WorldWideScience

Sample records for sinkhole attack detection

  1. Intrusion Detection Algorithm for Mitigating Sinkhole Attack on LEACH Protocol in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Ranjeeth Kumar Sundararajan

    2015-01-01

    Full Text Available In wireless sensor network (WSN, the sensors are deployed and placed uniformly to transmit the sensed data to a centralized station periodically. So, the major threat of the WSN network layer is sinkhole attack and it is still being a challenging issue on the sensor networks, where the malicious node attracts the packets from the other normal sensor nodes and drops the packets. Thus, this paper proposes an Intrusion Detection System (IDS mechanism to detect the intruder in the network which uses Low Energy Adaptive Clustering Hierarchy (LEACH protocol for its routing operation. In the proposed algorithm, the detection metrics, such as number of packets transmitted and received, are used to compute the intrusion ratio (IR by the IDS agent. The computed numeric or nonnumeric value represents the normal or malicious activity. As and when the sinkhole attack is captured, the IDS agent alerts the network to stop the data transmission. Thus, it can be a resilient to the vulnerable attack of sinkhole. Above all, the simulation result is shown for the proposed algorithm which is proven to be efficient compared with the existing work, namely, MS-LEACH, in terms of minimum computational complexity and low energy consumption. Moreover, the algorithm was numerically analyzed using TETCOS NETSIM.

  2. A Centralized Detection of Sinkhole Attacks Based on Energy Level of the Nodes on Cluster-Based Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Merve Nilay Aydın

    2017-10-01

    Full Text Available Wireless Sensor Networks is consist of thousands of small and low-cost devices, which communicate over wireless medium. Due to locating in harsh environment and having limited resources, WSN is prone to various attacks. One of the most dangerous attacks threatening WSN is the sinkhole attack. In this paper, sinkhole attack is modelled on a cluster-based WSN, and a centralized detection algorithm based on the remaining energies of the nodes is proposed. The simulations were run for different values of energy thresholds and various numbers of nodes. The performance of the system was investigated over total energy consumption in the system, the number of packets arrived at base station and true detection rate of the sinkhole node(s. The results showed that the proposed method is energy-efficient and detects the malicious nodes with a 100% accuracy for all number of nodes.

  3. Sinkholes

    Science.gov (United States)

    Kaufmann, James E.

    2007-01-01

    Sinkholes are a common feature in Missouri where limestone and dolomite outcrop. Though often considered a benign nuisance, sudden, catastrophic collapses can destroy property, delay construction projects, and contaminate ground water resources.

  4. Detection of sinkholes or anomalies using full seismic wave fields.

    Science.gov (United States)

    2013-04-01

    This research presents an application of two-dimensional (2-D) time-domain waveform tomography for detection of embedded sinkholes and anomalies. The measured seismic surface wave fields were inverted using a full waveform inversion (FWI) technique, ...

  5. Sinkhole detection using electrical resistivity tomography in Saudi Arabia

    International Nuclear Information System (INIS)

    Youssef, Ahmed M; Zabramawi, Yasser A; El-Kaliouby, Hesham

    2012-01-01

    Karst phenomena exist in different areas in the Kingdom of Saudi Arabia, causing serious environmental problems that affect urban development and infrastructure (buildings, roads and highways). One of the most important problems are sinkholes, which most of the time consist of unfilled voids. These sinkholes are formed as a result of the chemical leaching of carbonate and evaporite formations by percolating water. Field investigations show that there are many surface expressions of sinkholes in the area; some appear on the ground surface and others are hidden in the subsurface. Geophysical data were collected at the study area using two-dimensional electrical resistivity tomography (ERT) with different electrode spacings to delineate buried sinkholes and associated subsurface cavities. Our findings indicated that the dipole–dipole method using an electrode spacing of 1 m was successful in detecting a known subsurface sinkhole. According to the ERT method the detected sinkhole depth ranges from 2 to 4 m, its height ranges from 2 to 4 m, and its width ranges from 5 to 7 m. Field observation has verified the geophysical data, especially along the profile A-A. Finally, closely spaced ERT profiles were successful in determining the three-dimensional volume of the subsurface sinkhole. (paper)

  6. Detection of sinkholes using 2D electrical resistivity imaging

    CSIR Research Space (South Africa)

    Van Schoor, Abraham M

    2002-07-01

    Full Text Available Sinkholes in dolomitic areas are notoriously difficult geophysical targets, and selecting an appropriate geophysical solution is not straightforward. Electrical resistivity imaging or tomography (RESTOM) is well suited to mapping sinkholes because...

  7. Potential of sinkhole precursor detection through interferometric SAR

    CSIR Research Space (South Africa)

    Theron, Andre

    2016-08-01

    Full Text Available Sinkholes are an unpredictable geohazard that endangers life and structures in susceptible areas globally. Subsidence sinkholes occur above cavernous bedrock comprised of highly soluble evaporates or calcium carbonates such as dolomite or limestone...

  8. Detection of sinkhole precursors along the Dead Sea, Israel by SAR interferometry

    Science.gov (United States)

    Nof, Ran; Baer, Gidon; Ziv, Alon; Eyal, Yehuda; Raz, Eli; Atzori, Simone; Salvi, Stefano

    2013-04-01

    The water level of the Dead Sea (Israel and Jordan) has been dropping at an increasing rate since the 1960s, exceeding a meter per year during the last decade. This water-level drop has triggered the formation of sinkholes and widespread land subsidence along the Dead Sea shorelines, resulting in severe economic loss and infrastructural damage. In this study, sinkhole-related precursory subsidence and the effects of human activities on sinkhole development are examined through Interferometric Synthetic Aperture Radar (InSAR) measurements and field surveys conducted in Israel during the year 2012. Interferograms were generated using the COSMO-SkyMed satellite images and a high-resolution (0.5 m/pixel) elevation model that was obtained from airborne Light Detection and Ranging (LiDAR). Thanks to this unique integration of high-resolution datasets, mm-scale subsidence may be resolved in both undisturbed and human-disturbed environments. A few months long precursory subsidence occurred in all three sinkhole sites reported in this study. The centers of the subsiding areas and successive sinkholes in a specific site show lateral migration, possibly due to progressive dissolution and widening of the underlying cavities. Certain human activities, such as filling of newly formed sinkholes by gravel, or mud injections into nearby drill holes, seem to enhance land subsidence, widen existing sinkholes or even generate new sinkholes.

  9. Temporal Cyber Attack Detection.

    Energy Technology Data Exchange (ETDEWEB)

    Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-11-01

    Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

  10. Automatic detection of karstic sinkholes in seismic 3D images using circular Hough transform

    International Nuclear Information System (INIS)

    Parchkoohi, Mostafa Heydari; Farajkhah, Nasser Keshavarz; Delshad, Meysam Salimi

    2015-01-01

    More than 30% of hydrocarbon reservoirs are reported in carbonates that mostly include evidence of fractures and karstification. Generally, the detection of karstic sinkholes prognosticate good quality hydrocarbon reservoirs where looser sediments fill the holes penetrating hard limestone and the overburden pressure on infill sediments is mostly tolerated by their sturdier surrounding structure. They are also useful for the detection of erosional surfaces in seismic stratigraphic studies and imply possible relative sea level fall at the time of establishment. Karstic sinkholes are identified straightforwardly by using seismic geometric attributes (e.g. coherency, curvature) in which lateral variations are much more emphasized with respect to the original 3D seismic image. Then, seismic interpreters rely on their visual skills and experience in detecting roughly round objects in seismic attribute maps. In this paper, we introduce an image processing workflow to enhance selective edges in seismic attribute volumes stemming from karstic sinkholes and finally locate them in a high quality 3D seismic image by using circular Hough transform. Afterwards, we present a case study from an on-shore oilfield in southwest Iran, in which the proposed algorithm is applied and karstic sinkholes are traced. (paper)

  11. Study of DSR and AODV under Sinkhole Attack and Its Proposed Prevention Technique

    OpenAIRE

    Winnie Main; Narendra M. Shekokar

    2014-01-01

    Mobile Ad-hoc Networks (MANET) are wireless mobile nodes that communicate without any predefined infrastructure. This allows MANETs to be easily setup in geographical and terrestrial constraints. To achieve this kind of communication MANET routing protocols play an important role. Two routing protocols, DSR and AODV are studied in detail. This basic trait of a MANET makes its routing protocols very vulnerable to security attacks. One such attack is the ‘Sinkhole’ attack which ...

  12. Spear Phishing Attack Detection

    Science.gov (United States)

    2011-03-24

    be sufficiently evaded by encrypting the malware. A similar approach is used by Kolter et al. in [KoM04] and later in [KoM06], where they used data...MeM11] [Mes08] [MKK07] [Off10] [RaS02] [Rep09] J. Z. Kolter and M. A. Maloof. ―Learning to detect...York: ACM, 2004. J. Z. Kolter and M. A. Maloof. ―Learning to detect and classify malicious executables in the Wild,‖ The Journal of Machine Learning

  13. Detection of complex cyber attacks

    Science.gov (United States)

    Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

    2006-05-01

    One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

  14. Robust Detection of Stepping-Stone Attacks

    National Research Council Canada - National Science Library

    He, Ting; Tong, Lang

    2006-01-01

    The detection of encrypted stepping-stone attack is considered. Besides encryption and padding, the attacker is capable of inserting chaff packets and perturbing packet timing and transmission order...

  15. Multi-Layer Approach for the Detection of Selective Forwarding Attacks.

    Science.gov (United States)

    Alajmi, Naser; Elleithy, Khaled

    2015-11-19

    Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

  16. Multi-Layer Approach for the Detection of Selective Forwarding Attacks

    Directory of Open Access Journals (Sweden)

    Naser Alajmi

    2015-11-01

    Full Text Available Security breaches are a major threat in wireless sensor networks (WSNs. WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD. The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

  17. Detection and localization capability of an urban seismic sinkhole monitoring network

    Science.gov (United States)

    Becker, Dirk; Dahm, Torsten; Schneider, Fabian

    2017-04-01

    Microseismic events linked to underground processes in sinkhole areas might serve as precursors to larger mass dislocation or rupture events which can cause felt ground shaking or even structural damage. To identify these weak and shallow events, a sensitive local seismic monitoring network is needed. In case of an urban environment the performance of local monitoring networks is severely compromised by the high anthropogenic noise level. We study the detection and localization capability of such a network, which is already partly installed in the urban area of the city of Hamburg, Germany, within the joint project SIMULTAN (http://www.gfz-potsdam.de/en/section/near-surface-geophysics/projects/simultan/). SIMULTAN aims to monitor a known sinkhole structure and gain a better understanding of the underlying processes. The current network consists of six surface stations installed in the basement of private houses and underground structures of a research facility (DESY - Deutsches Elektronen Synchrotron). During the started monitoring campaign since 2015, no microseismic events could be unambiguously attributed to the sinkholes. To estimate the detection and location capability of the network, we calculate synthetic waveforms based on the location and mechanism of former events in the area. These waveforms are combined with the recorded urban seismic noise at the station sites. As detection algorithms a simple STA/LTA trigger and a more sophisticated phase detector are used. While the STA/LTA detector delivers stable results and is able to detect events with a moment magnitude as low as 0.35 at a distance of 1.3km from the source even under the present high noise conditions the phase detector is more sensitive but also less stable. It should be stressed that due to the local near surface conditions of the wave propagation the detections are generally performed on S- or surface waves and not on P-waves, which have a significantly lower amplitude. Due to the often

  18. DDOS ATTACK DETECTION SIMULATION AND HANDLING MECHANISM

    Directory of Open Access Journals (Sweden)

    Ahmad Sanmorino

    2013-11-01

    Full Text Available In this study we discuss how to handle DDoS attack that coming from the attacker by using detection method and handling mechanism. Detection perform by comparing number of packets and number of flow. Whereas handling mechanism perform by limiting or drop the packets that detected as a DDoS attack. The study begins with simulation on real network, which aims to get the real traffic data. Then, dump traffic data obtained from the simulation used for detection method on our prototype system called DASHM (DDoS Attack Simulation and Handling Mechanism. From the result of experiment that has been conducted, the proposed method successfully detect DDoS attack and handle the incoming packet sent by attacker.

  19. Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method.

    Science.gov (United States)

    Dhamodharan, Udaya Suriya Raj Kumar; Vayanaperumal, Rajamani

    2015-01-01

    Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

  20. Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method

    Directory of Open Access Journals (Sweden)

    Udaya Suriya Raj Kumar Dhamodharan

    2015-01-01

    Full Text Available Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method with MAP (message authentication and passing for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

  1. Sinkhole Avoidance Routing in Wireless Sensor Networks

    Science.gov (United States)

    2011-05-09

    COVERED (From- To) 09-05-2011 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER Sinkhole Avoidance Routing in Wireless Sensor Networks 5b . GRANT NUMBER . 5c...reliability of wireless sensor networks. 15. SUBJECT TERMS wireless sensor networks, sinkhole attack, routing protocol 16. SECURITY CLASSIFICATION...Include area code) Standard Form 298 (Rev. 8/98) Prescribed by ANSI Std . Z39.18 1 Sinkhole Avoidance Routing in Wireless Sensor Networks MIDN 1/C

  2. Cyber Security Audit and Attack Detection Toolkit

    Energy Technology Data Exchange (ETDEWEB)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  3. Detection of sinkholes or anomalies using full seismic wave fields : [research summary].

    Science.gov (United States)

    2013-04-01

    Sinkholes are a common feature of Floridas geology. The limestone that runs throughout the state is acted upon by the constant flow of water, both above and below ground, that changes with wet and dry seasons. Subsurface voids can form, causing ov...

  4. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

    Directory of Open Access Journals (Sweden)

    Jayakumar Kaliappan

    2015-01-01

    Full Text Available An intrusion detection system (IDS helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU, there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

  5. LAN attack detection using Discrete Event Systems.

    Science.gov (United States)

    Hubballi, Neminath; Biswas, Santosh; Roopa, S; Ratti, Ritesh; Nandi, Sukumar

    2011-01-01

    Address Resolution Protocol (ARP) is used for determining the link layer or Medium Access Control (MAC) address of a network host, given its Internet Layer (IP) or Network Layer address. ARP is a stateless protocol and any IP-MAC pairing sent by a host is accepted without verification. This weakness in the ARP may be exploited by malicious hosts in a Local Area Network (LAN) by spoofing IP-MAC pairs. Several schemes have been proposed in the literature to circumvent these attacks; however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose a Discrete Event System (DES) approach for Intrusion Detection System (IDS) for LAN specific attacks which do not require any extra constraint like static IP-MAC, changing the ARP etc. A DES model is built for the LAN under both a normal and compromised (i.e., spoofed request/response) situation based on the sequences of ARP related packets. Sequences of ARP events in normal and spoofed scenarios are similar thereby rendering the same DES models for both the cases. To create different ARP events under normal and spoofed conditions the proposed technique uses active ARP probing. However, this probing adds extra ARP traffic in the LAN. Following that a DES detector is built to determine from observed ARP related events, whether the LAN is operating under a normal or compromised situation. The scheme also minimizes extra ARP traffic by probing the source IP-MAC pair of only those ARP packets which are yet to be determined as genuine/spoofed by the detector. Also, spoofed IP-MAC pairs determined by the detector are stored in tables to detect other LAN attacks triggered by spoofing namely, man-in-the-middle (MiTM), denial of service etc. The scheme is successfully validated in a test bed. Copyright © 2010 ISA. Published by Elsevier Ltd. All rights reserved.

  6. Machine Learning Methods for Attack Detection in the Smart Grid.

    Science.gov (United States)

    Ozay, Mete; Esnaola, Inaki; Yarman Vural, Fatos Tunay; Kulkarni, Sanjeev R; Poor, H Vincent

    2016-08-01

    Attack detection problems in the smart grid are posed as statistical learning problems for different attack scenarios in which the measurements are observed in batch or online settings. In this approach, machine learning algorithms are used to classify measurements as being either secure or attacked. An attack detection framework is provided to exploit any available prior knowledge about the system and surmount constraints arising from the sparse structure of the problem in the proposed approach. Well-known batch and online learning algorithms (supervised and semisupervised) are employed with decision- and feature-level fusion to model the attack detection problem. The relationships between statistical and geometric properties of attack vectors employed in the attack scenarios and learning algorithms are analyzed to detect unobservable attacks using statistical learning methods. The proposed algorithms are examined on various IEEE test systems. Experimental analyses show that machine learning algorithms can detect attacks with performances higher than attack detection algorithms that employ state vector estimation methods in the proposed attack detection framework.

  7. Detecting Cyber Attacks On Nuclear Power Plants

    Science.gov (United States)

    Rrushi, Julian; Campbell, Roy

    This paper proposes an unconventional anomaly detection approach that provides digital instrumentation and control (I&C) systems in a nuclear power plant (NPP) with the capability to probabilistically discern between legitimate protocol frames and attack frames. The stochastic activity network (SAN) formalism is used to model the fusion of protocol activity in each digital I&C system and the operation of physical components of an NPP. SAN models are employed to analyze links between protocol frames as streams of bytes, their semantics in terms of NPP operations, control data as stored in the memory of I&C systems, the operations of I&C systems on NPP components, and NPP processes. Reward rates and impulse rewards are defined in the SAN models based on the activity-marking reward structure to estimate NPP operation profiles. These profiles are then used to probabilistically estimate the legitimacy of the semantics and payloads of protocol frames received by I&C systems.

  8. Attack Pattern Analysis Framework for a Multiagent Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Krzysztof Juszczyszyn

    2008-08-01

    Full Text Available The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multi-agent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading. Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.

  9. Patrol Detection for Replica Attacks on Wireless Sensor Networks

    OpenAIRE

    Wang, Liang-Min; Shi, Yang

    2011-01-01

    Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by d...

  10. Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions

    NARCIS (Netherlands)

    M.M.J. Stevens (Marc); D. Shumow

    2017-01-01

    textabstractCounter-cryptanalysis, the concept of using cryptanalytic techniques to detect cryptanalytic attacks, was introduced by Stevens at CRYPTO 2013 [22] with a hash collision detection algorithm. That is, an algorithm that detects whether a given single message is part of a colliding message

  11. Advances in detecting localized road damage due to sinkholes induced by engineering works using high resolution RASARSAT-2 data

    Science.gov (United States)

    Chen, J.; Zebker, H. A.; Lakshmi, V.

    2016-12-01

    Sinkholes often occur in karst terrains such as found in central and eastern Pennsylvania. Voids produced by dissolution of carbonate rocks can result in soil transport leading to localized, gradual or rapid, sinking of the land surface. A cluster of sinkholes developed in 2000 around a small rural community beside Bushkill creek near a limestone quarry, and severely destroyed road bridges and railway tracks. At a cost of $6 million, the Pennsylvania DoT replaced the bridge, which was damaged again in 2004 by newly developed sinkholes likely associated with quarry's pumping activity. Here we present high-resolution spaceborne interferometric radar images of sinkhole development on this community. We show that this technique may be used to monitor regions with high sinkhole damage risk and assist future infrastructure route planning, especially in rural areas where hydrogeologic information is limited. Specifically, we processed 66 RADARSAT-2 interferograms to extract deformation occurred over Bushkill creek between Jun. 2015 and Mar. 2016 with a temporal resolution of 24 days. We advanced recent persistent scatterer techniques to preserve meter-level spatial resolution in the interferograms while minimizing temporal decorrelation and phase unwrapping error. We observe periodic deformation due to pumping activity at the quarry and localized subsidence along Bushkill creek that is co-located with recent reported sinkholes. We plan to use the automatic processing techniques developed for this study to study road damage in another region in Pennsylvania, along Lewiston Narrows, and also to monitor urban infrastructure improvements in Seattle, both again with RASARSAT-2 data. Our results demonstrate that recent advances in satellite geodesy can be transferred to benefit society beyond the science community.

  12. Novel Method For Low-Rate Ddos Attack Detection

    Science.gov (United States)

    Chistokhodova, A. A.; Sidorov, I. D.

    2018-05-01

    The relevance of the work is associated with an increasing number of advanced types of DDoS attacks, in particular, low-rate HTTP-flood. Last year, the power and complexity of such attacks increased significantly. The article is devoted to the analysis of DDoS attacks detecting methods and their modifications with the purpose of increasing the accuracy of DDoS attack detection. The article details low-rate attacks features in comparison with conventional DDoS attacks. During the analysis, significant shortcomings of the available method for detecting low-rate DDoS attacks were found. Thus, the result of the study is an informal description of a new method for detecting low-rate denial-of-service attacks. The architecture of the stand for approbation of the method is developed. At the current stage of the study, it is possible to improve the efficiency of an already existing method by using a classifier with memory, as well as additional information.

  13. Social Engineering Attack Detection Model: SEADMv2

    CSIR Research Space (South Africa)

    Mouton, F

    2015-10-01

    Full Text Available link in the security chain. A social engineering attack targets this weakness by using various manipulation techniques to elicit individuals to perform sensitive requests. The field of social engineering is still in its infancy as far as formal...

  14. Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

    Science.gov (United States)

    Kebert, Alan; Barnejee, Bikramjit; Solano, Juan; Solano, Wanda

    2013-01-01

    The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

  15. Detecting peripheral-based attacks on the host memory

    CERN Document Server

    Stewin, Patrick

    2015-01-01

    This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the host’s main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process – an aspect attackers are quick to exploit.  Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the host’s main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only me...

  16. TAWS: TABLE ASSISTED WALK STRATEGY IN CLONE ATTACK DETECTION

    Directory of Open Access Journals (Sweden)

    J Sybi Cynthia

    2016-12-01

    Full Text Available Wireless Sensor Networks (WSNs deployed in the destructive atmosphere are susceptible to clone attacks. Clone attack in wireless sensor network is a complicated problem because it deployed in hostile environments, and also the nodes could be physically compromised by an adversary. For valuable clone attack detection, the selection criteria play an important role in the proposed work. In this paper, it has been classified the existing detection schemes regarding device type, detection methodologies, deployment strategies and detection ranges and far explore various proposals in deployment based selection criteria category. And also this paper provides a review of detection methodology based on various clone attack detection techniques. It is also widely agreed that clones should be detected quickly as possible with the best optional. Our work is exploratory in that the proposed algorithm concern with table assisted random walk with horizontal and vertical line, frequent level key change and revokes the duplicate node. Our simulation results show that it is more efficient than the detection criteria in terms of security feature, and in detection rate with high resiliency. Specifically, it concentrates on deployment strategy which includes grid based deployment technique. These all come under the selection criteria for better security performance. Our protocol analytically provides effective and clone attack detection capability of robustness.

  17. A Cyber-Attack Detection Model Based on Multivariate Analyses

    Science.gov (United States)

    Sakai, Yuto; Rinsaka, Koichiro; Dohi, Tadashi

    In the present paper, we propose a novel cyber-attack detection model based on two multivariate-analysis methods to the audit data observed on a host machine. The statistical techniques used here are the well-known Hayashi's quantification method IV and cluster analysis method. We quantify the observed qualitative audit event sequence via the quantification method IV, and collect similar audit event sequence in the same groups based on the cluster analysis. It is shown in simulation experiments that our model can improve the cyber-attack detection accuracy in some realistic cases where both normal and attack activities are intermingled.

  18. Patrol Detection for Replica Attacks on Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Yang Shi

    2011-02-01

    Full Text Available Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by discussing and comparing the communication cost and detection probability with some existing methods.

  19. Thwarting Nonintrusive Occupancy Detection Attacks from Smart Meters

    Directory of Open Access Journals (Sweden)

    Dapeng Man

    2017-01-01

    Full Text Available Occupancy information is one of the most important privacy issues of a home. Unfortunately, an attacker is able to detect occupancy from smart meter data. The current battery-based load hiding (BLH methods cannot solve this problem. To thwart occupancy detection attacks, we propose a framework of battery-based schemes to prevent occupancy detection (BPOD. BPOD monitors the power consumption of a home and detects the occupancy in real time. According to the detection result, BPOD modifies those statistical metrics of power consumption, which highly correlate with the occupancy by charging or discharging a battery, creating a delusion that the home is always occupied. We evaluate BPOD in a simulation using several real-world smart meter datasets. Our experiment results show that BPOD effectively prevents the threshold-based and classifier-based occupancy detection attacks. Furthermore, BPOD is also able to prevent nonintrusive appliance load monitoring attacks (NILM as a side-effect of thwarting detection attacks.

  20. Detection of network attacks based on adaptive resonance theory

    Science.gov (United States)

    Bukhanov, D. G.; Polyakov, V. M.

    2018-05-01

    The paper considers an approach to intrusion detection systems using a neural network of adaptive resonant theory. It suggests the structure of an intrusion detection system consisting of two types of program modules. The first module manages connections of user applications by preventing the undesirable ones. The second analyzes the incoming network traffic parameters to check potential network attacks. After attack detection, it notifies the required stations using a secure transmission channel. The paper describes the experiment on the detection and recognition of network attacks using the test selection. It also compares the obtained results with similar experiments carried out by other authors. It gives findings and conclusions on the sufficiency of the proposed approach. The obtained information confirms the sufficiency of applying the neural networks of adaptive resonant theory to analyze network traffic within the intrusion detection system.

  1. Efficient Network Monitoring for Attack Detection

    OpenAIRE

    Limmer, Tobias

    2011-01-01

    Techniques for network-based intrusion detection have been evolving for years, and the focus of most research is on detection algorithms, although networks are distributed and dynamically managed nowadays. A data processing framework is required that allows to embed multiple detection techniques and to provide data with the needed aggregation levels. Within that framework, this work concentrates on methods that improve the interoperability of intrusion detection techniques and focuses on data...

  2. Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems

    Directory of Open Access Journals (Sweden)

    Omar Achbarou

    2017-03-01

    Full Text Available Cloud computing is a new way of integrating a set of old technologies to implement a new paradigm that creates an avenue for users to have access to shared and configurable resources through internet on-demand. This system has many common characteristics with distributed systems, hence, the cloud computing also uses the features of networking. Thus the security is the biggest issue of this system, because the services of cloud computing is based on the sharing. Thus, a cloud computing environment requires some intrusion detection systems (IDSs for protecting each machine against attacks. The aim of this work is to present a classification of attacks threatening the availability, confidentiality and integrity of cloud resources and services. Furthermore, we provide literature review of attacks related to the identified categories. Additionally, this paper also introduces related intrusion detection models to identify and prevent these types of attacks.

  3. Messaging Attacks on Android: Vulnerabilities and Intrusion Detection

    Directory of Open Access Journals (Sweden)

    Khodor Hamandi

    2015-01-01

    Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.

  4. VoIP attacks detection engine based on neural network

    Science.gov (United States)

    Safarik, Jakub; Slachta, Jiri

    2015-05-01

    The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

  5. AMC Model for Denial of Sleep Attack Detection

    OpenAIRE

    Bhattasali, Tapalina; Chaki, Rituparna

    2012-01-01

    Due to deployment in hostile environment, wireless sensor network is vulnerable to various attacks. Exhausted sensor nodes in sensor network become a challenging issue because it disrupts the normal connectivity of the network. Affected nodes give rise to denial of service that resists to get the objective of sensor network in real life. A mathematical model based on Absorbing Markov Chain (AMC)is proposed for Denial of Sleep attack detection in sensor network. In this mechanism, whether sens...

  6. Hybrid Intrusion Detection System for DDoS Attacks

    Directory of Open Access Journals (Sweden)

    Özge Cepheli

    2016-01-01

    Full Text Available Distributed denial-of-service (DDoS attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS, for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

  7. Florida sinkhole index

    OpenAIRE

    Spencer, Steven; Lane, Ed.

    1995-01-01

    The following data were compiled from the Florida Sinkhole Research Institute data base. That database, which contains approximately 1900 sinkholes, is available from the Florida Geological Survey upon request. The data are arranged alphabetically by county. The first two digits of the identification number represents the county. These numbers correspond to the Florida Department of Transportation county numbering system. Following the county number are three numbers which represe...

  8. Detecting Attacks in CyberManufacturing Systems: Additive Manufacturing Example

    Directory of Open Access Journals (Sweden)

    Wu Mingtao

    2017-01-01

    Full Text Available CyberManufacturing System is a vision for future manufacturing where physical components are fully integrated with computational processes in a connected environment. However, realizing the vision requires that its security be adequately ensured. This paper presents a vision-based system to detect intentional attacks on additive manufacturing processes, utilizing machine learning techniques. Particularly, additive manufacturing systems have unique vulnerabilities to malicious attacks, which can result in defective infills but without affecting the exterior. In order to detect such infill defects, the research uses simulated 3D printing process images as well as actual 3D printing process images to compare accuracies of machine learning algorithms in classifying, clustering and detecting anomalies on different types of infills. Three algorithms - (i random forest, (ii k nearest neighbor, and (iii anomaly detection - have been adopted in the research and shown to be effective in detecting such defects.

  9. Active Detection for Exposing Intelligent Attacks in Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Weerakkody, Sean [Carnegie Mellon Univ., Pittsburgh, PA (United States); Ozel, Omur [Carnegie Mellon Univ., Pittsburgh, PA (United States); Griffioen, Paul [Carnegie Mellon Univ., Pittsburgh, PA (United States); Sinopoli, Bruno [Carnegie Mellon Univ., Pittsburgh, PA (United States)

    2017-07-01

    In this paper, we consider approaches for detecting integrity attacks carried out by intelligent and resourceful adversaries in control systems. Passive detection techniques are often incorporated to identify malicious behavior. Here, the defender utilizes finely-tuned algorithms to process information and make a binary decision, whether the system is healthy or under attack. We demonstrate that passive detection can be ineffective against adversaries with model knowledge and access to a set of input/output channels. We then propose active detection as a tool to detect attacks. In active detection, the defender leverages degrees of freedom he has in the system to detect the adversary. Specifically, the defender will introduce a physical secret kept hidden from the adversary, which can be utilized to authenticate the dynamics. In this regard, we carefully review two approaches for active detection: physical watermarking at the control input, and a moving target approach for generating system dynamics. We examine practical considerations for implementing these technologies and discuss future research directions.

  10. Detection and isolation of routing attacks through sensor watermarking

    NARCIS (Netherlands)

    Ferrari, R.; Herdeiro Teixeira, A.M.; Sun, J; Jiang, Z-P

    2017-01-01

    In networked control systems, leveraging the peculiarities of the cyber-physical domains and their interactions may lead to novel detection and defense mechanisms against malicious cyber-attacks. In this paper, we propose a multiplicative sensor watermarking scheme, where each sensor's output is

  11. Sleep Deprivation Attack Detection in Wireless Sensor Network

    Science.gov (United States)

    Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

    2012-02-01

    Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maximize the power consumption of sensor nodes, so that their lifetime is minimized. Most of the existing works on sleep deprivation attack detection involve a lot of overhead, leading to poor throughput. The need of the day is to design a model for detecting intrusions accurately in an energy efficient manner. This paper proposes a hierarchical framework based on distributed collaborative mechanism for detecting sleep deprivation torture in wireless sensor network efficiently. Proposed model uses anomaly detection technique in two steps to reduce the probability of false intrusion.

  12. Implementation of anomaly detection algorithms for detecting transmission control protocol synchronized flooding attacks

    CSIR Research Space (South Africa)

    Mkuzangwe, NNP

    2015-08-01

    Full Text Available This work implements two anomaly detection algorithms for detecting Transmission Control Protocol Synchronized (TCP SYN) flooding attack. The two algorithms are an adaptive threshold algorithm and a cumulative sum (CUSUM) based algorithm...

  13. Technique of experimental evaluation of cloud environment attacks detection accuracy

    Directory of Open Access Journals (Sweden)

    Sergey A. Klimachev

    2018-05-01

    Full Text Available The article is devoted to research of efficiency evaluation of IDS used for dynamic and complex organizational and technical structure computing platform guard. The components of the platform have a set of heterogeneous parameters. Analysis of existing IDS evaluation technique revealed shortcomings in justification of quantitative metrics that describe the efficiency and reliability IDS resolving. This makes if difficult to prove IDS evaluation technique. The purpose of the study is to increase IDS evaluation objectivity. To achive the purpose it is necessary to develop the correct technique, tools, experimental stand. The article proposes the results of development and approbation of the technique of IDS efficiency evaluation and software for it. The technique is based on defining of optimal set of attack detection accuracy scores. The technique and the software allow solving problems of comparative analysis of IDS that have similar functionality. As a result of the research, a number of task have been solved, including the selection of universal quantitative metrics for attack detection accuracy evaluation, the defining of summarised attack detection accuracy evaluation metric based on defining of pareto-optimal set of scores that ensure the confidentiality, integrity and accessibility of cloud environment information and information resources,  the development of a functional model,  a functional scheme and a software for cloud environment IDS research.

  14. Detection and Modeling of Cyber Attacks with Petri Nets

    Directory of Open Access Journals (Sweden)

    Bartosz Jasiul

    2014-12-01

    Full Text Available The aim of this article is to present an approach to develop and verify a method of formal modeling of cyber threats directed at computer systems. Moreover, the goal is to prove that the method enables one to create models resembling the behavior of malware that support the detection process of selected cyber attacks and facilitate the application of countermeasures. The most common cyber threats targeting end users and terminals are caused by malicious software, called malware. The malware detection process can be performed either by matching their digital signatures or analyzing their behavioral models. As the obfuscation techniques make the malware almost undetectable, the classic signature-based anti-virus tools must be supported with behavioral analysis. The proposed approach to modeling of malware behavior is based on colored Petri nets. This article is addressed to cyber defense researchers, security architects and developers solving up-to-date problems regarding the detection and prevention of advanced persistent threats.

  15. Detecting SYN flood attacks via statistical monitoring charts: A comparative study

    KAUST Repository

    Bouyeddou, Benamar; Harrou, Fouzi; Sun, Ying; Kadri, Benamar

    2017-01-01

    Accurate detection of cyber-attacks plays a central role in safeguarding computer networks and information systems. This paper addresses the problem of detecting SYN flood attacks, which are the most popular Denial of Service (DoS) attacks. Here, we

  16. Integrated situational awareness for cyber attack detection, analysis, and mitigation

    Science.gov (United States)

    Cheng, Yi; Sagduyu, Yalin; Deng, Julia; Li, Jason; Liu, Peng

    2012-06-01

    Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.

  17. Using InSAR to Observe Sinkhole Activity in Central Florida

    Science.gov (United States)

    Oliver-Cabrera, T.; Wdowinski, S.; Kruse, S.; Kiflu, H. G.

    2017-12-01

    Sinkhole collapse in Florida is a major geologic hazard, threatening human life and causing substantial damage to property. Detecting sinkhole deformation before a collapse is an important but difficult task; most techniques used to monitor sinkholes are spatially constrained to relatively small areas (tens to hundred meters). To overcome this limitation, we use Interferometric Synthetic Aperture Radar (InSAR), which is a very useful technique for detecting localized deformation while covering vast areas. InSAR results show localized deformation at several houses and commercial buildings in different locations along the study sites. We use a subsurface imaging technique, ground penetrating radar, to verify sinkhole existence beneath the observed deforming areas.

  18. Applying a weighted random forests method to extract karst sinkholes from LiDAR data

    Science.gov (United States)

    Zhu, Junfeng; Pierskalla, William P.

    2016-02-01

    Detailed mapping of sinkholes provides critical information for mitigating sinkhole hazards and understanding groundwater and surface water interactions in karst terrains. LiDAR (Light Detection and Ranging) measures the earth's surface in high-resolution and high-density and has shown great potentials to drastically improve locating and delineating sinkholes. However, processing LiDAR data to extract sinkholes requires separating sinkholes from other depressions, which can be laborious because of the sheer number of the depressions commonly generated from LiDAR data. In this study, we applied the random forests, a machine learning method, to automatically separate sinkholes from other depressions in a karst region in central Kentucky. The sinkhole-extraction random forest was grown on a training dataset built from an area where LiDAR-derived depressions were manually classified through a visual inspection and field verification process. Based on the geometry of depressions, as well as natural and human factors related to sinkholes, 11 parameters were selected as predictive variables to form the dataset. Because the training dataset was imbalanced with the majority of depressions being non-sinkholes, a weighted random forests method was used to improve the accuracy of predicting sinkholes. The weighted random forest achieved an average accuracy of 89.95% for the training dataset, demonstrating that the random forest can be an effective sinkhole classifier. Testing of the random forest in another area, however, resulted in moderate success with an average accuracy rate of 73.96%. This study suggests that an automatic sinkhole extraction procedure like the random forest classifier can significantly reduce time and labor costs and makes its more tractable to map sinkholes using LiDAR data for large areas. However, the random forests method cannot totally replace manual procedures, such as visual inspection and field verification.

  19. On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Wei Gao

    2014-03-01

    Full Text Available Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks.  Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services.  This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

  20. Detecting SYN flood attacks via statistical monitoring charts: A comparative study

    KAUST Repository

    Bouyeddou, Benamar

    2017-12-14

    Accurate detection of cyber-attacks plays a central role in safeguarding computer networks and information systems. This paper addresses the problem of detecting SYN flood attacks, which are the most popular Denial of Service (DoS) attacks. Here, we compare the detection capacity of three commonly monitoring charts namely, a Shewhart chart, a Cumulative Sum (CUSUM) control chart and exponentially weighted moving average (EWMA) chart, in detecting SYN flood attacks. The comparison study is conducted using the publicly available benchmark datasets: the 1999 DARPA Intrusion Detection Evaluation Datasets.

  1. A Framework for Attack-Resilient Industrial Control Systems : Attack Detection and Controller Reconfiguration

    OpenAIRE

    Paridari, Kaveh; O'Mahony, Niamh; Mady, Alie El-Din; Chabukswar, Rohan; Boubekeur, Menouer; Sandberg, Henrik

    2017-01-01

    Most existing industrial control systems (ICSs), such as building energy management systems (EMSs), were installed when potential security threats were only physical. With advances in connectivity, ICSs are now, typically, connected to communications networks and, as a result, can be accessed remotely. This extends the attack surface to include the potential for sophisticated cyber attacks, which can adversely impact ICS operation, resulting in service interruption, equipment damage, safety c...

  2. Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis.

    Science.gov (United States)

    Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

    2015-01-01

    Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

  3. Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis

    Science.gov (United States)

    Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

    2015-01-01

    Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim’ based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks. PMID:26222882

  4. Sleep Deprivation Attack Detection in Wireless Sensor Network

    OpenAIRE

    Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

    2012-01-01

    Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maxi...

  5. Optimal Patrol to Detect Attacks at Dispersed Heterogeneous Locations

    Science.gov (United States)

    2013-12-01

    solution RALP Random-attacker linear program SALP Strategic-attacker linear program SMDP Semi-Markov decision process SP Shortest path SPR1 Shortest...average cost per attack among all vertices, which we refer to as the strategic-attacker linear program ( SALP ): min x zOPT (3.1a) subject to ∑ (k,l)∈A c...the SALP is indicated by zOPT. The lower bound that is obtained from using the LBLP is indicated by zLB. Solutions obtained from using a heuristic

  6. On resilience studies of system detection and recovery techniques against stealthy insider attacks

    Science.gov (United States)

    Wei, Sixiao; Zhang, Hanlin; Chen, Genshe; Shen, Dan; Yu, Wei; Pham, Khanh D.; Blasch, Erik P.; Cruz, Jose B.

    2016-05-01

    With the explosive growth of network technologies, insider attacks have become a major concern to business operations that largely rely on computer networks. To better detect insider attacks that marginally manipulate network traffic over time, and to recover the system from attacks, in this paper we implement a temporal-based detection scheme using the sequential hypothesis testing technique. Two hypothetical states are considered: the null hypothesis that the collected information is from benign historical traffic and the alternative hypothesis that the network is under attack. The objective of such a detection scheme is to recognize the change within the shortest time by comparing the two defined hypotheses. In addition, once the attack is detected, a server migration-based system recovery scheme can be triggered to recover the system to the state prior to the attack. To understand mitigation of insider attacks, a multi-functional web display of the detection analysis was developed for real-time analytic. Experiments using real-world traffic traces evaluate the effectiveness of Detection System and Recovery (DeSyAR) scheme. The evaluation data validates the detection scheme based on sequential hypothesis testing and the server migration-based system recovery scheme can perform well in effectively detecting insider attacks and recovering the system under attack.

  7. A DoS/DDoS Attack Detection System Using Chi-Square Statistic Approach

    Directory of Open Access Journals (Sweden)

    Fang-Yie Leu

    2010-04-01

    Full Text Available Nowadays, users can easily access and download network attack tools, which often provide friendly interfaces and easily operated features, from the Internet. Therefore, even a naive hacker can also launch a large scale DoS or DDoS attack to prevent a system, i.e., the victim, from providing Internet services. In this paper, we propose an agent based intrusion detection architecture, which is a distributed detection system, to detect DoS/DDoS attacks by invoking a statistic approach that compares source IP addresses' normal and current packet statistics to discriminate whether there is a DoS/DDoS attack. It first collects all resource IPs' packet statistics so as to create their normal packet distribution. Once some IPs' current packet distribution suddenly changes, very often it is an attack. Experimental results show that this approach can effectively detect DoS/DDoS attacks.

  8. PMFA: Toward Passive Message Fingerprint Attacks on Challenge-Based Collaborative Intrusion Detection Networks

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2016-01-01

    To enhance the performance of single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed, which enable a set of IDS nodes to communicate with each other. In such a distributed network, insider attacks like collusion attacks are the main threat...... to advanced insider attacks in practical deployment. In this paper, we design a novel type of collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way. In the evaluation, we explore the attack performance under both simulated...... and real network environments. Experimental results indicate that under our attack, malicious nodes can send malicious responses to normal requests while maintaining their trust values....

  9. A two-tier system for web attack detection using linear discriminant method

    NARCIS (Netherlands)

    Tan, Zhiyuan; Jamdagni, Aruna; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping; Jia, Wenjing; Yeh, Wei-chang

    2010-01-01

    Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This

  10. Real-time DDoS attack detection for Cisco IOS using NetFlow

    NARCIS (Netherlands)

    van der Steeg, Daniël; Hofstede, R.J.; Sperotto, Anna; Pras, Aiko

    Flow-based DDoS attack detection is typically performed by analysis applications that are installed on or close to a flow collector. Although this approach allows for easy deployment, it makes detection far from real-time and susceptible to DDoS attacks for the following reasons. First, the fact

  11. Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.; Kirda, E.; Jha, S.; Balzarotti, D.

    Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

  12. Panacea : Automating attack classification for anomaly-based network intrusion detection systems

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, S.; Hartel, P.H.; Kirda, E.; Jha, S.; Balzarotti, D.

    2009-01-01

    Anomaly-based intrusion detection systems are usually criticized because they lack a classification of attacks, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

  13. Panacea : Automating attack classification for anomaly-based network intrusion detection systems

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, S.; Hartel, P.H.

    2009-01-01

    Anomaly-based intrusion detection systems are usually criticized because they lack a classification of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

  14. Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

    NARCIS (Netherlands)

    Bolzoni, D.; Etalle, Sandro; Hartel, Pieter H.

    2009-01-01

    Anomaly-based intrusion detection systems are usually criticized because they lack a classication of attack, thus security teams have to manually inspect any raised alert to classify it. We present a new approach, Panacea, to automatically and systematically classify attacks detected by an

  15. Flow-based detection of IPv6-specific network layer attacks

    NARCIS (Netherlands)

    Hendriks, Luuk; Velan, Petr; de O. Schmidt, Ricardo; de Boer, Pieter-Tjerk; Pras, Aiko; Tuncer, Daphne; Koch, Robert; Badonne, Rémi; Stiller, Burkhard

    2017-01-01

    With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been

  16. Biometric Authentication Systems Attacks: Liveness Detection to the ...

    African Journals Online (AJOL)

    AFRICAN JOURNALS ONLINE (AJOL) · Journals · Advanced Search · USING AJOL · RESOURCES ... access control, sensitive data protection and on-line tracking systems. ... This paper has identified such vulnerabilities and threats, particularly ... Systems, Authentication, Verification, Vulnerabilities, attacks, Threats.

  17. Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

    Science.gov (United States)

    Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

    2017-01-01

    The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

  18. Attack Detection/Isolation via a Secure Multisensor Fusion Framework for Cyberphysical Systems

    Directory of Open Access Journals (Sweden)

    Arash Mohammadi

    2018-01-01

    Full Text Available Motivated by rapid growth of cyberphysical systems (CPSs and the necessity to provide secure state estimates against potential data injection attacks in their application domains, the paper proposes a secure and innovative attack detection and isolation fusion framework. The proposed multisensor fusion framework provides secure state estimates by using ideas from interactive multiple models (IMM combined with a novel fuzzy-based attack detection/isolation mechanism. The IMM filter is used to adjust the system’s uncertainty adaptively via model probabilities by using a hybrid state model consisting of two behaviour modes, one corresponding to the ideal scenario and one associated with the attack behaviour mode. The state chi-square test is then incorporated through the proposed fuzzy-based fusion framework to detect and isolate potential data injection attacks. In other words, the validation probability of each sensor is calculated based on the value of the chi-square test. Finally, by incorporation of the validation probability of each sensor, the weights of its associated subsystem are computed. To be concrete, an integrated navigation system is simulated with three types of attacks ranging from a constant bias attack to a non-Gaussian stochastic attack to evaluate the proposed attack detection and isolation fusion framework.

  19. SYN Flood Attack Detection in Cloud Computing using Support Vector Machine

    Directory of Open Access Journals (Sweden)

    Zerina Mašetić

    2017-11-01

    Full Text Available Cloud computing is a trending technology, as it reduces the cost of running a business. However, many companies are skeptic moving about towards cloud due to the security concerns. Based on the Cloud Security Alliance report, Denial of Service (DoS attacks are among top 12 attacks in the cloud computing. Therefore, it is important to develop a mechanism for detection and prevention of these attacks. The aim of this paper is to evaluate Support Vector Machine (SVM algorithm in creating the model for classification of DoS attacks and normal network behaviors. The study was performed in several phases: a attack simulation, b data collection, cfeature selection, and d classification. The proposedmodel achieved 100% classification accuracy with true positive rate (TPR of 100%. SVM showed outstanding performance in DoS attack detection and proves that it serves as a valuable asset in the network security area.

  20. SOOA: Exploring Special On-Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2017-01-01

    The development of collaborative intrusion detection networks (CIDNs) aims to enhance the performance of a single intrusion detection system (IDS), through communicating and collecting information from other IDS nodes. To defend CIDNs against insider attacks, trust-based mechanisms are crucial...... and render CIDNs still vulnerable to advanced insider attacks in a practical deployment. In this paper, our motivation is to investigate the effect of On-Off attacks on challenge-based CIDNs. In particular, as a study, we explore a special On-Off attack (called SOOA), which can keep responding normally...... to one node while acting abnormally to another node. In the evaluation, we explore the attack performance under simulated CIDN environments. Experimental results indicate that our attack can interfere the effectiveness of trust computation for CIDN nodes....

  1. Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

    Directory of Open Access Journals (Sweden)

    Tongguang Ni

    2013-01-01

    Full Text Available Distributed denial of service (DDoS attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI. By approximating the adaptive autoregressive (AAR model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

  2. SiC: An Agent Based Architecture for Preventing and Detecting Attacks to Ubiquitous Databases

    OpenAIRE

    Pinzón, Cristian; de Paz Santana, Yanira; Bajo Pérez, Javier; Abraham, Ajith P.; Corchado Rodríguez, Juan M.

    2009-01-01

    One of the main attacks to ubiquitous databases is the structure query language (SQL) injection attack, which causes severe damages both in the commercial aspect and in the user’s confidence. This chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hierarchical distributed multiagent architecture, which involves an entirely new approach with respect to existing architectures for the prevention and detection of SQL injections. SiC incorporates a k...

  3. Enhancing the Statistical Filtering Scheme to Detect False Negative Attacks in Sensor Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Akram

    2017-06-01

    Full Text Available In this paper, we present a technique that detects both false positive and false negative attacks in statistical filtering-based wireless sensor networks. In statistical filtering scheme, legitimate reports are repeatedly verified en route before they reach the base station, which causes heavy energy consumption. While the original statistical filtering scheme detects only false reports, our proposed method promises to detect both attacks.

  4. Denial-of-service attack detection based on multivariate correlation analysis

    NARCIS (Netherlands)

    Tan, Zhiyuan; Jamdagni, Aruna; He, Xiangjian; Nanda, Priyadarsi; Liu, Ren Ping; Lu, Bao-Liang; Zhang, Liqing; Kwok, James

    2011-01-01

    The reliability and availability of network services are being threatened by the growing number of Denial-of-Service (DoS) attacks. Effective mechanisms for DoS attack detection are demanded. Therefore, we propose a multivariate correlation analysis approach to investigate and extract second-order

  5. Method and apparatus for detecting cyber attacks on an alternating current power grid

    Science.gov (United States)

    McEachern, Alexander; Hofmann, Ronald

    2017-04-11

    A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.

  6. Detection of attack-targeted scans from the Apache HTTP Server access logs

    Directory of Open Access Journals (Sweden)

    Merve Baş Seyyar

    2018-01-01

    Full Text Available A web application could be visited for different purposes. It is possible for a web site to be visited by a regular user as a normal (natural visit, to be viewed by crawlers, bots, spiders, etc. for indexing purposes, lastly to be exploratory scanned by malicious users prior to an attack. An attack targeted web scan can be viewed as a phase of a potential attack and can lead to more attack detection as compared to traditional detection methods. In this work, we propose a method to detect attack-oriented scans and to distinguish them from other types of visits. In this context, we use access log files of Apache (or ISS web servers and try to determine attack situations through examination of the past data. In addition to web scan detections, we insert a rule set to detect SQL Injection and XSS attacks. Our approach has been applied on sample data sets and results have been analyzed in terms of performance measures to compare our method and other commonly used detection techniques. Furthermore, various tests have been made on log samples from real systems. Lastly, several suggestions about further development have been also discussed.

  7. An efficient algorithm for the detection of exposed and hidden wormhole attack

    International Nuclear Information System (INIS)

    Khan, Z.A.; Rehman, S.U.; Islam, M.H.

