Machine Learning in Intrusion Detection

DTIC Science & Technology

2005-07-01

machine learning tasks. Anomaly detection provides the core technology for a broad spectrum of security-centric applications. In this dissertation, we examine various aspects of anomaly based intrusion detection in computer security. First, we present a new approach to learn program behavior for intrusion detection. Text categorization techniques are adopted to convert each process to a vector and calculate the similarity between two program activities. Then the k-nearest neighbor classifier is employed to classify program behavior as normal or intrusive. We demonstrate

A prototype implementation of a network-level intrusion detection system. Technical report number CS91-11

DOE Office of Scientific and Technical Information (OSTI.GOV)

Heady, R.; Luger, G.F.; Maccabe, A.B.

1991-05-15

This paper presents the implementation of a prototype network level intrusion detection system. The prototype system monitors base level information in network packets (source, destination, packet size, time, and network protocol), learning the normal patterns and announcing anomalies as they occur. The goal of this research is to determine the applicability of current intrusion detection technology to the detection of network level intrusions. In particular, the authors are investigating the possibility of using this technology to detect and react to worm programs.

Evolutionary neural networks for anomaly detection based on the behavior of a program.

PubMed

Han, Sang-Jun; Cho, Sung-Bae

2006-06-01

The process of learning the behavior of a given program by using machine-learning techniques (based on system-call audit data) is effective to detect intrusions. Rule learning, neural networks, statistics, and hidden Markov models (HMMs) are some of the kinds of representative methods for intrusion detection. Among them, neural networks are known for good performance in learning system-call sequences. In order to apply this knowledge to real-world problems successfully, it is important to determine the structures and weights of these call sequences. However, finding the appropriate structures requires very long time periods because there are no suitable analytical solutions. In this paper, a novel intrusion-detection technique based on evolutionary neural networks (ENNs) is proposed. One advantage of using ENNs is that it takes less time to obtain superior neural networks than when using conventional approaches. This is because they discover the structures and weights of the neural networks simultaneously. Experimental results with the 1999 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation (IDEVAL) data confirm that ENNs are promising tools for intrusion detection.

Conditional Variational Autoencoder for Prediction and Feature Recovery Applied to Intrusion Detection in IoT.

PubMed

Lopez-Martin, Manuel; Carro, Belen; Sanchez-Esguevillas, Antonio; Lloret, Jaime

2017-08-26

The purpose of a Network Intrusion Detection System is to detect intrusive, malicious activities or policy violations in a host or host's network. In current networks, such systems are becoming more important as the number and variety of attacks increase along with the volume and sensitiveness of the information exchanged. This is of particular interest to Internet of Things networks, where an intrusion detection system will be critical as its economic importance continues to grow, making it the focus of future intrusion attacks. In this work, we propose a new network intrusion detection method that is appropriate for an Internet of Things network. The proposed method is based on a conditional variational autoencoder with a specific architecture that integrates the intrusion labels inside the decoder layers. The proposed method is less complex than other unsupervised methods based on a variational autoencoder and it provides better classification results than other familiar classifiers. More important, the method can perform feature reconstruction, that is, it is able to recover missing features from incomplete training datasets. We demonstrate that the reconstruction accuracy is very high, even for categorical features with a high number of distinct values. This work is unique in the network intrusion detection field, presenting the first application of a conditional variational autoencoder and providing the first algorithm to perform feature recovery.

Conditional Variational Autoencoder for Prediction and Feature Recovery Applied to Intrusion Detection in IoT

PubMed Central

Carro, Belen; Sanchez-Esguevillas, Antonio

2017-01-01

The purpose of a Network Intrusion Detection System is to detect intrusive, malicious activities or policy violations in a host or host’s network. In current networks, such systems are becoming more important as the number and variety of attacks increase along with the volume and sensitiveness of the information exchanged. This is of particular interest to Internet of Things networks, where an intrusion detection system will be critical as its economic importance continues to grow, making it the focus of future intrusion attacks. In this work, we propose a new network intrusion detection method that is appropriate for an Internet of Things network. The proposed method is based on a conditional variational autoencoder with a specific architecture that integrates the intrusion labels inside the decoder layers. The proposed method is less complex than other unsupervised methods based on a variational autoencoder and it provides better classification results than other familiar classifiers. More important, the method can perform feature reconstruction, that is, it is able to recover missing features from incomplete training datasets. We demonstrate that the reconstruction accuracy is very high, even for categorical features with a high number of distinct values. This work is unique in the network intrusion detection field, presenting the first application of a conditional variational autoencoder and providing the first algorithm to perform feature recovery. PMID:28846608

Analysis of a SCADA System Anomaly Detection Model Based on Information Entropy

DTIC Science & Technology

2014-03-27

20 Intrusion Detection...alarms ( Rem ). ............................................................................................................. 86 Figure 25. TP% for...literature concerning the focus areas of this research. The focus areas include SCADA vulnerabilities, information theory, and intrusion detection

Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM

NASA Astrophysics Data System (ADS)

Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Kwon, Yongjin

Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it is unable to detect unknown attacks, i.e., 0-day attacks, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack by an automated manner. Over the past few years, several studies on solving these problems have been made on anomaly detection using unsupervised learning techniques such as clustering, one-class support vector machine (SVM), etc. Although they enable one to construct intrusion detection models at low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we propose a new anomaly detection method based on clustering and multiple one-class SVM in order to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that our approach outperforms the existing algorithms reported in the literature; especially in detection of unknown attacks.

Performance Analysis of Hierarchical Group Key Management Integrated with Adaptive Intrusion Detection in Mobile ad hoc Networks

DTIC Science & Technology

2016-04-05

applications in wireless networks such as military battlefields, emergency response, mobile commerce , online gaming, and collaborative work are based on the...www.elsevier.com/locate/peva Performance analysis of hierarchical group key management integrated with adaptive intrusion detection in mobile ad hoc...Accepted 19 September 2010 Available online 26 September 2010 Keywords: Mobile ad hoc networks Intrusion detection Group communication systems Group

A Protocol Layer Trust-Based Intrusion Detection Scheme for Wireless Sensor Networks

PubMed Central

Wang, Jian; Jiang, Shuai; Fapojuwo, Abraham O.

2017-01-01

This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks. PMID:28555023

A Protocol Layer Trust-Based Intrusion Detection Scheme for Wireless Sensor Networks.

PubMed

Wang, Jian; Jiang, Shuai; Fapojuwo, Abraham O

2017-05-27

This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks.

State of the Practice of Intrusion Detection Technologies

DTIC Science & Technology

2000-01-01

security incident response teams ) - the role of IDS in threat management, such as defining alarm severity, monitoring, alerting, and policy-based...attacks in an effort to sneak under the radar of security specialists and intrusion detection software, a U.S. Navy network security team said today...to get the smoking gun," said Stephen Northcutt, head of the Shadow intrusion detection team at the Naval Surface Warfare Center. "To know what’s

Experiments on Adaptive Techniques for Host-Based Intrusion Detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

DRAELOS, TIMOTHY J.; COLLINS, MICHAEL J.; DUGGAN, DAVID P.

2001-09-01

This research explores four experiments of adaptive host-based intrusion detection (ID) techniques in an attempt to develop systems that can detect novel exploits. The technique considered to have the most potential is adaptive critic designs (ACDs) because of their utilization of reinforcement learning, which allows learning exploits that are difficult to pinpoint in sensor data. Preliminary results of ID using an ACD, an Elman recurrent neural network, and a statistical anomaly detection technique demonstrate an ability to learn to distinguish between clean and exploit data. We used the Solaris Basic Security Module (BSM) as a data source and performed considerablemore » preprocessing on the raw data. A detection approach called generalized signature-based ID is recommended as a middle ground between signature-based ID, which has an inability to detect novel exploits, and anomaly detection, which detects too many events including events that are not exploits. The primary results of the ID experiments demonstrate the use of custom data for generalized signature-based intrusion detection and the ability of neural network-based systems to learn in this application environment.« less

Evidential reasoning research on intrusion detection

NASA Astrophysics Data System (ADS)

Wang, Xianpei; Xu, Hua; Zheng, Sheng; Cheng, Anyu

2003-09-01

In this paper, we mainly aim at D-S theory of evidence and the network intrusion detection these two fields. It discusses the method how to apply this probable reasoning as an AI technology to the Intrusion Detection System (IDS). This paper establishes the application model, describes the new mechanism of reasoning and decision-making and analyses how to implement the model based on the synscan activities detection on the network. The results suggest that if only rational probability values were assigned at the beginning, the engine can, according to the rules of evidence combination and hierarchical reasoning, compute the values of belief and finally inform the administrators of the qualities of the traced activities -- intrusions, normal activities or abnormal activities.

Protecting against cyber threats in networked information systems

NASA Astrophysics Data System (ADS)

Ertoz, Levent; Lazarevic, Aleksandar; Eilertson, Eric; Tan, Pang-Ning; Dokas, Paul; Kumar, Vipin; Srivastava, Jaideep

2003-07-01

This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.

AdaBoost-based algorithm for network intrusion detection.

PubMed

Hu, Weiming; Hu, Wei; Maybank, Steve

2008-04-01

Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.

