; however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose a Discrete Event System (DES) approach for Intrusion Detection System (IDS) for LAN specific attacks which do not require any extra constraint like static IP-MAC, changing the ARP etc. A DES model is built for the LAN under both a normal and compromised (i.e., spoofed request/response) situation based on the sequences of ARP related packets. Sequences of ARP events in normal and spoofed scenarios are similar thereby rendering the same DES models for both the cases. To create different ARP events under normal and spoofed conditions the proposed technique uses active ARP probing. However, this probing adds extra ARP traffic in the LAN. Following that a DES detector is built to determine from observed ARP related events, whether the LAN is operating under a normal or compromised situation. The scheme also minimizes extra ARP traffic by probing the source IP-MAC pair of only those ARP packets which are yet to be determined as genuine/spoofed by the detector. Also, spoofed IP-MAC pairs determined by the detector are stored in tables to detect other LAN attacks triggered by spoofing namely, man-in-the-middle (MiTM), denial of service etc. The scheme is successfully validated in a test bed. Copyright © 2010 ISA. Published by Elsevier Ltd. All rights reserved.

Investigation on the possible interconnection between Kanata sinkhole, on the high plateau of Tripolis, and springs of Argos area

Energy Technology Data Exchange (ETDEWEB)

Leontiadis, I.; Dimitroulas, C.; Zouridakis, N.; Dounas, A.; Morfis, A.; Paraskevopoulou, P.

1984-07-01

/sup 51/Cr-EDTA has been used as tracer for the investigation of possible interconnection between the sinkhole Kanata, on the high Plateau of Tripolis, and springs of the areas of Argos, Achladokambos and Kinouria. By this experiment, the interconnection between the sinkhole and the submarine spring of Kiveri, as well as the springs of Xovrios Achladokambos river, is proved. Furthermore, the percentage of connection between the sinkhole and the springs, the mean transit time of the water from the sinkhole to the springs, the volume of the underground reservoir feeding the springs, etc., have been calculated.

Multi-modality imaging findings of huge intrachoroidal cavitation and myopic peripapillary sinkhole.

Science.gov (United States)

Chen, Yutong; Ma, Xiaoli; Hua, Rui

2018-02-02

Peripapillary intrachoroidal cavitation was described as the presence of an asymptomatic, well-circumscribed, yellow-orange, peripapillary lesion at the inferior border of the myopic conus in eyes with high myopia. A 66-year-old myopic Chinese man was enrolled and his multi-color imaging examination showed a well-circumscribed, caesious, peripapillary lesion coalesced with the optic nerve head vertically rotated and obliquely tilted, together with an inferotemporal sinkhole in the myopic conus. The optical coherence tomography images showed an intrachoroidal hyporeflective space, schisis, an intracavitary septum located below the retinal pigment epithelium and inserted beneath the optic nerve head, as well as a sinkhole between the peripapillary intrachoroidal cavitation and the vitreous space. Both myopic colobomas and sinkhole in myopic conus may contribute the coalescence of intrachoroidal cavitation with optic nerve head. These qualitative and quantitative new findings will be beneficial for understanding its pathomorphological mechanism, and the impact on optic nerve tissue of myopic patients.

A WEB BASED SERVICE APPLICATION FOR VISUAL SINKHOLE INVENTORY INFORMATION SYSTEM; CASE STUDY OF KONYA CLOSED BASIN

OpenAIRE

ORHAN, Osman; YAKAR, Murat; KIRTILOĞLU, Osman Sami

2017-01-01

Sinkholes are commonly defined as deep pits giving the appearance of a chimney or well resulting by collapsing of underground rivers in horizontal or near-bedded lime stones or active cave ceilings. Sinkholes appear as deep pits in the so-called karst land, usually on limestones and carbonates that are easily rinsed with water. The sinkhole occurrences in our country are very often seen on the Obruk Plateau in the Konya Closed Basin. In Karapinar region and its surroundings located in this pl...

Attacks and Intrusion Detection in Cloud Computing Using Neural Networks and Particle Swarm Optimization Algorithms

Directory of Open Access Journals (Sweden)

Ahmad Shokuh Saljoughi

2018-01-01

Full Text Available Today, cloud computing has become popular among users in organizations and companies. Security and efficiency are the two major issues facing cloud service providers and their customers. Since cloud computing is a virtual pool of resources provided in an open environment (Internet, cloud-based services entail security risks. Detection of intrusions and attacks through unauthorized users is one of the biggest challenges for both cloud service providers and cloud users. In the present study, artificial intelligence techniques, e.g. MLP Neural Network sand particle swarm optimization algorithm, were used to detect intrusion and attacks. The methods were tested for NSL-KDD, KDD-CUP datasets. The results showed improved accuracy in detecting attacks and intrusions by unauthorized users.

Sinkhole investigated at B.C. Hydro`s Bennett Dam

Energy Technology Data Exchange (ETDEWEB)

Anon.

1996-07-01

The cause of a sinkhole which appeared in a roadway crossing an earth filled dam in B. C., was discussed. The hole measured 6 ft. across and 20 ft. deep, and occurred in B.C. Hydro`s W.A.C. Bennett Dam which measures 600 ft. high, 2,600 ft. wide at the base and 35 ft. wide at the crest. The cause of the sinkhole is not known, but it is believed that a weakness in the dam may have found its way to the surface via a pipe connected to a bedrock settlement gauge buried within the dam. Sonar and ground penetrating radar were used to examine the area. The hole has been filled with gravel and monitoring continues. Experts do not anticipate immediate risk of dam failure. 1 fig.

Application Of Two Dimensional Electrical Resistivity Tomography Method For Delineating Cavities And Flowpath In Sinkhole Prone Area Of Armala Valley, Pokhara, Western Nepal

Science.gov (United States)

Bhusal, U. C.; Dwivedi, S.; Ghimire, H.; Ulak, P. D.; Khatiwada, B.; Rijal, M. L.; Neupane, Y.; Aryal, S.; Pandey, D.; Gautam, A.; Mishra, S.

2017-12-01

Sudden release of turbid groundwater through piping in the Kali Khola and subsequent formation of over one hundred twenty sinkholes since 18 November, 2013 to May, 2014 in Armala Valley in northern part of Pokhara created havoc to the local residents. The main objective of the work is to investigate subsurface anomalies so as to locate the subsurface cavities, groundwater movement and areas prone to sinkholes formation in the area. Findings of the several studies and observations carried out in area by the authors and preventive measures carried out by Department of Water Induced Disaster Management are presented in the paper. To fulfill the objective 2D-Electrical Resistivity Tomography Survey was carried out at sixty five profiles with minimum electrode spacing from 1 m to 5 m on different profiles using WDJD-4 Resistivity meter. Res2Dinv Software was used for processing and interpretation of the acquired data. Geological mapping, preparation of columnar section of the sinkholes and river bank were conducted. Hand auguring, tracer test and topography survey were also carried out in the area. Different geophysical anomalies were identified in 2D-ERT survey which indicates the presence of compositional difference in layered sediments, undulations in depositional pattern with top humus layer of thickness 0.5 m, loose unconsolidated gravel layer 0.5 m - 4 m and clayey silt/silty clay layer upto 75 m depth. The cavities were found both in clayey silt layer and gravel layer with size ranging from 1-2 m to 10-12 m in depth and 2 m-10 m in diameter either empty or water filled depending on locations. Fifteen cavities that were detected during survey were excavated and immediately filled up. Three major and four minor groundwater flow paths were detected which has been later confirmed by tracer test, formation of new sinkholes along the path and during excavation for construction of underground structures for blocking the underground flow. Major flow path was detected at

Cloud-Based DDoS HTTP Attack Detection Using Covariance Matrix Approach

Directory of Open Access Journals (Sweden)

Abdulaziz Aborujilah

2017-01-01

Full Text Available In this era of technology, cloud computing technology has become essential part of the IT services used the daily life. In this regard, website hosting services are gradually moving to the cloud. This adds new valued feature to the cloud-based websites and at the same time introduces new threats for such services. DDoS attack is one such serious threat. Covariance matrix approach is used in this article to detect such attacks. The results were encouraging, according to confusion matrix and ROC descriptors.

Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers

Directory of Open Access Journals (Sweden)

Roberto Alonso

2016-08-01

Full Text Available The Domain Name System (DNS is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS. The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.

Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers.

Science.gov (United States)

Alonso, Roberto; Monroy, Raúl; Trejo, Luis A

2016-08-17

The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS). The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting) and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.

Benthic bacterial diversity in submerged sinkhole ecosystems.

Science.gov (United States)

Nold, Stephen C; Pangborn, Joseph B; Zajack, Heidi A; Kendall, Scott T; Rediske, Richard R; Biddanda, Bopaiah A

2010-01-01

Physicochemical characterization, automated ribosomal intergenic spacer analysis (ARISA) community profiling, and 16S rRNA gene sequencing approaches were used to study bacterial communities inhabiting submerged Lake Huron sinkholes inundated with hypoxic, sulfate-rich groundwater. Photosynthetic cyanobacterial mats on the sediment surface were dominated by Phormidium autumnale, while deeper, organically rich sediments contained diverse and active bacterial communities.

Basic processes and factors determining the evolution of collapse sinkholes: a sensitivity study

Science.gov (United States)

Romanov, Douchko; Kaufmann, Georg

2017-04-01

Collapse sinkholes appear as closed depressions at the surface. The origin of these karst features is related to the continuous dissolution of the soluble rock caused by a focussed sub-surface flow. Water flowing along a preferential pathway through fissures and fractures within the phreatic part of a karst aquifer is able to dissolve the rock (limestone, gypsum, anhydrite). With time, the dissolved void volume increases and part of the ceiling above the stream can become unstable, collapses, and accumulates as debris in the flow path. The debris partially blocks the flow and thus activates new pathways. Because of the low compaction of the debris (high hydraulic conductivity), the flow and the dissolution rates within this crushed zone remain high. This allows a relatively fast dissolutional and erosional removal of the crushed material and the development of new empty voids. The void volume expands upwards towards the surface until a collapse sinkhole is formed. The collapse sinkholes exhibit a large variety of shapes (cylindrical, cone-, bowl-shaped), depths (from few to few hundred meters) and diameters (meters up to hundreds of meters). Two major processes are responsible for this diversity: a) the karst evolution of the aquifer - responsible for the dissolutional and erosional removal of material; b) the mechanical evolution of the host rock and the existence of structural features, faults for example, which determine the stability and the magnitude of the subsequent collapses. In this work we demonstrate the influence of the host rock type, the hydrological and geological boundary conditions, the chemical composition of the flowing water, and the geometry and the scale of the crushed zone, on the location and the evolution of the growing sinkhole. We demonstrate the ability of the karst evolution models to explain, at least qualitatively, the growth and the morphology of the collapse sinkholes and to roughly predict their shape and location. Implementing

Detection of Cross Site Scripting Attack in Wireless Networks Using n-Gram and SVM

Directory of Open Access Journals (Sweden)

Jun-Ho Choi

2012-01-01

Full Text Available Large parts of attacks targeting the web are aiming at the weak point of web application. Even though SQL injection, which is the form of XSS (Cross Site Scripting attacks, is not a threat to the system to operate the web site, it is very critical to the places that deal with the important information because sensitive information can be obtained and falsified. In this paper, the method to detect themalicious SQL injection script code which is the typical XSS attack using n-Gram indexing and SVM (Support Vector Machine is proposed. In order to test the proposed method, the test was conducted after classifying each data set as normal code and malicious code, and the malicious script code was detected by applying index term generated by n-Gram and data set generated by code dictionary to SVM classifier. As a result, when the malicious script code detection was conducted using n-Gram index term and SVM, the superior performance could be identified in detecting malicious script and the more improved results than existing methods could be seen in the malicious script code detection recall.

Current and Historic Sinkhole and Depression locations in Iowa

Data.gov (United States)

Iowa State University GIS Support and Research Facility — This dataset is all of the sinkholes and depressions that originated from the SSURGO spot data, and has been updated using LiDAR and historic photography to capture...

SiC: An Agent Based Architecture for Preventing and Detecting Attacks to Ubiquitous Databases

OpenAIRE

Pinzón, Cristian; de Paz Santana, Yanira; Bajo Pérez, Javier; Abraham, Ajith P.; Corchado Rodríguez, Juan M.

2009-01-01

One of the main attacks to ubiquitous databases is the structure query language (SQL) injection attack, which causes severe damages both in the commercial aspect and in the user’s confidence. This chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hierarchical distributed multiagent architecture, which involves an entirely new approach with respect to existing architectures for the prevention and detection of SQL injections. SiC incorporates a k...

Identification of karst sinkholes in a forested karst landscape using airborne laser scanning data and water flow analysis

Science.gov (United States)

Hofierka, Jaroslav; Gallay, Michal; Bandura, Peter; Šašak, Ján

2018-05-01

Karst sinkholes (dolines) play an important role in a karst landscape by controlling infiltration of surficial water, air flow or spatial distribution of solar energy. These landforms also present a limiting factor for human activities in agriculture or construction. Therefore, mapping such geomorphological forms is vital for appropriate landscape management and planning. There are several mapping techniques available; however, their applicability can be reduced in densely forested areas with poor accessibility and visibility of the landforms. In such conditions, airborne laser scanning (ALS) provides means for efficient and accurate mapping of both land and landscape canopy surfaces. Taking the benefits of ALS into account, we present an innovative method for identification and evaluation of karst sinkholes based on numerical water flow modelling. The suggested method was compared to traditional techniques for sinkhole mapping which use topographic maps and digital terrain modelling. The approach based on simulation of a rainfall event very closely matched the reference datasets derived by manual inspection of the ALS digital elevation model and field surveys. However, our process-based approach provides advantage of assessing the magnitude how sinkholes influence concentration of overland water flow during extreme rainfall events. This was performed by calculating the volume of water accumulated in sinkholes during the simulated rainfall. In this way, the influence of particular sinkholes on underground geomorphological systems can be assessed. The method was demonstrated in a case study of Slovak Karst in the West Carpathians where extreme rainfalls or snow-thaw events occur annually. We identified three spatially contiguous groups of sinkholes with a different effect on overland flow concentration. These results are discussed in relation to the known underground hydrological systems.

Underlying finite state machine for the social engineering attack detection model

CSIR Research Space (South Africa)

Mouton, Francois

2017-08-01

Full Text Available one to have a clearer overview of the mental processing performed within the model. While the current model provides a general procedural template for implementing detection mechanisms for social engineering attacks, the finite state machine provides a...

Obfuscated RSUs Vector Based Signature Scheme for Detecting Conspiracy Sybil Attack in VANETs

Directory of Open Access Journals (Sweden)

Xia Feng

2017-01-01

Full Text Available Given the popularity of vehicular Ad hoc networks (VANETs in traffic management, a new challenging issue comes into traffic safety, that is, security of the networks, especially when the adversary breaks defence. Sybil attack, for example, is a potential security threat through forging several identities to carry out attacks in VANETs. At this point, the paper proposed a solution named DMON that is a Sybil attack detection method with obfuscated neighbor relationship of Road Side Units (RSUs. DMON presents a ring signature based identification scheme and replaces vehicles’ identities with their trajectory for the purpose of anonymity. Furthermore, the neighbor relationship of RSUs is obfuscated to achieve privacy preserving of locations. The proposed scheme has been formally proved in the views of security and performance. Simulation has also been implemented to validate the scheme, in which the findings reveal the lower computational overhead and higher detection rate comparing with other related solutions.

Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming

KAUST Repository

Canepa, Edward S.

2013-01-01

Traffic sensing systems rely more and more on user generated (insecure) data, which can pose a security risk whenever the data is used for traffic flow control. In this article, we propose a new formulation for detecting malicious data injection in traffic flow monitoring systems by using the underlying traffic flow model. The state of traffic is modeled by the Lighthill-Whitham- Richards traffic flow model, which is a first order scalar conservation law with concave flux function. Given a set of traffic flow data, we show that the constraints resulting from this partial differential equation are mixed integer linear inequalities for some decision variable. We use this fact to pose the problem of detecting spoofing cyber-attacks in probe-based traffic flow information systems as mixed integer linear feasibility problem. The resulting framework can be used to detect spoofing attacks in real time, or to evaluate the worst-case effects of an attack offline. A numerical implementation is performed on a cyber-attack scenario involving experimental data from the Mobile Century experiment and the Mobile Millennium system currently operational in Northern California. © 2013 IEEE.

Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming

KAUST Repository

Canepa, Edward S.

2013-09-01

Traffic sensing systems rely more and more on user generated (insecure) data, which can pose a security risk whenever the data is used for traffic flow control. In this article, we propose a new formulation for detecting malicious data injection in traffic flow monitoring systems by using the underlying traffic flow model. The state of traffic is modeled by the Lighthill- Whitham-Richards traffic flow model, which is a first order scalar conservation law with concave flux function. Given a set of traffic flow data generated by multiple sensors of different types, we show that the constraints resulting from this partial differential equation are mixed integer linear inequalities for a specific decision variable. We use this fact to pose the problem of detecting spoofing cyber attacks in probe-based traffic flow information systems as mixed integer linear feasibility problem. The resulting framework can be used to detect spoofing attacks in real time, or to evaluate the worst-case effects of an attack offliine. A numerical implementation is performed on a cyber attack scenario involving experimental data from the Mobile Century experiment and the Mobile Millennium system currently operational in Northern California. © American Institute of Mathematical Sciences.

A New Mechanism to Improve the Detection Rate of Shilling Attacks in the Recommender Systems

Directory of Open Access Journals (Sweden)

javad nehriri

2017-12-01

Full Text Available Recommender systems are widely used, in social networks and online stores, to overcome the problems caused by the large amount of information. Most of these systems use a collaborative filtering method to generate recommendations to the users. But, as in this method users’ feedback is considered for recommendations, it can be significantly erroneous by the malicious people. In other words, there may be some users who open fake profiles and vote one-sided or biased in the system that may cause disturbance in providing proper recommendations to other users. This kind of damage is said to be shiling attacks. If the attackers succeed, the user's trust in the recommender systems will reduce. In recent years, efficient attack detection algorithms have been proposed, but each has its own limitations. In this paper, we use profile-based and item-based algorithms to provide a new mechanism to significantly reduce the detection error for shilling attacks.

A geomechanical model of a sinkhole formation

Science.gov (United States)

Danchiv, Alexandru; Zamfirescu, Florian; Mocuta, Marius; Popa, Iulian; Zlibut, Alexandru; Huggenberger, Peter; Zechner, Eric; Dresmann, Horst; Scheidler, Stefan; Wiesmeier, Stefan

2016-04-01

On December 2010 a sinkhole was suddenly formed close to the eastern flank of Ocna-Mures salt dome. Soon after the collapse the sinkhole was filled with brine forming a salt lake called Plus Lake. The total volume of sinkhole of about 100000 m3 remained constant since February 2011. The Ocna Mures salt dome is situated on the western border of the Transylvanian basin (Romania) and has been exploited for a long time. The ceilings of some shallow mine chambers are now collapsed and filled with brine. Along the eastern flank of the salt dome there is a disturbed zone due to diapirism. Its presence is suggested by the strong fragmentation of rock in the boreholes drilled along the salt-sterile contact, as it resulted from the low values of RQD index. The sinkhole is probably due to a pressure increase along the diapir flank. The causes of this sudden increase of pressure are not well known. Most probably it is due to the damage of the tubing of a flank borehole as mentioned in a technical report of the exploiting company. The injected fresh water expelled through the breaches of the damaged borehole and, due to the high pressure flushed up the crushed material of the disturbed zone. In order to better understand the setting up of the Plus Lake joint research efforts were performed by teams from Bucharest and Basel Universities since 2013. For the geomechanical approach a numerical model was performed using the Flac 7.0 code. In a first stage the creep behavior of salt was analyzed considering a Norton creep law. It resulted that after 100 years the salt reached equilibrium, the creep could be neglected and in a first approximation mechanical equilibrium could be analyzed considering only an elasto-plastic behavior of both the salt and the sterile. For both the salt and the surrounding sedimentary rocks the Mohr-Coulomb criterion was considered. The properties of sterile rocks were estimated following the GSI system. Due to poor rock quality the strength parameters have

Structural analysis of S-wave seismics around an urban sinkhole: evidence of enhanced dissolution in a strike-slip fault zone

Directory of Open Access Journals (Sweden)

S. H. Wadas

2017-12-01

Full Text Available In November 2010, a large sinkhole opened up in the urban area of Schmalkalden, Germany. To determine the key factors which benefited the development of this collapse structure and therefore the dissolution, we carried out several shear-wave reflection-seismic profiles around the sinkhole. In the seismic sections we see evidence of the Mesozoic tectonic movement in the form of a NW–SE striking, dextral strike-slip fault, known as the Heßleser Fault, which faulted and fractured the subsurface below the town. The strike-slip faulting created a zone of small blocks ( < 100 m in size, around which steep-dipping normal faults, reverse faults and a dense fracture network serve as fluid pathways for the artesian-confined groundwater. The faults also acted as barriers for horizontal groundwater flow perpendicular to the fault planes. Instead groundwater flows along the faults which serve as conduits and forms cavities in the Permian deposits below ca. 60 m depth. Mass movements and the resulting cavities lead to the formation of sinkholes and dissolution-induced depressions. Since the processes are still ongoing, the occurrence of a new sinkhole cannot be ruled out. This case study demonstrates how S-wave seismics can characterize a sinkhole and, together with geological information, can be used to study the processes that result in sinkhole formation, such as a near-surface fault zone located in soluble rocks. The more complex the fault geometry and interaction between faults, the more prone an area is to sinkhole occurrence.

A Multi-Sensor Approach to Documenting a Large Collapse Sinkhole in West-Central Florida

Science.gov (United States)

Collins, L. D.; Kiflu, H. G.; Robinson, T.; Doering, T.; Eilers, D.; Rodgers, M.; Kruse, S.; Landry, S.; Braunmiller, J.; Speed, G.; Gonzalez, J.; McKenzie, R.

2017-12-01

The Saxon Lake sinkhole collapse of July 14, 2017 in Land O Lakes, Florida, caused the destruction of two homes and the evacuation of nine additional residences. The sinkhole is slightly oval with dimensions of approximately 51 meters east-west and 42 meters north-south, and it is reportedly 15 meters deep. This is presumably the largest sinkhole to form in Pasco County during the last 30 years. The surface collapse happened rapidly and continued over three days, with slumping and erosion increasing the size. The site is located near two natural lakes in a housing development from the late 1960s. This occurrence is within an area of well-developed karst, with a number of natural lakes. We present preliminary analysis of the sequence of deformation, sinkhole geometry, surrounding subsurface structures, and seismic activity. Data are assembled from terrestrial and aerial LiDAR, UAS survey and PhoDAR modeling, aerial imagery, ground penetrating radar, lake-bottom profiling, and seismic monitoring. Additionally, multi-sensor data were brought together in a Geographic Information Systems (GIS) and included an analysis of georeferenced historic imagery and maps. These spatial data indicate historic land use change and development alterations that included lake shore reconfiguration, canal construction, and connection of lake water systems in the area of impact. Three subsidence reports from the 1980s are also recorded within 500 meters of the collapse.

On-Line Detection of Distributed Attacks from Space-Time Network Flow Patterns

National Research Council Canada - National Science Library

Baras, J. S; Cardenas, A. A; Ramezani, V

2003-01-01

.... The directionality of the change in a network flow is assumed to have an objective or target. The particular problem of detecting distributed denial of service attacks from distributed observations is presented as a working framework...

A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

Directory of Open Access Journals (Sweden)

Yuntao Zhao

2018-01-01

Full Text Available The application-layer distributed denial of service (AL-DDoS attack makes a great threat against cyberspace security. The attack detection is an important part of the security protection, which provides effective support for defense system through the rapid and accurate identification of attacks. According to the attacker’s different URL of the Web service, the AL-DDoS attack is divided into three categories, including a random URL attack and a fixed and a traverse one. In order to realize identification of attacks, a mapping matrix of the joint entropy vector is constructed. By defining and computing the value of EUPI and jEIPU, a visual coordinate discrimination diagram of entropy vector is proposed, which also realizes data dimension reduction from N to two. In terms of boundary discrimination and the region where the entropy vectors fall in, the class of AL-DDoS attack can be distinguished. Through the study of training data set and classification, the results show that the novel algorithm can effectively distinguish the web server DDoS attack from normal burst traffic.