    2016-01-01

    MANETs (Mobile Ad Hoc Networks) are slowly integrating into our everyday lives, their most prominent uses are visible in the disaster and war struck areas where physical infrastructure is almost impossible or very hard to build. MANETs like other networks are facing the threat of malicious users and their activities. A number of attacks have been identified but the most severe of them is the wormhole attack which has the ability to succeed even in case of encrypted traffic and secure networks. Once wormhole is launched successfully, the severity increases by the fact that attackers can launch other attacks too. This paper presents a comprehensive algorithm for the detection of exposed as well as hidden wormhole attack while keeping the detection rate to maximum and at the same reducing false alarms. The algorithm does not require any extra hardware, time synchronization or any special type of nodes. The architecture consists of the combination of Routing Table, RTT (Round Trip Time) and RSSI (Received Signal Strength Indicator) for comprehensive detection of wormhole attack. The proposed technique is robust, light weight, has low resource requirements and provides real-time detection against the wormhole attack. Simulation results show that the algorithm is able to provide a higher detection rate, packet delivery ratio, negligible false alarms and is also better in terms of Ease of Implementation, Detection Accuracy/ Speed and processing overhead. (author)

  8. Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information

    Directory of Open Access Journals (Sweden)

    Chundong Wang

    2018-03-01

    Full Text Available With the development of the Internet-of-Things (IoT, wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI. This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI. Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks.

  9. Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

    International Nuclear Information System (INIS)

    Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

    2017-01-01

    This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarm rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.

  10. DETECTION AND LOCALIZATION OF MULTIPLE SPOOFING ATTACKERS FOR MOBILE WIRELESS NETWORKS

    Directory of Open Access Journals (Sweden)

    R. Maivizhi

    2015-06-01

    Full Text Available The openness nature of wireless networks allows adversaries to easily launch variety of spoofing attacks and causes havoc in network performance. Recent approaches used Received Signal Strength (RSS traces, which only detect spoofing attacks in mobile wireless networks. However, it is not always desirable to use these methods as RSS values fluctuate significantly over time due to distance, noise and interference. In this paper, we discusses a novel approach, Mobile spOofing attack DEtection and Localization in WIireless Networks (MODELWIN system, which exploits location information about nodes to detect identity-based spoofing attacks in mobile wireless networks. Also, this approach determines the number of attackers who used the same node identity to masquerade as legitimate device. Moreover, multiple adversaries can be localized accurately. By eliminating attackers the proposed system enhances network performance. We have evaluated our technique through simulation using an 802.11 (WiFi network and an 802.15.4 (Zigbee networks. The results prove that MODELWIN can detect spoofing attacks with a very high detection rate and localize adversaries accurately.

  11. Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information.

    Science.gov (United States)

    Wang, Chundong; Zhu, Likun; Gong, Liangyi; Zhao, Zhentang; Yang, Lei; Liu, Zheli; Cheng, Xiaochun

    2018-03-15

    With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI). This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI). Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks.

  12. Developing advanced fingerprint attacks on challenge-based collaborative intrusion detection networks

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2017-01-01

    Traditionally, an isolated intrusion detection system (IDS) is vulnerable to various types of attacks. In order to enhance IDS performance, collaborative intrusion detection networks (CIDNs) are developed through enabling a set of IDS nodes to communicate with each other. Due to the distributed...... network architecture, insider attacks are one of the major threats. In the literature, challenge-based trust mechanisms have been built to identify malicious nodes by evaluating the satisfaction levels between challenges and responses. However, such mechanisms rely on two major assumptions, which may...... result in a weak threat model. In this case, CIDNs may be still vulnerable to advanced insider attacks in real-world deployment. In this paper, we propose a novel collusion attack, called passive message fingerprint attack (PMFA), which can collect messages and identify normal requests in a passive way...

  13. Programmable Logic Controller Modification Attacks for use in Detection Analysis

    Science.gov (United States)

    2014-03-27

    and J. Lowe, “The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems ,” in Proceedings of the VDE Kongress, vol. 116, 2004. [13...Feb 2014 Date 20 Feb 2014 Date 20 Feb 2014 Date AFIT-ENG-14-M-66 Abstract Unprotected Supervisory Control and Data Acquisition (SCADA) systems offer...control and monitor physical industrial processes. Although attacks targeting SCADA systems have increased, there has been little work exploring the

  14. Underlying finite state machine for the social engineering attack detection model

    CSIR Research Space (South Africa)

    Mouton, Francois

    2017-08-01

    Full Text Available one to have a clearer overview of the mental processing performed within the model. While the current model provides a general procedural template for implementing detection mechanisms for social engineering attacks, the finite state machine provides a...

  15. On-Line Detection of Distributed Attacks from Space-Time Network Flow Patterns

    National Research Council Canada - National Science Library

    Baras, J. S; Cardenas, A. A; Ramezani, V

    2003-01-01

    .... The directionality of the change in a network flow is assumed to have an objective or target. The particular problem of detecting distributed denial of service attacks from distributed observations is presented as a working framework...

  16. Cyber attack analysis on cyber-physical systems: Detectability, severity, and attenuation strategy

    Science.gov (United States)

    Kwon, Cheolhyeon

    Security of Cyber-Physical Systems (CPS) against malicious cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is usually intractable to describe and diagnose them systematically. Motivated by such difficulties, this thesis presents a set of theories and algorithms for a cyber-secure architecture of the CPS within the control theoretic perspective. Here, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Firstly, we investigate the detectability of the cyber attacks from the system's behavior under cyber attacks. Specifically, we conduct a study on the vulnerabilities in the CPS's monitoring system against the stealthy cyber attack that is carefully designed to avoid being detected by its detection scheme. After classifying three kinds of cyber attacks according to the attacker's ability to compromise the system, we derive the necessary and sufficient conditions under which such stealthy cyber attacks can be designed to cause the unbounded estimation error while not being detected. Then, the analytical design method of the optimal stealthy cyber attack that maximizes the estimation error is developed. The proposed stealthy cyber attack analysis is demonstrated with illustrative examples on Air Traffic Control (ATC) system and Unmanned Aerial Vehicle (UAV) navigation system applications. Secondly, in an attempt to study the CPSs' vulnerabilities in more detail, we further discuss a methodology to identify potential cyber threats inherent in the given CPSs and quantify the attack severity accordingly. We then develop an analytical algorithm to test the behavior of the CPS under various cyber attack combinations. Compared to a numerical approach, the analytical algorithm enables the prediction of the most effective cyber attack combinations without computing the severity of all possible attack combinations, thereby greatly reducing the

  17. Low Complexity Signed Response Based Sybil Attack Detection Mechanism in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    M. Saud Khan

    2016-01-01

    Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Identity based attacks such as spoofing and sybil not only compromise the network but also slow down its performance. This paper proposes a low complexity sybil attack detection scheme, that is, based on signed response (SRES authentication mechanism developed for Global System for Mobile (GSM communications. A probabilistic model is presented which analyzes the proposed authentication mechanism for its probability of sybil attack. The paper also presents a simulation based comparative analysis of the existing sybil attack schemes with respect to the proposed scheme. It is observed that the proposed sybil detection scheme exhibits lesser computational cost and power consumption as compared to the existing schemes for the same sybil detection performance.

  18. A SURVEY ON DELAY AND NEIGHBOR NODE MONITORING BASED WORMHOLE ATTACK PREVENTION AND DETECTION

    Directory of Open Access Journals (Sweden)

    Sudhir T Bagade

    2016-12-01

    Full Text Available In Mobile Ad-hoc Networks (MANET, network layer attacks, for example wormhole attacks, disrupt the network routing operations and can be used for data theft. Wormhole attacks are of two types: hidden and exposed wormhole. There are various mechanisms in literature which are used to prevent and detect wormhole attacks. In this paper, we survey wormhole prevention and detection techniques and present our critical observations for each. These techniques are based on cryptographic mechanisms, monitoring of packet transmission delay and control packet forwarding behavior of neighbor nodes. We compare the techniques using the following criteria- extra resources needed applicability to different network topologies and routing protocols, prevention/detection capability, etc. We conclude the paper with potential research directions.

  19. Intrusion detection in cloud computing based attack patterns and risk assessment

    Directory of Open Access Journals (Sweden)

    Ben Charhi Youssef

    2017-05-01

    Full Text Available This paper is an extension of work originally presented in SYSCO CONF.We extend our previous work by presenting the initial results of the implementation of intrusion detection based on risk assessment on cloud computing. The idea focuses on a novel approach for detecting cyber-attacks on the cloud environment by analyzing attacks pattern using risk assessment methodologies. The aim of our solution is to combine evidences obtained from Intrusion Detection Systems (IDS deployed in a cloud with risk assessment related to each attack pattern. Our approach presents a new qualitative solution for analyzing each symptom, indicator and vulnerability analyzing impact and likelihood of distributed and multi-steps attacks directed to cloud environments. The implementation of this approach will reduce the number of false alerts and will improve the performance of the IDS.

  20. GA-DoSLD: Genetic Algorithm Based Denial-of-Sleep Attack Detection in WSN

    Directory of Open Access Journals (Sweden)

    Mahalakshmi Gunasekaran

    2017-01-01

    Full Text Available Denial-of-sleep (DoSL attack is a special category of denial-of-service attack that prevents the battery powered sensor nodes from going into the sleep mode, thus affecting the network performance. The existing schemes used for the DoSL attack detection do not provide an optimal energy conservation and key pairing operation. Hence, in this paper, an efficient Genetic Algorithm (GA based denial-of-sleep attack detection (GA-DoSLD algorithm is suggested for analyzing the misbehaviors of the nodes. The suggested algorithm implements a Modified-RSA (MRSA algorithm in the base station (BS for generating and distributing the key pair among the sensor nodes. Before sending/receiving the packets, the sensor nodes determine the optimal route using Ad Hoc On-Demand Distance Vector Routing (AODV protocol and then ensure the trustworthiness of the relay node using the fitness calculation. The crossover and mutation operations detect and analyze the methods that the attackers use for implementing the attack. On determining an attacker node, the BS broadcasts the blocked information to all the other sensor nodes in the network. Simulation results prove that the suggested algorithm is optimal compared to the existing algorithms such as X-MAC, ZKP, and TE2P schemes.

  1. Current Sinkhole Boundaries in Iowa

    Data.gov (United States)

    Iowa State University GIS Support and Research Facility — This dataset is a polygon coverage of the sinkhole boundaries as determined by using LiDAR data. The polygons relate to the point coverage using the KPolyID field in...

  2. Defending a single object against an attacker trying to detect a subset of false targets

    International Nuclear Information System (INIS)

    Peng, R.; Zhai, Q.Q.; Levitin, G.

    2016-01-01

    Deployment of false targets can be a very important and effective measure for enhancing the survivability of an object subjected to intentional attacks. Existing papers have assumed that false targets are either perfect or can be detected with a constant probability. In practice, the attacker may allocate part of its budget into intelligence actions trying to detect a subset of false targets. Analogously, the defender can allocate part of its budget into disinformation actions to prevent the false targets from being detected. In this paper, the detection probability of each false target is assumed to be a function of the intelligence and disinformation efforts allocated on the false target. The optimal resource distribution between target identification/disinformation and attack/protection efforts is studied as solutions of a non-cooperative two period min–max game between the two competitors for the case of constrained defense and attack resources. - Highlights: • A defense-attack problem is studied as a two-period min–max game. • Both intelligence contest over false targets and impact contest are considered. • Optimal defense and attack strategies are investigated with different parameters.

  3. A Novel Multiple-Bits Collision Attack Based on Double Detection with Error-Tolerant Mechanism

    Directory of Open Access Journals (Sweden)

    Ye Yuan

    2018-01-01

    Full Text Available Side-channel collision attacks are more powerful than traditional side-channel attack without knowing the leakage model or establishing the model. Most attack strategies proposed previously need quantities of power traces with high computational complexity and are sensitive to mistakes, which restricts the attack efficiency seriously. In this paper, we propose a multiple-bits side-channel collision attack based on double distance voting detection (DDVD and also an improved version, involving the error-tolerant mechanism, which can find all 120 relations among 16 key bytes when applied to AES (Advanced Encryption Standard algorithm. In addition, we compare our collision detection method called DDVD with the Euclidean distance and the correlation-enhanced collision method under different intensity of noise, which indicates that our detection technique performs better in the circumstances of noise. Furthermore, 4-bit model of our collision detection method is proven to be optimal in theory and in practice. Meanwhile the corresponding practical attack experiments are also performed on a hardware implementation of AES-128 on FPGA board successfully. Results show that our strategy needs less computation time but more traces than LDPC method and the online time for our strategy is about 90% less than CECA and 96% less than BCA with 90% success rate.

  4. Detecting unknown attacks in wireless sensor networks that contain mobile nodes.

    Science.gov (United States)

    Banković, Zorana; Fraga, David; Moya, José M; Vallejo, Juan Carlos

    2012-01-01

    As wireless sensor networks are usually deployed in unattended areas, security policies cannot be updated in a timely fashion upon identification of new attacks. This gives enough time for attackers to cause significant damage. Thus, it is of great importance to provide protection from unknown attacks. However, existing solutions are mostly concentrated on known attacks. On the other hand, mobility can make the sensor network more resilient to failures, reactive to events, and able to support disparate missions with a common set of sensors, yet the problem of security becomes more complicated. In order to address the issue of security in networks with mobile nodes, we propose a machine learning solution for anomaly detection along with the feature extraction process that tries to detect temporal and spatial inconsistencies in the sequences of sensed values and the routing paths used to forward these values to the base station. We also propose a special way to treat mobile nodes, which is the main novelty of this work. The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques. These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion. The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

  5. Relations between sinkhole density and anthropogenic contaminants in selected carbonate aquifers in the eastern United States

    Science.gov (United States)

    Lindsey, Bruce D.; Katz, Brian G.; Berndt, Marian P.; Ardis, Ann F.; Skach, Kenneth A.

    2009-01-01

    The relation between sinkhole density and water quality was investigated in seven selected carbonate aquifers in the eastern United States. Sinkhole density for these aquifers was grouped into high (>25 sinkholes/100 km2), medium (1–25 sinkholes/100 km2), or low (2) categories using a geographical information system that included four independent databases covering parts of Alabama, Florida, Missouri, Pennsylvania, and Tennessee. Field measurements and concentrations of major ions, nitrate, and selected pesticides in samples from 451 wells and 70 springs were included in the water-quality database. Data were collected as a part of the US Geological Survey (USGS) National Water-Quality Assessment (NAWQA) Program. Areas with high and medium sinkhole density had the greatest well depths and depths to water, the lowest concentrations of total dissolved solids and bicarbonate, the highest concentrations of dissolved oxygen, and the lowest partial pressure of CO2 compared to areas with low sinkhole density. These chemical indicators are consistent conceptually with a conduit-flow-dominated system in areas with a high density of sinkholes and a diffuse-flow-dominated system in areas with a low density of sinkholes. Higher cave density and spring discharge in Pennsylvania also support the concept that the high sinkhole density areas are dominated by conduit-flow systems. Concentrations of nitrate-N were significantly higher (p sinkhole density than in low sinkhole-density areas; when accounting for the variations in land use near the sampling sites, the high sinkhole-density area still had higher concentrations of nitrate-N than the low sinkhole-density area. Detection frequencies of atrazine, simazine, metolachlor, prometon, and the atrazine degradate deethylatrazine indicated a pattern similar to nitrate; highest pesticide detections were associated with high sinkhole-density areas. These patterns generally persisted when analyzing the detection frequency by land

  6. Detecting and Mitigating Smart Insider Jamming Attacks in MANETs Using Reputation-Based Coalition Game

    Directory of Open Access Journals (Sweden)

    Ashraf Al Sharah

    2016-01-01

    Full Text Available Security in mobile ad hoc networks (MANETs is challenging due to the ability of adversaries to gather necessary intelligence to launch insider jamming attacks. The solutions to prevent external attacks on MANET are not applicable for defense against insider jamming attacks. There is a need for a formal framework to characterize the information required by adversaries to launch insider jamming attacks. In this paper, we propose a novel reputation-based coalition game in MANETs to detect and mitigate insider jamming attacks. Since there is no centralized controller in MANETs, the nodes rely heavily on availability of transmission rates and a reputation for each individual node in the coalition to detect the presence of internal jamming node. The nodes will form a stable grand coalition in order to make a strategic security defense decision, maintain the grand coalition based on node reputation, and exclude any malicious node based on reputation value. Simulation results show that our approach provides a framework to quantify information needed by adversaries to launch insider attacks. The proposed approach will improve MANET’s defense against insider attacks, while also reducing incorrect classification of legitimate nodes as jammers.

  7. Detection of Variations of Local Irregularity of Traffic under DDOS Flood Attack

    Directory of Open Access Journals (Sweden)

    Ming Li

    2008-01-01

    Full Text Available The aim of distributed denial-of-service (DDOS flood attacks is to overwhelm the attacked site or to make its service performance deterioration considerably by sending flood packets to the target from the machines distributed all over the world. This is a kind of local behavior of traffic at the protected site because the attacked site can be recovered to its normal service state sooner or later even though it is in reality overwhelmed during attack. From a view of mathematics, it can be taken as a kind of short-range phenomenon in computer networks. In this paper, we use the Hurst parameter (H to measure the local irregularity or self-similarity of traffic under DDOS flood attack provided that fractional Gaussian noise (fGn is used as the traffic model. As flood attack packets of DDOS make the H value of arrival traffic vary significantly away from that of traffic normally arriving at the protected site, we discuss a method to statistically detect signs of DDOS flood attacks with predetermined detection probability and false alarm probability.

  8. Low-Rate DDoS Attack Detection Using Expectation of Packet Size

    Directory of Open Access Journals (Sweden)

    Lu Zhou

    2017-01-01

    Full Text Available Low-rate Distributed Denial-of-Service (low-rate DDoS attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.

  9. Bubbles, Bubbles, Tremors & Trouble: The Bayou Corne Sinkhole

    Science.gov (United States)

    Nunn, J. A.

    2013-12-01

    In May 2012, thermogenic methane bubbles were first observed in Bayou Corne in Assumption Parish, Louisiana. As of July 2013, ninety one bubbling sites have been identified. Gas was also found in the top of the Mississippi River Alluvial Aquifer (MRAA) about 125 ft below the surface. Vent wells drilled into the MRAA have flared more 16 million SCF of gas. Trace amounts of hydrogen sulfide also have been detected. Bayou Corne flows above the Napoleonville salt dome which has been an active area for oil and gas exploration since the 1920s. The dome is also a site of dissolution salt mining which has produced large caverns with diameters of up to 300 ft and heights of 2000 ft. Some caverns are used for storage of natural gas. Microseismic activity was confirmed by an Earthscope seismic station in White Castle, LA in July 2012. An array of microseismic stations set up in the area recorded more than 60 microseismic events in late July and early August, 2012. These microseismic events were located on the western side of the dome. Estimated focal depths are just above the top of salt. In August 2012, a sinkhole developed overnight just to the northwest of a plugged and abandoned brine filled cavern (see figure below). The sinkhole continues to grow in area to more than 20 acres and has consumed a pipeline right of way. The sinkhole is more than 750 ft deep at its center. Microseismic activity was reduced for several months following the formation of the sinkhole. Microseismic events have reoccurred episodically since then with periods of frequent events preceding slumping of material into the sinkhole or a 'burp' where fluid levels in the sinkhole drop and then rebound followed by a decrease in microseismic activity. Some gas and/or oil may appear at the surface of the sinkhole following a 'burp'. Very long period events also have been observed which are believed to be related to subsurface fluid movement. A relief well drilled into the abandoned brine cavern found that

  10. A New Mechanism to Improve the Detection Rate of Shilling Attacks in the Recommender Systems

    Directory of Open Access Journals (Sweden)

    javad nehriri

    2017-12-01

    Full Text Available Recommender systems are widely used, in social networks and online stores, to overcome the problems caused by the large amount of information. Most of these systems use a collaborative filtering method to generate recommendations to the users. But, as in this method users’ feedback is considered for recommendations, it can be significantly erroneous by the malicious people. In other words, there may be some users who open fake profiles and vote one-sided or biased in the system that may cause disturbance in providing proper recommendations to other users. This kind of damage is said to be shiling attacks. If the attackers succeed, the user's trust in the recommender systems will reduce. In recent years, efficient attack detection algorithms have been proposed, but each has its own limitations. In this paper, we use profile-based and item-based algorithms to provide a new mechanism to significantly reduce the detection error for shilling attacks.

  11. A DDoS Attack Detection Method Based on SVM in Software Defined Network

    Directory of Open Access Journals (Sweden)

    Jin Ye

    2018-01-01

    Full Text Available The detection of DDoS attacks is an important topic in the field of network security. The occurrence of software defined network (SDN (Zhang et al., 2018 brings up some novel methods to this topic in which some deep learning algorithm is adopted to model the attack behavior based on collecting from the SDN controller. However, the existing methods such as neural network algorithm are not practical enough to be applied. In this paper, the SDN environment by mininet and floodlight (Ning et al., 2014 simulation platform is constructed, 6-tuple characteristic values of the switch flow table is extracted, and then DDoS attack model is built by combining the SVM classification algorithms. The experiments show that average accuracy rate of our method is 95.24% with a small amount of flow collecting. Our work is of good value for the detection of DDoS attack in SDN.

  12. F-DDIA: A Framework for Detecting Data Injection Attacks in Nonlinear Cyber-Physical Systems

    Directory of Open Access Journals (Sweden)

    Jingxuan Wang

    2017-01-01

    Full Text Available Data injection attacks in a cyber-physical system aim at manipulating a number of measurements to alter the estimated real-time system states. Many researchers recently focus on how to detect such attacks. However, most of the detection methods do not work well for the nonlinear systems. In this paper, we present a compressive sampling methodology to identify the attack, which allows determining how many and which measurement signals are launched. The sparsity feature is used. Generally, our methodology can be applied to both linear and nonlinear systems. The experimental testing, which includes realistic load patterns from NYISO with various attack scenarios in the IEEE 14-bus system, confirms that our detector performs remarkably well.

  13. A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning

    Directory of Open Access Journals (Sweden)

    Bin Jia

    2017-01-01

    Full Text Available The explosive growth of network traffic and its multitype on Internet have brought new and severe challenges to DDoS attack detection. To get the higher True Negative Rate (TNR, accuracy, and precision and to guarantee the robustness, stability, and universality of detection system, in this paper, we propose a DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning and design a heuristic detection algorithm based on Singular Value Decomposition (SVD to construct our detection system. Experimental results show that our detection method is excellent in TNR, accuracy, and precision. Therefore, our algorithm has good detective performance for DDoS attack. Through the comparisons with Random Forest, k-Nearest Neighbor (k-NN, and Bagging comprising the component classifiers when the three algorithms are used alone by SVD and by un-SVD, it is shown that our model is superior to the state-of-the-art attack detection techniques in system generalization ability, detection stability, and overall detection performance.

  14. Exploiting Wireless Received Signal Strength Indicators to Detect Evil-Twin Attacks in Smart Homes

    Directory of Open Access Journals (Sweden)

    Zhanyong Tang

    2017-01-01

    Full Text Available Evil-Twin is becoming a common attack in smart home environments where an attacker can set up a fake AP to compromise the security of the connected devices. To identify the fake APs, The current approaches of detecting Evil-Twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP, or network traffic patterns. However, such information can be faked by the attacker, often leading to low detection rates and weak protection. This paper presents a novel Evil-Twin attack detection method based on the received signal strength indicator (RSSI. Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the Wi-Fi signal. As a departure from prior work, our approach does not rely on any professional measurement devices. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of a one-off, modest connection delay.

  15. Presentation Attack Detection for Iris Recognition System Using NIR Camera Sensor

    Science.gov (United States)

    Nguyen, Dat Tien; Baek, Na Rae; Pham, Tuyen Danh; Park, Kang Ryoung

    2018-01-01

    Among biometric recognition systems such as fingerprint, finger-vein, or face, the iris recognition system has proven to be effective for achieving a high recognition accuracy and security level. However, several recent studies have indicated that an iris recognition system can be fooled by using presentation attack images that are recaptured using high-quality printed images or by contact lenses with printed iris patterns. As a result, this potential threat can reduce the security level of an iris recognition system. In this study, we propose a new presentation attack detection (PAD) method for an iris recognition system (iPAD) using a near infrared light (NIR) camera image. To detect presentation attack images, we first localized the iris region of the input iris image using circular edge detection (CED). Based on the result of iris localization, we extracted the image features using deep learning-based and handcrafted-based methods. The input iris images were then classified into real and presentation attack categories using support vector machines (SVM). Through extensive experiments with two public datasets, we show that our proposed method effectively solves the iris recognition presentation attack detection problem and produces detection accuracy superior to previous studies. PMID:29695113

  16. Presentation Attack Detection for Iris Recognition System Using NIR Camera Sensor

    Directory of Open Access Journals (Sweden)

    Dat Tien Nguyen

    2018-04-01

    Full Text Available Among biometric recognition systems such as fingerprint, finger-vein, or face, the iris recognition system has proven to be effective for achieving a high recognition accuracy and security level. However, several recent studies have indicated that an iris recognition system can be fooled by using presentation attack images that are recaptured using high-quality printed images or by contact lenses with printed iris patterns. As a result, this potential threat can reduce the security level of an iris recognition system. In this study, we propose a new presentation attack detection (PAD method for an iris recognition system (iPAD using a near infrared light (NIR camera image. To detect presentation attack images, we first localized the iris region of the input iris image using circular edge detection (CED. Based on the result of iris localization, we extracted the image features using deep learning-based and handcrafted-based methods. The input iris images were then classified into real and presentation attack categories using support vector machines (SVM. Through extensive experiments with two public datasets, we show that our proposed method effectively solves the iris recognition presentation attack detection problem and produces detection accuracy superior to previous studies.

  17. Presentation Attack Detection for Iris Recognition System Using NIR Camera Sensor.

    Science.gov (United States)

    Nguyen, Dat Tien; Baek, Na Rae; Pham, Tuyen Danh; Park, Kang Ryoung

    2018-04-24

    Among biometric recognition systems such as fingerprint, finger-vein, or face, the iris recognition system has proven to be effective for achieving a high recognition accuracy and security level. However, several recent studies have indicated that an iris recognition system can be fooled by using presentation attack images that are recaptured using high-quality printed images or by contact lenses with printed iris patterns. As a result, this potential threat can reduce the security level of an iris recognition system. In this study, we propose a new presentation attack detection (PAD) method for an iris recognition system (iPAD) using a near infrared light (NIR) camera image. To detect presentation attack images, we first localized the iris region of the input iris image using circular edge detection (CED). Based on the result of iris localization, we extracted the image features using deep learning-based and handcrafted-based methods. The input iris images were then classified into real and presentation attack categories using support vector machines (SVM). Through extensive experiments with two public datasets, we show that our proposed method effectively solves the iris recognition presentation attack detection problem and produces detection accuracy superior to previous studies.

  18. High-speed web attack detection through extracting exemplars from HTTP traffic

    KAUST Repository

    Wang, Wei; Zhang, Xiangliang

    2011-01-01

    Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our

  19. Design and implementation of network attack analysis and detect system

    International Nuclear Information System (INIS)

    Lu Zhigang; Wu Huan; Liu Baoxu

    2007-01-01

    This paper first analyzes the present research state of IDS (intrusion detection system), classifies and compares existing methods. According to the problems existing in IDS, such as false-positives, false-negatives and low information visualization, this paper suggests a system named NAADS which supports multi data sources. Through a series of methods such as clustering analysis, association analysis and visualization, rate of detection and usability of NAADS are increased. (authors)

  20. Security attack detection algorithm for electric power gis system based on mobile application

    Science.gov (United States)

    Zhou, Chao; Feng, Renjun; Wang, Liming; Huang, Wei; Guo, Yajuan

    2017-05-01

    Electric power GIS is one of the key information technologies to satisfy the power grid construction in China, and widely used in power grid construction planning, weather, and power distribution management. The introduction of electric power GIS based on mobile applications is an effective extension of the geographic information system that has been widely used in the electric power industry. It provides reliable, cheap and sustainable power service for the country. The accurate state estimation is the important conditions to maintain the normal operation of the electric power GIS. Recent research has shown that attackers can inject the complex false data into the power system. The injection attack of this new type of false data (load integrity attack LIA) can successfully bypass the routine detection to achieve the purpose of attack, so that the control center will make a series of wrong decision. Eventually, leading to uneven distribution of power in the grid. In order to ensure the safety of the electric power GIS system based on mobile application, it is very important to analyze the attack mechanism and propose a new type of attack, and to study the corresponding detection method and prevention strategy in the environment of electric power GIS system based on mobile application.

  1. A Dynamic Programming Model for Internal Attack Detection in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qiong Shi

    2017-01-01

    Full Text Available Internal attack is a crucial security problem of WSN (wireless sensor network. In this paper, we focus on the internal attack detection which is an important way to locate attacks. We propose a state transition model, based on the continuous time Markov chain (CTMC, to study the behaviors of the sensors in a WSN under internal attack. Then we conduct the internal attack detection model as the epidemiological model. In this model, we explore the detection rate as the rate of a compromised state transition to a response state. By using the Bellman equation, the utility for the state transitions of a sensor can be written in standard forms of dynamic programming. It reveals a natural way to find the optimal detection rate that is by maximizing the total utility of the compromised state of the node (the sum of current utility and future utility. In particular, we encapsulate the current state, survivability, availability, and energy consumption of the WSN into an information set. We conduct extensive experiments and the results show the effectiveness of our solutions.

  2. Efficient Hybrid Detection of Node Replication Attacks in Mobile Sensor Networks

    Directory of Open Access Journals (Sweden)

    Ze Wang

    2017-01-01

    Full Text Available The node replication attack is one of the notorious attacks that can be easily launched by adversaries in wireless sensor networks. A lot of literatures have studied mitigating the node replication attack in static wireless sensor networks. However, it is more difficult to detect the replicas in mobile sensor networks because of their node mobility. Considering the limitations of centralized detection schemes for static wireless sensor networks, a few distributed solutions have been recently proposed. Some existing schemes identified replicated attacks by sensing mobile nodes with identical ID but different locations. To facilitate the discovery of contradictory conflicts, we propose a hybrid local and global detection method. The local detection is performed in a local area smaller than the whole deployed area to improve the meeting probability of contradictory nodes, while the distant replicated nodes in larger area can also be efficiently detected by the global detection. The complementary two levels of detection achieve quick discovery by searching of the replicas with reasonable overhead.

  3. Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers.

    Science.gov (United States)

    Alonso, Roberto; Monroy, Raúl; Trejo, Luis A

    2016-08-17

    The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS). The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting) and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.

  4. Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers

    Directory of Open Access Journals (Sweden)

    Roberto Alonso

    2016-08-01

    Full Text Available The Domain Name System (DNS is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS. The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.

  5. A Cluster-based Approach Towards Detecting and Modeling Network Dictionary Attacks

    Directory of Open Access Journals (Sweden)

    A. Tajari Siahmarzkooh

    2016-12-01

    Full Text Available In this paper, we provide an approach to detect network dictionary attacks using a data set collected as flows based on which a clustered graph is resulted. These flows provide an aggregated view of the network traffic in which the exchanged packets in the network are considered so that more internally connected nodes would be clustered. We show that dictionary attacks could be detected through some parameters namely the number and the weight of clusters in time series and their evolution over the time. Additionally, the Markov model based on the average weight of clusters,will be also created. Finally, by means of our suggested model, we demonstrate that artificial clusters of the flows are created for normal and malicious traffic. The results of the proposed approach on CAIDA 2007 data set suggest a high accuracy for the model and, therefore, it provides a proper method for detecting the dictionary attack.

  6. Investigation Model for DDoS Attack Detection in Real-Time

    Directory of Open Access Journals (Sweden)

    Abdulghani Ali Ahmed

    2015-02-01

    Full Text Available Investigating traffic of distributed denial of services (DDoS attack requires extra overhead which mostly results in network performance degradation. This study proposes an investigation model for detecting DDoS attack in real-time without causing negative degradation against network performance. The model investigates network traffic in a scalable way to detect user violations on quality of service regulations. Traffic investigation is triggered only when the network is congested; at that exact moment, burst gateways actually generate a congestion notification to misbehaving users. The misbehaving users are thus further investigated by measuring their consumption ratios of bandwidth. By exceeding the service level agreement bandwidth ratio, user traffic is filtered as DDoS traffic. Simulation results demonstrate that the proposed model efficiently monitors intrusive traffic and precisely detects DDoS attack.

  7. Attacks and Intrusion Detection in Cloud Computing Using Neural Networks and Particle Swarm Optimization Algorithms

    Directory of Open Access Journals (Sweden)

    Ahmad Shokuh Saljoughi

    2018-01-01

    Full Text Available Today, cloud computing has become popular among users in organizations and companies. Security and efficiency are the two major issues facing cloud service providers and their customers. Since cloud computing is a virtual pool of resources provided in an open environment (Internet, cloud-based services entail security risks. Detection of intrusions and attacks through unauthorized users is one of the biggest challenges for both cloud service providers and cloud users. In the present study, artificial intelligence techniques, e.g. MLP Neural Network sand particle swarm optimization algorithm, were used to detect intrusion and attacks. The methods were tested for NSL-KDD, KDD-CUP datasets. The results showed improved accuracy in detecting attacks and intrusions by unauthorized users.

  8. WRHT: A Hybrid Technique for Detection of Wormhole Attack in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Rupinder Singh

    2016-01-01

    Full Text Available Wormhole attack is a challenging security threat to wireless sensor networks which results in disrupting most of the routing protocols as this attack can be triggered in different modes. In this paper, WRHT, a wormhole resistant hybrid technique, is proposed, which can detect the presence of wormhole attack in a more optimistic manner than earlier techniques. WRHT is based on the concept of watchdog and Delphi schemes and ensures that the wormhole will not be left untreated in the sensor network. WRHT makes use of the dual wormhole detection mechanism of calculating probability factor time delay probability and packet loss probability of the established path in order to find the value of wormhole presence probability. The nodes in the path are given different ranking and subsequently colors according to their behavior. The most striking feature of WRHT consists of its capacity to defend against almost all categories of wormhole attacks without depending on any required additional hardware such as global positioning system, timing information or synchronized clocks, and traditional cryptographic schemes demanding high computational needs. The experimental results clearly indicate that the proposed technique has significant improvement over the existing wormhole attack detection techniques.

  9. A Computationally Intelligent Approach to the Detection of Wormhole Attacks in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mohammad Nurul Afsar Shaon

    2017-05-01

    Full Text Available A wormhole attack is one of the most critical and challenging security threats for wireless sensor networks because of its nature and ability to perform concealed malicious activities. This paper proposes an innovative wormhole detection scheme to detect wormhole attacks using computational intelligence and an artificial neural network (ANN. Most wormhole detection schemes reported in the literature assume the sensors are uniformly distributed in a network, and, furthermore, they use statistical and topological information and special hardware for their detection. However, these schemes may perform poorly in non-uniformly distributed networks, and, moreover, they may fail to defend against “out of band” and “in band” wormhole attacks. The aim of the proposed research is to develop a detection scheme that is able to detect all kinds of wormhole attacks in both uniformly and non-uniformly distributed sensor networks. Furthermore, the proposed research does not require any special hardware and causes no significant network overhead throughout the network. Most importantly, the probable location of the malicious nodes can be identified by the proposed ANN based detection scheme. We evaluate the efficacy of the proposed detection scheme in terms of detection accuracy, false positive rate, and false negative rate. The performance of the proposed algorithm is also compared with other machine learning techniques (i.e. SVM and regularized nonlinear logistic regression (LR based detection models. The simulation results show that proposed ANN based algorithm outperforms the SVM or LR based detection schemes in terms of detection accuracy, false positive rate, and false negative rates.

  10. Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

    Directory of Open Access Journals (Sweden)

    Nattawat Khamphakdee

    2015-07-01

    Full Text Available The intrusion detection system (IDS is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

  11. High-speed web attack detection through extracting exemplars from HTTP traffic

    KAUST Repository

    Wang, Wei

    2011-01-01

    In this work, we propose an effective method for high-speed web attack detection by extracting exemplars from HTTP traffic before the detection model is built. The smaller set of exemplars keeps valuable information of the original traffic while it significantly reduces the size of the traffic so that the detection remains effective and improves the detection efficiency. The Affinity Propagation (AP) is employed to extract the exemplars from the HTTP traffic. K-Nearest Neighbor(K-NN) and one class Support Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our methods. The extensive test results show that the AP based exemplar extraction significantly improves the real-time performance of the detection compared to using all the HTTP traffic and achieves a more robust detection performance than information gain based attribute selection for web attack detection. © 2011 ACM.

  12. A Bernoulli Gaussian Watermark for Detecting Integrity Attacks in Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Weerakkody, Sean [Carnegie Mellon Univ., Pittsburgh, PA (United States); Ozel, Omur [Carnegie Mellon Univ., Pittsburgh, PA (United States); Sinopoli, Bruno [Carnegie Mellon Univ., Pittsburgh, PA (United States)

    2017-11-02

    We examine the merit of Bernoulli packet drops in actively detecting integrity attacks on control systems. The aim is to detect an adversary who delivers fake sensor measurements to a system operator in order to conceal their effect on the plant. Physical watermarks, or noisy additive Gaussian inputs, have been previously used to detect several classes of integrity attacks in control systems. In this paper, we consider the analysis and design of Gaussian physical watermarks in the presence of packet drops at the control input. On one hand, this enables analysis in a more general network setting. On the other hand, we observe that in certain cases, Bernoulli packet drops can improve detection performance relative to a purely Gaussian watermark. This motivates the joint design of a Bernoulli-Gaussian watermark which incorporates both an additive Gaussian input and a Bernoulli drop process. We characterize the effect of such a watermark on system performance as well as attack detectability in two separate design scenarios. Here, we consider a correlation detector for attack recognition. We then propose efficiently solvable optimization problems to intelligently select parameters of the Gaussian input and the Bernoulli drop process while addressing security and performance trade-offs. Finally, we provide numerical results which illustrate that a watermark with packet drops can indeed outperform a Gaussian watermark.

  13. Obfuscated RSUs Vector Based Signature Scheme for Detecting Conspiracy Sybil Attack in VANETs

    Directory of Open Access Journals (Sweden)

    Xia Feng

    2017-01-01

    Full Text Available Given the popularity of vehicular Ad hoc networks (VANETs in traffic management, a new challenging issue comes into traffic safety, that is, security of the networks, especially when the adversary breaks defence. Sybil attack, for example, is a potential security threat through forging several identities to carry out attacks in VANETs. At this point, the paper proposed a solution named DMON that is a Sybil attack detection method with obfuscated neighbor relationship of Road Side Units (RSUs. DMON presents a ring signature based identification scheme and replaces vehicles’ identities with their trajectory for the purpose of anonymity. Furthermore, the neighbor relationship of RSUs is obfuscated to achieve privacy preserving of locations. The proposed scheme has been formally proved in the views of security and performance. Simulation has also been implemented to validate the scheme, in which the findings reveal the lower computational overhead and higher detection rate comparing with other related solutions.

  14. Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks

    Directory of Open Access Journals (Sweden)

    Khundrakpam Johnson Singh

    2016-10-01

    Full Text Available Distributed denial-of-service (DDoS attack is one of the major threats to the web server. The rapid increase of DDoS attacks on the Internet has clearly pointed out the limitations in current intrusion detection systems or intrusion prevention systems (IDS/IPS, mostly caused by application-layer DDoS attacks. Within this context, the objective of the paper is to detect a DDoS attack using a multilayer perceptron (MLP classification algorithm with genetic algorithm (GA as learning algorithm. In this work, we analyzed the standard EPA-HTTP (environmental protection agency-hypertext transfer protocol dataset and selected the parameters that will be used as input to the classifier model for differentiating the attack from normal profile. The parameters selected are the HTTP GET request count, entropy, and variance for every connection. The proposed model can provide a better accuracy of 98.31%, sensitivity of 0.9962, and specificity of 0.0561 when compared to other traditional classification models.

  15. Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292)

    NARCIS (Netherlands)

    Dacer, Marc; Kargl, Frank; König, Hartmut; Valdes, Alfonso

    2014-01-01

    This report documents the program and the outcomes of Dagstuhl Seminar 14292 “Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures”. The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It

  16. Ethanol accumulation during severe drought may signal tree vulnerability to detection and attack by bark beetles

    Science.gov (United States)

    Rick G. Kelsey; D. Gallego; F.J. Sánchez-Garcia; J.A. Pajares

    2014-01-01

    Tree mortality from temperature-driven drought is occurring in forests around the world, often in conjunction with bark beetle outbreaks when carbon allocation to tree defense declines. Physiological metrics for detecting stressed trees with enhanced vulnerability prior to bark beetle attacks remain elusive. Ethanol, water, monoterpene concentrations, and composition...

  17. Intelligent Intrusion Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks

    Directory of Open Access Journals (Sweden)

    Khattab M. Ali Alheeti

    2016-07-01

    Full Text Available Vehicular ad hoc networks (VANETs play a vital role in the success of self-driving and semi self-driving vehicles, where they improve safety and comfort. Such vehicles depend heavily on external communication with the surrounding environment via data control and Cooperative Awareness Messages (CAMs exchanges. VANETs are potentially exposed to a number of attacks, such as grey hole, black hole, wormhole and rushing attacks. This work presents an intelligent Intrusion Detection System (IDS that relies on anomaly detection to protect the external communication system from grey hole and rushing attacks. These attacks aim to disrupt the transmission between vehicles and roadside units. The IDS uses features obtained from a trace file generated in a network simulator and consists of a feed-forward neural network and a support vector machine. Additionally, the paper studies the use of a novel systematic response, employed to protect the vehicle when it encounters malicious behaviour. Our simulations of the proposed detection system show that the proposed schemes possess outstanding detection rates with a reduction in false alarms. This safe mode response system has been evaluated using four performance metrics, namely, received packets, packet delivery ratio, dropped packets and the average end to end delay, under both normal and abnormal conditions.

  18. Multi-sensor technologies for analyzing sinkholes in Hamedan, west Iran

    Science.gov (United States)

    Vajedian, Sanaz; Motagh, Mahdi; Hojati, Ahmad; Wetzel, Hans-Ulrich

    2017-04-01

    Dissolution of the carbonate beds such as limestone, dolomite or gypsum by acidic groundwater flowing through fractures and joints in the bedrock alters land surface and enhances the development of sinkholes. Sinkhole formation causes the surface to subside or even collapse suddenly without any prior warning, leading to extensive damage and sometimes loss of life and property, in particular in urban areas. Delineating sinkholes is critical for understanding hydrological processes and mitigating geological hazards in karst areas. The recent availability of high-resolution digital elevation models (DEM) from TanDEM-X (TDX) mission enables us to delineate and analyze geomorphologic features and landscape structures at an unprecedented level of details, in comparison to previous missions such as c-band and x-band Shuttle Radar Topography Mission (SRTM). In this study, we develop an adaptive sinkhole-delineating method based on photogrammetry techniques to detect karst sinkholes in Hamedan , west Iran, using TDX-derived DEMs. We apply automatic feature extraction using watershed algorithm in order to detect depression areas. We show that using high-resolution TDX data from different geometries and time periods we could effectively distinguish sinkholes from other depression features of the basin. We also use interferometric synthetic aperture radar (InSAR) technique with SAR data acquired from a variety of sensors including Envisat, ALOS, TerraSAR-X and Sentinel-1 to quantify long-term subsidence in areas prone to sinkhole formation. Our results indicate that the formation of a lot of sinkholes is influenced by land subsidence, affecting the region over 100 km with the maximum rate of 4-5 cm/yr during 2003 to 2016.

  19. Cloud-Based DDoS HTTP Attack Detection Using Covariance Matrix Approach

    Directory of Open Access Journals (Sweden)

    Abdulaziz Aborujilah

    2017-01-01

    Full Text Available In this era of technology, cloud computing technology has become essential part of the IT services used the daily life. In this regard, website hosting services are gradually moving to the cloud. This adds new valued feature to the cloud-based websites and at the same time introduces new threats for such services. DDoS attack is one such serious threat. Covariance matrix approach is used in this article to detect such attacks. The results were encouraging, according to confusion matrix and ROC descriptors.

  20. Cyber situation awareness: modeling detection of cyber attacks with instance-based learning theory.

    Science.gov (United States)

    Dutt, Varun; Ahn, Young-Suk; Gonzalez, Cleotilde

    2013-06-01

    To determine the effects of an adversary's behavior on the defender's accurate and timely detection of network threats. Cyber attacks cause major work disruption. It is important to understand how a defender's behavior (experience and tolerance to threats), as well as adversarial behavior (attack strategy), might impact the detection of threats. In this article, we use cognitive modeling to make predictions regarding these factors. Different model types representing a defender, based on Instance-Based Learning Theory (IBLT), faced different adversarial behaviors. A defender's model was defined by experience of threats: threat-prone (90% threats and 10% nonthreats) and nonthreat-prone (10% threats and 90% nonthreats); and different tolerance levels to threats: risk-averse (model declares a cyber attack after perceiving one threat out of eight total) and risk-seeking (model declares a cyber attack after perceiving seven threats out of eight total). Adversarial behavior is simulated by considering different attack strategies: patient (threats occur late) and impatient (threats occur early). For an impatient strategy, risk-averse models with threat-prone experiences show improved detection compared with risk-seeking models with nonthreat-prone experiences; however, the same is not true for a patient strategy. Based upon model predictions, a defender's prior threat experiences and his or her tolerance to threats are likely to predict detection accuracy; but considering the nature of adversarial behavior is also important. Decision-support tools that consider the role of a defender's experience and tolerance to threats along with the nature of adversarial behavior are likely to improve a defender's overall threat detection.

  1. Soil-embedded optical fiber sensing cable interrogated by Brillouin optical time-domain reflectometry (B-OTDR) and optical frequency-domain reflectometry (OFDR) for embedded cavity detection and sinkhole warning system

    International Nuclear Information System (INIS)

    Lanticq, V; Bourgeois, E; Delepine-Lesoille, S; Magnien, P; Dieleman, L; Vinceslas, G; Sang, A

    2009-01-01

    A soil-embedded optical fiber sensing cable is evaluated for an embedded cavity detection and sinkhole warning system in railway tunnels. Tests were performed on a decametric structure equipped with an embedded 110 m long fiber optic cable. Both Brillouin optical time-domain reflectometry (B-OTDR) and optical frequency-domain reflectometry (OFDR) sensing techniques were used for cable interrogation, yielding results that were in good qualitative agreement with finite-element calculations. Theoretical and experimental comparison enabled physical interpretation of the influence of ground properties, and the analysis of embedded cavity size and position. A 5 mm embedded cavity located 2 m away from the sensing cable was detected. The commercially available sensing cable remained intact after soil collapse. Specificities of each technique are analyzed in view of the application requirements. For tunnel monitoring, the OFDR technique was determined to be more viable than the B-OTDR due to higher spatial resolution, resulting in better detection and size determination of the embedded cavities. Conclusions of this investigation gave outlines for future field use of distributed strain-sensing methods under railways and more precisely enabled designing a warning system suited to the Ebersviller tunnel specificities

  2. PHACK: An Efficient Scheme for Selective Forwarding Attack Detection in WSNs

    Directory of Open Access Journals (Sweden)

    Anfeng Liu

    2015-12-01

    Full Text Available In this paper, a Per-Hop Acknowledgement (PHACK-based scheme is proposed for each packet transmission to detect selective forwarding attacks. In our scheme, the sink and each node along the forwarding path generate an acknowledgement (ACK message for each received packet to confirm the normal packet transmission. The scheme, in which each ACK is returned to the source node along a different routing path, can significantly increase the resilience against attacks because it prevents an attacker from compromising nodes in the return routing path, which can otherwise interrupt the return of nodes’ ACK packets. For this case, the PHACK scheme also has better potential to detect abnormal packet loss and identify suspect nodes as well as better resilience against attacks. Another pivotal issue is the network lifetime of the PHACK scheme, as it generates more acknowledgements than previous ACK-based schemes. We demonstrate that the network lifetime of the PHACK scheme is not lower than that of other ACK-based schemes because the scheme just increases the energy consumption in non-hotspot areas and does not increase the energy consumption in hotspot areas. Moreover, the PHACK scheme greatly simplifies the protocol and is easy to implement. Both theoretical and simulation results are given to demonstrate the effectiveness of the proposed scheme in terms of high detection probability and the ability to identify suspect nodes.

  3. SiC: An Agent Based Architecture for Preventing and Detecting Attacks to Ubiquitous Databases

    Science.gov (United States)

    Pinzón, Cristian; de Paz, Yanira; Bajo, Javier; Abraham, Ajith; Corchado, Juan M.

    One of the main attacks to ubiquitous databases is the structure query language (SQL) injection attack, which causes severe damages both in the commercial aspect and in the user’s confidence. This chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hierarchical distributed multiagent architecture, which involves an entirely new approach with respect to existing architectures for the prevention and detection of SQL injections. SiC incorporates a kind of intelligent agent, which integrates a case-based reasoning system. This agent, which is the core of the architecture, allows the application of detection techniques based on anomalies as well as those based on patterns, providing a great degree of autonomy, flexibility, robustness and dynamic scalability. The characteristics of the multiagent system allow an architecture to detect attacks from different types of devices, regardless of the physical location. The architecture has been tested on a medical database, guaranteeing safe access from various devices such as PDAs and notebook computers.

  4. Shilling attack detection for recommender systems based on credibility of group users and rating time series.

    Science.gov (United States)

    Zhou, Wei; Wen, Junhao; Qu, Qiang; Zeng, Jun; Cheng, Tian

    2018-01-01

    Recommender systems are vulnerable to shilling attacks. Forged user-generated content data, such as user ratings and reviews, are used by attackers to manipulate recommendation rankings. Shilling attack detection in recommender systems is of great significance to maintain the fairness and sustainability of recommender systems. The current studies have problems in terms of the poor universality of algorithms, difficulty in selection of user profile attributes, and lack of an optimization mechanism. In this paper, a shilling behaviour detection structure based on abnormal group user findings and rating time series analysis is proposed. This paper adds to the current understanding in the field by studying the credibility evaluation model in-depth based on the rating prediction model to derive proximity-based predictions. A method for detecting suspicious ratings based on suspicious time windows and target item analysis is proposed. Suspicious rating time segments are determined by constructing a time series, and data streams of the rating items are examined and suspicious rating segments are checked. To analyse features of shilling attacks by a group user's credibility, an abnormal group user discovery method based on time series and time window is proposed. Standard testing datasets are used to verify the effect of the proposed method.

  5. Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming

    KAUST Repository

    Canepa, Edward S.

    2013-01-01

    Traffic sensing systems rely more and more on user generated (insecure) data, which can pose a security risk whenever the data is used for traffic flow control. In this article, we propose a new formulation for detecting malicious data injection in traffic flow monitoring systems by using the underlying traffic flow model. The state of traffic is modeled by the Lighthill-Whitham- Richards traffic flow model, which is a first order scalar conservation law with concave flux function. Given a set of traffic flow data, we show that the constraints resulting from this partial differential equation are mixed integer linear inequalities for some decision variable. We use this fact to pose the problem of detecting spoofing cyber-attacks in probe-based traffic flow information systems as mixed integer linear feasibility problem. The resulting framework can be used to detect spoofing attacks in real time, or to evaluate the worst-case effects of an attack offline. A numerical implementation is performed on a cyber-attack scenario involving experimental data from the Mobile Century experiment and the Mobile Millennium system currently operational in Northern California. © 2013 IEEE.