On Modeling of Adversary Behavior and Defense for Survivability of Military MANET Applications

DTIC Science & Technology

2015-01-01

anomaly detection technique. b) A system-level majority-voting based intrusion detection system with m being the number of verifiers used to perform...pp. 1254 - 1263. [5] R. Mitchell, and I.R. Chen, “Adaptive Intrusion Detection for Unmanned Aircraft Systems based on Behavior Rule Specification...and adaptively trigger the best attack strategies while avoiding detection and eviction. The second step is to model defense behavior of defenders

Confabulation Based Real-time Anomaly Detection for Wide-area Surveillance Using Heterogeneous High Performance Computing Architecture

DTIC Science & Technology

2015-06-01

system accuracy. The AnRAD system was also generalized for the additional application of network intrusion detection . A self-structuring technique...to Host- based Intrusion Detection Systems using Contiguous and Discontiguous System Call Patterns,” IEEE Transactions on Computer, 63(4), pp. 807...square kilometer areas. The anomaly recognition and detection (AnRAD) system was built as a cogent confabulation network . It represented road

Virtual-Lattice Based Intrusion Detection Algorithm over Actuator-Assisted Underwater Wireless Sensor Networks

PubMed Central

Yan, Jing; Li, Xiaolei; Luo, Xiaoyuan; Guan, Xinping

2017-01-01

Due to the lack of a physical line of defense, intrusion detection becomes one of the key issues in applications of underwater wireless sensor networks (UWSNs), especially when the confidentiality has prime importance. However, the resource-constrained property of UWSNs such as sparse deployment and energy constraint makes intrusion detection a challenging issue. This paper considers a virtual-lattice-based approach to the intrusion detection problem in UWSNs. Different from most existing works, the UWSNs consist of two kinds of nodes, i.e., sensor nodes (SNs), which cannot move autonomously, and actuator nodes (ANs), which can move autonomously according to the performance requirement. With the cooperation of SNs and ANs, the intruder detection probability is defined. Then, a virtual lattice-based monitor (VLM) algorithm is proposed to detect the intruder. In order to reduce the redundancy of communication links and improve detection probability, an optimal and coordinative lattice-based monitor patrolling (OCLMP) algorithm is further provided for UWSNs, wherein an equal price search strategy is given for ANs to find the shortest patrolling path. Under VLM and OCLMP algorithms, the detection probabilities are calculated, while the topology connectivity can be guaranteed. Finally, simulation results are presented to show that the proposed method in this paper can improve the detection accuracy and save the energy consumption compared with the conventional methods. PMID:28531127

Research on intrusion detection based on Kohonen network and support vector machine

NASA Astrophysics Data System (ADS)

Shuai, Chunyan; Yang, Hengcheng; Gong, Zeweiyi

2018-05-01

In view of the problem of low detection accuracy and the long detection time of support vector machine, which directly applied to the network intrusion detection system. Optimization of SVM parameters can greatly improve the detection accuracy, but it can not be applied to high-speed network because of the long detection time. a method based on Kohonen neural network feature selection is proposed to reduce the optimization time of support vector machine parameters. Firstly, this paper is to calculate the weights of the KDD99 network intrusion data by Kohonen network and select feature by weight. Then, after the feature selection is completed, genetic algorithm (GA) and grid search method are used for parameter optimization to find the appropriate parameters and classify them by support vector machines. By comparing experiments, it is concluded that feature selection can reduce the time of parameter optimization, which has little influence on the accuracy of classification. The experiments suggest that the support vector machine can be used in the network intrusion detection system and reduce the missing rate.

An Integrated Intrusion Detection Model of Cluster-Based Wireless Sensor Network

PubMed Central

Sun, Xuemei; Yan, Bo; Zhang, Xinzhong; Rong, Chuitian

2015-01-01

Considering wireless sensor network characteristics, this paper combines anomaly and mis-use detection and proposes an integrated detection model of cluster-based wireless sensor network, aiming at enhancing detection rate and reducing false rate. Adaboost algorithm with hierarchical structures is used for anomaly detection of sensor nodes, cluster-head nodes and Sink nodes. Cultural-Algorithm and Artificial-Fish–Swarm-Algorithm optimized Back Propagation is applied to mis-use detection of Sink node. Plenty of simulation demonstrates that this integrated model has a strong performance of intrusion detection. PMID:26447696

An Integrated Intrusion Detection Model of Cluster-Based Wireless Sensor Network.

PubMed

Sun, Xuemei; Yan, Bo; Zhang, Xinzhong; Rong, Chuitian

2015-01-01

Considering wireless sensor network characteristics, this paper combines anomaly and mis-use detection and proposes an integrated detection model of cluster-based wireless sensor network, aiming at enhancing detection rate and reducing false rate. Adaboost algorithm with hierarchical structures is used for anomaly detection of sensor nodes, cluster-head nodes and Sink nodes. Cultural-Algorithm and Artificial-Fish-Swarm-Algorithm optimized Back Propagation is applied to mis-use detection of Sink node. Plenty of simulation demonstrates that this integrated model has a strong performance of intrusion detection.

A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks

PubMed Central

Ma, Tao; Wang, Fen; Cheng, Jianjun; Yu, Yang; Chen, Xiaoyun

2016-01-01

The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks. PMID:27754380

A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks.

PubMed

Ma, Tao; Wang, Fen; Cheng, Jianjun; Yu, Yang; Chen, Xiaoyun

2016-10-13

The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

Research on artificial neural network intrusion detection photochemistry based on the improved wavelet analysis and transformation

NASA Astrophysics Data System (ADS)

Li, Hong; Ding, Xue

2017-03-01

This paper combines wavelet analysis and wavelet transform theory with artificial neural network, through the pretreatment on point feature attributes before in intrusion detection, to make them suitable for improvement of wavelet neural network. The whole intrusion classification model gets the better adaptability, self-learning ability, greatly enhances the wavelet neural network for solving the problem of field detection invasion, reduces storage space, contributes to improve the performance of the constructed neural network, and reduces the training time. Finally the results of the KDDCup99 data set simulation experiment shows that, this method reduces the complexity of constructing wavelet neural network, but also ensures the accuracy of the intrusion classification.

A Distributed Signature Detection Method for Detecting Intrusions in Sensor Systems

PubMed Central

Kim, Ilkyu; Oh, Doohwan; Yoon, Myung Kuk; Yi, Kyueun; Ro, Won Woo

2013-01-01

Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu–Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors. PMID:23529146

A distributed signature detection method for detecting intrusions in sensor systems.

PubMed

Kim, Ilkyu; Oh, Doohwan; Yoon, Myung Kuk; Yi, Kyueun; Ro, Won Woo

2013-03-25

Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

An automatically tuning intrusion detection system.

PubMed

Yu, Zhenwei; Tsai, Jeffrey J P; Weigert, Thomas

2007-04-01

An intrusion detection system (IDS) is a security layer used to detect ongoing intrusive activities in information systems. Traditionally, intrusion detection relies on extensive knowledge of security experts, in particular, on their familiarity with the computer system to be protected. To reduce this dependence, various data-mining and machine learning techniques have been deployed for intrusion detection. An IDS is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current systems depends on the system operators in working out the tuning solution and in integrating it into the detection model. In this paper, an automatically tuning IDS (ATIDS) is presented. The proposed system will automatically tune the detection model on-the-fly according to the feedback provided by the system operator when false predictions are encountered. The system is evaluated using the KDDCup'99 intrusion detection dataset. Experimental results show that the system achieves up to 35% improvement in terms of misclassification cost when compared with a system lacking the tuning feature. If only 10% false predictions are used to tune the model, the system still achieves about 30% improvement. Moreover, when tuning is not delayed too long, the system can achieve about 20% improvement, with only 1.3% of the false predictions used to tune the model. The results of the experiments show that a practical system can be built based on ATIDS: system operators can focus on verification of predictions with low confidence, as only those predictions determined to be false will be used to tune the detection model.

Non-intrusive methods of characterizing vehicles on the highway.

DOT National Transportation Integrated Search

2003-06-01

Over the past year we have worked on the development of a real-time laser-based non-intrusive field-deployable detection system for delineation of moving vehicles. The primary goal of the project is to develop a roadway detection system that can be u...

Network intrusion detection by the coevolutionary immune algorithm of artificial immune systems with clonal selection

NASA Astrophysics Data System (ADS)

Salamatova, T.; Zhukov, V.

2017-02-01

The paper presents the application of the artificial immune systems apparatus as a heuristic method of network intrusion detection for algorithmic provision of intrusion detection systems. The coevolutionary immune algorithm of artificial immune systems with clonal selection was elaborated. In testing different datasets the empirical results of evaluation of the algorithm effectiveness were achieved. To identify the degree of efficiency the algorithm was compared with analogs. The fundamental rules based of solutions generated by this algorithm are described in the article.

Neural Network Based Intrusion Detection System for Critical Infrastructures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Todd Vollmer; Ondrej Linda; Milos Manic

2009-07-01

Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recordedmore » from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.« less

Use of behavioral biometrics in intrusion detection and online gaming

NASA Astrophysics Data System (ADS)

Yampolskiy, Roman V.; Govindaraju, Venu

2006-04-01

Behavior based intrusion detection is a frequently used approach for insuring network security. We expend behavior based intrusion detection approach to a new domain of game networks. Specifically, our research shows that a unique behavioral biometric can be generated based on the strategy used by an individual to play a game. We wrote software capable of automatically extracting behavioral profiles for each player in a game of Poker. Once a behavioral signature is generated for a player, it is continuously compared against player's current actions. Any significant deviations in behavior are reported to the game server administrator as potential security breaches. Our algorithm addresses a well-known problem of user verification and can be re-applied to the fields beyond game networks, such as operating systems and non-game networks security.

Integrity Verification for SCADA Devices Using Bloom Filters and Deep Packet Inspection

DTIC Science & Technology

2014-03-27

prevent intrusions in smart grids [PK12]. Parthasarathy proposed an anomaly detection based IDS that takes into account system state. In his implementation...Security, 25(7):498–506, 10 2006. [LMV12] O. Linda, M. Manic, and T. Vollmer. Improving cyber-security of smart grid systems via anomaly detection and...6 2012. 114 [PK12] S. Parthasarathy and D. Kundur. Bloom filter based intrusion detection for smart grid SCADA. In Electrical & Computer Engineering

Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection.

PubMed

Al-Jarrah, Omar Y; Alhussein, Omar; Yoo, Paul D; Muhaidat, Sami; Taha, Kamal; Kim, Kwangjo

2016-08-01

Botnets, which consist of remotely controlled compromised machines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient countermeasure against botnets. It continually monitors and analyzes network traffic for potential vulnerabilities and possible existence of active attacks. A payload-inspection-based IDS (PI-IDS) identifies active intrusion attempts by inspecting transmission control protocol and user datagram protocol packet's payload and comparing it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated by packet encryption. Traffic-based IDS (T-IDS) alleviates the shortcomings of PI-IDS, as it does not inspect packet payload; however, it analyzes packet header to identify intrusions. As the network's traffic grows rapidly, not only the detection-rate is critical, but also the efficiency and the scalability of IDS become more significant. In this paper, we propose a state-of-the-art T-IDS built on a novel randomized data partitioned learning model (RDPLM), relying on a compact network feature set and feature selection techniques, simplified subspacing and a multiple randomized meta-learning technique. The proposed model has achieved 99.984% accuracy and 21.38 s training time on a well-known benchmark botnet dataset. Experiment results demonstrate that the proposed methodology outperforms other well-known machine-learning models used in the same detection task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, and randomTree.