Sinkholes, subsidence and subrosion on the eastern shore of the Dead Sea as revealed by a close-range photogrammetric survey

Science.gov (United States)

Al-Halbouni, Djamil; Holohan, Eoghan P.; Saberi, Leila; Alrshdan, Hussam; Sawarieh, Ali; Closson, Damien; Walter, Thomas R.; Dahm, Torsten

2017-05-01

Ground subsidence and sinkhole collapse are phenomena affecting regions of karst geology worldwide. The rapid development of such phenomena around the Dead Sea in the last four decades poses a major geological hazard to the local population, agriculture and industry. Nonetheless many aspects of this hazard are still incompletely described and understood, especially on the eastern Dead Sea shore. In this work, we present a first low altitude (sinkhole area of Ghor Al-Haditha, Jordan. We provide a detailed qualitative and quantitative analysis of a new, high resolution digital surface model (5 cm px-1) and orthophoto of this area (2.1 km2). We also outline the factors affecting the quality and accuracy of this approach. Our analysis reveals a kilometer-scale sinuous depression bound partly by flexure and partly by non-tectonic faults. The estimated minimum volume loss of this subsided zone is 1.83 ṡ 106 m3 with an average subsidence rate of 0.21 m yr-1 over the last 25 years. Sinkholes in the surveyed area are localized mainly within this depression. The sinkholes are commonly elliptically shaped (mean eccentricity 1.31) and clustered (nearest neighbor ratio 0.69). Their morphologies and orientations depend on the type of sediment they form in: in mud, sinkholes have a low depth to diameter ratio (0.14) and a long-axis azimuth of NNE-NE. In alluvium, sinkholes have a higher ratio (0.4) and are orientated NNW-N. From field work, we identify actively evolving artesian springs and channelized, sediment-laden groundwater flows that appear locally in the main depression. Consequently, subrosion, i.e. subsurface mechanical erosion, is identified as a key physical process, in addition to dissolution, behind the subsidence and sinkhole hazard. Furthermore, satellite image analysis links the development of the sinuous depression and sinkhole formation at Ghor Al-Haditha to preferential groundwater flow paths along ancient and current wadi riverbeds.

Benthic Bacterial Diversity in Submerged Sinkhole Ecosystems▿ †

Science.gov (United States)

Nold, Stephen C.; Pangborn, Joseph B.; Zajack, Heidi A.; Kendall, Scott T.; Rediske, Richard R.; Biddanda, Bopaiah A.

2010-01-01

Physicochemical characterization, automated ribosomal intergenic spacer analysis (ARISA) community profiling, and 16S rRNA gene sequencing approaches were used to study bacterial communities inhabiting submerged Lake Huron sinkholes inundated with hypoxic, sulfate-rich groundwater. Photosynthetic cyanobacterial mats on the sediment surface were dominated by Phormidium autumnale, while deeper, organically rich sediments contained diverse and active bacterial communities. PMID:19880643

Monitoring the snowpack volume in a sinkhole on Mount Lebanon using time lapse Photogrammetry

Science.gov (United States)

Abou Chakra, C.; Gascoin, S.; Somma, J.; Drapeau, L.; Fanise, P.

2017-12-01

Lebanon is one of the richest country in the Middle East for water resources, thanks to its mountain ranges that trigger precipitation from the moist air masses coming from the Mediterranean Sea. Snowpack acts as natural water storage in winter and supply fresh water during spring and summer. Yet, Lebanon is facing a serious water scarcity problem due to: i) decreasing amount of precipitation and climate change; ii) major growth of population of original residence and large number of refugees during regional wars. Therefore, continuous and systematic monitoring of the Lebanese water resources is becoming crucial. The Mount Lebanon is made of karstic depressions named "sinkholes". It is important to monitor the snowmelt process inside these sinkholes because of their key role as "containers" of seasonal snow. By isolating the snowpack from sun radiation and wind, they slow down the natural melting process and sublimation, thus delaying as well the low water flow period. An observatory is set up to monitor the snowpack evolution in a pilot sinkhole located in Mount Lebanon. The system uses three time-lapse cameras and structure-from-motion principles to reconstruct the snow volume within the sinkhole. The approach is validated by standard topographic surveys. The results indicate that snow depth can be retrieved with an accuracy between 20 and 60 cm (residuals standard deviation) and a low bias of 50 cm after coregistration of the digital elevation models.

Formation of regolith-collapse sinkholes in southern Illinois: Interpretation and identification of associated buried cavities

Science.gov (United States)

Panno, S.V.; Wiebel, C.P.; Heigold, P.C.; Reed, P.C.

1994-01-01

Three regolith-collapse sinkholes formed near the Dongola Unit School and the Pentecostal Church in the southern Illinois village of Dongola (Union County) during the spring of 1993. The sinkholes appeared over a three-month period that coincided with development of a new municipal well. The new well was drilled through clay-rich, valley-fill sediment into karstified limestone bedrock. The piezometric surface of the limestone aquifer is above land surface, indicating the presence of an upward hydraulic gradient in the valley and that the valley fill is acting as a confining unit. Pumping during development of the well lowered the piezometric surface of the limestone aquifer to an elevation below the base of the valley fill. It is hypothesized that drainage of water from the sediments, the resulting loss of hydrostatic pressure and buoyant force in overlying sediments, increased intergranular pressure, and the initiation of groundwater flow toward the well resulted in rapid sediment transport, subsurface erosion, and collapse of the valley-fill sediment. The sinkholes follow an approximately east-west alignment, which is consistent with one of the two dominant alignments of passages of nearby joint-controlled caves. A constant electrode-separation resistivity survey of the school playground was conducted to locate areas that might contain incipient sinkholes. The survey revealed a positive resistivity anomaly trending N75E in the southern part of the study area. The anomaly is linear, between 5 and 10 m wide, and its trend either intersects or is immediately adjacent to the three sinkholes. The anomaly is interpreted to be a series of pumping-induced cavities in the valley-fill sediments that formed over a preexisting crevice in the karstified bedrock limestone. ?? 1994 Springer-Verlag.

Investigation on the possible interconnection of the Kanata sinkhole, on the high plateau of Tripolis, and the springs of Argos areas (Peloponnese, Greece)

International Nuclear Information System (INIS)

Leontiadis, Ioannis L.; Dimitroulas, Christos; Zouridakis, N.; Dounas, Athanasios; Morfis, A.; Paraskevopoulou, P.

1984-07-01

51 Cr-EDTA has been used as tracer for the investigation of the possible interconnection of the Kanata sinkhole, on the high plateau of Tripolis, and the springs of the Argos areas Achladokampos and Kinouria. By this experiment the interconnection of the sinkhole and the submarine spring of Kiveri, as well as the springs of Xovrios river (Achladokampos) is proved. Furthermore, the percentage of connection between the sinkhole and the springs, the mean transit time of the water from the sinkhole to the springs, the volume of the underground reservoir feeding the springs, etc. have been calculated. (author)

Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

Energy Technology Data Exchange (ETDEWEB)

Popovsky, Barbara; Narvaez Suarez, Julia F.; Seifert, Christian; Frincke, Deborah A.; O' Neil, Lori R.; Aval, Chiraag U.

2009-07-24

This paper presents the application of deception theory to improve the success of client honeypots at detecting malicious web page attacks from infected servers programmed by online criminals to launch drive-by-download attacks. The design of honeypots faces three main challenges: deception, how to design honeypots that seem real systems; counter-deception, techniques used to identify honeypots and hence defeating their deceiving nature; and counter counter-deception, how to design honeypots that deceive attackers. The authors propose the application of a deception model known as the deception planning loop to identify the current status on honeypot research, development and deployment. The analysis leads to a proposal to formulate a landscape of the honeypot research and planning of steps ahead.

Coordinated motility of cyanobacteria favor mat formation, photosynthesis and carbon burial in low-oxygen, high-sulfur shallow sinkholes of Lake Huron; whereas deep-water aphotic sinkholes are analogs of deep-sea seep and vent ecosystems

Science.gov (United States)

Biddanda, B. A.; McMillan, A. C.; Long, S. A.; Snider, M. J.; Weinke, A. D.; Dick, G.; Ruberg, S. A.

2016-02-01

Microbial life in submerged sinkhole ecosystems of the Laurentian Great Lakes is relatively understudied in comparison to seeps and vents of the deep-sea. We studied the filamentous benthic mat-forming cyanobacteria consisting primarily of Oscillatoria-like cells growing under low-light, low-oxygen and high-sulfur conditions in Lake Huron's submerged sinkholes using in situ observations, in vitro measurements and time-lapse microscopy. Gliding movement of the cyanobacterial trichomes revealed individual as well as group-coordinated motility. When placed in a petri dish and dispersed in ground water from the sinkhole, filaments re-aggregated into defined colonies within minutes. Measured speed of individual filaments ranged from 50 µm minute-1 or 15 body lengths minute-1 to 215 µm minute-1 or 70 body lengths minute-1 - rates that are rapid relative to non-flagellated/ciliated microbes. Filaments exhibited precise and coordinated positive phototaxis towards pinpoints of light and congregated under the light of foil cutouts. Such light-responsive clusters showed an increase in photosynthetic yield - suggesting phototactic motility aids in light acquisition as well as photosynthesis. Pebbles and pieces of broken shells placed upon the mat in intact sediemnt cores were quickly covered by vertically motile filaments within hours and became fully buried in the anoxic sediments over 3-4 diurnal cycles - likely facilitating the preservation of falling plankton debris. Coordinated horizontal and vertical filament motility optimize mat cohesion and dynamics, photosynthetic efficiency and sedimentary carbon burial in modern-day sinkhole habitats where life operates across sharp redox gradients. Analogous cyanobacterial motility in the shallow seas during Earth's early history, may have played a key role in the oxygenation of the planet by optimizing photosynthesis while favoring carbon burial. We are now eagerly mapping and exploring life in deep-water aphotic sinkholes of

Application of electrical resistivity tomography techniques for mapping man-made sinkholes

Science.gov (United States)

Rey, J.; Martínez, J.; Hidalgo, C.; Dueñas, J.

2012-04-01

The suitability of the geophysical prospecting by electrical resistivity tomography to detect and map man-made subsurface cavities and related sinkholes has been studied in the Linares abandoned mining district (Spain). We have selected for this study four mined sectors constituted of different lithologies: granite and phyllites of Paleozoic age, and Triassic shales and sandstones. In three of these sectors, detail underground topographic surveys were carried out to chart the position and dimensions of the mining voids (galleries and chamber), in order to analyze the resolution of this methodology to characterize these cavities by using different electrode arrays. The results are variable, depending on the depth and diameter of the void, the selected electrode array, the spacing between electrodes, geological complexity and data density. These results also indicate that when the cavity is empty, an anomaly with a steep gradient and high resistivity values is registered, because the air that fills the mining void is dielectric, while when the cavities are filled with fine grain sediments, frequently saturated in water, the electrical resistance is lower. In relation with the three different multi-electrode arrays tested, the Wenner-Schlumberger array has resulted to offer the maximum resolution in all these cases, with lower and more stable values for the RMS than the other arrays. Therefore, this electrode array has been applied in the fourth studied sector, a former mine near the city centre of Linares, in an area of urban expansion in which there are problems of subsidence. Two sets of four electrical tomography profiles have been carried out, perpendicular to each other, and which have allowed reaching depths of research between 30-35 m. This net-array allowed the identification of two shallow anomalies of low resistivity values, interpreted as old mining galleries filled with fine material saturated in water. It also allows detecting two fractures, correlated

Engineering geologic conditions at the sinkhole entrance to Logan Cave, Benton County, Arkansas

Science.gov (United States)

Schulz, William H.; McKenna, Jonathan P.

2004-01-01

Logan Cave, located in Benton County, Arkansas, is inhabited by several endangered and threatened species. The cave and surrounding area was designated a National Wildlife Refuge under the control of the U.S. Fish and Wildlife Service (USFWS) in 1989. Cave researchers access the cave through a steep-sided sinkhole entrance, which also is one of the two access points used by endangered bats. There is evidence of instability of one of the entrance slopes that has raised concerns that the entrance could close if slope failure was to occur. At the request of USFWS, we performed an engineering geologic investigation of the sinkhole to evaluate stability of this slope, which is comprised of soil, and other mechanisms of sediment transport into the cave entrance. The investigation included engineering geologic mapping, sampling and laboratory testing of subsurface geologic materials, and slope-stability analysis. We found that the sinkhole slope that extends into the entrance of the cave is comprised of sandy and gravelly soil to the depths explored (6.4 meters). This soil likely was deposited as alluvium within a previous, larger sinkhole. Based on properties of the alluvium, geometry of the slope, and results of finite-element slope-stability analyses, we conclude that the slope is marginally stable. Future failures of the slope probably would be relatively thin and small, thus several would be required to completely close the cave entrance. However, sediment is accumulating within the cave entrance due to foot traffic of those accessing the cave, surface-water erosion and transport, and shallow slope failures from the other sinkhole slopes. We conclude that the entrance will be closed by sediment in the future, similar to another entrance that we identified that completely closed in the past. Several measures could be taken to reduce the potential for closure of the cave entrance, including periodic sediment removal, installation of materials that reduce erosion by

Effect of an offshore sinkhole perforation in a coastal confined aquifer on submarine groundwater discharge

Science.gov (United States)

Fratesi, S.E.; Leonard, V.; Sanford, W.E.

2007-01-01

In order to explore submarine groundwater discharge in the vicinity of karst features that penetrate the confining layer of an offshore, partially confined aquifer, we constructed a three-dimensional groundwater model using the SUTRA (Saturated-Unsaturated TRAnsport) variable-density groundwater flow model. We ran a parameter sensitivity analysis, testing the effects of recharge rates, permeabilities of the aquifer and confining layer, and thickness of the confining layer. In all simulations, less than 20% of the freshwater recharge for the entire model exits through the sinkhole. Recirculated seawater usually accounts for 10-30% of the total outflow from the model. Often, the sinkhole lies seaward of the transition zone and acts as a recharge feature for recirculating seawater. The permeability ratio between aquifer and confining layer influences the configuration of the freshwater wedge the most; as confining layer permeability decreases, the wedge lengthens and the fraction of total discharge exiting through the sinkhole increases. Copyright ?? 2007 IAHS Press.

Shilling attack detection for recommender systems based on credibility of group users and rating time series.

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Qu, Qiang; Zeng, Jun; Cheng, Tian

2018-01-01

Recommender systems are vulnerable to shilling attacks. Forged user-generated content data, such as user ratings and reviews, are used by attackers to manipulate recommendation rankings. Shilling attack detection in recommender systems is of great significance to maintain the fairness and sustainability of recommender systems. The current studies have problems in terms of the poor universality of algorithms, difficulty in selection of user profile attributes, and lack of an optimization mechanism. In this paper, a shilling behaviour detection structure based on abnormal group user findings and rating time series analysis is proposed. This paper adds to the current understanding in the field by studying the credibility evaluation model in-depth based on the rating prediction model to derive proximity-based predictions. A method for detecting suspicious ratings based on suspicious time windows and target item analysis is proposed. Suspicious rating time segments are determined by constructing a time series, and data streams of the rating items are examined and suspicious rating segments are checked. To analyse features of shilling attacks by a group user's credibility, an abnormal group user discovery method based on time series and time window is proposed. Standard testing datasets are used to verify the effect of the proposed method.

An improved technique for the detection of pilot contamination attacks in TDD wireless communication systems

Directory of Open Access Journals (Sweden)

Mihaylova Dimitriya

2017-01-01

Full Text Available One of the problems phasing the physical layer security of a wireless system is its vulnerability to pilot contamination attacks and hence schemes for its detection need to be applied. A method proposed in the literature consists of training with two N-PSK pilots. Although the method is effective in most of the cases, it is not able to discover an attack initiated during the transmission of the second pilot from the pair if both the legitimate and non-legitimate pilots coincide. In this current paper, an improvement to this method is proposed which detects an intruder who misses the first pilot transmission. The suggested improvement eliminates the usage of threshold values in the detection – a main drawback of previously existing solution.

Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment

Directory of Open Access Journals (Sweden)

Ady Wahyudi Paundu

2018-01-01

Full Text Available Cache-based side channel attack (CSCa techniques in virtualization systems are becoming more advanced, while defense methods against them are still perceived as nonpractical. The most recent CSCa variant called Flush + Flush has showed that the current detection methods can be easily bypassed. Within this work, we introduce a novel monitoring approach to detect CSCa operations inside a virtualization environment. We utilize the Kernel Virtual Machine (KVM event data in the kernel and process this data using a machine learning technique to identify any CSCa operation in the guest Virtual Machine (VM. We evaluate our approach using Receiver Operating Characteristic (ROC diagram of multiple attack and benign operation scenarios. Our method successfully separate the CSCa datasets from the non-CSCa datasets, on both trained and nontrained data scenarios. The successful classification also include the Flush + Flush attack scenario. We are also able to explain the classification results by extracting the set of most important features that separate both classes using their Fisher scores and show that our monitoring approach can work to detect CSCa in general. Finally, we evaluate the overhead impact of our CSCa monitoring method and show that it has a negligible computation overhead on the host and the guest VM.

Integrated situational awareness for cyber attack detection, analysis, and mitigation

Science.gov (United States)

Cheng, Yi; Sagduyu, Yalin; Deng, Julia; Li, Jason; Liu, Peng

2012-06-01

Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.

Automated Discovery of Mimicry Attacks

National Research Council Canada - National Science Library

Giffin, Jonathon T; Jha, Somesh; Miller, Barton P

2006-01-01

.... These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model...

The current status of mapping karst areas and availability of public sinkhole-risk resources in karst terrains of the United States

Science.gov (United States)

Kuniansky, Eve L.; Weary, David J.; Kaufmann, James E.

2016-01-01

Subsidence from sinkhole collapse is a common occurrence in areas underlain by water-soluble rocks such as carbonate and evaporite rocks, typical of karst terrain. Almost all 50 States within the United States (excluding Delaware and Rhode Island) have karst areas, with sinkhole damage highest in Florida, Texas, Alabama, Missouri, Kentucky, Tennessee, and Pennsylvania. A conservative estimate of losses to all types of ground subsidence was $125 million per year in 1997. This estimate may now be low, as review of cost reports from the last 15 years indicates that the cost of karst collapses in the United States averages more than $300 million per year. Knowing when a catastrophic event will occur is not possible; however, understanding where such occurrences are likely is possible. The US Geological Survey has developed and maintains national-scale maps of karst areas and areas prone to sinkhole formation. Several States provide additional resources for their citizens; Alabama, Colorado, Florida, Indiana, Iowa, Kentucky, Minnesota, Missouri, Ohio, and Pennsylvania maintain databases of sinkholes or karst features, with Florida, Kentucky, Missouri, and Ohio providing sinkhole reporting mechanisms for the public.

Inadequate stakeholder management and its effect on a coherent sinkhole risk management strategy: The case of the Merafong Local Municipality, South Africa

Directory of Open Access Journals (Sweden)

Tshepo Moshodi

2016-09-01

Full Text Available The Merafong Local Municipality (MLM has historically suffered financial and human losses because of the presence of dolomite and the consequent formation of sinkholes. There is a great need for the MLM to address the risk posed by sinkholes to ensure the continued safety of communities. However, as the risk is so pervasive, the MLM needs to coordinate their risk reduction strategies with a wide array of stakeholders in the municipality. Efficient stakeholder management is thus crucial if the sinkhole risk is to be addressed appropriately. This article reviews the current status of stakeholder management in the MLM as it pertains to the formulation of a holistic sinkhole risk reduction strategy. Findings indicate that there are serious deficiencies in the MLM’s stakeholder management relating to key risk management processes such as community involvement in risk management structures, disaster risk assessment, training and awareness, and early warning and response. Improved stakeholder management could be characterised by the following factors: improved two-way communication between the municipality and community stakeholders, fostering a relationship based upon trust and equality amongst stakeholders, participation by a wide array of stakeholder groups affected by the sinkhole risk and a mutual commitment by all stakeholders to address the risk. These factors could contribute to enhancing current and future sinkhole risk reduction strategies.

Localization-Free Detection of Replica Node Attacks in Wireless Sensor Networks Using Similarity Estimation with Group Deployment Knowledge

Directory of Open Access Journals (Sweden)

Chao Ding

2017-01-01

Full Text Available Due to the unattended nature and poor security guarantee of the wireless sensor networks (WSNs, adversaries can easily make replicas of compromised nodes, and place them throughout the network to launch various types of attacks. Such an attack is dangerous because it enables the adversaries to control large numbers of nodes and extend the damage of attacks to most of the network with quite limited cost. To stop the node replica attack, we propose a location similarity-based detection scheme using deployment knowledge. Compared with prior solutions, our scheme provides extra functionalities that prevent replicas from generating false location claims without deploying resource-consuming localization techniques on the resource-constraint sensor nodes. We evaluate the security performance of our proposal under different attack strategies through heuristic analysis, and show that our scheme achieves secure and robust replica detection by increasing the cost of node replication. Additionally, we evaluate the impact of network environment on the proposed scheme through theoretic analysis and simulation experiments, and indicate that our scheme achieves effectiveness and efficiency with substantially lower communication, computational, and storage overhead than prior works under different situations and attack strategies.

Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

Science.gov (United States)

Hu, Haibin

2017-05-01

Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Sinkhole susceptibility mapping using the analytical hierarchy process (AHP) and magnitude-frequency relationships: A case study in Hamadan province, Iran

Science.gov (United States)

Taheri, Kamal; Gutiérrez, Francisco; Mohseni, Hassan; Raeisi, Ezzat; Taheri, Milad

2015-04-01

Since 1989, an increasing number of sinkhole occurrences have been reported in the Kabudar Ahang and Razan-Qahavand subcatchments (KRQ) of Hamadan province, western Iran. The sinkhole-related subsidence phenomenon poses a significant threat for people and human structures, including sensitive facilities like the Hamadan Power Plant. Groundwater over-exploitation from the thick alluvial cover and the underlying cavernous limestone has been identified as the main factor involved in sinkhole development. A sinkhole susceptibility model was produced in a GIS environment applying the analytical hierarchy process (AHP) approach and considering a selection of eight factors, each categorized into five classes: distance to faults (DF), water level decline (WLD), groundwater exploitation (GE), penetration of deep wells into karst bedrock (PKA), distance to deep wells (DDW), groundwater alkalinity (GA), bedrock lithology (BL), and alluvium thickness (AT). Relative weights were preliminarily assigned to each factor and to their different classes through systematic pairwise comparisons based on expert judgment. The resulting sinkhole susceptibility index (SSI) values were then classified into four susceptibility classes: low, moderate, high and very high susceptibility. Subsequently, the model was refined through a trial and error process involving changes in the relative weights and iterative evaluation of the prediction capability. Independent evaluation of the final model indicates that 55% and 45% of the subsidence events fall within the very high and high, susceptibility zones, respectively. The results of this study show that AHP can be a useful approach for susceptibility assessment if data on the main controlling factors have sufficient accuracy and spatial coverage. The limitations of the model are partly related to the difficulty of gathering data on some important geological factors, due to their hidden nature. The magnitude and frequency relationship constructed

Detecting Sybil Attacks in Cloud Computing  Environments Based on Fail‐Stop Signature

Directory of Open Access Journals (Sweden)

JongBeom Lim

2017-03-01

Full Text Available Due to the loosely coupled property of cloud computing environments, no node has complete knowledge of the system. For this reason, detecting a Sybil attack in cloud computing environments is a non‐trivial task. In such a dynamic system, the use of algorithms based on tree or ring structures for collecting the global state of the system has unfortunate downsides, that is, the structure should be re‐constructed in the presence of node joining and leaving. In this paper, we propose an unstructured Sybil attack detection algorithm in cloud computing environments. Our proposed algorithm uses one‐to‐one communication primitives rather than broadcast primitives and, therefore, the message complexity can be reduced. In our algorithmic design, attacker nodes forging multiple identities are effectively detected by normal nodes with the fail‐stop signature scheme. We show that, regardless of the number of attacker nodes, our Sybil attack detection algorithm is able to reach consensus.