  6. Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming

    KAUST Repository

    Canepa, Edward S.

    2013-09-01

    Traffic sensing systems rely more and more on user generated (insecure) data, which can pose a security risk whenever the data is used for traffic flow control. In this article, we propose a new formulation for detecting malicious data injection in traffic flow monitoring systems by using the underlying traffic flow model. The state of traffic is modeled by the Lighthill- Whitham-Richards traffic flow model, which is a first order scalar conservation law with concave flux function. Given a set of traffic flow data generated by multiple sensors of different types, we show that the constraints resulting from this partial differential equation are mixed integer linear inequalities for a specific decision variable. We use this fact to pose the problem of detecting spoofing cyber attacks in probe-based traffic flow information systems as mixed integer linear feasibility problem. The resulting framework can be used to detect spoofing attacks in real time, or to evaluate the worst-case effects of an attack offliine. A numerical implementation is performed on a cyber attack scenario involving experimental data from the Mobile Century experiment and the Mobile Millennium system currently operational in Northern California. © American Institute of Mathematical Sciences.

  7. Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Popovsky, Barbara; Narvaez Suarez, Julia F.; Seifert, Christian; Frincke, Deborah A.; O' Neil, Lori R.; Aval, Chiraag U.

    2009-07-24

    This paper presents the application of deception theory to improve the success of client honeypots at detecting malicious web page attacks from infected servers programmed by online criminals to launch drive-by-download attacks. The design of honeypots faces three main challenges: deception, how to design honeypots that seem real systems; counter-deception, techniques used to identify honeypots and hence defeating their deceiving nature; and counter counter-deception, how to design honeypots that deceive attackers. The authors propose the application of a deception model known as the deception planning loop to identify the current status on honeypot research, development and deployment. The analysis leads to a proposal to formulate a landscape of the honeypot research and planning of steps ahead.

  8. A COMPREHENSIVE SURVEY ON DETECTING BLACK HOLE ATTACK IN MOBILE AD-HOC NETWORK (MANET

    Directory of Open Access Journals (Sweden)

    Pascal Maniriho

    2018-01-01

    Full Text Available The infrastructure-less nature and mobility of nodes in mobile ad-hoc network (MANET make it to be very susceptible to various attacks. Besides, owing to its flexibility and simplicity, there is no predefined time or permission set for nodes to leave or join the network and each node can act as a client or server.  Nevertheless, securing communication between nodes has become a challenging problem than in other types of network. Attacks in MANET range into different categories. Black hole attack is one of the attacks that has been addressed by many researchers in the recent years. It does occur when a harmful mobile node called black hole becomes a part of the network and tries to use its malicious behaviors by sending fake route reply packets (RREP for any received route request packets (RREQ. When these faked packets arrive to the source node, it does reply to them by sending data packet via the established route. Once the packets are received by the black hole, it drops them before reaching the destination.  Hence, preventing the source node from reaching the intended destination. In this paper, we present an overview of a wide range of techniques suggested in the literature for detecting and preventing black hole attacks in mobile ad hoc network. Additionally, the effect of each approach on the network performance is also presented.

  9. Using lidar data to analyse sinkhole characteristics relevant for understory vegetation under forest cover-case study of a high karst area in the dinaric mountains.

    Directory of Open Access Journals (Sweden)

    Milan Kobal

    Full Text Available In this article, we investigate the potential for detection and characterization of sinkholes under dense forest cover by using airborne laser scanning data. Laser pulse returns from the ground provide important data for the estimation of digital elevation model (DEM, which can be used for further processing. The main objectives of this study were to map and determine the geomorphometric characteristics of a large number of sinkholes and to investigate the correlations between geomorphology and vegetation in areas with such characteristics. The selected study area has very low anthropogenic influences and is particularly suitable for studying undisturbed karst sinkholes. The information extracted from this study regarding the shapes and depths of sinkholes show significant directionality for both orientation of sinkholes and their distribution over the area. Furthermore, significant differences in vegetation diversity and composition occur inside and outside the sinkholes, which indicates their presence has important ecological impacts.

  10. Using lidar data to analyse sinkhole characteristics relevant for understory vegetation under forest cover-case study of a high karst area in the dinaric mountains.

    Science.gov (United States)

    Kobal, Milan; Bertoncelj, Irena; Pirotti, Francesco; Dakskobler, Igor; Kutnar, Lado

    2015-01-01

    In this article, we investigate the potential for detection and characterization of sinkholes under dense forest cover by using airborne laser scanning data. Laser pulse returns from the ground provide important data for the estimation of digital elevation model (DEM), which can be used for further processing. The main objectives of this study were to map and determine the geomorphometric characteristics of a large number of sinkholes and to investigate the correlations between geomorphology and vegetation in areas with such characteristics. The selected study area has very low anthropogenic influences and is particularly suitable for studying undisturbed karst sinkholes. The information extracted from this study regarding the shapes and depths of sinkholes show significant directionality for both orientation of sinkholes and their distribution over the area. Furthermore, significant differences in vegetation diversity and composition occur inside and outside the sinkholes, which indicates their presence has important ecological impacts.

  11. Using Lidar Data to Analyse Sinkhole Characteristics Relevant for Understory Vegetation under Forest Cover—Case Study of a High Karst Area in the Dinaric Mountains

    Science.gov (United States)

    Kobal, Milan; Bertoncelj, Irena; Pirotti, Francesco; Dakskobler, Igor; Kutnar, Lado

    2015-01-01

    In this article, we investigate the potential for detection and characterization of sinkholes under dense forest cover by using airborne laser scanning data. Laser pulse returns from the ground provide important data for the estimation of digital elevation model (DEM), which can be used for further processing. The main objectives of this study were to map and determine the geomorphometric characteristics of a large number of sinkholes and to investigate the correlations between geomorphology and vegetation in areas with such characteristics. The selected study area has very low anthropogenic influences and is particularly suitable for studying undisturbed karst sinkholes. The information extracted from this study regarding the shapes and depths of sinkholes show significant directionality for both orientation of sinkholes and their distribution over the area. Furthermore, significant differences in vegetation diversity and composition occur inside and outside the sinkholes, which indicates their presence has important ecological impacts. PMID:25793871

  12. A UNIFIED APPROACH FOR DETECTION AND PREVENTION OF DDOS ATTACKS USING ENHANCED SUPPORT VECTOR MACHINES AND FILTERING MECHANISMS

    Directory of Open Access Journals (Sweden)

    T. Subbulakshmi

    2014-10-01

    Full Text Available Distributed Denial of Service (DDoS attacks were considered to be a tremendous threat to the current information security infrastructure. During DDoS attack, multiple malicious hosts that are recruited by the attackers launch a coordinated attack against one host or a network victim, which cause denial of service to legitimate users. The existing techniques suffer from more number of false alarms and more human intervention for attack detection. The objective of this paper is to monitor the network online which automatically initiates detection mechanism if there is any suspicious activity and also defense the hosts from being arrived at the network. Both spoofed and non spoofed IP’s are detected in this approach. Non spoofed IP’s are detected using Enhanced Support Vector Machines (ESVM and spoofed IP’s are detected using Hop Count Filtering (HCF mechanism. The detected IP’s are maintained separately to initiate the defense process. The attack strength is calculated using Lanchester Law which initiates the defense mechanism. Based on the calculated attack strength any of the defense schemes such as Rate based limiting or History based IP filtering is automatically initiated to drop the packets from the suspected IP. The integrated online monitoring approach for detection and defense of DDoS attacks is deployed in an experimental testbed. The online approach is found to be obvious in the field of integrated DDoS detection and defense.

  13. An improved technique for the detection of pilot contamination attacks in TDD wireless communication systems

    Directory of Open Access Journals (Sweden)

    Mihaylova Dimitriya

    2017-01-01

    Full Text Available One of the problems phasing the physical layer security of a wireless system is its vulnerability to pilot contamination attacks and hence schemes for its detection need to be applied. A method proposed in the literature consists of training with two N-PSK pilots. Although the method is effective in most of the cases, it is not able to discover an attack initiated during the transmission of the second pilot from the pair if both the legitimate and non-legitimate pilots coincide. In this current paper, an improvement to this method is proposed which detects an intruder who misses the first pilot transmission. The suggested improvement eliminates the usage of threshold values in the detection – a main drawback of previously existing solution.

  14. A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks

    Directory of Open Access Journals (Sweden)

    Muhammad Hilmi Kamarudin

    2017-01-01

    Full Text Available The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification. Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR coupled with Euclidean Distance Analysis (EDA and the Chebyshev Inequality Theorem (CIT to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB is employed alongside Random Forest (RF as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.

  15. Detection of Cross Site Scripting Attack in Wireless Networks Using n-Gram and SVM

    Directory of Open Access Journals (Sweden)

    Jun-Ho Choi

    2012-01-01

    Full Text Available Large parts of attacks targeting the web are aiming at the weak point of web application. Even though SQL injection, which is the form of XSS (Cross Site Scripting attacks, is not a threat to the system to operate the web site, it is very critical to the places that deal with the important information because sensitive information can be obtained and falsified. In this paper, the method to detect themalicious SQL injection script code which is the typical XSS attack using n-Gram indexing and SVM (Support Vector Machine is proposed. In order to test the proposed method, the test was conducted after classifying each data set as normal code and malicious code, and the malicious script code was detected by applying index term generated by n-Gram and data set generated by code dictionary to SVM classifier. As a result, when the malicious script code detection was conducted using n-Gram index term and SVM, the superior performance could be identified in detecting malicious script and the more improved results than existing methods could be seen in the malicious script code detection recall.

  16. Improved Deep Belief Networks (IDBN Dynamic Model-Based Detection and Mitigation for Targeted Attacks on Heavy-Duty Robots

    Directory of Open Access Journals (Sweden)

    Lianpeng Li

    2018-04-01

    Full Text Available In recent years, the robots, especially heavy-duty robots, have become the hardest-hit areas for targeted attacks. These attacks come from both the cyber-domain and the physical-domain. In order to improve the security of heavy-duty robots, this paper proposes a detection and mitigation mechanism which based on improved deep belief networks (IDBN and dynamic model. The detection mechanism consists of two parts: (1 IDBN security checks, which can detect targeted attacks from the cyber-domain; (2 Dynamic model and security detection, used to detect the targeted attacks which can possibly lead to a physical-domain damage. The mitigation mechanism was established on the base of the detection mechanism and could mitigate transient and discontinuous attacks. Moreover, a test platform was established to carry out the performance evaluation test for the proposed mechanism. The results show that, the detection accuracy for the attack of the cyber-domain of IDBN reaches 96.2%, and the detection accuracy for the attack of physical-domain control commands reaches 94%. The performance evaluation test has verified the reliability and high efficiency of the proposed detection and mitigation mechanism for heavy-duty robots.

  17. Florida Sinkholes and Grout Injection Stabilization

    Directory of Open Access Journals (Sweden)

    Charles Hunt Griffith II

    2014-09-01

    Full Text Available Florida has a major problem when it comes to sinkholes. These sinkholes can become very hazardous to people, homes, and to the landscape as a whole. Florida sits on a carbonate platform which is highly indicative of sinkholes. There are three main types of sinkholes which occur in Florida: dissolution, cover subsidence, and cover collapse. I will compare these types of sinkholes to the underlying formation beneath Florida to see if there is a connection between the types of sinkholes that occur. I will also create a 3D model of grout injection stabilization and calculate its volume to compare to the actual volume placed under the house. This information will help inform and bring attention to the problem in Florida and in turn, may help alleviate the problem if we can understand what causes these sinkholes. The 3D model may help engineering companies become more efficient in predicting the projected amount of volume to stabilize a house that may be in danger.

  18. A Targeted Attack For Enhancing Resiliency of Intelligent Intrusion Detection Modules in Energy Cyber Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Youssef, Tarek [Florida Intl Univ., Miami, FL (United States); El Hariri, Mohammad [Florida Intl Univ., Miami, FL (United States); Habib, Hani [Florida Intl Univ., Miami, FL (United States); Mohammed, Osama [Florida Intl Univ., Miami, FL (United States); Harmon, E [Florida Intl Univ., Miami, FL (United States)

    2017-02-28

    Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware to trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.

  19. Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment

    Directory of Open Access Journals (Sweden)

    Ady Wahyudi Paundu

    2018-01-01

    Full Text Available Cache-based side channel attack (CSCa techniques in virtualization systems are becoming more advanced, while defense methods against them are still perceived as nonpractical. The most recent CSCa variant called Flush + Flush has showed that the current detection methods can be easily bypassed. Within this work, we introduce a novel monitoring approach to detect CSCa operations inside a virtualization environment. We utilize the Kernel Virtual Machine (KVM event data in the kernel and process this data using a machine learning technique to identify any CSCa operation in the guest Virtual Machine (VM. We evaluate our approach using Receiver Operating Characteristic (ROC diagram of multiple attack and benign operation scenarios. Our method successfully separate the CSCa datasets from the non-CSCa datasets, on both trained and nontrained data scenarios. The successful classification also include the Flush + Flush attack scenario. We are also able to explain the classification results by extracting the set of most important features that separate both classes using their Fisher scores and show that our monitoring approach can work to detect CSCa in general. Finally, we evaluate the overhead impact of our CSCa monitoring method and show that it has a negligible computation overhead on the host and the guest VM.

  20. Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

    Science.gov (United States)

    Hu, Haibin

    2017-05-01

    Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

  1. Detecting Cyber-Attacks on Wireless Mobile Networks Using Multicriterion Fuzzy Classifier with Genetic Attribute Selection

    Directory of Open Access Journals (Sweden)

    El-Sayed M. El-Alfy

    2015-01-01

    Full Text Available With the proliferation of wireless and mobile network infrastructures and capabilities, a wide range of exploitable vulnerabilities emerges due to the use of multivendor and multidomain cross-network services for signaling and transport of Internet- and wireless-based data. Consequently, the rates and types of cyber-attacks have grown considerably and current security countermeasures for protecting information and communication may be no longer sufficient. In this paper, we investigate a novel methodology based on multicriterion decision making and fuzzy classification that can provide a viable second-line of defense for mitigating cyber-attacks. The proposed approach has the advantage of dealing with various types and sizes of attributes related to network traffic such as basic packet headers, content, and time. To increase the effectiveness and construct optimal models, we augmented the proposed approach with a genetic attribute selection strategy. This allows efficient and simpler models which can be replicated at various network components to cooperatively detect and report malicious behaviors. Using three datasets covering a variety of network attacks, the performance enhancements due to the proposed approach are manifested in terms of detection errors and model construction times.

  2. Deformation analysis of a sinkhole in Thuringia using multi-temporal multi-view stereo 3D reconstruction data

    Science.gov (United States)

    Petschko, Helene; Goetz, Jason; Schmidt, Sven

    2017-04-01

    Sinkholes are a serious threat on life, personal property and infrastructure in large parts of Thuringia. Over 9000 sinkholes have been documented by the Geological Survey of Thuringia, which are caused by collapsing hollows which formed due to solution processes within the local bedrock material. However, little is known about surface processes and their dynamics at the flanks of the sinkhole once the sinkhole has shaped. These processes are of high interest as they might lead to dangerous situations at or within the vicinity of the sinkhole. Our objective was the analysis of these deformations over time in 3D by applying terrestrial photogrammetry with a simple DSLR camera. Within this study, we performed an analysis of deformations within a sinkhole close to Bad Frankenhausen (Thuringia) using terrestrial photogrammetry and multi-view stereo 3D reconstruction to obtain a 3D point cloud describing the morphology of the sinkhole. This was performed for multiple data collection campaigns over a 6-month period. The photos of the sinkhole were taken with a Nikon D3000 SLR Camera. For the comparison of the point clouds the Multiscale Model to Model Comparison (M3C2) plugin of the software CloudCompare was used. It allows to apply advanced methods of point cloud difference calculation which considers the co-registration error between two point clouds for assessing the significance of the calculated difference (given in meters). Three Styrofoam cuboids of known dimensions (16 cm wide/29 cm high/11.5 cm deep) were placed within the sinkhole to test the accuracy of the point cloud difference calculation. The multi-view stereo 3D reconstruction was performed with Agisoft Photoscan. Preliminary analysis indicates that about 26% of the sinkhole showed changes exceeding the co-registration error of the point clouds. The areas of change can mainly be detected on the flanks of the sinkhole and on an earth pillar that formed in the center of the sinkhole. These changes describe

  3. Simultaneous Event-Triggered Fault Detection and Estimation for Stochastic Systems Subject to Deception Attacks.

    Science.gov (United States)

    Li, Yunji; Wu, QingE; Peng, Li

    2018-01-23

    In this paper, a synthesized design of fault-detection filter and fault estimator is considered for a class of discrete-time stochastic systems in the framework of event-triggered transmission scheme subject to unknown disturbances and deception attacks. A random variable obeying the Bernoulli distribution is employed to characterize the phenomena of the randomly occurring deception attacks. To achieve a fault-detection residual is only sensitive to faults while robust to disturbances, a coordinate transformation approach is exploited. This approach can transform the considered system into two subsystems and the unknown disturbances are removed from one of the subsystems. The gain of fault-detection filter is derived by minimizing an upper bound of filter error covariance. Meanwhile, system faults can be reconstructed by the remote fault estimator. An recursive approach is developed to obtain fault estimator gains as well as guarantee the fault estimator performance. Furthermore, the corresponding event-triggered sensor data transmission scheme is also presented for improving working-life of the wireless sensor node when measurement information are aperiodically transmitted. Finally, a scaled version of an industrial system consisting of local PC, remote estimator and wireless sensor node is used to experimentally evaluate the proposed theoretical results. In particular, a novel fault-alarming strategy is proposed so that the real-time capacity of fault-detection is guaranteed when the event condition is triggered.

  4. A bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks

    DEFF Research Database (Denmark)

    Meng, Weizhi; Li, Wenjuan; Xiang, Yang

    2017-01-01

    and experience for both patients and healthcare workers, and the underlying network architecture to support such devices is also referred to as medical smartphone networks (MSNs). MSNs, similar to other networks, are subject to a wide range of attacks (e.g. leakage of sensitive patient information by a malicious...... insider). In this work, we focus on MSNs and present a compact but efficient trust-based approach using Bayesian inference to identify malicious nodes in such an environment. We then demonstrate the effectiveness of our approach in detecting malicious nodes by evaluating the deployment of our proposed...

  5. Geology, Surficial - MO 2012 Springfield 100Yr Flood Sinkholes (SHP)

    Data.gov (United States)

    NSGIC State | GIS Inventory — The layer "100 Yr Flood Sinkholes" is an shapefile feature showing the location of many of the sinkholes found in the Springfield Missouri area. Each of the polygons...

  6. Into the Abyss: The Case of the Collapsing Sinkhole.

    Science.gov (United States)

    Ozsvath, David L.

    2000-01-01

    Presents a case study to teach about the relationship between sinkhole development and groundwater levels in Orlando, Florida. Discusses the relationship between groundwater levels and sinkhole formation in a karst terrane. Includes discussion questions. (YDS)

  7. Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam-For

    2017-01-01

    To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which are utili......To defend against complex attacks, collaborative intrusion detection networks (CIDNs) have been developed to enhance the detection accuracy, which enable an IDS to collect information and learn experience from others. However, this kind of networks is vulnerable to malicious nodes which...... are utilized by insider attacks (e.g., betrayal attacks). In our previous research, we developed a notion of intrusion sensitivity and identified that it can help improve the detection of insider attacks, whereas it is still a challenge for these nodes to automatically assign the values. In this article, we...... of intrusion sensitivity based on expert knowledge. In the evaluation, we compare the performance of three different supervised classifiers in assigning sensitivity values and investigate our trust model under different attack scenarios and in a real wireless sensor network. Experimental results indicate...

  8. A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

    Directory of Open Access Journals (Sweden)

    Yuntao Zhao

    2018-01-01

    Full Text Available The application-layer distributed denial of service (AL-DDoS attack makes a great threat against cyberspace security. The attack detection is an important part of the security protection, which provides effective support for defense system through the rapid and accurate identification of attacks. According to the attacker’s different URL of the Web service, the AL-DDoS attack is divided into three categories, including a random URL attack and a fixed and a traverse one. In order to realize identification of attacks, a mapping matrix of the joint entropy vector is constructed. By defining and computing the value of EUPI and jEIPU, a visual coordinate discrimination diagram of entropy vector is proposed, which also realizes data dimension reduction from N to two. In terms of boundary discrimination and the region where the entropy vectors fall in, the class of AL-DDoS attack can be distinguished. Through the study of training data set and classification, the results show that the novel algorithm can effectively distinguish the web server DDoS attack from normal burst traffic.

  9. Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

    Directory of Open Access Journals (Sweden)

    Zhengmin Xia

    2010-01-01

    Full Text Available Distributed denial-of-service (DDoS flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li's work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.

  10. Investigating the Influence of Special On–Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks

    Directory of Open Access Journals (Sweden)

    Wenjuan Li

    2018-01-01

    Full Text Available Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN has thus been developed by allowing intrusion detection system (IDS nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection.

  11. Model-based approach for cyber-physical attack detection in water distribution systems.

    Science.gov (United States)

    Housh, Mashor; Ohar, Ziv

    2018-08-01

    Modern Water Distribution Systems (WDSs) are often controlled by Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) which manage their operation and maintain a reliable water supply. As such, and with the cyber layer becoming a central component of WDS operations, these systems are at a greater risk of being subjected to cyberattacks. This paper offers a model-based methodology based on a detailed hydraulic understanding of WDSs combined with an anomaly detection algorithm for the identification of complex cyberattacks that cannot be fully identified by hydraulically based rules alone. The results show that the proposed algorithm is capable of achieving the best-known performance when tested on the data published in the BATtle of the Attack Detection ALgorithms (BATADAL) competition (http://www.batadal.net). Copyright © 2018. Published by Elsevier Ltd.

  12. A Novel Real-Time DDoS Attack Detection Mechanism Based on MDRA Algorithm in Big Data

    Directory of Open Access Journals (Sweden)

    Bin Jia

    2016-01-01

    Full Text Available In the wake of the rapid development and wide application of information technology and Internet, our society has come into the information explosion era. Meanwhile, it brings in new and severe challenges to the field of network attack behavior detection due to the explosive growth and high complexity of network traffic. Therefore, an effective and efficient detection mechanism that can detect attack behavior from large scale of network traffic plays an important role. In this paper, we focus on how to distinguish the attack traffic from normal data flows in Big Data and propose a novel real-time DDoS attack detection mechanism based on Multivariate Dimensionality Reduction Analysis (MDRA. In this mechanism, we first reduce the dimensionality of multiple characteristic variables in a network traffic record by Principal Component Analysis (PCA. Then, we analyze the correlation of the lower dimensional variables. Finally, the attack traffic can be differentiated from the normal traffic by MDRA and Mahalanobis distance (MD. Compared with previous research methods, our experimental results show that higher precision rate is achieved and it approximates to 100% in True Negative Rate (TNR for detection; CPU computing time is one-eightieth and memory resource consumption is one-third of the previous detection method based on Multivariate Correlation Analysis (MCA; computing complexity is constant.

  13. Sinkhole occurrence in consequence of heavy rainstorms

    Science.gov (United States)

    Parise, Mario; Pisano, Luca; Vennari, Carmela

    2016-04-01

    Sinkholes, the most typical geological hazard in karst, are widespread in Apulia (south-eastern Italy), due to the presence in about the whole region of soluble rocks. Sinkholes can cause damage to private property and civil infrastructures such as buildings and roads. Detailed mapping of sinkholes is critical in understanding the hydrological processes, beside being extremely useful to mitigate the related geological risk. Sinkholes typically function as a major connection between the water flowing at the surface and the groundwaters, by collecting rainfall and rapidly draining it within the bedrock. In Apulia, the main risk to the humans is generally linked to anthropogenic sinkholes, with the possibility of collapses related to man-made caves (quarries, mines, civil settlements, etc.; see Parise, 2012, 2015a). Natural sinkholes are less frequent, or appears at least to be less reported, since they generally occur in rural areas, and often are rapidly canceled by landowners. During the first week of September 2014, the Gargano Promontory (northern Apulia) was affected by an intense storm, characterized by rainfall cumulates well above the seasonal mean values. The total amount of measured rainfall for the whole event (covering the period from September 1, to September 6, 2014) reached a peak of over 500 mm (Martinotti et al., 2015). As a response to the storm, and due to peculiarity of the Gargano karst setting, several geo-hazards (different types of slope failures, floods and sinkholes) were recorded over an area of 2300 km2. As regards sinkholes, during the September 2014 storm, at least a dozen of phenomena, mostly of small size, were documented. These are prevailingly concentrated in two areas in the surroundings of the towns of San Marco in Lamis and Monte Sant'Angelo. In particular, at San Marco in Lamis, four sinkholes (the deepest about 6 m-deep and 5 m-wide, showing at the bottom the upper portion of the epikarst, with pinnacles of limestone rocks

  14. Towards an integrated approach for characterization of sinkhole hazards in urban environments: the unstable coastal site of Casalabate, Lecce, Italy

    International Nuclear Information System (INIS)

    Delle Rose, Marco; Leucci, Giovanni

    2010-01-01

    Sinkholes occur in many areas of the world, especially where carbonate rocks crop out. They are formed due to natural processes or caused by man's activities. In both cases, severe consequences have to be registered on the anthropogenic environment and related infrastructures. Knowledge of both the mechanism of the sinkhole formation and the localization of this subtle geohazard is therefore necessary for planners and decision makers to perform the most appropriate and suitable programs of land use and development. The Apulia region of southern Italy is characterized for most of its extension by carbonate rocks, which makes it one of the most remarkable examples of karst in the Mediterranean basin. The sinkhole formation in Apulia urban areas has recently produced severe damages, especially along its coastal planes, where different types of sinkholes occur. The detection of cavities, that could collapse and create a sinkhole, in an urban environment presents numerous difficulties (buried networks, reworked soils, etc). A methodology has been developed to respond to this need based on the integration of four complementary methods: geological analysis of outcrops and existing borehole descriptions, aerophotogrammetric interpretation of aerial photos, electrical resistivity tomography (ERT) and ground penetrating radar (GPR). The combination of these methods, applied to a test sector in the city of Casalabate, made it possible to locate the principal karstic conduits beneath the study area and identify a zone of high sinkhole geohazard associated with one such feature

  15. Integrating geomorphological mapping, InSAR, GPR and trenching for the identification and investigation of buried sinkholes in the mantled evaporite karst of the Ebro Valley (NE Spain)

    Science.gov (United States)

    Gutiérrez, Francisco; Galve, Jorge Pedro; Lucha, Pedro; Bonachea, Jaime; Castañeda, Carmen

    2010-05-01

    bedrock sagging. (2) Around 70% of the sinkholes have been filled by man-made ground. (3) Subsidence has caused severe damage to many human structures, primarily due to the ongoing activity of pre-existing buried sinkholes. Consequently, the identification of sinkholes is the key for preventive planning and the delineation of the main risk areas. A total of eleven sinkholes (S1-S11) covering around 20% of the study area were mapped. Six of the sinkholes were buried and the largest one (S8), which occupies approximately 35,500 m2, partially coincides with the area previously selected for the construction of a housing state. The investigation was developed in three main phases. A preliminary sinkhole map was produced in phase I using: (a) aerial photographs and satellite images from different dates (1927, 1957, 1984, 2003, 2006, 2007), (b) detailed topographical maps from 1969 (1:2000) and 1971-73 (1:1000) with contour intervals of 1 m, (c) thorough field surveys including interviews to local people and inspection to human structures, and (d) radar interferometry. Deformation measurements were obtained from 54 interferograms generated by means of the Stable Point Network technique with 23 ENVISAT images acquired from May 2003 to July 2008. The InSAR analysis provides data on the temporal evolution of the subsidence (magnitude and rate) for coherent 20 m-sized pixels. During phase II, 26 GPR profiles with a total length of 2,290 m were conducted using a 400 MHz antenna. In phase III, 13 backhoe trenches up to 2.8 m deep and totalling 323 m were investigated following the methodology commonly used in paleoseismological studies. Two samples were obtained for radiocarbon dating in a trench dug at the margin of sinkhole S8. The aerial photographs, specially the stereoscopic images taken in 1957, were the most useful tool for the identification of buried sinkholes. They allowed us the detection of 9 sinkholes out of 11. The topographical maps depict 7 of the inventoried sinkholes

  16. Localization-Free Detection of Replica Node Attacks in Wireless Sensor Networks Using Similarity Estimation with Group Deployment Knowledge

    Directory of Open Access Journals (Sweden)

    Chao Ding

    2017-01-01

    Full Text Available Due to the unattended nature and poor security guarantee of the wireless sensor networks (WSNs, adversaries can easily make replicas of compromised nodes, and place them throughout the network to launch various types of attacks. Such an attack is dangerous because it enables the adversaries to control large numbers of nodes and extend the damage of attacks to most of the network with quite limited cost. To stop the node replica attack, we propose a location similarity-based detection scheme using deployment knowledge. Compared with prior solutions, our scheme provides extra functionalities that prevent replicas from generating false location claims without deploying resource-consuming localization techniques on the resource-constraint sensor nodes. We evaluate the security performance of our proposal under different attack strategies through heuristic analysis, and show that our scheme achieves secure and robust replica detection by increasing the cost of node replication. Additionally, we evaluate the impact of network environment on the proposed scheme through theoretic analysis and simulation experiments, and indicate that our scheme achieves effectiveness and efficiency with substantially lower communication, computational, and storage overhead than prior works under different situations and attack strategies.

  17. Sinkhole remediation at Swinging Bridge Dam

    Energy Technology Data Exchange (ETDEWEB)

    Jones, A. [Devine Tarbell and Associates, Portland, ME (United States)

    2009-07-01

    This case history summary described a piping-related sinkhole that occurred after a flood at the Swinging Bridge Dam. The earth-filled embankment dam was constructed using a hydraulic fill technique. A foundation drilling and grouting program was constructed in areas of the dam founded on jointed sandstone and shale. The storage volumes of the reservoir is 32,000 acre-feet. A sinkhole 25 to 300 feet in diameter was observed on May 5, 2005 along the edge of the dam crest. The sinkhole extended to within 10 feet of the reservoir and was separated by a shallow berm of soil and driftwood. Cracking of the crest extended across an area of 180 feet. Operations staff notified the appropriate agencies, implemented a monitoring program, and mobilized construction equipment and sands for use as emergency sinkhole filler. An increase in tailrace turbidity was observed. Historical records for the dam showed significant cracking during the initial filling of the reservoir. Failure modes included increased pore pressures and seepages resulting in the piping of soil along the outside of the dam conduit. Emergency repairs included chemical grouting and weld repairs in the penstocks. A Federal Emergency Management Agency (FEMA) is currently addressing safety issues associated with conduits through dams. 4 refs., 11 figs.

  18. Benthic bacterial diversity in submerged sinkhole ecosystems.

    Science.gov (United States)

    Nold, Stephen C; Pangborn, Joseph B; Zajack, Heidi A; Kendall, Scott T; Rediske, Richard R; Biddanda, Bopaiah A

    2010-01-01

    Physicochemical characterization, automated ribosomal intergenic spacer analysis (ARISA) community profiling, and 16S rRNA gene sequencing approaches were used to study bacterial communities inhabiting submerged Lake Huron sinkholes inundated with hypoxic, sulfate-rich groundwater. Photosynthetic cyanobacterial mats on the sediment surface were dominated by Phormidium autumnale, while deeper, organically rich sediments contained diverse and active bacterial communities.

  19. Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

    Directory of Open Access Journals (Sweden)

    Mohamed Idhammad

    2018-01-01

    Full Text Available Cloud Computing services are often delivered through HTTP protocol. This facilitates access to services and reduces costs for both providers and end-users. However, this increases the vulnerabilities of the Cloud services face to HTTP DDoS attacks. HTTP request methods are often used to address web servers’ vulnerabilities and create multiple scenarios of HTTP DDoS attack such as Low and Slow or Flooding attacks. Existing HTTP DDoS detection systems are challenged by the big amounts of network traffic generated by these attacks, low detection accuracy, and high false positive rates. In this paper we present a detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest ensemble learning algorithm. A time-based sliding window algorithm is used to estimate the entropy of the network header features of the incoming network traffic. When the estimated entropy exceeds its normal range the preprocessing and the classification tasks are triggered. To assess the proposed approach various experiments were performed on the CIDDS-001 public dataset. The proposed approach achieves satisfactory results with an accuracy of 99.54%, a FPR of 0.4%, and a running time of 18.5s.

  20. Vesper: Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs

    OpenAIRE

    Mirsky, Yisroel; Kalbo, Naor; Elovici, Yuval; Shabtai, Asaf

    2018-01-01

    The Man-in-the-Middle (MitM) attack is a cyber-attack in which an attacker intercepts traffic, thus harming the confidentiality, integrity, and availability of the network. It remains a popular attack vector due to its simplicity. However, existing solutions are either not portable, suffer from a high false positive rate, or are simply not generic. In this paper, we propose Vesper: a novel plug-and-play MitM detector for local area networks. Vesper uses a technique inspired from impulse respo...

  1. Distributed Denial of Service Attack Source Detection Using Efficient Traceback Technique (ETT) in Cloud-Assisted Healthcare Environment.

    Science.gov (United States)

    Latif, Rabia; Abbas, Haider; Latif, Seemab; Masood, Ashraf

    2016-07-01

    Security and privacy are the first and foremost concerns that should be given special attention when dealing with Wireless Body Area Networks (WBANs). As WBAN sensors operate in an unattended environment and carry critical patient health information, Distributed Denial of Service (DDoS) attack is one of the major attacks in WBAN environment that not only exhausts the available resources but also influence the reliability of information being transmitted. This research work is an extension of our previous work in which a machine learning based attack detection algorithm is proposed to detect DDoS attack in WBAN environment. However, in order to avoid complexity, no consideration was given to the traceback mechanism. During traceback, the challenge lies in reconstructing the attack path leading to identify the attack source. Among existing traceback techniques, Probabilistic Packet Marking (PPM) approach is the most commonly used technique in conventional IP- based networks. However, since marking probability assignment has significant effect on both the convergence time and performance of a scheme, it is not directly applicable in WBAN environment due to high convergence time and overhead on intermediate nodes. Therefore, in this paper we have proposed a new scheme called Efficient Traceback Technique (ETT) based on Dynamic Probability Packet Marking (DPPM) approach and uses MAC header in place of IP header. Instead of using fixed marking probability, the proposed scheme uses variable marking probability based on the number of hops travelled by a packet to reach the target node. Finally, path reconstruction algorithms are proposed to traceback an attacker. Evaluation and simulation results indicate that the proposed solution outperforms fixed PPM in terms of convergence time and computational overhead on nodes.

  2. Sinkhole flooding in Murfreesboro, Rutherford County, Tennessee, 2001-02

    Science.gov (United States)

    Bradley, Michael W.; Hileman, Gregg Edward

    2006-01-01

    The U.S. Geological Survey, in cooperation with the City of Murfreesboro, Tennessee, conducted an investigation from January 2001 through April 2002 to delineate sinkholes and sinkhole watersheds in the Murfreesboro area and to characterize the hydrologic response of sinkholes to major rainfall events. Terrain analysis was used to define sinkholes and delineate the sinkhole drainage areas. Flooding in 78 sinkholes in three focus areas was identified and tracked using aerial photography following three major storms in February 2001, January 2002, and March 2002. The three focus areas are located to the east, north, and northwest of Murfreesboro and are underlain primarily by the Ridley Limestone with some outcrops of the underlying Pierce Limestone. The observed sinkhole flooding is controlled by water inflow, water outflow, and the degree of the hydraulic connection (connectivity) to a ground-water conduit system. The observed sinkholes in the focus areas are grouped into three categories based on the sinkhole morphology and the connectivity to the ground-water system as indicated by their response to flooding. The three types of sinkholes described for these focus areas are pan sinkholes with low connectivity, deep sinkholes with high connectivity, and deep sinkholes with low connectivity to the ground-water conduit system. Shallow, broad pan sinkholes flood as water inflow from a storm inundates the depression at land surface. Water overflow from one pan sinkhole can flow downgradient and become inflow to a sinkhole at a lower altitude. Land-surface modifications that direct more water into a pan sinkhole could increase peak-flood altitudes and extend flood durations. Land-surface modifications that increase the outflow by overland drainage could decrease the flood durations. Road construction or alterations that reduce flow within or between pan sinkholes could result in increased flood durations. Flood levels and durations in the deeper sinkholes observed in

  3. A system for denial-of-service attack detection based on multivariate correlation analysis

    NARCIS (Netherlands)

    Tan, Zhiyuan; Jamdagni, Aruna; He, Xiangjian; Nanda, Priyadarsi; Liu, Ren Ping

    Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS

  4. Catastrophic sinkhole formation in Kansas: A case study

    Science.gov (United States)

    Lambrecht, J.L.; Miller, R.D.

    2006-01-01

    Sinkholes represent a hazard to property and human safety in a wide variety of geologic settings across the globe. In most cases, the subsidence rate of a sinkhole represents the most significant potential impact and risk to public safety. Since 1979, the Kansas Geological Survey has studied numerous sinkholes using high-resolution seismic reflection in an attempt to better understand the mechanisms that control their formation. Most sinkholes in central Kansas form as a result of dissolution of the Permian Hutchinson salt (Figure 1). The fluid source and associated pathway responsible for leaching these bedded evaporites have been natural, anthropogenic, and a combination of both. Sinkholes have been a part of the landscape in the North American midcontinent long before modern oil, gas, and mineral exploration, but clearly the activities of man have played a significant role in both increasing the number of sinkholes and affecting their subsidence rates.

  5. Convolutional neural network based side attack explosive hazard detection in three dimensional voxel radar

    Science.gov (United States)

    Brockner, Blake; Veal, Charlie; Dowdy, Joshua; Anderson, Derek T.; Williams, Kathryn; Luke, Robert; Sheen, David

    2018-04-01

    The identification followed by avoidance or removal of explosive hazards in past and/or present conflict zones is a serious threat for both civilian and military personnel. This is a challenging task as variability exists with respect to the objects, their environment and emplacement context, to name a few factors. A goal is the development of automatic or human-in-the-loop sensor technologies that leverage signal processing, data fusion and machine learning. Herein, we explore the detection of side attack explosive hazards (SAEHs) in three dimensional voxel space radar via different shallow and deep convolutional neural network (CNN) architectures. Dimensionality reduction is performed by using multiple projected images versus the raw three dimensional voxel data, which leads to noteworthy savings in input size and associated network hyperparameters. Last, we explore the accuracy and interpretation of solutions learned via random versus intelligent network weight initialization. Experiments are provided on a U.S. Army data set collected over different times, weather conditions, target types and concealments. Preliminary results indicate that deep learning can perform as good as, if not better, than a skilled domain expert, even in light of limited training data with a class imbalance.

  6. Massively Multi-core Acceleration of a Document-Similarity Classifier to Detect Web Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Ulmer, C; Gokhale, M; Top, P; Gallagher, B; Eliassi-Rad, T

    2010-01-14

    This paper describes our approach to adapting a text document similarity classifier based on the Term Frequency Inverse Document Frequency (TFIDF) metric to two massively multi-core hardware platforms. The TFIDF classifier is used to detect web attacks in HTTP data. In our parallel hardware approaches, we design streaming, real time classifiers by simplifying the sequential algorithm and manipulating the classifier's model to allow decision information to be represented compactly. Parallel implementations on the Tilera 64-core System on Chip and the Xilinx Virtex 5-LX FPGA are presented. For the Tilera, we employ a reduced state machine to recognize dictionary terms without requiring explicit tokenization, and achieve throughput of 37MB/s at slightly reduced accuracy. For the FPGA, we have developed a set of software tools to help automate the process of converting training data to synthesizable hardware and to provide a means of trading off between accuracy and resource utilization. The Xilinx Virtex 5-LX implementation requires 0.2% of the memory used by the original algorithm. At 166MB/s (80X the software) the hardware implementation is able to achieve Gigabit network throughput at the same accuracy as the original algorithm.

  7. DS-ARP: a new detection scheme for ARP spoofing attacks based on routing trace for ubiquitous environments.

    Science.gov (United States)

    Song, Min Su; Lee, Jae Dong; Jeong, Young-Sik; Jeong, Hwa-Young; Park, Jong Hyuk

    2014-01-01

    Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system.

  8. Intrusion Detection of DoS Attacks in WSNs Using Classification ...

    African Journals Online (AJOL)

    pc

    2018-03-05

    Mar 5, 2018 ... Abstract- Wireless Sensor Networks (WSNs) consist of a large number of ... have limited energy and memory capacity [2]. The computation of ..... Access (TDMA) schedules for the data transmission time slots. Here the attacker ...

  9. JFCGuard: Detecting juice filming charging attack via processor usage analysis on smartphones

    DEFF Research Database (Denmark)

    Meng, Weizhi; Jiang, Lijun; Wang, Yu

    2017-01-01

    Smartphones have become necessities in people' lives, so that many more public charging stations are under deployment worldwide to meet the increasing demand of phone charging (i.e., in airports, subways, shops, etc). However, this situation may expose a hole for cyber-criminals to launch various...... attacks especially charging attacks and threaten user's privacy. As an example, juice filming charging (JFC) attack is able to steal users' sensitive and private information from both Android OS and iOS devices, through automatically recording phone-screen and monitoring users' inputs during the whole...... charging period. More importantly, this attack does not need any permission or installing any pieces of apps on user's side. The rationale is that users' information can be leaked through a standard micro USB connector that employs the Mobile High-Definition Link (MHL) standard. Motivated by the potential...

  10. Natural and human-induced sinkholes in gypsum terrain and associated environmental problems in NE Spain

    Science.gov (United States)

    Benito, G.; Del Campo, P. Pérez; Gutiérrez-Elorza, M.; Sancho, C.

    1995-04-01

    The central Ebro Basin comprises thick evaporite materials whose high solubility produces typically karstic landforms. The sinkhole morphology developed in the overlying alluvium has been studied using gravimetry and ground-penetrating radar (GPR) on stream terraces, as well as analyzing the evolution of sinkhole morphologies observed in aerial photographs taken in 1928, 1957, and 1985. The sinkhole morphologies give some idea of possible subsurface processes as well as an indication of the final mechanisms involve in sinkhole development. On stream terraces and cover pediments the most commonly encountered dolines are bowl-shaped in their morphology with both diffuse and scarped edges. In contrast, dolines developed in the gypsiferous silt infilled valleys have a funnel and well-shaped morphology. The diffuse-edged bowl-shaped dolines are developed through the progressive subsidence of the alluvial cover, due to washing down of alluvial particles through small voids and cracks into deeper subsurface caves, resulting in a decrease alluvial density. Future compaction of the alluvial cover will produce surface subsidences. This type of dolines are associated with negative gravity anomalies. In contrast, the scarped-edge dolines are formed by the sudden collapse of a cavity roof. The cavities and cracks formed in the gypsum karst may migrate to the surface through the alluvial deposits by piping, and they may subsequently collapse. In this instance, the cavities can be detected by both gravity and GPR anomalies where the voids are not deeper than 4 5 m from the surface. These processes forming sinkholes can be enhanced by man-induced changes in the groundwater hydrologic regime by both inflows, due to irrigation, ditch losses, or pipe leakages, and by outflows from pumping activities.

  11. A Fuzzy Collusive Attack Detection Mechanism for Reputation Aggregation in Mobile Social Networks: A Trust Relationship Based Perspective

    Directory of Open Access Journals (Sweden)

    Bo Zhang

    2016-01-01

    Full Text Available While the mechanism of reputation aggregation proves to be an effective scheme for indicating an individual’s trustworthiness and further identifying malicious ones in mobile social networks, it is vulnerable to collusive attacks from malicious nodes of collaborative frauds. To conquer the challenge of detecting collusive attacks and then identifying colluders for the reputation system in mobile social networks, a fuzzy collusive attack detection mechanism (FCADM is proposed based on nodes’ social relationships, which comprises three parts: trust schedule, malicious node selection, and detection traversing strategy. In the first part, the trust schedule provides the calculation method of interval valued fuzzy social relationships and reputation aggregation for nodes in mobile social networks; further, a set of fuzzy valued factors, that is, item judgment factor, node malicious factor, and node similar factor, is given for evaluating the probability of collusive fraud happening and identifying single malicious nodes in the second part; and moreover, a detection traversing strategy is given based on random walk algorithm under the perspectives of fuzzy valued nodes’ trust schedules and proposed malicious factors. Finally, our empirical results and analysis show that the proposed mechanism in this paper is feasible and effective.

  12. Information Warfare-Worthy Jamming Attack Detection Mechanism for Wireless Sensor Networks Using a Fuzzy Inference System

    Directory of Open Access Journals (Sweden)

    Sudip Misra

    2010-04-01

    Full Text Available The proposed mechanism for jamming attack detection for wireless sensor networks is novel in three respects: firstly, it upgrades the jammer to include versatile military jammers; secondly, it graduates from the existing node-centric detection system to the network-centric system making it robust and economical at the nodes, and thirdly, it tackles the problem through fuzzy inference system, as the decision regarding intensity of jamming is seldom crisp. The system with its high robustness, ability to grade nodes with jamming indices, and its true-detection rate as high as 99.8%, is worthy of consideration for information warfare defense purposes.

  13. Detecting Sybil Attacks in Cloud Computing  Environments Based on Fail‐Stop Signature

    Directory of Open Access Journals (Sweden)

    JongBeom Lim

    2017-03-01

    Full Text Available Due to the loosely coupled property of cloud computing environments, no node has complete knowledge of the system. For this reason, detecting a Sybil attack in cloud computing environments is a non‐trivial task. In such a dynamic system, the use of algorithms based on tree or ring structures for collecting the global state of the system has unfortunate downsides, that is, the structure should be re‐constructed in the presence of node joining and leaving. In this paper, we propose an unstructured Sybil attack detection algorithm in cloud computing environments. Our proposed algorithm uses one‐to‐one communication primitives rather than broadcast primitives and, therefore, the message complexity can be reduced. In our algorithmic design, attacker nodes forging multiple identities are effectively detected by normal nodes with the fail‐stop signature scheme. We show that, regardless of the number of attacker nodes, our Sybil attack detection algorithm is able to reach consensus.

  14. Combining Deep and Handcrafted Image Features for Presentation Attack Detection in Face Recognition Systems Using Visible-Light Camera Sensors

    Directory of Open Access Journals (Sweden)

    Dat Tien Nguyen

    2018-02-01

    Full Text Available Although face recognition systems have wide application, they are vulnerable to presentation attack samples (fake samples. Therefore, a presentation attack detection (PAD method is required to enhance the security level of face recognition systems. Most of the previously proposed PAD methods for face recognition systems have focused on using handcrafted image features, which are designed by expert knowledge of designers, such as Gabor filter, local binary pattern (LBP, local ternary pattern (LTP, and histogram of oriented gradients (HOG. As a result, the extracted features reflect limited aspects of the problem, yielding a detection accuracy that is low and varies with the characteristics of presentation attack face images. The deep learning method has been developed in the computer vision research community, which is proven to be suitable for automatically training a feature extractor that can be used to enhance the ability of handcrafted features. To overcome the limitations of previously proposed PAD methods, we propose a new PAD method that uses a combination of deep and handcrafted features extracted from the images by visible-light camera sensor. Our proposed method uses the convolutional neural network (CNN method to extract deep image features and the multi-level local binary pattern (MLBP method to extract skin detail features from face images to discriminate the real and presentation attack face images. By combining the two types of image features, we form a new type of image features, called hybrid features, which has stronger discrimination ability than single image features. Finally, we use the support vector machine (SVM method to classify the image features into real or presentation attack class. Our experimental results indicate that our proposed method outperforms previous PAD methods by yielding the smallest error rates on the same image databases.

  15. Combining Deep and Handcrafted Image Features for Presentation Attack Detection in Face Recognition Systems Using Visible-Light Camera Sensors.

    Science.gov (United States)

    Nguyen, Dat Tien; Pham, Tuyen Danh; Baek, Na Rae; Park, Kang Ryoung

    2018-02-26

    Although face recognition systems have wide application, they are vulnerable to presentation attack samples (fake samples). Therefore, a presentation attack detection (PAD) method is required to enhance the security level of face recognition systems. Most of the previously proposed PAD methods for face recognition systems have focused on using handcrafted image features, which are designed by expert knowledge of designers, such as Gabor filter, local binary pattern (LBP), local ternary pattern (LTP), and histogram of oriented gradients (HOG). As a result, the extracted features reflect limited aspects of the problem, yielding a detection accuracy that is low and varies with the characteristics of presentation attack face images. The deep learning method has been developed in the computer vision research community, which is proven to be suitable for automatically training a feature extractor that can be used to enhance the ability of handcrafted features. To overcome the limitations of previously proposed PAD methods, we propose a new PAD method that uses a combination of deep and handcrafted features extracted from the images by visible-light camera sensor. Our proposed method uses the convolutional neural network (CNN) method to extract deep image features and the multi-level local binary pattern (MLBP) method to extract skin detail features from face images to discriminate the real and presentation attack face images. By combining the two types of image features, we form a new type of image features, called hybrid features, which has stronger discrimination ability than single image features. Finally, we use the support vector machine (SVM) method to classify the image features into real or presentation attack class. Our experimental results indicate that our proposed method outperforms previous PAD methods by yielding the smallest error rates on the same image databases.