A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification

NASA Astrophysics Data System (ADS)

Shyu, Mei-Ling; Sainani, Varsha

The increasing number of network security related incidents have made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). IDSs are expected to analyze a large volume of data while not placing a significantly added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel data mining assisted multiagent-based intrusion detection system (DMAS-IDS) is proposed, particularly with the support of multiclass supervised classification. These agents can detect and take predefined actions against malicious activities, and data mining techniques can help detect them. Our proposed DMAS-IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDS with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on multiagent platform along with a supervised classification technique.

A two-stage flow-based intrusion detection model for next-generation networks.

PubMed

Umer, Muhammad Fahad; Sher, Muhammad; Bi, Yaxin

2018-01-01

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.

A two-stage flow-based intrusion detection model for next-generation networks

PubMed Central

2018-01-01

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results. PMID:29329294

A Protocol Specification-Based Intrusion Detection System for VoIP and Its Evaluation

NASA Astrophysics Data System (ADS)

Phit, Thyda; Abe, Kôki

We propose an architecture of Intrusion Detection System (IDS) for VoIP using a protocol specification-based detection method to monitor the network traffics and alert administrator for further analysis of and response to suspicious activities. The protocol behaviors and their interactions are described by state machines. Traffic that behaves differently from the standard specifications are considered to be suspicious. The IDS has been implemented and simulated using OPNET Modeler, and verified to detect attacks. It was found that our system can detect typical attacks within a reasonable amount of delay time.

Using Unix system auditing for detecting network intrusions

DOE Office of Scientific and Technical Information (OSTI.GOV)

Christensen, M.J.

1993-03-01

Intrusion Detection Systems (IDSs) are designed to detect actions of individuals who use computer resources without authorization as well as legitimate users who exceed their privileges. This paper describes a novel approach to IDS research, namely a decision aiding approach to intrusion detection. The introduction of a decision tree represents the logical steps necessary to distinguish and identify different types of attacks. This tool, the Intrusion Decision Aiding Tool (IDAT), utilizes IDS-based attack models and standard Unix audit data. Since attacks have certain characteristics and are based on already developed signature attack models, experienced and knowledgeable Unix system administrators knowmore » what to look for in system audit logs to determine if a system has been attacked. Others, however, are usually less able to recognize common signatures of unauthorized access. Users can traverse the tree using available audit data displayed by IDAT and general knowledge they possess to reach a conclusion regarding suspicious activity. IDAT is an easy-to-use window based application that gathers, analyzes, and displays pertinent system data according to Unix attack characteristics. IDAT offers a more practical approach and allows the user to make an informed decision regarding suspicious activity.« less

Design of an Evolutionary Approach for Intrusion Detection

PubMed Central

2013-01-01

A novel evolutionary approach is proposed for effective intrusion detection based on benchmark datasets. The proposed approach can generate a pool of noninferior individual solutions and ensemble solutions thereof. The generated ensembles can be used to detect the intrusions accurately. For intrusion detection problem, the proposed approach could consider conflicting objectives simultaneously like detection rate of each attack class, error rate, accuracy, diversity, and so forth. The proposed approach can generate a pool of noninferior solutions and ensembles thereof having optimized trade-offs values of multiple conflicting objectives. In this paper, a three-phase, approach is proposed to generate solutions to a simple chromosome design in the first phase. In the first phase, a Pareto front of noninferior individual solutions is approximated. In the second phase of the proposed approach, the entire solution set is further refined to determine effective ensemble solutions considering solution interaction. In this phase, another improved Pareto front of ensemble solutions over that of individual solutions is approximated. The ensemble solutions in improved Pareto front reported improved detection results based on benchmark datasets for intrusion detection. In the third phase, a combination method like majority voting method is used to fuse the predictions of individual solutions for determining prediction of ensemble solution. Benchmark datasets, namely, KDD cup 1999 and ISCX 2012 dataset, are used to demonstrate and validate the performance of the proposed approach for intrusion detection. The proposed approach can discover individual solutions and ensemble solutions thereof with a good support and a detection rate from benchmark datasets (in comparison with well-known ensemble methods like bagging and boosting). In addition, the proposed approach is a generalized classification approach that is applicable to the problem of any field having multiple conflicting objectives, and a dataset can be represented in the form of labelled instances in terms of its features. PMID:24376390

Anomaly-based intrusion detection for SCADA systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, D.; Usynin, A.; Hines, J. W.

2006-07-01

Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA. These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number of internet related computer attacks, there is evidence that our critical infrastructure may also be vulnerable. Researchers estimate that malicious online actions may cause $75 billion at 2007. One of the interesting countermeasures for enhancing information system security is called intrusion detection. This paper willmore » briefly discuss the history of research in intrusion detection techniques and introduce the two basic detection approaches: signature detection and anomaly detection. Finally, it presents the application of techniques developed for monitoring critical process systems, such as nuclear power plants, to anomaly intrusion detection. The method uses an auto-associative kernel regression (AAKR) model coupled with the statistical probability ratio test (SPRT) and applied to a simulated SCADA system. The results show that these methods can be generally used to detect a variety of common attacks. (authors)« less

Smart container UWB sensor system for situational awareness of intrusion alarms

DOE Office of Scientific and Technical Information (OSTI.GOV)

Romero, Carlos E.; Haugen, Peter C.; Zumstein, James M.

An in-container monitoring sensor system is based on an UWB radar intrusion detector positioned in a container and having a range gate set to the farthest wall of the container from the detector. Multipath reflections within the container make every point on or in the container appear to be at the range gate, allowing intrusion detection anywhere in the container. The system also includes other sensors to provide false alarm discrimination, and may include other sensors to monitor other parameters, e.g. radiation. The sensor system also includes a control subsystem for controlling system operation. Communications and information extraction capability maymore » also be included. A method of detecting intrusion into a container uses UWB radar, and may also include false alarm discrimination. A secure container has an UWB based monitoring system« less

A Metrics-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems

DTIC Science & Technology

2002-04-01

Based Approach to Intrusion Detection System Evaluation for Distributed Real - Time Systems Authors: G. A. Fink, B. L. Chappell, T. G. Turner, and...Distributed, Security. 1 Introduction Processing and cost requirements are driving future naval combat platforms to use distributed, real - time systems of...distributed, real - time systems . As these systems grow more complex, the timing requirements do not diminish; indeed, they may become more constrained

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

PubMed

N Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

2016-01-01

Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

Network Anomaly Detection Based on Wavelet Analysis

NASA Astrophysics Data System (ADS)

Lu, Wei; Ghorbani, Ali A.

2008-12-01

Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.

Detection of network attacks based on adaptive resonance theory

NASA Astrophysics Data System (ADS)

Bukhanov, D. G.; Polyakov, V. M.

2018-05-01

The paper considers an approach to intrusion detection systems using a neural network of adaptive resonant theory. It suggests the structure of an intrusion detection system consisting of two types of program modules. The first module manages connections of user applications by preventing the undesirable ones. The second analyzes the incoming network traffic parameters to check potential network attacks. After attack detection, it notifies the required stations using a secure transmission channel. The paper describes the experiment on the detection and recognition of network attacks using the test selection. It also compares the obtained results with similar experiments carried out by other authors. It gives findings and conclusions on the sufficiency of the proposed approach. The obtained information confirms the sufficiency of applying the neural networks of adaptive resonant theory to analyze network traffic within the intrusion detection system.

A Hypergraph and Arithmetic Residue-based Probabilistic Neural Network for classification in Intrusion Detection Systems.

PubMed

Raman, M R Gauthama; Somu, Nivethitha; Kirthivasan, Kannan; Sriram, V S Shankar

2017-08-01

Over the past few decades, the design of an intelligent Intrusion Detection System (IDS) remains an open challenge to the research community. Continuous efforts by the researchers have resulted in the development of several learning models based on Artificial Neural Network (ANN) to improve the performance of the IDSs. However, there exists a tradeoff with respect to the stability of ANN architecture and the detection rate for less frequent attacks. This paper presents a novel approach based on Helly property of Hypergraph and Arithmetic Residue-based Probabilistic Neural Network (HG AR-PNN) to address the classification problem in IDS. The Helly property of Hypergraph was exploited for the identification of the optimal feature subset and the arithmetic residue of the optimal feature subset was used to train the PNN. The performance of HG AR-PNN was evaluated using KDD CUP 1999 intrusion dataset. Experimental results prove the dominance of HG AR-PNN classifier over the existing classifiers with respect to the stability and improved detection rate for less frequent attacks. Copyright © 2017 Elsevier Ltd. All rights reserved.

Intelligent detection and identification in fiber-optical perimeter intrusion monitoring system based on the FBG sensor network

NASA Astrophysics Data System (ADS)

Wu, Huijuan; Qian, Ya; Zhang, Wei; Li, Hanyu; Xie, Xin

2015-12-01

A real-time intelligent fiber-optic perimeter intrusion detection system (PIDS) based on the fiber Bragg grating (FBG) sensor network is presented in this paper. To distinguish the effects of different intrusion events, a novel real-time behavior impact classification method is proposed based on the essential statistical characteristics of signal's profile in the time domain. The features are extracted by the principal component analysis (PCA), which are then used to identify the event with a K-nearest neighbor classifier. Simulation and field tests are both carried out to validate its effectiveness. The average identification rate (IR) for five sample signals in the simulation test is as high as 96.67%, and the recognition rate for eight typical signals in the field test can also be achieved up to 96.52%, which includes both the fence-mounted and the ground-buried sensing signals. Besides, critically high detection rate (DR) and low false alarm rate (FAR) can be simultaneously obtained based on the autocorrelation characteristics analysis and a hierarchical detection and identification flow.

A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

DTIC Science & Technology

1999-06-01

administrator whenever a system binary file (such as the ps, login , or ls program) is modified. Normal users have no legitimate reason to alter these files...development of EMERALD [46], which combines statistical anomaly detection from NIDES with signature verification. Specification-based intrusion detection...the creation of a single host that can act as many hosts. Daemons that provide network services—including telnetd, ftpd, and login — display banners

Attacks and Countermeasures in Communications and Power Networks

DTIC Science & Technology

2014-01-01

the victim. This strategy is often used to confuse the intrusion detection system about the adversary’s location. If the adversary compromises a pair...1.2 Detection of Information Flows Detection of information flows between a pair of nodes has been studied in the context of network intrusion ...Theo- rem 3.3.4 were derived purely based on the condition for undetectability. Hence, the same optimality statements hold for the noisy measurement

Neural methods based on modified reputation rules for detection and identification of intrusion attacks in wireless ad hoc sensor networks

NASA Astrophysics Data System (ADS)

Hortos, William S.