Detection and Modeling of Cyber Attacks with Petri Nets

Directory of Open Access Journals (Sweden)

Bartosz Jasiul

2014-12-01

Full Text Available The aim of this article is to present an approach to develop and verify a method of formal modeling of cyber threats directed at computer systems. Moreover, the goal is to prove that the method enables one to create models resembling the behavior of malware that support the detection process of selected cyber attacks and facilitate the application of countermeasures. The most common cyber threats targeting end users and terminals are caused by malicious software, called malware. The malware detection process can be performed either by matching their digital signatures or analyzing their behavioral models. As the obfuscation techniques make the malware almost undetectable, the classic signature-based anti-virus tools must be supported with behavioral analysis. The proposed approach to modeling of malware behavior is based on colored Petri nets. This article is addressed to cyber defense researchers, security architects and developers solving up-to-date problems regarding the detection and prevention of advanced persistent threats.

A GIS analysis of the relationship between sinkholes, dry-well complaints and groundwater pumping for frost-freeze protection of winter strawberry production in Florida.

Directory of Open Access Journals (Sweden)

Mark D Aurit

Full Text Available Florida is riddled with sinkholes due to its karst topography. Sometimes these sinkholes can cause extensive damage to infrastructure and homes. It has been suggested that agricultural practices, such as sprinkler irrigation methods used to protect crops, can increase the development of sinkholes, particularly when temperatures drop below freezing, causing groundwater levels to drop quickly during groundwater pumping. In the strawberry growing region, Dover/Plant City, Florida, the effects have caused water shortages resulting in dry-wells and ground subsidence through the development of sinkholes that can be costly to maintain and repair. In this study, we look at how frost-freeze events have affected West Central Florida over the past 25 years with detailed comparisons made between two cold-years (with severe frost-freeze events and a warm year (no frost-freeze events. We analyzed the spatial and temporal correlation between strawberry farming freeze protection practices and the development of sinkholes/dry well complaints, and assessed the economic impact of such events from a water management perspective by evaluating the cost of repairing and drilling new wells and how these compared with using alternative crop-protection methods. We found that the spatial distribution of sinkholes was non-random during both frost-freeze events. A strong correlation between sinkhole occurrence and water extraction and minimum temperatures was found. Furthermore as temperatures fall below 41°F and water levels decrease by more than 20 ft, the number of sinkholes increase greatly (N >10. At this time alternative protection methods such as freeze-cloth are cost prohibitive in comparison to repairing dry wells. In conclusion, the findings from this study are applicable in other agricultural areas and can be used to develop comprehensive water management plans in areas where the abstraction of large quantities of water occur.

A GIS analysis of the relationship between sinkholes, dry-well complaints and groundwater pumping for frost-freeze protection of winter strawberry production in Florida.

Science.gov (United States)

Aurit, Mark D; Peterson, Robert O; Blanford, Justine I

2013-01-01

Florida is riddled with sinkholes due to its karst topography. Sometimes these sinkholes can cause extensive damage to infrastructure and homes. It has been suggested that agricultural practices, such as sprinkler irrigation methods used to protect crops, can increase the development of sinkholes, particularly when temperatures drop below freezing, causing groundwater levels to drop quickly during groundwater pumping. In the strawberry growing region, Dover/Plant City, Florida, the effects have caused water shortages resulting in dry-wells and ground subsidence through the development of sinkholes that can be costly to maintain and repair. In this study, we look at how frost-freeze events have affected West Central Florida over the past 25 years with detailed comparisons made between two cold-years (with severe frost-freeze events) and a warm year (no frost-freeze events). We analyzed the spatial and temporal correlation between strawberry farming freeze protection practices and the development of sinkholes/dry well complaints, and assessed the economic impact of such events from a water management perspective by evaluating the cost of repairing and drilling new wells and how these compared with using alternative crop-protection methods. We found that the spatial distribution of sinkholes was non-random during both frost-freeze events. A strong correlation between sinkhole occurrence and water extraction and minimum temperatures was found. Furthermore as temperatures fall below 41°F and water levels decrease by more than 20 ft, the number of sinkholes increase greatly (N >10). At this time alternative protection methods such as freeze-cloth are cost prohibitive in comparison to repairing dry wells. In conclusion, the findings from this study are applicable in other agricultural areas and can be used to develop comprehensive water management plans in areas where the abstraction of large quantities of water occur.

Investigation of sinkhole areas in Germany using 2D shear wave reflection seismics and zero-offset VSP

Science.gov (United States)

Tschache, Saskia; Wadas, Sonja; Polom, Ulrich; Krawczyk, Charlotte M.

2017-04-01

Sinkholes pose a serious geohazard for humans and infrastructure in populated areas. The Junior Research Group Subrosion within the Leibniz Institute for Applied Geophysics and the joint project SIMULTAN work on the multi-scale investigation of subrosion processes in the subsurface, which cause natural sinkholes. In two case studies in sinkhole areas of Thuringia in Germany, we applied 2D shear wave reflection seismics using SH-waves with the aim to detect suitable parameters for the characterisation of critical zones. This method has the potential to image near-surface collapse and faulting structures in improved resolution compared to P-wave surveys resulting from the shorter wavelength of shear waves. Additionally, the shear wave velocity field derived by NMO velocity analysis is a basis to calculate further physical parameters, as e.g. the dynamic shear modulus. In both investigation areas, vertical seismic profiles (VSP) were acquired by generating P- and SH-waves (6 component VSP) directly next to a borehole equipped with a 3C downhole sensor. They provide shear and compressional wave velocity profiles, which are used to improve the 2D shear wave velocity field from surface seismics, to perform a depth calibration of the seismic image and to calculate the Vp/Vs ratio. The signals in the VSP data are analysed with respect to changes in polarisation and attenuation with depth and/or azimuth. The VSP data reveal low shear wave velocities of 200-300 m/s in rock layers known to be heavily affected by subrosion and confirm the low velocities calculated from the surface seismic data. A discrepancy of the shear wave velocities is observed in other intervals probably due to unsymmetrical travel paths in the surface seismics. In some VSP data dominant conversion of the direct SH-wave to P-wave is observed that is assumed to be caused by an increased presence of cavities. A potential fault distorting the vertical travel paths was detected by abnormal P-wave first

Sleep Deprivation Attack Detection in Wireless Sensor Network

OpenAIRE

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-01-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maxi...

Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

Directory of Open Access Journals (Sweden)

Mohamed Idhammad

2018-01-01

Full Text Available Cloud Computing services are often delivered through HTTP protocol. This facilitates access to services and reduces costs for both providers and end-users. However, this increases the vulnerabilities of the Cloud services face to HTTP DDoS attacks. HTTP request methods are often used to address web servers’ vulnerabilities and create multiple scenarios of HTTP DDoS attack such as Low and Slow or Flooding attacks. Existing HTTP DDoS detection systems are challenged by the big amounts of network traffic generated by these attacks, low detection accuracy, and high false positive rates. In this paper we present a detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest ensemble learning algorithm. A time-based sliding window algorithm is used to estimate the entropy of the network header features of the incoming network traffic. When the estimated entropy exceeds its normal range the preprocessing and the classification tasks are triggered. To assess the proposed approach various experiments were performed on the CIDDS-001 public dataset. The proposed approach achieves satisfactory results with an accuracy of 99.54%, a FPR of 0.4%, and a running time of 18.5s.

Optimal Patrol to Detect Attacks at Dispersed Heterogeneous Locations

Science.gov (United States)

2013-12-01

solution RALP Random-attacker linear program SALP Strategic-attacker linear program SMDP Semi-Markov decision process SP Shortest path SPR1 Shortest...average cost per attack among all vertices, which we refer to as the strategic-attacker linear program ( SALP ): min x zOPT (3.1a) subject to ∑ (k,l)∈A c...the SALP is indicated by zOPT. The lower bound that is obtained from using the LBLP is indicated by zLB. Solutions obtained from using a heuristic

Sinkhole formation by groundwater withdrawal: far west rand, South Africa.

Science.gov (United States)

Foose, R M

1967-09-01

Sinkholes up to 125 meters wide and 50 meters deep have developed catastrophically in thick unconsolidated debris above pinnacle-weathered dolomite after lowering of the groundwater surface by at least 160 meters. They are caused by shrinkage of desiccated debris, downward migration of debris into bedrock openings, and upward growth of multiple debris "caverns" by roof spalling.

A Framework for Attack-Resilient Industrial Control Systems : Attack Detection and Controller Reconfiguration

OpenAIRE

Paridari, Kaveh; O'Mahony, Niamh; Mady, Alie El-Din; Chabukswar, Rohan; Boubekeur, Menouer; Sandberg, Henrik

2017-01-01

Most existing industrial control systems (ICSs), such as building energy management systems (EMSs), were installed when potential security threats were only physical. With advances in connectivity, ICSs are now, typically, connected to communications networks and, as a result, can be accessed remotely. This extends the attack surface to include the potential for sophisticated cyber attacks, which can adversely impact ICS operation, resulting in service interruption, equipment damage, safety c...

SH-wave reflection seismic and VSP as tools for the investigation of sinkhole areas in Germany

Science.gov (United States)

Wadas, Sonja; Tschache, Saskia; Polom, Ulrich; Buness, Hermann; Krawczyk, Charlotte M.

2017-04-01

Sinkholes can lead to damage of buildings and infrastructure and they can cause life-threatening situations, if they occur in urban areas. The process behind this phenomenon is called subrosion. Subrosion is the underground leaching of soluble rocks, e.g. anhydrite and gypsum, due to the contact with ground- and meteoric water. Depending on the leached material, and especially the dissolution rate, different kinds of subrosion structures evolve in the subsurface. The two end members are collapse and depression structures. For a better understanding of the subrosion processes a detailed characterization of the resulting structures is necessary. In Germany sinkholes are a problem in many areas. In northern Germany salt and in central and southern Germany sulfate and carbonate deposits are affected by subrosion. The study areas described here are located in Thuringia in central Germany and the underground is characterized by soluble Permian deposits. The occurrence of 20 to 50 sinkholes is reported per year. Two regions, Bad Frankenhausen and Schmalkalden, are investigated, showing a leaning church tower and a sinkhole of 30 m diameter and 20 m depth, respectively. In Bad Frankenhausen four P-wave and 16 SH-wave reflection seismic profiles were carried out, supplemented by three zero-offset VSPs. In Schmalkalden five SH-wave reflection seismic profiles and one zero-offset VSP were acquired. The 2-D seismic sections, in particular the SH-wave profiles, showed known and unknown near-surface faults in the vicinity of sinkholes and depressions. For imaging the near-surface ( 2,5, probably indicating unstable areas due to subrosion. We conclude, that SH-wave reflection seismic offer an important tool for the imaging and characterization of near-surface subrosion structures and the identification of unstable zones, especially in combination with P-wave reflection seismic and zero-offset VSP with P- and S-waves. Presumably there is a connection between the presence of large

A Multivariant Stream Analysis Approach to Detect and Mitigate DDoS Attacks in Vehicular Ad Hoc Networks

Directory of Open Access Journals (Sweden)

Raenu Kolandaisamy

2018-01-01

Full Text Available Vehicular Ad Hoc Networks (VANETs are rapidly gaining attention due to the diversity of services that they can potentially offer. However, VANET communication is vulnerable to numerous security threats such as Distributed Denial of Service (DDoS attacks. Dealing with these attacks in VANET is a challenging problem. Most of the existing DDoS detection techniques suffer from poor accuracy and high computational overhead. To cope with these problems, we present a novel Multivariant Stream Analysis (MVSA approach. The proposed MVSA approach maintains the multiple stages for detection DDoS attack in network. The Multivariant Stream Analysis gives unique result based on the Vehicle-to-Vehicle communication through Road Side Unit. The approach observes the traffic in different situations and time frames and maintains different rules for various traffic classes in various time windows. The performance of the MVSA is evaluated using an NS2 simulator. Simulation results demonstrate the effectiveness and efficiency of the MVSA regarding detection accuracy and reducing the impact on VANET communication.

Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS to Zero-Day and Stealth Attacks

Directory of Open Access Journals (Sweden)

Waqas Haider

2016-07-01

Full Text Available The Windows Operating System (OS is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS. Unfortunately, a comprehensive data set that reflects the modern Windows OS’s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD; and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA. Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS design will be required.

Distributed Denial of Service Attack Source Detection Using Efficient Traceback Technique (ETT) in Cloud-Assisted Healthcare Environment.

Science.gov (United States)

Latif, Rabia; Abbas, Haider; Latif, Seemab; Masood, Ashraf

2016-07-01

Security and privacy are the first and foremost concerns that should be given special attention when dealing with Wireless Body Area Networks (WBANs). As WBAN sensors operate in an unattended environment and carry critical patient health information, Distributed Denial of Service (DDoS) attack is one of the major attacks in WBAN environment that not only exhausts the available resources but also influence the reliability of information being transmitted. This research work is an extension of our previous work in which a machine learning based attack detection algorithm is proposed to detect DDoS attack in WBAN environment. However, in order to avoid complexity, no consideration was given to the traceback mechanism. During traceback, the challenge lies in reconstructing the attack path leading to identify the attack source. Among existing traceback techniques, Probabilistic Packet Marking (PPM) approach is the most commonly used technique in conventional IP- based networks. However, since marking probability assignment has significant effect on both the convergence time and performance of a scheme, it is not directly applicable in WBAN environment due to high convergence time and overhead on intermediate nodes. Therefore, in this paper we have proposed a new scheme called Efficient Traceback Technique (ETT) based on Dynamic Probability Packet Marking (DPPM) approach and uses MAC header in place of IP header. Instead of using fixed marking probability, the proposed scheme uses variable marking probability based on the number of hops travelled by a packet to reach the target node. Finally, path reconstruction algorithms are proposed to traceback an attacker. Evaluation and simulation results indicate that the proposed solution outperforms fixed PPM in terms of convergence time and computational overhead on nodes.

Command Disaggregation Attack and Mitigation in Industrial Internet of Things

Directory of Open Access Journals (Sweden)

Peng Xun

2017-10-01

Full Text Available A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1 the command sequence is disordered and (2 disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

Command Disaggregation Attack and Mitigation in Industrial Internet of Things.

Science.gov (United States)

Xun, Peng; Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

2017-10-21

A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

The cost of karst subsidence and sinkhole collapse in the United States compared with other natural hazards

Science.gov (United States)

Weary, David J.

2015-01-01

Rocks with potential for karst formation are found in all 50 states. Damage due to karst subsidence and sinkhole collapse is a natural hazard of national scope. Repair of damage to buildings, highways, and other infrastructure represents a significant national cost. Sparse and incomplete data show that the average cost of karst-related damages in the United States over the last 15 years is estimated to be at least $300,000,000 per year and the actual total is probably much higher. This estimate is lower than the estimated annual costs for other natural hazards; flooding, hurricanes and cyclonic storms, tornadoes, landslides, earthquakes, or wildfires, all of which average over $1 billion per year. Very few state organizations track karst subsidence and sinkhole damage mitigation costs; none occurs at the Federal level. Many states discuss the karst hazard in their State hazard mitigation plans, but seldom include detailed reports of subsidence incidents or their mitigation costs. Most State highway departments do not differentiate karst subsidence or sinkhole collapse from other road repair costs. Amassing of these data would raise the estimated annual cost considerably. Information from insurance organizations about sinkhole damage claims and payouts is also not readily available. Currently there is no agency with a mandate for developing such data. If a more realistic estimate could be made, it would illuminate the national scope of this hazard and make comparison with costs of other natural hazards more realistic.

Time-lapse gravity and levelling in the sinkhole-endangered urban area of Bad Frankenhausen, Germany

Science.gov (United States)

Kobe, Martin; Gabriel, Gerald; Weise, Adelheid; Krawczyk, Charlotte; Vogel, Detlef

2017-04-01

Sinkholes, resulting from subrosion in the subsurface, can reach diameters of several hundred meters and thus pose a severe hazard for infrastructure and inhabitants in urban areas. Subrosion is the leaching of readily-soluble rocks, such as rock salt, gypsum, anhydrite and limestone by ground or meteoric water and leads to mass transport and relocation. Two scenarios of sinkhole evolution are conceivable: First, the surface subsides continuously in order to compensate for the mass loss. Second, the mass relocation leads to development of subsurface cavities. If they reach a critical size and the cover layers are not supported anymore, the surface collapses abruptly. To improve the understanding of subrosion processes and the related surface deformation a case study is conducted in Bad Frankenhausen, Germany, where subrosion leaches the Zechstein evaporates of the Permian. One part of the study is to analyse the spatiotemporal development of sinkholes by applying time-lapse observations. Therefore, we established a monitoring network consisting of 15 gravity and additional levelling points covering the main sinkhole areas in the city centre. In March 2014, the baseline survey was carried out. Since then, quarterly measurement campaigns are performed. In each campaign four different gravity meters are used to collect a statistical significant amount of data and to control the plausibility of our data. The gravity measurements are complemented by levelling surveys. The rectification of the time-lapse gravity data comprises the correction for jumps and systematic errors, as well as for well calculable influences, such as earth tides and air pressure changes. Furthermore, special interest was applied to seasonal changes of hydrological parameters such as soil moisture or groundwater level. We found the hydrological influence to be in the single digit up to the lower two-digit µGal range, depending on the season and the station. The standard deviations of the adjusted

Detecting Cyber-Attacks on Wireless Mobile Networks Using Multicriterion Fuzzy Classifier with Genetic Attribute Selection

Directory of Open Access Journals (Sweden)

El-Sayed M. El-Alfy

2015-01-01

Full Text Available With the proliferation of wireless and mobile network infrastructures and capabilities, a wide range of exploitable vulnerabilities emerges due to the use of multivendor and multidomain cross-network services for signaling and transport of Internet- and wireless-based data. Consequently, the rates and types of cyber-attacks have grown considerably and current security countermeasures for protecting information and communication may be no longer sufficient. In this paper, we investigate a novel methodology based on multicriterion decision making and fuzzy classification that can provide a viable second-line of defense for mitigating cyber-attacks. The proposed approach has the advantage of dealing with various types and sizes of attributes related to network traffic such as basic packet headers, content, and time. To increase the effectiveness and construct optimal models, we augmented the proposed approach with a genetic attribute selection strategy. This allows efficient and simpler models which can be replicated at various network components to cooperatively detect and report malicious behaviors. Using three datasets covering a variety of network attacks, the performance enhancements due to the proposed approach are manifested in terms of detection errors and model construction times.

Causes and consequences of the sinkhole at El Trébol of Quito, Ecuador - implications for economic damage and risk assessment

Science.gov (United States)

Toulkeridis, Theofilos; Rodríguez, Fabián; Arias Jiménez, Nelson; Simón Baile, Débora; Salazar Martínez, Rodolfo; Addison, Aaron; Carreón Freyre, Dora; Mato, Fernando; Díaz Perez, Carmen

2016-09-01

The so-called El Trébol is a critical road interchange in Quito connecting the north and south regions of the city. In addition, it connects Quito with the highly populated Los Chillos Valley, one of the most traveled zones in the Ecuadorian capital. El Trébol was constructed in the late 1960s in order to resolve the traffic jams of the capital city and for that purpose the Machángara River was rerouted through an underground concrete box tunnel. In March 2008, the tunnel contained a high amount of discarded furniture that had been impacting the top portion of the tunnel, compromising the structural integrity. On 31 March 2008 after a heavy rainfall a sinkhole of great proportions formed in the Trébol traffic hub. In the first few minutes, the sinkhole reached an initial diameter of 30 m. The collapse continued to grow in the following days until the final dimensions of 120 m in diameter and some 40 m of depth, revealing the Machángara River at the base of the sinkhole.A state of emergency was declared. The cause of the sinkhole was a result of the lack of monitoring of the older subterranean infrastructure where trash had accumulated and damaged the concrete tunnel that channelized the Machángara River until it was worn away for a length of some 20 m, leaving behind the sinkhole and the fear of recurrence in populated areas.With the intent to understand the causes and consequences of this sinkhole event, rainfall data are shown together with hydrogeological characteristics and a view back to the recent history of sinkhole lineation or arrangement of the city of Quito. The economic impact is also emphasized, where the direct costs of the damage and the reconstruction are presented and compared to indirect costs associated with this socio-natural disaster. These analyses suggest that the costs of indirect financial damage, like time loss or delay, and subsequent higher expenses for different types of vehicles, are equivalent to many times the costs of the

A Fuzzy Collusive Attack Detection Mechanism for Reputation Aggregation in Mobile Social Networks: A Trust Relationship Based Perspective

Directory of Open Access Journals (Sweden)

Bo Zhang

2016-01-01

Full Text Available While the mechanism of reputation aggregation proves to be an effective scheme for indicating an individual’s trustworthiness and further identifying malicious ones in mobile social networks, it is vulnerable to collusive attacks from malicious nodes of collaborative frauds. To conquer the challenge of detecting collusive attacks and then identifying colluders for the reputation system in mobile social networks, a fuzzy collusive attack detection mechanism (FCADM is proposed based on nodes’ social relationships, which comprises three parts: trust schedule, malicious node selection, and detection traversing strategy. In the first part, the trust schedule provides the calculation method of interval valued fuzzy social relationships and reputation aggregation for nodes in mobile social networks; further, a set of fuzzy valued factors, that is, item judgment factor, node malicious factor, and node similar factor, is given for evaluating the probability of collusive fraud happening and identifying single malicious nodes in the second part; and moreover, a detection traversing strategy is given based on random walk algorithm under the perspectives of fuzzy valued nodes’ trust schedules and proposed malicious factors. Finally, our empirical results and analysis show that the proposed mechanism in this paper is feasible and effective.

A COMPREHENSIVE SURVEY ON DETECTING BLACK HOLE ATTACK IN MOBILE AD-HOC NETWORK (MANET

Directory of Open Access Journals (Sweden)

Pascal Maniriho

2018-01-01

Full Text Available The infrastructure-less nature and mobility of nodes in mobile ad-hoc network (MANET make it to be very susceptible to various attacks. Besides, owing to its flexibility and simplicity, there is no predefined time or permission set for nodes to leave or join the network and each node can act as a client or server.  Nevertheless, securing communication between nodes has become a challenging problem than in other types of network. Attacks in MANET range into different categories. Black hole attack is one of the attacks that has been addressed by many researchers in the recent years. It does occur when a harmful mobile node called black hole becomes a part of the network and tries to use its malicious behaviors by sending fake route reply packets (RREP for any received route request packets (RREQ. When these faked packets arrive to the source node, it does reply to them by sending data packet via the established route. Once the packets are received by the black hole, it drops them before reaching the destination.  Hence, preventing the source node from reaching the intended destination. In this paper, we present an overview of a wide range of techniques suggested in the literature for detecting and preventing black hole attacks in mobile ad hoc network. Additionally, the effect of each approach on the network performance is also presented.

Bayou Corne sinkhole : control measurements of State Highway 70 in Assumption Parish, Louisiana.

Science.gov (United States)

2014-01-01

This project measured and assessed the surface stability of the portion of LA Highway 70 that is : potentially vulnerable to the Assumption Parish sinkhole. Using Global Positioning Systems (GPS) : enhanced by a real-time network (RTN) of continuousl...

Towards a Video Passive Content Fingerprinting Method for Partial-Copy Detection Robust against Non-Simulated Attacks.