  16. Combining Deep and Handcrafted Image Features for Presentation Attack Detection in Face Recognition Systems Using Visible-Light Camera Sensors

    Science.gov (United States)

    Nguyen, Dat Tien; Pham, Tuyen Danh; Baek, Na Rae; Park, Kang Ryoung

    2018-01-01

    Although face recognition systems have wide application, they are vulnerable to presentation attack samples (fake samples). Therefore, a presentation attack detection (PAD) method is required to enhance the security level of face recognition systems. Most of the previously proposed PAD methods for face recognition systems have focused on using handcrafted image features, which are designed by expert knowledge of designers, such as Gabor filter, local binary pattern (LBP), local ternary pattern (LTP), and histogram of oriented gradients (HOG). As a result, the extracted features reflect limited aspects of the problem, yielding a detection accuracy that is low and varies with the characteristics of presentation attack face images. The deep learning method has been developed in the computer vision research community, which is proven to be suitable for automatically training a feature extractor that can be used to enhance the ability of handcrafted features. To overcome the limitations of previously proposed PAD methods, we propose a new PAD method that uses a combination of deep and handcrafted features extracted from the images by visible-light camera sensor. Our proposed method uses the convolutional neural network (CNN) method to extract deep image features and the multi-level local binary pattern (MLBP) method to extract skin detail features from face images to discriminate the real and presentation attack face images. By combining the two types of image features, we form a new type of image features, called hybrid features, which has stronger discrimination ability than single image features. Finally, we use the support vector machine (SVM) method to classify the image features into real or presentation attack class. Our experimental results indicate that our proposed method outperforms previous PAD methods by yielding the smallest error rates on the same image databases. PMID:29495417

  17. A Multivariant Stream Analysis Approach to Detect and Mitigate DDoS Attacks in Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Raenu Kolandaisamy

    2018-01-01

    Full Text Available Vehicular Ad Hoc Networks (VANETs are rapidly gaining attention due to the diversity of services that they can potentially offer. However, VANET communication is vulnerable to numerous security threats such as Distributed Denial of Service (DDoS attacks. Dealing with these attacks in VANET is a challenging problem. Most of the existing DDoS detection techniques suffer from poor accuracy and high computational overhead. To cope with these problems, we present a novel Multivariant Stream Analysis (MVSA approach. The proposed MVSA approach maintains the multiple stages for detection DDoS attack in network. The Multivariant Stream Analysis gives unique result based on the Vehicle-to-Vehicle communication through Road Side Unit. The approach observes the traffic in different situations and time frames and maintains different rules for various traffic classes in various time windows. The performance of the MVSA is evaluated using an NS2 simulator. Simulation results demonstrate the effectiveness and efficiency of the MVSA regarding detection accuracy and reducing the impact on VANET communication.

  18. A Smart Trust Management Method to Detect On-Off Attacks in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Jean Caminha

    2018-01-01

    Full Text Available Internet of Things (IoT resources cooperate with themselves for requesting and providing services. In heterogeneous and complex environments, those resources must trust each other. On-Off attacks threaten the IoT trust security through nodes performing good and bad behaviors randomly, to avoid being rated as a menace. Some countermeasures demand prior levels of trust knowledge and time to classify a node behavior. In some cases, a malfunctioning node can be mismatched as an attacker. In this paper, we introduce a smart trust management method, based on machine learning and an elastic slide window technique that automatically assesses the IoT resource trust, evaluating service provider attributes. In simulated and real-world data, this method was able to identify On-Off attackers and fault nodes with a precision up to 96% and low time consumption.

  19. Towards a Video Passive Content Fingerprinting Method for Partial-Copy Detection Robust against Non-Simulated Attacks.

    Directory of Open Access Journals (Sweden)

    Zobeida Jezabel Guzman-Zavaleta

    Full Text Available Passive content fingerprinting is widely used for video content identification and monitoring. However, many challenges remain unsolved especially for partial-copies detection. The main challenge is to find the right balance between the computational cost of fingerprint extraction and fingerprint dimension, without compromising detection performance against various attacks (robustness. Fast video detection performance is desirable in several modern applications, for instance, in those where video detection involves the use of large video databases or in applications requiring real-time video detection of partial copies, a process whose difficulty increases when videos suffer severe transformations. In this context, conventional fingerprinting methods are not fully suitable to cope with the attacks and transformations mentioned before, either because the robustness of these methods is not enough or because their execution time is very high, where the time bottleneck is commonly found in the fingerprint extraction and matching operations. Motivated by these issues, in this work we propose a content fingerprinting method based on the extraction of a set of independent binary global and local fingerprints. Although these features are robust against common video transformations, their combination is more discriminant against severe video transformations such as signal processing attacks, geometric transformations and temporal and spatial desynchronization. Additionally, we use an efficient multilevel filtering system accelerating the processes of fingerprint extraction and matching. This multilevel filtering system helps to rapidly identify potential similar video copies upon which the fingerprint process is carried out only, thus saving computational time. We tested with datasets of real copied videos, and the results show how our method outperforms state-of-the-art methods regarding detection scores. Furthermore, the granularity of our method makes

  20. A fuzzy logic based network intrusion detection system for predicting the TCP SYN flooding attack

    CSIR Research Space (South Africa)

    Mkuzangwe, Nenekazi NP

    2017-04-01

    Full Text Available decision tree which is one of the well-known machine learning techniques. The results indicate that the performance difference, in terms of predicting the proportion of attacks in the data, of the proposed system with respect to the decision tree...

  1. Applying IPFIX Protocol for Detection of Distributed Denial of Service Attacks against Cloud Infrastructure

    Directory of Open Access Journals (Sweden)

    M. R. Mukhtarov

    2011-12-01

    Full Text Available The way of monitoring deviations in network traffic behavior inside “Cloud Infrastructure” using IPFIX protocol is suggested in the paper. The proposed algorithm is applied for registration of “Distributed Denial of Service” attacks against “Cloud Infrastructure”.

  2. Intrusion Detection of DoS Attacks in WSNs Using Classification ...

    African Journals Online (AJOL)

    pc

    2018-03-05

    Mar 5, 2018 ... a large number of sensor nodes that are low in cost and smaller in size. ... automation, military and other commercial applications [l]. The sensor node .... are very critical and has sensitive data, DoS attacks form a real problem ...

  3. Single-station seismic noise measures, microgravity, and 3D electrical tomographies to assess the sinkhole susceptibility: the "Il Piano" area (Elba Island - Italy) case study

    Science.gov (United States)

    Pazzi, Veronica; Di Filippo, Michele; Di Nezza, Maria; Carlà, Tommaso; Bardi, Federica; Marini, Federico; Fontanelli, Katia; Intrieri, Emanuele; Fanti, Riccardo

    2017-04-01

    Sudden subsurface collapse, cavities, and surface depressions, regardless of shape and origin, as well as doline are currently indicate by means of the term "sinkhole". This phenomenon can be classified according to a large variety of different schemes, depending on the dominant formation processes (soluble rocks karstic processes, acidic groundwater circulation, anthropogenic caves, bedrock poor geomechanical properties), and on the geological scenario behind the development of the phenomenon. Considering that generally sinkholes are densely clustered in "sinkhole prone areas", detection, forecasting, early warning, and effective monitoring are key aspects in sinkhole susceptibility assessment and risk mitigation. Nevertheless, techniques developed specifically for sinkhole detection, forecasting and monitoring are missing, probably because of a general lack of sinkhole risk awareness, and an intrinsic difficulties involved in detecting precursory sinkhole deformations before collapse. In this framework, integration of different indirect/non-invasive geophysical methods is the best practice approach. In this paper we present the results of an integrated geophysical survey at "Il Piano" (Elba Island - Italy), where at least nine sinkholes occurred between 2008 and 2014. 120 single-station seismic noise measures, 17 3D electrical tomographies (min area 140.3 m2, max area 10,188.9 m2; min electrode spacing 2 m, max electrode spacing 5 m), 964 measurement of microgravity spaced in a grid of 6 m to 8 m were carried out at the study area. The most likely origin for these sinkholes was considered related to sediment net erosion from the alluvium, caused by downward water circulation between aquifers. Therefore, the goals of the study were: i) obtaining a suitable geological and hydrogeological model of the area; ii) detecting possible cavities which could evolve in sinkholes, and finally iii) assess the sinkhole susceptibility of the area. Among the results of the

  4. Seismic surface-wave prospecting methods for sinkhole hazard assessment along the Dead Sea shoreline

    Science.gov (United States)

    Ezersky, M.; Bodet, L.; Al-Zoubi, A.; Camerlynck, C.; Dhemaied, A.; Galibert, P.-Y.; Keydar, S.

    2012-04-01

    waves generation and picking issues in shear-wave refraction seismic methods. As an alternative, indirect estimation of Vs can then be proposed thanks to surface-wave dispersion measurements and inversion, an emerging seismic prospecting method for near-surface engineering and environment applications. Surface-wave prospecting methods have thus been proposed to address the sinkholes development processes along the Dead Sea shorelines. Two approaches have been used: (1) Vs mapping has been performed to discriminate soft and hard zones within salt layers, after calibration of inverted Vs near boreholes. Preliminarily, soft zones, associated with karstified salt, were characterized by Vs values lower than 1000 m/s, whereas hard zones presented values greater than 1400 m/s (will be specified during following studies); (2) roll along acquisition and dispersion stacking has been performed to achieve multi-modal dispersion measurements along linear profiles. Inverted pseudo-2D Vs sections presented low Vs anomalies in the vicinity of existing sinkholes and made it possible to detect loose sediment associated with potential sinkholes occurrences. Acknowledgements This publication was made possible through support provided by the U.S. Agency for International Development (USAID) and MERC Program under terms of Award No M27-050.

  5. Overview of the geophysical studies in the Dead Sea coastal area related to evaporite karst and recent sinkhole development

    Directory of Open Access Journals (Sweden)

    Mikhail G. Ezersky

    2017-05-01

    Full Text Available Since the early 80s, a progressively increasing number of sinkholes appeared along the Dead Sea coastal line. It has been found that their appearance is strongly correlating with the lowering of the Dead Sea level taking place with the rate of approximately 1 m/yr. Location of areas affected by sinkhole development corresponds to location of the salt formation deposited during the latest Pleistocene, when the Lake Lisan receded to later become the Dead Sea. Water flowing to the Dead Sea from adjacent and underlying aquifers dissolves salt and creates caverns that cause ground subsidence and consequent formation of sinkholes. Before subsidence, these caverns are not visible on the surface but can be investigated with surface geophysical methods. For that, we applied Surface Nuclear Magnetic Resonance (SNMR, Transient Electromagnetic (TEM Seismic refraction and reflection, Multichannel Analysis of Surface waves (MASW, microgravity and magnetic surveys and their combinations. Our geophysical results allowed us to locate the salt formation and to detect caverns in salt thus contributing to better understanding sinkhole development mechanisms. Comparison of sinkhole appearance along the western DS shore derived from the recent database (2017 shows that predictions made on the base of geophysical data (2005-2008 are now confirmed thus demonstrating efficiency of our study. In this paper, we briefly present a summary of up to date knowledge of the geology and hydrogeology of Dead Sea basin, of the physical properties of the salt rock and the most popular models explaining mechanisms of sinkhole development. We also share our experience gained during geophysical studies carried out in the framework of national and international research projects in this area for the last 20 years.

  6. Growth of a sinkhole in a seismic zone of the Northern Apennines (Italy)

    OpenAIRE

    Rosa, Alessandro; Pagli, Carolina; Molli, Giancarlo; Casu, Francesco; Luca, Claudio; Pieroni, Amerino

    2018-01-01

    Sinkhole collapse is a major hazard causing substantial social and economic losses. However, the surface deformations and sinkhole evolution are rarely recorded, as these sites are known mainly after a collapse, making the assessment of sinkholes-related hazard challenging. Furthermore, 40 % of the sinkholes of Italy are in seismically hazardous zones; it remains unclear whether seismicity may trigger sinkhole collapse. Here we use a multidisciplinary dataset of InSAR, surface mapping ...

  7. WAC Bennett Dam - the characterization of a crest sinkhole

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, R.A.; Gaffran, P.C. [British Columbia Hydro, Burnaby, BC (Canada); Watts, B.D. [Klohn-Crippen Consultants Ltd., Richmond, BC (Canada); Sobkowicz, J.C. [Thurber Engineering Ltd., Vancouver, BC (Canada); Kupper, A.G. [AGRA Earth and Environmental, Edmonton, AB (Canada)

    1998-11-01

    In June, 1996, a small hole was discovered in the asphaltic concrete road on the crest of the 183 m high WAC Bennett Dam on the Peace River in northeastern British Columbia. Examination of the hole resulted in a sinkhole on the dam crest. The sinkhole was 2.5 m in diameter and 7 m deep. Speculation was that the cavity was likely associated in some way with a buried survey benchmark tube. An investigation was immediately planned and executed to characterize the sinkhole, to determine the extent of damage and the safety status of this very large dam. British Columbia`s Dam Safety Regulator made the decision to lower the reservoir level. During the reservoir drawdown, various surface geophysical techniques were used to investigate the condition of the dam beyond the sinkholes. Intrusive investigations of the sinkhole were also planned. This involved trial drilling and downhole geophysical surveys in intact portions of the core at locations far from the sinkhole. The objectives and criteria developed for the investigation program are summarized. Scope of key activities at the sinkhole and important lessons learned during the investigation are also described. 9 refs., 15 figs.

  8. How to detect the location and time of a covert chemical attack a Bayesian approach

    OpenAIRE

    See, Mei Eng Elaine.

    2009-01-01

    Approved for public release, distribution unlimited In this thesis, we develop a Bayesian updating model that estimates the location and time of a chemical attack using inputs from chemical sensors and Atmospheric Threat and Dispersion (ATD) models. In bridging the critical gap between raw sensor data and threat evaluation and prediction, the model will help authorities perform better hazard prediction and damage control. The model is evaluated with respect to settings representing real-wo...

  9. A Framework for Detecting Cloning Attacks in OSN Based on a Novel Social Graph Topology

    OpenAIRE

    Ali M. Meligy; Hani M. Ibrahim; Mohamed F. Torky

    2015-01-01

    — Online Social Networks (OSN) are considering one of the most popular internet applications which attract millions of users around the world to build several social relationships. Emerging the Web 2.0 technology allowed OSN users to create, share, or exchange types of contents in a popular fashion. The other hand, OSN are considering one of the most popular platforms for the intruders to spread several types of OSN attacks. Creating fake profiles for launching cloning at...

  10. The Monitoring, Detection, Isolation and Assessment of Information Warfare Attacks Through Multi-Level, Multi-Scale System Modeling and Model Based Technology

    National Research Council Canada - National Science Library

    Ye, Nong

    2004-01-01

    With the goal of protecting computer and networked systems from various attacks, the following intrusion detection techniques were developed and tested using the 1998 and 2000 MIT Lincoln Lab Evaluation Data...

  11. Results of Integrated Investigation of Collapse Sinkhole in Sarkayevo Village

    Directory of Open Access Journals (Sweden)

    O. N. Kovin

    2014-03-01

    Full Text Available The integrated investigations of karstic collapse sinkhole were conducted at the area of Sarkayevo village. The obtained hydrogeologic data show the local concentration of underground water flow at the investigated site, and high sulfate ion content in the water samples that suggests that a sinkhole is karstic in nature. Geophysical investigations allowed determining basic parameters of the site geological structure, to reveal the depth distribution of the disturbed ground in vicinity of the sinkhole, and delineate zones of different soil compaction. The recommendations for detail site study, aimed to the mitigation of further karst development hazards, are presented.

  12. Automated Discovery of Mimicry Attacks

    National Research Council Canada - National Science Library

    Giffin, Jonathon T; Jha, Somesh; Miller, Barton P

    2006-01-01

    .... These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model...

  13. Detecting DoS Attack in Web Services by Using an Adaptive Multiagent Solution

    Directory of Open Access Journals (Sweden)

    Nicholas BELIZ

    2012-09-01

    Full Text Available Normal 0 21 false false false EN-US JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin; mso-ansi-language:EN-US;} One of the most frequent techniques of a DoS attack is to exhaust available resources (memory, CPU cycles, and bandwidth on the host server. A SOAP message can be affected by a DoS attack if the incoming message has been either created or modified maliciously. Resources available in the server (memory and CPU cycles of the provider can be drastically reduced or exhausted while a malicious SOAP message is being parsed. This article presents a solution based on an adaptive solution for dealing with DoS attacks in Web service environments. The solution proposes a multi-agent hierarchical architecture that implements a classification mechanism in two phases. Each phase incorporates a special type of CBR-BDI agent that functions as a classifier. In the first phase, a case-based reasoning (CBR engine utilizes a decision tree to carry out an initial filter, and in the second phase, a CBR engine incorporates a neural network to complete the classification mechanism. A prototype of the architecture was developed and the results obtained are presented in this study. 

  14. Detecting DoS Attack in Web Services by Using an Adaptive Multiagent Solution

    Directory of Open Access Journals (Sweden)

    Chi Shun HONG

    2013-07-01

    Full Text Available Normal 0 21 false false false EN-US JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin; mso-ansi-language:EN-US;} One of the most frequent techniques of a DoS attack is to exhaust available resources (memory, CPU cycles, and bandwidth on the host server. A SOAP message can be affected by a DoS attack if the incoming message has been either created or modified maliciously. Resources available in the server (memory and CPU cycles of the provider can be drastically reduced or exhausted while a malicious SOAP message is being parsed. This article presents a solution based on an adaptive solution for dealing with DoS attacks in Web service environments. The solution proposes a multi-agent hierarchical architecture that implements a classification mechanism in two phases. Each phase incorporates a special type of CBR-BDI agent that functions as a classifier. In the first phase, a case-based reasoning (CBR engine utilizes a decision tree to carry out an initial filter, and in the second phase, a CBR engine incorporates a neural network to complete the classification mechanism. A prototype of the architecture was developed and the results obtained are presented in this study. 

  15. CORS911:Real-Time Subsidence Monitoring of the Napoleonville Salt Dome Sinkhole Using GPS

    Science.gov (United States)

    Kent, J. D.

    2013-12-01

    The sinkhole associated with the Napoleonville salt dome in Assumption Parish, Louisiana, threatens the stability of Highway 70 - a state maintained route. To mitigate the potential damaging effects to the highway and address issues of public safety, a program of research and decision support has been implemented to provide long-term measurements of the surface stability using continuous operating GPS reference stations (CORS). Four CORS sites were installed in the vicinity of the sinkhole to measure the horizontal and vertical motions of each site relative to each other and a fixed location outside the study area. Differential motions measured by a integrity monitoring software are summarized for response agencies tasked with ensuring public safety and stability of the Highway, a designated hurricane evacuation route. Implementation experience and intermediate findings will be shared and discussed. Strategies for monitoring random and systematic biases detected in the system are presented. Figure depicting the location of CORS sites used to monitor surface stability along Highway 70 near the Bayou Corne Sinkhole.

  16. Current and Historic Sinkhole and Depression locations in Iowa

    Data.gov (United States)

    Iowa State University GIS Support and Research Facility — This dataset is all of the sinkholes and depressions that originated from the SSURGO spot data, and has been updated using LiDAR and historic photography to capture...

  17. A remote sensing evaluation of potential for sinkhole occurrence

    Science.gov (United States)

    Casper, J.; Ruth, B.; Degner, J. (Principal Investigator)

    1981-01-01

    The relationship between lowering of the water table and sinkhole development in Pierson and in Hillsborough County, Florida was investigated. The locations of recently developed (1973) collapses were examined with respect to lineaments or fracture traces that are expressed in the terrain and visible in aerial photography and satellite imagery. It was anticipated that these relationships would provide the basis for establishment of criteria for mapping those land areas that have the greatest potential for sinkhole development. A very good correlation was found between mapped lineament intersections and known location of sinkhole occurrences for both study areas. This indicates that lineament and fracture trace mapping may be very useful in locating zones with the greatest potential for sinkhole development. It is further shown that this information is quite beneficial in land use planning applications.

  18. Wireless Sensor Network Based Smart Grid Communications: Cyber Attacks, Intrusion Detection System and Topology Control

    Directory of Open Access Journals (Sweden)

    Lipi Chhaya

    2017-01-01

    Full Text Available The existing power grid is going through a massive transformation. Smart grid technology is a radical approach for improvisation in prevailing power grid. Integration of electrical and communication infrastructure is inevitable for the deployment of Smart grid network. Smart grid technology is characterized by full duplex communication, automatic metering infrastructure, renewable energy integration, distribution automation and complete monitoring and control of entire power grid. Wireless sensor networks (WSNs are small micro electrical mechanical systems that are deployed to collect and communicate the data from surroundings. WSNs can be used for monitoring and control of smart grid assets. Security of wireless sensor based communication network is a major concern for researchers and developers. The limited processing capabilities of wireless sensor networks make them more vulnerable to cyber-attacks. The countermeasures against cyber-attacks must be less complex with an ability to offer confidentiality, data readiness and integrity. The address oriented design and development approach for usual communication network requires a paradigm shift to design data oriented WSN architecture. WSN security is an inevitable part of smart grid cyber security. This paper is expected to serve as a comprehensive assessment and analysis of communication standards, cyber security issues and solutions for WSN based smart grid infrastructure.

  19. A geomechanical model of a sinkhole formation

    Science.gov (United States)

    Danchiv, Alexandru; Zamfirescu, Florian; Mocuta, Marius; Popa, Iulian; Zlibut, Alexandru; Huggenberger, Peter; Zechner, Eric; Dresmann, Horst; Scheidler, Stefan; Wiesmeier, Stefan

    2016-04-01

    On December 2010 a sinkhole was suddenly formed close to the eastern flank of Ocna-Mures salt dome. Soon after the collapse the sinkhole was filled with brine forming a salt lake called Plus Lake. The total volume of sinkhole of about 100000 m3 remained constant since February 2011. The Ocna Mures salt dome is situated on the western border of the Transylvanian basin (Romania) and has been exploited for a long time. The ceilings of some shallow mine chambers are now collapsed and filled with brine. Along the eastern flank of the salt dome there is a disturbed zone due to diapirism. Its presence is suggested by the strong fragmentation of rock in the boreholes drilled along the salt-sterile contact, as it resulted from the low values of RQD index. The sinkhole is probably due to a pressure increase along the diapir flank. The causes of this sudden increase of pressure are not well known. Most probably it is due to the damage of the tubing of a flank borehole as mentioned in a technical report of the exploiting company. The injected fresh water expelled through the breaches of the damaged borehole and, due to the high pressure flushed up the crushed material of the disturbed zone. In order to better understand the setting up of the Plus Lake joint research efforts were performed by teams from Bucharest and Basel Universities since 2013. For the geomechanical approach a numerical model was performed using the Flac 7.0 code. In a first stage the creep behavior of salt was analyzed considering a Norton creep law. It resulted that after 100 years the salt reached equilibrium, the creep could be neglected and in a first approximation mechanical equilibrium could be analyzed considering only an elasto-plastic behavior of both the salt and the sterile. For both the salt and the surrounding sedimentary rocks the Mohr-Coulomb criterion was considered. The properties of sterile rocks were estimated following the GSI system. Due to poor rock quality the strength parameters have

  20. Safety Valve or Sinkhole? Vocational Schooling in South Africa

    OpenAIRE

    Pugatch, Todd

    2012-01-01

    As an alternative to traditional academic schooling, vocational schooling in South Africa may serve as a safety valve for students encountering difficulty in the transition from school to work. Yet if ineffective, vocational schooling could also be a sinkhole, offering little chance for success on the labor market. After defining the terms "safety valve" and "sinkhole" in a model of human capital investment with multiple schooling types, I test for evidence of these characteristics using a pa...

  1. Quantifying potential recharge in mantled sinkholes using ERT.

    Science.gov (United States)

    Schwartz, Benjamin F; Schreiber, Madeline E

    2009-01-01

    Potential recharge through thick soils in mantled sinkholes was quantified using differential electrical resistivity tomography (ERT). Conversion of time series two-dimensional (2D) ERT profiles into 2D volumetric water content profiles using a numerically optimized form of Archie's law allowed us to monitor temporal changes in water content in soil profiles up to 9 m in depth. Combining Penman-Monteith daily potential evapotranspiration (PET) and daily precipitation data with potential recharge calculations for three sinkhole transects indicates that potential recharge occurred only during brief intervals over the study period and ranged from 19% to 31% of cumulative precipitation. Spatial analysis of ERT-derived water content showed that infiltration occurred both on sinkhole flanks and in sinkhole bottoms. Results also demonstrate that mantled sinkholes can act as regions of both rapid and slow recharge. Rapid recharge is likely the result of flow through macropores (such as root casts and thin gravel layers), while slow recharge is the result of unsaturated flow through fine-grained sediments. In addition to developing a new method for quantifying potential recharge at the field scale in unsaturated conditions, we show that mantled sinkholes are an important component of storage in a karst system.

  2. Performance analysis and implementation of proposed mechanism for detection and prevention of security attacks in routing protocols of vehicular ad-hoc network (VANET

    Directory of Open Access Journals (Sweden)

    Parul Tyagi

    2017-07-01

    Full Text Available Next-generation communication networks have become widely popular as ad-hoc networks, broadly categorized as the mobile nodes based on mobile ad-hoc networks (MANET and the vehicular nodes based vehicular ad-hoc networks (VANET. VANET is aimed at maintaining safety to vehicle drivers by begin autonomous communication with the nearby vehicles. Each vehicle in the ad-hoc network performs as an intelligent mobile node characterized by high mobility and formation of dynamic networks. The ad-hoc networks are decentralized dynamic networks that need efficient and secure communication requirements due to the vehicles being persistently in motion. These networks are more susceptible to various attacks like Warm Hole attacks, denial of service attacks and Black Hole Attacks. The paper is a novel attempt to examine and investigate the security features of the routing protocols in VANET, applicability of AODV (Ad hoc On Demand protocol to detect and tackle a particular category of network attacks, known as the Black Hole Attacks. A new algorithm is proposed to enhance the security mechanism of AODV protocol and to introduce a mechanism to detect Black Hole Attacks and to prevent the network from such attacks in which source node stores all route replies in a look up table. This table stores the sequences of all route reply, arranged in ascending order using PUSH and POP operations. The priority is calculated based on sequence number and discard the RREP having presumably very high destination sequence number. The result show that proposed algorithm for detection and prevention of Black Hole Attack increases security in Intelligent Transportation System (ITS and reduces the effect of malicious node in the VANET. NCTUNs simulator is used in this research work.

  3. 4D Monitoring of Active Sinkholes with a Terrestrial Laser Scanner (TLS: A Case Study in the Evaporite Karst of the Ebro Valley, NE Spain

    Directory of Open Access Journals (Sweden)

    Alfonso Benito-Calvo

    2018-04-01

    Full Text Available This work explores, for the first time, the application of a Terrestrial Laser Scanner (TLS and a comparison of point clouds in the 4D monitoring of active sinkholes. The approach is tested in three highly-active sinkholes related to the dissolution of salt-bearing evaporites overlain by unconsolidated alluvium. The sinkholes are located in urbanized areas and have caused severe damage to critical infrastructure (flood-control dike, a major highway. The 3D displacement models derived from the comparison of point clouds with exceptionally high spatial resolution allow complex spatial and temporal subsidence patterns within one of the sinkholes to be resolved. Detected changes in the subsidence activity (e.g., sinkhole expansion, translation of the maximum subsidence zone, development of incipient secondary collapses are related to potential controlling factors such as floods, water table changes or remedial measures. In contrast, with detailed mapping and high-precision leveling, the displacement models, covering a relatively short time span of around 6 months, do not capture the subtle subsidence (<0.6–1 cm that affects the marginal zones of the sinkholes, precluding precise mapping of the edges of the subsidence areas. However, the performance of TLS can be adversely affected by some methodological limitations and local conditions: (1 limited accuracy in large investigation areas that require the acquisition of a high number of scans, increasing the registration error; (2 surface changes unrelated to sinkhole activity (e.g., vegetation, loose material; (3 traffic-related vibrations and wind blast that affect the stability of the scanner.

  4. Web server attack analyzer

    OpenAIRE

    Mižišin, Michal

    2013-01-01

    Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are charact...

  5. Oxidative stress and pathogenic attack in plants, studied by laser based photoacoustic trace gas detection

    NARCIS (Netherlands)

    Santosa, Ignatius Edi

    2002-01-01

    Photoacoustic detection has proven to be a sensitive method, which is suitable for trace gas measurement. In this thesis, we improved the photoacoustic detection system to measure new biologically interesting gases, ethane (C2H6) and nitric oxide (NO). A new design of grating holder is incorporated

  6. Mapping subsurface in proximity to newly-developed sinkhole along roadway.

    Science.gov (United States)

    2013-02-01

    MS&T acquired electrical resistivity tomography profiles in immediate proximity to a newly-developed sinkhole in Nixa Missouri : The sinkhole has closed a well-traveled municipal roadway and threatens proximal infrastructure. The intent of this inves...

  7. Bayou Corne sinkhole : control measurements of State Highway 70 in Assumption Parish, Louisiana, tech summary.

    Science.gov (United States)

    2014-01-01

    The sinkhole located in Assumption Parish, Louisiana, threatens the stability of Highway 70, a state maintained route. In order to : mitigate the potential damaging e ects of the sinkhole on this infrastructure, the Louisiana Department of Transpo...

  8. ERT-based Investigation of a Sinkhole in Greene County, Missouri

    Directory of Open Access Journals (Sweden)

    Aleksandra V. Varnavina

    2016-05-01

    Full Text Available Investigating sinkhole morphology and formation mechanisms is key to understanding their long term impact and susceptibility to development, and aids in the design of effective mitigation measures. In this study, ERT (electrical resistivity tomography, MASW (multichannel analysis of surface waves and borehole data were used to image the subsurface morphology of an active sinkhole in Greene County, Missouri. The study reveals that the sinkhole developed along a natural surface drainage pathway above a pervasively fractured limestone. The subsurface image of the sinkhole depicts a zone of near-vertical water seepage and soil piping. Based on the nature of the overburden material, and the morphology and current/past surface expression of the sinkhole, it is concluded that the sinkhole is predominantly a cover subsidence type of sinkhole. However, it is possible that minor cover collapse occurred locally and in an area slightly to the north of the current active sinkhole.

  9. CORS 911 : continuously operating reference stations for the Bayou Corne sinkhole.

    Science.gov (United States)

    2013-06-01

    The sinkhole located near the Napoleonville Salt Dome in Assumption Parish, Louisiana : threatens the stability of LA 70 a state maintained route. In order to mitigate the : possible damaging eff ects of the sinkhole to the route and address publ...

  10. Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming

    KAUST Repository

    Canepa, Edward S.; Bayen, Alexandre M.; Claudel, Christian G.

    2013-01-01

    Traffic sensing systems rely more and more on user generated (insecure) data, which can pose a security risk whenever the data is used for traffic flow control. In this article, we propose a new formulation for detecting malicious data injection

  11. A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

    Science.gov (United States)

    1999-06-01

    administrator whenever a system binary file (such as the ps, login , or ls program) is modified. Normal users have no legitimate reason to alter these files...development of EMERALD [46], which combines statistical anomaly detection from NIDES with signature verification. Specification-based intrusion detection...the creation of a single host that can act as many hosts. Daemons that provide network services—including telnetd, ftpd, and login — display banners

  12. A Novel Approach to Detect Network Attacks Using G-HMM-Based Temporal Relations between Internet Protocol Packets

    Directory of Open Access Journals (Sweden)

    Han Kyusuk

    2011-01-01

    Full Text Available This paper introduces novel attack detection approaches on mobile and wireless device security and network which consider temporal relations between internet packets. In this paper we first present a field selection technique using a Genetic Algorithm and generate a Packet-based Mining Association Rule from an original Mining Association Rule for Support Vector Machine in mobile and wireless network environment. Through the preprocessing with PMAR, SVM inputs can account for time variation between packets in mobile and wireless network. Third, we present Gaussian observation Hidden Markov Model to exploit the hidden relationships between packets based on probabilistic estimation. In our G-HMM approach, we also apply G-HMM feature reduction for better initialization. We demonstrate the usefulness of our SVM and G-HMM approaches with GA on MIT Lincoln Lab datasets and a live dataset that we captured on a real mobile and wireless network. Moreover, experimental results are verified by -fold cross-validation test.

  13. Comparison of spatial frequency domain features for the detection of side attack explosive ballistics in synthetic aperture acoustics

    Science.gov (United States)

    Dowdy, Josh; Anderson, Derek T.; Luke, Robert H.; Ball, John E.; Keller, James M.; Havens, Timothy C.

    2016-05-01

    Explosive hazards in current and former conflict zones are a threat to both military and civilian personnel. As a result, much effort has been dedicated to identifying automated algorithms and systems to detect these threats. However, robust detection is complicated due to factors like the varied composition and anatomy of such hazards. In order to solve this challenge, a number of platforms (vehicle-based, handheld, etc.) and sensors (infrared, ground penetrating radar, acoustics, etc.) are being explored. In this article, we investigate the detection of side attack explosive ballistics via a vehicle-mounted acoustic sensor. In particular, we explore three acoustic features, one in the time domain and two on synthetic aperture acoustic (SAA) beamformed imagery. The idea is to exploit the varying acoustic frequency profile of a target due to its unique geometry and material composition with respect to different viewing angles. The first two features build their angle specific frequency information using a highly constrained subset of the signal data and the last feature builds its frequency profile using all available signal data for a given region of interest (centered on the candidate target location). Performance is assessed in the context of receiver operating characteristic (ROC) curves on cross-validation experiments for data collected at a U.S. Army test site on different days with multiple target types and clutter. Our preliminary results are encouraging and indicate that the top performing feature is the unrolled two dimensional discrete Fourier transform (DFT) of SAA beamformed imagery.

  14. An Artificially Intelligent Physical Model-Checking Approach to Detect Switching-Related Attacks on Power Systems

    Energy Technology Data Exchange (ETDEWEB)

    El Hariri, Mohamad [Florida Intl Univ., Miami, FL (United States); Faddel, Samy [Florida Intl Univ., Miami, FL (United States); Mohammed, Osama [Florida Intl Univ., Miami, FL (United States)

    2017-11-01

    Decentralized and hierarchical microgrid control strategies have lain the groundwork for shaping the future smart grid. Such control approaches require the cooperation between microgrid operators in control centers, intelligent microcontrollers, and remote terminal units via secure and reliable communication networks. In order to enhance the security and complement the work of network intrusion detection systems, this paper presents an artificially intelligent physical model-checking that detects tampered-with circuit breaker switching control commands whether, due to a cyber-attack or human error. In this technique, distributed agents, which are monitoring sectionalized areas of a given microgrid, will be trained and continuously adapted to verify that incoming control commands do not violate the physical system operational standards and do not put the microgrid in an insecure state. The potential of this approach has been tested by deploying agents that monitor circuit breakers status commands on a 14-bus IEEE benchmark system. The results showed the accuracy of the proposed framework in characterizing the power system and successfully detecting malicious and/or erroneous control commands.

  15. Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS to Zero-Day and Stealth Attacks

    Directory of Open Access Journals (Sweden)

    Waqas Haider

    2016-07-01

    Full Text Available The Windows Operating System (OS is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS. Unfortunately, a comprehensive data set that reflects the modern Windows OS’s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD; and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA. Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS design will be required.

  16. Improved Method of Detection Falsification Results the Digital Image in Conditions of Attacks

    Directory of Open Access Journals (Sweden)

    Kobozeva A.A.

    2016-08-01

    Full Text Available The modern level of information technologies development has led to unheard ease embodiments hitherto unauthorized modifications of digital content. At the moment, very important question is the effective expert examination of authenticity of digital images, video, audio, development of the methods for identification and localization of violations of their integrity using these contents for purposes other than entertainment. Present paper deals with the improvement of the detection method of the cloning results in digital images - one of the most frequently used in the software tools falsification realized in all modern graphics editors. The method is intended for clone detection areas and pre-image in terms of additional disturbing influences in the image after the cloning operation for "masking" of the results, which complicates the search process. The improvement is aimed at reducing the number of "false alarms", when the area of the clone / pre-image detected in the original image or the localization of the identified areas do not correspond to the real clone and pre-image. The proposed improvement, based on analysis of different sizes per-pixel image blocks with the least difference from each other, has made it possible efficient functioning of the method, regardless of the specificity of the analyzed digital image.

  17. The Investigation of a Sinkhole Area in Germany by Near-Surface Active Seismic Tomography

    Science.gov (United States)

    Tschache, S.; Becker, D.; Wadas, S. H.; Polom, U.; Krawczyk, C. M.

    2017-12-01

    In November 2010, a 30 m wide and 17 m deep sinkhole occurred in a residential area of Schmalkalden, Germany, which fortunately did not harm humans, but led to damage of buildings and property. Subsequent geoscientific investigations showed that the collapse was naturally caused by the subrosion of sulfates in a depth of about 80 m. In 2012, an early warning system was established including 3C borehole geophones deployed in 50 m depth around the backfilled sinkhole. During the acquisition of two shallow 2D shear wave seismic profiles, the signals generated by a micro-vibrator at the surface were additionally recorded by the four borehole geophones of the early warning system and a VSP probe in a fifth borehole. The travel time analysis of the direct arrivals enhanced the understanding of wave propagation in the area. Seismic velocity anomalies were detected and related to structural seismic images of the 2D profiles. Due to the promising first results, the experiment was further extended by distributing vibration points throughout the whole area around the sinkhole. This time, micro-vibrators for P- and S-wave generation were used. The signals were recorded by the borehole geophones and temporary installed seismometers at surface positions close to the boreholes. The travel times and signal attenuations are evaluated to detect potential instable zones. Furthermore, array analyses are performed. The first results reveal features in the active tomography datasets consistent with structures observed in the 2D seismic images. The advantages of the presented method are the low effort and good repeatability due to the permanently installed borehole geophones. It has the potential to determine P-wave and S-wave velocities in 3D. It supports the interpretation of established investigation methods as 2D surface seismics and VSP. In our further research we propose to evaluate the suitability of the method for the time lapse monitoring of changes in the seismic wave

  18. EVFDT: An Enhanced Very Fast Decision Tree Algorithm for Detecting Distributed Denial of Service Attack in Cloud-Assisted Wireless Body Area Network

    Directory of Open Access Journals (Sweden)

    Rabia Latif

    2015-01-01

    Full Text Available Due to the scattered nature of DDoS attacks and advancement of new technologies such as cloud-assisted WBAN, it becomes challenging to detect malicious activities by relying on conventional security mechanisms. The detection of such attacks demands an adaptive and incremental learning classifier capable of accurate decision making with less computation. Hence, the DDoS attack detection using existing machine learning techniques requires full data set to be stored in the memory and are not appropriate for real-time network traffic. To overcome these shortcomings, Very Fast Decision Tree (VFDT algorithm has been proposed in the past that can handle high speed streaming data efficiently. Whilst considering the data generated by WBAN sensors, noise is an obvious aspect that severely affects the accuracy and increases false alarms. In this paper, an enhanced VFDT (EVFDT is proposed to efficiently detect the occurrence of DDoS attack in cloud-assisted WBAN. EVFDT uses an adaptive tie-breaking threshold for node splitting. To resolve the tree size expansion under extreme noise, a lightweight iterative pruning technique is proposed. To analyze the performance of EVFDT, four metrics are evaluated: classification accuracy, tree size, time, and memory. Simulation results show that EVFDT attains significantly high detection accuracy with fewer false alarms.

  19. Detection of beamsplitting attack in a quantum cryptographic channel based on photon number statistics monitoring

    International Nuclear Information System (INIS)

    Gaidash, A A; Egorov, V I; Gleim, A V

    2014-01-01

    Quantum cryptography in theory allows distributing secure keys between two users so that any performed eavesdropping attempt would be immediately discovered. However, in practice an eavesdropper can obtain key information from multi-photon states when attenuated laser radiation is used as a source. In order to overcome this possibility, it is generally suggested to implement special cryptographic protocols, like decoy states or SARG04. We present an alternative method based on monitoring photon number statistics after detection. This method can therefore be used with any existing protocol

  20. BLACK HOLE ATTACK IN AODV & FRIEND FEATURES UNIQUE EXTRACTION TO DESIGN DETECTION ENGINE FOR INTRUSION DETECTION SYSTEM IN MOBILE ADHOC NETWORK

    Directory of Open Access Journals (Sweden)

    HUSAIN SHAHNAWAZ

    2012-10-01

    Full Text Available Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS. Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system.

  1. Mapping and predicting sinkholes by integration of remote sensing and spectroscopy methods

    Science.gov (United States)

    Goldshleger, N.; Basson, U.; Azaria, I.

    2013-08-01

    The Dead Sea coastal area is exposed to the destructive process of sinkhole collapse. The increase in sinkhole activity in the last two decades has been substantial, resulting from the continuous decrease in the Dead Sea's level, with more than 1,000 sinkholes developing as a result of upper layer collapse. Large sinkholes can reach 25 m in diameter. They are concentrated mainly in clusters in several dozens of sites with different characteristics. In this research, methods for mapping, monitoring and predicting sinkholes were developed using active and passive remote-sensing methods: field spectrometer, geophysical ground penetration radar (GPR) and a frequency domain electromagnetic instrument (FDEM). The research was conducted in three stages: 1) literature review and data collection; 2) mapping regions abundant with sinkholes in various stages and regions vulnerable to sinkholes; 3) analyzing the data and translating it into cognitive and accessible scientific information. Field spectrometry enabled a comparison between the spectral signatures of soil samples collected near active or progressing sinkholes, and those collected in regions with no visual sign of sinkhole occurrence. FDEM and GPR investigations showed that electrical conductivity and soil moisture are higher in regions affected by sinkholes. Measurements taken at different time points over several seasons allowed monitoring the progress of an 'embryonic' sinkhole.

  2. Spatial analysis of geologic and hydrologic features relating to sinkhole occurrence in Jefferson County, West Virginia

    Science.gov (United States)

    Doctor, Daniel H.; Doctor, Katarina Z.

    2012-01-01

    In this study the influence of geologic features related to sinkhole susceptibility was analyzed and the results were mapped for the region of Jefferson County, West Virginia. A model of sinkhole density was constructed using Geographically Weighted Regression (GWR) that estimated the relations among discrete geologic or hydrologic features and sinkhole density at each sinkhole location. Nine conditioning factors on sinkhole occurrence were considered as independent variables: distance to faults, fold axes, fracture traces oriented along bedrock strike, fracture traces oriented across bedrock strike, ponds, streams, springs, quarries, and interpolated depth to groundwater. GWR model parameter estimates for each variable were evaluated for significance, and the results were mapped. The results provide visual insight into the influence of these variables on localized sinkhole density, and can be used to provide an objective means of weighting conditioning factors in models of sinkhole susceptibility or hazard risk.

  3. Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

    DEFF Research Database (Denmark)

    Li, Wenjuan; Meng, Weizhi; Kwok, Lam For

    2018-01-01

    to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However...

  4. Sinkhole formation by groundwater withdrawal: far west rand, South Africa.

    Science.gov (United States)

    Foose, R M

    1967-09-01

    Sinkholes up to 125 meters wide and 50 meters deep have developed catastrophically in thick unconsolidated debris above pinnacle-weathered dolomite after lowering of the groundwater surface by at least 160 meters. They are caused by shrinkage of desiccated debris, downward migration of debris into bedrock openings, and upward growth of multiple debris "caverns" by roof spalling.

  5. Benthic Bacterial Diversity in Submerged Sinkhole Ecosystems▿ †

    Science.gov (United States)

    Nold, Stephen C.; Pangborn, Joseph B.; Zajack, Heidi A.; Kendall, Scott T.; Rediske, Richard R.; Biddanda, Bopaiah A.

    2010-01-01

    Physicochemical characterization, automated ribosomal intergenic spacer analysis (ARISA) community profiling, and 16S rRNA gene sequencing approaches were used to study bacterial communities inhabiting submerged Lake Huron sinkholes inundated with hypoxic, sulfate-rich groundwater. Photosynthetic cyanobacterial mats on the sediment surface were dominated by Phormidium autumnale, while deeper, organically rich sediments contained diverse and active bacterial communities. PMID:19880643

  6. Monitoring upstream sinkhole development by detailed sonar profiling

    Energy Technology Data Exchange (ETDEWEB)

    Rigbey, S. [Acres International Ltd., Niagara Falls, ON (Canada)

    2004-09-01

    This paper describes the development and use of a simple sonar system that has been used by engineers for routine monitoring of small sinkholes on the upstream face of a distressed earth dam. Improper construction of the dam led to the development of several sinkholes measuring 10 to 20 m in diameter upstream from the dam which is founded on deep alluvial sands and gravels. The dam has a central core of silt and leakage varies between 200 and 500 l/s, depending on the water level of the reservoir. The main issues with the upstream blanket are: improper fill placement due to the inability to dewater the area properly; omission of a filter material between the blanket and the alluvium foundation; thin placement of fill and runnelling of the blanket prior to impoundment; and, short upstream extent of the blanket. A downstream weighting toe of material was placed to address the seepage and piping that developed immediately following impounding. Other incidents continued over the years, such as downstream sinkholes, slumping of the crest and repairs about 12 years after construction. An inverter filter was also constructed to better control the seepage. Simple bathymetric surveys conducted by sounding the bottom of the reservoir from the ice surface each winter revealed the presence of several large sinkholes. Although infilling programs were conducted, sinkholes redeveloped after each program. The bathymetric surveys were found to be limited in accuracy and repeatability. Therefore, it was not possible to monitor small developments on a yearly basis. A 3-dimensional seepage model was developed to reconcile some of the unexplained piezometric patterns and to better understand the seepage patterns. However, this was also unsuccessful on its own. A trial sonar survey was then undertaken in 2002 by a Vancouver-based sonar company using an Imagenix profiling sonar head. It was successful in locating a small, previously unknown sinkhole measuring a few metres in diameter at

  7. Sinkhole development induced by underground quarrying, and the related hazard

    Science.gov (United States)

    Parise, M.; Delle Rose, M.

    2009-04-01

    Sinkholes are extremely widespread in Apulia, a very flat and carbonate region, that acted as the foreland during the phases of building up of the Southern Apenninic Chain in Miocene time. This is due to the presence of soluble rocks throughout the region, that highly predispose the area to this very subtle natural hazard. In addition to the natural setting, which favours their development, sinkholes may also be induced by anthropogenic activities. In the latter sense, underground quarrying represents one of the most dangerous activities in karst areas. Apulia has a long history of quarrying. Since the roman time, the local rocks, from the Cretaceous micritic limestones to the Quaternary calcarenites, have been intensely quarried and used as building and ornamental materials. In several settings of the region, the rocks with the best petrographic characteristics are located at depths ranging from a few to some tens of meters. This caused the opening of many underground quarries, and the development of a complex network of subterranean galleries. Underground quarrying had a great impulse at the turn between the XIX and the XX century, when a large number of quarries was opened. Later on, after the Second World War, most of the quarries were progressively abandoned, even because of the first signs of instability, both underground and at the ground surface. With time, the memory of the presence and development of the underground quarries was progressively lost, with severe repercussions on the safety of the land above the excavated areas. Lack of knowledge of the subterranean pattern of galleries, combined with the expansion of the built-up areas at the surface, resulted in increasing significantly the vulnerability of exposed elements at risk. Events such as the 29 March, 2007, at Gallipoli only by chance did not result in any casualties, when a 15-mt wide and 5-mt deep sinkhole opened in a few hours at a road crossing, above the site of an old underground quarry

  8. Attack surfaces

    DEFF Research Database (Denmark)

    Gruschka, Nils; Jensen, Meiko

    2010-01-01

    The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion...... of attack surfaces of the cloud computing scenario participants....

  9. Forensics Investigation of Web Application Security Attacks

    OpenAIRE

    Amor Lazzez; Thabet Slimani

    2015-01-01

    Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the sec...

  10. Detection and Prevention of Denial of Service (DoS Attacks in Mobile Ad Hoc Networks using Reputation-based Incentive Schemes

    Directory of Open Access Journals (Sweden)

    Mieso, K Denko

    2005-08-01

    Full Text Available Mobile ad hoc networks (MANETs are dynamic mobile networks that can be formed in the absence of any pre-existing communication infrastructure. In addition to node mobility, a MANET is characterized by limited resources such as bandwidth, battery power, and storage space. The underlying assumption in MANETs is that the intermediate nodes cooperate in forwarding packets. However, this assumption does not hold in commercial and emerging civilian applications. MANETs are vulnerable to Denial of Service (DoS due to their salient characteristics. There is a need to provide an incentive mechanism that can provide cooperation among nodes in the network and improve overall network performance by reducing DoS attacks. In this paper, we propose a reputation-based incentive mechanism for detecting and preventing DoS attacks. DoS attacks committed by selfish and malicious nodes were investigated. Our scheme motivates nodes to cooperate and excludes them from the network only if they fail to do so. We evaluated the performance of our scheme using the packet delivery ratio, the routing and communication overhead, and misbehaving node detection in a discrete event-simulation environment. The results indicate that a reputation-based incentive mechanism can significantly reduce the effect of DoS attacks and improve performance in MANETs.

  11. Comparison of a new GIS-based technique and a manual method for determining sinkhole density: An example from Illinois' sinkhole plain

    Science.gov (United States)

    Angel, J.C.; Nelson, D.O.; Panno, S.V.

    2004-01-01

    A new Geographic Information System (GIS) method was developed as an alternative to the hand-counting of sinkholes on topographic maps for density and distribution studies. Sinkhole counts were prepared by hand and compared to those generated from USGS DLG data using ArcView 3.2 and the ArcInfo Workstation component of ArcGIS 8.1 software. The study area for this investigation, chosen for its great density of sinkholes, included the 42 public land survey sections that reside entirely within the Renault Quadrangle in southwestern Illinois. Differences between the sinkhole counts derived from the two methods for the Renault Quadrangle study area were negligible. Although the initial development and refinement of the GIS method required considerably more time than counting sinkholes by hand, the flexibility of the GIS method is expected to provide significant long-term benefits and time savings when mapping larger areas and expanding research efforts. ?? 2004 by The National Speleological Society.

  12. Heart Attack

    Science.gov (United States)

    ... properly causes your body's blood sugar levels to rise, increasing your risk of heart attack. Metabolic syndrome. This occurs when you have obesity, high blood pressure and high blood sugar. Having metabolic ...

  13. Heart Attack

    Science.gov (United States)

    ... family history of heart attack race – African Americans, Mexican Americans, Native Americans, and native Hawaiians are at ... Your doctor will prescribe the medicines that are right for you. If you have had a heart ...

  14. Distinct Element modeling of geophysical signatures during sinkhole collapse

    Science.gov (United States)

    Al-Halbouni, Djamil; Holohan, Eoghan P.; Taheri, Abbas; Dahm, Torsten

    2017-04-01

    A sinkhole forms due to the collapse of rocks or soil near the Earth's surface into an underground cavity. Such cavities represent large secondary pore spaces derived by dissolution and subrosion in the underground. By changing the stress field in the surrounding material, the growth of cavities can lead to a positive feedback, in which expansion and mechanical instability in the surrounding material increases or generates new secondary pore space (e.g. by fracturing), which in turn increases the cavity size, etc. A sinkhole forms due to the eventual subsidence or collapse of the overburden that becomes destabilized and fails all the way to the Earth's surface. Both natural processes like (sub)surface water movement and earthquakes, and human activities, such as mining, construction and groundwater extraction, intensify such feedbacks. The development of models for the mechanical interaction of a growing cavity and fracturing of its surrounding material, thus capturing related precursory geophysical signatures, has been limited, however. Here we report on the advances of a general, simplified approach to simulating cavity growth and sinkhole formation by using 2D Distinct Element Modeling (DEM) PFC5.0 software and thereby constraining pre-, syn- and post-collapse geophysical and geodetic signatures. This physically realistic approach allows for spontaneous cavity development and dislocation of rock mass to be simulated by bonded particle formulation of DEM. First, we present calibration and validation of our model. Surface subsidence above an instantaneously excavated circular cavity is tracked and compared with an incrementally increasing dissolution zone both for purely elastic and non-elastic material.This validation is important for the optimal choice of model dimensions and particles size with respect to simulation time. Second, a cavity growth approach is presented and compared to a well-documented case study, the deliberately intensified sinkhole collapse at

  15. Evaluation of sinkhole occurrence in the Valley and Ridge Province, East Tennessee: Phase 3

    International Nuclear Information System (INIS)

    Newton, J.G.; Tanner, J.M.