2010-04-01

Determining methods to secure the process of data fusion against attacks by compromised nodes in wireless sensor networks (WSNs) and to quantify the uncertainty that may exist in the aggregation results is a critical issue in mitigating the effects of intrusion attacks. Published research has introduced the concept of the trustworthiness (reputation) of a single sensor node. Reputation is evaluated using an information-theoretic concept, the Kullback- Leibler (KL) distance. Reputation is added to the set of security features. In data aggregation, an opinion, a metric of the degree of belief, is generated to represent the uncertainty in the aggregation result. As aggregate information is disseminated along routes to the sink node(s), its corresponding opinion is propagated and regulated by Josang's belief model. By applying subjective logic on the opinion to manage trust propagation, the uncertainty inherent in aggregation results can be quantified for use in decision making. The concepts of reputation and opinion are modified to allow their application to a class of dynamic WSNs. Using reputation as a factor in determining interim aggregate information is equivalent to implementation of a reputation-based security filter at each processing stage of data fusion, thereby improving the intrusion detection and identification results based on unsupervised techniques. In particular, the reputation-based version of the probabilistic neural network (PNN) learns the signature of normal network traffic with the random probability weights normally used in the PNN replaced by the trust-based quantified reputations of sensor data or subsequent aggregation results generated by the sequential implementation of a version of Josang's belief model. A two-stage, intrusion detection and identification algorithm is implemented to overcome the problems of large sensor data loads and resource restrictions in WSNs. Performance of the twostage algorithm is assessed in simulations of WSN scenarios with multiple sensors at edge nodes for known intrusion attacks. Simulation results show improved robustness of the two-stage design based on reputation-based NNs to intrusion anomalies from compromised nodes and external intrusion attacks.

Alerts Visualization and Clustering in Network-based Intrusion Detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, Dr. Li; Gasior, Wade C; Dasireddy, Swetha

2010-04-01

Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes it less effective. We propose a system which takes both raw data and Snort alerts to visualize and analyze possible intrusions in a network. Then we present with two models for the visualization of clustered alerts. Our first model gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. In the second model, flocking model, presents the network administratormore » with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.« less

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET

PubMed Central

N. Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

2016-01-01

Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks. PMID:27285146

Detection and response to unauthorized access to a communication device

DOEpatents

Smith, Rhett; Gordon, Colin

2015-09-08

A communication gateway consistent with the present disclosure may detect unauthorized physical or electronic access and implement security actions in response thereto. A communication gateway may provide a communication path to an intelligent electronic device (IED) using an IED communications port configured to communicate with the IED. The communication gateway may include a physical intrusion detection port and a network port. The communication gateway may further include control logic configured to evaluate physical intrusion detection signal. The control logic may be configured to determine that the physical intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication gateway, the IED, and a device in communication with the gateway; and take a security action based upon the determination that the indication is indicative of the attempt to gain unauthorized access.

Independent component analysis (ICA) and self-organizing map (SOM) approach to multidetection system for network intruders

NASA Astrophysics Data System (ADS)

Abdi, Abdi M.; Szu, Harold H.

2003-04-01

With the growing rate of interconnection among computer systems, network security is becoming a real challenge. Intrusion Detection System (IDS) is designed to protect the availability, confidentiality and integrity of critical network information systems. Today"s approach to network intrusion detection involves the use of rule-based expert systems to identify an indication of known attack or anomalies. However, these techniques are less successful in identifying today"s attacks. Hackers are perpetually inventing new and previously unanticipated techniques to compromise information infrastructure. This paper proposes a dynamic way of detecting network intruders on time serious data. The proposed approach consists of a two-step process. Firstly, obtaining an efficient multi-user detection method, employing the recently introduced complexity minimization approach as a generalization of a standard ICA. Secondly, we identified unsupervised learning neural network architecture based on Kohonen"s Self-Organizing Map for potential functional clustering. These two steps working together adaptively will provide a pseudo-real time novelty detection attribute to supplement the current intrusion detection statistical methodology.

An exact computational method for performance analysis of sequential test algorithms for detecting network intrusions

NASA Astrophysics Data System (ADS)

Chen, Xinjia; Lacy, Fred; Carriere, Patrick

2015-05-01

Sequential test algorithms are playing increasingly important roles for quick detecting network intrusions such as portscanners. In view of the fact that such algorithms are usually analyzed based on intuitive approximation or asymptotic analysis, we develop an exact computational method for the performance analysis of such algorithms. Our method can be used to calculate the probability of false alarm and average detection time up to arbitrarily pre-specified accuracy.

Intrusion detection using rough set classification.

PubMed

Zhang, Lian-hua; Zhang, Guan-hua; Zhang, Jie; Bai, Ying-cai

2004-09-01

Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of "IF-THEN" rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).

Neural Detection of Malicious Network Activities Using a New Direct Parsing and Feature Extraction Technique

DTIC Science & Technology

2015-09-01

intrusion detection systems , neural networks 15. NUMBER OF PAGES 75 16. PRICE CODE 17. SECURITY CLASSIFICATION OF... detection system (IDS) software, which learns to detect and classify network attacks and intrusions through prior training data. With the added criteria of...BACKGROUND The growing threat of malicious network activities and intrusion attempts makes intrusion detection systems (IDS) a

Intrusion Detection in Control Systems using Sequence Characteristics

NASA Astrophysics Data System (ADS)

Kiuchi, Mai; Onoda, Takashi

Intrusion detection is considered effective in control systems. Sequences of the control application behavior observed in the communication, such as the order of the control device to be controlled, are important in control systems. However, most intrusion detection systems do not effectively reflect sequences in the application layer into the detection rules. In our previous work, we considered utilizing sequences for intrusion detection in control systems, and demonstrated the usefulness of sequences for intrusion detection. However, manually writing the detection rules for a large system can be difficult, so using machine learning methods becomes feasible. Also, in the case of control systems, there have been very few observed cyber attacks, so we have very little knowledge of the attack data that should be used to train the intrusion detection system. In this paper, we use an approach that combines CRF (Conditional Random Field) considering the sequence of the system, thus able to reflect the characteristics of control system sequences into the intrusion detection system, and also does not need the knowledge of attack data to construct the detection rules.

Evolving optimised decision rules for intrusion detection using particle swarm paradigm

NASA Astrophysics Data System (ADS)

Sivatha Sindhu, Siva S.; Geetha, S.; Kannan, A.

2012-12-01

The aim of this article is to construct a practical intrusion detection system (IDS) that properly analyses the statistics of network traffic pattern and classify them as normal or anomalous class. The objective of this article is to prove that the choice of effective network traffic features and a proficient machine-learning paradigm enhances the detection accuracy of IDS. In this article, a rule-based approach with a family of six decision tree classifiers, namely Decision Stump, C4.5, Naive Baye's Tree, Random Forest, Random Tree and Representative Tree model to perform the detection of anomalous network pattern is introduced. In particular, the proposed swarm optimisation-based approach selects instances that compose training set and optimised decision tree operate over this trained set producing classification rules with improved coverage, classification capability and generalisation ability. Experiment with the Knowledge Discovery and Data mining (KDD) data set which have information on traffic pattern, during normal and intrusive behaviour shows that the proposed algorithm produces optimised decision rules and outperforms other machine-learning algorithm.

Embedded security system for multi-modal surveillance in a railway carriage

NASA Astrophysics Data System (ADS)

Zouaoui, Rhalem; Audigier, Romaric; Ambellouis, Sébastien; Capman, François; Benhadda, Hamid; Joudrier, Stéphanie; Sodoyer, David; Lamarque, Thierry

2015-10-01

Public transport security is one of the main priorities of the public authorities when fighting against crime and terrorism. In this context, there is a great demand for autonomous systems able to detect abnormal events such as violent acts aboard passenger cars and intrusions when the train is parked at the depot. To this end, we present an innovative approach which aims at providing efficient automatic event detection by fusing video and audio analytics and reducing the false alarm rate compared to classical stand-alone video detection. The multi-modal system is composed of two microphones and one camera and integrates onboard video and audio analytics and fusion capabilities. On the one hand, for detecting intrusion, the system relies on the fusion of "unusual" audio events detection with intrusion detections from video processing. The audio analysis consists in modeling the normal ambience and detecting deviation from the trained models during testing. This unsupervised approach is based on clustering of automatically extracted segments of acoustic features and statistical Gaussian Mixture Model (GMM) modeling of each cluster. The intrusion detection is based on the three-dimensional (3D) detection and tracking of individuals in the videos. On the other hand, for violent events detection, the system fuses unsupervised and supervised audio algorithms with video event detection. The supervised audio technique detects specific events such as shouts. A GMM is used to catch the formant structure of a shout signal. Video analytics use an original approach for detecting aggressive motion by focusing on erratic motion patterns specific to violent events. As data with violent events is not easily available, a normality model with structured motions from non-violent videos is learned for one-class classification. A fusion algorithm based on Dempster-Shafer's theory analyses the asynchronous detection outputs and computes the degree of belief of each probable event.

A Learning System for Discriminating Variants of Malicious Network Traffic

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beaver, Justin M; Symons, Christopher T; Gillen, Rob

Modern computer network defense systems rely primarily on signature-based intrusion detection tools, which generate alerts when patterns that are pre-determined to be malicious are encountered in network data streams. Signatures are created reactively, and only after in-depth manual analysis of a network intrusion. There is little ability for signature-based detectors to identify intrusions that are new or even variants of an existing attack, and little ability to adapt the detectors to the patterns unique to a network environment. Due to these limitations, the need exists for network intrusion detection techniques that can more comprehensively address both known unknown networkbased attacksmore » and can be optimized for the target environment. This work describes a system that leverages machine learning to provide a network intrusion detection capability that analyzes behaviors in channels of communication between individual computers. Using examples of malicious and non-malicious traffic in the target environment, the system can be trained to discriminate between traffic types. The machine learning provides insight that would be difficult for a human to explicitly code as a signature because it evaluates many interdependent metrics simultaneously. With this approach, zero day detection is possible by focusing on similarity to known traffic types rather than mining for specific bit patterns or conditions. This also reduces the burden on organizations to account for all possible attack variant combinations through signatures. The approach is presented along with results from a third-party evaluation of its performance.« less

State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept

NASA Astrophysics Data System (ADS)

Carcano, Andrea; Fovino, Igor Nai; Masera, Marcelo; Trombetta, Alberto

We present a novel Intrusion Detection System able to detect complex attacks to SCADA systems. By complex attack, we mean a set of commands (carried in Modbus packets) that, while licit when considered in isolation on a single-packet basis, interfere with the correct behavior of the system. The proposed IDS detects such attacks thanks to an internal representation of the controlled SCADA system and a corresponding rule language, powerful enough to express the system's critical states. Furthermore, we detail the implementation and provide experimental comparative results.