Directory of Open Access Journals (Sweden)

Zobeida Jezabel Guzman-Zavaleta

Full Text Available Passive content fingerprinting is widely used for video content identification and monitoring. However, many challenges remain unsolved especially for partial-copies detection. The main challenge is to find the right balance between the computational cost of fingerprint extraction and fingerprint dimension, without compromising detection performance against various attacks (robustness. Fast video detection performance is desirable in several modern applications, for instance, in those where video detection involves the use of large video databases or in applications requiring real-time video detection of partial copies, a process whose difficulty increases when videos suffer severe transformations. In this context, conventional fingerprinting methods are not fully suitable to cope with the attacks and transformations mentioned before, either because the robustness of these methods is not enough or because their execution time is very high, where the time bottleneck is commonly found in the fingerprint extraction and matching operations. Motivated by these issues, in this work we propose a content fingerprinting method based on the extraction of a set of independent binary global and local fingerprints. Although these features are robust against common video transformations, their combination is more discriminant against severe video transformations such as signal processing attacks, geometric transformations and temporal and spatial desynchronization. Additionally, we use an efficient multilevel filtering system accelerating the processes of fingerprint extraction and matching. This multilevel filtering system helps to rapidly identify potential similar video copies upon which the fingerprint process is carried out only, thus saving computational time. We tested with datasets of real copied videos, and the results show how our method outperforms state-of-the-art methods regarding detection scores. Furthermore, the granularity of our method makes

Web server attack analyzer

OpenAIRE

Mižišin, Michal

2013-01-01

Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are charact...

A geosynthetic reinforcement solution to prevent the formation of localized sinkholes

Energy Technology Data Exchange (ETDEWEB)

Villard, P.; Gourc, J. P.; Giraud, H. [Universite Joseph Fourier, LIRIGM, Grenoble (France)

2000-10-01

A research program to guard against the risk of accidents linked to the presence of small diameter cavities under both road and railway lines is described. The program involves study of the complex behaviour of the overlying fill in the event of sinkhole formation, given that the deformation of the geosynthetic membrane results from the progressive loading of the overlying soil layer and not from the collapse of the underlying soil. Full-scale tests were carried out on reinforced, instrumented road and railway structures subjected to localized collapse. Experimental work was accompanied by a numerical study of the mechanics involved in sinkhole formation. Experimental results were analyzed and compared with the results of the three-dimensional finite element modeling. Similarity of the results suggests that formation of a stable arch for two metre cavities and an unstable arch for four metre cavities, filled with 1.5 m thick fill consisting of large grain size granular material, is satisfactory for small diameter cavities at moderate depths. However, this solution is not suitable for large large diameter cavities at moderate depths. 18 refs., 22 figs.

Detecting Cyber Attacks On Nuclear Power Plants

Science.gov (United States)

Rrushi, Julian; Campbell, Roy

This paper proposes an unconventional anomaly detection approach that provides digital instrumentation and control (I&C) systems in a nuclear power plant (NPP) with the capability to probabilistically discern between legitimate protocol frames and attack frames. The stochastic activity network (SAN) formalism is used to model the fusion of protocol activity in each digital I&C system and the operation of physical components of an NPP. SAN models are employed to analyze links between protocol frames as streams of bytes, their semantics in terms of NPP operations, control data as stored in the memory of I&C systems, the operations of I&C systems on NPP components, and NPP processes. Reward rates and impulse rewards are defined in the SAN models based on the activity-marking reward structure to estimate NPP operation profiles. These profiles are then used to probabilistically estimate the legitimacy of the semantics and payloads of protocol frames received by I&C systems.

TWO EXAMPLES FOR IMAGING BURIED GEOLOGICAL BOUNDARIES: SINKHOLE STRUCTURE AND SEYİT HACI FAULT, KARAPINAR, KONYA

Directory of Open Access Journals (Sweden)

Ertan TOKER

2014-12-01

Full Text Available Once anomalies with positive and negative circular closures are assessed together inpotential field maps, the ones which have meaningful geometric structure appear as moredistinguishable. When the edge detection is applied, the preliminary geological modelabout the geological structure may or may not be verified. When it is not verified then it isunderstood that the predicted geological model should be reconsidered and discussedagain. In this study, the edge detection was introduced and the success of the method wastested in an artificial data. Following that, its effect on sinkholes was studied applying themethod on detailed gravity data collected in Karapınar (Konya region. At the same time,this method was applied on data related to active Seyit Hacı Fault zone. It was detectedthat the fault had shown continuity towards SW and these evidences were discussed

A novel proposed network security management approach for cyber attacks

International Nuclear Information System (INIS)

Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

2007-01-01

Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Directory of Open Access Journals (Sweden)

Ru Zhang

2017-01-01

Full Text Available The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

Soil-embedded optical fiber sensing cable interrogated by Brillouin optical time-domain reflectometry (B-OTDR) and optical frequency-domain reflectometry (OFDR) for embedded cavity detection and sinkhole warning system

International Nuclear Information System (INIS)

Lanticq, V; Bourgeois, E; Delepine-Lesoille, S; Magnien, P; Dieleman, L; Vinceslas, G; Sang, A

2009-01-01

A soil-embedded optical fiber sensing cable is evaluated for an embedded cavity detection and sinkhole warning system in railway tunnels. Tests were performed on a decametric structure equipped with an embedded 110 m long fiber optic cable. Both Brillouin optical time-domain reflectometry (B-OTDR) and optical frequency-domain reflectometry (OFDR) sensing techniques were used for cable interrogation, yielding results that were in good qualitative agreement with finite-element calculations. Theoretical and experimental comparison enabled physical interpretation of the influence of ground properties, and the analysis of embedded cavity size and position. A 5 mm embedded cavity located 2 m away from the sensing cable was detected. The commercially available sensing cable remained intact after soil collapse. Specificities of each technique are analyzed in view of the application requirements. For tunnel monitoring, the OFDR technique was determined to be more viable than the B-OTDR due to higher spatial resolution, resulting in better detection and size determination of the embedded cavities. Conclusions of this investigation gave outlines for future field use of distributed strain-sensing methods under railways and more precisely enabled designing a warning system suited to the Ebersviller tunnel specificities

Simultaneous Event-Triggered Fault Detection and Estimation for Stochastic Systems Subject to Deception Attacks.

Science.gov (United States)

Li, Yunji; Wu, QingE; Peng, Li

2018-01-23

In this paper, a synthesized design of fault-detection filter and fault estimator is considered for a class of discrete-time stochastic systems in the framework of event-triggered transmission scheme subject to unknown disturbances and deception attacks. A random variable obeying the Bernoulli distribution is employed to characterize the phenomena of the randomly occurring deception attacks. To achieve a fault-detection residual is only sensitive to faults while robust to disturbances, a coordinate transformation approach is exploited. This approach can transform the considered system into two subsystems and the unknown disturbances are removed from one of the subsystems. The gain of fault-detection filter is derived by minimizing an upper bound of filter error covariance. Meanwhile, system faults can be reconstructed by the remote fault estimator. An recursive approach is developed to obtain fault estimator gains as well as guarantee the fault estimator performance. Furthermore, the corresponding event-triggered sensor data transmission scheme is also presented for improving working-life of the wireless sensor node when measurement information are aperiodically transmitted. Finally, a scaled version of an industrial system consisting of local PC, remote estimator and wireless sensor node is used to experimentally evaluate the proposed theoretical results. In particular, a novel fault-alarming strategy is proposed so that the real-time capacity of fault-detection is guaranteed when the event condition is triggered.

Forensics Investigation of Web Application Security Attacks

OpenAIRE

Amor Lazzez; Thabet Slimani

2015-01-01

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the sec...

EVFDT: An Enhanced Very Fast Decision Tree Algorithm for Detecting Distributed Denial of Service Attack in Cloud-Assisted Wireless Body Area Network

Directory of Open Access Journals (Sweden)

Rabia Latif

2015-01-01

Full Text Available Due to the scattered nature of DDoS attacks and advancement of new technologies such as cloud-assisted WBAN, it becomes challenging to detect malicious activities by relying on conventional security mechanisms. The detection of such attacks demands an adaptive and incremental learning classifier capable of accurate decision making with less computation. Hence, the DDoS attack detection using existing machine learning techniques requires full data set to be stored in the memory and are not appropriate for real-time network traffic. To overcome these shortcomings, Very Fast Decision Tree (VFDT algorithm has been proposed in the past that can handle high speed streaming data efficiently. Whilst considering the data generated by WBAN sensors, noise is an obvious aspect that severely affects the accuracy and increases false alarms. In this paper, an enhanced VFDT (EVFDT is proposed to efficiently detect the occurrence of DDoS attack in cloud-assisted WBAN. EVFDT uses an adaptive tie-breaking threshold for node splitting. To resolve the tree size expansion under extreme noise, a lightweight iterative pruning technique is proposed. To analyze the performance of EVFDT, four metrics are evaluated: classification accuracy, tree size, time, and memory. Simulation results show that EVFDT attains significantly high detection accuracy with fewer false alarms.

In vivo canine studies of a Sinkhole valve and vascular graft coated with biocompatible PU-PEO-SO3.

Science.gov (United States)

Han, D K; Lee, K B; Park, K D; Kim, C S; Jeong, S Y; Kim, Y H; Kim, H M; Min, B G

1993-01-01

PU-PEO-SO3 was applied as a coating material over a newly designed Sinkhole bileaflet PU heart valve and a porous PU vascular graft. Performance and biocompatibility were evaluated using an in vivo canine shunt system between the right ventricle and pulmonary artery. The survival periods in three implantations were 14, 24, and 39 days, during which no mechanical failure occurred in any Sinkhole valve or vascular graft. Scanning electron microscopy (SEM) studies demonstrated much less platelet adhesion and thrombus formation on PU-PEO-SO3 grafts than on PU vascular grafts. Cracks in the valve leaflet were occasionally observed on PU surfaces, but not on PU-PEO-SO3. After a 39 day implantation, calcium deposition on vascular grafts was decreased as compared with valve leaflets, and calcification on PU-PEO-SO3 was much lower than on PU. These results suggest that Sinkhole valves and vascular grafts are promising, and PU-PEO-SO3 as a coating material is more blood compatible, biostable, and calcification resistant in vivo than in untreated PU.

Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292)

NARCIS (Netherlands)

Dacer, Marc; Kargl, Frank; König, Hartmut; Valdes, Alfonso

2014-01-01

This report documents the program and the outcomes of Dagstuhl Seminar 14292 “Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures”. The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It

REAL-TIME INTELLIGENT MULTILAYER ATTACK CLASSIFICATION SYSTEM

Directory of Open Access Journals (Sweden)

T. Subbhulakshmi

2014-01-01

Full Text Available Intrusion Detection Systems (IDS takes the lion’s share of the current security infrastructure. Detection of intrusions is vital for initiating the defensive procedures. Intrusion detection was done by statistical and distance based methods. A threshold value is used in these methods to indicate the level of normalcy. When the network traffic crosses the level of normalcy then above which it is flagged as anomalous. When there are occurrences of new intrusion events which are increasingly a key part of system security, the statistical techniques cannot detect them. To overcome this issue, learning techniques are used which helps in identifying new intrusion activities in a computer system. The objective of the proposed system designed in this paper is to classify the intrusions using an Intelligent Multi Layered Attack Classification System (IMLACS which helps in detecting and classifying the intrusions with improved classification accuracy. The intelligent multi layered approach contains three intelligent layers. The first layer involves Binary Support Vector Machine classification for detecting the normal and attack. The second layer involves neural network classification to classify the attacks into classes of attacks. The third layer involves fuzzy inference system to classify the attacks into various subclasses. The proposed IMLACS can be able to detect an intrusion behavior of the networks since the system contains a three intelligent layer classification and better set of rules. Feature selection is also used to improve the time of detection. The experimental results show that the IMLACS achieves the Classification Rate of 97.31%.

Performance analysis and implementation of proposed mechanism for detection and prevention of security attacks in routing protocols of vehicular ad-hoc network (VANET

Directory of Open Access Journals (Sweden)

Parul Tyagi

2017-07-01

Full Text Available Next-generation communication networks have become widely popular as ad-hoc networks, broadly categorized as the mobile nodes based on mobile ad-hoc networks (MANET and the vehicular nodes based vehicular ad-hoc networks (VANET. VANET is aimed at maintaining safety to vehicle drivers by begin autonomous communication with the nearby vehicles. Each vehicle in the ad-hoc network performs as an intelligent mobile node characterized by high mobility and formation of dynamic networks. The ad-hoc networks are decentralized dynamic networks that need efficient and secure communication requirements due to the vehicles being persistently in motion. These networks are more susceptible to various attacks like Warm Hole attacks, denial of service attacks and Black Hole Attacks. The paper is a novel attempt to examine and investigate the security features of the routing protocols in VANET, applicability of AODV (Ad hoc On Demand protocol to detect and tackle a particular category of network attacks, known as the Black Hole Attacks. A new algorithm is proposed to enhance the security mechanism of AODV protocol and to introduce a mechanism to detect Black Hole Attacks and to prevent the network from such attacks in which source node stores all route replies in a look up table. This table stores the sequences of all route reply, arranged in ascending order using PUSH and POP operations. The priority is calculated based on sequence number and discard the RREP having presumably very high destination sequence number. The result show that proposed algorithm for detection and prevention of Black Hole Attack increases security in Intelligent Transportation System (ITS and reduces the effect of malicious node in the VANET. NCTUNs simulator is used in this research work.

DNA profiling of Tilapia guinasana, a species endemic to a single sinkhole, to determine the genetic divergence between color forms.

Science.gov (United States)

Nxomani, C; Ribbink, A J; Kirby, R

1999-06-01

Northwestern South Africa and Namibia contain a number of sinkholes in the dolomitic rock formations found in this area. These contain isolated populations of Tilapia. Most contain Tilapia sparmanii, but the one in Namibia, Guinas, is of particular interest as it contains the endemic species, Tilapia guinasana, which exhibits none sex-limited polychromatisms, which is unique for Tilapia. This sinkhole is under environmental threat, particularly as a result of being a recreational diving site. This study, using randomly amplified polymorphic DNA sequences (RAPDs), when analyzed using analysis of variance (ANOVA), shows that the colour forms of Tilapia guinasana are genetically distinct. This confirms previous evidence that assortative mating between color forms takes place. The various possible hypotheses for the occurrence and genetic stability of the color polymorphism are discussed. Further, a new hypothesis is put forward based on a need to maximize outbreeding in fully isolated population with no possibility of increase in size above the maximum and limited carrying capacity of the sinkhole.

Network Protection Against DDoS Attacks

Directory of Open Access Journals (Sweden)

Petr Dzurenda

2015-03-01

Full Text Available The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS. The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS, especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

Use of Attack Graphs in Security Systems

Directory of Open Access Journals (Sweden)

Vivek Shandilya

2014-01-01

Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

Whispering through DDoS attack

Directory of Open Access Journals (Sweden)

Miralem Mehic

2016-03-01

Full Text Available Denial of service (DoS attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes of hiding data or concealing the existing covert channel. In addition, in this paper we analyzed the possibility of detection of such covert communication with the well-known statistical method. Also, we proposed the coordination mechanisms of the attack which may be used. A lot of research has been done in order to describe and prevent DDoS attacks, yet research on steganography on this field is still scarce.

A Targeted Attack For Enhancing Resiliency of Intelligent Intrusion Detection Modules in Energy Cyber Physical Systems

Energy Technology Data Exchange (ETDEWEB)

Youssef, Tarek [Florida Intl Univ., Miami, FL (United States); El Hariri, Mohammad [Florida Intl Univ., Miami, FL (United States); Habib, Hani [Florida Intl Univ., Miami, FL (United States); Mohammed, Osama [Florida Intl Univ., Miami, FL (United States); Harmon, E [Florida Intl Univ., Miami, FL (United States)

2017-02-28

Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware to trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.

Attacks on public telephone networks: technologies and challenges

Science.gov (United States)

Kosloff, T.; Moore, Tyler; Keller, J.; Manes, Gavin W.; Shenoi, Sujeet

2003-09-01

Signaling System 7 (SS7) is vital to signaling and control in America's public telephone networks. This paper describes a class of attacks on SS7 networks involving the insertion of malicious signaling messages via compromised SS7 network components. Three attacks are discussed in detail: IAM flood attacks, redirection attacks and point code spoofing attacks. Depending on their scale of execution, these attacks can produce effects ranging from network congestion to service disruption. Methods for detecting these denial-of-service attacks and mitigating their effects are also presented.

Neural network classifier of attacks in IP telephony

Science.gov (United States)

Safarik, Jakub; Voznak, Miroslav; Mehic, Miralem; Partila, Pavol; Mikulec, Martin

2014-05-01

Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

Investigation of the possible interconnection of the sinkhole of Taka Lake and various springs of the area

International Nuclear Information System (INIS)

Leontiadis, I.L.; Dimitroulas, Christos; Zouridakis, N.; Morfis, A.; Paraskevopoulou, P.

1987-09-01

51 Cr-EDTA has been used as tracer to investigate the possible interconnection of the sinkhole of Taka Lake (high plateau of Tripolis) and a number of springs in Arkadia and Lakonia (Peloponnese). For the same purpose analyses of the isotopic composition of the water of the same springs, as well as of that of Taka Lake have been performed. The results of this research reconfirm the contribution of the water entering the sinkhole of Taka Lake to the feeding of Astros Anavalos spring, this contribution being apparent only during the low flow period. The common origin of Loukou, Valtos, Moustos and Aghios Andreas spring water was also proved and determined. The origin of the water of Zorros spring (Lakonia) was determined as well. (author)

Bayou Corne Sinkhole: Control Measurements of State Highway 70 in Assumption Parish, Louisiana : Research Project Capsule

Science.gov (United States)

2012-09-01

The sinkhole located in northern Assumption Parish, Louisiana, threatens : the stability of Highway 70, a state-maintained route. In order to monitor : and mitigate potential damage eff ects on this infrastructure, the Louisiana : Department of Trans...

Adversarial Feature Selection Against Evasion Attacks.

Science.gov (United States)

Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

2016-03-01

Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

Timing Analysis of SSL/TLS Man in the Middle Attacks

OpenAIRE

Benton, Kevin; Bross, Ty

2013-01-01

Man in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

Ethanol accumulation during severe drought may signal tree vulnerability to detection and attack by bark beetles

Science.gov (United States)

Rick G. Kelsey; D. Gallego; F.J. Sánchez-Garcia; J.A. Pajares

2014-01-01

Tree mortality from temperature-driven drought is occurring in forests around the world, often in conjunction with bark beetle outbreaks when carbon allocation to tree defense declines. Physiological metrics for detecting stressed trees with enhanced vulnerability prior to bark beetle attacks remain elusive. Ethanol, water, monoterpene concentrations, and composition...

Social Engineering Attack Detection Model: SEADMv2

CSIR Research Space (South Africa)

Mouton, F

2015-10-01

Full Text Available link in the security chain. A social engineering attack targets this weakness by using various manipulation techniques to elicit individuals to perform sensitive requests. The field of social engineering is still in its infancy as far as formal...

Reply to Discussion by Zekai Șen on "Modeling karst spring hydrograph recession based on head drop at sinkholes"

Science.gov (United States)

Field, Malcolm S.; Goldscheider, Nico; Li, Guangquan

2018-02-01

We are pleased to learn that the model presented in our paper dealing with the "modeling karst spring hydrograph recession based on head drop at sinkholes," published in the Journal of Hydrology in 2016 (Li et al., 2016), is of interest to readers of this journal. Our study presented a new non-exponential model for assessing spring hydrographs in terms of head drop at flooded sinkholes, as an extension of an earlier model proposed by Li and Field (2014). In both papers, we used two spring hydrographs measured in the St. Marks Karst Watershed in northwest Florida to test the applicability and to verify the validity of our models.

ARO PECASE: Information Assurance for Energy-Constrained Wireless Sensor Networks

Science.gov (United States)

2011-12-21

impacts the network routing service performance in the following three ways: (1) nodes can become sinkholes [94] without even being aware that they are...victims of a wormhole attack (as noted in both figures 2.1(a), and 2.1(b), nodes s2, s9 become sinkhole nodes and attract all traffic from surrounding

After-gate attack on a quantum cryptosystem

International Nuclear Information System (INIS)

Wiechers, C; Wittmann, C; Elser, D; Marquardt, Ch; Leuchs, G; Lydersen, L; Skaar, J; Makarov, V

2011-01-01

We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

Geotechnical analysis and 4D GPR measurements for the assessment of the risk of sinkholes occurring in a Polish mining area

Energy Technology Data Exchange (ETDEWEB)

Marcak, H.; Golebiowski, T.; Tomecka-Suchon, S. [AGH University of Science and Technology, Krakow (Poland). Dept. of Geophysics

2008-08-15

The study presented in this paper concerns georadar investigations at a selected former coal mining site in Upper Silesia (Poland) where the risk of sinkhole appearance is high. The results of 3D GPR surveys obtained in three measurement sessions in December 1997, October 2006 and March 2007 were interpreted. The 4D interpretation, i.e., a time-space analysis, allowed for the identification of loose zones in the ground and fractured zones of the rock mass, which might be a source of sinkhole creation. After the first measurement session, on the basis of the GPR survey results, a dangerous, fractured zone in the ground was localized. This zone was confirmed by a borehole. Between the second and third session, a large sinkhole appeared on site, as predicted on the basis of georadar investigations. The geomechanical analyses presented in this paper explain the development of the fractured zones over the earlier mining excavations. Such zones accumulate water and high contrasts of dielectrical permittivity appear, allowing the use of the GPR method for the location of these zones.

Detection and Prevention of Denial of Service (DoS Attacks in Mobile Ad Hoc Networks using Reputation-based Incentive Schemes

Directory of Open Access Journals (Sweden)

Mieso, K Denko

2005-08-01

Full Text Available Mobile ad hoc networks (MANETs are dynamic mobile networks that can be formed in the absence of any pre-existing communication infrastructure. In addition to node mobility, a MANET is characterized by limited resources such as bandwidth, battery power, and storage space. The underlying assumption in MANETs is that the intermediate nodes cooperate in forwarding packets. However, this assumption does not hold in commercial and emerging civilian applications. MANETs are vulnerable to Denial of Service (DoS due to their salient characteristics. There is a need to provide an incentive mechanism that can provide cooperation among nodes in the network and improve overall network performance by reducing DoS attacks. In this paper, we propose a reputation-based incentive mechanism for detecting and preventing DoS attacks. DoS attacks committed by selfish and malicious nodes were investigated. Our scheme motivates nodes to cooperate and excludes them from the network only if they fail to do so. We evaluated the performance of our scheme using the packet delivery ratio, the routing and communication overhead, and misbehaving node detection in a discrete event-simulation environment. The results indicate that a reputation-based incentive mechanism can significantly reduce the effect of DoS attacks and improve performance in MANETs.

Model-based approach for cyber-physical attack detection in water distribution systems.

Science.gov (United States)

Housh, Mashor; Ohar, Ziv

2018-08-01

Modern Water Distribution Systems (WDSs) are often controlled by Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) which manage their operation and maintain a reliable water supply. As such, and with the cyber layer becoming a central component of WDS operations, these systems are at a greater risk of being subjected to cyberattacks. This paper offers a model-based methodology based on a detailed hydraulic understanding of WDSs combined with an anomaly detection algorithm for the identification of complex cyberattacks that cannot be fully identified by hydraulically based rules alone. The results show that the proposed algorithm is capable of achieving the best-known performance when tested on the data published in the BATtle of the Attack Detection ALgorithms (BATADAL) competition (http://www.batadal.net). Copyright © 2018. Published by Elsevier Ltd.

Multistage 8.2 kyr event revealed through high-resolution XRF core scanning of Cuban sinkhole sediments

Science.gov (United States)

Peros, Matthew; Collins, Shawn; G'Meiner, Anna Agosta; Reinhardt, Eduard; Pupo, Felipe Matos

2017-07-01

We use sediments from a flooded sinkhole (Cenote Jennifer) in northern Cuba to provide new, well-dated, high-resolution evidence for the 8.2 kyr event. From 7600 to 8700 cal yr B.P. the sinkhole contained shallow, low-salinity water, which supported a marsh dominated by cattail and grass. Peaks in Cl and Br—occurring at 8150, 8200, and 8250 cal yr B.P.—are attributable to increased evaporation due to regional drying associated with the 8.2 kyr event. The three peaks in these elements also closely correspond to the greyscale record from the Cariaco Basin, indicative of increased upwelling in the southern Caribbean Sea at this time, supporting the notion of a multistage 8.2 kyr event. Our work provides new data that help to clarify the initiation, behavior, and impacts of the 8.2 kyr event in the northern tropics.

Identifying and tracking attacks on networks: C3I displays and related technologies

Science.gov (United States)

Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

2003-09-01

Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

DS-ARP: a new detection scheme for ARP spoofing attacks based on routing trace for ubiquitous environments.