    1987-11-01

    Data from a reconnaissance-type inventory of sinkhole occurrence and from more detailed inventories in selected areas were used to determine regional density and frequency of sinkhole occurrence in the Valley and Ridge Province, Tennessee. The overall database consisted of 333 sinkholes of which 211, or 63 percent of the total, were classified as induced. Almost all induced sinkholes resulted from construction activities, such as grading, ditching, and impoundment of water. Extrapolation of data to provide estimates of regional sinkhole density necessitated adjustment of the reconnaissance inventory. Adjustment factors were calculated by comparing reconnaissance inventories from selected areas with those obtained from detailed inventories in the same areas. The number of sinkholes in the detailed inventories was 5 and 8.5 times greater than the number in the reconnaissance inventories

  16. ERT-based Investigation of a Sinkhole in Greene County, Missouri

    OpenAIRE

    Aleksandra V. Varnavina; Evgeniy V. Torgashov; Neil L. Anderson; Shishay T. Kidanu

    2016-01-01

    Investigating sinkhole morphology and formation mechanisms is key to understanding their long term impact and susceptibility to development, and aids in the design of effective mitigation measures. In this study, ERT (electrical resistivity tomography), MASW (multichannel analysis of surface waves) and borehole data were used to image the subsurface morphology of an active sinkhole in Greene County, Missouri. The study reveals that the sinkhole developed along a natural surface drainage pathw...

  17. Plant distribution-altitude and landform relationships in karstic sinkholes of Mediterranean region of Turkey.

    Science.gov (United States)

    Ozkan, Kürsad; Gulsoy, Serkan; Mert, Ahmet; Ozturk, Munir; Muys, Bart

    2010-01-01

    The purpose of this study was to investigate the relationships between the plant distribution and the altitude-shape-size characteristics of sinkholes, and the landform characteristics inside sinkholes in the Mediterranean region of Turkey. Block kriging, Factor analysis, Cluster Analysis and Detrended Correspondence Analysis were performed. The sinkhole type and altitudinal zone were found to be the significant factors affecting the plant distribution. However, the sinkhole type was more important than the altitudinal zone. Hence, the sinkholes were first subdivided into groups according to types and then the groups were divided into subgroups according to the altitudinal zones. Consequently, 4 groups were defined; A-type sinkholes [1400-1550 m (A1), 1550-1700 m (A2)] and B-type sinkholes [1400-1550 (B1), 1550-1700 m (B2)]. The B-type was wider vertically and shorter horizontally than A-type sinkholes. Significant differences were found between the plant distribution and slope position inside the sinkholes. Plant distribution in the lower slopes was different from that in the flats and ridges in the B1 sub-type of B-type. Plant distribution in B2 subtype was different among the slope positions (ridge, middle slope, lower slope, and flat). Although distribution of plants is different in different parts (ridges, upper slope, middle slope, lower slope and basal flats) of A sinkhole, the differences between the parts of intermediate slope position are not significant. A high plant variability along short distances in the sinkholes was observed in the study area. That is why the site of sinkholes have a big potential for the distribution of many species. Hence, the area must be separated as strictly protected zone.

  18. Global warming causes sinkhole collapse – Case study in Florida, USA

    OpenAIRE

    Meng, Yan; Jia, Long

    2018-01-01

    The occurrence frequency and intensity of many natural geohazards, such as landslides, debris flows and earthquakes, have increased in response to global warming. However, the effects of such on development and spread of sinkholes has been largely overlooked. Most research shows that water pumping and related drawdown is the most important factor in sinkhole development, but in this paper evidence is presented which highlights the role played by global warming in causing sinkholes. The state ...

  19. Study of the factors affecting the karst volume assessment in the Dead Sea sinkhole problem using microgravity field analysis and 3-D modeling

    Directory of Open Access Journals (Sweden)

    L. V. Eppelbaum

    2008-11-01

    Full Text Available Thousands of sinkholes have appeared in the Dead Sea (DS coastal area in Israel and Jordan during two last decades. The sinkhole development is recently associated with the buried evaporation karst at the depth of 25–50 m from earth's surface caused by the drop of the DS level at the rate of 0.8–1.0 m/yr. Drop in the Dead Sea level has changed hydrogeological conditions in the subsurface and caused surface to collapse. The pre-existing cavern was detected using microgravity mapping in the Nahal Hever South site where seven sinkholes of 1–2 m diameter had been opened. About 5000 gravity stations were observed in the area of 200×200 m2 by the use of Scintrex CG-3M AutoGrav gravimeter. Besides the conventional set of corrections applied in microgravity investigations, a correction for a strong gravity horizontal gradient (DS Transform Zone negative gravity anomaly influence was inserted. As a result, residual gravity anomaly of –(0.08÷0.14 mGal was revealed. The gravity field analysis was supported by resistivity measurements. We applied the Emigma 7.8 gravity software to create the 3-D physical-geological models of the sinkholes development area. The modeling was confirmed by application of the GSFC program developed especially for 3-D combined gravity-magnetic modeling in complicated environments. Computed numerous gravity models verified an effective applicability of the microgravity technology for detection of karst cavities and estimation of their physical-geological parameters. A volume of the karst was approximately estimated as 35 000 m3. The visual analysis of large sinkhole clusters have been forming at the microgravity anomaly site, confirmed the results of microgravity mapping and 3-D modeling.

  20. Sinkhole investigated at B.C. Hydro's Bennett Dam

    International Nuclear Information System (INIS)

    Anon.

    1996-01-01

    The cause of a sinkhole which appeared in a roadway crossing an earth filled dam in B. C., was discussed. The hole measured 6 ft. across and 20 ft. deep, and occurred in B.C. Hydro's W.A.C. Bennett Dam which measures 600 ft. high, 2,600 ft. wide at the base and 35 ft. wide at the crest. The cause of the sinkhole is not known, but it is believed that a weakness in the dam may have found its way to the surface via a pipe connected to a bedrock settlement gauge buried within the dam. Sonar and ground penetrating radar were used to examine the area. The hole has been filled with gravel and monitoring continues. Experts do not anticipate immediate risk of dam failure. 1 fig

  1. Development of sinkholes resulting from man's activities in the Eastern United States

    Science.gov (United States)

    Newton, John G.

    1987-01-01

    Development of induced sinkholes in carbonate terranes in the Eastern United States has resulted in costly damage and water pollution. Previously, detailed investigations of sinkholes were limited to Alabama and Missouri, with the most comprehensive being in Alabama. An investigation of the remainder of the area was made in 1981 to regionalize previous findings. More than 850 sites of sinkhole development have been identified in 19 States. It is estimated that more than 6,500 sinkholes or related features have formed at these sites. Most have occurred since 1950. Based on information available, States most impacted are Alabama, Florida, Georgia, Missouri, Pennsylvania, and Tennessee.

  2. Sinkhole formation mechanism at Steinaker Dam : the complete story

    Energy Technology Data Exchange (ETDEWEB)

    Dise, K. [United States Dept. of the Interior, Washington, DC (United States). Bureau of Reclamation

    2009-07-01

    This case history summary described an internal erosion event that occurred at a zoned earthfill dam located within the Ashley Creek watershed area of the Uinta Mountain uplift. The incident occurred under static loading. The rocks in the region are heavily fractured with close to moderately spaced joints along the bedding planes. The joints were not grouted during the dam's construction, and the foundation was not treated with dental concrete or slush grouting. The dam's core material consisted of a mixture of clay, silt and sand. A sinkhole area appeared on the downstream face of the dam and was filled. A second sinkhole appeared in 1965. Abutment grouting was performed. A core investigation study in 1992 showed that voids were present in the core. Deep dynamic compaction was used to densify the foundation materials. Voids in the gravel envelope were filled with fine sand. The investigation showed that the sinkholes were formed by seeps travelling through abutment bedrock fractures. The voids were large enough to provide an exit for the fine-grained foundation alluvial materials. It was concluded that grouting the abutment prevented higher velocity seepages that may have eventually initiated a dam breach. 6 figs.

  3. A study of sinkhole hazard at area of locked colliery

    International Nuclear Information System (INIS)

    Kotyrba, A.

    2005-01-01

    Transformations of polish industry began the process of mine closures. Among various mines being in process of abandoning, there are a large number of collieries, which exploited coal since 17. century. The depth of mining openings ranged from some to hundreds meters. The height of primary mining openings ranged from 1 to 9 m. Mining operations have left in geological basement large number of cavities, which still create a hazard to the surface stability. Post mining deformations of the surface can take continuous and discontinuous forms. The last ones are the topic of paper. Although those deformations can take various forms, they are commonly called as sinkholes. In paper, the sinkholes hazard has been analyzed in a scale of selected one mine area, in regard to various parameters. The selected 'Siemianowice' mine is located in northern part of the Upper Silesian Coal Basin. A database containing full set of sinkholes, recorded within area of mine in a period of 50 years, has been tested in geomechanical and statistical approaches. (author)

  4. A study of sinkhole hazard at area of locked colliery

    Energy Technology Data Exchange (ETDEWEB)

    Kotyrba, A. [Central Mining Institute, Gwarkow (Poland)

    2005-07-01

    Transformations of polish industry began the process of mine closures. Among various mines being in process of abandoning, there are a large number of collieries, which exploited coal since 17. century. The depth of mining openings ranged from some to hundreds meters. The height of primary mining openings ranged from 1 to 9 m. Mining operations have left in geological basement large number of cavities, which still create a hazard to the surface stability. Post mining deformations of the surface can take continuous and discontinuous forms. The last ones are the topic of paper. Although those deformations can take various forms, they are commonly called as sinkholes. In paper, the sinkholes hazard has been analyzed in a scale of selected one mine area, in regard to various parameters. The selected 'Siemianowice' mine is located in northern part of the Upper Silesian Coal Basin. A database containing full set of sinkholes, recorded within area of mine in a period of 50 years, has been tested in geomechanical and statistical approaches. (author)

  5. Data mining techniques for distributed denial of service attacks detection in the internet of things: A research survey

    CSIR Research Space (South Africa)

    Machaka, P

    2016-08-01

    Full Text Available This chapter reviews the evolution of the traditional internet into the Internet of Things (IoT). The characteristics and application of the IoT are also reviewed, together with its security concerns in terms of distributed denial of service attacks...

  6. Detection and mapping of mountain pine beetle red attack: Matching information needs with appropriate remotely sensed data

    Science.gov (United States)

    M. A. Wulder; J. C. White; B. J. Bentz

    2005-01-01

    Estimates of the location and extent of the red attack stage of mountain pine beetle (Dentroctonus ponderosae Hopkins) infestations are critical for forest management. The degree of spatial and temporal precision required for these estimates varies according to the management objectives and the nature of the infestation. This paper outlines a hierarchy of information...

  7. Hydrogeology - SINKHOLE_DENSITY_KM2_IN_KY_2011: Density of sinkholes per square kilometer in southern Indiana and Kentucky, Derived from the 2011 Sinkhole Inventory (Indiana Geological Survey, 30-Meter TIFF Image)

    Data.gov (United States)

    NSGIC State | GIS Inventory — This raster file was created to display in a geographic information systems (GIS) the density in square kilometers of mapped and modeled (indirectly mapped) sinkhole...

  8. Control of very heavy water inrush from sinkholes connecting with Ordovician limestone. Part 1. [China

    Energy Technology Data Exchange (ETDEWEB)

    1986-01-01

    This paper describes the comprehensive water control methods used in Fangezhuang Colliery: water drainage; cutting off of water; and sealing off the water. For water drainage, 20 large-sized submarine pumps were used in Lujiatuo and Fangezhuang collieries with a delivery of 300 m/sup 3//min to control the rising of water level. For cutting off the water, a three-section horizontal injection method and 8 grouting techniques were applied to cut off the water in 3 roadways at the boundary between Lujiatuo and Fangezhuang with water flowing at an average rate of 300 m/sup 3//min. For sealing off the water, a radio perspective instrument was used to detect the shape of No. 2171 sinkhole in Fangezhuang, and computers were employed to process the hydrogeological data. The three section vertical grouting method was introduced, and the inrush water source was sealed off with a success of over 99%.

  9. Sediment Dynamics Within Buffer Zone and Sinkhole Splay Areas Under Extreme Soil Disturbance Conditions.

    Science.gov (United States)

    Schoonover, Jon E; Crim, Jackie F; Williard, Karl W J; Groninger, John W; Zaczek, James J; Pattumma, Klairoong

    2015-09-01

    Sedimentation dynamics were assessed in sinkholes within training areas at Ft. Knox Military Installation, a karst landscape subjected to decades of tracked vehicle use and extreme soil disturbance. Sinkholes sampled were sediment-laden and behaved as intermittent ponds. Dendrogeomorphic analyses were conducted using willow trees (Salix spp.) located around the edge of 18 sinkholes to estimate historical sedimentation rates, and buried bottles were installed in 20 sinkholes at the center, outer edge, and at the midpoint between the center and edge to estimate annual sedimentation rates. Sedimentation data were coupled with vegetation characteristics of sinkhole buffers to determine relationships among these variables. The dendrogeomorphic method estimated an average accumulation rate of 1.27 cm year(-1) translating to a sediment loss rate of 46.1 metric ton year(-1) from the training areas. However, sediment export to sinkholes was estimated to be much greater (118.6 metric ton year(-1)) via the bottle method. These data suggest that the latter method provided a more accurate estimate since accumulation was greater in the center of sinkholes compared to the periphery where dendrogeomorphic data were collected. Vegetation data were not tightly correlated with sedimentation rates, suggesting that further research is needed to identify a viable proxy for direct measures of sediment accumulation in this extreme deposition environment. Mitigation activities for the sinkholes at Ft. Knox's tank training area, and other heavily disturbed karst environments where extreme sedimentation exists, should consider focusing on flow path and splay area management.

  10. Sinkhole development resulting from ground-water withdrawal in the Tampa area, Florida

    Science.gov (United States)

    Sinclair, William C.

    1982-01-01

    The area of municipal well fields on the Gulf Coastal Plain north of tampa, Fla., is densely pitted with natural sinkholes and sinkhole lakes that have resulted from collapse of surficial sand and clay into solution cavities in the underlying carbonate rocks of the Floridan aquifer. Although solution of the underlying rocks is the ultimate cause of sinkholes, some have been induced by abrupt changes in ground-water levels caused by pumping. Declines in water levels cause loss of support to the bedrock roofs over cavities and to surficial material overlying openings in the top of bedrock. The volume of calcium, magnesium , and carbonate (the constituents of limestone and dolomite) in solution in the water withdrawn from four well fields near Tampa totaled about 240,000 cubic feet in 1978. Most induced solution takes place at the limestone surface however, and the area of induced recharge is so extensive that the effect of induced limestone solution on sinkhole development is negligible. Alinement of established sinkholes along joint patterns in the bedrock suggests that a well along these lineations might have direct hydraulic connection with a zone of incipient sinkholes. Therefore, pumping of large-capacity wells along such lineations would increase the probability of sinkhole development. Although sinkholes generally form abruptly in the study area, local changes such as vegetative stress, ponding of rainfall, misalinement of structures, and turbidity in well water are all indications that percollapse subsidence may be taking place. (USGS)

  11. Quantitative assessment of pedodiversity and soil erosion within a karst sinkhole in the dry steppe subzone

    Science.gov (United States)

    Smirnova, M. A.; Gennadiev, A. N.

    2017-08-01

    A detailed study of the soil cover of a sinkhole (300 m2) in the dry steppe landscape of the Bogdinsk-Baskunchak Natural Reserve in Astrakhan oblast has been performed, and the factors of its differentiation have been analyzed. The indices of pedodiversity have been calculated and compared for karst sinkholes in the dry steppe and northern taiga landscapes. Quantitative parameters of the lateral migration of solid soil substances on the slopes of the sinkhole have been determined. The rate of soil erosion decreases from the slope of southern aspect to the slopes of western, northern, and eastern aspects. On the average, it is estimated at 0.4 mm/yr. The average rate of accumulation of solid substances on the lower parts of the slopes and in the bottom of the sinkhole reaches 0.74 mm/yr. A comparative analysis of the soil properties attests to their dependence on the particular position of a given soil within the sinkhole. Downward the slopes of the sinkhole, full-profile brown arid soils (Cambic Calcisols) are replaced by sierozem-like soils (Haplic Calcisols), light-humus poorly developed soils (Luvisols), lithozems (Leptosols), and stratified soils (stratozems, or Colluvic Regosols). The soils within the upper ring-shape soil microzone are more diverse and contrasting with respect to their morphological, physical, chemical, and physicochemical properties. The degree of soil contrasts decreases down the slopes of the sinkhole towards its bottom. The studied sinkhole is characterized by considerable pedodiversity. Quantitative parameters of pedodiversity for the sinkhole in the dry steppe zone are higher than those form the sinkholes in the northern taiga zone.

  12. Method of predicting surface deformation in the form of sinkholes

    Energy Technology Data Exchange (ETDEWEB)

    Chudek, M.; Arkuszewski, J.

    1980-06-01

    Proposes a method for predicting probability of sinkhole shaped subsidence, number of funnel-shaped subsidences and size of individual funnels. The following factors which influence the sudden subsidence of the surface in the form of funnels are analyzed: geologic structure of the strata between mining workings and the surface, mining depth, time factor, and geologic disolocations. Sudden surface subsidence is observed only in the case of workings situated up to a few dozen meters from the surface. Using the proposed method is explained with some examples. It is suggested that the method produces correct results which can be used in coal mining and in ore mining. (1 ref.) (In Polish)

  13. Atrial fibrillation detected by external loop recording for seven days or two-day simultaneous Holter recording: A comparison in patients with ischemic stroke or transient ischemic attack.

    Science.gov (United States)

    Sejr, Michala Herskind; Nielsen, Jens Cosedis; Damgaard, Dorte; Sandal, Birgitte Forsom; May, Ole

    Atrial fibrillation (AF) is the most common cardiac cause of ischemic stroke and transient ischemic attack (IS/TIA). To compare the diagnostic value of seven-day external loop recording (ELR) and two-day Holter recording for detecting AF after IS/TIA. 191 IS/TIA patients without AF history. Endpoint was AF >30s. We started two-day Holter recording and seven-day ELR simultaneously. Seven-day ELR and two-day Holter recording detected the same three AF patients. ELR detected another six patients with AF adjudicated by cardiologists, four detections after Holter (3 vs. 7, p=0.125) and two false-positive detections during Holter. Seven-day ELR automatically classified 50/191 patients (26%) with AF, but only 7/50 (14%) were confirmed as AF by cardiologists. Seven-day ELR did not detect significantly more patients with AF than two-day Holter recording. 86% of patients with ELR-classified AF were false positives, indicating a poor performance of the automatic AF detection algorithm used. Copyright © 2017 Elsevier Inc. All rights reserved.

  14. Sinkhole Susceptibility Analysis for Karapinar/konya via Multi Criteria Decision

    Science.gov (United States)

    Sarı, F.

    2017-11-01

    Sinkholes are being a natural hazard which threads economic and human life. Sudden occurrence characteristic of sinkholes make it unable to escape. There are a lot of factor that activate sinkholes such as geology, irrigation, land use and human related factors. In Karapınar, Konya, there are over 200 sinkholes and this count is getting increased in recent years. Especially active agricultural lands, decreasing ground water level, extreme irrigation by 55267 water wells increase the risk factor of Karapınar. Nowadays, considering the economic contribution of Karapınar to Turkey economy in the field of agriculture, solar energy fields and thermal reactor which will be planned in next few years, prediction of sinkholes and searching for preventation ways are being more important issue. In this study, sinkhole susceptibility map via AHP was carried out for Karapınar in Konya. Slope, land use, elevation, geology, water wells, distance to roads and settlements criteria are included to determine susceptibility. The weights are calculated with AHP for each criterion and generated susceptibility map is overlapped with existing sinkholes. Suggestions and results are shared for this study.

  15. SINKHOLE SUSCEPTIBILITY ANALYSIS FOR KARAPINAR/KONYA VIA MULTI CRITERIA DECISION

    Directory of Open Access Journals (Sweden)

    F. Sarı

    2017-11-01

    Full Text Available Sinkholes are being a natural hazard which threads economic and human life. Sudden occurrence characteristic of sinkholes make it unable to escape. There are a lot of factor that activate sinkholes such as geology, irrigation, land use and human related factors. In Karapınar, Konya, there are over 200 sinkholes and this count is getting increased in recent years. Especially active agricultural lands, decreasing ground water level, extreme irrigation by 55267 water wells increase the risk factor of Karapınar. Nowadays, considering the economic contribution of Karapınar to Turkey economy in the field of agriculture, solar energy fields and thermal reactor which will be planned in next few years, prediction of sinkholes and searching for preventation ways are being more important issue. In this study, sinkhole susceptibility map via AHP was carried out for Karapınar in Konya. Slope, land use, elevation, geology, water wells, distance to roads and settlements criteria are included to determine susceptibility. The weights are calculated with AHP for each criterion and generated susceptibility map is overlapped with existing sinkholes. Suggestions and results are shared for this study.

  16. Monitoring and modeling of sinkhole-related subsidence in west-central Florida mapped from InSAR and surface observations

    Science.gov (United States)

    Kiflu, H.; Oliver-Cabrera, T.; Robinson, T.; Wdowinski, S.; Kruse, S.

    2017-12-01

    Sinkholes in Florida cause millions of dollars in damage to infrastructure each year. Methods of early detection of sinkhole-related subsidence are clearly desirable. We have completed two years of monitoring of selected sinkhole-prone areas in west central Florida with XXX data and analysis with XXX algorithms. Filters for selecting targets with high signal-to-noise ratio and subsidence over this time window (XX-2015-XX-2017) are being used to select sites for ground study. A subset of the buildings with InSAR-detected subsidence indicated show clear structural indications of subsidence in the form of cracks in walls and roofs. Comsol Multiphysics models have been developed to describe subsidence at the rates identified from the InSAR analysis (a few mm/year) and on spatial scales observed from surface observations, including structural deformation of buildings and ground penetrating radar images of subsurface deformation (length scales of meters to tens of meters). These models assume cylindrical symmetry and deformation of elastic and poroelastic layers over a growing sphering void.

  17. Bayou Corne sinkhole : control measurements of State Highway 70 in Assumption Parish, Louisiana.

    Science.gov (United States)

    2014-01-01

    This project measured and assessed the surface stability of the portion of LA Highway 70 that is : potentially vulnerable to the Assumption Parish sinkhole. Using Global Positioning Systems (GPS) : enhanced by a real-time network (RTN) of continuousl...

  18. Bayou Corne Sinkhole: Control Measurements of State Highway 70 in Assumption Parish, Louisiana : Research Project Capsule

    Science.gov (United States)

    2012-09-01

    The sinkhole located in northern Assumption Parish, Louisiana, threatens : the stability of Highway 70, a state-maintained route. In order to monitor : and mitigate potential damage eff ects on this infrastructure, the Louisiana : Department of Trans...

  19. Application of electrical resistivity tomography techniques for mapping man-made sinkholes

    Science.gov (United States)

    Rey, J.; Martínez, J.; Hidalgo, C.; Dueñas, J.

    2012-04-01

    The suitability of the geophysical prospecting by electrical resistivity tomography to detect and map man-made subsurface cavities and related sinkholes has been studied in the Linares abandoned mining district (Spain). We have selected for this study four mined sectors constituted of different lithologies: granite and phyllites of Paleozoic age, and Triassic shales and sandstones. In three of these sectors, detail underground topographic surveys were carried out to chart the position and dimensions of the mining voids (galleries and chamber), in order to analyze the resolution of this methodology to characterize these cavities by using different electrode arrays. The results are variable, depending on the depth and diameter of the void, the selected electrode array, the spacing between electrodes, geological complexity and data density. These results also indicate that when the cavity is empty, an anomaly with a steep gradient and high resistivity values is registered, because the air that fills the mining void is dielectric, while when the cavities are filled with fine grain sediments, frequently saturated in water, the electrical resistance is lower. In relation with the three different multi-electrode arrays tested, the Wenner-Schlumberger array has resulted to offer the maximum resolution in all these cases, with lower and more stable values for the RMS than the other arrays. Therefore, this electrode array has been applied in the fourth studied sector, a former mine near the city centre of Linares, in an area of urban expansion in which there are problems of subsidence. Two sets of four electrical tomography profiles have been carried out, perpendicular to each other, and which have allowed reaching depths of research between 30-35 m. This net-array allowed the identification of two shallow anomalies of low resistivity values, interpreted as old mining galleries filled with fine material saturated in water. It also allows detecting two fractures, correlated

  20. Identification, prediction, and mitigation of sinkhole hazards in evaporite karst areas

    Science.gov (United States)

    Gutierrez, F.; Cooper, A.H.; Johnson, K.S.

    2008-01-01

    Sinkholes usually have a higher probability of occurrence and a greater genetic diversity in evaporite terrains than in carbonate karst areas. This is because evaporites have a higher solubility and, commonly, a lower mechanical strength. Subsidence damage resulting from evaporite dissolution generates substantial losses throughout the world, but the causes are only well understood in a few areas. To deal with these hazards, a phased approach is needed for sinkhole identification, investigation, prediction, and mitigation. Identification techniques include field surveys and geomorphological mapping combined with accounts from local people and historical sources. Detailed sinkhole maps can be constructed from sequential historical maps, recent topographical maps, and digital elevation models (DEMs) complemented with building-damage surveying, remote sensing, and high-resolution geodetic surveys. On a more detailed level, information from exposed paleosubsidence features (paleokarst), speleological explorations, geophysical investigations, trenching, dating techniques, and boreholes may help in investigating dissolution and subsidence features. Information on the hydrogeological pathways including caves, springs, and swallow holes are particularly important especially when corroborated by tracer tests. These diverse data sources make a valuable database-the karst inventory. From this dataset, sinkhole susceptibility zonations (relative probability) may be produced based on the spatial distribution of the features and good knowledge of the local geology. Sinkhole distribution can be investigated by spatial distribution analysis techniques including studies of preferential elongation, alignment, and nearest neighbor analysis. More objective susceptibility models may be obtained by analyzing the statistical relationships between the known sinkholes and the conditioning factors. Chronological information on sinkhole formation is required to estimate the probability of

  1. Application Of Two Dimensional Electrical Resistivity Tomography Method For Delineating Cavities And Flowpath In Sinkhole Prone Area Of Armala Valley, Pokhara, Western Nepal

    Science.gov (United States)

    Bhusal, U. C.; Dwivedi, S.; Ghimire, H.; Ulak, P. D.; Khatiwada, B.; Rijal, M. L.; Neupane, Y.; Aryal, S.; Pandey, D.; Gautam, A.; Mishra, S.

    2017-12-01

    Sudden release of turbid groundwater through piping in the Kali Khola and subsequent formation of over one hundred twenty sinkholes since 18 November, 2013 to May, 2014 in Armala Valley in northern part of Pokhara created havoc to the local residents. The main objective of the work is to investigate subsurface anomalies so as to locate the subsurface cavities, groundwater movement and areas prone to sinkholes formation in the area. Findings of the several studies and observations carried out in area by the authors and preventive measures carried out by Department of Water Induced Disaster Management are presented in the paper. To fulfill the objective 2D-Electrical Resistivity Tomography Survey was carried out at sixty five profiles with minimum electrode spacing from 1 m to 5 m on different profiles using WDJD-4 Resistivity meter. Res2Dinv Software was used for processing and interpretation of the acquired data. Geological mapping, preparation of columnar section of the sinkholes and river bank were conducted. Hand auguring, tracer test and topography survey were also carried out in the area. Different geophysical anomalies were identified in 2D-ERT survey which indicates the presence of compositional difference in layered sediments, undulations in depositional pattern with top humus layer of thickness 0.5 m, loose unconsolidated gravel layer 0.5 m - 4 m and clayey silt/silty clay layer upto 75 m depth. The cavities were found both in clayey silt layer and gravel layer with size ranging from 1-2 m to 10-12 m in depth and 2 m-10 m in diameter either empty or water filled depending on locations. Fifteen cavities that were detected during survey were excavated and immediately filled up. Three major and four minor groundwater flow paths were detected which has been later confirmed by tracer test, formation of new sinkholes along the path and during excavation for construction of underground structures for blocking the underground flow. Major flow path was detected at

  2. Semi-automatic software based detection of atrial fibrillation in acute ischaemic stroke and transient ischaemic attack

    DEFF Research Database (Denmark)

    Nickelsen, M N; Snoer, A; Ali, A M

    2017-01-01

    (12.6%) patients were diagnosed with PAF (atrial fibrillation > 30 s). Pathfinder SL software including a systematic control of events registered 16 (94.1%) patients with PAF. Manually 15 (88.2%) patients were detected with PAF. Pathfinder SL had a negative predictive value of 99% and sensitivity...

  3. Heart Attack Recovery FAQs

    Science.gov (United States)

    ... recommendations to make a full recovery. View an animation of a heart attack . Heart Attack Recovery Questions ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

  4. Performance of short ECG recordings twice daily to detect paroxysmal atrial fibrillation in stroke and transient ischemic attack patients

    DEFF Research Database (Denmark)

    Poulsen, Mai Bang; Binici, Zeynep; Domínguez, Helena

    2017-01-01

    Aims Prolonged cardiac monitoring after stroke is recommended though there is no consensus on optimal methods. Short-term ECG recordings with a "thumb-ECG" device have shown promising preliminary results regarding effectiveness and cost benefit. We aimed to examine the performance of thumb...... methods was poor and the trial was not powered to detect a minor difference between the devices. The inter-observer agreement for the thumb-ECG was substantial. www.clinicalTrials.gov UI: NCT02261766....

  5. TWO EXAMPLES FOR IMAGING BURIED GEOLOGICAL BOUNDARIES: SINKHOLE STRUCTURE AND SEYİT HACI FAULT, KARAPINAR, KONYA

    Directory of Open Access Journals (Sweden)

    Ertan TOKER

    2014-12-01

    Full Text Available Once anomalies with positive and negative circular closures are assessed together inpotential field maps, the ones which have meaningful geometric structure appear as moredistinguishable. When the edge detection is applied, the preliminary geological modelabout the geological structure may or may not be verified. When it is not verified then it isunderstood that the predicted geological model should be reconsidered and discussedagain. In this study, the edge detection was introduced and the success of the method wastested in an artificial data. Following that, its effect on sinkholes was studied applying themethod on detailed gravity data collected in Karapınar (Konya region. At the same time,this method was applied on data related to active Seyit Hacı Fault zone. It was detectedthat the fault had shown continuity towards SW and these evidences were discussed

  6. Sinkholes - a trapping mechanism for oil and gas in the Ordovician of Kent an Essex counties, Ontario

    Energy Technology Data Exchange (ETDEWEB)

    Cochrane, R. O.

    1997-06-01

    The stratigraphy and lithology of the Trenton and Black River carbonates were described and the geological and physical processes for the formation of caves and sinkholes were reviewed, using modern examples. The existence of sinkholes was demonstrated with three examples from wells drilled into the Trenton and Black River groups. Using this information as the basis, the sequence of events for the accumulation of hydrocarbons in the brecciated (fragmented rock) segment of a sinkhole was presented. It was concluded that sinkholes provide an excellent trapping mechanism for hydrocarbons. 13 refs., 23 figs.

  7. SINKHOLE SUSCEPTIBILITY HAZARD ZONES USING GIS AND ANALYTICAL HIERARCHICAL PROCESS (AHP: A CASE STUDY OF KUALA LUMPUR AND AMPANG JAYA

    Directory of Open Access Journals (Sweden)

    M. A. H. M. Rosdi

    2017-10-01

    Full Text Available Sinkhole is not classified as new phenomenon in this country, especially surround Klang Valley. Since 1968, the increasing numbers of sinkhole incident have been reported in Kuala Lumpur and the vicinity areas. As the results, it poses a serious threat for human lives, assets and structure especially in the capital city of Malaysia. Therefore, a Sinkhole Hazard Model (SHM was generated with integration of GIS framework by applying Analytical Hierarchical Process (AHP technique in order to produced sinkhole susceptibility hazard map for the particular area. Five consecutive parameters for main criteria each categorized by five sub classes were selected for this research which is Lithology (LT, Groundwater Level Decline (WLD, Soil Type (ST, Land Use (LU and Proximity to Groundwater Wells (PG. A set of relative weights were assigned to each inducing factor and computed through pairwise comparison matrix derived from expert judgment. Lithology and Groundwater Level Decline has been identified gives the highest impact to the sinkhole development. A sinkhole susceptibility hazard zones was classified into five prone areas namely very low, low, moderate, high and very high hazard. The results obtained were validated with thirty three (33 previous sinkhole inventory data. This evaluation shows that the model indicates 64 % and 21 % of the sinkhole events fall within high and very high hazard zones respectively. Based on this outcome, it clearly represents that AHP approach is useful to predict natural disaster such as sinkhole hazard.

  8. Sinkhole Susceptibility Hazard Zones Using GIS and Analytical Hierarchical Process (ahp): a Case Study of Kuala Lumpur and Ampang Jaya

    Science.gov (United States)

    Rosdi, M. A. H. M.; Othman, A. N.; Zubir, M. A. M.; Latif, Z. A.; Yusoff, Z. M.

    2017-10-01

    Sinkhole is not classified as new phenomenon in this country, especially surround Klang Valley. Since 1968, the increasing numbers of sinkhole incident have been reported in Kuala Lumpur and the vicinity areas. As the results, it poses a serious threat for human lives, assets and structure especially in the capital city of Malaysia. Therefore, a Sinkhole Hazard Model (SHM) was generated with integration of GIS framework by applying Analytical Hierarchical Process (AHP) technique in order to produced sinkhole susceptibility hazard map for the particular area. Five consecutive parameters for main criteria each categorized by five sub classes were selected for this research which is Lithology (LT), Groundwater Level Decline (WLD), Soil Type (ST), Land Use (LU) and Proximity to Groundwater Wells (PG). A set of relative weights were assigned to each inducing factor and computed through pairwise comparison matrix derived from expert judgment. Lithology and Groundwater Level Decline has been identified gives the highest impact to the sinkhole development. A sinkhole susceptibility hazard zones was classified into five prone areas namely very low, low, moderate, high and very high hazard. The results obtained were validated with thirty three (33) previous sinkhole inventory data. This evaluation shows that the model indicates 64 % and 21 % of the sinkhole events fall within high and very high hazard zones respectively. Based on this outcome, it clearly represents that AHP approach is useful to predict natural disaster such as sinkhole hazard.

  9. Investigation on the possible interconnection between Kanata sinkhole, on the high plateau of Tripolis, and springs of Argos area

    Energy Technology Data Exchange (ETDEWEB)

    Leontiadis, I.; Dimitroulas, C.; Zouridakis, N.; Dounas, A.; Morfis, A.; Paraskevopoulou, P.

    1984-07-01

    /sup 51/Cr-EDTA has been used as tracer for the investigation of possible interconnection between the sinkhole Kanata, on the high Plateau of Tripolis, and springs of the areas of Argos, Achladokambos and Kinouria. By this experiment, the interconnection between the sinkhole and the submarine spring of Kiveri, as well as the springs of Xovrios Achladokambos river, is proved. Furthermore, the percentage of connection between the sinkhole and the springs, the mean transit time of the water from the sinkhole to the springs, the volume of the underground reservoir feeding the springs, etc., have been calculated.

  10. Ongoing Deformation of Sinkholes in Wink, Texas, Observed by Time-Series Sentinel-1A SAR Interferometry (Preliminary Results

    Directory of Open Access Journals (Sweden)

    Jin-Woo Kim

    2016-04-01

    Full Text Available Spatiotemporal deformation of existing sinkholes and the surrounding region in Wink, TX are probed using time-series interferometric synthetic aperture radar (InSAR methods with radar images acquired from the Sentinel-1A satellite launched in April 2014. The two-dimensional deformation maps, calculated using InSAR observations from ascending and descending tracks, reveal that much of the observed deformation is vertical. Our results indicate that the sinkholes are still influenced by ground depression, implying that the sinkholes continue to expand. Particularly, a region 1 km northeast of sinkhole #2 is sinking at a rate of up to 13 cm/year, and its aerial extent has been enlarged in the past eight years when compared with a previous survey. Furthermore, there is a high correlation between groundwater level and surficial subsidence during the summer months, representing the complicated characteristics of sinkhole deformation under the influence of successive roof failures in underlying cavities. We also modeled the sinkhole deformation in a homogenous elastic half-space with two dislocation sources, and the ground depression above cavities could be numerically analyzed. Measurements of ongoing deformation in sinkholes and assessments of the stability of the land surface at sinkhole-prone locations in near real-time, are essential for mitigating the threat posed to people and property by the materialization of sinkholes.

  11. Prolonged Cardiac Monitoring to Detect Atrial Fibrillation after Cryptogenic Stroke or Transient Ischemic Attack: A Meta-Analysis of Randomized Controlled Trials.

    Science.gov (United States)

    Dahal, Khagendra; Chapagain, Bikas; Maharjan, Raju; Farah, Hussam W; Nazeer, Ayesha; Lootens, Robert J; Rosenfeld, Alan

    2016-07-01

    The cause of ischemic stroke or transient ischemic attack (TIA) remains unclear after initial cardiac monitoring in approximately one-third of patients. Randomized controlled trials (RCTs) showed that the prolonged cardiac monitoring of patients with cryptogenic stroke or TIA increased detection of atrial fibrillation (AF). We aimed to perform a meta-analysis of all RCTs that evaluated the prolonged monitoring ≥7 days in patients with cryptogenic stroke or TIA. We searched PubMed, EMBASE, Cochrane CENTRAL, and relevant references for RCTs without language restriction (inception through December 2014) and performed meta-analysis using random effects model. Detection of AF, use of anticoagulation at follow-up, recurrent stroke or TIA, and mortality were major outcomes. Four RCTs with 1149 total patients were included in the meta-analysis. Prolonged cardiac monitoring ≥7 days compared to shorter cardiac monitoring of ≤48 hours duration increased the detection of AF (≥30 seconds duration) in patients after cryptogenic stroke or TIA (13.8% vs. 2.5%; odds ratio [OR], 6.4; 95% confidence interval [CI], 3.50-11.73; P vs. 5.2%; 5.68[3.3-9.77]; P stroke or TIA (0.78[0.40-1.55]; P = 0.48; I(2) , 0%) and mortality (1.33[0.29-6.00]; P = 0.71; I(2) , 0%] were observed between two strategies. Prolonged cardiac monitoring improves detection of atrial fibrillation and anti-coagulation use after cryptogenic stroke or TIA and therefore should be considered instead of shorter duration of cardiac monitoring. © 2015 Wiley Periodicals, Inc.

  12. Inception horizon concept as a basis for sinkhole hazard mapping

    Science.gov (United States)

    Vouillamoz, J.; Jeannin, P.-Y.; Kopp, L.; Chantry, R.

    2012-04-01

    The office for natural hazards of the Vaud canton (Switzerland) is interested for a pragmatic approach to map sinkhole hazard in karst areas. A team was created by merging resources from a geoengineering company (CSD) and a karst specialist (SISKA). Large areas in Vaud territory are limestone karst in which the collapse hazard is essentially related to the collapse of soft-rocks covering underground cavities, rather than the collapse of limestone roofs or underground chambers. This statement is probably not valid for cases in gypsum and salt. Thus, for limestone areas, zones of highest danger are voids covered by a thin layer of soft-sediments. The spatial distributions of void and cover-thickness should therefore be used for the hazard assessment. VOID ASSESSMENT Inception features (IF) are millimetre to decimetre thick planes (mainly bedding but also fractures) showing a mineralogical, a granulometrical or a physical contrast with the surrounding formation that make them especially susceptible to karst development (FILIPPONI ET AL., 2009). The analysis of more than 1500 km of cave passage showed that karst conduits are mainly developed along such discrete layers within a limestone series. The so-called Karst-ALEA method (FILIPPONI ET AL., 2011) is based on this concept and aims at assessing the probability of karst conduit occurrences in the drilling of a tunnel. This approach requires as entries the identification of inception features (IF), the recognition of paleo-water-table (PWT), and their respective spatial distribution in a 3D geological model. We suggest the Karst-ALEA method to be adjusted in order to assess the void distribution in subsurface as a basis for sinkhole hazard mapping. Inception features (horizons or fractures) and paleo-water-tables (PWT) have to be first identified using visible caves and dolines. These features should then be introduced into a 3D geological model. Intersections of HI and PWT located close to landsurface are areas with a

  13. [Transport and differentiation of polycyclic aromatic hydrocarbons in air from Dashiwei karst Sinkholes in Guangxi, China].

    Science.gov (United States)

    Kong, Xiang-Sheng; Qi, Shi-Hua; Sun, Qian; Huang, Bao-Jian

    2012-12-01

    The typical karst Dashiwei Sinkholes located in Leye County, Guangxi were chosen as the study object. The air samples from the opening of Dashiwei Sinkholes to the underground river profiles were collected by polyurethane foam passive samplers (PUF-PAS), and the meteorological parameters were observed. The 16 PAHs were analyzed using GC-MS. The results showed that the total PAHs concentration in air in Dashiwei Sinkholes ranged from 33.76 ng x d(-1) to 150.86 ng x d(-1), with an average of 80.36 ng x d(-1). The mean concentrations in the cliff, the bottom and the underground river profiles were 67.17, 85.36 and 101.67 ng x d(-1), respectively. The 2-3 rings PAHs (including phenanthrene, anthracene, napnthalene and fluorene) accounted for 87.97% of the total of PAHs. The transport and accumulation processes of PAHs in air in Dashiwei Sinkholes were: the ground to the cliff section to the bottom section and then to the underground river, and the total PAHs concentrations showed an obvious increasing tendency with the decrease in altitude or increase in the length of the underground river. Low molecular weight PAHs compounds (including phenanthrene, anthracene, flourene and fluoranthene) in air went through differentiation at the bottom of the west peak, the bottom of the sinkhole and the underground river. The primary sources of PAHs were pyrogenic sources with atmosphere transport. Ambient temperature was the predominating factor influencing the transport and accumulation of gas phase PAHs in Dashiwei Sinkholes, following by wind speed, wind direction and relative humidity. Relative humidity and the temperature were the predominating factors influencing the differentiation, following by wind speed and wind direction. As a whole, a "cold trapping effect" of POPs was showed obviously in Dashiwei Sinkholes.

  14. Urbanisation of Suweimeh area, Jordan, versus sinkholes and landslides proliferation

    Science.gov (United States)

    Closson, Damien; Abou Karaki, Najib

    2013-04-01

    The Dead Sea is a terminal lake whose level lowers each year of about one meter per year since more than one decade. This is caused mainly by the diversion of surface waters from its watershed. Currently, 1/10 of the Jordan River still reaches the salt lake. The rapid lowering of the lake level does not allow all the surrounding groundwater tables to adjust their level to that of the Dead Sea. This imbalance causes an always faster migration of a part of the groundwater causing underground erosion leading to the formation of sinkholes along the coast, especially where discontinuities, such as faults, are present. The first collapses occurred in the years 1980-90. From the 2000s, in Jordan, they have proliferated to the point of causing serious damages to the facilities of the Arab Potash Company, the agricultural area of Ghor Al Haditha, and more recently the touristic region of Suweimeh. Aware of the problem and the need for gradual rising of the lake level, the Jordanian authorities attended from 2009 to 2011 to the feasibility study of the Red Sea - Dead Sea conduit. Currently, on the one hand, the growing environmental imbalance, and, on the other hand, the desires to develop economic activities along the coast, imply that more goods will be exposed to damages. For example, the area of Wadi Mujib Bridge was rebuilt completely in the late 2000s. It is the same for the 12 km of the dam 18 of an evaporation pond Arab Potash Company. The Numeira Salt Factory was completely destroyed in Ghor Al Haditha and was relocated to Safi. In August 2012, during touristic period, a landslide destroyed half of the Holiday Inn front beach, Suweimeh area ... End of December 2012, a team lead by Prof. Najib Abou Karaki warned the Arab Potash Company of the presence of a circular depression 250 m in diameter within the evaporation pond SP-0A. Although the dike of this saltpan is closely monitored, the exact location and shape of this large sinkhole were not known to the security

  15. Investigation of sinkhole areas in Germany using 2D shear wave reflection seismics and zero-offset VSP

    Science.gov (United States)

    Tschache, Saskia; Wadas, Sonja; Polom, Ulrich; Krawczyk, Charlotte M.

    2017-04-01

    Sinkholes pose a serious geohazard for humans and infrastructure in populated areas. The Junior Research Group Subrosion within the Leibniz Institute for Applied Geophysics and the joint project SIMULTAN work on the multi-scale investigation of subrosion processes in the subsurface, which cause natural sinkholes. In two case studies in sinkhole areas of Thuringia in Germany, we applied 2D shear wave reflection seismics using SH-waves with the aim to detect suitable parameters for the characterisation of critical zones. This method has the potential to image near-surface collapse and faulting structures in improved resolution compared to P-wave surveys resulting from the shorter wavelength of shear waves. Additionally, the shear wave velocity field derived by NMO velocity analysis is a basis to calculate further physical parameters, as e.g. the dynamic shear modulus. In both investigation areas, vertical seismic profiles (VSP) were acquired by generating P- and SH-waves (6 component VSP) directly next to a borehole equipped with a 3C downhole sensor. They provide shear and compressional wave velocity profiles, which are used to improve the 2D shear wave velocity field from surface seismics, to perform a depth calibration of the seismic image and to calculate the Vp/Vs ratio. The signals in the VSP data are analysed with respect to changes in polarisation and attenuation with depth and/or azimuth. The VSP data reveal low shear wave velocities of 200-300 m/s in rock layers known to be heavily affected by subrosion and confirm the low velocities calculated from the surface seismic data. A discrepancy of the shear wave velocities is observed in other intervals probably due to unsymmetrical travel paths in the surface seismics. In some VSP data dominant conversion of the direct SH-wave to P-wave is observed that is assumed to be caused by an increased presence of cavities. A potential fault distorting the vertical travel paths was detected by abnormal P-wave first

  16. Whispering through DDoS attack

    Directory of Open Access Journals (Sweden)

    Miralem Mehic

    2016-03-01

    Full Text Available Denial of service (DoS attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes of hiding data or concealing the existing covert channel. In addition, in this paper we analyzed the possibility of detection of such covert communication with the well-known statistical method. Also, we proposed the coordination mechanisms of the attack which may be used. A lot of research has been done in order to describe and prevent DDoS attacks, yet research on steganography on this field is still scarce.

  17. Network Protection Against DDoS Attacks

    Directory of Open Access Journals (Sweden)

    Petr Dzurenda

    2015-03-01

    Full Text Available The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS. The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS, especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

  18. A novel proposed network security management approach for cyber attacks

    International Nuclear Information System (INIS)

    Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

    2007-01-01

    Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

  19. Sinkhole genesis and evolution in Apulia, and their interrelations with the anthropogenic environment

    Directory of Open Access Journals (Sweden)

    M. Delle Rose

    2004-01-01

    Full Text Available Sinkhole development occurs in many areas of the world where soluble rocks crop out. Sinkholes are generally the surface expression of the presence of caves and other groundwater flow conduits in carbonate rocks, which are solutionally enlarged secondary permeability features. Their formation may be either natural or caused by man's activities. In both cases, heavy consequences have to be registered on the anthropogenic environment and related infrastructures. Knowledge of the mechanism of formation of this subtle geohazard is therefore necessary to planners and decision makers for performing the most appropriate and suitable programs of land use and development. The Apulia region of southern Italy is characterized for most of its extension by carbonate rocks, which makes it one of the most remarkable example of karst in the Mediterranean Basin. Based on analysis of literature and in situ surveys, including caving explorations, we have identified in Apulia three main types of possible mechanisms for sinkhole formation: 1 collapse of a chamber in a natural cave or in man-made cavities; 2 slow and gradual enlargement of doline through dissolution; 3 settlement and internal erosion of filling deposits of pre-existing dolines. Since sinkhole formation very often affects directly the human settlements in Apulia, and have recently produced severe damage, some considerations are eventually presented as regards the interrelationships between sinkholes and the anthropogenic environment.

  20. Use of sinkhole and specific capacity distributions to assess vertical gradients in a karst aquifer

    Science.gov (United States)

    McCoy, K.J.; Kozar, M.D.

    2008-01-01

    The carbonate-rock aquifer in the Great Valley, West Virginia, USA, was evaluated using a database of 687 sinkholes and 350 specific capacity tests to assess structural, lithologic, and topographic influences on the groundwater flow system. The enhanced permeability of the aquifer is characterized in part by the many sinkholes, springs, and solutionally enlarged fractures throughout the valley. Yet, vertical components of subsurface flow in this highly heterogeneous aquifer are currently not well understood. To address this problem, this study examines the apparent relation between geologic features of the aquifer and two spatial indices of enhanced permeability attributed to aquifer karstification: (1) the distribution of sinkholes and (2) the occurrence of wells with relatively high specific capacity. Statistical results indicate that sinkholes (funnel and collapse) occur primarily along cleavage and bedding planes parallel to subparallel to strike where lateral or downward vertical gradients are highest. Conversely, high specific capacity values are common along prominent joints perpendicular or oblique to strike. The similarity of the latter distribution to that of springs suggests these fractures are areas of upward-convergent flow. These differences between sinkhole and high specific capacity distributions suggest vertical flow components are primarily controlled by the orientation of geologic structure and associated subsurface fracturing. ?? 2007 Springer-Verlag.