Application of a Hidden Bayes Naive Multiclass Classifier in Network Intrusion Detection

ERIC Educational Resources Information Center

Koc, Levent

2013-01-01

With increasing Internet connectivity and traffic volume, recent intrusion incidents have reemphasized the importance of network intrusion detection systems for combating increasingly sophisticated network attacks. Techniques such as pattern recognition and the data mining of network events are often used by intrusion detection systems to classify…

A Dynamic Intrusion Detection System Based on Multivariate Hotelling's T2 Statistics Approach for Network Environments

PubMed Central

Avalappampatty Sivasamy, Aneetha; Sundan, Bose

2015-01-01

The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer. Providing effective security protocols for any network environment, therefore, assumes paramount importance. Attempts are made continuously for designing more efficient and dynamic network intrusion detection models. In this work, an approach based on Hotelling's T2 method, a multivariate statistical analysis technique, has been employed for intrusion detection, especially in network environments. Components such as preprocessing, multivariate statistical analysis, and attack detection have been incorporated in developing the multivariate Hotelling's T2 statistical model and necessary profiles have been generated based on the T-square distance metrics. With a threshold range obtained using the central limit theorem, observed traffic profiles have been classified either as normal or attack types. Performance of the model, as evaluated through validation and testing using KDD Cup'99 dataset, has shown very high detection rates for all classes with low false alarm rates. Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better. PMID:26357668

A Dynamic Intrusion Detection System Based on Multivariate Hotelling's T2 Statistics Approach for Network Environments.

PubMed

Sivasamy, Aneetha Avalappampatty; Sundan, Bose

2015-01-01

The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer. Providing effective security protocols for any network environment, therefore, assumes paramount importance. Attempts are made continuously for designing more efficient and dynamic network intrusion detection models. In this work, an approach based on Hotelling's T(2) method, a multivariate statistical analysis technique, has been employed for intrusion detection, especially in network environments. Components such as preprocessing, multivariate statistical analysis, and attack detection have been incorporated in developing the multivariate Hotelling's T(2) statistical model and necessary profiles have been generated based on the T-square distance metrics. With a threshold range obtained using the central limit theorem, observed traffic profiles have been classified either as normal or attack types. Performance of the model, as evaluated through validation and testing using KDD Cup'99 dataset, has shown very high detection rates for all classes with low false alarm rates. Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jared Verba; Michael Milvich

2008-05-01

Current Intrusion Detection System (IDS) technology is not suited to be widely deployed inside a Supervisory, Control and Data Acquisition (SCADA) environment. Anomaly- and signature-based IDS technologies have developed methods to cover information technology-based networks activity and protocols effectively. However, these IDS technologies do not include the fine protocol granularity required to ensure network security inside an environment with weak protocols lacking authentication and encryption. By implementing a more specific and more intelligent packet inspection mechanism, tailored traffic flow analysis, and unique packet tampering detection, IDS technology developed specifically for SCADA environments can be deployed with confidence in detecting maliciousmore » activity.« less

Intrusion recognition for optic fiber vibration sensor based on the selective attention mechanism

NASA Astrophysics Data System (ADS)

Xu, Haiyan; Xie, Yingjuan; Li, Min; Zhang, Zhuo; Zhang, Xuewu

2017-11-01

Distributed fiber-optic vibration sensors receive extensive investigation and play a significant role in the sensor panorama. A fiber optic perimeter detection system based on all-fiber interferometric sensor is proposed, through the back-end analysis, processing and intelligent identification, which can distinguish effects of different intrusion activities. In this paper, an intrusion recognition based on the auditory selective attention mechanism is proposed. Firstly, considering the time-frequency of vibration, the spectrogram is calculated. Secondly, imitating the selective attention mechanism, the color, direction and brightness map of the spectrogram is computed. Based on these maps, the feature matrix is formed after normalization. The system could recognize the intrusion activities occurred along the perimeter sensors. Experiment results show that the proposed method for the perimeter is able to differentiate intrusion signals from ambient noises. What's more, the recognition rate of the system is improved while deduced the false alarm rate, the approach is proved by large practical experiment and project.

Intrusion detection: systems and models

NASA Technical Reports Server (NTRS)

Sherif, J. S.; Dearmond, T. G.

2002-01-01

This paper puts forward a review of state of the art and state of the applicability of intrusion detection systems, and models. The paper also presents a classfication of literature pertaining to intrusion detection.

Thutmose - Investigation of Machine Learning-Based Intrusion Detection Systems

DTIC Science & Technology

2016-06-01

research is being done to incorporate the field of machine learning into intrusion detection. Machine learning is a branch of artificial intelligence (AI...adversarial drift." Proceedings of the 2013 ACM workshop on Artificial intelligence and security. ACM. (2013) Kantarcioglu, M., Xi, B., and Clifton, C. "A...34 Proceedings of the 4th ACM workshop on Security and artificial intelligence . ACM. (2011) Dua, S., and Du, X. Data Mining and Machine Learning in

Multilayer Statistical Intrusion Detection in Wireless Networks

NASA Astrophysics Data System (ADS)

Hamdi, Mohamed; Meddeb-Makhlouf, Amel; Boudriga, Noureddine

2008-12-01

The rapid proliferation of mobile applications and services has introduced new vulnerabilities that do not exist in fixed wired networks. Traditional security mechanisms, such as access control and encryption, turn out to be inefficient in modern wireless networks. Given the shortcomings of the protection mechanisms, an important research focuses in intrusion detection systems (IDSs). This paper proposes a multilayer statistical intrusion detection framework for wireless networks. The architecture is adequate to wireless networks because the underlying detection models rely on radio parameters and traffic models. Accurate correlation between radio and traffic anomalies allows enhancing the efficiency of the IDS. A radio signal fingerprinting technique based on the maximal overlap discrete wavelet transform (MODWT) is developed. Moreover, a geometric clustering algorithm is presented. Depending on the characteristics of the fingerprinting technique, the clustering algorithm permits to control the false positive and false negative rates. Finally, simulation experiments have been carried out to validate the proposed IDS.

Porting Extremely Lightweight Intrusion Detection (ELIDe) to Android

DTIC Science & Technology

2015-10-01

ARL-TN-0681 ● OCT 2015 US Army Research Laboratory Porting Extremely Lightweight Intrusion Detection (ELIDe) to Android by...Lightweight Intrusion Detection (ELIDe) to Android by Ken F Yu and Garret S Payer Computational and Information Sciences Directorate, ARL...

Detection of Dry Intrusion on Water Vapor Images Over Central Europe - June 2010 TO September 2011

NASA Astrophysics Data System (ADS)

Novotny, J.; Dejmal, K.; Hudec, F.; Kolar, P.

2016-06-01

The knowledge of evaluation of the intensity of cyclogenesis which could be connected with the weather having a significant impact on Earth's surface is quite useful. If, as one of the basic assumptions, the existence of connection between dry intrusions, dry bands, tropopause height and warm dark areas distribution on water vapor images (WV images) is considered, it is possible to set up a method of detecting dry intrusions on searching and tracking areas with higher brightness temperature compared with the surrounding environment. This paper covers the period between June 2010 and September 2011 over Central Europe. The ISIS method (Instrument de Suivi dans I'Imagerie satellitaire), originally developed for detection of cold cloud tops, was used as an initial ideological point. Subsequently, this method was modified by Michel and Bouttier for usage on WV images. Some of the applied criteria and parameters were chosen with reference to the results published by Michel and Bouttier as well as by Novotny. The procedure can be divided into two steps: detection of warm areas and their tracking. Cases of detection of areas not evidently connected with dry intrusions can be solved by filtering off based on the connection between detected warm areas to the cyclonic side of jet streams and significant lowering of the tropopause.

Characterization of Extremely Lightweight Intrusion Detection (ELIDe) Power Utilization with Varying Throughput and Payload Sizes

DTIC Science & Technology

2015-09-01

Extremely Lightweight Intrusion Detection (ELIDe) algorithm on an Android -based mobile device. Our results show that the hashing and inner product...approximately 2.5 megabits per second (assuming a normal distribution of packet sizes) with no significant packet loss. 15. SUBJECT TERMS ELIDe, Android , pcap...system (OS). To run ELIDe, the current version was ported for use on Android .4 2.1 Mobile Device After ELIDe was ported to the Android mobile

Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems

NASA Astrophysics Data System (ADS)

McEvoy, Thomas Richard; Wolthusen, Stephen D.

Recent research on intrusion detection in supervisory data acquisition and control (SCADA) and DCS systems has focused on anomaly detection at protocol level based on the well-defined nature of traffic on such networks. Here, we consider attacks which compromise sensors or actuators (including physical manipulation), where intrusion may not be readily apparent as data and computational states can be controlled to give an appearance of normality, and sensor and control systems have limited accuracy. To counter these, we propose to consider indirect relations between sensor readings to detect such attacks through concurrent observations as determined by control laws and constraints.

Detection of Rooftop Cooling Unit Faults Based on Electrical Measurements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Armstrong, Peter R.; Laughman, C R.; Leeb, S B.

Non-intrusive load monitoring (NILM) is accomplished by sampling voltage and current at high rates and reducing the resulting start transients or harmonic contents to concise ''signatures''. Changes in these signatures can be used to detect, and in many cases directly diagnose, equipment and component faults associated with roof-top cooling units. Use of the NILM for fault detection and diagnosis (FDD) is important because (1) it complements other FDD schemes that are based on thermo-fluid sensors and analyses and (2) it is minimally intrusive (one measuring point in the relatively protected confines of the control panel) and therefore inherently reliable. Thismore » paper describes changes in the power signatures of fans and compressors that were found, experimentally and theoretically, to be useful for fault detection.« less

Intrusion Detection in Database Systems

NASA Astrophysics Data System (ADS)

Javidi, Mohammad M.; Sohrabi, Mina; Rafsanjani, Marjan Kuchaki

Data represent today a valuable asset for organizations and companies and must be protected. Ensuring the security and privacy of data assets is a crucial and very difficult problem in our modern networked world. Despite the necessity of protecting information stored in database systems (DBS), existing security models are insufficient to prevent misuse, especially insider abuse by legitimate users. One mechanism to safeguard the information in these databases is to use an intrusion detection system (IDS). The purpose of Intrusion detection in database systems is to detect transactions that access data without permission. In this paper several database Intrusion detection approaches are evaluated.