Science.gov (United States)

Song, Min Su; Lee, Jae Dong; Jeong, Young-Sik; Jeong, Hwa-Young; Park, Jong Hyuk

2014-01-01

Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system.

The impact of droughts and climate change on sinkhole occurrence. A case study from the evaporite karst of the Fluvia Valley, NE Spain.

Science.gov (United States)

Linares, Rogelio; Roqué, Carles; Gutiérrez, Francisco; Zarroca, Mario; Carbonel, Domingo; Bach, Joan; Fabregat, Ivan

2017-02-01

This work introduces the concept that sinkhole frequency in some karst settings increases during drought periods. This conception is tested in a sector of the Fluvia River valley in NE Spain, where subsidence phenomena is related to the karstification of folded Eocene evaporite formations. In the discharge areas, the evaporites behave as confined aquifers affected by hypogene karstification caused by aggressive artesian flows coming form an underlying carbonate aquifer. A sinkhole inventory with chronological data has been constructed, revealing temporal clusters. Those clusters show a good correlation with drought periods, as revealed by precipitation, river discharge and piezometric data. This temporal association is particularly obvious for the last and current drought starting in 1998, which is the most intense of the record period (1940-present). Climatic projections based on recent studies foresee an intensification of the droughts in this sector of NE Spain, which could be accompanied by the enhancement of the sinkhole hazard and the associated risks. Copyright © 2016 Elsevier B.V. All rights reserved.

Control of very heavy water inrush from sinkholes connecting with Ordovician limestone. Part 1. [China

Energy Technology Data Exchange (ETDEWEB)

1986-01-01

This paper describes the comprehensive water control methods used in Fangezhuang Colliery: water drainage; cutting off of water; and sealing off the water. For water drainage, 20 large-sized submarine pumps were used in Lujiatuo and Fangezhuang collieries with a delivery of 300 m/sup 3//min to control the rising of water level. For cutting off the water, a three-section horizontal injection method and 8 grouting techniques were applied to cut off the water in 3 roadways at the boundary between Lujiatuo and Fangezhuang with water flowing at an average rate of 300 m/sup 3//min. For sealing off the water, a radio perspective instrument was used to detect the shape of No. 2171 sinkhole in Fangezhuang, and computers were employed to process the hydrogeological data. The three section vertical grouting method was introduced, and the inrush water source was sealed off with a success of over 99%.

Information Warfare-Worthy Jamming Attack Detection Mechanism for Wireless Sensor Networks Using a Fuzzy Inference System

Directory of Open Access Journals (Sweden)

Sudip Misra

2010-04-01

Full Text Available The proposed mechanism for jamming attack detection for wireless sensor networks is novel in three respects: firstly, it upgrades the jammer to include versatile military jammers; secondly, it graduates from the existing node-centric detection system to the network-centric system making it robust and economical at the nodes, and thirdly, it tackles the problem through fuzzy inference system, as the decision regarding intensity of jamming is seldom crisp. The system with its high robustness, ability to grade nodes with jamming indices, and its true-detection rate as high as 99.8%, is worthy of consideration for information warfare defense purposes.

Combining Deep and Handcrafted Image Features for Presentation Attack Detection in Face Recognition Systems Using Visible-Light Camera Sensors

Directory of Open Access Journals (Sweden)

Dat Tien Nguyen

2018-02-01

Full Text Available Although face recognition systems have wide application, they are vulnerable to presentation attack samples (fake samples. Therefore, a presentation attack detection (PAD method is required to enhance the security level of face recognition systems. Most of the previously proposed PAD methods for face recognition systems have focused on using handcrafted image features, which are designed by expert knowledge of designers, such as Gabor filter, local binary pattern (LBP, local ternary pattern (LTP, and histogram of oriented gradients (HOG. As a result, the extracted features reflect limited aspects of the problem, yielding a detection accuracy that is low and varies with the characteristics of presentation attack face images. The deep learning method has been developed in the computer vision research community, which is proven to be suitable for automatically training a feature extractor that can be used to enhance the ability of handcrafted features. To overcome the limitations of previously proposed PAD methods, we propose a new PAD method that uses a combination of deep and handcrafted features extracted from the images by visible-light camera sensor. Our proposed method uses the convolutional neural network (CNN method to extract deep image features and the multi-level local binary pattern (MLBP method to extract skin detail features from face images to discriminate the real and presentation attack face images. By combining the two types of image features, we form a new type of image features, called hybrid features, which has stronger discrimination ability than single image features. Finally, we use the support vector machine (SVM method to classify the image features into real or presentation attack class. Our experimental results indicate that our proposed method outperforms previous PAD methods by yielding the smallest error rates on the same image databases.

Combining Deep and Handcrafted Image Features for Presentation Attack Detection in Face Recognition Systems Using Visible-Light Camera Sensors.

Science.gov (United States)

Nguyen, Dat Tien; Pham, Tuyen Danh; Baek, Na Rae; Park, Kang Ryoung

2018-02-26

Although face recognition systems have wide application, they are vulnerable to presentation attack samples (fake samples). Therefore, a presentation attack detection (PAD) method is required to enhance the security level of face recognition systems. Most of the previously proposed PAD methods for face recognition systems have focused on using handcrafted image features, which are designed by expert knowledge of designers, such as Gabor filter, local binary pattern (LBP), local ternary pattern (LTP), and histogram of oriented gradients (HOG). As a result, the extracted features reflect limited aspects of the problem, yielding a detection accuracy that is low and varies with the characteristics of presentation attack face images. The deep learning method has been developed in the computer vision research community, which is proven to be suitable for automatically training a feature extractor that can be used to enhance the ability of handcrafted features. To overcome the limitations of previously proposed PAD methods, we propose a new PAD method that uses a combination of deep and handcrafted features extracted from the images by visible-light camera sensor. Our proposed method uses the convolutional neural network (CNN) method to extract deep image features and the multi-level local binary pattern (MLBP) method to extract skin detail features from face images to discriminate the real and presentation attack face images. By combining the two types of image features, we form a new type of image features, called hybrid features, which has stronger discrimination ability than single image features. Finally, we use the support vector machine (SVM) method to classify the image features into real or presentation attack class. Our experimental results indicate that our proposed method outperforms previous PAD methods by yielding the smallest error rates on the same image databases.

Combining Deep and Handcrafted Image Features for Presentation Attack Detection in Face Recognition Systems Using Visible-Light Camera Sensors

Science.gov (United States)

Nguyen, Dat Tien; Pham, Tuyen Danh; Baek, Na Rae; Park, Kang Ryoung

2018-01-01

Although face recognition systems have wide application, they are vulnerable to presentation attack samples (fake samples). Therefore, a presentation attack detection (PAD) method is required to enhance the security level of face recognition systems. Most of the previously proposed PAD methods for face recognition systems have focused on using handcrafted image features, which are designed by expert knowledge of designers, such as Gabor filter, local binary pattern (LBP), local ternary pattern (LTP), and histogram of oriented gradients (HOG). As a result, the extracted features reflect limited aspects of the problem, yielding a detection accuracy that is low and varies with the characteristics of presentation attack face images. The deep learning method has been developed in the computer vision research community, which is proven to be suitable for automatically training a feature extractor that can be used to enhance the ability of handcrafted features. To overcome the limitations of previously proposed PAD methods, we propose a new PAD method that uses a combination of deep and handcrafted features extracted from the images by visible-light camera sensor. Our proposed method uses the convolutional neural network (CNN) method to extract deep image features and the multi-level local binary pattern (MLBP) method to extract skin detail features from face images to discriminate the real and presentation attack face images. By combining the two types of image features, we form a new type of image features, called hybrid features, which has stronger discrimination ability than single image features. Finally, we use the support vector machine (SVM) method to classify the image features into real or presentation attack class. Our experimental results indicate that our proposed method outperforms previous PAD methods by yielding the smallest error rates on the same image databases. PMID:29495417

On node replication attack in wireless sensor networks

International Nuclear Information System (INIS)

Qabulio, M.; Malkani, Y.A.

2015-01-01

WSNs (Wireless Sensor Networks) comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes) that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs. (author)

On Node Replication Attack in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Mumtaz Qabulio

2016-04-01

Full Text Available WSNs (Wireless Sensor Networks comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs

Attack and Vulnerability Penetration Testing: FreeBSD

Directory of Open Access Journals (Sweden)

Abdul Hanan Abdullah

2013-07-01

Full Text Available Computer system security has become a major concern over the past few years. Attacks, threasts or intrusions, against computer system and network have become commonplace events. However, there are some system devices and other tools that are available to overcome the threat of these attacks. Currently, cyber attack is a major research and inevitable. This paper presents some steps of penetration in FreeBSD operating system, some tools and new steps to attack used in this experiment, probes for reconnaissance, guessing password via brute force, gaining privilege access and flooding victim machine to decrease availability. All these attacks were executed and infiltrate within the environment of Intrusion Threat Detection Universiti Teknologi Malaysia (ITD UTM data set. This work is expected to be a reference for practitioners to prepare their systems from Internet attacks.

Sinkhole formation and hydrogeological situation at the salt mining area of Solotvyno, Ukraine

Science.gov (United States)

Stoeckl, L.; Banks, V.

2017-12-01

In Solotvyno, Ukraine, several salt mines were unexpectedly flooded in the recent past. As a result, dozens of sinkholes formed and are still forming with diameters up to 250 m. A one month advisory mission by the European Commission was launched in fall 2016 to conduct a risk assessment. The former mining area is situated in close vicinity to the river Theiss, which is the largest contributory of the largest river in Europe: the Danube. As river contamination by the release of large quantities of saltwater would lead to an international disaster, hydrogeological measurements were taken on-site to study the system. Saturated (hyper-saline) water as well as fresh surface and groundwater were encountered in different locations of the former mining area. Water samples were analyzed for chemistry and stable isotopes at BGR revealing insight into groundwater flow dynamics. Satellite imaging and interferometric synthetic aperture radar (SAR) were applied to study ground movements and evaluate the risk of further collapses. A resulting conceptual model explains the processes of sinkhole formation as well as the natural restoration of the salt dome prior to mining operations. This study shows the advantage of an interdisciplinary approach to conduct a risk assessment in the case of large mine collapses.

Fuzzy Based Advanced Hybrid Intrusion Detection System to Detect Malicious Nodes in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Rupinder Singh

2017-01-01

Full Text Available In this paper, an Advanced Hybrid Intrusion Detection System (AHIDS that automatically detects the WSNs attacks is proposed. AHIDS makes use of cluster-based architecture with enhanced LEACH protocol that intends to reduce the level of energy consumption by the sensor nodes. AHIDS uses anomaly detection and misuse detection based on fuzzy rule sets along with the Multilayer Perceptron Neural Network. The Feed Forward Neural Network along with the Backpropagation Neural Network are utilized to integrate the detection results and indicate the different types of attackers (i.e., Sybil attack, wormhole attack, and hello flood attack. For detection of Sybil attack, Advanced Sybil Attack Detection Algorithm is developed while the detection of wormhole attack is done by Wormhole Resistant Hybrid Technique. The detection of hello flood attack is done by using signal strength and distance. An experimental analysis is carried out in a set of nodes; 13.33% of the nodes are determined as misbehaving nodes, which classified attackers along with a detection rate of the true positive rate and false positive rate. Sybil attack is detected at a rate of 99,40%; hello flood attack has a detection rate of 98, 20%; and wormhole attack has a detection rate of 99, 20%.

Biometric Authentication Systems Attacks: Liveness Detection to the ...

African Journals Online (AJOL)

AFRICAN JOURNALS ONLINE (AJOL) · Journals · Advanced Search · USING AJOL · RESOURCES ... access control, sensitive data protection and on-line tracking systems. ... This paper has identified such vulnerabilities and threats, particularly ... Systems, Authentication, Verification, Vulnerabilities, attacks, Threats.

Vesper: Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs

OpenAIRE

Mirsky, Yisroel; Kalbo, Naor; Elovici, Yuval; Shabtai, Asaf

2018-01-01

The Man-in-the-Middle (MitM) attack is a cyber-attack in which an attacker intercepts traffic, thus harming the confidentiality, integrity, and availability of the network. It remains a popular attack vector due to its simplicity. However, existing solutions are either not portable, suffer from a high false positive rate, or are simply not generic. In this paper, we propose Vesper: a novel plug-and-play MitM detector for local area networks. Vesper uses a technique inspired from impulse respo...

Adaptive EWMA Method Based on Abnormal Network Traffic for LDoS Attacks

Directory of Open Access Journals (Sweden)

Dan Tang

2014-01-01

Full Text Available The low-rate denial of service (LDoS attacks reduce network services capabilities by periodically sending high intensity pulse data flows. For their concealed performance, it is more difficult for traditional DoS detection methods to detect LDoS attacks; at the same time the accuracy of the current detection methods for LDoS attacks is relatively low. As the fact that LDoS attacks led to abnormal distribution of the ACK traffic, LDoS attacks can be detected by analyzing the distribution characteristics of ACK traffic. Then traditional EWMA algorithm which can smooth the accidental error while being the same as the exceptional mutation may cause some misjudgment; therefore a new LDoS detection method based on adaptive EWMA (AEWMA algorithm is proposed. The AEWMA algorithm which uses an adaptive weighting function instead of the constant weighting of EWMA algorithm can smooth the accidental error and retain the exceptional mutation. So AEWMA method is more beneficial than EWMA method for analyzing and measuring the abnormal distribution of ACK traffic. The NS2 simulations show that AEWMA method can detect LDoS attacks effectively and has a low false negative rate and a false positive rate. Based on DARPA99 datasets, experiment results show that AEWMA method is more efficient than EWMA method.

Method of predicting surface deformation in the form of sinkholes

Energy Technology Data Exchange (ETDEWEB)

Chudek, M.; Arkuszewski, J.

1980-06-01

Proposes a method for predicting probability of sinkhole shaped subsidence, number of funnel-shaped subsidences and size of individual funnels. The following factors which influence the sudden subsidence of the surface in the form of funnels are analyzed: geologic structure of the strata between mining workings and the surface, mining depth, time factor, and geologic disolocations. Sudden surface subsidence is observed only in the case of workings situated up to a few dozen meters from the surface. Using the proposed method is explained with some examples. It is suggested that the method produces correct results which can be used in coal mining and in ore mining. (1 ref.) (In Polish)

Using agility to combat cyber attacks.

Science.gov (United States)

Anderson, Kerry

2017-06-01

Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

Inception horizon concept as a basis for sinkhole hazard mapping

Science.gov (United States)

Vouillamoz, J.; Jeannin, P.-Y.; Kopp, L.; Chantry, R.

2012-04-01

The office for natural hazards of the Vaud canton (Switzerland) is interested for a pragmatic approach to map sinkhole hazard in karst areas. A team was created by merging resources from a geoengineering company (CSD) and a karst specialist (SISKA). Large areas in Vaud territory are limestone karst in which the collapse hazard is essentially related to the collapse of soft-rocks covering underground cavities, rather than the collapse of limestone roofs or underground chambers. This statement is probably not valid for cases in gypsum and salt. Thus, for limestone areas, zones of highest danger are voids covered by a thin layer of soft-sediments. The spatial distributions of void and cover-thickness should therefore be used for the hazard assessment. VOID ASSESSMENT Inception features (IF) are millimetre to decimetre thick planes (mainly bedding but also fractures) showing a mineralogical, a granulometrical or a physical contrast with the surrounding formation that make them especially susceptible to karst development (FILIPPONI ET AL., 2009). The analysis of more than 1500 km of cave passage showed that karst conduits are mainly developed along such discrete layers within a limestone series. The so-called Karst-ALEA method (FILIPPONI ET AL., 2011) is based on this concept and aims at assessing the probability of karst conduit occurrences in the drilling of a tunnel. This approach requires as entries the identification of inception features (IF), the recognition of paleo-water-table (PWT), and their respective spatial distribution in a 3D geological model. We suggest the Karst-ALEA method to be adjusted in order to assess the void distribution in subsurface as a basis for sinkhole hazard mapping. Inception features (horizons or fractures) and paleo-water-tables (PWT) have to be first identified using visible caves and dolines. These features should then be introduced into a 3D geological model. Intersections of HI and PWT located close to landsurface are areas with a

Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment

Science.gov (United States)

Lee, Jae-Kook; Kim, Sung-Jun; Park, Chan Yeol; Hong, Taeyoung; Chae, Huiseung

2016-07-01

Quite a number of cyber-attacks to be place against supercomputers that provide highperformance computing (HPC) services to public researcher. Particularly, although the secure shell protocol (SSH) brute-force attack is one of the traditional attack methods, it is still being used. Because stealth attacks that feign regular access may occur, they are even harder to detect. In this paper, we introduce methods to detect SSH brute-force attacks by analyzing the server's unsuccessful access logs and the firewall's drop events in a multi-user environment. Then, we analyze the durations of the SSH brute-force attacks that are detected by applying these methods. The results of an analysis of about 10 thousands attack source IP addresses show that the behaviors of abnormal users using SSH brute-force attacks are based on human dynamic characteristics of a typical heavy-tailed distribution.

The Monitoring, Detection, Isolation and Assessment of Information Warfare Attacks Through Multi-Level, Multi-Scale System Modeling and Model Based Technology

National Research Council Canada - National Science Library

Ye, Nong

2004-01-01

With the goal of protecting computer and networked systems from various attacks, the following intrusion detection techniques were developed and tested using the 1998 and 2000 MIT Lincoln Lab Evaluation Data...

Tales from the crypt : Fingerprinting attacks on encrypted channels by way of retainting

NARCIS (Netherlands)

Valkering, Michael; Slowinska, Asia; Bos, Herbert

2009-01-01

Paradoxically, encryption makes it hard to detect, fingerprint and stop exploits. We describe Hassle, a honeypot capable of detecting and fingerprinting monomorphic and polymorphic attacks on encrypted channels. It uses dynamic taint analysis in an emulator to detect attacks, and it tags each

JFCGuard: Detecting juice filming charging attack via processor usage analysis on smartphones

DEFF Research Database (Denmark)

Meng, Weizhi; Jiang, Lijun; Wang, Yu

2017-01-01

Smartphones have become necessities in people' lives, so that many more public charging stations are under deployment worldwide to meet the increasing demand of phone charging (i.e., in airports, subways, shops, etc). However, this situation may expose a hole for cyber-criminals to launch various...... attacks especially charging attacks and threaten user's privacy. As an example, juice filming charging (JFC) attack is able to steal users' sensitive and private information from both Android OS and iOS devices, through automatically recording phone-screen and monitoring users' inputs during the whole...... charging period. More importantly, this attack does not need any permission or installing any pieces of apps on user's side. The rationale is that users' information can be leaked through a standard micro USB connector that employs the Mobile High-Definition Link (MHL) standard. Motivated by the potential...

Microbial communities and organic biomarkers in a Proterozoic-analog sinkhole.

Science.gov (United States)

Hamilton, T L; Welander, P V; Albrecht, H L; Fulton, J M; Schaperdoth, I; Bird, L R; Summons, R E; Freeman, K H; Macalady, J L

2017-11-01

Little Salt Spring (Sarasota County, FL, USA) is a sinkhole with groundwater vents at ~77 m depth. The entire water column experiences sulfidic (~50 μM) conditions seasonally, resulting in a system poised between oxic and sulfidic conditions. Red pinnacle mats occupy the sediment-water interface in the sunlit upper basin of the sinkhole, and yielded 16S rRNA gene clones affiliated with Cyanobacteria, Chlorobi, and sulfate-reducing clades of Deltaproteobacteria. Nine bacteriochlorophyll e homologues and isorenieratene indicate contributions from Chlorobi, and abundant chlorophyll a and pheophytin a are consistent with the presence of Cyanobacteria. The red pinnacle mat contains hopanoids, including 2-methyl structures that have been interpreted as biomarkers for Cyanobacteria. A single sequence of hpnP, the gene required for methylation of hopanoids at the C-2 position, was recovered in both DNA and cDNA libraries from the red pinnacle mat. The hpnP sequence was most closely related to cyanobacterial hpnP sequences, implying that Cyanobacteria are a source of 2-methyl hopanoids present in the mat. The mats are capable of light-dependent primary productivity as evidenced by 13 C-bicarbonate photoassimilation. We also observed 13 C-bicarbonate photoassimilation in the presence of DCMU, an inhibitor of electron transfer to Photosystem II. Our results indicate that the mats carry out light-driven primary production in the absence of oxygen production-a mechanism that may have delayed the oxygenation of the Earth's oceans and atmosphere during the Proterozoic Eon. Furthermore, our observations of the production of 2-methyl hopanoids by Cyanobacteria under conditions of low oxygen and low light are consistent with the recovery of these structures from ancient black shales as well as their paucity in modern marine environments. © 2017 The Authors. Geobiology Published by John Wiley & Sons Ltd.

Metrics for Assessment of Smart Grid Data Integrity Attacks

Energy Technology Data Exchange (ETDEWEB)

Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

2012-07-01

There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

Generalised Category Attack—Improving Histogram-Based Attack on JPEG LSB Embedding

Science.gov (United States)

Lee, Kwangsoo; Westfeld, Andreas; Lee, Sangjin

We present a generalised and improved version of the category attack on LSB steganography in JPEG images with straddled embedding path. It detects more reliably low embedding rates and is also less disturbed by double compressed images. The proposed methods are evaluated on several thousand images. The results are compared to both recent blind and specific attacks for JPEG embedding. The proposed attack permits a more reliable detection, although it is based on first order statistics only. Its simple structure makes it very fast.

Performance Improvement of Power Analysis Attacks on AES with Encryption-Related Signals

Science.gov (United States)

Lee, You-Seok; Lee, Young-Jun; Han, Dong-Guk; Kim, Ho-Won; Kim, Hyoung-Nam

A power analysis attack is a well-known side-channel attack but the efficiency of the attack is frequently degraded by the existence of power components, irrelative to the encryption included in signals used for the attack. To enhance the performance of the power analysis attack, we propose a preprocessing method based on extracting encryption-related parts from the measured power signals. Experimental results show that the attacks with the preprocessed signals detect correct keys with much fewer signals, compared to the conventional power analysis attacks.

Content modification attacks on consensus seeking multi-agent system with double-integrator dynamics

Science.gov (United States)

Dong, Yimeng; Gupta, Nirupam; Chopra, Nikhil

2016-11-01

In this paper, vulnerability of a distributed consensus seeking multi-agent system (MAS) with double-integrator dynamics against edge-bound content modification cyber attacks is studied. In particular, we define a specific edge-bound content modification cyber attack called malignant content modification attack (MCoMA), which results in unbounded growth of an appropriately defined group disagreement vector. Properties of MCoMA are utilized to design detection and mitigation algorithms so as to impart resilience in the considered MAS against MCoMA. Additionally, the proposed detection mechanism is extended to detect the general edge-bound content modification attacks (not just MCoMA). Finally, the efficacies of the proposed results are illustrated through numerical simulations.

A bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks

DEFF Research Database (Denmark)

Meng, Weizhi; Li, Wenjuan; Xiang, Yang

2017-01-01

and experience for both patients and healthcare workers, and the underlying network architecture to support such devices is also referred to as medical smartphone networks (MSNs). MSNs, similar to other networks, are subject to a wide range of attacks (e.g. leakage of sensitive patient information by a malicious...... insider). In this work, we focus on MSNs and present a compact but efficient trust-based approach using Bayesian inference to identify malicious nodes in such an environment. We then demonstrate the effectiveness of our approach in detecting malicious nodes by evaluating the deployment of our proposed...

Fatal injection: a survey of modern code injection attack countermeasures

Directory of Open Access Journals (Sweden)

Dimitris Mitropoulos

2017-11-01

Full Text Available With a code injection attack (CIA an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

Hydroregime prediction models for ephemeral groundwater-driven sinkhole wetlands: a planning tool for climate change and amphibian conservation

Science.gov (United States)

C. H. Greenberg; S. Goodrick; J. D. Austin; B. R. Parresol

2015-01-01

Hydroregimes of ephemeral wetlands affect reproductive success of many amphibian species and are sensitive to altered weather patterns associated with climate change.We used 17 years of weekly temperature, precipitation, and waterdepth measurements for eight small, ephemeral, groundwaterdriven sinkhole wetlands in Florida sandhills to develop a hydroregime predictive...