  1. Integrated approach for sinkhole evaluation and evolution prediction in the Central Ebro Basin (NE Spain

    Directory of Open Access Journals (Sweden)

    Oscar Pueyo Anchuela

    2017-06-01

    Full Text Available Evaluation of karst hazards benefits from the integration of different techniques, methodologies and approaches. Each one presents a different signature and is sensitive to certain indicators related to karst hazards. In some cases, detailed analysis permits the evaluation of representativeness either from isolated approaches or by means of integrated analyses. In this study, we present the evaluation of an area with high density of karstic collapses at different evolutionary stages through the integration of surficial, historical, geomorphological and geophysical data in order to finally define the evolutionary model for karst activity development. The obtained dataset permits to identify different steps in sinkhole evolution: (i cavities and open sinkholes, (ii filling of these cavities, with materials having different signatures, (iii the progression from collapses to subsidence sinkholes and (iv enlargement through collapses in marginal areas of previous sinkholes. The presence of different stages of this evolutionary model permits to determine their own signatures that can be of application in contexts where analysis cannot be so systematic and also to evaluate the definition of the marginal areas of previous sinkholes as the most hazardous sectors.

  2. Groundwater fluxes into a submerged sinkhole area, Central Italy, using radon and water chemistry

    Energy Technology Data Exchange (ETDEWEB)

    Tuccimei, P. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy)]. E-mail: tuccimei@uniroma3.it; Salvati, R. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy); Capelli, G. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy); Delitala, M.C. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy); Primavera, P. [Dipartimento di Scienze Geologiche, Universita ' Roma Tre' , Largo San Leonardo Murialdo 1, 00146 Rome (Italy)

    2005-10-15

    The groundwater contribution into Green Lake and Black Lake (Vescovo Lakes Group), two cover collapse sinkholes in Pontina Plain (Central Italy), was estimated using water chemistry and a {sup 222}Rn budget. These data can constrain the interactions between sinkholes and deep seated fluid circulation, with a special focus on the possibility of the bedrock karst aquifer feeding the lake. The Rn budget accounted for all quantifiable surface and subsurface input and output fluxes including the flux across the sediment-water interface. The total value of groundwater discharge into Green Lake and Black Lake ({approx}540 {+-} 160 L s{sup -1}) obtained from the Rn budget is lower than, but comparable with historical data on the springs group discharge estimated in the same period of the year (800 {+-} 90 L s{sup -1}). Besides being an indirect test for the reliability of the Rn-budget 'tool', it confirms that both Green and Black Lake are effectively springs and not simply 'water filled' sinkholes. New data on the water chemistry and the groundwater fluxes into the sinkhole area of Vescovo Lakes allows the assessment of the mechanism responsible for sinkhole formation in Pontina Plain and suggests the necessity of monitoring the changes of physical and chemical parameters of groundwater below the plain in order to mitigate the associated risk.

  3. Groundwater fluxes into a submerged sinkhole area, Central Italy, using radon and water chemistry

    International Nuclear Information System (INIS)

    Tuccimei, P.; Salvati, R.; Capelli, G.; Delitala, M.C.; Primavera, P.

    2005-01-01

    The groundwater contribution into Green Lake and Black Lake (Vescovo Lakes Group), two cover collapse sinkholes in Pontina Plain (Central Italy), was estimated using water chemistry and a 222 Rn budget. These data can constrain the interactions between sinkholes and deep seated fluid circulation, with a special focus on the possibility of the bedrock karst aquifer feeding the lake. The Rn budget accounted for all quantifiable surface and subsurface input and output fluxes including the flux across the sediment-water interface. The total value of groundwater discharge into Green Lake and Black Lake (∼540 ± 160 L s -1 ) obtained from the Rn budget is lower than, but comparable with historical data on the springs group discharge estimated in the same period of the year (800 ± 90 L s -1 ). Besides being an indirect test for the reliability of the Rn-budget 'tool', it confirms that both Green and Black Lake are effectively springs and not simply 'water filled' sinkholes. New data on the water chemistry and the groundwater fluxes into the sinkhole area of Vescovo Lakes allows the assessment of the mechanism responsible for sinkhole formation in Pontina Plain and suggests the necessity of monitoring the changes of physical and chemical parameters of groundwater below the plain in order to mitigate the associated risk

  4. Attacks on public telephone networks: technologies and challenges

    Science.gov (United States)

    Kosloff, T.; Moore, Tyler; Keller, J.; Manes, Gavin W.; Shenoi, Sujeet

    2003-09-01

    Signaling System 7 (SS7) is vital to signaling and control in America's public telephone networks. This paper describes a class of attacks on SS7 networks involving the insertion of malicious signaling messages via compromised SS7 network components. Three attacks are discussed in detail: IAM flood attacks, redirection attacks and point code spoofing attacks. Depending on their scale of execution, these attacks can produce effects ranging from network congestion to service disruption. Methods for detecting these denial-of-service attacks and mitigating their effects are also presented.

  5. Effect of an offshore sinkhole perforation in a coastal confined aquifer on submarine groundwater discharge

    Science.gov (United States)

    Fratesi, S.E.; Leonard, V.; Sanford, W.E.

    2007-01-01

    In order to explore submarine groundwater discharge in the vicinity of karst features that penetrate the confining layer of an offshore, partially confined aquifer, we constructed a three-dimensional groundwater model using the SUTRA (Saturated-Unsaturated TRAnsport) variable-density groundwater flow model. We ran a parameter sensitivity analysis, testing the effects of recharge rates, permeabilities of the aquifer and confining layer, and thickness of the confining layer. In all simulations, less than 20% of the freshwater recharge for the entire model exits through the sinkhole. Recirculated seawater usually accounts for 10-30% of the total outflow from the model. Often, the sinkhole lies seaward of the transition zone and acts as a recharge feature for recirculating seawater. The permeability ratio between aquifer and confining layer influences the configuration of the freshwater wedge the most; as confining layer permeability decreases, the wedge lengthens and the fraction of total discharge exiting through the sinkhole increases. Copyright ?? 2007 IAHS Press.

  6. Multi-modality imaging findings of huge intrachoroidal cavitation and myopic peripapillary sinkhole.

    Science.gov (United States)

    Chen, Yutong; Ma, Xiaoli; Hua, Rui

    2018-02-02

    Peripapillary intrachoroidal cavitation was described as the presence of an asymptomatic, well-circumscribed, yellow-orange, peripapillary lesion at the inferior border of the myopic conus in eyes with high myopia. A 66-year-old myopic Chinese man was enrolled and his multi-color imaging examination showed a well-circumscribed, caesious, peripapillary lesion coalesced with the optic nerve head vertically rotated and obliquely tilted, together with an inferotemporal sinkhole in the myopic conus. The optical coherence tomography images showed an intrachoroidal hyporeflective space, schisis, an intracavitary septum located below the retinal pigment epithelium and inserted beneath the optic nerve head, as well as a sinkhole between the peripapillary intrachoroidal cavitation and the vitreous space. Both myopic colobomas and sinkhole in myopic conus may contribute the coalescence of intrachoroidal cavitation with optic nerve head. These qualitative and quantitative new findings will be beneficial for understanding its pathomorphological mechanism, and the impact on optic nerve tissue of myopic patients.

  7. Techniques to Detect DoS and DDoS Attacks and an Introduction of a Mobile Agent System to Enhance it in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Abdelali Saidi

    2017-03-01

    Full Text Available Security in cloud computing is the ultimate question that every potential user studies before adopting it. Among the important points that the provider must ensure is that the Cloud will be available anytime the consumer tries to access it. Generally, the Cloud is accessible via the Internet, what makes it subject to a large variety of attacks. Today, the most striking cyber-attacks are the flooding DoS and its variant DDoS. This type of attacks aims to break down the availability of a service to its legitimate clients. In this paper, we underline the most used techniques to stand up against DoS flooading attacks in the Cloud.

  8. Recent "phishing" attacks

    CERN Multimedia

    IT Department

    2009-01-01

    Over the last few weeks there has been a marked increase in the number of attacks on CERN made by cybercriminals. Typical attacks arrive in the form of e-mail messages purporting to come from the CERN Help Desk, Mail Service, or some similarly official-sounding entity and suggest that there is a problem with your account, such as it being over-quota. They then ask you to click on a link or to reply and give your password. Please don’t! Be cautious of any unexpected messages containing web links even if they appear to come from known contacts. If you happen to click on such a link and if your permission is requested to run or install software, always decline it. NEVER provide your password or other details if these are requested. These messages try to trick you into clicking on Web links which will help them to install malicious software on your computer, and anti-virus software cannot be relied on to detect all cases. In case of questions on this topic, you may contact mailto:helpdesk@cern.ch. CERN Comput...

  9. Terrorists and Suicide Attacks

    National Research Council Canada - National Science Library

    Cronin, Audrey K

    2003-01-01

    Suicide attacks by terrorist organizations have become more prevalent globally, and assessing the threat of suicide attacks against the United States and its interests at home and abroad has therefore...

  10. Solidarity under Attack

    DEFF Research Database (Denmark)

    Meret, Susi; Goffredo, Sergio

    2017-01-01

    https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack......https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack...

  11. Pericarditis - after heart attack

    Science.gov (United States)

    ... include: A previous heart attack Open heart surgery Chest trauma A heart attack that has affected the thickness of your heart muscle Symptoms Symptoms include: Anxiety Chest pain from the swollen pericardium rubbing on the ...

  12. Heart attack first aid

    Science.gov (United States)

    First aid - heart attack; First aid - cardiopulmonary arrest; First aid - cardiac arrest ... A heart attack occurs when the blood flow that carries oxygen to the heart is blocked. The heart muscle ...

  13. Use of Attack Graphs in Security Systems

    Directory of Open Access Journals (Sweden)

    Vivek Shandilya

    2014-01-01

    Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

  14. Direct Push supported geotechnical and hydrogeological characterisation of an active sinkhole area

    Science.gov (United States)

    Tippelt, Thomas; Vienken, Thomas; Kirsch, Reinhard; Dietrich, Peter; Werban, Ulrike

    2017-04-01

    Sinkholes represent a natural geologic hazard in areas where soluble layers are present in the subsurface. A detailed knowledge of the composition of the subsurface and its hydrogeological and geotechnical properties is essential for the understanding of sinkhole formation and propagation. This serves as base for risk evaluation and the development of an early warning system. However, site models often depend on data from drillings and surface geophysical surveys that in many cases cannot resolve the spatial distribution of relevant hydrogeological and geotechnical parameters sufficiently. Therefore, an active sinkhole area in Münsterdorf, Northern Germany, was investigated in detail using Direct Push technology, a minimally invasive sounding method. The obtained vertical high-resolution profiles of geotechnical and hydrogeological characteristics, in combination with Direct Push based sampling and surface geophysical measurements lead to a strong improvement of the geologic site model. The conceptual site model regarding sinkhole formation and propagation will then be tested based on the gathered data and, if necessary, adapted accordingly.

  15. A Multi-Sensor Approach to Documenting a Large Collapse Sinkhole in West-Central Florida

    Science.gov (United States)

    Collins, L. D.; Kiflu, H. G.; Robinson, T.; Doering, T.; Eilers, D.; Rodgers, M.; Kruse, S.; Landry, S.; Braunmiller, J.; Speed, G.; Gonzalez, J.; McKenzie, R.

    2017-12-01

    The Saxon Lake sinkhole collapse of July 14, 2017 in Land O Lakes, Florida, caused the destruction of two homes and the evacuation of nine additional residences. The sinkhole is slightly oval with dimensions of approximately 51 meters east-west and 42 meters north-south, and it is reportedly 15 meters deep. This is presumably the largest sinkhole to form in Pasco County during the last 30 years. The surface collapse happened rapidly and continued over three days, with slumping and erosion increasing the size. The site is located near two natural lakes in a housing development from the late 1960s. This occurrence is within an area of well-developed karst, with a number of natural lakes. We present preliminary analysis of the sequence of deformation, sinkhole geometry, surrounding subsurface structures, and seismic activity. Data are assembled from terrestrial and aerial LiDAR, UAS survey and PhoDAR modeling, aerial imagery, ground penetrating radar, lake-bottom profiling, and seismic monitoring. Additionally, multi-sensor data were brought together in a Geographic Information Systems (GIS) and included an analysis of georeferenced historic imagery and maps. These spatial data indicate historic land use change and development alterations that included lake shore reconfiguration, canal construction, and connection of lake water systems in the area of impact. Three subsidence reports from the 1980s are also recorded within 500 meters of the collapse.

  16. Monitoring the snowpack volume in a sinkhole on Mount Lebanon using time lapse Photogrammetry

    Science.gov (United States)

    Abou Chakra, C.; Gascoin, S.; Somma, J.; Drapeau, L.; Fanise, P.

    2017-12-01

    Lebanon is one of the richest country in the Middle East for water resources, thanks to its mountain ranges that trigger precipitation from the moist air masses coming from the Mediterranean Sea. Snowpack acts as natural water storage in winter and supply fresh water during spring and summer. Yet, Lebanon is facing a serious water scarcity problem due to: i) decreasing amount of precipitation and climate change; ii) major growth of population of original residence and large number of refugees during regional wars. Therefore, continuous and systematic monitoring of the Lebanese water resources is becoming crucial. The Mount Lebanon is made of karstic depressions named "sinkholes". It is important to monitor the snowmelt process inside these sinkholes because of their key role as "containers" of seasonal snow. By isolating the snowpack from sun radiation and wind, they slow down the natural melting process and sublimation, thus delaying as well the low water flow period. An observatory is set up to monitor the snowpack evolution in a pilot sinkhole located in Mount Lebanon. The system uses three time-lapse cameras and structure-from-motion principles to reconstruct the snow volume within the sinkhole. The approach is validated by standard topographic surveys. The results indicate that snow depth can be retrieved with an accuracy between 20 and 60 cm (residuals standard deviation) and a low bias of 50 cm after coregistration of the digital elevation models.

  17. Composite Dos Attack Model

    Directory of Open Access Journals (Sweden)

    Simona Ramanauskaitė

    2012-04-01

    Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.

  18. A WEB BASED SERVICE APPLICATION FOR VISUAL SINKHOLE INVENTORY INFORMATION SYSTEM; CASE STUDY OF KONYA CLOSED BASIN

    OpenAIRE

    ORHAN, Osman; YAKAR, Murat; KIRTILOĞLU, Osman Sami

    2017-01-01

    Sinkholes are commonly defined as deep pits giving the appearance of a chimney or well resulting by collapsing of underground rivers in horizontal or near-bedded lime stones or active cave ceilings. Sinkholes appear as deep pits in the so-called karst land, usually on limestones and carbonates that are easily rinsed with water. The sinkhole occurrences in our country are very often seen on the Obruk Plateau in the Konya Closed Basin. In Karapinar region and its surroundings located in this pl...

  19. Formation of regolith-collapse sinkholes in southern Illinois: Interpretation and identification of associated buried cavities

    Science.gov (United States)

    Panno, S.V.; Wiebel, C.P.; Heigold, P.C.; Reed, P.C.

    1994-01-01

    Three regolith-collapse sinkholes formed near the Dongola Unit School and the Pentecostal Church in the southern Illinois village of Dongola (Union County) during the spring of 1993. The sinkholes appeared over a three-month period that coincided with development of a new municipal well. The new well was drilled through clay-rich, valley-fill sediment into karstified limestone bedrock. The piezometric surface of the limestone aquifer is above land surface, indicating the presence of an upward hydraulic gradient in the valley and that the valley fill is acting as a confining unit. Pumping during development of the well lowered the piezometric surface of the limestone aquifer to an elevation below the base of the valley fill. It is hypothesized that drainage of water from the sediments, the resulting loss of hydrostatic pressure and buoyant force in overlying sediments, increased intergranular pressure, and the initiation of groundwater flow toward the well resulted in rapid sediment transport, subsurface erosion, and collapse of the valley-fill sediment. The sinkholes follow an approximately east-west alignment, which is consistent with one of the two dominant alignments of passages of nearby joint-controlled caves. A constant electrode-separation resistivity survey of the school playground was conducted to locate areas that might contain incipient sinkholes. The survey revealed a positive resistivity anomaly trending N75E in the southern part of the study area. The anomaly is linear, between 5 and 10 m wide, and its trend either intersects or is immediately adjacent to the three sinkholes. The anomaly is interpreted to be a series of pumping-induced cavities in the valley-fill sediments that formed over a preexisting crevice in the karstified bedrock limestone. ?? 1994 Springer-Verlag.

  20. Seven Deadliest Microsoft Attacks

    CERN Document Server

    Kraus, Rob; Borkin, Mike; Alpern, Naomi

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Windows Operating System-Password AttacksActive Directory-Escalat

  1. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...

  2. Seven deadliest USB attacks

    CERN Document Server

    Anderson, Brian

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdum

  3. Command Disaggregation Attack and Mitigation in Industrial Internet of Things

    Directory of Open Access Journals (Sweden)

    Peng Xun

    2017-10-01

    Full Text Available A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1 the command sequence is disordered and (2 disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

  4. Command Disaggregation Attack and Mitigation in Industrial Internet of Things.

    Science.gov (United States)

    Xun, Peng; Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

    2017-10-21

    A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

  5. Analysis of Traffic Signals on a Software-Defined Network for Detection and Classification of a Man-in-the-Middle Attack

    Science.gov (United States)

    2017-09-01

    SUPPLEMENTARY NOTES The views expressed in this thesis are those of the author and do not reflect the official policy or position of the Department of...management capabilities of a highly distributed military communications environment. Yet, military adoption of SDN is contingent on a thorough...analysis of security implications. In this thesis, we investigate a man-in-the-middle (MITM) attack that exploits the centralized topological view

  6. The sinkhole of Schmalkalden, Germany - Imaging of near-surface subrosion structures and faults

    Science.gov (United States)

    Wadas, Sonja H.; Tschache, Saskia; Polom, Ulrich; Krawczyk, Charlotte M.

    2017-04-01

    In November 2010 a sinkhole of 30 m diameter and 20 m depth opened in a residential area in the village Schmalkalden, Germany, which fortunately led to damage of buildings and property only. The collapse was caused by leaching of soluble rocks in the subsurface, called subrosion. For an improved understanding of the processes leading to subrosion and sinkhole development a detailed characterization of the subsurface structures and elastic parameters is required. We used shear wave reflection seismic, which has proven to be a suitable method for high-resolution imaging of the near-surface. The village Schmalkalden is located in southern Thuringia in Germany. Since the Upper Cretaceous the area is dominated by fault tectonics, fractures and joints, which increase the rock permeability. The circulating groundwater leaches the Permian saline deposits in the subsurface and forms upward migrating cavities, which can develop into sinkholes, if the overburden collapses. In the direct vicinity of the backfilled sinkhole, five 2-D shear wave reflection seismic profiles with total length of ca. 900 m and a zero-offset VSP down to 150 m depth were acquired. For the surface profiles a 120-channel landstreamer attached with horizontal geophones and an electrodynamic micro-vibrator, exciting horizontally polarized shear waves, were used. For the VSP survey an oriented borehole probe equipped with a 3C-geophone and electrodynamic and hydraulic vibrators, exciting compression- and shear waves, were utilized. The seismic sections show high-resolution images from the surface to ca. 100 m depth. They display heterogeneous structures as indicated by strong vertical and lateral variations of the reflectors. In the near-surface, depressions are visible and zones of low seismic velocities sinkhole. The VSP data shows anomalies of the Vp-Vs ratio with values above 2,5. This indicates unstable zones correlated with the anomalies revealed by the 2-D sections. Possible factors for the

  7. Basic processes and factors determining the evolution of collapse sinkholes: a sensitivity study

    Science.gov (United States)

    Romanov, Douchko; Kaufmann, Georg

    2017-04-01

    Collapse sinkholes appear as closed depressions at the surface. The origin of these karst features is related to the continuous dissolution of the soluble rock caused by a focussed sub-surface flow. Water flowing along a preferential pathway through fissures and fractures within the phreatic part of a karst aquifer is able to dissolve the rock (limestone, gypsum, anhydrite). With time, the dissolved void volume increases and part of the ceiling above the stream can become unstable, collapses, and accumulates as debris in the flow path. The debris partially blocks the flow and thus activates new pathways. Because of the low compaction of the debris (high hydraulic conductivity), the flow and the dissolution rates within this crushed zone remain high. This allows a relatively fast dissolutional and erosional removal of the crushed material and the development of new empty voids. The void volume expands upwards towards the surface until a collapse sinkhole is formed. The collapse sinkholes exhibit a large variety of shapes (cylindrical, cone-, bowl-shaped), depths (from few to few hundred meters) and diameters (meters up to hundreds of meters). Two major processes are responsible for this diversity: a) the karst evolution of the aquifer - responsible for the dissolutional and erosional removal of material; b) the mechanical evolution of the host rock and the existence of structural features, faults for example, which determine the stability and the magnitude of the subsequent collapses. In this work we demonstrate the influence of the host rock type, the hydrological and geological boundary conditions, the chemical composition of the flowing water, and the geometry and the scale of the crushed zone, on the location and the evolution of the growing sinkhole. We demonstrate the ability of the karst evolution models to explain, at least qualitatively, the growth and the morphology of the collapse sinkholes and to roughly predict their shape and location. Implementing

  8. Rapid subsidence in damaging sinkholes: Measurement by high-precision leveling and the role of salt dissolution

    Science.gov (United States)

    Desir, G.; Gutiérrez, F.; Merino, J.; Carbonel, D.; Benito-Calvo, A.; Guerrero, J.; Fabregat, I.

    2018-02-01

    Investigations dealing with subsidence monitoring in active sinkholes are very scarce, especially when compared with other ground instability phenomena like landslides. This is largely related to the catastrophic behaviour that typifies most sinkholes in carbonate karst areas. Active subsidence in five sinkholes up to ca. 500 m across has been quantitatively characterised by means of high-precision differential leveling. The sinkholes occur on poorly indurated alluvium underlain by salt-bearing evaporites and cause severe damage on various human structures. The leveling data have provided accurate information on multiple features of the subsidence phenomena with practical implications: (1) precise location of the vaguely-defined edges of the subsidence zones and their spatial relationships with surveyed surface deformation features; (2) spatial deformation patterns and relative contribution of subsidence mechanisms (sagging versus collapse); (3) accurate subsidence rates and their spatial variability with maximum and mean vertical displacement rates ranging from 1.0 to 11.8 cm/yr and 1.9 to 26.1 cm/yr, respectively; (4) identification of sinkholes that experience continuous subsidence at constant rates or with significant temporal changes; and (5) rates of volumetric surface changes as an approximation to rates of dissolution-induced volumetric depletion in the subsurface, reaching as much as 10,900 m3/yr in the largest sinkhole. The high subsidence rates as well as the annual volumetric changes are attributed to rapid dissolution of high-solubility salts.

  9. Plants under dual attack

    NARCIS (Netherlands)

    Ponzio, C.A.M.

    2016-01-01

    Though immobile, plants are members of complex environments, and are under constant threat from a wide range of attackers, which includes organisms such as insect herbivores or plant pathogens. Plants have developed sophisticated defenses against these attackers, and include chemical responses

  10. Heart attack - discharge

    Science.gov (United States)

    ... and lifestyle Cholesterol - drug treatment Controlling your high blood pressure Deep vein thrombosis - discharge Dietary fats explained Fast food tips Heart attack - discharge Heart attack - what to ask your doctor Heart bypass ... pacemaker - discharge High blood pressure - what to ask your doctor How to read ...

  11. Sinkhole investigated at B.C. Hydro`s Bennett Dam

    Energy Technology Data Exchange (ETDEWEB)

    Anon.

    1996-07-01

    The cause of a sinkhole which appeared in a roadway crossing an earth filled dam in B. C., was discussed. The hole measured 6 ft. across and 20 ft. deep, and occurred in B.C. Hydro`s W.A.C. Bennett Dam which measures 600 ft. high, 2,600 ft. wide at the base and 35 ft. wide at the crest. The cause of the sinkhole is not known, but it is believed that a weakness in the dam may have found its way to the surface via a pipe connected to a bedrock settlement gauge buried within the dam. Sonar and ground penetrating radar were used to examine the area. The hole has been filled with gravel and monitoring continues. Experts do not anticipate immediate risk of dam failure. 1 fig.

  12. Investigation on the possible interconnection of the Kanata sinkhole, on the high plateau of Tripolis, and the springs of Argos areas (Peloponnese, Greece)

    International Nuclear Information System (INIS)

    Leontiadis, Ioannis L.; Dimitroulas, Christos; Zouridakis, N.; Dounas, Athanasios; Morfis, A.; Paraskevopoulou, P.

    1984-07-01

    51 Cr-EDTA has been used as tracer for the investigation of the possible interconnection of the Kanata sinkhole, on the high plateau of Tripolis, and the springs of the Argos areas Achladokampos and Kinouria. By this experiment the interconnection of the sinkhole and the submarine spring of Kiveri, as well as the springs of Xovrios river (Achladokampos) is proved. Furthermore, the percentage of connection between the sinkhole and the springs, the mean transit time of the water from the sinkhole to the springs, the volume of the underground reservoir feeding the springs, etc. have been calculated. (author)

  13. Protecting mobile agents from external replay attacks

    OpenAIRE

    Garrigues Olivella, Carles; Migas, Nikos; Buchanan, William; Robles, Sergi; Borrell Viader, Joan

    2014-01-01

    Peer-reviewed This paper presents a protocol for the protection of mobile agents against external replay attacks. This kind of attacks are performed by malicious platforms when dispatching an agent multiple times to a remote host, thus making it reexecute part of its itinerary. Current proposals aiming to address this problem are based on storing agent identifiers, or trip markers, inside agent platforms, so that future reexecutions can be detected and prevented. The problem of these solut...

  14. Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

    Directory of Open Access Journals (Sweden)

    Ru Zhang

    2017-01-01

    Full Text Available The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

  15. Identification of karst sinkholes in a forested karst landscape using airborne laser scanning data and water flow analysis

    Science.gov (United States)

    Hofierka, Jaroslav; Gallay, Michal; Bandura, Peter; Šašak, Ján

    2018-05-01

    Karst sinkholes (dolines) play an important role in a karst landscape by controlling infiltration of surficial water, air flow or spatial distribution of solar energy. These landforms also present a limiting factor for human activities in agriculture or construction. Therefore, mapping such geomorphological forms is vital for appropriate landscape management and planning. There are several mapping techniques available; however, their applicability can be reduced in densely forested areas with poor accessibility and visibility of the landforms. In such conditions, airborne laser scanning (ALS) provides means for efficient and accurate mapping of both land and landscape canopy surfaces. Taking the benefits of ALS into account, we present an innovative method for identification and evaluation of karst sinkholes based on numerical water flow modelling. The suggested method was compared to traditional techniques for sinkhole mapping which use topographic maps and digital terrain modelling. The approach based on simulation of a rainfall event very closely matched the reference datasets derived by manual inspection of the ALS digital elevation model and field surveys. However, our process-based approach provides advantage of assessing the magnitude how sinkholes influence concentration of overland water flow during extreme rainfall events. This was performed by calculating the volume of water accumulated in sinkholes during the simulated rainfall. In this way, the influence of particular sinkholes on underground geomorphological systems can be assessed. The method was demonstrated in a case study of Slovak Karst in the West Carpathians where extreme rainfalls or snow-thaw events occur annually. We identified three spatially contiguous groups of sinkholes with a different effect on overland flow concentration. These results are discussed in relation to the known underground hydrological systems.

  16. Engineering geologic conditions at the sinkhole entrance to Logan Cave, Benton County, Arkansas

    Science.gov (United States)

    Schulz, William H.; McKenna, Jonathan P.

    2004-01-01

    Logan Cave, located in Benton County, Arkansas, is inhabited by several endangered and threatened species. The cave and surrounding area was designated a National Wildlife Refuge under the control of the U.S. Fish and Wildlife Service (USFWS) in 1989. Cave researchers access the cave through a steep-sided sinkhole entrance, which also is one of the two access points used by endangered bats. There is evidence of instability of one of the entrance slopes that has raised concerns that the entrance could close if slope failure was to occur. At the request of USFWS, we performed an engineering geologic investigation of the sinkhole to evaluate stability of this slope, which is comprised of soil, and other mechanisms of sediment transport into the cave entrance. The investigation included engineering geologic mapping, sampling and laboratory testing of subsurface geologic materials, and slope-stability analysis. We found that the sinkhole slope that extends into the entrance of the cave is comprised of sandy and gravelly soil to the depths explored (6.4 meters). This soil likely was deposited as alluvium within a previous, larger sinkhole. Based on properties of the alluvium, geometry of the slope, and results of finite-element slope-stability analyses, we conclude that the slope is marginally stable. Future failures of the slope probably would be relatively thin and small, thus several would be required to completely close the cave entrance. However, sediment is accumulating within the cave entrance due to foot traffic of those accessing the cave, surface-water erosion and transport, and shallow slope failures from the other sinkhole slopes. We conclude that the entrance will be closed by sediment in the future, similar to another entrance that we identified that completely closed in the past. Several measures could be taken to reduce the potential for closure of the cave entrance, including periodic sediment removal, installation of materials that reduce erosion by

  17. Situational awareness of a coordinated cyber attack

    Science.gov (United States)

    Sudit, Moises; Stotz, Adam; Holender, Michael

    2005-03-01

    As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

  18. Heart Attack Payment - National

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – national data. This data set includes national-level data for payments associated with a 30-day episode of care for heart...

  19. Heart Attack Payment - Hospital

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – provider data. This data set includes provider data for payments associated with a 30-day episode of care for heart...

  20. Heart Attack Payment - State

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – state data. This data set includes state-level data for payments associated with a 30-day episode of care for heart...

  1. Cooperating attackers in neural cryptography.

    Science.gov (United States)

    Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang

    2004-06-01

    A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

  2. Using agility to combat cyber attacks.

    Science.gov (United States)

    Anderson, Kerry

    2017-06-01

    Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

  3. Compiling symbolic attacks to protocol implementation tests

    Directory of Open Access Journals (Sweden)

    Michael Rusinowitch

    2013-07-01

    Full Text Available Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.

  4. Cyber Attacks, Information Attacks, and Postmodern Warfare

    Directory of Open Access Journals (Sweden)

    Valuch Jozef

    2017-06-01

    Full Text Available The aim of this paper is to evaluate and differentiate between the phenomena of cyberwarfare and information warfare, as manifestations of what we perceive as postmodern warfare. We describe and analyse the current examples of the use the postmodern warfare and the reactions of states and international bodies to these phenomena. The subject matter of this paper is the relationship between new types of postmodern conflicts and the law of armed conflicts (law of war. Based on ICJ case law, it is clear that under current legal rules of international law of war, cyber attacks as well as information attacks (often performed in the cyberspace as well can only be perceived as “war” if executed in addition to classical kinetic warfare, which is often not the case. In most cases perceived “only” as a non-linear warfare (postmodern conflict, this practice nevertheless must be condemned as conduct contrary to the principles of international law and (possibly a crime under national laws, unless this type of conduct will be recognized by the international community as a “war” proper, in its new, postmodern sense.

  5. The Monitoring, Detection, Isolation and Assessment of Information Warfare Attacks Through Multi-Level, Multi-Scale System Modeling and Model Based Technology

    Science.gov (United States)

    2004-01-01

    login identity to the one under which the system call is executed, the parameters of the system call execution - file names including full path...Anomaly detection COAST-EIMDT Distributed on target hosts EMERALD Distributed on target hosts and security servers Signature recognition Anomaly...uses a centralized architecture, and employs an anomaly detection technique for intrusion detection. The EMERALD project [80] proposes a

  6. Seven Deadliest Wireless Technologies Attacks

    CERN Document Server

    Haines, Brad

    2010-01-01

    How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption

  7. The political attack ad

    Directory of Open Access Journals (Sweden)

    Palma Peña-Jiménez, Ph.D.

    2011-01-01

    Full Text Available During election campaigns the political spot has a clear objective: to win votes. This message is communicated to the electorate through television and Internet, and usually presents a negative approach, which includes a direct critical message against the opponent, rather than an exposition of proposals. This article is focused on the analysis of the campaign attack video ad purposely created to encourage the disapproval of the political opponent among voters. These ads focus on discrediting the opponent, many times, through the transmission of ad hominem messages, instead of disseminating the potential of the political party and the virtues and manifesto of its candidate. The article reviews the development of the attack ad since its first appearance, which in Spain dates back to 1996, when the famous Doberman ad was broadcast, and examines the most memorable campaign attack ads.

  8. A fatal elephant attack.

    Science.gov (United States)

    Hejna, Petr; Zátopková, Lenka; Safr, Miroslav

    2012-01-01

    A rare case of an elephant attack is presented. A 44-year-old man working as an elephant keeper was attacked by a cow elephant when he tripped over a foot chain while the animal was being medically treated. The man fell down and was consequently repeatedly attacked with elephant tusks. The man sustained multiple stab injuries to both groin regions, a penetrating injury to the abdominal wall with traumatic prolapse of the loops of the small bowel, multiple defects of the mesentery, and incomplete laceration of the abdominal aorta with massive bleeding into the abdominal cavity. In addition to the penetrating injuries, the man sustained multiple rib fractures with contusion of both lungs and laceration of the right lobe of the liver, and comminuted fractures of the pelvic arch and left femoral body. The man died shortly after he had been received at the hospital. The cause of death was attributed to traumatic shock. © 2011 American Academy of Forensic Sciences.

  9. False Positive and False Negative Effects on Network Attacks

    Science.gov (United States)

    Shang, Yilun

    2018-01-01

    Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

  10. Reply to Discussion by Zekai Șen on "Modeling karst spring hydrograph recession based on head drop at sinkholes"

    Science.gov (United States)

    Field, Malcolm S.; Goldscheider, Nico; Li, Guangquan

    2018-02-01

    We are pleased to learn that the model presented in our paper dealing with the "modeling karst spring hydrograph recession based on head drop at sinkholes," published in the Journal of Hydrology in 2016 (Li et al., 2016), is of interest to readers of this journal. Our study presented a new non-exponential model for assessing spring hydrographs in terms of head drop at flooded sinkholes, as an extension of an earlier model proposed by Li and Field (2014). In both papers, we used two spring hydrographs measured in the St. Marks Karst Watershed in northwest Florida to test the applicability and to verify the validity of our models.

  11. Performance Improvement of Power Analysis Attacks on AES with Encryption-Related Signals

    Science.gov (United States)

    Lee, You-Seok; Lee, Young-Jun; Han, Dong-Guk; Kim, Ho-Won; Kim, Hyoung-Nam

    A power analysis attack is a well-known side-channel attack but the efficiency of the attack is frequently degraded by the existence of power components, irrelative to the encryption included in signals used for the attack. To enhance the performance of the power analysis attack, we propose a preprocessing method based on extracting encryption-related parts from the measured power signals. Experimental results show that the attacks with the preprocessed signals detect correct keys with much fewer signals, compared to the conventional power analysis attacks.

  12. Attacker Model Lab

    OpenAIRE

    2006-01-01

    tut quiz present Tutorial Quiz Presentation Interactive Media Element This interactive tutorial the two sub-classes of computer attackers: amateurs and professionals. It provides valuable insight into the nature of necessary protection measure for information assets. CS3600 Information Assurance: Introduction to Computer Security Course

  13. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... major stroke. It's important to call 9-1-1 immediately for any stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. The content in this ...

  14. Neural network classifier of attacks in IP telephony

    Science.gov (United States)

    Safarik, Jakub; Voznak, Miroslav; Mehic, Miralem; Partila, Pavol; Mikulec, Martin

    2014-05-01

    Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

  15. Timing Analysis of SSL/TLS Man in the Middle Attacks

    OpenAIRE

    Benton, Kevin; Bross, Ty

    2013-01-01

    Man in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

  16. Blocking of Brute Force Attack

    OpenAIRE

    M.Venkata Krishna Reddy

    2012-01-01

    A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

  17. Sequential and Parallel Attack Tree Modelling

    NARCIS (Netherlands)

    Arnold, Florian; Guck, Dennis; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Koornneef, Floor; van Gulijk, Coen

    The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial

  18. Bluetooth security attacks comparative analysis, attacks, and countermeasures

    CERN Document Server

    Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka

    2013-01-01

    This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.

  19. Application of Cellular Automata to Detection of Malicious Network Packets

    Science.gov (United States)

    Brown, Robert L.

    2014-01-01

    A problem in computer security is identification of attack signatures in network packets. An attack signature is a pattern of bits that characterizes a particular attack. Because there are many kinds of attacks, there are potentially many attack signatures. Furthermore, attackers may seek to avoid detection by altering the attack mechanism so that…

  20. A geosynthetic reinforcement solution to prevent the formation of localized sinkholes

    Energy Technology Data Exchange (ETDEWEB)

    Villard, P.; Gourc, J. P.; Giraud, H. [Universite Joseph Fourier, LIRIGM, Grenoble (France)

    2000-10-01

    A research program to guard against the risk of accidents linked to the presence of small diameter cavities under both road and railway lines is described. The program involves study of the complex behaviour of the overlying fill in the event of sinkhole formation, given that the deformation of the geosynthetic membrane results from the progressive loading of the overlying soil layer and not from the collapse of the underlying soil. Full-scale tests were carried out on reinforced, instrumented road and railway structures subjected to localized collapse. Experimental work was accompanied by a numerical study of the mechanics involved in sinkhole formation. Experimental results were analyzed and compared with the results of the three-dimensional finite element modeling. Similarity of the results suggests that formation of a stable arch for two metre cavities and an unstable arch for four metre cavities, filled with 1.5 m thick fill consisting of large grain size granular material, is satisfactory for small diameter cavities at moderate depths. However, this solution is not suitable for large large diameter cavities at moderate depths. 18 refs., 22 figs.

  1. Sinkhole formation and hydrogeological situation at the salt mining area of Solotvyno, Ukraine

    Science.gov (United States)

    Stoeckl, L.; Banks, V.

    2017-12-01

    In Solotvyno, Ukraine, several salt mines were unexpectedly flooded in the recent past. As a result, dozens of sinkholes formed and are still forming with diameters up to 250 m. A one month advisory mission by the European Commission was launched in fall 2016 to conduct a risk assessment. The former mining area is situated in close vicinity to the river Theiss, which is the largest contributory of the largest river in Europe: the Danube. As river contamination by the release of large quantities of saltwater would lead to an international disaster, hydrogeological measurements were taken on-site to study the system. Saturated (hyper-saline) water as well as fresh surface and groundwater were encountered in different locations of the former mining area. Water samples were analyzed for chemistry and stable isotopes at BGR revealing insight into groundwater flow dynamics. Satellite imaging and interferometric synthetic aperture radar (SAR) were applied to study ground movements and evaluate the risk of further collapses. A resulting conceptual model explains the processes of sinkhole formation as well as the natural restoration of the salt dome prior to mining operations. This study shows the advantage of an interdisciplinary approach to conduct a risk assessment in the case of large mine collapses.

  2. Structural analysis of S-wave seismics around an urban sinkhole: evidence of enhanced dissolution in a strike-slip fault zone

    Science.gov (United States)

    Wadas, Sonja H.; Tanner, David C.; Polom, Ulrich; Krawczyk, Charlotte M.

    2017-12-01

    In November 2010, a large sinkhole opened up in the urban area of Schmalkalden, Germany. To determine the key factors which benefited the development of this collapse structure and therefore the dissolution, we carried out several shear-wave reflection-seismic profiles around the sinkhole. In the seismic sections we see evidence of the Mesozoic tectonic movement in the form of a NW-SE striking, dextral strike-slip fault, known as the Heßleser Fault, which faulted and fractured the subsurface below the town. The strike-slip faulting created a zone of small blocks ( sinkholes and dissolution-induced depressions. Since the processes are still ongoing, the occurrence of a new sinkhole cannot be ruled out. This case study demonstrates how S-wave seismics can characterize a sinkhole and, together with geological information, can be used to study the processes that result in sinkhole formation, such as a near-surface fault zone located in soluble rocks. The more complex the fault geometry and interaction between faults, the more prone an area is to sinkhole occurrence.

  3. Heart Attack Symptoms in Women

    Science.gov (United States)

    ... fat, cholesterol and other substances (plaque). Watch an animation of a heart attack . Many women think the ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

  4. Coordinated motility of cyanobacteria favor mat formation, photosynthesis and carbon burial in low-oxygen, high-sulfur shallow sinkholes of Lake Huron; whereas deep-water aphotic sinkholes are analogs of deep-sea seep and vent ecosystems

    Science.gov (United States)

    Biddanda, B. A.; McMillan, A. C.; Long, S. A.; Snider, M. J.; Weinke, A. D.; Dick, G.; Ruberg, S. A.

    2016-02-01

    Microbial life in submerged sinkhole ecosystems of the Laurentian Great Lakes is relatively understudied in comparison to seeps and vents of the deep-sea. We studied the filamentous benthic mat-forming cyanobacteria consisting primarily of Oscillatoria-like cells growing under low-light, low-oxygen and high-sulfur conditions in Lake Huron's submerged sinkholes using in situ observations, in vitro measurements and time-lapse microscopy. Gliding movement of the cyanobacterial trichomes revealed individual as well as group-coordinated motility. When placed in a petri dish and dispersed in ground water from the sinkhole, filaments re-aggregated into defined colonies within minutes. Measured speed of individual filaments ranged from 50 µm minute-1 or 15 body lengths minute-1 to 215 µm minute-1 or 70 body lengths minute-1 - rates that are rapid relative to non-flagellated/ciliated microbes. Filaments exhibited precise and coordinated positive phototaxis towards pinpoints of light and congregated under the light of foil cutouts. Such light-responsive clusters showed an increase in photosynthetic yield - suggesting phototactic motility aids in light acquisition as well as photosynthesis. Pebbles and pieces of broken shells placed upon the mat in intact sediemnt cores were quickly covered by vertically motile filaments within hours and became fully buried in the anoxic sediments over 3-4 diurnal cycles - likely facilitating the preservation of falling plankton debris. Coordinated horizontal and vertical filament motility optimize mat cohesion and dynamics, photosynthetic efficiency and sedimentary carbon burial in modern-day sinkhole habitats where life operates across sharp redox gradients. Analogous cyanobacterial motility in the shallow seas during Earth's early history, may have played a key role in the oxygenation of the planet by optimizing photosynthesis while favoring carbon burial. We are now eagerly mapping and exploring life in deep-water aphotic sinkholes of

  5. The cost of karst subsidence and sinkhole collapse in the United States compared with other natural hazards

    Science.gov (United States)

    Weary, David J.

    2015-01-01

    Rocks with potential for karst formation are found in all 50 states. Damage due to karst subsidence and sinkhole collapse is a natural hazard of national scope. Repair of damage to buildings, highways, and other infrastructure represents a significant national cost. Sparse and incomplete data show that the average cost of karst-related damages in the United States over the last 15 years is estimated to be at least $300,000,000 per year and the actual total is probably much higher. This estimate is lower than the estimated annual costs for other natural hazards; flooding, hurricanes and cyclonic storms, tornadoes, landslides, earthquakes, or wildfires, all of which average over $1 billion per year. Very few state organizations track karst subsidence and sinkhole damage mitigation costs; none occurs at the Federal level. Many states discuss the karst hazard in their State hazard mitigation plans, but seldom include detailed reports of subsidence incidents or their mitigation costs. Most State highway departments do not differentiate karst subsidence or sinkhole collapse from other road repair costs. Amassing of these data would raise the estimated annual cost considerably. Information from insurance organizations about sinkhole damage claims and payouts is also not readily available. Currently there is no agency with a mandate for developing such data. If a more realistic estimate could be made, it would illuminate the national scope of this hazard and make comparison with costs of other natural hazards more realistic.

  6. Hydroregime prediction models for ephemeral groundwater-driven sinkhole wetlands: a planning tool for climate change and amphibian conservation

    Science.gov (United States)

    C. H. Greenberg; S. Goodrick; J. D. Austin; B. R. Parresol

    2015-01-01

    Hydroregimes of ephemeral wetlands affect reproductive success of many amphibian species and are sensitive to altered weather patterns associated with climate change.We used 17 years of weekly temperature, precipitation, and waterdepth measurements for eight small, ephemeral, groundwaterdriven sinkhole wetlands in Florida sandhills to develop a hydroregime predictive...

  7. A Secure Localization Approach against Wormhole Attacks Using Distance Consistency

    Directory of Open Access Journals (Sweden)

    Lou Wei

    2010-01-01

    Full Text Available Wormhole attacks can negatively affect the localization in wireless sensor networks. A typical wormhole attack can be launched by two colluding attackers, one of which sniffs packets at one point in the network and tunnels them through a wired or wireless link to another point, and the other relays them within its vicinity. In this paper, we investigate the impact of the wormhole attack on the localization and propose a novel distance-consistency-based secure localization scheme against wormhole attacks, which includes three phases of wormhole attack detection, valid locators identification and self-localization. The theoretical model is further formulated to analyze the proposed secure localization scheme. The simulation results validate the theoretical results and also demonstrate the effectiveness of our proposed scheme.

  8. Attack and Vulnerability Penetration Testing: FreeBSD

    Directory of Open Access Journals (Sweden)

    Abdul Hanan Abdullah

    2013-07-01

    Full Text Available Computer system security has become a major concern over the past few years. Attacks, threasts or intrusions, against computer system and network have become commonplace events. However, there are some system devices and other tools that are available to overcome the threat of these attacks. Currently, cyber attack is a major research and inevitable. This paper presents some steps of penetration in FreeBSD operating system, some tools and new steps to attack used in this experiment, probes for reconnaissance, guessing password via brute force, gaining privilege access and flooding victim machine to decrease availability. All these attacks were executed and infiltrate within the environment of Intrusion Threat Detection Universiti Teknologi Malaysia (ITD UTM data set. This work is expected to be a reference for practitioners to prepare their systems from Internet attacks.

  9. Adversarial Feature Selection Against Evasion Attacks.

    Science.gov (United States)

    Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

    2016-03-01

    Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

  10. Attack Trees with Sequential Conjunction

    NARCIS (Netherlands)

    Jhawar, Ravi; Kordy, Barbara; Mauw, Sjouke; Radomirović, Sasa; Trujillo-Rasua, Rolando

    2015-01-01

    We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of

  11. Seven Deadliest Unified Communications Attacks

    CERN Document Server

    York, Dan

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks featured in this book include: UC Ecosystem Attacks Insecure Endpo

  12. An Annotated Review of Past Papers on Attack Graphs

    National Research Council Canada - National Science Library

    Lippmann, Richard; Ingols, K. W

    2005-01-01

    This report reviews past research papers that describe how to construct attack graphs, how to use them to improve security of computer networks, and how to use them to analyze alerts from intrusion detection systems...

  13. The attack navigator

    DEFF Research Database (Denmark)

    Probst, Christian W.; Willemson, Jan; Pieters, Wolter

    2016-01-01

    The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks...... that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio...

  14. Attacks on computer systems

    Directory of Open Access Journals (Sweden)

    Dejan V. Vuletić

    2012-01-01

    Full Text Available Computer systems are a critical component of the human society in the 21st century. Economic sector, defense, security, energy, telecommunications, industrial production, finance and other vital infrastructure depend on computer systems that operate at local, national or global scales. A particular problem is that, due to the rapid development of ICT and the unstoppable growth of its application in all spheres of the human society, their vulnerability and exposure to very serious potential dangers increase. This paper analyzes some typical attacks on computer systems.

  15. A method of mapping sinkhole susceptibility using a geographic information system : a case study for interstates in the karst counties of Virginia.

    Science.gov (United States)

    2015-02-01

    This study proposes the use of a geographic information system (GIS) to create a susceptibility map, pinpointing : regions in the karst counties of Virginia, in particular, along interstates, most susceptible to future sinkhole : development, determi...

  16. Detection of sinkhole precursors through SAR interferometry: radar and geological considerations

    CSIR Research Space (South Africa)

    Theron, Andre

    2017-06-01

    Full Text Available TerraSAR-X were acquired over a full year. DInSAR results revealed the presence of three previously unknown deformation features, one of which could be confirmed by subsequent field investigations. Furthermore, a water supply pipeline ruptured six months...

  17. Detection of sinkholes or anomalies using full seismic wave fields : phase II.

    Science.gov (United States)

    2016-08-01

    A new 2-D Full Waveform Inversion (FWI) software code was developed to characterize layering and anomalies beneath the ground surface using seismic testing. The software is capable of assessing the shear and compression wave velocities (Vs and Vp) fo...

  18. Detection of sinkholes or anomalies using full seismic wave fields : phase II [summary].

    Science.gov (United States)

    2016-09-01

    Florida geology with its non-uniform rock and soil layers, variable deposits of poor soils (clay, organics, etc.), and weathered (and possibly voided) limestone is a major concern for design engineers, contractors, and maintenance personnel. However,...

  19. Groundwater shapes sediment biogeochemistry and microbial diversity in a submerged Great Lake sinkhole.

    Science.gov (United States)

    Kinsman-Costello, L E; Sheik, C S; Sheldon, N D; Allen Burton, G; Costello, D M; Marcus, D; Uyl, P A Den; Dick, G J

    2017-03-01

    For a large part of earth's history, cyanobacterial mats thrived in low-oxygen conditions, yet our understanding of their ecological functioning is limited. Extant cyanobacterial mats provide windows into the putative functioning of ancient ecosystems, and they continue to mediate biogeochemical transformations and nutrient transport across the sediment-water interface in modern ecosystems. The structure and function of benthic mats are shaped by biogeochemical processes in underlying sediments. A modern cyanobacterial mat system in a submerged sinkhole of Lake Huron (LH) provides a unique opportunity to explore such sediment-mat interactions. In the Middle Island Sinkhole (MIS), seeping groundwater establishes a low-oxygen, sulfidic environment in which a microbial mat dominated by Phormidium and Planktothrix that is capable of both anoxygenic and oxygenic photosynthesis, as well as chemosynthesis, thrives. We explored the coupled microbial community composition and biogeochemical functioning of organic-rich, sulfidic sediments underlying the surface mat. Microbial communities were diverse and vertically stratified to 12 cm sediment depth. In contrast to previous studies, which used low-throughput or shotgun metagenomic approaches, our high-throughput 16S rRNA gene sequencing approach revealed extensive diversity. This diversity was present within microbial groups, including putative sulfate-reducing taxa of Deltaproteobacteria, some of which exhibited differential abundance patterns in the mats and with depth in the underlying sediments. The biological and geochemical conditions in the MIS were distinctly different from those in typical LH sediments of comparable depth. We found evidence for active cycling of sulfur, methane, and nutrients leading to high concentrations of sulfide, ammonium, and phosphorus in sediments underlying cyanobacterial mats. Indicators of nutrient availability were significantly related to MIS microbial community composition, while LH

  20. Microbial communities and organic biomarkers in a Proterozoic-analog sinkhole.

    Science.gov (United States)

    Hamilton, T L; Welander, P V; Albrecht, H L; Fulton, J M; Schaperdoth, I; Bird, L R; Summons, R E; Freeman, K H; Macalady, J L

    2017-11-01

    Little Salt Spring (Sarasota County, FL, USA) is a sinkhole with groundwater vents at ~77 m depth. The entire water column experiences sulfidic (~50 μM) conditions seasonally, resulting in a system poised between oxic and sulfidic conditions. Red pinnacle mats occupy the sediment-water interface in the sunlit upper basin of the sinkhole, and yielded 16S rRNA gene clones affiliated with Cyanobacteria, Chlorobi, and sulfate-reducing clades of Deltaproteobacteria. Nine bacteriochlorophyll e homologues and isorenieratene indicate contributions from Chlorobi, and abundant chlorophyll a and pheophytin a are consistent with the presence of Cyanobacteria. The red pinnacle mat contains hopanoids, including 2-methyl structures that have been interpreted as biomarkers for Cyanobacteria. A single sequence of hpnP, the gene required for methylation of hopanoids at the C-2 position, was recovered in both DNA and cDNA libraries from the red pinnacle mat. The hpnP sequence was most closely related to cyanobacterial hpnP sequences, implying that Cyanobacteria are a source of 2-methyl hopanoids present in the mat. The mats are capable of light-dependent primary productivity as evidenced by 13 C-bicarbonate photoassimilation. We also observed 13 C-bicarbonate photoassimilation in the presence of DCMU, an inhibitor of electron transfer to Photosystem II. Our results indicate that the mats carry out light-driven primary production in the absence of oxygen production-a mechanism that may have delayed the oxygenation of the Earth's oceans and atmosphere during the Proterozoic Eon. Furthermore, our observations of the production of 2-methyl hopanoids by Cyanobacteria under conditions of low oxygen and low light are consistent with the recovery of these structures from ancient black shales as well as their paucity in modern marine environments. © 2017 The Authors. Geobiology Published by John Wiley & Sons Ltd.