Fingerprinting Software Defined Networks and Controllers

DTIC Science & Technology

2015-03-01

24 2.5.3 Intrusion Prevention System with SDN . . . . . . . . . . . . . . . 25 2.5.4 Modular Security Services...Control Message Protocol IDS Intrusion Detection System IPS Intrusion Prevention System ISP Internet Service Provider LLDP Link Layer Discovery Protocol...layer functions (e.g., web proxies, firewalls, intrusion detection/prevention, load balancers, etc.). The increase in switch capabilities combined

Alerts Analysis and Visualization in Network-based Intrusion Detection Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, Dr. Li

2010-08-01

The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. Themore » second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker s behaviors.« less

Fuzzy Kernel k-Medoids algorithm for anomaly detection problems

NASA Astrophysics Data System (ADS)

Rustam, Z.; Talita, A. S.

2017-07-01

Intrusion Detection System (IDS) is an essential part of security systems to strengthen the security of information systems. IDS can be used to detect the abuse by intruders who try to get into the network system in order to access and utilize the available data sources in the system. There are two approaches of IDS, Misuse Detection and Anomaly Detection (behavior-based intrusion detection). Fuzzy clustering-based methods have been widely used to solve Anomaly Detection problems. Other than using fuzzy membership concept to determine the object to a cluster, other approaches as in combining fuzzy and possibilistic membership or feature-weighted based methods are also used. We propose Fuzzy Kernel k-Medoids that combining fuzzy and possibilistic membership as a powerful method to solve anomaly detection problem since on numerical experiment it is able to classify IDS benchmark data into five different classes simultaneously. We classify IDS benchmark data KDDCup'99 data set into five different classes simultaneously with the best performance was achieved by using 30 % of training data with clustering accuracy reached 90.28 percent.

Detection and recognition of mechanical, digging and vehicle signals in the optical fiber pre-warning system

NASA Astrophysics Data System (ADS)

Tian, Qing; Yang, Dan; Zhang, Yuan; Qu, Hongquan

2018-04-01

This paper presents detection and recognition method to locate and identify harmful intrusions in the optical fiber pre-warning system (OFPS). Inspired by visual attention architecture (VAA), the process flow is divided into two parts, i.e., data-driven process and task-driven process. At first, data-driven process takes all the measurements collected by the system as input signals, which is handled by detection method to locate the harmful intrusion in both spatial domain and time domain. Then, these detected intrusion signals are taken over by task-driven process. Specifically, we get pitch period (PP) and duty cycle (DC) of the intrusion signals to identify the mechanical and manual digging (MD) intrusions respectively. For the passing vehicle (PV) intrusions, their strong low frequency component can be used as good feature. In generally, since the harmful intrusion signals only account for a small part of whole measurements, the data-driven process reduces the amount of input data for subsequent task-driven process considerably. Furthermore, the task-driven process determines the harmful intrusions orderly according to their severity, which makes a priority mechanism for the system as well as targeted processing for different harmful intrusion. At last, real experiments are performed to validate the effectiveness of this method.

A survey of artificial immune system based intrusion detection.

PubMed

Yang, Hua; Li, Tao; Hu, Xinlei; Wang, Feng; Zou, Yang

2014-01-01

In the area of computer security, Intrusion Detection (ID) is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS). The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs). This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

Hybrid feature selection for supporting lightweight intrusion detection systems

NASA Astrophysics Data System (ADS)

Song, Jianglong; Zhao, Wentao; Liu, Qiang; Wang, Xin

2017-08-01

Redundant and irrelevant features not only cause high resource consumption but also degrade the performance of Intrusion Detection Systems (IDS), especially when coping with big data. These features slow down the process of training and testing in network traffic classification. Therefore, a hybrid feature selection approach in combination with wrapper and filter selection is designed in this paper to build a lightweight intrusion detection system. Two main phases are involved in this method. The first phase conducts a preliminary search for an optimal subset of features, in which the chi-square feature selection is utilized. The selected set of features from the previous phase is further refined in the second phase in a wrapper manner, in which the Random Forest(RF) is used to guide the selection process and retain an optimized set of features. After that, we build an RF-based detection model and make a fair comparison with other approaches. The experimental results on NSL-KDD datasets show that our approach results are in higher detection accuracy as well as faster training and testing processes.

Statistical process control based chart for information systems security

NASA Astrophysics Data System (ADS)

Khan, Mansoor S.; Cui, Lirong

2015-07-01

Intrusion detection systems have a highly significant role in securing computer networks and information systems. To assure the reliability and quality of computer networks and information systems, it is highly desirable to develop techniques that detect intrusions into information systems. We put forward the concept of statistical process control (SPC) in computer networks and information systems intrusions. In this article we propose exponentially weighted moving average (EWMA) type quality monitoring scheme. Our proposed scheme has only one parameter which differentiates it from the past versions. We construct the control limits for the proposed scheme and investigate their effectiveness. We provide an industrial example for the sake of clarity for practitioner. We give comparison of the proposed scheme with EWMA schemes and p chart; finally we provide some recommendations for the future work.

A model for anomaly classification in intrusion detection systems

NASA Astrophysics Data System (ADS)

Ferreira, V. O.; Galhardi, V. V.; Gonçalves, L. B. L.; Silva, R. C.; Cansian, A. M.

2015-09-01

Intrusion Detection Systems (IDS) are traditionally divided into two types according to the detection methods they employ, namely (i) misuse detection and (ii) anomaly detection. Anomaly detection has been widely used and its main advantage is the ability to detect new attacks. However, the analysis of anomalies generated can become expensive, since they often have no clear information about the malicious events they represent. In this context, this paper presents a model for automated classification of alerts generated by an anomaly based IDS. The main goal is either the classification of the detected anomalies in well-defined taxonomies of attacks or to identify whether it is a false positive misclassified by the IDS. Some common attacks to computer networks were considered and we achieved important results that can equip security analysts with best resources for their analyses.

Realistic computer network simulation for network intrusion detection dataset generation

NASA Astrophysics Data System (ADS)

Payer, Garrett

2015-05-01

The KDD-99 Cup dataset is dead. While it can continue to be used as a toy example, the age of this dataset makes it all but useless for intrusion detection research and data mining. Many of the attacks used within the dataset are obsolete and do not reflect the features important for intrusion detection in today's networks. Creating a new dataset encompassing a large cross section of the attacks found on the Internet today could be useful, but would eventually fall to the same problem as the KDD-99 Cup; its usefulness would diminish after a period of time. To continue research into intrusion detection, the generation of new datasets needs to be as dynamic and as quick as the attacker. Simply examining existing network traffic and using domain experts such as intrusion analysts to label traffic is inefficient, expensive, and not scalable. The only viable methodology is simulation using technologies including virtualization, attack-toolsets such as Metasploit and Armitage, and sophisticated emulation of threat and user behavior. Simulating actual user behavior and network intrusion events dynamically not only allows researchers to vary scenarios quickly, but enables online testing of intrusion detection mechanisms by interacting with data as it is generated. As new threat behaviors are identified, they can be added to the simulation to make quicker determinations as to the effectiveness of existing and ongoing network intrusion technology, methodology and models.

Intrusion Detection: Generics and State-of-the-Art (la Detection de l’intrusion: Modeles generiques et etat de l’art)

DTIC Science & Technology

2002-01-01

by the user for a number of possible pre-defined intrusions. One of these pre-defined intrusions is the command “get /etc/ passwd ”. If this command is...Application-level firewalls: which check communication at the application level. An example is the string get /etc/ passwd in the ftp protocol

Typed Linear Chain Conditional Random Fields and Their Application to Intrusion Detection

NASA Astrophysics Data System (ADS)

Elfers, Carsten; Horstmann, Mirko; Sohr, Karsten; Herzog, Otthein

Intrusion detection in computer networks faces the problem of a large number of both false alarms and unrecognized attacks. To improve the precision of detection, various machine learning techniques have been proposed. However, one critical issue is that the amount of reference data that contains serious intrusions is very sparse. In this paper we present an inference process with linear chain conditional random fields that aims to solve this problem by using domain knowledge about the alerts of different intrusion sensors represented in an ontology.

A system for distributed intrusion detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Snapp, S.R.; Brentano, J.; Dias, G.V.

1991-01-01

The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the intrusion-detection concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion-detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of ourmore » present research is to extend our network intrusion-detection concept from the LAN environment to arbitarily wider areas with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager in each host; a LAN manager for monitoring each LAN in the system; and a central manager which is placed at a single secure location and which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions. 11 refs., 2 figs.« less

A Survey of Artificial Immune System Based Intrusion Detection

PubMed Central

Li, Tao; Hu, Xinlei; Wang, Feng; Zou, Yang

2014-01-01

In the area of computer security, Intrusion Detection (ID) is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS). The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs). This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted. PMID:24790549

Visual behavior characterization for intrusion and misuse detection

NASA Astrophysics Data System (ADS)

Erbacher, Robert F.; Frincke, Deborah

2001-05-01

As computer and network intrusions become more and more of a concern, the need for better capabilities, to assist in the detection and analysis of intrusions also increase. System administrators typically rely on log files to analyze usage and detect misuse. However, as a consequence of the amount of data collected by each machine, multiplied by the tens or hundreds of machines under the system administrator's auspices, the entirety of the data available is neither collected nor analyzed. This is compounded by the need to analyze network traffic data as well. We propose a methodology for analyzing network and computer log information visually based on the analysis of the behavior of the users. Each user's behavior is the key to determining their intent and overriding activity, whether they attempt to hide their actions or not. Proficient hackers will attempt to hide their ultimate activities, which hinders the reliability of log file analysis. Visually analyzing the users''s behavior however, is much more adaptable and difficult to counteract.

Intrusion Detection Systems with Live Knowledge System

DTIC Science & Technology

2016-05-31

Ripple -down Rule (RDR) to maintain the knowledge from human experts with knowledge base generated by the Induct RDR, which is a machine-learning based RDR...propose novel approach that uses Ripple -down Rule (RDR) to maintain the knowledge from human experts with knowledge base generated by the Induct RDR...detection model by applying Induct RDR approach. The proposed induct RDR ( Ripple Down Rules) approach allows to acquire the phishing detection

Automated Network Anomaly Detection with Learning, Control and Mitigation

ERIC Educational Resources Information Center

Ippoliti, Dennis

2014-01-01

Anomaly detection is a challenging problem that has been researched within a variety of application domains. In network intrusion detection, anomaly based techniques are particularly attractive because of their ability to identify previously unknown attacks without the need to be programmed with the specific signatures of every possible attack.…

Design of an Acoustic Target Intrusion Detection System Based on Small-Aperture Microphone Array.