Integration of multi-criteria and nearest neighbour analysis with kernel density functions for improving sinkhole susceptibility models: the case study of Enemonzo (NE Italy

Directory of Open Access Journals (Sweden)

Chiara Calligaris

2017-06-01

Full Text Available The significance of intra-mountain valleys to infrastructure and human settlements and the need to mitigate the geo-hazard affecting these assets are fundamental to the economy of Italian alpine regions. Therefore, there is a real need to recognize and assess possible geo-hazards affecting them. This study proposes the use of GIS-based analyses to construct a sinkhole susceptibility model based on conditioning factors such as land use, geomorphology, thickness of shallow deposits, distance to drainage network and distance to faults. Thirty-two models, applied to a test site (Enemonzo municipality, NE Italy, were produced using a method based on the Likelihood Ratio (λ function, nine with only one variable and 23 applying different combinations. The sinkhole susceptibility model with the best forecast performance, with an Area Under the Prediction Rate Curve (AUPRC of 0.88, was that combining the following parameters: Nearest Sinkhole Distance (NSD, land use and thickness of the surficial deposits. The introduction of NSD as a continuous variable in the computation represents an important upgrade in the prediction capability of the model. Additionally, the model was refined using a kernel density estimation that produced a significant improvement in the forecast performance.

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

Directory of Open Access Journals (Sweden)

Biao Han

2018-01-01

Full Text Available Distributed Denial of Service (DDoS attacks are one of the biggest concerns for security professionals. Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility. With the development of software-defined networking (SDN, it becomes prevalent to exploit centralized controllers to defend against DDoS attacks. However, current solutions suffer with serious southbound communication overhead and detection delay. In this paper, we propose a cross-plane DDoS attack defense framework in SDN, called OverWatch, which exploits collaborative intelligence between data plane and control plane with high defense efficiency. Attack detection and reaction are two key procedures of the proposed framework. We develop a collaborative DDoS attack detection mechanism, which consists of a coarse-grained flow monitoring algorithm on the data plane and a fine-grained machine learning based attack classification algorithm on the control plane. We propose a novel defense strategy offloading mechanism to dynamically deploy defense applications across the controller and switches, by which rapid attack reaction and accurate botnet location can be achieved. We conduct extensive experiments on a real-world SDN network. Experimental results validate the efficiency of our proposed OverWatch framework with high detection accuracy and real-time DDoS attack reaction, as well as reduced communication overhead on SDN southbound interface.

Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

Science.gov (United States)

Liu, Xuan

Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to

Countermeasure against probabilistic blinding attack in practical quantum key distribution systems

International Nuclear Information System (INIS)

Qian Yong-Jun; Li Hong-Wei; He De-Yong; Yin Zhen-Qiang; Zhang Chun-Mei; Chen Wei; Wang Shuang; Han Zheng-Fu

2015-01-01

In a practical quantum key distribution (QKD) system, imperfect equipment, especially the single-photon detector, can be eavesdropped on by a blinding attack. However, the original blinding attack may be discovered by directly detecting the current. In this paper, we propose a probabilistic blinding attack model, where Eve probabilistically applies a blinding attack without being caught by using only an existing intuitive countermeasure. More precisely, our countermeasure solves the problem of how to define the bound in the limitation of precision of current detection, and then we prove security of the practical system by considering the current parameter. Meanwhile, we discuss the bound of the quantum bit error rate (QBER) introduced by Eve, by which Eve can acquire information without the countermeasure. (paper)

Defending networks against denial-of-service attacks

Science.gov (United States)

Gelenbe, Erol; Gellman, Michael; Loukas, George

2004-11-01

Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.

High-resolution seismic-reflection imaging 25 years of change in I-70 sinkhole, Russell County, Kansas

Science.gov (United States)

Miller, R.D.; Steeples, D.W.; Lambrecht, J.L.; Croxton, N.

2006-01-01

Time-lapse seismic reflection imaging improved our understanding of the consistent, gradual surface subsidence ongoing at two sinkholes in the Gorham Oilfield discovered beneath a stretch of Interstate Highway 70 through Russell and Ellis Counties in Kansas in 1966. With subsidence occurring at a rate of around 10 cm per year since discovery, monitoring has been beneficial to ensure public safety and optimize maintenance. A miniSOSIE reflection survey conducted in 1980 delineated the affected subsurface and successfully predicted development of a third sinkhole at this site. In 2004 and 2005 a high-resolution vibroseis survey was completed to ascertain current conditions of the subsurface, rate and pattern of growth since 1980, and potential for continued growth. With time and improved understanding of the salt dissolution affected subsurface in this area it appears that these features represent little risk to the public from catastrophic failure. However, from an operational perspective the Kansas Department of Transportation should expect continued subsidence, with future increases in surface area likely at a slightly reduced vertical rate. Seismic characteristics appear empirically consistent with gradual earth material compaction/settling. ?? 2005 Society of Exploration Geophysicists.

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

Directory of Open Access Journals (Sweden)

S.Seetha

2010-06-01

Full Text Available Distributed Denial of service is a major threat to the availability of internet services. Due to the distributed, large scale nature of the Internet makes DDoS (Distributed Denial-of-Service attacks stealthy and difficult to counter. Defense against Distributed Denial- of -Service attacks is one of the hardest security problems on the Internet. Recently these network attacks have been increasing. Therefore more effective countermeasures are required to counter the threat. This requirement has motivated us to propose a novel mechanism against DDoS attack. This paper presents the design details of a distributed defense mechanism against DDoS attack. In our approach, the egress routers of the intermediate network coordinate with each other to provide the information necessary to detect and respond to the attack. Thus, a detection system based on single site will have either high positive or high negative rates. Unlike the traditional IDSs (Intrusion Detection System this method has the potential to achieve high true positive ratio. This work has been done by using consensus algorithms for exchanging the information between the detection systems. So the overall detection time would be reduced for global decision making.

Situational awareness of a coordinated cyber attack

Science.gov (United States)

Sudit, Moises; Stotz, Adam; Holender, Michael

2005-03-01

As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

Compiling symbolic attacks to protocol implementation tests

Directory of Open Access Journals (Sweden)

Michael Rusinowitch

2013-07-01

Full Text Available Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.

A Secure Localization Approach against Wormhole Attacks Using Distance Consistency

Directory of Open Access Journals (Sweden)

Lou Wei

2010-01-01

Full Text Available Wormhole attacks can negatively affect the localization in wireless sensor networks. A typical wormhole attack can be launched by two colluding attackers, one of which sniffs packets at one point in the network and tunnels them through a wired or wireless link to another point, and the other relays them within its vicinity. In this paper, we investigate the impact of the wormhole attack on the localization and propose a novel distance-consistency-based secure localization scheme against wormhole attacks, which includes three phases of wormhole attack detection, valid locators identification and self-localization. The theoretical model is further formulated to analyze the proposed secure localization scheme. The simulation results validate the theoretical results and also demonstrate the effectiveness of our proposed scheme.

State of the art on defenses against wormhole attacks in wireless sensor networks

DEFF Research Database (Denmark)

Prasad, Neeli R.; Giannetsos, T.; Dimitriou, T.

2009-01-01

describe the wormhole attack, a severe routing attack against sensor networks that is particularly challenging to defend against. We detail its characteristics and study its effects on the successful operation of a sensor network. We present state-of-the-art research for addressing wormhole related...... the possibility of using more sophisticated methods, like intrusion detection systems, to achieve a more complete and autonomic defense mechanism against wormhole attackers. We present our work on intrusion detection and introduce a lightweight IDS framework, called LIDeA, designed for wireless sensor networks....... LIDeA is based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. We conclude by highlighting how such a system can be used for defending against wormhole attackers....

Quantum hacking: Saturation attack on practical continuous-variable quantum key distribution

Science.gov (United States)

Qin, Hao; Kumar, Rupesh; Alléaume, Romain

2016-07-01

We identify and study a security loophole in continuous-variable quantum key distribution (CVQKD) implementations, related to the imperfect linearity of the homodyne detector. By exploiting this loophole, we propose an active side-channel attack on the Gaussian-modulated coherent-state CVQKD protocol combining an intercept-resend attack with an induced saturation of the homodyne detection on the receiver side (Bob). We show that an attacker can bias the excess noise estimation by displacing the quadratures of the coherent states received by Bob. We propose a saturation model that matches experimental measurements on the homodyne detection and use this model to study the impact of the saturation attack on parameter estimation in CVQKD. We demonstrate that this attack can bias the excess noise estimation beyond the null key threshold for any system parameter, thus leading to a full security break. If we consider an additional criterion imposing that the channel transmission estimation should not be affected by the attack, then the saturation attack can only be launched if the attenuation on the quantum channel is sufficient, corresponding to attenuations larger than approximately 6 dB. We moreover discuss the possible countermeasures against the saturation attack and propose a countermeasure based on Gaussian postselection that can be implemented by classical postprocessing and may allow one to distill the secret key when the raw measurement data are partly saturated.

Protecting mobile agents from external replay attacks

OpenAIRE

Garrigues Olivella, Carles; Migas, Nikos; Buchanan, William; Robles, Sergi; Borrell Viader, Joan

2014-01-01

Peer-reviewed This paper presents a protocol for the protection of mobile agents against external replay attacks. This kind of attacks are performed by malicious platforms when dispatching an agent multiple times to a remote host, thus making it reexecute part of its itinerary. Current proposals aiming to address this problem are based on storing agent identifiers, or trip markers, inside agent platforms, so that future reexecutions can be detected and prevented. The problem of these solut...

A method of mapping sinkhole susceptibility using a geographic information system : a case study for interstates in the karst counties of Virginia.

Science.gov (United States)

2015-02-01

This study proposes the use of a geographic information system (GIS) to create a susceptibility map, pinpointing : regions in the karst counties of Virginia, in particular, along interstates, most susceptible to future sinkhole : development, determi...

False Positive and False Negative Effects on Network Attacks

Science.gov (United States)

Shang, Yilun

2018-01-01

Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

BLACK HOLE ATTACK IN AODV & FRIEND FEATURES UNIQUE EXTRACTION TO DESIGN DETECTION ENGINE FOR INTRUSION DETECTION SYSTEM IN MOBILE ADHOC NETWORK

Directory of Open Access Journals (Sweden)

HUSAIN SHAHNAWAZ

2012-10-01

Full Text Available Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS. Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system.

Novel mechanism of network protection against the new generation of cyber attacks

Science.gov (United States)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

2012-06-01

A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

Hydrogen attack evaluation of boiler tube using ultrasonic wave

International Nuclear Information System (INIS)

Won, Soon Ho; Hyun, Yang Ki; Lee, Jong O; Cho, Kyung Shik; Lee, Jae Do

2001-01-01

The presence of hydrogen in industrial plants is a source of damage. Hydrogen attack is one such form of degradation and often causing large tube ruptures that necessitate an immediate shutdown. Hydrogen attack may reduce the fracture toughness as well as the strength of steels. This reduction is caused partially by the presence of cavities and microcracks at the grain boundaries. In the past several techniques have been used with limited results. This paper describes the application of an ultrasonic velocity, attenuation and backscatter techniques for detecting the presence of hydrogen damage in utility boiler tubes. Ultrasonic tests showed a decrease in wave velocity and an increase in attenuation. Such results demonstrate the potential for ultrasonic nondestructive testing to quantify damage. Based on this study, recommendations are that both velocity and attenuation be used to detect hydrogen attack in steels.

A system for denial-of-service attack detection based on multivariate correlation analysis

NARCIS (Netherlands)

Tan, Zhiyuan; Jamdagni, Aruna; He, Xiangjian; Nanda, Priyadarsi; Liu, Ren Ping

Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS

A generalized genetic framework for the development of sinkholes and Karst in Florida, U.S.A.

Science.gov (United States)

Beck, Barry F.

1986-03-01

Karst topography in Florida is developed on the Tertiary limestones of the Floridan aquifer Post-depositional diagenesis and solution have made these limestones highly permeable, T=ca. 50,000 m2/d. Zones of megaporosity have formed at unconformities, and dissolution has enlarged joints and fractures Erosion of the overlying clastic Miocene Hawthorn group strata on one flank of a structural arch has exposed the limestone The elevated edge of the Hawthorn cover forms the Cody scarp Ubiquitous solution pipes have previously formed at joint intersections and are now filled Downwashing of the fill deeper into solution cavities in the limestone and subsidence of the overlying unconsolidated sediments causes surface collapse a subsidence doline or sinkhole This process may penetrate up to 60 m of the semi-consolidated Hawthorn cover, as occurred when the Winter Park sinkhole developed Dense clusters of solution pipes may have formed cenotes which are now found on the exposed limestone terrain Groundwater moves laterally as diffuse flow except where input or outflow is concentrated. At sinking streams, vertical shafts, and springs, karst caves have formed, but only the major sinking streams form through-flowing conduit systems Shaft recharge dissipates diffusely. Spring discharge is concentrated from diffuse flow In both cases, conduits taper and merge into a zone of megaporosity

Attacks on IEEE 802.11 wireless networks

Directory of Open Access Journals (Sweden)

Dejan Milan Tepšić

2013-06-01

networking it has never been easier to penetrate the network. One of the biggest problems of today's wireless networks is the lack of effective systems for intrusion detection. Forgetting to cover gaps in wireless network security may result in intrusion into the network by an attacker. Security in IEEE 802.11 wireless networks Although the IEEE 802.11 protocol defines security standards, wireless networks are one of the weakest links in the chain of computer networks. The basic security requirements of each computer network are reliable user authentication, privacy protection and user authentication. Security attacks on IEEE 802.11 wireless networks Non-technical attacks include a variety of human weaknesses, such as lack of conscience, negligence or over-confidence towards the strangers. Network attacks include a number of techniques that enable attackers to penetrate into  the wireless network, or at least to disable it. Apart from the security problems with the IEEE 802.11 protocol, there are vulnerabilities in operating systems and applications on wireless clients. The methodology of attack Before testing wireless network security vulnerabilities, it is important to define a formal testing methodology. The first step before the actual attack is footprinting. The second step is the creation of a network map that shows how the wireless system looks. For this purpose, hackers are using specific tools, such as Network Stumbler, Nmap and Fping. When basic information about the wireless network is gathered, more information can be found out through the process of system scanning (enumeration. Attacks on IEEE 802.11 wireless networks Social engineering is a technique by which attackers exploit the natural trust of most people. Radio waves do not respect defined boundaries. If radio waves are broadcasted outside of the boundaries of the defined area, then it is necessary to reduce signal strength on wireless access points. In that way, radio waves travel over shorter distances

An Artificially Intelligent Physical Model-Checking Approach to Detect Switching-Related Attacks on Power Systems

Energy Technology Data Exchange (ETDEWEB)

El Hariri, Mohamad [Florida Intl Univ., Miami, FL (United States); Faddel, Samy [Florida Intl Univ., Miami, FL (United States); Mohammed, Osama [Florida Intl Univ., Miami, FL (United States)

2017-11-01

Decentralized and hierarchical microgrid control strategies have lain the groundwork for shaping the future smart grid. Such control approaches require the cooperation between microgrid operators in control centers, intelligent microcontrollers, and remote terminal units via secure and reliable communication networks. In order to enhance the security and complement the work of network intrusion detection systems, this paper presents an artificially intelligent physical model-checking that detects tampered-with circuit breaker switching control commands whether, due to a cyber-attack or human error. In this technique, distributed agents, which are monitoring sectionalized areas of a given microgrid, will be trained and continuously adapted to verify that incoming control commands do not violate the physical system operational standards and do not put the microgrid in an insecure state. The potential of this approach has been tested by deploying agents that monitor circuit breakers status commands on a 14-bus IEEE benchmark system. The results showed the accuracy of the proposed framework in characterizing the power system and successfully detecting malicious and/or erroneous control commands.

Data-plane Defenses against Routing Attacks on Tor

Directory of Open Access Journals (Sweden)

Tan Henry

2016-10-01

Full Text Available Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

Intrusion Detection of DoS Attacks in WSNs Using Classification ...

African Journals Online (AJOL)

pc

2018-03-05

Mar 5, 2018 ... Abstract- Wireless Sensor Networks (WSNs) consist of a large number of ... have limited energy and memory capacity [2]. The computation of ..... Access (TDMA) schedules for the data transmission time slots. Here the attacker ...

Sequential and Parallel Attack Tree Modelling

NARCIS (Netherlands)

Arnold, Florian; Guck, Dennis; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Koornneef, Floor; van Gulijk, Coen

The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial

Spear Phishing Attack Detection

Science.gov (United States)

2011-03-24

be sufficiently evaded by encrypting the malware. A similar approach is used by Kolter et al. in [KoM04] and later in [KoM06], where they used data...MeM11] [Mes08] [MKK07] [Off10] [RaS02] [Rep09] J. Z. Kolter and M. A. Maloof. ―Learning to detect...York: ACM, 2004. J. Z. Kolter and M. A. Maloof. ―Learning to detect and classify malicious executables in the Wild,‖ The Journal of Machine Learning

Smart grid data integrity attacks: characterizations and countermeasuresπ

KAUST Repository

Giani, Annarita

2011-10-01

Coordinated cyberattacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm in the power system state estimation process. These unobservable attacks present a potentially serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of line power meters is presented. This requires O(n 2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known-secure phasor measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyberattacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyberattacks. © 2011 IEEE.

Reachable Sets of Hidden CPS Sensor Attacks : Analysis and Synthesis Tools

NARCIS (Netherlands)

Murguia, Carlos; van de Wouw, N.; Ruths, Justin; Dochain, Denis; Henrion, Didier; Peaucelle, Dimitri

2017-01-01

For given system dynamics, control structure, and fault/attack detection procedure, we provide mathematical tools–in terms of Linear Matrix Inequalities (LMIs)–for characterizing and minimizing the set of states that sensor attacks can induce in the system while keeping the alarm rate of the

Intrusion Detection of DoS Attacks in WSNs Using Classification ...

African Journals Online (AJOL)

pc

2018-03-05

Mar 5, 2018 ... a large number of sensor nodes that are low in cost and smaller in size. ... automation, military and other commercial applications [l]. The sensor node .... are very critical and has sensitive data, DoS attacks form a real problem ...

Robust Structural Analysis and Design of Distributed Control Systems to Prevent Zero Dynamics Attacks

Energy Technology Data Exchange (ETDEWEB)

Weerakkody, Sean [Carnegie Mellon Univ., Pittsburgh, PA (United States); Liu, Xiaofei [Carnegie Mellon Univ., Pittsburgh, PA (United States); Sinopoli, Bruno [Carnegie Mellon Univ., Pittsburgh, PA (United States)

2017-12-12

We consider the design and analysis of robust distributed control systems (DCSs) to ensure the detection of integrity attacks. DCSs are often managed by independent agents and are implemented using a diverse set of sensors and controllers. However, the heterogeneous nature of DCSs along with their scale leave such systems vulnerable to adversarial behavior. To mitigate this reality, we provide tools that allow operators to prevent zero dynamics attacks when as many as p agents and sensors are corrupted. Such a design ensures attack detectability in deterministic systems while removing the threat of a class of stealthy attacks in stochastic systems. To achieve this goal, we use graph theory to obtain necessary and sufficient conditions for the presence of zero dynamics attacks in terms of the structural interactions between agents and sensors. We then formulate and solve optimization problems which minimize communication networks while also ensuring a resource limited adversary cannot perform a zero dynamics attacks. Polynomial time algorithms for design and analysis are provided.

A Distributed Middleware Architecture for Attack-Resilient Communications in Smart Grids

Energy Technology Data Exchange (ETDEWEB)

Hodge, Brian S [National Renewable Energy Laboratory (NREL), Golden, CO (United States); Wu, Yifu [University of Akron; Wei, Jin [University of Akron

2017-07-31

Distributed Energy Resources (DERs) are being increasingly accepted as an excellent complement to traditional energy sources in smart grids. As most of these generators are geographically dispersed, dedicated communications investments for every generator are capital cost prohibitive. Real-time distributed communications middleware, which supervises, organizes and schedules tremendous amounts of data traffic in smart grids with high penetrations of DERs, allows for the use of existing network infrastructure. In this paper, we propose a distributed attack-resilient middleware architecture that detects and mitigates the congestion attacks by exploiting the Quality of Experience (QoE) measures to complement the conventional Quality of Service (QoS) information to detect and mitigate the congestion attacks effectively. The simulation results illustrate the efficiency of our proposed communications middleware architecture.

Monitoring of sinkholes and subsidence affecting the Jordanian coast of the Dead Sea through Synthetic Aperture Radar data and last generation Sentinel-1 data

Science.gov (United States)

Tessari, Giulia; Riccardi, Paolo; Lecci, Daniele; Pasquali, Paolo; Floris, Mario

2017-04-01

Since the mid-1980s the coast of the Dead Sea is affected by sinkholes occurring over and around the emerged mud and salt flats. Strong subsidence and landslides also affect some segments of the coast. Nowadays, several thousands of sinkholes attest that the degradation of the Dead Sea coast is worsening. Furthermore, soil deformations are interesting the main streets running along both the Israeli and Jordanian sides of the Dead Sea. These hazards are due to the dramatic dropping of the Dead Sea level, characterized by an increasing rate from about 60 cm/yr in the 1970s up to 1 m/yr in the 2000s, which provokes a lowering of the fresh-saline groundwater interface, replacing the hypersaline groundwater with fresh water and causing a consequent erosion of the subsurface salt layers. Subsidence, sinkholes, river erosion and landslides damage bridges, roads, dikes, houses, factories worsening this ongoing disaster. One of the most emblematic effects is the catastrophic collapse of a 12-km newly constructed dyke, located on the Lisan Peninsula (Jordan), occurred in 2000. Differential Interferometric Synthetic Aperture Radar (DInSAR) techniques and Advanced stacking DInSAR techniques (A-DInSAR) were applied to investigate sinkholes and subsidence affecting the Jordanian coast of the Dead Sea. The use of SAR data already proof to be efficient on the risk management of the area, allowing to identify a vulnerable portion of an Israeli highway, averting a possible collapse. Deformation analysis has been focused on the Ghor Al Haditha area and Lisan peninsula, located in the South-Eastern part of the lake coast. The availability of a huge database of SAR data, since the beginning of the 90s, allowed to observe the evolution of the displacements which are damaging this area. Furthermore, last generation Sentinel-1 data, acquired by the ESA mission, were processed to obtain information about the recent evolution of the subsidence and sinkholes affecting the study area, from

Detection of underground mined voids using line electrode resistivity technique - case study

Energy Technology Data Exchange (ETDEWEB)

Peng, S.S.; Ziaie, F. (West Virginia University, Morgantown, WV (USA))

1991-06-01

A new resistivity method was developed and tested in three phases; simulated model, similitude model, and field survey. This resistivity method was a combination of the Bristow arrangement and line electrode method. Three line electrodes were chosen so that the sinkhole electrode was emplaced at a far distance from the other two electrodes. Any of the two electrodes and the sinkhole electrode were activated and several resistivity profiles perpendicular to the line electrode prepared for different electrodes activation. Subsurface cavities caused resistivity anomalies which were interpreted to locate their sources (cavities) and estimate the depths and dimension of the cavities. A coal mine site employing the room and pillar mining system was selected to confirm the results of the laboratory. The results of the interpretation indicated that the entry with a dimension of 135 cm high and 5.40 m wide at a depth of 25.50 m can be detected by this method. The resolution of the detectability of this method proved a great success when compared to other resistivity techniques. 6 refs., 6 figs.