  1. 3D geostatistical modelling for identifying sinkhole disaster potential zones around the Verkhnekamskoye potash deposit (Russia)

    Science.gov (United States)

    Royer, J. J.; Litaudon, J.; Filippov, L. O.; Lyubimova, T.; Maximovich, N.

    2017-07-01

    This work results from a cooperative scientific program between the Perm State University (Russia) and the University of Lorraine (France). Its objectives are to integrate modern 3D geomodeling in order to improve sustainable mining extraction, especially for predicting and avoiding the formation of sinkholes disaster potential zones. Systematic exploration drill holes performed in the Verkhnekamskoye potash deposit (Perm region, Russia) have been used to build a comprehensive 3D model for better understanding the spatial repartition of the ore quality (geometallurgy). A precise modelling of the mineralized layers allows an estimation of the in-situ ore reserves after interpolating by kriging the potassium (K) and magnesium (Mg) contents at the node of a regular centred grid (over a million cells). Total resources in potassium vary according to the cut-off between 4.7Gt @ 16.1 % K2O; 0.32 % MgCl2 for a cut-off grade at 13.1% K2O and 2.06 Gt @ 18.2 % K2O; 0.32 % MgCl2 at a cut-off of 16.5% K2O. Most of reserves are located in the KPI, KPII and KPIII layers, the KPI being the richest, and KPIII the largest in terms of tonnage. A systematic study of the curvature calculated along the roof of the mineralized layers points out the location of potential main faults which play a major role in the formation of sinkhole during exploitation. A risk map is then derived from this attribute.

  2. A GIS analysis of the relationship between sinkholes, dry-well complaints and groundwater pumping for frost-freeze protection of winter strawberry production in Florida.

    Directory of Open Access Journals (Sweden)

    Mark D Aurit

    Full Text Available Florida is riddled with sinkholes due to its karst topography. Sometimes these sinkholes can cause extensive damage to infrastructure and homes. It has been suggested that agricultural practices, such as sprinkler irrigation methods used to protect crops, can increase the development of sinkholes, particularly when temperatures drop below freezing, causing groundwater levels to drop quickly during groundwater pumping. In the strawberry growing region, Dover/Plant City, Florida, the effects have caused water shortages resulting in dry-wells and ground subsidence through the development of sinkholes that can be costly to maintain and repair. In this study, we look at how frost-freeze events have affected West Central Florida over the past 25 years with detailed comparisons made between two cold-years (with severe frost-freeze events and a warm year (no frost-freeze events. We analyzed the spatial and temporal correlation between strawberry farming freeze protection practices and the development of sinkholes/dry well complaints, and assessed the economic impact of such events from a water management perspective by evaluating the cost of repairing and drilling new wells and how these compared with using alternative crop-protection methods. We found that the spatial distribution of sinkholes was non-random during both frost-freeze events. A strong correlation between sinkhole occurrence and water extraction and minimum temperatures was found. Furthermore as temperatures fall below 41°F and water levels decrease by more than 20 ft, the number of sinkholes increase greatly (N >10. At this time alternative protection methods such as freeze-cloth are cost prohibitive in comparison to repairing dry wells. In conclusion, the findings from this study are applicable in other agricultural areas and can be used to develop comprehensive water management plans in areas where the abstraction of large quantities of water occur.

  3. Sinkholes, subsidence and subrosion on the eastern shore of the Dead Sea as revealed by a close-range photogrammetric survey

    Science.gov (United States)

    Al-Halbouni, Djamil; Holohan, Eoghan P.; Saberi, Leila; Alrshdan, Hussam; Sawarieh, Ali; Closson, Damien; Walter, Thomas R.; Dahm, Torsten

    2017-05-01

    Ground subsidence and sinkhole collapse are phenomena affecting regions of karst geology worldwide. The rapid development of such phenomena around the Dead Sea in the last four decades poses a major geological hazard to the local population, agriculture and industry. Nonetheless many aspects of this hazard are still incompletely described and understood, especially on the eastern Dead Sea shore. In this work, we present a first low altitude (sinkhole area of Ghor Al-Haditha, Jordan. We provide a detailed qualitative and quantitative analysis of a new, high resolution digital surface model (5 cm px-1) and orthophoto of this area (2.1 km2). We also outline the factors affecting the quality and accuracy of this approach. Our analysis reveals a kilometer-scale sinuous depression bound partly by flexure and partly by non-tectonic faults. The estimated minimum volume loss of this subsided zone is 1.83 ṡ 106 m3 with an average subsidence rate of 0.21 m yr-1 over the last 25 years. Sinkholes in the surveyed area are localized mainly within this depression. The sinkholes are commonly elliptically shaped (mean eccentricity 1.31) and clustered (nearest neighbor ratio 0.69). Their morphologies and orientations depend on the type of sediment they form in: in mud, sinkholes have a low depth to diameter ratio (0.14) and a long-axis azimuth of NNE-NE. In alluvium, sinkholes have a higher ratio (0.4) and are orientated NNW-N. From field work, we identify actively evolving artesian springs and channelized, sediment-laden groundwater flows that appear locally in the main depression. Consequently, subrosion, i.e. subsurface mechanical erosion, is identified as a key physical process, in addition to dissolution, behind the subsidence and sinkhole hazard. Furthermore, satellite image analysis links the development of the sinuous depression and sinkhole formation at Ghor Al-Haditha to preferential groundwater flow paths along ancient and current wadi riverbeds.

  4. A GIS analysis of the relationship between sinkholes, dry-well complaints and groundwater pumping for frost-freeze protection of winter strawberry production in Florida.

    Science.gov (United States)

    Aurit, Mark D; Peterson, Robert O; Blanford, Justine I

    2013-01-01

    Florida is riddled with sinkholes due to its karst topography. Sometimes these sinkholes can cause extensive damage to infrastructure and homes. It has been suggested that agricultural practices, such as sprinkler irrigation methods used to protect crops, can increase the development of sinkholes, particularly when temperatures drop below freezing, causing groundwater levels to drop quickly during groundwater pumping. In the strawberry growing region, Dover/Plant City, Florida, the effects have caused water shortages resulting in dry-wells and ground subsidence through the development of sinkholes that can be costly to maintain and repair. In this study, we look at how frost-freeze events have affected West Central Florida over the past 25 years with detailed comparisons made between two cold-years (with severe frost-freeze events) and a warm year (no frost-freeze events). We analyzed the spatial and temporal correlation between strawberry farming freeze protection practices and the development of sinkholes/dry well complaints, and assessed the economic impact of such events from a water management perspective by evaluating the cost of repairing and drilling new wells and how these compared with using alternative crop-protection methods. We found that the spatial distribution of sinkholes was non-random during both frost-freeze events. A strong correlation between sinkhole occurrence and water extraction and minimum temperatures was found. Furthermore as temperatures fall below 41°F and water levels decrease by more than 20 ft, the number of sinkholes increase greatly (N >10). At this time alternative protection methods such as freeze-cloth are cost prohibitive in comparison to repairing dry wells. In conclusion, the findings from this study are applicable in other agricultural areas and can be used to develop comprehensive water management plans in areas where the abstraction of large quantities of water occur.

  5. Novel mechanism of network protection against the new generation of cyber attacks

    Science.gov (United States)

    Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

    2012-06-01

    A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

  6. Identifying and tracking attacks on networks: C3I displays and related technologies

    Science.gov (United States)

    Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

    2003-09-01

    Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

  7. Inadequate stakeholder management and its effect on a coherent sinkhole risk management strategy: The case of the Merafong Local Municipality, South Africa

    Directory of Open Access Journals (Sweden)

    Tshepo Moshodi

    2016-09-01

    Full Text Available The Merafong Local Municipality (MLM has historically suffered financial and human losses because of the presence of dolomite and the consequent formation of sinkholes. There is a great need for the MLM to address the risk posed by sinkholes to ensure the continued safety of communities. However, as the risk is so pervasive, the MLM needs to coordinate their risk reduction strategies with a wide array of stakeholders in the municipality. Efficient stakeholder management is thus crucial if the sinkhole risk is to be addressed appropriately. This article reviews the current status of stakeholder management in the MLM as it pertains to the formulation of a holistic sinkhole risk reduction strategy. Findings indicate that there are serious deficiencies in the MLM’s stakeholder management relating to key risk management processes such as community involvement in risk management structures, disaster risk assessment, training and awareness, and early warning and response. Improved stakeholder management could be characterised by the following factors: improved two-way communication between the municipality and community stakeholders, fostering a relationship based upon trust and equality amongst stakeholders, participation by a wide array of stakeholder groups affected by the sinkhole risk and a mutual commitment by all stakeholders to address the risk. These factors could contribute to enhancing current and future sinkhole risk reduction strategies.

  8. Cyber Attacks and Combat Behavior

    Directory of Open Access Journals (Sweden)

    Carataș Maria Alina

    2017-01-01

    Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.

  9. Comparison of 3- and 20-Gradient Direction Diffusion-Weighted Imaging in a Clinical Subacute Cohort of Patients with Transient Ischemic Attack: Application of Standard Vendor Protocols for Lesion Detection and Final Infarct Size Projection

    Directory of Open Access Journals (Sweden)

    Inger Havsteen

    2017-12-01

    Full Text Available ObjectiveDiffusion tensor imaging may aid brain ischemia assessment but is more time consuming than conventional diffusion-weighted imaging (DWI. We compared 3-gradient direction DWI (3DWI and 20-gradient direction DWI (20DWI standard vendor protocols in a hospital-based prospective cohort of patients with transient ischemic attack (TIA for lesion detection, lesion brightness, predictability of persisting infarction, and final infarct size.MethodsWe performed 3T-magnetic resonance imaging including diffusion and T2-fluid attenuated inversion recovery (FLAIR within 72 h and 8 weeks after ictus. Qualitative lesion brightness was assessed by visual inspection. We measured lesion area and brightness with manual regions of interest and compared with homologous normal tissue.Results117 patients with clinical TIA showed 78 DWI lesions. 2 lesions showed only on 3DWI. No lesions were uniquely 20DWI positive. 3DWI was visually brightest for 34 lesions. 12 lesions were brightest on 20DWI. The median 3DWI lesion area was larger for lesions equally bright, or brightest on 20DWI [median (IQR 39 (18–95 versus 18 (10–34 mm2, P = 0.007]. 3DWI showed highest measured relative lesion signal intensity [median (IQR 0.77 (0.48–1.17 versus 0.58 (0.34–0.81, P = 0.0006]. 3DWI relative lesion signal intensity was not correlated to absolute signal intensity, but 20DWI performed less well for low-contrast lesions. 3DWI lesion size was an independent predictor of persistent infarction. 3-gradient direction apparent diffusion coefficient areas were closest to 8-week FLAIR infarct size.Conclusion3DWI detected more lesions and had higher relative lesion SI than 20DWI. 20DWI appeared blurred and did not add information.Clinical Trial Registrationhttp://www.clinicaltrials.gov. Unique Identifier NCT01531946.

  10. Seven Deadliest Social Network Attacks

    CERN Document Server

    Timm, Carl

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting social networks? Then you need Seven Deadliest Social Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Social Networking Infrastruct

  11. Fighting Through a Logistics Cyber Attack

    Science.gov (United States)

    2015-06-19

    cumulative cost of cyber-attacks was more than the combined global black market cost of cocaine, heroin and marijuana. These alarming figures raised...the country to its knees. The Luftwaffe was uncontested in the Battle of Britain until radar’s ability to detect inbound aircraft provided the...manifest information in IGC and provides inbound passenger manifest data to the aerial port of debarkation (APOD) and other receiving activities for

  12. The sources of primary data for the development potentially dangerous patterns of cyber-attacks

    OpenAIRE

    Грищук, Руслан Валентинович; Житомирський військовий інститут імені С. П. Корольова; Охрімчук, Володимир Васильович; Житомирський військовий інститут імені С. П. Корольова; Ахтирцева, Влада Сергіївна; в/ч А1912

    2016-01-01

    It was established fact that the efficiency of modern systems of information and cyber security essentially de-pends on correct and timely development by vendors of antivirus software patterns of the detected cyber-attacks and timely update databases pattern of attacks these users of security. However, the constant improvement of the technological complexity of cyber-attacks requires from vendors constant improvement of mechanisms of development patterns of cyber-attacks. One of the promising...

  13. REAL-TIME INTELLIGENT MULTILAYER ATTACK CLASSIFICATION SYSTEM

    Directory of Open Access Journals (Sweden)

    T. Subbhulakshmi

    2014-01-01

    Full Text Available Intrusion Detection Systems (IDS takes the lion’s share of the current security infrastructure. Detection of intrusions is vital for initiating the defensive procedures. Intrusion detection was done by statistical and distance based methods. A threshold value is used in these methods to indicate the level of normalcy. When the network traffic crosses the level of normalcy then above which it is flagged as anomalous. When there are occurrences of new intrusion events which are increasingly a key part of system security, the statistical techniques cannot detect them. To overcome this issue, learning techniques are used which helps in identifying new intrusion activities in a computer system. The objective of the proposed system designed in this paper is to classify the intrusions using an Intelligent Multi Layered Attack Classification System (IMLACS which helps in detecting and classifying the intrusions with improved classification accuracy. The intelligent multi layered approach contains three intelligent layers. The first layer involves Binary Support Vector Machine classification for detecting the normal and attack. The second layer involves neural network classification to classify the attacks into classes of attacks. The third layer involves fuzzy inference system to classify the attacks into various subclasses. The proposed IMLACS can be able to detect an intrusion behavior of the networks since the system contains a three intelligent layer classification and better set of rules. Feature selection is also used to improve the time of detection. The experimental results show that the IMLACS achieves the Classification Rate of 97.31%.

  14. Attack Classification Schema for Smart City WSNs

    Directory of Open Access Journals (Sweden)

    Victor Garcia-Font

    2017-04-01

    Full Text Available Urban areas around the world are populating their streets with wireless sensor networks (WSNs in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.

  15. Attack Classification Schema for Smart City WSNs.

    Science.gov (United States)

    Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

    2017-04-05

    Urban areas around the world are populating their streets with wireless sensor networks (WSNs) in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.

  16. Crony Attack: Strategic Attack’s Silver Bullet

    Science.gov (United States)

    2006-11-01

    physical assets or financial assets. The form of crony attack that most closely resembles classic strategic attack is to deny, degrade, or destroy a money...February 1951. Reprinted in Airpower Studies Coursebook , Air Command and Staff College, Maxwell AFB, AL, 2002, 152–58. Hirsch, Michael. “NATO’s Game of

  17. Multistage 8.2 kyr event revealed through high-resolution XRF core scanning of Cuban sinkhole sediments

    Science.gov (United States)

    Peros, Matthew; Collins, Shawn; G'Meiner, Anna Agosta; Reinhardt, Eduard; Pupo, Felipe Matos

    2017-07-01

    We use sediments from a flooded sinkhole (Cenote Jennifer) in northern Cuba to provide new, well-dated, high-resolution evidence for the 8.2 kyr event. From 7600 to 8700 cal yr B.P. the sinkhole contained shallow, low-salinity water, which supported a marsh dominated by cattail and grass. Peaks in Cl and Br—occurring at 8150, 8200, and 8250 cal yr B.P.—are attributable to increased evaporation due to regional drying associated with the 8.2 kyr event. The three peaks in these elements also closely correspond to the greyscale record from the Cariaco Basin, indicative of increased upwelling in the southern Caribbean Sea at this time, supporting the notion of a multistage 8.2 kyr event. Our work provides new data that help to clarify the initiation, behavior, and impacts of the 8.2 kyr event in the northern tropics.

  18. Investigation of the possible interconnection of the sinkhole of Taka Lake and various springs of the area

    International Nuclear Information System (INIS)

    Leontiadis, I.L.; Dimitroulas, Christos; Zouridakis, N.; Morfis, A.; Paraskevopoulou, P.

    1987-09-01

    51 Cr-EDTA has been used as tracer to investigate the possible interconnection of the sinkhole of Taka Lake (high plateau of Tripolis) and a number of springs in Arkadia and Lakonia (Peloponnese). For the same purpose analyses of the isotopic composition of the water of the same springs, as well as of that of Taka Lake have been performed. The results of this research reconfirm the contribution of the water entering the sinkhole of Taka Lake to the feeding of Astros Anavalos spring, this contribution being apparent only during the low flow period. The common origin of Loukou, Valtos, Moustos and Aghios Andreas spring water was also proved and determined. The origin of the water of Zorros spring (Lakonia) was determined as well. (author)

  19. Metrics for Assessment of Smart Grid Data Integrity Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

    2012-07-01

    There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

  20. Tales from the crypt : Fingerprinting attacks on encrypted channels by way of retainting

    NARCIS (Netherlands)

    Valkering, Michael; Slowinska, Asia; Bos, Herbert

    2009-01-01

    Paradoxically, encryption makes it hard to detect, fingerprint and stop exploits. We describe Hassle, a honeypot capable of detecting and fingerprinting monomorphic and polymorphic attacks on encrypted channels. It uses dynamic taint analysis in an emulator to detect attacks, and it tags each

  1. DNA profiling of Tilapia guinasana, a species endemic to a single sinkhole, to determine the genetic divergence between color forms.

    Science.gov (United States)

    Nxomani, C; Ribbink, A J; Kirby, R

    1999-06-01

    Northwestern South Africa and Namibia contain a number of sinkholes in the dolomitic rock formations found in this area. These contain isolated populations of Tilapia. Most contain Tilapia sparmanii, but the one in Namibia, Guinas, is of particular interest as it contains the endemic species, Tilapia guinasana, which exhibits none sex-limited polychromatisms, which is unique for Tilapia. This sinkhole is under environmental threat, particularly as a result of being a recreational diving site. This study, using randomly amplified polymorphic DNA sequences (RAPDs), when analyzed using analysis of variance (ANOVA), shows that the colour forms of Tilapia guinasana are genetically distinct. This confirms previous evidence that assortative mating between color forms takes place. The various possible hypotheses for the occurrence and genetic stability of the color polymorphism are discussed. Further, a new hypothesis is put forward based on a need to maximize outbreeding in fully isolated population with no possibility of increase in size above the maximum and limited carrying capacity of the sinkhole.

  2. In vivo canine studies of a Sinkhole valve and vascular graft coated with biocompatible PU-PEO-SO3.

    Science.gov (United States)

    Han, D K; Lee, K B; Park, K D; Kim, C S; Jeong, S Y; Kim, Y H; Kim, H M; Min, B G

    1993-01-01

    PU-PEO-SO3 was applied as a coating material over a newly designed Sinkhole bileaflet PU heart valve and a porous PU vascular graft. Performance and biocompatibility were evaluated using an in vivo canine shunt system between the right ventricle and pulmonary artery. The survival periods in three implantations were 14, 24, and 39 days, during which no mechanical failure occurred in any Sinkhole valve or vascular graft. Scanning electron microscopy (SEM) studies demonstrated much less platelet adhesion and thrombus formation on PU-PEO-SO3 grafts than on PU vascular grafts. Cracks in the valve leaflet were occasionally observed on PU surfaces, but not on PU-PEO-SO3. After a 39 day implantation, calcium deposition on vascular grafts was decreased as compared with valve leaflets, and calcification on PU-PEO-SO3 was much lower than on PU. These results suggest that Sinkhole valves and vascular grafts are promising, and PU-PEO-SO3 as a coating material is more blood compatible, biostable, and calcification resistant in vivo than in untreated PU.

  3. Invisible Trojan-horse attack

    DEFF Research Database (Denmark)

    Sajeed, Shihan; Minshull, Carter; Jain, Nitin

    2017-01-01

    We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance...

  4. When Sinuses Attack! (For Kids)

    Science.gov (United States)

    ... First Aid & Safety Doctors & Hospitals Videos Recipes for Kids Kids site Sitio para niños How the Body Works ... Search English Español When Sinuses Attack! KidsHealth / For Kids / When Sinuses Attack! What's in this article? What ...

  5. An evaluation of automated GIS tools for delineating karst sinkholes and closed depressions from 1-meter LIDAR-derived digital elevation data

    Science.gov (United States)

    Doctor, Daniel H.; Young, John A.

    2013-01-01

    LiDAR (Light Detection and Ranging) surveys of karst terrains provide high-resolution digital elevation models (DEMs) that are particularly useful for mapping sinkholes. In this study, we used automated processing tools within ArcGIS (v. 10.0) operating on a 1.0 m resolution LiDAR DEM in order to delineate sinkholes and closed depressions in the Boyce 7.5 minute quadrangle located in the northern Shenandoah Valley of Virginia. The results derived from the use of the automated tools were then compared with depressions manually delineated by a geologist. Manual delineation of closed depressions was conducted using a combination of 1.0 m DEM hillshade, slopeshade, aerial imagery, and Topographic Position Index (TPI) rasters. The most effective means of visualizing depressions in the GIS was using an overlay of the partially transparent TPI raster atop the slopeshade raster at 1.0 m resolution. Manually identified depressions were subsequently checked using aerial imagery to screen for false positives, and targeted ground-truthing was undertaken in the field. The automated tools that were utilized include the routines in ArcHydro Tools (v. 2.0) for prescreening, evaluating, and selecting sinks and depressions as well as thresholding, grouping, and assessing depressions from the TPI raster. Results showed that the automated delineation of sinks and depressions within the ArcHydro tools was highly dependent upon pre-conditioning of the DEM to produce "hydrologically correct" surface flow routes. Using stream vectors obtained from the National Hydrologic Dataset alone to condition the flow routing was not sufficient to produce a suitable drainage network, and numerous artificial depressions were generated where roads, railways, or other manmade structures acted as flow barriers in the elevation model. Additional conditioning of the DEM with drainage paths across these barriers was required prior to automated 2delineation of sinks and depressions. In regions where the DEM

  6. Fatal injection: a survey of modern code injection attack countermeasures

    Directory of Open Access Journals (Sweden)

    Dimitris Mitropoulos

    2017-11-01

    Full Text Available With a code injection attack (CIA an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

  7. Invisible Trojan-horse attack.

    Science.gov (United States)

    Sajeed, Shihan; Minshull, Carter; Jain, Nitin; Makarov, Vadim

    2017-08-21

    We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Ac´ın-Ribordy-Gisin (SARG04) QKD protocol at 1924 nm versus that at 1536 nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N. Jain et al., New J. Phys. 16, 123030 (2014). However at 1924 nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.

  8. Sinkhole susceptibility in carbonate rocks of the Apulian karst (southern Italy)

    Science.gov (United States)

    Di Santo, Antonio; Fazio, Nunzio L.; Fiore, Antonio; Lollino, Piernicola; Luisi, Michele; Miccoli, Maria N.; Pagliarulo, Rosa; Parise, Mario; Perrotti, Michele; Pisano, Luca; Spalluto, Luigi; Vennari, Carmela; Vessia, Giovanna

    2016-04-01

    Apulia region, the foreland of the southern Italian Apennines, is made up of a 6-7 km-thick succession of Mesozoic shallow-water limestones and dolostones, locally covered by thin and discontinuous Tertiary and Quaternary carbonate and clastic deposits. Due to their long subaerial exposure, the Mesozoic carbonate bedrock recorded the development in the subsurface of a dense network of karst cavities, mostly controlled by tectonic discontinuities. As a result, a strong susceptibility to natural sinkholes has to be recorded in Apulia. In addition, the possibility of occurrence of other problems related to the high number of man-made cavities has to be added in the region. A great variety of different typologies of artificial cavities (mostly excavated in the Plio-Pleistocene soft calcarenites) is actually present, including underground quarries, worship sites, oil mills, civilian settlements, etc. Overall, 2200 natural and 1200 artificial cavities, respectively, have been so far surveyed in Apulia. Following the urban development in the last century in Apulia, many of these cavities lie nowadays below densely populated neighborhoods, roads or communication routes. These conditions are at the origin of the main geomorphological hazard for the human society in Apulia, which requires a careful evaluation, aimed at protecting and safeguarding the human life, and at providing the necessary information for a correct land use planning and management. The importance of the sinkhole hazard is further testified by the worrying increase in the number of events during the last 5-6 years. In response to these situations, joint research activities were started by the Institute of Research for Hydrological Protection of the National Research Council (CNR-IRPI) and the Basin Authority of Apulia, aimed at several goals, that include (but are not limited to) the collection of information on natural and anthropogenic sinkholes in Apulia, the implementation of numerical analyses for

  9. Structural analysis of S-wave seismics around an urban sinkhole: evidence of enhanced dissolution in a strike-slip fault zone

    Directory of Open Access Journals (Sweden)

    S. H. Wadas

    2017-12-01

    Full Text Available In November 2010, a large sinkhole opened up in the urban area of Schmalkalden, Germany. To determine the key factors which benefited the development of this collapse structure and therefore the dissolution, we carried out several shear-wave reflection-seismic profiles around the sinkhole. In the seismic sections we see evidence of the Mesozoic tectonic movement in the form of a NW–SE striking, dextral strike-slip fault, known as the Heßleser Fault, which faulted and fractured the subsurface below the town. The strike-slip faulting created a zone of small blocks ( < 100 m in size, around which steep-dipping normal faults, reverse faults and a dense fracture network serve as fluid pathways for the artesian-confined groundwater. The faults also acted as barriers for horizontal groundwater flow perpendicular to the fault planes. Instead groundwater flows along the faults which serve as conduits and forms cavities in the Permian deposits below ca. 60 m depth. Mass movements and the resulting cavities lead to the formation of sinkholes and dissolution-induced depressions. Since the processes are still ongoing, the occurrence of a new sinkhole cannot be ruled out. This case study demonstrates how S-wave seismics can characterize a sinkhole and, together with geological information, can be used to study the processes that result in sinkhole formation, such as a near-surface fault zone located in soluble rocks. The more complex the fault geometry and interaction between faults, the more prone an area is to sinkhole occurrence.

  10. Sinkhole susceptibility mapping using the analytical hierarchy process (AHP) and magnitude-frequency relationships: A case study in Hamadan province, Iran

    Science.gov (United States)

    Taheri, Kamal; Gutiérrez, Francisco; Mohseni, Hassan; Raeisi, Ezzat; Taheri, Milad

    2015-04-01

    Since 1989, an increasing number of sinkhole occurrences have been reported in the Kabudar Ahang and Razan-Qahavand subcatchments (KRQ) of Hamadan province, western Iran. The sinkhole-related subsidence phenomenon poses a significant threat for people and human structures, including sensitive facilities like the Hamadan Power Plant. Groundwater over-exploitation from the thick alluvial cover and the underlying cavernous limestone has been identified as the main factor involved in sinkhole development. A sinkhole susceptibility model was produced in a GIS environment applying the analytical hierarchy process (AHP) approach and considering a selection of eight factors, each categorized into five classes: distance to faults (DF), water level decline (WLD), groundwater exploitation (GE), penetration of deep wells into karst bedrock (PKA), distance to deep wells (DDW), groundwater alkalinity (GA), bedrock lithology (BL), and alluvium thickness (AT). Relative weights were preliminarily assigned to each factor and to their different classes through systematic pairwise comparisons based on expert judgment. The resulting sinkhole susceptibility index (SSI) values were then classified into four susceptibility classes: low, moderate, high and very high susceptibility. Subsequently, the model was refined through a trial and error process involving changes in the relative weights and iterative evaluation of the prediction capability. Independent evaluation of the final model indicates that 55% and 45% of the subsidence events fall within the very high and high, susceptibility zones, respectively. The results of this study show that AHP can be a useful approach for susceptibility assessment if data on the main controlling factors have sufficient accuracy and spatial coverage. The limitations of the model are partly related to the difficulty of gathering data on some important geological factors, due to their hidden nature. The magnitude and frequency relationship constructed

  11. After-gate attack on a quantum cryptosystem

    International Nuclear Information System (INIS)

    Wiechers, C; Wittmann, C; Elser, D; Marquardt, Ch; Leuchs, G; Lydersen, L; Skaar, J; Makarov, V

    2011-01-01

    We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

  12. SH-wave reflection seismic and VSP as tools for the investigation of sinkhole areas in Germany

    Science.gov (United States)

    Wadas, Sonja; Tschache, Saskia; Polom, Ulrich; Buness, Hermann; Krawczyk, Charlotte M.

    2017-04-01

    Sinkholes can lead to damage of buildings and infrastructure and they can cause life-threatening situations, if they occur in urban areas. The process behind this phenomenon is called subrosion. Subrosion is the underground leaching of soluble rocks, e.g. anhydrite and gypsum, due to the contact with ground- and meteoric water. Depending on the leached material, and especially the dissolution rate, different kinds of subrosion structures evolve in the subsurface. The two end members are collapse and depression structures. For a better understanding of the subrosion processes a detailed characterization of the resulting structures is necessary. In Germany sinkholes are a problem in many areas. In northern Germany salt and in central and southern Germany sulfate and carbonate deposits are affected by subrosion. The study areas described here are located in Thuringia in central Germany and the underground is characterized by soluble Permian deposits. The occurrence of 20 to 50 sinkholes is reported per year. Two regions, Bad Frankenhausen and Schmalkalden, are investigated, showing a leaning church tower and a sinkhole of 30 m diameter and 20 m depth, respectively. In Bad Frankenhausen four P-wave and 16 SH-wave reflection seismic profiles were carried out, supplemented by three zero-offset VSPs. In Schmalkalden five SH-wave reflection seismic profiles and one zero-offset VSP were acquired. The 2-D seismic sections, in particular the SH-wave profiles, showed known and unknown near-surface faults in the vicinity of sinkholes and depressions. For imaging the near-surface ( 2,5, probably indicating unstable areas due to subrosion. We conclude, that SH-wave reflection seismic offer an important tool for the imaging and characterization of near-surface subrosion structures and the identification of unstable zones, especially in combination with P-wave reflection seismic and zero-offset VSP with P- and S-waves. Presumably there is a connection between the presence of large

  13. WILD PIG ATTACKS ON HUMANS

    Energy Technology Data Exchange (ETDEWEB)

    Mayer, J.

    2013-04-12

    Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.

  14. Shark Attack Project - Marine Attack at Towed Hydrophone Arrays

    National Research Council Canada - National Science Library

    Kalmijn, Adrianus J

    2005-01-01

    The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...

  15. The Cyber-Physical Attacker

    DEFF Research Database (Denmark)

    Vigo, Roberto

    2012-01-01

    The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...... the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security...

  16. Sinkhole risk assessment by ERT: The case study of Sirino Lake (Basilicata, Italy)

    Science.gov (United States)

    Giampaolo, V.; Capozzoli, L.; Grimaldi, S.; Rizzo, E.

    2016-01-01

    The presence of natural or artificial lakes and reservoirs that can drain because of natural phenomena can generate catastrophic events affecting urban and agricultural areas next to the source area. Therefore, geophysical prospecting techniques have been applied in the study of Sirino Lake, which, during the last century, was affected by the sudden opening of small sinkholes, resulting in the almost total draining of the lake and in the sudden increase of water flow rates of distal springs. Two electrical resistivity tomographies (ERTs) were carried out across the lake, using electrode arrays located on land and across the water body. Self-potential (SP) data were acquired around the lake shore and the surrounding area. The geophysical prospecting contributed significant data toward explaining the unique hydrogeological characteristics of the lake. Integration of geophysical, geological, hydrogeological, and geomorphological data allowed us to estimate the thickness of the lacustrine deposits beneath the lake, to describe the main patterns of the subsurface fluid flows in the area, and to identify possible water escape routes causing the piping phenomena.

  17. Modeling of karst deformation and analysis of acoustic emission during sinkhole formation

    Science.gov (United States)

    Bakeev, R. A.; Stefanov, Yu. P.; Duchkov, A. A.; Myasnikov, A. V.

    2017-12-01

    In this paper, the fracture pattern and formation of a sinkhole are estimated depending on the rock properties. The possibility of using geophysical methods for recording and analyzing acoustic emission to monitor and predict the state of the medium is considered. The problem of deformation of the sedimentary cover over the growing karst cavity is solved on the basis of the elastoplastic Drucker-Prager-Nikolaevsky model and the equation of damage accumulation. The specified kinetics of accumulation of damages allows us to describe slow processes of degradation of the strength of the medium under stresses that are low for the development of inelastic deformations. The results are obtained for different values of the strength of karst rock; we show the influence of the kinetic parameters of damage accumulation on the shape of collapse depressions. We also model acoustic emission caused by the material fracture. One can follow different stages of the karst development by looking at patterns of cells which fail at a given time. Our observations show the relation between the intensity of material fracture and the intensity of seismic emission.

  18. Water and dissolved gas geochemistry of the monomictic Paterno sinkhole (central Italy

    Directory of Open Access Journals (Sweden)

    Matteo Nocentini

    2012-07-01

    Full Text Available This paper describes the chemical and isotope features of water and dissolved gases from lake Paterno (max. depth 54 m, a sinkhole located in the NE sector of the S. Vittorino plain (Rieti, Central Italy, where evidences of past and present hydrothermal activity exists. In winter (February 2011 lake Paterno waters were almost completely mixed, whereas in summer time (July 2011 thermal and chemical stratifications established. During the stratification period, water and dissolved gas chemistry along the vertical water column were mainly controlled by biological processes, such as methanogenesis, sulfate-reduction, calcite precipitation, denitrification, and NH4 and H2 production. Reducing conditions at the interface between the bottom sediments and the anoxic waters are responsible for the relatively high concentrations of dissolved iron (Fe and manganese (Mn, likely present in their reduced oxidation state. Minerogenic and biogenic products were recognized at the lake bottom even during the winter sampling. At relatively shallow depth the distribution of CH4 and CO2 was controlled by methanotrophic bacteria and photosynthesis, respectively. The carbon isotope signature of CO2 indicates a significant contribution of deep-originated inorganic CO2 that is related to the hydrothermal system feeding the CO2-rich mineralized springs discharging in the surrounding areas of lake Paterno. The seasonal lake stratification likely controls the vertical and horizontal distribution of fish populations in the different periods of the year.

  19. Novel microbial diversity retrieved by autonomous robotic exploration of the world's deepest vertical phreatic sinkhole.

    Science.gov (United States)

    Sahl, Jason W; Fairfield, Nathaniel; Harris, J Kirk; Wettergreen, David; Stone, William C; Spear, John R

    2010-03-01

    The deep phreatic thermal explorer (DEPTHX) is an autonomous underwater vehicle designed to navigate an unexplored environment, generate high-resolution three-dimensional (3-D) maps, collect biological samples based on an autonomous sampling decision, and return to its origin. In the spring of 2007, DEPTHX was deployed in Zacatón, a deep (approximately 318 m), limestone, phreatic sinkhole (cenote) in northeastern Mexico. As DEPTHX descended, it generated a 3-D map based on the processing of range data from 54 onboard sonars. The vehicle collected water column samples and wall biomat samples throughout the depth profile of the cenote. Post-expedition sample analysis via comparative analysis of 16S rRNA gene sequences revealed a wealth of microbial diversity. Traditional Sanger gene sequencing combined with a barcoded-amplicon pyrosequencing approach revealed novel, phylum-level lineages from the domains Bacteria and Archaea; in addition, several novel subphylum lineages were also identified. Overall, DEPTHX successfully navigated and mapped Zacatón, and collected biological samples based on an autonomous decision, which revealed novel microbial diversity in a previously unexplored environment.

  20. Large heterogeneities in comet 67P as revealed by active pits from sinkhole collapse.

    Science.gov (United States)

    Vincent, Jean-Baptiste; Bodewits, Dennis; Besse, Sébastien; Sierks, Holger; Barbieri, Cesare; Lamy, Philippe; Rodrigo, Rafael; Koschny, Detlef; Rickman, Hans; Keller, Horst Uwe; Agarwal, Jessica; A'Hearn, Michael F; Auger, Anne-Thérèse; Barucci, M Antonella; Bertaux, Jean-Loup; Bertini, Ivano; Capanna, Claire; Cremonese, Gabriele; Da Deppo, Vania; Davidsson, Björn; Debei, Stefano; De Cecco, Mariolino; El-Maarry, Mohamed Ramy; Ferri, Francesca; Fornasier, Sonia; Fulle, Marco; Gaskell, Robert; Giacomini, Lorenza; Groussin, Olivier; Guilbert-Lepoutre, Aurélie; Gutierrez-Marques, P; Gutiérrez, Pedro J; Güttler, Carsten; Hoekzema, Nick; Höfner, Sebastian; Hviid, Stubbe F; Ip, Wing-Huen; Jorda, Laurent; Knollenberg, Jörg; Kovacs, Gabor; Kramm, Rainer; Kührt, Ekkehard; Küppers, Michael; La Forgia, Fiorangela; Lara, Luisa M; Lazzarin, Monica; Lee, Vicky; Leyrat, Cédric; Lin, Zhong-Yi; Lopez Moreno, Josè J; Lowry, Stephen; Magrin, Sara; Maquet, Lucie; Marchi, Simone; Marzari, Francesco; Massironi, Matteo; Michalik, Harald; Moissl, Richard; Mottola, Stefano; Naletto, Giampiero; Oklay, Nilda; Pajola, Maurizio; Preusker, Frank; Scholten, Frank; Thomas, Nicolas; Toth, Imre; Tubiana, Cecilia

    2015-07-02

    Pits have been observed on many cometary nuclei mapped by spacecraft. It has been argued that cometary pits are a signature of endogenic activity, rather than impact craters such as those on planetary and asteroid surfaces. Impact experiments and models cannot reproduce the shapes of most of the observed cometary pits, and the predicted collision rates imply that few of the pits are related to impacts. Alternative mechanisms like explosive activity have been suggested, but the driving process remains unknown. Here we report that pits on comet 67P/Churyumov-Gerasimenko are active, and probably created by a sinkhole process, possibly accompanied by outbursts. We argue that after formation, pits expand slowly in diameter, owing to sublimation-driven retreat of the walls. Therefore, pits characterize how eroded the surface is: a fresh cometary surface will have a ragged structure with many pits, while an evolved surface will look smoother. The size and spatial distribution of pits imply that large heterogeneities exist in the physical, structural or compositional properties of the first few hundred metres below the current nucleus surface.

  1. Monogeneans of freshwater fishes from cenotes (sinkholes) of the Yucatan Peninsula, Mexico.

    Science.gov (United States)

    Mendoza-Franco, E F; Scholz, T; Vivas-Rodríguez, C; Vargas-Vázquez, J

    1999-01-01

    During a survey of the parasites of freshwater fishes from cenotes (sinkholes) of the Yucatan Peninsula the following species of monogeneans were found on cichlid, pimelodid, characid and poeciliid fishes: Sciadicleithrum mexicanum Kritsky, Vidal-Martinez et Rodriguez-Canul, 1994 from Cichlasoma urophthalmus (Günther) (type host), Cichlasoma friedrichsthali (Heckel), Cichlasoma octofasciatum (Regan), and Cichlasoma synspilum Hubbs, all new host records; Sciadicleithrum meekii Mendoza-Franco, Scholz et Vidal-Martínez, 1997 from Cichlasoma meeki (Brind); Urocleidoides chavarriai (Price, 1938) and Urocleidoides travassosi (Price, 1938) from Rhamdia guatemalensis (Günther); Urocleidoides costaricensis (Price et Bussing, 1967), Urocleidoides heteroancistrium (Price et Bussing, 1968), Urocleidoides anops Kritsky et Thatcher, 1974, Anacanthocotyle anacanthocotyle Kritsky et Fritts, 1970, and Gyrodactylus neotropicalis Kritsky et Fritts, 1970 from Astyanax fasciatus; and Gyrodactylus sp. from Gambusia yucatana Regan. Urocleidoides chavarriai, U. travassosi, U. costaricensis, U. heteroancistrium, U. anops, Anacanthocotyle anacanthocotyle and Gyrodactylus neotropicalis are reported from North America (Mexico) for the first time. These findings support the idea about the dispersion of freshwater fishes and their monogenean parasites from South America through Central America to southeastern Mexico, following the emergence of the Panamanian isthmus between 2 and 5 million years ago.

  2. Spiders (Araneae of selected sinkholes of Moravský kras Protected Landscape Area (Czech Republic

    Directory of Open Access Journals (Sweden)

    Vladimír Hula

    2012-01-01

    Full Text Available In this study, we present faunistic data about spiders in selected sinkholes of northern part of Moravský kras Protected Landscape Area. Time of collection was established in the following terms: 24 March 2010 – 22 September 2010. We collected altogether 5742 adult specimens which were determined to 59 species of 14 families. We found two very rare spiders (critically endangered Porrhomma errans and endangered Walckenaeria monoceros and several interesting, rarely collected bioindicator species (Alopecosa trabalis, Mecopisthes silus, Zelotes longipes. From the bioindicative evaluation point of view, 44% of found species belong to species with connection to natural habitats, 37% belong to species preferring semi-natural habitats, and 19% belong to species of disturbed habitats. From the relictness point of view, majority of species was of the expansive category (53%, 40% of class II relicts, and only 7% of class I relicts. Sink holes did not increase total biodiversity of agricultural land too much because of their relative small size.

  3. The current status of mapping karst areas and availability of public sinkhole-risk resources in karst terrains of the United States

    Science.gov (United States)

    Kuniansky, Eve L.; Weary, David J.; Kaufmann, James E.

    2016-01-01

    Subsidence from sinkhole collapse is a common occurrence in areas underlain by water-soluble rocks such as carbonate and evaporite rocks, typical of karst terrain. Almost all 50 States within the United States (excluding Delaware and Rhode Island) have karst areas, with sinkhole damage highest in Florida, Texas, Alabama, Missouri, Kentucky, Tennessee, and Pennsylvania. A conservative estimate of losses to all types of ground subsidence was $125 million per year in 1997. This estimate may now be low, as review of cost reports from the last 15 years indicates that the cost of karst collapses in the United States averages more than $300 million per year. Knowing when a catastrophic event will occur is not possible; however, understanding where such occurrences are likely is possible. The US Geological Survey has developed and maintains national-scale maps of karst areas and areas prone to sinkhole formation. Several States provide additional resources for their citizens; Alabama, Colorado, Florida, Indiana, Iowa, Kentucky, Minnesota, Missouri, Ohio, and Pennsylvania maintain databases of sinkholes or karst features, with Florida, Kentucky, Missouri, and Ohio providing sinkhole reporting mechanisms for the public.

  4. Data-plane Defenses against Routing Attacks on Tor

    Directory of Open Access Journals (Sweden)

    Tan Henry

    2016-10-01

    Full Text Available Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

  5. Superposition Attacks on Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

    2011-01-01

    of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security......Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold $t$ in the standard model is secure against superposition attacks if and only if the threshold is lowered to $t/2$. We use this result to give zero-knowledge proofs for all of NP in the common reference...

  6. Genetic attack on neural cryptography.

    Science.gov (United States)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-03-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

  7. Panic Attacks and Panic Disorder

    Science.gov (United States)

    ... Major changes in your life, such as a divorce or the addition of a baby Smoking or ... quality of life. Complications that panic attacks may cause or be linked to include: Development of specific ...

  8. Genetic attack on neural cryptography

    International Nuclear Information System (INIS)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-01-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size

  9. Genetic attack on neural cryptography

    Science.gov (United States)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-03-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

  10. What Is a Heart Attack?

    Science.gov (United States)

    ... medical center. Support from family and friends also can help relieve stress and anxiety. Let your loved ones know how you feel and what they can do to help you. Risk of a Repeat Heart Attack Once ...

  11. Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment

    Science.gov (United States)

    Lee, Jae-Kook; Kim, Sung-Jun; Park, Chan Yeol; Hong, Taeyoung; Chae, Huiseung

    2016-07-01

    Quite a number of cyber-attacks to be place against supercomputers that provide highperformance computing (HPC) services to public researcher. Particularly, although the secure shell protocol (SSH) brute-force attack is one of the traditional attack methods, it is still being used. Because stealth attacks that feign regular access may occur, they are even harder to detect. In this paper, we introduce methods to detect SSH brute-force attacks by analyzing the server's unsuccessful access logs and the firewall's drop events in a multi-user environment. Then, we analyze the durations of the SSH brute-force attacks that are detected by applying these methods. The results of an analysis of about 10 thousands attack source IP addresses show that the behaviors of abnormal users using SSH brute-force attacks are based on human dynamic characteristics of a typical heavy-tailed distribution.

  12. Software-based Microarchitectural Attacks

    OpenAIRE

    Gruss, Daniel

    2017-01-01

    Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual ...

  13. OPERATION COBRA. Deliberate Attack, Exploitation

    Science.gov (United States)

    1984-05-25

    to attack Sens, then continue to Troyes , on the Seine River. CCA was in the north, crossing the Loing River at Souppes against light resistance and...advanced from Troyes and prepared positions close to Sens. Under strong artillery support, a task force from CCA (TF Oden) attacked the enemy frontally...movement towards the Seine River on 24 August with an advance toward Troyes . Facing the combat command were what remained of the 51st SS Brigade, light

  14. On Node Replication Attack in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mumtaz Qabulio

    2016-04-01

    Full Text Available WSNs (Wireless Sensor Networks comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs

  15. On node replication attack in wireless sensor networks

    International Nuclear Information System (INIS)

    Qabulio, M.; Malkani, Y.A.

    2015-01-01

    WSNs (Wireless Sensor Networks) comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes) that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs. (author)

  16. TCPL: A Defense against wormhole attacks in wireless sensor networks

    International Nuclear Information System (INIS)

    Kumar, K. E. Naresh; Waheed, Mohd. Abdul; Basappa, K. Kari

    2010-01-01

    Do In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many sensor network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

  17. Time-lapse gravity and levelling in the sinkhole-endangered urban area of Bad Frankenhausen, Germany

    Science.gov (United States)

    Kobe, Martin; Gabriel, Gerald; Weise, Adelheid; Krawczyk, Charlotte; Vogel, Detlef

    2017-04-01

    Sinkholes, resulting from subrosion in the subsurface, can reach diameters of several hundred meters and thus pose a severe hazard for infrastructure and inhabitants in urban areas. Subrosion is the leaching of readily-soluble rocks, such as rock salt, gypsum, anhydrite and limestone by ground or meteoric water and leads to mass transport and relocation. Two scenarios of sinkhole evolution are conceivable: First, the surface subsides continuously in order to compensate for the mass loss. Second, the mass relocation leads to development of subsurface cavities. If they reach a critical size and the cover layers are not supported anymore, the surface collapses abruptly. To improve the understanding of subrosion processes and the related surface deformation a case study is conducted in Bad Frankenhausen, Germany, where subrosion leaches the Zechstein evaporates of the Permian. One part of the study is to analyse the spatiotemporal development of sinkholes by applying time-lapse observations. Therefore, we established a monitoring network consisting of 15 gravity and additional levelling points covering the main sinkhole areas in the city centre. In March 2014, the baseline survey was carried out. Since then, quarterly measurement campaigns are performed. In each campaign four different gravity meters are used to collect a statistical significant amount of data and to control the plausibility of our data. The gravity measurements are complemented by levelling surveys. The rectification of the time-lapse gravity data comprises the correction for jumps and systematic errors, as well as for well calculable influences, such as earth tides and air pressure changes. Furthermore, special interest was applied to seasonal changes of hydrological parameters such as soil moisture or groundwater level. We found the hydrological influence to be in the single digit up to the lower two-digit µGal range, depending on the season and the station. The standard deviations of the adjusted

  18. Evaluating susceptibility of karst dolines (sinkholes) for collapse in Sango, Tennessee, USA

    Science.gov (United States)

    Siska, Peter P.; Goovaerts, Pierre; Hung, I-K

    2016-01-01

    Dolines or sinkholes are earth depressions that develop in soluble rocks complexes such as limestone, dolomite, gypsum, anhydrite, and halite; dolines appear in a variety of shapes from nearly circular to complex structures with highly curved perimeters. The occurrence of dolines in the studied karst area is not random; they are the results of geomorphic, hydrologic, and chemical processes that have caused partial subsidence, even the total collapse of the land surface when voids and caves are present in the bedrock and the regolith arch overbridging these voids is unstable. In the study area, the majority of collapses occur in the regolith (bedrock cover) that bridges voids in the bedrock. Because these collapsing dolines may result in property damage and even cause the loss of lives, there is a need to develop methods for evaluating karst hazards. These methods can then be used by planners and practitioners for urban and economic development, especially in regions with a growing population. The purpose of this project is threefold: 1) to develop a karst feature database, 2) to investigate critical indicators associated with doline collapse, and 3) to develop a doline susceptibility model for potential doline collapse based on external morphometric data. The study has revealed the presence of short range spatial dependence in the distribution of the dolines’ morphometric parameters such as circularity, the geographic orientation of the main doline axes, and the length-to-width doline ratios; therefore, geostatistics can be used to spatially evaluate the susceptibility of the karst area for doline collapse. The partial susceptibility estimates were combined into a final probability map enabling the identification of areas where, until now, undetected dolines may cause significant hazards. PMID:27616807

  19. Hydrogeochemical processes controlling water and dissolved gas chemistry at the Accesa sinkhole (southern Tuscany, central Italy

    Directory of Open Access Journals (Sweden)

    Franco Tassi

    2014-05-01

    Full Text Available The 38.5 m deep Lake Accesa is a sinkhole located in southern Tuscany (Italy that shows a peculiar water composition, being characterized by relatively high total dissolved solids (TDS values (2 g L-1 and a Ca(Mg-SO4 geochemical facies. The presence of significant amounts of extra-atmospheric gases (CO2 and CH4, which increase their concentrations with depth, is also recognized. These chemical features, mimicking those commonly shown by volcanic lakes fed by hydrothermal-magmatic reservoirs, are consistent with those of mineral springs emerging in the study area whose chemistry is produced by the interaction of meteoric-derived waters with Mesozoic carbonates and Triassic evaporites. Although the lake has a pronounced thermocline, water chemistry does not show significant changes along the vertical profile. Lake water balance calculations demonstrate that Lake Accesa has >90% of its water supply from sublacustrine springs whose subterranean pathways are controlled by the local structural assessment that likely determined the sinking event, the resulting funnel-shape being then filled by the Accesa waters. Such a huge water inflow from the lake bottom (~9·106 m3 yr-1 feeds the lake effluent (Bruna River and promotes the formation of water currents, which are able to prevent the establishment of a vertical density gradient. Consequently, a continuous mixing along the whole vertical water column is established. Changes of the drainage system by the deep-originated waters in the nearby former mining district have strongly affected the outflow rates of the local mineral springs; thus, future intervention associated with the ongoing remediation activities should carefully be evaluated to preserve the peculiar chemical features of Lake Accesa.