PubMed

Zu, Xingshui; Guo, Feng; Huang, Jingchang; Zhao, Qin; Liu, Huawei; Li, Baoqing; Yuan, Xiaobing

2017-03-04

Automated surveillance of remote locations in a wireless sensor network is dominated by the detection algorithm because actual intrusions in such locations are a rare event. Therefore, a detection method with low power consumption is crucial for persistent surveillance to ensure longevity of the sensor networks. A simple and effective two-stage algorithm composed of energy detector (ED) and delay detector (DD) with all its operations in time-domain using small-aperture microphone array (SAMA) is proposed. The algorithm analyzes the quite different velocities between wind noise and sound waves to improve the detection capability of ED in the surveillance area. Experiments in four different fields with three types of vehicles show that the algorithm is robust to wind noise and the probability of detection and false alarm are 96.67% and 2.857%, respectively.

HMM Sequential Hypothesis Tests for Intrusion Detection in MANETs Extended Abstract

DTIC Science & Technology

2003-01-01

securing the routing protocols of mobile ad hoc wireless net- works has been done in prevention. Intrusion detection systems play a complimentary...TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 10 19a. NAME OF RESPONSIBLE PERSON a. REPORT unclassified...hops of A would be unable to communicate with B and vice versa [1]. 1.2 The role of intrusion detection in security In order to provide reliable

A Non-Intrusive GMA Welding Process Quality Monitoring System Using Acoustic Sensing.

PubMed

Cayo, Eber Huanca; Alfaro, Sadek Crisostomo Absi

2009-01-01

Most of the inspection methods used for detection and localization of welding disturbances are based on the evaluation of some direct measurements of welding parameters. This direct measurement requires an insertion of sensors during the welding process which could somehow alter the behavior of the metallic transference. An inspection method that evaluates the GMA welding process evolution using a non-intrusive process sensing would allow not only the identification of disturbances during welding runs and thus reduce inspection time, but would also reduce the interference on the process caused by the direct sensing. In this paper a nonintrusive method for weld disturbance detection and localization for weld quality evaluation is demonstrated. The system is based on the acoustic sensing of the welding electrical arc. During repetitive tests in welds without disturbances, the stability acoustic parameters were calculated and used as comparison references for the detection and location of disturbances during the weld runs.

A Non-Intrusive GMA Welding Process Quality Monitoring System Using Acoustic Sensing

PubMed Central

Cayo, Eber Huanca; Alfaro, Sadek Crisostomo Absi

2009-01-01

Most of the inspection methods used for detection and localization of welding disturbances are based on the evaluation of some direct measurements of welding parameters. This direct measurement requires an insertion of sensors during the welding process which could somehow alter the behavior of the metallic transference. An inspection method that evaluates the GMA welding process evolution using a non-intrusive process sensing would allow not only the identification of disturbances during welding runs and thus reduce inspection time, but would also reduce the interference on the process caused by the direct sensing. In this paper a nonintrusive method for weld disturbance detection and localization for weld quality evaluation is demonstrated. The system is based on the acoustic sensing of the welding electrical arc. During repetitive tests in welds without disturbances, the stability acoustic parameters were calculated and used as comparison references for the detection and location of disturbances during the weld runs. PMID:22399990

Application of the PageRank Algorithm to Alarm Graphs

NASA Astrophysics Data System (ADS)

Treinen, James J.; Thurimella, Ramakrishna

The task of separating genuine attacks from false alarms in large intrusion detection infrastructures is extremely difficult. The number of alarms received in such environments can easily enter into the millions of alerts per day. The overwhelming noise created by these alarms can cause genuine attacks to go unnoticed. As means of highlighting these attacks, we introduce a host ranking technique utilizing Alarm Graphs. Rather than enumerate all potential attack paths as in Attack Graphs, we build and analyze graphs based on the alarms generated by the intrusion detection sensors installed on a network. Given that the alarms are predominantly false positives, the challenge is to identify, separate, and ideally predict future attacks. In this paper, we propose a novel approach to tackle this problem based on the PageRank algorithm. By elevating the rank of known attackers and victims we are able to observe the effect that these hosts have on the other nodes in the Alarm Graph. Using this information we are able to discover previously overlooked attacks, as well as defend against future intrusions.

Railway clearance intrusion detection method with binocular stereo vision

NASA Astrophysics Data System (ADS)

Zhou, Xingfang; Guo, Baoqing; Wei, Wei

2018-03-01

In the stage of railway construction and operation, objects intruding railway clearance greatly threaten the safety of railway operation. Real-time intrusion detection is of great importance. For the shortcomings of depth insensitive and shadow interference of single image method, an intrusion detection method with binocular stereo vision is proposed to reconstruct the 3D scene for locating the objects and judging clearance intrusion. The binocular cameras are calibrated with Zhang Zhengyou's method. In order to improve the 3D reconstruction speed, a suspicious region is firstly determined by background difference method of a single camera's image sequences. The image rectification, stereo matching and 3D reconstruction process are only executed when there is a suspicious region. A transformation matrix from Camera Coordinate System(CCS) to Track Coordinate System(TCS) is computed with gauge constant and used to transfer the 3D point clouds into the TCS, then the 3D point clouds are used to calculate the object position and intrusion in TCS. The experiments in railway scene show that the position precision is better than 10mm. It is an effective way for clearance intrusion detection and can satisfy the requirement of railway application.

Volumetric Security Alarm Based on a Spherical Ultrasonic Transducer Array

NASA Astrophysics Data System (ADS)

Sayin, Umut; Scaini, Davide; Arteaga, Daniel

Most of the existent alarm systems depend on physical or visual contact. The detection area is often limited depending on the type of the transducer, creating blind spots. Our proposition is a truly volumetric alarm system that can detect any movement in the intrusion area, based on monitoring the change over time of the impulse response of the room, which acts as an acoustic footprint. The device depends on an omnidirectional ultrasonic transducer array emitting sweep signals to calculate the impulse response in short intervals. Any change in the room conditions is monitored through a correlation function. The sensitivity of the alarm to different objects and different environments depends on the sweep duration, sweep bandwidth, and sweep interval. Successful detection of intrusions also depends on the size of the monitoring area and requires an adjustment of emitted ultrasound power. Strong air flow affects the performance of the alarm. A method for separating moving objects from strong air flow is devised using an adaptive thresholding on the correlation function involving a series of impulse response measurements. The alarm system can be also used for fire detection since air flow sourced from heating objects differ from random nature of the present air flow. Several measurements are made to test the integrity of the alarm in rooms sizing from 834-2080m3 with irregular geometries and various objects. The proposed system can efficiently detect intrusion whilst adequate emitting power is provided.

Unsupervised algorithms for intrusion detection and identification in wireless ad hoc sensor networks

NASA Astrophysics Data System (ADS)

Hortos, William S.

2009-05-01

In previous work by the author, parameters across network protocol layers were selected as features in supervised algorithms that detect and identify certain intrusion attacks on wireless ad hoc sensor networks (WSNs) carrying multisensor data. The algorithms improved the residual performance of the intrusion prevention measures provided by any dynamic key-management schemes and trust models implemented among network nodes. The approach of this paper does not train algorithms on the signature of known attack traffic, but, instead, the approach is based on unsupervised anomaly detection techniques that learn the signature of normal network traffic. Unsupervised learning does not require the data to be labeled or to be purely of one type, i.e., normal or attack traffic. The approach can be augmented to add any security attributes and quantified trust levels, established during data exchanges among nodes, to the set of cross-layer features from the WSN protocols. A two-stage framework is introduced for the security algorithms to overcome the problems of input size and resource constraints. The first stage is an unsupervised clustering algorithm which reduces the payload of network data packets to a tractable size. The second stage is a traditional anomaly detection algorithm based on a variation of support vector machines (SVMs), whose efficiency is improved by the availability of data in the packet payload. In the first stage, selected algorithms are adapted to WSN platforms to meet system requirements for simple parallel distributed computation, distributed storage and data robustness. A set of mobile software agents, acting like an ant colony in securing the WSN, are distributed at the nodes to implement the algorithms. The agents move among the layers involved in the network response to the intrusions at each active node and trustworthy neighborhood, collecting parametric values and executing assigned decision tasks. This minimizes the need to move large amounts of audit-log data through resource-limited nodes and locates routines closer to that data. Performance of the unsupervised algorithms is evaluated against the network intrusions of black hole, flooding, Sybil and other denial-of-service attacks in simulations of published scenarios. Results for scenarios with intentionally malfunctioning sensors show the robustness of the two-stage approach to intrusion anomalies.

Network intrusion detection based on a general regression neural network optimized by an improved artificial immune algorithm.

PubMed

Wu, Jianfa; Peng, Dahao; Li, Zhuping; Zhao, Li; Ling, Huanzhang

2015-01-01

To effectively and accurately detect and classify network intrusion data, this paper introduces a general regression neural network (GRNN) based on the artificial immune algorithm with elitist strategies (AIAE). The elitist archive and elitist crossover were combined with the artificial immune algorithm (AIA) to produce the AIAE-GRNN algorithm, with the aim of improving its adaptivity and accuracy. In this paper, the mean square errors (MSEs) were considered the affinity function. The AIAE was used to optimize the smooth factors of the GRNN; then, the optimal smooth factor was solved and substituted into the trained GRNN. Thus, the intrusive data were classified. The paper selected a GRNN that was separately optimized using a genetic algorithm (GA), particle swarm optimization (PSO), and fuzzy C-mean clustering (FCM) to enable a comparison of these approaches. As shown in the results, the AIAE-GRNN achieves a higher classification accuracy than PSO-GRNN, but the running time of AIAE-GRNN is long, which was proved first. FCM and GA-GRNN were eliminated because of their deficiencies in terms of accuracy and convergence. To improve the running speed, the paper adopted principal component analysis (PCA) to reduce the dimensions of the intrusive data. With the reduction in dimensionality, the PCA-AIAE-GRNN decreases in accuracy less and has better convergence than the PCA-PSO-GRNN, and the running speed of the PCA-AIAE-GRNN was relatively improved. The experimental results show that the AIAE-GRNN has a higher robustness and accuracy than the other algorithms considered and can thus be used to classify the intrusive data.