Urbanisation of Suweimeh area, Jordan, versus sinkholes and landslides proliferation

Science.gov (United States)

Closson, Damien; Abou Karaki, Najib

2013-04-01

The Dead Sea is a terminal lake whose level lowers each year of about one meter per year since more than one decade. This is caused mainly by the diversion of surface waters from its watershed. Currently, 1/10 of the Jordan River still reaches the salt lake. The rapid lowering of the lake level does not allow all the surrounding groundwater tables to adjust their level to that of the Dead Sea. This imbalance causes an always faster migration of a part of the groundwater causing underground erosion leading to the formation of sinkholes along the coast, especially where discontinuities, such as faults, are present. The first collapses occurred in the years 1980-90. From the 2000s, in Jordan, they have proliferated to the point of causing serious damages to the facilities of the Arab Potash Company, the agricultural area of Ghor Al Haditha, and more recently the touristic region of Suweimeh. Aware of the problem and the need for gradual rising of the lake level, the Jordanian authorities attended from 2009 to 2011 to the feasibility study of the Red Sea - Dead Sea conduit. Currently, on the one hand, the growing environmental imbalance, and, on the other hand, the desires to develop economic activities along the coast, imply that more goods will be exposed to damages. For example, the area of Wadi Mujib Bridge was rebuilt completely in the late 2000s. It is the same for the 12 km of the dam 18 of an evaporation pond Arab Potash Company. The Numeira Salt Factory was completely destroyed in Ghor Al Haditha and was relocated to Safi. In August 2012, during touristic period, a landslide destroyed half of the Holiday Inn front beach, Suweimeh area ... End of December 2012, a team lead by Prof. Najib Abou Karaki warned the Arab Potash Company of the presence of a circular depression 250 m in diameter within the evaporation pond SP-0A. Although the dike of this saltpan is closely monitored, the exact location and shape of this large sinkhole were not known to the security

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

NARCIS (Netherlands)

Pieters, Wolter; Davarynejad, Mohsen

2015-01-01

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in

Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Directory of Open Access Journals (Sweden)

Hyunwoo Choi

2018-01-01

Full Text Available It is pretty well known that insecure code updating procedures for Android allow remote code injection attack. However, other than codes, there are many resources in Android that have to be updated, such as temporary files, images, databases, and configurations (XML and JSON. Security of update procedures for these resources is largely unknown. This paper investigates general conditions for remote code injection attacks on these resources. Using this, we design and implement a static detection tool that automatically identifies apps that meet these conditions. We apply the detection tool to a large dataset comprising 9,054 apps, from three different types of datasets: official market, third-party market, and preinstalled apps. As a result, 97 apps were found to be potentially vulnerable, with 53 confirmed as vulnerable to remote code injection attacks.

MACHINE LEARNING IMPLEMENTATION FOR THE CLASSIFICATION OF ATTACKS ON WEB SYSTEMS. PART 2

Directory of Open Access Journals (Sweden)

K. Smirnova

2017-11-01

Full Text Available The possibility of applying machine learning for the classification of malicious requests to aWeb application is considered. This approach excludes the use of deterministic analysis systems (for example, expert systems,and is based on the application of a cascade of neural networks or perceptrons on an approximate model to the real humanbrain. The main idea of the work is to enable to describe complex attack vectors consisting of feature sets, abstract terms forcompiling a training sample, controlling the quality of recognition and classifying each of the layers (networks participatingin the work, with the ability to adjust not the entire network, but only a small part of it, in the training of which a mistake orinaccuracy crept in. The design of the developed network can be described as a cascaded, scalable neural network.When using neural networks to detect attacks on web systems, the issue of vectorization and normalization of features isacute. The most commonly used methods for solving these problems are not designed for the case of deliberate distortion ofthe signs of an attack.The proposed approach makes it possible to obtain a neural network that has been studied in more detail by small features,and also to eliminate the normalization issues in order to avoid deliberately bypassing the intrusion detection system. Byisolating one more group of neurons in the network and teaching it to samples containing various variants of circumvention ofthe attack classification, the developed intrusion detection system remains able to classify any types of attacks as well as theiraggregates, putting forward more stringent measures to counteract attacks. This allows you to follow the life cycle of theattack in more detail: from the starting trial attack to deliberate sophisticated attempts to bypass the system and introducemore decisive measures to actively counteract the attack, eliminating the chances of a false alarm system.

Preliminary data from γ-cardiography during the abatement of an asthmatic attack (1961)

International Nuclear Information System (INIS)

Georges, R.; Vernejoul, P. de; Raynaud, C.; Blanchon, P.; Kellershohn, C.; Turiaf, J.

1961-01-01

The authors used gamma cardiology during the abatement of 16 cases of asthma with a view to detecting heart attacks not otherwise visible with routine methods of examination: clinical, radiological and electro-cardio-graphical. In gamma cardiology, a radioactive indicator is used and its path followed in the cavities of the heart. The method makes it possible to study the circulation in the right heart, the pulmonary crossing, and the left heart, as well as evaluation of the heart-flow. As a result of their investigations the authors, after having discussed the significance of the data obtained with the method, suggest that it is possible by the use of gamma cardiography during the abatement of an asthma attack: 1- To confirm attacks of the right heart which have already been detected by ordinary methods. 2- To confirm the presence of modifications in the recorded curves which suggest, in the case of the left heart, possible attack; such on attack is also indicated, in a small number of cases, by electrocardiography curves. Some considerations are put forward by the authors concerning the physiopathology of attacks on the left heart. (authors) [fr

The sources of primary data for the development potentially dangerous patterns of cyber-attacks

OpenAIRE

Грищук, Руслан Валентинович; Житомирський військовий інститут імені С. П. Корольова; Охрімчук, Володимир Васильович; Житомирський військовий інститут імені С. П. Корольова; Ахтирцева, Влада Сергіївна; в/ч А1912

2016-01-01

It was established fact that the efficiency of modern systems of information and cyber security essentially de-pends on correct and timely development by vendors of antivirus software patterns of the detected cyber-attacks and timely update databases pattern of attacks these users of security. However, the constant improvement of the technological complexity of cyber-attacks requires from vendors constant improvement of mechanisms of development patterns of cyber-attacks. One of the promising...

Vulnerability of water supply systems to cyber-physical attacks

Science.gov (United States)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

[Comparative analysis of phenomenology of paroxysms of atrial fibrillation and panic attacks].

Science.gov (United States)

San'kova, T A; Solov'eva, A D; Nedostup, A V

2004-01-01

To study phenomenology of attacks of atrial fibrillation (AF) and to compare it with phenomenology of panic attacks for elucidation of pathogenesis of atrial fibrillation and for elaboration of rational therapeutic intervention including those aimed at correction of psychovegetative abnormalities. Patients with nonrheumatic paroxysmal AF (n=105) and 100 patients with panic attacks (n=100). Clinical, cardiological and neurological examination, analysis of patients complaints during attacks of AF, and comparison them with diagnostic criteria for panic attack. It was found that clinical picture of attacks of AF comprised vegetative, emotional and functional neurological phenomena similar to those characteristic for panic attacks. This similarity as well as positive therapeutic effect of clonazepam allowed to propose a novel pathogenic mechanism of AF attacks. Severity of psychovegetative disorders during paroxysm of AF could be evaluated by calculation of psychovegetative iudex: Psychovegetative index should be used for detection of panic attack-like component in clinical picture of AF paroxysm and thus for determination of indications for inclusion of vegetotropic drugs, e. g. clonazepam, in complex preventive therapy.

Proactive Alleviation Procedure to Handle Black Hole Attack and Its Version

Science.gov (United States)

Babu, M. Rajesh; Dian, S. Moses; Chelladurai, Siva; Palaniappan, Mathiyalagan

2015-01-01

The world is moving towards a new realm of computing such as Internet of Things. The Internet of Things, however, envisions connecting almost all objects within the world to the Internet by recognizing them as smart objects. In doing so, the existing networks which include wired, wireless, and ad hoc networks should be utilized. Moreover, apart from other networks, the ad hoc network is full of security challenges. For instance, the MANET (mobile ad hoc network) is susceptible to various attacks in which the black hole attacks and its versions do serious damage to the entire MANET infrastructure. The severity of this attack increases, when the compromised MANET nodes work in cooperation with each other to make a cooperative black hole attack. Therefore this paper proposes an alleviation procedure which consists of timely mandate procedure, hole detection algorithm, and sensitive guard procedure to detect the maliciously behaving nodes. It has been observed that the proposed procedure is cost-effective and ensures QoS guarantee by assuring resource availability thus making the MANET appropriate for Internet of Things. PMID:26495430

Proactive Alleviation Procedure to Handle Black Hole Attack and Its Version.

Science.gov (United States)

Babu, M Rajesh; Dian, S Moses; Chelladurai, Siva; Palaniappan, Mathiyalagan

2015-01-01

The world is moving towards a new realm of computing such as Internet of Things. The Internet of Things, however, envisions connecting almost all objects within the world to the Internet by recognizing them as smart objects. In doing so, the existing networks which include wired, wireless, and ad hoc networks should be utilized. Moreover, apart from other networks, the ad hoc network is full of security challenges. For instance, the MANET (mobile ad hoc network) is susceptible to various attacks in which the black hole attacks and its versions do serious damage to the entire MANET infrastructure. The severity of this attack increases, when the compromised MANET nodes work in cooperation with each other to make a cooperative black hole attack. Therefore this paper proposes an alleviation procedure which consists of timely mandate procedure, hole detection algorithm, and sensitive guard procedure to detect the maliciously behaving nodes. It has been observed that the proposed procedure is cost-effective and ensures QoS guarantee by assuring resource availability thus making the MANET appropriate for Internet of Things.

A Distributed Middleware Architecture for Attack-Resilient Communications in Smart Grids: Preprint

Energy Technology Data Exchange (ETDEWEB)

Wu, Yifu; Wei, Jin; Hodge, Bri-Mathias

2017-05-24

Distributed energy resources (DERs) are being increasingly accepted as an excellent complement to traditional energy sources in smart grids. Because most of these generators are geographically dispersed, dedicated communications investments for every generator are capital-cost prohibitive. Real-time distributed communications middleware - which supervises, organizes, and schedules tremendous amounts of data traffic in smart grids with high penetrations of DERs - allows for the use of existing network infrastructure. In this paper, we propose a distributed attack-resilient middleware architecture that detects and mitigates the congestion attacks by exploiting the quality of experience measures to complement the conventional quality of service information to effectively detect and mitigate congestion attacks. The simulation results illustrate the efficiency of our proposed communications middleware architecture.

Anti-spoofing for display and print attacks on palmprint verification systems

Science.gov (United States)

Kanhangad, Vivek; Bhilare, Shruti; Garg, Pragalbh; Singh, Pranjalya; Chaudhari, Narendra

2015-05-01

A number of approaches for personal authentication using palmprint features have been proposed in the literature, majority of which focus on improving the matching performance. However, of late, preventing potential attacks on biometric systems has become a major concern as more and more biometric systems get deployed for wide range of applications. Among various types of attacks, sensor level attack, commonly known as spoof attack, has emerged as the most common attack due to simplicity in its execution. In this paper, we present an approach for detection of display and print based spoof attacks on palmprint verifcation systems. The approach is based on the analysis of acquired hand images for estimating surface re ectance. First and higher order statistical features computed from the distributions of pixel intensities and sub-band wavelet coeefficients form the feature set. A trained binary classifier utilizes the discriminating information to determine if the acquired image is of real hand or a fake one. Experiments are performed on a publicly available hand image dataset, containing 1300 images corresponding to 230 subjects. Experimental results show that the real hand biometrics samples can be substituted by the fake digital or print copies with an alarming spoof acceptance rate as high as 79.8%. Experimental results also show that the proposed spoof detection approach is very effective for discriminating between real and fake palmprint images. The proposed approach consistently achieves over 99% average 10-fold cross validation classification accuracy in our experiments.

Bluetooth security attacks comparative analysis, attacks, and countermeasures

CERN Document Server

Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka

2013-01-01

This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.

A Model of Biological Attacks on a Realistic Population

Science.gov (United States)

Carley, Kathleen M.; Fridsma, Douglas; Casman, Elizabeth; Altman, Neal; Chen, Li-Chiou; Kaminsky, Boris; Nave, Demian; Yahja, Alex

The capability to assess the impacts of large-scale biological attacks and the efficacy of containment policies is critical and requires knowledge-intensive reasoning about social response and disease transmission within a complex social system. There is a close linkage among social networks, transportation networks, disease spread, and early detection. Spatial dimensions related to public gathering places such as hospitals, nursing homes, and restaurants, can play a major role in epidemics [Klovdahl et. al. 2001]. Like natural epidemics, bioterrorist attacks unfold within spatially defined, complex social systems, and the societal and networked response can have profound effects on their outcome. This paper focuses on bioterrorist attacks, but the model has been applied to emergent and familiar diseases as well.

Seeking sunlight: rapid phototactic motility of filamentous mat-forming cyanobacteria optimize photosynthesis and enhance carbon burial in Lake Huron's submerged sinkholes.

Science.gov (United States)

Biddanda, Bopaiah A; McMillan, Adam C; Long, Stephen A; Snider, Michael J; Weinke, Anthony D

2015-01-01

We studied the motility of filamentous mat-forming cyanobacteria consisting primarily of Oscillatoria-like cells growing under low-light, low-oxygen, and high-sulfur conditions in Lake Huron's submerged sinkholes using in situ observations, in vitro measurements and time-lapse microscopy. Gliding movement of the cyanobacterial trichomes (100-10,000 μm long filaments, composed of cells ∼10 μm wide and ∼3 μm tall) revealed individual as well as group-coordinated motility. When placed in a petri dish and dispersed in ground water from the sinkhole, filaments re-aggregated into defined colonies within minutes, then dispersed again. Speed of individual filaments increased with temperature from ∼50 μm min(-1) or ∼15 body lengths min(-1) at 10°C to ∼215 μm min(-1) or ∼70 body lengths min(-1) at 35°C - rates that are rapid relative to non-flagellated/ciliated microbes. Filaments exhibited precise and coordinated positive phototaxis toward pinpoints of light and congregated under the light of foil cutouts. Such light-responsive clusters showed an increase in photosynthetic yield - suggesting phototactic motility aids in light acquisition as well as photosynthesis. Once light source was removed, filaments slowly spread out evenly and re-aggregated, demonstrating coordinated movement through inter-filament communication regardless of light. Pebbles and pieces of broken shells placed upon intact mat were quickly covered by vertically motile filaments within hours and became fully buried in the anoxic sediments over 3-4 diurnal cycles - likely facilitating the preservation of falling debris. Coordinated horizontal and vertical filament motility optimize mat cohesion and dynamics, photosynthetic efficiency and sedimentary carbon burial in modern-day sinkhole habitats that resemble the shallow seas in Earth's early history. Analogous cyanobacterial motility may have played a key role in the oxygenation of the planet by optimizing photosynthesis while favoring

Sinkhole susceptibility in carbonate rocks of the Apulian karst (southern Italy)

Science.gov (United States)

Di Santo, Antonio; Fazio, Nunzio L.; Fiore, Antonio; Lollino, Piernicola; Luisi, Michele; Miccoli, Maria N.; Pagliarulo, Rosa; Parise, Mario; Perrotti, Michele; Pisano, Luca; Spalluto, Luigi; Vennari, Carmela; Vessia, Giovanna

2016-04-01

Apulia region, the foreland of the southern Italian Apennines, is made up of a 6-7 km-thick succession of Mesozoic shallow-water limestones and dolostones, locally covered by thin and discontinuous Tertiary and Quaternary carbonate and clastic deposits. Due to their long subaerial exposure, the Mesozoic carbonate bedrock recorded the development in the subsurface of a dense network of karst cavities, mostly controlled by tectonic discontinuities. As a result, a strong susceptibility to natural sinkholes has to be recorded in Apulia. In addition, the possibility of occurrence of other problems related to the high number of man-made cavities has to be added in the region. A great variety of different typologies of artificial cavities (mostly excavated in the Plio-Pleistocene soft calcarenites) is actually present, including underground quarries, worship sites, oil mills, civilian settlements, etc. Overall, 2200 natural and 1200 artificial cavities, respectively, have been so far surveyed in Apulia. Following the urban development in the last century in Apulia, many of these cavities lie nowadays below densely populated neighborhoods, roads or communication routes. These conditions are at the origin of the main geomorphological hazard for the human society in Apulia, which requires a careful evaluation, aimed at protecting and safeguarding the human life, and at providing the necessary information for a correct land use planning and management. The importance of the sinkhole hazard is further testified by the worrying increase in the number of events during the last 5-6 years. In response to these situations, joint research activities were started by the Institute of Research for Hydrological Protection of the National Research Council (CNR-IRPI) and the Basin Authority of Apulia, aimed at several goals, that include (but are not limited to) the collection of information on natural and anthropogenic sinkholes in Apulia, the implementation of numerical analyses for

Mobility and Cooperation to Thwart Node Capture Attacks in MANETs

Directory of Open Access Journals (Sweden)

Mauro Conti

2009-01-01

Full Text Available The nature of mobile ad hoc networks (MANETs, often unattended, makes this type of networks subject to some unique security issues. In particular, one of the most vexing problem for MANETs security is the node capture attack: an adversary can capture a node from the network eventually acquiring all the cryptographic material stored in it. Further, the captured node can be reprogrammed by the adversary and redeployed in the network in order to perform malicious activities. In this paper, we address the node capture attack in MANETs. We start from the intuition that mobility, in conjunction with a reduced amount of local cooperation, helps computing effectively and with a limited resource usage network global security properties. Then, we develop this intuition and use it to design a mechanism to detect the node capture attack. We support our proposal with a wide set of experiments showing that mobile networks can leverage mobility to compute global security properties, like node capture detection, with a small overhead.

Time-Efficient Cloning Attacks Identification in Large-Scale RFID Systems

Directory of Open Access Journals (Sweden)

Ju-min Zhao

2017-01-01

Full Text Available Radio Frequency Identification (RFID is an emerging technology for electronic labeling of objects for the purpose of automatically identifying, categorizing, locating, and tracking the objects. But in their current form RFID systems are susceptible to cloning attacks that seriously threaten RFID applications but are hard to prevent. Existing protocols aimed at detecting whether there are cloning attacks in single-reader RFID systems. In this paper, we investigate the cloning attacks identification in the multireader scenario and first propose a time-efficient protocol, called the time-efficient Cloning Attacks Identification Protocol (CAIP to identify all cloned tags in multireaders RFID systems. We evaluate the performance of CAIP through extensive simulations. The results show that CAIP can identify all the cloned tags in large-scale RFID systems fairly fast with required accuracy.

Phase II modification of the Water Availability Tool for Environmental Resources (WATER) for Kentucky: The sinkhole-drainage process, point-and-click basin delineation, and results of karst test-basin simulations

Science.gov (United States)

Taylor, Charles J.; Williamson, Tanja N.; Newson, Jeremy K.; Ulery, Randy L.; Nelson, Hugh L.; Cinotto, Peter J.

2012-01-01

This report describes Phase II modifications made to the Water Availability Tool for Environmental Resources (WATER), which applies the process-based TOPMODEL approach to simulate or predict stream discharge in surface basins in the Commonwealth of Kentucky. The previous (Phase I) version of WATER did not provide a means of identifying sinkhole catchments or accounting for the effects of karst (internal) drainage in a TOPMODEL-simulated basin. In the Phase II version of WATER, sinkhole catchments are automatically identified and delineated as internally drained subbasins, and a modified TOPMODEL approach (called the sinkhole drainage process, or SDP-TOPMODEL) is applied that calculates mean daily discharges for the basin based on summed area-weighted contributions from sinkhole drain-age (SD) areas and non-karstic topographically drained (TD) areas. Results obtained using the SDP-TOPMODEL approach were evaluated for 12 karst test basins located in each of the major karst terrains in Kentucky. Visual comparison of simulated hydrographs and flow-duration curves, along with statistical measures applied to the simulated discharge data (bias, correlation, root mean square error, and Nash-Sutcliffe efficiency coefficients), indicate that the SDPOPMODEL approach provides acceptably accurate estimates of discharge for most flow conditions and typically provides more accurate simulation of stream discharge in karstic basins compared to the standard TOPMODEL approach. Additional programming modifications made to the Phase II version of WATER included implementation of a point-and-click graphical user interface (GUI), which fully automates the delineation of simulation-basin boundaries and improves the speed of input-data processing. The Phase II version of WATER enables the user to select a pour point anywhere on a stream reach of interest, and the program will automatically delineate all upstream areas that contribute drainage to that point. This capability enables

Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

DEFF Research Database (Denmark)

Li, Wenjuan; Meng, Weizhi; Kwok, Lam For

2018-01-01

to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However...

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

Energy Technology Data Exchange (ETDEWEB)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills, and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between

Using the Domain Name System to Thwart Automated Client-Based Attacks

Energy Technology Data Exchange (ETDEWEB)

Taylor, Curtis R [ORNL; Shue, Craig A [ORNL

2011-09-01

On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.

Efficient Network Monitoring for Attack Detection

OpenAIRE

Limmer, Tobias

2011-01-01

Techniques for network-based intrusion detection have been evolving for years, and the focus of most research is on detection algorithms, although networks are distributed and dynamically managed nowadays. A data processing framework is required that allows to embed multiple detection techniques and to provide data with the needed aggregation levels. Within that framework, this work concentrates on methods that improve the interoperability of intrusion detection techniques and focuses on data...

Defending majority voting systems against a strategic attacker

International Nuclear Information System (INIS)

Levitin, Gregory; Hausken, Kjell; Ben Haim, Hanoch

2013-01-01

Voting systems used in technical and tactical decision making in pattern recognition and target detection, data handling, signal processing, distributed and secure computing etc. are considered. A maxmin two period game is analyzed where the defender first protects and chooses units for participation in voting. The attacker thereafter attacks a subset of units. It is shown that when the defender protects all the voting units, the optimal number of units chosen for voting is either one or the maximal possible odd number. When the defender protects only the units chosen for voting, the optimal number of chosen units increases with the defender resource superiority (i.e., more resources than the attacker) and with probability of providing correct output by any unit. The system success probability always increases in the total number of voting units, the defender–attacker resource ratio, and the probability that each voting unit produces a correct output. The system success probability increases in the attacker–defender contest intensity if the defender achieves per-unit resource superiority, and otherwise decreases in the contest intensity. The presented model and enumerative algorithm allow obtaining optimal voting system defense strategy for any combination of parameters: total number of units, attack and defense resources, unit success probability and contest intensity.

Recent "phishing" attacks

CERN Multimedia

IT Department

2009-01-01

Over the last few weeks there has been a marked increase in the number of attacks on CERN made by cybercriminals. Typical attacks arrive in the form of e-mail messages purporting to come from the CERN Help Desk, Mail Service, or some similarly official-sounding entity and suggest that there is a problem with your account, such as it being over-quota. They then ask you to click on a link or to reply and give your password. Please don’t! Be cautious of any unexpected messages containing web links even if they appear to come from known contacts. If you happen to click on such a link and if your permission is requested to run or install software, always decline it. NEVER provide your password or other details if these are requested. These messages try to trick you into clicking on Web links which will help them to install malicious software on your computer, and anti-virus software cannot be relied on to detect all cases. In case of questions on this topic, you may contact mailto:helpdesk@cern.ch. CERN Comput...

A robust color image watermarking algorithm against rotation attacks

Science.gov (United States)

Han, Shao-cheng; Yang, Jin-feng; Wang, Rui; Jia, Gui-min

2018-01-01

A robust digital watermarking algorithm is proposed based on quaternion wavelet transform (QWT) and discrete cosine transform (DCT) for copyright protection of color images. The luminance component Y of a host color image in YIQ space is decomposed by QWT, and then the coefficients of four low-frequency subbands are transformed by DCT. An original binary watermark scrambled by Arnold map and iterated sine chaotic system is embedded into the mid-frequency DCT coefficients of the subbands. In order to improve the performance of the proposed algorithm against rotation attacks, a rotation detection scheme is implemented before watermark extracting. The experimental results demonstrate that the proposed watermarking scheme shows strong robustness not only against common image processing attacks but also against arbitrary rotation attacks.

Distinguishing attack and second-preimage attack on encrypted message authentication codes (EMAC)

Science.gov (United States)

Ariwibowo, Sigit; Windarta, Susila

2016-02-01

In this paper we show that distinguisher on CBC-MAC can be applied to Encrypted Message Authentication Code (EMAC) scheme. EMAC scheme in general is vulnerable to distinguishing attack and second preimage attack. Distinguishing attack simulation on AES-EMAC using 225 message modifications, no collision have been found. According to second preimage attack simulation on AES-EMAC no collision found between EMAC value of S1 and S2, i.e. no second preimage found for messages that have been tested. Based on distinguishing attack simulation on truncated AES-EMAC we found collision in every message therefore we cannot distinguish truncated AES-EMAC with random function. Second-preimage attack is successfully performed on truncated AES-EMAC.