  20. Nitrate and herbicide loading in two groundwater basins of Illinois' sinkhole plain

    Science.gov (United States)

    Panno, S.V.; Kelly, W.R.

    2004-01-01

    This investigation was designed to estimate the mass loading of nitrate (NO3-) and herbicides in spring water discharging from groundwater basins in an agriculturally dominated, mantled karst terrain. The loading was normalized to land use and NO3- and herbicide losses were compared to estimated losses in other agricultural areas of the Midwestern USA. Our study area consisted of two large karst springs that drain two adjoining groundwater basins (total area of 37.7 km2) in southwestern Illinois' sinkhole plain, USA. The springs and stream that they form were monitored for almost 2 years. Nitrate-nitrogen (NO3-N) concentrations at three monitoring sites were almost always above the background concentration (1.9 mg/l). NO3-N concentrations at the two springs ranged from 1.08 to 6.08 with a median concentration of 3.61 mg/l. Atrazine and alachlor concentrations ranged from <0.01 to 34 ??g/l and <0.01 to 0.98 ??g/l, respectively, with median concentrations of 0.48 and 0.12 ??g/l, respectively. Approximately 100,000 kg/yr of NO3-N, 39 kg/yr of atrazine, and 2.8 kg/yr of alachlor were discharged from the two springs. Slightly more than half of the discharged NO3- came from background sources and most of the remainder probably came from fertilizer. This represents a 21-31% loss of fertilizer N from the groundwater basins. The pesticide losses were 3.8-5.8% of the applied atrazine, and 0.05-0.08% of the applied alachlor. The loss of atrazine adsorbed to the suspended solid fraction was about 2 kg/yr, only about 5% of the total mass of atrazine discharged from the springs. ?? 2004 Elsevier B.V. All rights reserved.

  1. Connectivity among sinkholes and complex networks: The case of Ring of Cenotes in northwest Yucatan, Mexico

    Science.gov (United States)

    Gomez-Nicolas, Mariana; Rebolledo-Vieyra, Mario; Huerta-Quintanilla, Rodrigo; Canto-Lugo, Efrain

    2014-05-01

    A 180-km-diameter semicircular alignment of abundant karst sinkholes (locally known as cenotes) in northwestern Yucatán, México, coincides approximately with a concentric ring of the buried Chicxulub structure, a circular feature manifested in Cretaceous and older rocks, that has been identified as the product of the impact of a meteorite. The secondary permeability generated by the fracturing and faulting of the sedimentary sequence in the Chicxulub impact, has favored the karstification process and hence the development of genuine underground rivers that carry water from the continent to the sea. The study of the structure and morphology of the crater has allowed researchers to understand the key role of the crater in the Yucatán hydrogeology. It is generally accepted that the Ring of Cenotes, produced by the gravitational deformation of the Tertiary sedimentary sequence within the crater, controls the groundwater in northern Yucatán. However, today there is not solid evidence about the connectivity among cenotes, which is important because if established, public policies could be designed to manage sanitary infrastructure, septic control, regulation of agricultural and industrial activities and the protection of water that has not been compromised by anthropogenic pollution. All these directly affect more than half a million people whose main source of drinking water lies in the aquifer. In this contribution we investigated a set of 16 cenotes located in the vicinity of a gravimetric anomaly of Chicxulub crater ring, using complex networks to model the interconnectivity among them. Data from a geoelectrical tomography survey, collected with SuperSting R1/IP equipment, with multi-electrodes (72 electrodes), in a dipole-dipole configuration was used as input of our model. Since the total number of cenotes on the ring structure amounts to about 2000, the application of graph theoretic algorithms and Monte Carlo simulation to efficiently investigate network

  2. Analytical Characterization of Internet Security Attacks

    Science.gov (United States)

    Sellke, Sarah H.

    2010-01-01

    Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

  3. Determination of 222Rn in water by absorption in polydimethylsiloxane mixed with activated carbon and gamma-ray spectrometry: An example application in the radon budget of Paterno submerged sinkhole (Central Italy)

    International Nuclear Information System (INIS)

    Voltaggio, M.; Spadoni, M.

    2013-01-01

    Highlights: ► Polydimethylsiloxane and Activated Carbon were used as passive gas accumulator. ► Water-impermeable properties of PDMS combine with adsorptive properties of AC. ► PDMS–AC accumulators can be used to study 222 Rn in water. ► Measured 222 Rn specific activity in PDMS–AC matches the theoretical results. ► We used PDMS–AC in the radon budget of a submerged sinkhole. - Abstract: Passive gas accumulators made of polydimethylsiloxane (PDMS) mixed with activated C (AC) were studied to measure their efficiency for sampling Rn in water. In this composite the water-impermeable properties of PDMS act synergistically with adsorptive properties of AC, even when the accumulators are immersed in water for many days. A series of tests where cylindrical shaped PDMS–AC disks were exposed to different 222 Rn-enriched waters showed that measured 222 Rn specific activity matches the theoretical results coming from the equation that describes the process of internal diffusion integrated with the Rn decay term. The linear relationship between 222 Rn in water and the accumulation process in PDMS–AC, the influence of temperature and the different sensitivity of the composite and its components were also studied and discussed. The high Rn volumetric enrichment factor in PDMS–AC disks respect to water resulted in about 206: 1, so lowering detection limits for 222 Rn in water to 20 Bq m −3 when the total activity of Rn progeny in disks is measured by high resolution gamma-ray spectrometry. The use of PDMS–AC accumulators was tested at the Paterno submerged sinkhole, in central Italy. This study allowed the production of a detailed synchronous vertical profile of the Rn content in the middle of the lake and to define the Rn balance by assessing the discharge rate of submerged springs and the average residence time of the lake water

  4. Automated Generation of Attack Trees

    DEFF Research Database (Denmark)

    Vigo, Roberto; Nielson, Flemming; Nielson, Hanne Riis

    2014-01-01

    Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error-prone and impractica......Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error......-prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees...... are automatically inferred from a process algebraic specification in a syntax-directed fashion, encompassing a great many application domains and avoiding incurring systematically an exponential explosion. Moreover, we show how the standard propositional denotation of an attack tree can be used to phrase...

  5. An Analysis of Attacks on Blockchain Consensus

    OpenAIRE

    Bissias, George; Levine, Brian Neil; Ozisik, A. Pinar; Andresen, Gavin

    2016-01-01

    We present and validate a novel mathematical model of the blockchain mining process and use it to conduct an economic evaluation of the double-spend attack, which is fundamental to all blockchain systems. Our analysis focuses on the value of transactions that can be secured under a conventional double-spend attack, both with and without a concurrent eclipse attack. Our model quantifies the importance of several factors that determine the attack's success, including confirmation depth, attacke...

  6. Recurrent spontaneous attacks of dizziness.

    Science.gov (United States)

    Lempert, Thomas

    2012-10-01

    This article describes the common causes of recurrent vertigo and dizziness that can be diagnosed largely on the basis of history. Ninety percent of spontaneous recurrent vertigo and dizziness can be explained by six disorders: (1) Ménière disease is characterized by vertigo attacks, lasting 20 minutes to several hours, with concomitant hearing loss, tinnitus, and aural fullness. Aural symptoms become permanent during the course of the disease. (2) Attacks of vestibular migraine may last anywhere from minutes to days. Most patients have a previous history of migraine headaches, and many experience migraine symptoms during the attack. (3) Vertebrobasilar TIAs affect older adults with vascular risk factors. Most attacks last less than 1 hour and are accompanied by other symptoms from the posterior circulation territory. (4) Vestibular paroxysmia is caused by vascular compression of the eighth cranial nerve. It manifests itself with brief attacks of vertigo that recur many times per day, sometimes with concomitant cochlear symptoms. (5) Orthostatic hypotension causes brief episodes of dizziness lasting seconds to a few minutes after standing up and is relieved by sitting or lying down. In older adults, it may be accompanied by supine hypertension. (6) Panic attacks usually last minutes, occur in specific situations, and are accompanied by choking, palpitations, tremor, heat, and anxiety. Less common causes of spontaneous recurrent vertigo and dizziness include perilymph fistula, superior canal dehiscence, autoimmune inner ear disease, otosclerosis, cardiac arrhythmia, and medication side effects. Neurologists need to venture into otolaryngology, internal medicine, and psychiatry to master the differential diagnosis of recurrent dizziness.

  7. Vulnerability of water supply systems to cyber-physical attacks

    Science.gov (United States)

    Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

    2016-04-01

    The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

  8. Using the Domain Name System to Thwart Automated Client-Based Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Taylor, Curtis R [ORNL; Shue, Craig A [ORNL

    2011-09-01

    On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.

  9. Hydrogen attack evaluation of boiler tube using ultrasonic wave

    International Nuclear Information System (INIS)

    Won, Soon Ho; Hyun, Yang Ki; Lee, Jong O; Cho, Kyung Shik; Lee, Jae Do

    2001-01-01

    The presence of hydrogen in industrial plants is a source of damage. Hydrogen attack is one such form of degradation and often causing large tube ruptures that necessitate an immediate shutdown. Hydrogen attack may reduce the fracture toughness as well as the strength of steels. This reduction is caused partially by the presence of cavities and microcracks at the grain boundaries. In the past several techniques have been used with limited results. This paper describes the application of an ultrasonic velocity, attenuation and backscatter techniques for detecting the presence of hydrogen damage in utility boiler tubes. Ultrasonic tests showed a decrease in wave velocity and an increase in attenuation. Such results demonstrate the potential for ultrasonic nondestructive testing to quantify damage. Based on this study, recommendations are that both velocity and attenuation be used to detect hydrogen attack in steels.

  10. Change Detection Algorithms for Information Assurance of Computer Networks

    National Research Council Canada - National Science Library

    Cardenas, Alvaro A

    2002-01-01

    .... In this thesis, the author will focus on the detection of three attack scenarios: the spreading of active worms throughout the Internet, distributed denial of service attacks, and routing attacks to wireless ad hoc networks...

  11. A generalized genetic framework for the development of sinkholes and Karst in Florida, U.S.A.

    Science.gov (United States)

    Beck, Barry F.

    1986-03-01

    Karst topography in Florida is developed on the Tertiary limestones of the Floridan aquifer Post-depositional diagenesis and solution have made these limestones highly permeable, T=ca. 50,000 m2/d. Zones of megaporosity have formed at unconformities, and dissolution has enlarged joints and fractures Erosion of the overlying clastic Miocene Hawthorn group strata on one flank of a structural arch has exposed the limestone The elevated edge of the Hawthorn cover forms the Cody scarp Ubiquitous solution pipes have previously formed at joint intersections and are now filled Downwashing of the fill deeper into solution cavities in the limestone and subsidence of the overlying unconsolidated sediments causes surface collapse a subsidence doline or sinkhole This process may penetrate up to 60 m of the semi-consolidated Hawthorn cover, as occurred when the Winter Park sinkhole developed Dense clusters of solution pipes may have formed cenotes which are now found on the exposed limestone terrain Groundwater moves laterally as diffuse flow except where input or outflow is concentrated. At sinking streams, vertical shafts, and springs, karst caves have formed, but only the major sinking streams form through-flowing conduit systems Shaft recharge dissipates diffusely. Spring discharge is concentrated from diffuse flow In both cases, conduits taper and merge into a zone of megaporosity

  12. High-resolution seismic-reflection imaging 25 years of change in I-70 sinkhole, Russell County, Kansas

    Science.gov (United States)

    Miller, R.D.; Steeples, D.W.; Lambrecht, J.L.; Croxton, N.

    2006-01-01

    Time-lapse seismic reflection imaging improved our understanding of the consistent, gradual surface subsidence ongoing at two sinkholes in the Gorham Oilfield discovered beneath a stretch of Interstate Highway 70 through Russell and Ellis Counties in Kansas in 1966. With subsidence occurring at a rate of around 10 cm per year since discovery, monitoring has been beneficial to ensure public safety and optimize maintenance. A miniSOSIE reflection survey conducted in 1980 delineated the affected subsurface and successfully predicted development of a third sinkhole at this site. In 2004 and 2005 a high-resolution vibroseis survey was completed to ascertain current conditions of the subsurface, rate and pattern of growth since 1980, and potential for continued growth. With time and improved understanding of the salt dissolution affected subsurface in this area it appears that these features represent little risk to the public from catastrophic failure. However, from an operational perspective the Kansas Department of Transportation should expect continued subsidence, with future increases in surface area likely at a slightly reduced vertical rate. Seismic characteristics appear empirically consistent with gradual earth material compaction/settling. ?? 2005 Society of Exploration Geophysicists.

  13. Mitigating Higher Ed Cyber Attacks

    Science.gov (United States)

    Rogers, Gary; Ashford, Tina

    2015-01-01

    In this presentation we will discuss the many and varied cyber attacks that have recently occurred in the higher ed community. We will discuss the perpetrators, the victims, the impact and how these institutions have evolved to meet this threat. Mitigation techniques and defense strategies will be covered as will a discussion of effective security…

  14. Chemical Evolution of Groundwater Near a Sinkhole Lake, Northern Florida: 1. Flow Patterns, Age of Groundwater, and Influence of Lake Water Leakage

    Science.gov (United States)

    Katz, Brian G.; Lee, Terrie M.; Plummer, L. Niel; Busenberg, Eurybiades

    1995-06-01

    Leakage from sinkhole lakes significantly influences recharge to the Upper Floridan aquifer in poorly confined sediments in northern Florida. Environmental isotopes (oxygen 18, deuterium, and tritium), chlorofluorocarbons (CFCs: CFC-11, CCl3F; CFC-12, CCl2F2; and CFC-113, C2Cl3F3), and solute tracers were used to investigate groundwater flow patterns near Lake Barco, a seepage lake in a mantled karst setting in northern Florida. Stable isotope data indicated that the groundwater downgradient from the lake contained 11-67% lake water leakage, with a limit of detection of lake water in groundwater of 4.3%. The mixing fractions of lake water leakage, which passed through organic-rich sediments in the lake bottom, were directly proportional to the observed methane concentrations and increased with depth in the groundwater flow system. In aerobic groundwater upgradient from Lake Barco, CFC-modeled recharge dates ranged from 1987 near the water table to the mid 1970s for water collected at a depth of 30 m below the water table. CFC-modeled recharge dates (based on CFC-12) for anaerobic groundwater downgradient from the lake ranged from the late 1950s to the mid 1970s and were consistent with tritium data. CFC-modeled recharge dates based on CFC-11 indicated preferential microbial degradation in anoxic waters. Vertical hydraulic conductivities, calculated using CFC-12 modeled recharge dates and Darcy's law, were 0.17, 0.033, and 0.019 m/d for the surficial aquifer, intermediate confining unit, and lake sediments, respectively. These conductivities agreed closely with those used in the calibration of a three-dimensional groundwater flow model for transient and steady state flow conditions.

  15. Causes and consequences of the sinkhole at El Trébol of Quito, Ecuador - implications for economic damage and risk assessment

    Science.gov (United States)

    Toulkeridis, Theofilos; Rodríguez, Fabián; Arias Jiménez, Nelson; Simón Baile, Débora; Salazar Martínez, Rodolfo; Addison, Aaron; Carreón Freyre, Dora; Mato, Fernando; Díaz Perez, Carmen

    2016-09-01

    The so-called El Trébol is a critical road interchange in Quito connecting the north and south regions of the city. In addition, it connects Quito with the highly populated Los Chillos Valley, one of the most traveled zones in the Ecuadorian capital. El Trébol was constructed in the late 1960s in order to resolve the traffic jams of the capital city and for that purpose the Machángara River was rerouted through an underground concrete box tunnel. In March 2008, the tunnel contained a high amount of discarded furniture that had been impacting the top portion of the tunnel, compromising the structural integrity. On 31 March 2008 after a heavy rainfall a sinkhole of great proportions formed in the Trébol traffic hub. In the first few minutes, the sinkhole reached an initial diameter of 30 m. The collapse continued to grow in the following days until the final dimensions of 120 m in diameter and some 40 m of depth, revealing the Machángara River at the base of the sinkhole.A state of emergency was declared. The cause of the sinkhole was a result of the lack of monitoring of the older subterranean infrastructure where trash had accumulated and damaged the concrete tunnel that channelized the Machángara River until it was worn away for a length of some 20 m, leaving behind the sinkhole and the fear of recurrence in populated areas.With the intent to understand the causes and consequences of this sinkhole event, rainfall data are shown together with hydrogeological characteristics and a view back to the recent history of sinkhole lineation or arrangement of the city of Quito. The economic impact is also emphasized, where the direct costs of the damage and the reconstruction are presented and compared to indirect costs associated with this socio-natural disaster. These analyses suggest that the costs of indirect financial damage, like time loss or delay, and subsequent higher expenses for different types of vehicles, are equivalent to many times the costs of the

  16. From control system security indices to attack identifiability

    NARCIS (Netherlands)

    Herdeiro Teixeira, A.M.; Sandberg, H

    2016-01-01

    In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The index exactly quantifies the resources

  17. Fuzzy Based Advanced Hybrid Intrusion Detection System to Detect Malicious Nodes in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Rupinder Singh

    2017-01-01

    Full Text Available In this paper, an Advanced Hybrid Intrusion Detection System (AHIDS that automatically detects the WSNs attacks is proposed. AHIDS makes use of cluster-based architecture with enhanced LEACH protocol that intends to reduce the level of energy consumption by the sensor nodes. AHIDS uses anomaly detection and misuse detection based on fuzzy rule sets along with the Multilayer Perceptron Neural Network. The Feed Forward Neural Network along with the Backpropagation Neural Network are utilized to integrate the detection results and indicate the different types of attackers (i.e., Sybil attack, wormhole attack, and hello flood attack. For detection of Sybil attack, Advanced Sybil Attack Detection Algorithm is developed while the detection of wormhole attack is done by Wormhole Resistant Hybrid Technique. The detection of hello flood attack is done by using signal strength and distance. An experimental analysis is carried out in a set of nodes; 13.33% of the nodes are determined as misbehaving nodes, which classified attackers along with a detection rate of the true positive rate and false positive rate. Sybil attack is detected at a rate of 99,40%; hello flood attack has a detection rate of 98, 20%; and wormhole attack has a detection rate of 99, 20%.

  18. B vitamins and magnetic resonance imaging-detected ischemic brain lesions in patients with recent transient ischemic attack or stroke: the VITAmins TO Prevent Stroke (VITATOPS) MRI-substudy.

    Science.gov (United States)

    Cavalieri, Margherita; Schmidt, Reinhold; Chen, Christopher; Mok, Vincent; de Freitas, Gabriel R; Song, Swithin; Yi, Qilong; Ropele, Stefan; Grazer, Anja; Homayoon, Nina; Enzinger, Christian; Loh, Katherine; Wong, Ka Sing Lawrence; Wong, Adrian; Xiong, Yunyun; Chang, Hui Meng; Wong, Meng Cheong; Fazekas, Franz; Eikelboom, John W; Hankey, Graeme J

    2012-12-01

    Elevated concentrations of homocysteine are associated with cerebral small vessel disease (CSVD). B-vitamin supplementation with folate and vitamins B12 and B6 reduces homocysteine concentrations. In a substudy of the VITAmins TO Prevent Stroke (VITATOPS) trial, we assessed the hypothesis that the addition of once-daily supplements of B vitamins would reduce the progression of CSVD-related brain lesions. A total of 359 patients with recent stroke or transient ischemic attack, who were randomly allocated to double-blind treatment with placebo or b vitamins, underwent brain MRI at randomization and after 2 years of B-vitamin supplementation. MR images were analyzed blinded to treatment allocation. Outcomes related to the prespecified hypothesis were progression of white matter hyperintensities and incident lacunes. We also explored the effect of B-vitamin supplementation on the incidence of other ischemic abnormalities. After 2 years of treatment with b vitamins or placebo, there was no significant difference in white matter hyperintensities volume change (0.08 vs 0.13 cm3; P=0.419) and incidence of lacunes (8.0% vs 5.9%, P=0.434; odds ratio=1.38). In a subanalysis of patients with MRI evidence of severe CSVD at baseline, b-vitamin supplementation was associated with a significant reduction in white matter hyperintensities volume change (0.3 vs 1.7 cm3; P=0.039). Daily B-vitamin supplementation for 2 years did not significantly reduce the progression of brain lesions resulting from presumed CSVD in all patients with recent stroke or transient ischemic attack but may do so in the subgroup of patients with recent stroke or transient ischemic attack and severe CSVD. http://vitatops.highway1.com.au/. Unique identifier: NCT00097669 and ISRCTN74743444.

  19. Reachable Sets of Hidden CPS Sensor Attacks : Analysis and Synthesis Tools

    NARCIS (Netherlands)

    Murguia, Carlos; van de Wouw, N.; Ruths, Justin; Dochain, Denis; Henrion, Didier; Peaucelle, Dimitri

    2017-01-01

    For given system dynamics, control structure, and fault/attack detection procedure, we provide mathematical tools–in terms of Linear Matrix Inequalities (LMIs)–for characterizing and minimizing the set of states that sensor attacks can induce in the system while keeping the alarm rate of the

  20. Using the cumulative sum algorithm against distributed denial of service attacks in Internet of Things

    CSIR Research Space (South Africa)

    Machaka, Pheeha

    2015-11-01

    Full Text Available The paper presents the threats that are present in Internet of Things (IoT) systems and how they can be used to perpetuate a large scale DDoS attack. The paper investigates how the Cumulative Sum (CUSUM) algorithm can be used to detect a DDoS attack...

  1. Mitigating Drive-By Download Attacks: Challenges and Open Problems

    Science.gov (United States)

    Egele, Manuel; Kirda, Engin; Kruegel, Christopher

    Malicious web sites perform drive-by download attacks to infect their visitors with malware. Current protection approaches rely on black- or white-listing techniques that are difficult to keep up-to-date. As todays drive-by attacks already employ encryption to evade network level detection we propose a series of techniques that can be implemented in web browsers to protect the user from such threats. In addition, we discuss challenges and open problems that these mechanisms face in order to be effective and efficient.

  2. Peacetime Use of Computer Network Attack

    National Research Council Canada - National Science Library

    Busby, Daniel

    2000-01-01

    .... PDD-63 alerts the nation to prepare for impending cyber attacks. This paper examines the nature, scale, and likelihood of cyber attacks posited in PDD-63 and finds that the country does not face an imminent "electronic Pearl Harbor...

  3. Women's Heart Disease: Heart Attack Symptoms

    Science.gov (United States)

    ... of this page please turn JavaScript on. Feature: Women's Heart Disease Heart Attack Symptoms Past Issues / Winter ... most common heart attack symptom in men and women is chest pain or discomfort. However, women also ...

  4. Stochastic Model of TCP SYN Attacks

    Directory of Open Access Journals (Sweden)

    Simona Ramanauskaitė

    2011-08-01

    Full Text Available A great proportion of essential services are moving into internet space making the threat of DoS attacks even more actual. To estimate the real risk of some kind of denial of service (DoS attack in real world is difficult, but mathematical and software models make this task easier. In this paper we overview the ways of implementing DoS attack models and offer a stochastic model of SYN flooding attack. It allows evaluating the potential threat of SYN flooding attacks, taking into account both the legitimate system flow as well as the possible attack power. At the same time we can assess the effect of such parameters as buffer capacity, open connection storage in the buffer or filte­ring efficiency on the success of different SYN flooding attacks. This model can be used for other type of memory depletion denial of service attacks.Article in Lithuanian

  5. Using an ontology for network attack planning

    CSIR Research Space (South Africa)

    Van Heerden, R

    2016-09-01

    Full Text Available The modern complexity of network attacks and their counter-measures (cyber operations) requires detailed planning. This paper presents a Network Attack Planning ontology which is aimed at providing support for planning such network operations within...

  6. Stealthy false data injection attacks using matrix recovery and independent component analysis in smart grid

    Science.gov (United States)

    JiWei, Tian; BuHong, Wang; FuTe, Shang; Shuaiqi, Liu

    2017-05-01

    Exact state estimation is vital important to maintain common operations of smart grids. Existing researches demonstrate that state estimation output could be compromised by malicious attacks. However, to construct the attack vectors, a usual presumption in most works is that the attacker has perfect information regarding the topology and so on even such information is difficult to acquire in practice. Recent research shows that Independent Component Analysis (ICA) can be used for inferring topology information which can be used to originate undetectable attacks and even to alter the price of electricity for the profits of attackers. However, we found that the above ICA-based blind attack tactics is merely feasible in the environment with Gaussian noises. If there are outliers (device malfunction and communication errors), the Bad Data Detector will easily detect the attack. Hence, we propose a robust ICA based blind attack strategy that one can use matrix recovery to circumvent the outlier problem and construct stealthy attack vectors. The proposed attack strategies are tested with IEEE representative 14-bus system. Simulations verify the feasibility of the proposed method.

  7. Securing ad hoc wireless sensor networks under Byzantine attacks by implementing non-cryptographic method

    Directory of Open Access Journals (Sweden)

    Shabir Ahmad Sofi

    2017-05-01

    Full Text Available Ad Hoc wireless sensor network (WSN is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected. The level of security and performance are always somehow related to each other, therefore due to limited resources in WSN, cryptographic methods for securing the network against attacks is not feasible. Byzantine attacks disrupt the communication between nodes in the network without regard to its own resource consumption. This paper discusses the performance of cluster based WSN comparing LEACH with Advanced node based clusters under byzantine attacks. This paper also proposes an algorithm for detection and isolation of the compromised nodes to mitigate the attacks by non-cryptographic means. The throughput increases after using the algorithm for isolation of the malicious nodes, 33% in case of Gray Hole attack and 62% in case of Black Hole attack.

  8. Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

    Directory of Open Access Journals (Sweden)

    Asish Kumar Dalai

    2017-01-01

    Full Text Available Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

  9. Quantum Encryption Minimising Key Leakage under Known Plaintext Attacks

    DEFF Research Database (Denmark)

    Pedersen, Thomas Brochmann

    2006-01-01

    , or interactive encryption schemes, where the interaction does not need to occur online. In our model we show that the amount of key leaked under a known plaintext attack can be made arbitrarily small even in non-interactive encryption schemes. We also give an encryption scheme where eavesdropping can be detected....... In this encryption scheme the entire key can be safely recycled when no eavesdropping is detected....

  10. Attack Graph Construction for Security Events Analysis

    Directory of Open Access Journals (Sweden)

    Andrey Alexeevich Chechulin

    2014-09-01

    Full Text Available The paper is devoted to investigation of the attack graphs construction and analysis task for a network security evaluation and real-time security event processing. Main object of this research is the attack modeling process. The paper contains the description of attack graphs building, modifying and analysis technique as well as overview of implemented prototype for network security analysis based on attack graph approach.

  11. A Model of Biological Attacks on a Realistic Population

    Science.gov (United States)

    Carley, Kathleen M.; Fridsma, Douglas; Casman, Elizabeth; Altman, Neal; Chen, Li-Chiou; Kaminsky, Boris; Nave, Demian; Yahja, Alex

    The capability to assess the impacts of large-scale biological attacks and the efficacy of containment policies is critical and requires knowledge-intensive reasoning about social response and disease transmission within a complex social system. There is a close linkage among social networks, transportation networks, disease spread, and early detection. Spatial dimensions related to public gathering places such as hospitals, nursing homes, and restaurants, can play a major role in epidemics [Klovdahl et. al. 2001]. Like natural epidemics, bioterrorist attacks unfold within spatially defined, complex social systems, and the societal and networked response can have profound effects on their outcome. This paper focuses on bioterrorist attacks, but the model has been applied to emergent and familiar diseases as well.

  12. A robust color image watermarking algorithm against rotation attacks

    Science.gov (United States)

    Han, Shao-cheng; Yang, Jin-feng; Wang, Rui; Jia, Gui-min

    2018-01-01

    A robust digital watermarking algorithm is proposed based on quaternion wavelet transform (QWT) and discrete cosine transform (DCT) for copyright protection of color images. The luminance component Y of a host color image in YIQ space is decomposed by QWT, and then the coefficients of four low-frequency subbands are transformed by DCT. An original binary watermark scrambled by Arnold map and iterated sine chaotic system is embedded into the mid-frequency DCT coefficients of the subbands. In order to improve the performance of the proposed algorithm against rotation attacks, a rotation detection scheme is implemented before watermark extracting. The experimental results demonstrate that the proposed watermarking scheme shows strong robustness not only against common image processing attacks but also against arbitrary rotation attacks.

  13. Attacks and countermeasures on AES and ECC

    DEFF Research Database (Denmark)

    Tange, Henrik; Andersen, Birger

    2013-01-01

    AES (Advanced Encryption Standard) is widely used in LTE and Wi-Fi communication systems. AES has recently been exposed to new attacks which have questioned the overall security of AES. The newest attack is a so called biclique attack, which is using the fact that the content of the state array...

  14. Automated classification of computer network attacks

    CSIR Research Space (South Africa)

    Van Heerden, R

    2013-11-01

    Full Text Available according to the relevant types of attack scenarios depicted in the ontology. The two network attack instances are the Distributed Denial of Service attack on SpamHaus in 2013 and the theft of 42 million Rand ($6.7 million) from South African Postbank...

  15. Cyberprints: Identifying Cyber Attackers by Feature Analysis

    Science.gov (United States)

    Blakely, Benjamin A.

    2012-01-01

    The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

  16. Defending majority voting systems against a strategic attacker

    International Nuclear Information System (INIS)

    Levitin, Gregory; Hausken, Kjell; Ben Haim, Hanoch

    2013-01-01

    Voting systems used in technical and tactical decision making in pattern recognition and target detection, data handling, signal processing, distributed and secure computing etc. are considered. A maxmin two period game is analyzed where the defender first protects and chooses units for participation in voting. The attacker thereafter attacks a subset of units. It is shown that when the defender protects all the voting units, the optimal number of units chosen for voting is either one or the maximal possible odd number. When the defender protects only the units chosen for voting, the optimal number of chosen units increases with the defender resource superiority (i.e., more resources than the attacker) and with probability of providing correct output by any unit. The system success probability always increases in the total number of voting units, the defender–attacker resource ratio, and the probability that each voting unit produces a correct output. The system success probability increases in the attacker–defender contest intensity if the defender achieves per-unit resource superiority, and otherwise decreases in the contest intensity. The presented model and enumerative algorithm allow obtaining optimal voting system defense strategy for any combination of parameters: total number of units, attack and defense resources, unit success probability and contest intensity.

  17. Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

    Science.gov (United States)

    Liu, Xuan

    Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to

  18. Attacks on IEEE 802.11 wireless networks

    Directory of Open Access Journals (Sweden)

    Dejan Milan Tepšić

    2013-06-01

    networking it has never been easier to penetrate the network. One of the biggest problems of today's wireless networks is the lack of effective systems for intrusion detection. Forgetting to cover gaps in wireless network security may result in intrusion into the network by an attacker. Security in IEEE 802.11 wireless networks Although the IEEE 802.11 protocol defines security standards, wireless networks are one of the weakest links in the chain of computer networks. The basic security requirements of each computer network are reliable user authentication, privacy protection and user authentication. Security attacks on IEEE 802.11 wireless networks Non-technical attacks include a variety of human weaknesses, such as lack of conscience, negligence or over-confidence towards the strangers. Network attacks include a number of techniques that enable attackers to penetrate into  the wireless network, or at least to disable it. Apart from the security problems with the IEEE 802.11 protocol, there are vulnerabilities in operating systems and applications on wireless clients. The methodology of attack Before testing wireless network security vulnerabilities, it is important to define a formal testing methodology. The first step before the actual attack is footprinting. The second step is the creation of a network map that shows how the wireless system looks. For this purpose, hackers are using specific tools, such as Network Stumbler, Nmap and Fping. When basic information about the wireless network is gathered, more information can be found out through the process of system scanning (enumeration. Attacks on IEEE 802.11 wireless networks Social engineering is a technique by which attackers exploit the natural trust of most people. Radio waves do not respect defined boundaries. If radio waves are broadcasted outside of the boundaries of the defined area, then it is necessary to reduce signal strength on wireless access points. In that way, radio waves travel over shorter distances

  19. Defending networks against denial-of-service attacks

    Science.gov (United States)

    Gelenbe, Erol; Gellman, Michael; Loukas, George

    2004-11-01

    Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.

  20. Subsidence hazards connected to quarrying activities in a karst area: the case of the Moncalvo sinkhole event (Piedmont, NW Italy

    Directory of Open Access Journals (Sweden)

    Bonetto, Sabrina

    2008-09-01

    Full Text Available Gypsum is an important raw material for constructions and other industrial sectors. In Piedmont (NW Italy, main gypsum bodies are located in the Monferrato area, where large open pits and underground quarries are present. The gypsum-bearing formation outcropping in this area shows typical geological, structural, and hydrogeological features, which affect the quarrying and the related interaction with natural phenomena, human activities, and land use. In particular, gypsum karst has considerable influence on mining operations, as well as mining operations can produce strong impact on gypsum karst. In Monferrato, a specific case of interaction between the quarrying activity and geological, hydrogeological, and territorial setting is represented by the event of water inrush that happened in the Moncalvo underground quarry in association with the development of a surface sinkhole phenomenon.

  1. Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

    NARCIS (Netherlands)

    Pieters, Wolter; Davarynejad, Mohsen

    2015-01-01

    Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in

  2. Landslides, floods and sinkholes in a karst environment: the 1-6 September 2014 Gargano event, southern Italy

    Science.gov (United States)

    Martinotti, Maria Elena; Pisano, Luca; Marchesini, Ivan; Rossi, Mauro; Peruccacci, Silvia; Brunetti, Maria Teresa; Melillo, Massimo; Amoruso, Giuseppe; Loiacono, Pierluigi; Vennari, Carmela; Vessia, Giovanna; Trabace, Maria; Parise, Mario; Guzzetti, Fausto

    2017-03-01

    In karst environments, heavy rainfall is known to cause multiple geohydrological hazards, including inundations, flash floods, landslides and sinkholes. We studied a period of intense rainfall from 1 to 6 September 2014 in the Gargano Promontory, a karst area in Puglia, southern Italy. In the period, a sequence of torrential rainfall events caused severe damage and claimed two fatalities. The amount and accuracy of the geographical and temporal information varied for the different hazards. The temporal information was most accurate for the inundation caused by a major river, less accurate for flash floods caused by minor torrents and even less accurate for landslides. For sinkholes, only generic information on the period of occurrence of the failures was available. Our analysis revealed that in the promontory, rainfall-driven hazards occurred in response to extreme meteorological conditions and that the karst landscape responded to the torrential rainfall with a threshold behaviour. We exploited the rainfall and the landslide information to design the new ensemble-non-exceedance probability (E-NEP) algorithm for the quantitative evaluation of the possible occurrence of rainfall-induced landslides and of related geohydrological hazards. The ensemble of the metrics produced by the E-NEP algorithm provided better diagnostics than the single metrics often used for landslide forecasting, including rainfall duration, cumulated rainfall and rainfall intensity. We expect that the E-NEP algorithm will be useful for landslide early warning in karst areas and in other similar environments. We acknowledge that further tests are needed to evaluate the algorithm in different meteorological, geological and physiographical settings.

  3. Whispering through DDoS attack

    OpenAIRE

    Miralem Mehic; Jiri Slachta; Miroslav Voznak

    2016-01-01

    Denial of service (DoS) attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS) attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes o...

  4. Script-viruses Attacks on UNIX OS

    Directory of Open Access Journals (Sweden)

    D. M. Mikhaylov

    2010-06-01

    Full Text Available In this article attacks on UNIX OS are considered. Currently antivirus developers are concentrated on protecting systems from viruses that are most common and attack popular operating systems. If the system or its components are not often attacked then the antivirus products are not protecting these components as it is not profitable. The same situation is with script-viruses for UNIX OS as most experts consider that it is impossible for such viruses to get enough rights to attack. Nevertheless the main conclusion of this article is the fact that such viruses can be very powerful and can attack systems and get enough rights.

  5. Protecting Cryptographic Memory against Tampering Attack

    DEFF Research Database (Denmark)

    Mukherjee, Pratyay

    In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks. In prac......In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks....... In practice such attacks can be executed easily, e.g. by heating the device, as substantiated by numerous works in the past decade. Tampering attacks are a class of such physical attacks where the attacker can change the memory/computation, gains additional (non-black-box) knowledge by interacting...... with the faulty device and then tries to break the security. Prior works show that generically approaching such problem is notoriously difficult. So, in this dissertation we attempt to solve an easier question, known as memory-tampering, where the attacker is allowed tamper only with the memory of the device...

  6. Attack Tree Generation by Policy Invalidation

    DEFF Research Database (Denmark)

    Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

    2015-01-01

    through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based......Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified...... on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps....

  7. NETWORK SECURITY ATTACKS. ARP POISONING CASE STUDY

    Directory of Open Access Journals (Sweden)

    Luminiţa DEFTA

    2010-12-01

    Full Text Available Arp poisoning is one of the most common attacks in a switched network. A switch is a network device that limits the ability of attackers that use a packet sniffer to gain access to information from internal network traffic. However, using ARP poisoning the traffic between two computers can be intercepted even in a network that uses switches. This method is known as man in the middle attack. With this type of attack the affected stations from a network will have invalid entries in the ARP table. Thus, it will contain only the correspondence between the IP addresses of the stations from the same network and a single MAC address (the station that initiated the attack. In this paper we present step by step the initiation of such an attack in a network with three computers. We will intercept the traffic between two stations using the third one (the attacker.

  8. Cache timing attacks on recent microarchitectures

    DEFF Research Database (Denmark)

    Andreou, Alexandres; Bogdanov, Andrey; Tischhauser, Elmar Wolfgang

    2017-01-01

    Cache timing attacks have been known for a long time, however since the rise of cloud computing and shared hardware resources, such attacks found new potentially devastating applications. One prominent example is S$A (presented by Irazoqui et al at S&P 2015) which is a cache timing attack against...... AES or similar algorithms in virtualized environments. This paper applies variants of this cache timing attack to Intel's latest generation of microprocessors. It enables a spy-process to recover cryptographic keys, interacting with the victim processes only over TCP. The threat model is a logically...... separated but CPU co-located attacker with root privileges. We report successful and practically verified applications of this attack against a wide range of microarchitectures, from a two-core Nehalem processor (i5-650) to two-core Haswell (i7-4600M) and four-core Skylake processors (i7-6700). The attack...

  9. Capacity and optimal collusion attack channels for Gaussian fingerprinting games

    Science.gov (United States)

    Wang, Ying; Moulin, Pierre

    2007-02-01

    In content fingerprinting, the same media covertext - image, video, audio, or text - is distributed to many users. A fingerprint, a mark unique to each user, is embedded into each copy of the distributed covertext. In a collusion attack, two or more users may combine their copies in an attempt to "remove" their fingerprints and forge a pirated copy. To trace the forgery back to members of the coalition, we need fingerprinting codes that can reliably identify the fingerprints of those members. Researchers have been focusing on designing or testing fingerprints for Gaussian host signals and the mean square error (MSE) distortion under some classes of collusion attacks, in terms of the detector's error probability in detecting collusion members. For example, under the assumptions of Gaussian fingerprints and Gaussian attacks (the fingerprinted signals are averaged and then the result is passed through a Gaussian test channel), Moulin and Briassouli1 derived optimal strategies in a game-theoretic framework that uses the detector's error probability as the performance measure for a binary decision problem (whether a user participates in the collusion attack or not); Stone2 and Zhao et al. 3 studied average and other non-linear collusion attacks for Gaussian-like fingerprints; Wang et al. 4 stated that the average collusion attack is the most efficient one for orthogonal fingerprints; Kiyavash and Moulin 5 derived a mathematical proof of the optimality of the average collusion attack under some assumptions. In this paper, we also consider Gaussian cover signals, the MSE distortion, and memoryless collusion attacks. We do not make any assumption about the fingerprinting codes used other than an embedding distortion constraint. Also, our only assumptions about the attack channel are an expected distortion constraint, a memoryless constraint, and a fairness constraint. That is, the colluders are allowed to use any arbitrary nonlinear strategy subject to the above

  10. Smart grid data integrity attacks: characterizations and countermeasuresπ

    KAUST Repository

    Giani, Annarita; Bitar, Eilyan; Garcia, Manuel; McQueen, Miles; Khargonekar, Pramod; Poolla, Kameshwar

    2011-01-01

    Coordinated cyberattacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm in the power system state estimation process. These unobservable attacks present a potentially serious threat to grid operations

  11. Smart grid data integrity attacks: characterizations and countermeasuresπ

    KAUST Repository

    Giani, Annarita

    2011-10-01

    Coordinated cyberattacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm in the power system state estimation process. These unobservable attacks present a potentially serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of line power meters is presented. This requires O(n 2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known-secure phasor measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyberattacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyberattacks. © 2011 IEEE.

  12. SQL Injection Attacks and Defense

    CERN Document Server

    Clarke, Justin

    2012-01-01

    SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." -Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Att

  13. Attack-Resistant Trust Metrics

    Science.gov (United States)

    Levien, Raph

    The Internet is an amazingly powerful tool for connecting people together, unmatched in human history. Yet, with that power comes great potential for spam and abuse. Trust metrics are an attempt to compute the set of which people are trustworthy and which are likely attackers. This chapter presents two specific trust metrics developed and deployed on the Advogato Website, which is a community blog for free software developers. This real-world experience demonstrates that the trust metrics fulfilled their goals, but that for good results, it is important to match the assumptions of the abstract trust metric computation to the real-world implementation.

  14. [Comparative analysis of phenomenology of paroxysms of atrial fibrillation and panic attacks].

    Science.gov (United States)

    San'kova, T A; Solov'eva, A D; Nedostup, A V

    2004-01-01

    To study phenomenology of attacks of atrial fibrillation (AF) and to compare it with phenomenology of panic attacks for elucidation of pathogenesis of atrial fibrillation and for elaboration of rational therapeutic intervention including those aimed at correction of psychovegetative abnormalities. Patients with nonrheumatic paroxysmal AF (n=105) and 100 patients with panic attacks (n=100). Clinical, cardiological and neurological examination, analysis of patients complaints during attacks of AF, and comparison them with diagnostic criteria for panic attack. It was found that clinical picture of attacks of AF comprised vegetative, emotional and functional neurological phenomena similar to those characteristic for panic attacks. This similarity as well as positive therapeutic effect of clonazepam allowed to propose a novel pathogenic mechanism of AF attacks. Severity of psychovegetative disorders during paroxysm of AF could be evaluated by calculation of psychovegetative iudex: Psychovegetative index should be used for detection of panic attack-like component in clinical picture of AF paroxysm and thus for determination of indications for inclusion of vegetotropic drugs, e. g. clonazepam, in complex preventive therapy.

  15. Generalised Category Attack—Improving Histogram-Based Attack on JPEG LSB Embedding

    Science.gov (United States)

    Lee, Kwangsoo; Westfeld, Andreas; Lee, Sangjin

    We present a generalised and improved version of the category attack on LSB steganography in JPEG images with straddled embedding path. It detects more reliably low embedding rates and is also less disturbed by double compressed images. The proposed methods are evaluated on several thousand images. The results are compared to both recent blind and specific attacks for JPEG embedding. The proposed attack permits a more reliable detection, although it is based on first order statistics only. Its simple structure makes it very fast.

  16. Migraine attacks the Basal Ganglia

    Directory of Open Access Journals (Sweden)

    Bigal Marcelo

    2011-09-01

    Full Text Available Abstract Background With time, episodes of migraine headache afflict patients with increased frequency, longer duration and more intense pain. While episodic migraine may be defined as 1-14 attacks per month, there are no clear-cut phases defined, and those patients with low frequency may progress to high frequency episodic migraine and the latter may progress into chronic daily headache (> 15 attacks per month. The pathophysiology of this progression is completely unknown. Attempting to unravel this phenomenon, we used high field (human brain imaging to compare functional responses, functional connectivity and brain morphology in patients whose migraine episodes did not progress (LF to a matched (gender, age, age of onset and type of medication group of patients whose migraine episodes progressed (HF. Results In comparison to LF patients, responses to pain in HF patients were significantly lower in the caudate, putamen and pallidum. Paradoxically, associated with these lower responses in HF patients, gray matter volume of the right and left caudate nuclei were significantly larger than in the LF patients. Functional connectivity analysis revealed additional differences between the two groups in regard to response to pain. Conclusions Supported by current understanding of basal ganglia role in pain processing, the findings suggest a significant role of the basal ganglia in the pathophysiology of the episodic migraine.

  17. Anger attacks in obsessive compulsive disorder

    Directory of Open Access Journals (Sweden)

    Nitesh Prakash Painuly

    2011-01-01

    Full Text Available Background: Research on anger attacks has been mostly limited to depression, and only a few studies have focused on anger attacks in obsessive compulsive disorder. Materials and Methods: In a cross-sectional study all new obsessive compulsive disorder patients aged 20-60 years attending an outpatient clinic were assessed using the anger attack questionnaire, irritability, depression and anxiety scale (for the direction of the aggressive behavior and quality of life (QOL. Results: The sample consisted of 42 consecutive subjects with obsessive compulsive disorder, out of which 21 (50% had anger attacks. The obsessive compulsive disorder subjects with and without anger attacks did not show significant differences in terms of sociodemographic variables, duration of illness, treatment, and family history. However, subjects with anger attacks had significantly higher prevalence of panic attacks and comorbid depression. Significantly more subjects with anger attacks exhibited aggressive acts toward spouse, parents, children, and other relatives in the form of yelling and threatening to hurt, trying to hurt, and threatening to leave. However, the two groups did not differ significantly in terms of QOL, except for the psychological domain being worse in the subjects with anger attacks. Conclusion: Anger attacks are present in half of the patients with obsessive compulsive disorder, and they correlate with the presence of comorbid depression.

  18. Quantum hacking: Saturation attack on practical continuous-variable quantum key distribution

    Science.gov (United States)

    Qin, Hao; Kumar, Rupesh; Alléaume, Romain

    2016-07-01

    We identify and study a security loophole in continuous-variable quantum key distribution (CVQKD) implementations, related to the imperfect linearity of the homodyne detector. By exploiting this loophole, we propose an active side-channel attack on the Gaussian-modulated coherent-state CVQKD protocol combining an intercept-resend attack with an induced saturation of the homodyne detection on the receiver side (Bob). We show that an attacker can bias the excess noise estimation by displacing the quadratures of the coherent states received by Bob. We propose a saturation model that matches experimental measurements on the homodyne detection and use this model to study the impact of the saturation attack on parameter estimation in CVQKD. We demonstrate that this attack can bias the excess noise estimation beyond the null key threshold for any system parameter, thus leading to a full security break. If we consider an additional criterion imposing that the channel transmission estimation should not be affected by the attack, then the saturation attack can only be launched if the attenuation on the quantum channel is sufficient, corresponding to attenuations larger than approximately 6 dB. We moreover discuss the possible countermeasures against the saturation attack and propose a countermeasure based on Gaussian postselection that can be implemented by classical postprocessing and may allow one to distill the secret key when the raw measurement data are partly saturated.

  19. The effect of the depth and groundwater on the formation of sinkholes or ground subsidence associated with abandoned room and pillar lignite mines under static and dynamic conditions

    Directory of Open Access Journals (Sweden)

    Ö. Aydan

    2015-11-01

    Full Text Available It is well known that some sinkholes or subsidence take place from time to time in the areas where abandoned room and pillar type mines exist. The author has been involved with the stability of abandoned mines beneath urbanized residential areas in Tokai region and there is a great concern about the stability of these abandoned mines during large earthquakes as well as in the long term. The 2003 Miyagi Hokubu and 2011 Great East Japan earthquakes caused great damage to abandoned mines and resulted in many collapses. The author presents the effect of the depth and groundwater on the formation of sinkholes or ground subsidence associated with abandoned room and pillar lignite mines under static and dynamic conditions and discusses the implications on the areas above abandoned lignite mines in this paper.

  20. Adaptive EWMA Method Based on Abnormal Network Traffic for LDoS Attacks

    Directory of Open Access Journals (Sweden)

    Dan Tang

    2014-01-01

    Full Text Available The low-rate denial of service (LDoS attacks reduce network services capabilities by periodically sending high intensity pulse data flows. For their concealed performance, it is more difficult for traditional DoS detection methods to detect LDoS attacks; at the same time the accuracy of the current detection methods for LDoS attacks is relatively low. As the fact that LDoS attacks led to abnormal distribution of the ACK traffic, LDoS attacks can be detected by analyzing the distribution characteristics of ACK traffic. Then traditional EWMA algorithm which can smooth the accidental error while being the same as the exceptional mutation may cause some misjudgment; therefore a new LDoS detection method based on adaptive EWMA (AEWMA algorithm is proposed. The AEWMA algorithm which uses an adaptive weighting function instead of the constant weighting of EWMA algorithm can smooth the accidental error and retain the exceptional mutation. So AEWMA method is more beneficial than EWMA method for analyzing and measuring the abnormal distribution of ACK traffic. The NS2 simulations show that AEWMA method can detect LDoS attacks effectively and has a low false negative rate and a false positive rate. Based on DARPA99 datasets, experiment results show that AEWMA method is more efficient than EWMA method.