[Evaluation of association between an acute attack of childhood bronchial asthma and Chlamydia pneumoniae infection].

Science.gov (United States)

Jiang, Yi; Liu, Xing-Lian; Xing, Fu-Qiang; Yang, Ju-Sheng; Tu, Hong

2006-04-01

To identify whether there is an association between an acute attack of childhood bronchial asthma and Chlamydia pneumoniae (CP) infection. Serum specific antibodies IgM and IgG to CP were detected by ELISA in 120 asthmatic children with an acute attack and 82 healthy children. Anti-CP IgM was demonstrated in 22 cases (18.3%) and anti-CP IgG was demonstrated in 32 cases (26.7%) out of the 120 asthmatic patients. The incidence of CP infection in asthmatic children was significantly higher than that in healthy controls (3.7%) (P attack of asthma in 15 cases out of the 32 cases with CP infection, but 17 cases required glucocorticoid inhalation treatment together with anti-CP infection treatment (macrolide antibiotics, eg. azithromycin) for remission of asthma attack. There may be a link between an acute attack of childhood asthma and CP infection. It is thus necessary to detect the CP-specific antibodies in asthmatic children for proper treatment.

Seeking sunlight: rapid phototactic motility of filamentous mat-forming cyanobacteria optimize photosynthesis and enhance carbon burial in Lake Huron’s submerged sinkholes

Directory of Open Access Journals (Sweden)

Bopaiah A Biddanda

2015-09-01

Full Text Available We studied the motility of filamentous mat-forming cyanobacteria consisting primarily of Oscillatoria-like cells growing under low-light, low-oxygen and high-sulfur conditions in Lake Huron’s submerged sinkholes using in situ observations, in vitro measurements and time-lapse microscopy. Gliding movement of the cyanobacterial trichomes (100-10,000 µm long filaments, composed of cells ~10 µm wide and ~3 µm tall revealed individual as well as group-coordinated motility. When placed in a petri dish and dispersed in ground water from the sinkhole, filaments re-aggregated into defined colonies within minutes, then dispersed again. Speed of individual filaments increased with temperature from ~50 µm minute-1 or ~15 body lengths minute-1 at 10°C to ~215 µm minute-1 or ~70 body lengths minute-1 at 35°C – rates that are rapid relative to non-flagellated/ciliated microbes. Filaments exhibited precise and coordinated positive phototaxis towards pinpoints of light and congregated under the light of foil cutouts. Such light-responsive clusters showed an increase in photosynthetic yield – suggesting phototactic motility aids in light acquisition as well as photosynthesis. Once light source was removed, filaments slowly spread out evenly and re-aggregated, demonstrating coordinated movement through inter-filament communication regardless of light. Pebbles and pieces of broken shells placed upon intact mat were quickly covered by vertically motile filaments within hours and became fully buried in the anoxic sediments over 3-4 diurnal cycles – likely facilitating the preservation of falling debris. Coordinated horizontal and vertical filament motility optimize mat cohesion and dynamics, photosynthetic efficiency and sedimentary carbon burial in modern-day sinkhole habitats that resemble the shallow seas in Earth’s early history. Analogous cyanobacterial motility may have played a key role in the oxygenation of the planet by optimizing

Identification of Successive ``Unobservable'' Cyber Data Attacks in Power Systems Through Matrix Decomposition

Science.gov (United States)

Gao, Pengzhi; Wang, Meng; Chow, Joe H.; Ghiocel, Scott G.; Fardanesh, Bruce; Stefopoulos, George; Razanousky, Michael P.

2016-11-01

This paper presents a new framework of identifying a series of cyber data attacks on power system synchrophasor measurements. We focus on detecting "unobservable" cyber data attacks that cannot be detected by any existing method that purely relies on measurements received at one time instant. Leveraging the approximate low-rank property of phasor measurement unit (PMU) data, we formulate the identification problem of successive unobservable cyber attacks as a matrix decomposition problem of a low-rank matrix plus a transformed column-sparse matrix. We propose a convex-optimization-based method and provide its theoretical guarantee in the data identification. Numerical experiments on actual PMU data from the Central New York power system and synthetic data are conducted to verify the effectiveness of the proposed method.

Protecting Mobile Crowd Sensing against Sybil Attacks Using Cloud Based Trust Management System

Directory of Open Access Journals (Sweden)

Shih-Hao Chang

2016-01-01

Full Text Available Mobile crowd sensing (MCS arises as a new sensing paradigm, which leverages citizens for large-scale sensing by various mobile devices to efficiently collect and share local information. Unlike other MCS application challenges that consider user privacy and data trustworthiness, this study focuses on the network trustworthiness problem, namely, Sybil attacks in MCS network. The Sybil attack in computer security is a type of security attack, which illegally forges multiple identities in peer-to-peer networks, namely, Sybil identities. These Sybil identities will falsify multiple identities that negatively influence the effectiveness of sensing data in this MCS network or degrading entire network performance. To cope with this problem, a cloud based trust management scheme (CbTMS was proposed to detect Sybil attacks in the MCS network. The CbTMS was proffered for performing active and passive checking scheme, in addition to the mobile PCS trustworthiness management, and includes a decision tree algorithm, to verify the covered nodes in the MCS network. Simulation studies show that our CbTMS can efficiently detect the malicious Sybil nodes in the network and cause 6.87 Wh power reduction compared with other malicious Sybil node attack mode.

Mitigating Drive-By Download Attacks: Challenges and Open Problems

Science.gov (United States)

Egele, Manuel; Kirda, Engin; Kruegel, Christopher

Malicious web sites perform drive-by download attacks to infect their visitors with malware. Current protection approaches rely on black- or white-listing techniques that are difficult to keep up-to-date. As todays drive-by attacks already employ encryption to evade network level detection we propose a series of techniques that can be implemented in web browsers to protect the user from such threats. In addition, we discuss challenges and open problems that these mechanisms face in order to be effective and efficient.

Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

Directory of Open Access Journals (Sweden)

Asish Kumar Dalai

2017-01-01

Full Text Available Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

From control system security indices to attack identifiability

NARCIS (Netherlands)

Herdeiro Teixeira, A.M.; Sandberg, H

2016-01-01

In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The index exactly quantifies the resources

Cooperating attackers in neural cryptography.

Science.gov (United States)

Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang

2004-06-01

A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

Crony Attack: Strategic Attack’s Silver Bullet

Science.gov (United States)

2006-11-01

physical assets or financial assets. The form of crony attack that most closely resembles classic strategic attack is to deny, degrade, or destroy a money...February 1951. Reprinted in Airpower Studies Coursebook , Air Command and Staff College, Maxwell AFB, AL, 2002, 152–58. Hirsch, Michael. “NATO’s Game of

3D geostatistical modelling for identifying sinkhole disaster potential zones around the Verkhnekamskoye potash deposit (Russia)

Science.gov (United States)

Royer, J. J.; Litaudon, J.; Filippov, L. O.; Lyubimova, T.; Maximovich, N.

2017-07-01

This work results from a cooperative scientific program between the Perm State University (Russia) and the University of Lorraine (France). Its objectives are to integrate modern 3D geomodeling in order to improve sustainable mining extraction, especially for predicting and avoiding the formation of sinkholes disaster potential zones. Systematic exploration drill holes performed in the Verkhnekamskoye potash deposit (Perm region, Russia) have been used to build a comprehensive 3D model for better understanding the spatial repartition of the ore quality (geometallurgy). A precise modelling of the mineralized layers allows an estimation of the in-situ ore reserves after interpolating by kriging the potassium (K) and magnesium (Mg) contents at the node of a regular centred grid (over a million cells). Total resources in potassium vary according to the cut-off between 4.7Gt @ 16.1 % K2O; 0.32 % MgCl2 for a cut-off grade at 13.1% K2O and 2.06 Gt @ 18.2 % K2O; 0.32 % MgCl2 at a cut-off of 16.5% K2O. Most of reserves are located in the KPI, KPII and KPIII layers, the KPI being the richest, and KPIII the largest in terms of tonnage. A systematic study of the curvature calculated along the roof of the mineralized layers points out the location of potential main faults which play a major role in the formation of sinkhole during exploitation. A risk map is then derived from this attribute.

An Annotated Review of Past Papers on Attack Graphs

National Research Council Canada - National Science Library

Lippmann, Richard; Ingols, K. W

2005-01-01

This report reviews past research papers that describe how to construct attack graphs, how to use them to improve security of computer networks, and how to use them to analyze alerts from intrusion detection systems...

An efficient collaborative approach for black hole attack discovery and mitigating its impact in manet

Science.gov (United States)

Devipriya, K.; Ivy, B. Persis Urbana; Prabha, D.

2018-04-01

A mobile ad hoc network (MANET) is an assemblage of nodes composed of mobile devices coupled in various ways wirelessly which do not have any central administration. Each node in MANET cooperates in forwarding packets in the network. This type of collaboration incurs high cost but there exits nodes that declines to cooperate leading to selfish conduct of nodes which effects overall network performance. To discover the attacks caused by such nodes, a renowned mechanism using watchdog can be deployed. In infrastructure less network attack detection and reaction and high false positives, false negatives initiating black hole attack becomes major issue in watchdog. This paper put forward a collaborative approach for identifying such attacks in MANET. Through abstract analysis and extensive simulation of this approach, the detection time of misbehaved nodes is reduced and substantial enhancement in overhead and throughput is witnessed.

Groundwater shapes sediment biogeochemistry and microbial diversity in a submerged Great Lake sinkhole.

Science.gov (United States)

Kinsman-Costello, L E; Sheik, C S; Sheldon, N D; Allen Burton, G; Costello, D M; Marcus, D; Uyl, P A Den; Dick, G J

2017-03-01

For a large part of earth's history, cyanobacterial mats thrived in low-oxygen conditions, yet our understanding of their ecological functioning is limited. Extant cyanobacterial mats provide windows into the putative functioning of ancient ecosystems, and they continue to mediate biogeochemical transformations and nutrient transport across the sediment-water interface in modern ecosystems. The structure and function of benthic mats are shaped by biogeochemical processes in underlying sediments. A modern cyanobacterial mat system in a submerged sinkhole of Lake Huron (LH) provides a unique opportunity to explore such sediment-mat interactions. In the Middle Island Sinkhole (MIS), seeping groundwater establishes a low-oxygen, sulfidic environment in which a microbial mat dominated by Phormidium and Planktothrix that is capable of both anoxygenic and oxygenic photosynthesis, as well as chemosynthesis, thrives. We explored the coupled microbial community composition and biogeochemical functioning of organic-rich, sulfidic sediments underlying the surface mat. Microbial communities were diverse and vertically stratified to 12 cm sediment depth. In contrast to previous studies, which used low-throughput or shotgun metagenomic approaches, our high-throughput 16S rRNA gene sequencing approach revealed extensive diversity. This diversity was present within microbial groups, including putative sulfate-reducing taxa of Deltaproteobacteria, some of which exhibited differential abundance patterns in the mats and with depth in the underlying sediments. The biological and geochemical conditions in the MIS were distinctly different from those in typical LH sediments of comparable depth. We found evidence for active cycling of sulfur, methane, and nutrients leading to high concentrations of sulfide, ammonium, and phosphorus in sediments underlying cyanobacterial mats. Indicators of nutrient availability were significantly related to MIS microbial community composition, while LH

Composite Dos Attack Model

Directory of Open Access Journals (Sweden)

Simona Ramanauskaitė

2012-04-01

Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.

Programmable Logic Controller Modification Attacks for use in Detection Analysis

Science.gov (United States)

2014-03-27

and J. Lowe, “The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems ,” in Proceedings of the VDE Kongress, vol. 116, 2004. [13...Feb 2014 Date 20 Feb 2014 Date 20 Feb 2014 Date AFIT-ENG-14-M-66 Abstract Unprotected Supervisory Control and Data Acquisition (SCADA) systems offer...control and monitor physical industrial processes. Although attacks targeting SCADA systems have increased, there has been little work exploring the

A new method to reduce the effects of HTTP-Get Flood attack

Directory of Open Access Journals (Sweden)

Hamid Mirvaziri

2017-12-01

Full Text Available HTTP Get Flood attack is known as the most common DDOS attack on the application layer with a frequency of 21 percent in all attacks. Since a huge amount of requests is sent to the Web Server for receiving pages and also the volume of responses issued by the server is much more than the volume received by zombies in this kind of attack, hence it could be done by small botnets; in the other hand, because every zombie attempts to issue the request by the use of its real address, carries out all stages of the three-stage handshakes, and the context of the requests is fully consistent with the HTTP protocol, the techniques of fake address detection and anomaly detection in text could not be employed. The mechanisms that are used to deal with this attack not only have much processing overload but also may cause two kinds of “False Negative” (To realize wrongly the fake traffic as the real traffic and “False Positive” (To realize wrongly the real traffic as the fake traffic errors. Therefore a method is proposed that is able to adapt itself to the traffic by the use of low processing overload and it has less error than the similar systems and using this way.

Geographic wormhole detection in wireless sensor networks.

Directory of Open Access Journals (Sweden)

Mehdi Sookhak

Full Text Available Wireless sensor networks (WSNs are ubiquitous and pervasive, and therefore; highly susceptible to a number of security attacks. Denial of Service (DoS attack is considered the most dominant and a major threat to WSNs. Moreover, the wormhole attack represents one of the potential forms of the Denial of Service (DoS attack. Besides, crafting the wormhole attack is comparatively simple; though, its detection is nontrivial. On the contrary, the extant wormhole defense methods need both specialized hardware and strong assumptions to defend against static and dynamic wormhole attack. The ensuing paper introduces a novel scheme to detect wormhole attacks in a geographic routing protocol (DWGRP. The main contribution of this paper is to detect malicious nodes and select the best and the most reliable neighbors based on pairwise key pre-distribution technique and the beacon packet. Moreover, this novel technique is not subject to any specific assumption, requirement, or specialized hardware, such as a precise synchronized clock. The proposed detection method is validated by comparisons with several related techniques in the literature, such as Received Signal Strength (RSS, Authentication of Nodes Scheme (ANS, Wormhole Detection uses Hound Packet (WHOP, and Wormhole Detection with Neighborhood Information (WDI using the NS-2 simulator. The analysis of the simulations shows promising results with low False Detection Rate (FDR in the geographic routing protocols.

TCPL: A Defense against wormhole attacks in wireless sensor networks

International Nuclear Information System (INIS)

Kumar, K. E. Naresh; Waheed, Mohd. Abdul; Basappa, K. Kari

2010-01-01

Do In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many sensor network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

Face Spoof Attack Recognition Using Discriminative Image Patches

Directory of Open Access Journals (Sweden)

Zahid Akhtar

2016-01-01

Full Text Available Face recognition systems are now being used in many applications such as border crossings, banks, and mobile payments. The wide scale deployment of facial recognition systems has attracted intensive attention to the reliability of face biometrics against spoof attacks, where a photo, a video, or a 3D mask of a genuine user’s face can be used to gain illegitimate access to facilities or services. Though several face antispoofing or liveness detection methods (which determine at the time of capture whether a face is live or spoof have been proposed, the issue is still unsolved due to difficulty in finding discriminative and computationally inexpensive features and methods for spoof attacks. In addition, existing techniques use whole face image or complete video for liveness detection. However, often certain face regions (video frames are redundant or correspond to the clutter in the image (video, thus leading generally to low performances. Therefore, we propose seven novel methods to find discriminative image patches, which we define as regions that are salient, instrumental, and class-specific. Four well-known classifiers, namely, support vector machine (SVM, Naive-Bayes, Quadratic Discriminant Analysis (QDA, and Ensemble, are then used to distinguish between genuine and spoof faces using a voting based scheme. Experimental analysis on two publicly available databases (Idiap REPLAY-ATTACK and CASIA-FASD shows promising results compared to existing works.

Heart Attack Recovery FAQs

Science.gov (United States)

... recommendations to make a full recovery. View an animation of a heart attack . Heart Attack Recovery Questions ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

Stealthy false data injection attacks using matrix recovery and independent component analysis in smart grid

Science.gov (United States)

JiWei, Tian; BuHong, Wang; FuTe, Shang; Shuaiqi, Liu

2017-05-01

Exact state estimation is vital important to maintain common operations of smart grids. Existing researches demonstrate that state estimation output could be compromised by malicious attacks. However, to construct the attack vectors, a usual presumption in most works is that the attacker has perfect information regarding the topology and so on even such information is difficult to acquire in practice. Recent research shows that Independent Component Analysis (ICA) can be used for inferring topology information which can be used to originate undetectable attacks and even to alter the price of electricity for the profits of attackers. However, we found that the above ICA-based blind attack tactics is merely feasible in the environment with Gaussian noises. If there are outliers (device malfunction and communication errors), the Bad Data Detector will easily detect the attack. Hence, we propose a robust ICA based blind attack strategy that one can use matrix recovery to circumvent the outlier problem and construct stealthy attack vectors. The proposed attack strategies are tested with IEEE representative 14-bus system. Simulations verify the feasibility of the proposed method.

Quantum Encryption Minimising Key Leakage under Known Plaintext Attacks

DEFF Research Database (Denmark)

Pedersen, Thomas Brochmann

2006-01-01

, or interactive encryption schemes, where the interaction does not need to occur online. In our model we show that the amount of key leaked under a known plaintext attack can be made arbitrarily small even in non-interactive encryption schemes. We also give an encryption scheme where eavesdropping can be detected....... In this encryption scheme the entire key can be safely recycled when no eavesdropping is detected....

Forensic Evidence Identification and Modeling for Attacks against a Simulated Online Business Information System

Directory of Open Access Journals (Sweden)

Manghui Tu

2012-12-01

Full Text Available Forensic readiness can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business frauds. To establish forensics readiness, it is essential for an organization to identify what evidences are relevant and where they can be found, to determine whether they are logged in a forensic sound way and whether all the needed evidences are available to reconstruct the events successfully.  Our goal of this research is to ensure evidence availability. First, both external and internal attacks are molded as augmented attack trees/graphs based on the system vulnerabilities. Second, modeled attacks are conducted against a honeynet simulating an online business information system, and each honeypot's hard drive is forensic sound imaged for each individual attack. Third, an evidence tree/graph will be built after forensics examination on the disk images for each attack. The evidence trees/graphs are expected to be used for automatic crime scene reconstruction and automatic attack/fraud detection in the future.

Seven Deadliest Wireless Technologies Attacks

CERN Document Server

Haines, Brad

2010-01-01

How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption

A Smart Trust Management Method to Detect On-Off Attacks in the Internet of Things

Directory of Open Access Journals (Sweden)

Jean Caminha

2018-01-01

Full Text Available Internet of Things (IoT resources cooperate with themselves for requesting and providing services. In heterogeneous and complex environments, those resources must trust each other. On-Off attacks threaten the IoT trust security through nodes performing good and bad behaviors randomly, to avoid being rated as a menace. Some countermeasures demand prior levels of trust knowledge and time to classify a node behavior. In some cases, a malfunctioning node can be mismatched as an attacker. In this paper, we introduce a smart trust management method, based on machine learning and an elastic slide window technique that automatically assesses the IoT resource trust, evaluating service provider attributes. In simulated and real-world data, this method was able to identify On-Off attackers and fault nodes with a precision up to 96% and low time consumption.

Fighting Through a Logistics Cyber Attack

Science.gov (United States)

2015-06-19

cumulative cost of cyber-attacks was more than the combined global black market cost of cocaine, heroin and marijuana. These alarming figures raised...the country to its knees. The Luftwaffe was uncontested in the Battle of Britain until radar’s ability to detect inbound aircraft provided the...manifest information in IGC and provides inbound passenger manifest data to the aerial port of debarkation (APOD) and other receiving activities for

Blocking of Brute Force Attack

OpenAIRE

M.Venkata Krishna Reddy

2012-01-01

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

Practical security and privacy attacks against biometric hashing using sparse recovery

Science.gov (United States)

Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdogan, Hakan

2016-12-01

Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user's password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

Landslides, floods and sinkholes in a karst environment: the 1-6 September 2014 Gargano event, southern Italy

Science.gov (United States)

Martinotti, Maria Elena; Pisano, Luca; Marchesini, Ivan; Rossi, Mauro; Peruccacci, Silvia; Brunetti, Maria Teresa; Melillo, Massimo; Amoruso, Giuseppe; Loiacono, Pierluigi; Vennari, Carmela; Vessia, Giovanna; Trabace, Maria; Parise, Mario; Guzzetti, Fausto

2017-03-01

In karst environments, heavy rainfall is known to cause multiple geohydrological hazards, including inundations, flash floods, landslides and sinkholes. We studied a period of intense rainfall from 1 to 6 September 2014 in the Gargano Promontory, a karst area in Puglia, southern Italy. In the period, a sequence of torrential rainfall events caused severe damage and claimed two fatalities. The amount and accuracy of the geographical and temporal information varied for the different hazards. The temporal information was most accurate for the inundation caused by a major river, less accurate for flash floods caused by minor torrents and even less accurate for landslides. For sinkholes, only generic information on the period of occurrence of the failures was available. Our analysis revealed that in the promontory, rainfall-driven hazards occurred in response to extreme meteorological conditions and that the karst landscape responded to the torrential rainfall with a threshold behaviour. We exploited the rainfall and the landslide information to design the new ensemble-non-exceedance probability (E-NEP) algorithm for the quantitative evaluation of the possible occurrence of rainfall-induced landslides and of related geohydrological hazards. The ensemble of the metrics produced by the E-NEP algorithm provided better diagnostics than the single metrics often used for landslide forecasting, including rainfall duration, cumulated rainfall and rainfall intensity. We expect that the E-NEP algorithm will be useful for landslide early warning in karst areas and in other similar environments. We acknowledge that further tests are needed to evaluate the algorithm in different meteorological, geological and physiographical settings.

Quantum hacking of two-way continuous-variable quantum key distribution using Trojan-horse attack

International Nuclear Information System (INIS)

Ma Hong-Xin; Bao Wan-Su; Li Hong-Wei; Chou Chun

2016-01-01

We present a Trojan-horse attack on the practical two-way continuous-variable quantum key distribution system. Our attack mainly focuses on the imperfection of the practical system that the modulator has a redundancy of modulation pulse-width, which leaves a loophole for the eavesdropper inserting a Trojan-horse pulse. Utilizing the unique characteristics of two-way continuous-variable quantum key distribution that Alice only takes modulation operation on the received mode without any measurement, this attack allows the eavesdropper to render all of the final keys shared between the legitimate parties insecure without being detected. After analyzing the feasibility of the attack, the corresponding countermeasures are put forward. (paper)

The effect of the depth and groundwater on the formation of sinkholes or ground subsidence associated with abandoned room and pillar lignite mines under static and dynamic conditions

Directory of Open Access Journals (Sweden)

Ö. Aydan

2015-11-01

Full Text Available It is well known that some sinkholes or subsidence take place from time to time in the areas where abandoned room and pillar type mines exist. The author has been involved with the stability of abandoned mines beneath urbanized residential areas in Tokai region and there is a great concern about the stability of these abandoned mines during large earthquakes as well as in the long term. The 2003 Miyagi Hokubu and 2011 Great East Japan earthquakes caused great damage to abandoned mines and resulted in many collapses. The author presents the effect of the depth and groundwater on the formation of sinkholes or ground subsidence associated with abandoned room and pillar lignite mines under static and dynamic conditions and discusses the implications on the areas above abandoned lignite mines in this paper.

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

OpenAIRE

Han, Biao; Yang, Xiangrui; Sun, Zhigang; Huang, Jinfeng; Su, Jinshu

2018-01-01

Distributed Denial of Service (DDoS) attacks are one of the biggest concerns for security professionals. Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility. With the development of software-defined networking (SDN), it becomes prevalent to exploit centralized controllers to defend against DDoS attacks. However, current solutions suffer with serious southbound communication overhead and detection delay. In this paper, we propose a cross-plane DDoS a...