Preventing intrusive memories after trauma via a brief intervention involving Tetris computer game play in the emergency department: a proof-of-concept randomized controlled trial

PubMed Central

Iyadurai, L; Blackwell, S E; Meiser-Stedman, R; Watson, P C; Bonsall, M B; Geddes, J R; Nobre, A C; Holmes, E A

2018-01-01

After psychological trauma, recurrent intrusive visual memories may be distressing and disruptive. Preventive interventions post trauma are lacking. Here we test a behavioural intervention after real-life trauma derived from cognitive neuroscience. We hypothesized that intrusive memories would be significantly reduced in number by an intervention involving a computer game with high visuospatial demands (Tetris), via disrupting consolidation of sensory elements of trauma memory. The Tetris-based intervention (trauma memory reminder cue plus c. 20 min game play) vs attention-placebo control (written activity log for same duration) were both delivered in an emergency department within 6 h of a motor vehicle accident. The randomized controlled trial compared the impact on the number of intrusive trauma memories in the subsequent week (primary outcome). Results vindicated the efficacy of the Tetris-based intervention compared with the control condition: there were fewer intrusive memories overall, and time-series analyses showed that intrusion incidence declined more quickly. There were convergent findings on a measure of clinical post-trauma intrusion symptoms at 1 week, but not on other symptom clusters or at 1 month. Results of this proof-of-concept study suggest that a larger trial, powered to detect differences at 1 month, is warranted. Participants found the intervention easy, helpful and minimally distressing. By translating emerging neuroscientific insights and experimental research into the real world, we offer a promising new low-intensity psychiatric intervention that could prevent debilitating intrusive memories following trauma. PMID:28348380

State-of-the-art technologies for intrusion and obstacle detection for railroad operations

DOT National Transportation Integrated Search

2007-07-01

This report provides an update on the state-of-the-art technologies with intrusion and obstacle detection capabilities for rail rights of way (ROW) and crossings. A workshop entitled Intruder and Obstacle Detection Systems (IODS) for Railroads Requir...

Automated Virtual Machine Introspection for Host-Based Intrusion Detection

DTIC Science & Technology

2009-03-01

boxes represent the code and data sections of each process in memory with arrows representing hooks planted by malware to jump to the malware code...a useful indication of intrusion, it is also susceptible to mimicry and concurrency attacks [Pro03,Wat07]. Additionally, most research abstracts away...sequence of system calls that accomplishes his or her intent [WS02]. This “ mimicry attack” takes advantage of the fact that many HIDS discard the pa

An Intrusion Detection System for the Protection of Railway Assets Using Fiber Bragg Grating Sensors

PubMed Central

Catalano, Angelo; Bruno, Francesco Antonio; Pisco, Marco; Cutolo, Antonello; Cusano, Andrea

2014-01-01

We demonstrate the ability of Fiber Bragg Gratings (FBGs) sensors to protect large areas from unauthorized activities in railway scenarios such as stations or tunnels. We report on the technological strategy adopted to protect a specific depot, representative of a common scenario for security applications in the railway environment. One of the concerns in the protection of a railway area centers on the presence of rail-tracks, which cannot be obstructed with physical barriers. We propose an integrated optical fiber system composed of FBG strain sensors that can detect human intrusion for protection of the perimeter combined with FBG accelerometer sensors for protection of rail-track access. Several trials were carried out in indoor and outdoor environments. The results demonstrate that FBG strain sensors bonded under a ribbed rubber mat enable the detection of intruder break-in via the pressure induced on the mat, whereas the FBG accelerometers installed under the rails enable the detection of intruders walking close to the railroad tracks via the acoustic surface waves generated by footsteps. Based on a single enabling technology, this integrated system represents a valuable intrusion detection system for railway security and could be integrated with other sensing functionalities in the railway field using fiber optic technology. PMID:25268920

Power-Aware Intrusion Detection in Mobile Ad Hoc Networks

NASA Astrophysics Data System (ADS)

Şen, Sevil; Clark, John A.; Tapiador, Juan E.

Mobile ad hoc networks (MANETs) are a highly promising new form of networking. However they are more vulnerable to attacks than wired networks. In addition, conventional intrusion detection systems (IDS) are ineffective and inefficient for highly dynamic and resource-constrained environments. Achieving an effective operational MANET requires tradeoffs to be made between functional and non-functional criteria. In this paper we show how Genetic Programming (GP) together with a Multi-Objective Evolutionary Algorithm (MOEA) can be used to synthesise intrusion detection programs that make optimal tradeoffs between security criteria and the power they consume.

Scheduling Randomly-Deployed Heterogeneous Video Sensor Nodes for Reduced Intrusion Detection Time

NASA Astrophysics Data System (ADS)

Pham, Congduc

This paper proposes to use video sensor nodes to provide an efficient intrusion detection system. We use a scheduling mechanism that takes into account the criticality of the surveillance application and present a performance study of various cover set construction strategies that take into account cameras with heterogeneous angle of view and those with very small angle of view. We show by simulation how a dynamic criticality management scheme can provide fast event detection for mission-critical surveillance applications by increasing the network lifetime and providing low stealth time of intrusions.

Subsurface event detection and classification using Wireless Signal Networks.

PubMed

Yoon, Suk-Un; Ghazanfari, Ehsan; Cheng, Liang; Pamukcu, Sibel; Suleiman, Muhannad T

2012-11-05

Subsurface environment sensing and monitoring applications such as detection of water intrusion or a landslide, which could significantly change the physical properties of the host soil, can be accomplished using a novel concept, Wireless Signal Networks (WSiNs). The wireless signal networks take advantage of the variations of radio signal strength on the distributed underground sensor nodes of WSiNs to monitor and characterize the sensed area. To characterize subsurface environments for event detection and classification, this paper provides a detailed list and experimental data of soil properties on how radio propagation is affected by soil properties in subsurface communication environments. Experiments demonstrated that calibrated wireless signal strength variations can be used as indicators to sense changes in the subsurface environment. The concept of WSiNs for the subsurface event detection is evaluated with applications such as detection of water intrusion, relative density change, and relative motion using actual underground sensor nodes. To classify geo-events using the measured signal strength as a main indicator of geo-events, we propose a window-based minimum distance classifier based on Bayesian decision theory. The window-based classifier for wireless signal networks has two steps: event detection and event classification. With the event detection, the window-based classifier classifies geo-events on the event occurring regions that are called a classification window. The proposed window-based classification method is evaluated with a water leakage experiment in which the data has been measured in laboratory experiments. In these experiments, the proposed detection and classification method based on wireless signal network can detect and classify subsurface events.

Subsurface Event Detection and Classification Using Wireless Signal Networks

PubMed Central

Yoon, Suk-Un; Ghazanfari, Ehsan; Cheng, Liang; Pamukcu, Sibel; Suleiman, Muhannad T.

2012-01-01

Subsurface environment sensing and monitoring applications such as detection of water intrusion or a landslide, which could significantly change the physical properties of the host soil, can be accomplished using a novel concept, Wireless Signal Networks (WSiNs). The wireless signal networks take advantage of the variations of radio signal strength on the distributed underground sensor nodes of WSiNs to monitor and characterize the sensed area. To characterize subsurface environments for event detection and classification, this paper provides a detailed list and experimental data of soil properties on how radio propagation is affected by soil properties in subsurface communication environments. Experiments demonstrated that calibrated wireless signal strength variations can be used as indicators to sense changes in the subsurface environment. The concept of WSiNs for the subsurface event detection is evaluated with applications such as detection of water intrusion, relative density change, and relative motion using actual underground sensor nodes. To classify geo-events using the measured signal strength as a main indicator of geo-events, we propose a window-based minimum distance classifier based on Bayesian decision theory. The window-based classifier for wireless signal networks has two steps: event detection and event classification. With the event detection, the window-based classifier classifies geo-events on the event occurring regions that are called a classification window. The proposed window-based classification method is evaluated with a water leakage experiment in which the data has been measured in laboratory experiments. In these experiments, the proposed detection and classification method based on wireless signal network can detect and classify subsurface events. PMID:23202191

HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Yan

Identifying traffic anomalies and attacks rapidly and accurately is critical for large network operators. With the rapid growth of network bandwidth, such as the next generation DOE UltraScience Network, and fast emergence of new attacks/virus/worms, existing network intrusion detection systems (IDS) are insufficient because they: • Are mostly host-based and not scalable to high-performance networks; • Are mostly signature-based and unable to adaptively recognize flow-level unknown attacks; • Cannot differentiate malicious events from the unintentional anomalies. To address these challenges, we proposed and developed a new paradigm called high-performance network anomaly/intrustion detection and mitigation (HPNAIDM) system. The new paradigm ismore » significantly different from existing IDSes with the following features (research thrusts). • Online traffic recording and analysis on high-speed networks; • Online adaptive flow-level anomaly/intrusion detection and mitigation; • Integrated approach for false positive reduction. Our research prototype and evaluation demonstrate that the HPNAIDM system is highly effective and economically feasible. Beyond satisfying the pre-set goals, we even exceed that significantly (see more details in the next section). Overall, our project harvested 23 publications (2 book chapters, 6 journal papers and 15 peer-reviewed conference/workshop papers). Besides, we built a website for technique dissemination, which hosts two system prototype release to the research community. We also filed a patent application and developed strong international and domestic collaborations which span both academia and industry.« less

Network Intrusion Detection Based on a General Regression Neural Network Optimized by an Improved Artificial Immune Algorithm

PubMed Central

Wu, Jianfa; Peng, Dahao; Li, Zhuping; Zhao, Li; Ling, Huanzhang

2015-01-01

To effectively and accurately detect and classify network intrusion data, this paper introduces a general regression neural network (GRNN) based on the artificial immune algorithm with elitist strategies (AIAE). The elitist archive and elitist crossover were combined with the artificial immune algorithm (AIA) to produce the AIAE-GRNN algorithm, with the aim of improving its adaptivity and accuracy. In this paper, the mean square errors (MSEs) were considered the affinity function. The AIAE was used to optimize the smooth factors of the GRNN; then, the optimal smooth factor was solved and substituted into the trained GRNN. Thus, the intrusive data were classified. The paper selected a GRNN that was separately optimized using a genetic algorithm (GA), particle swarm optimization (PSO), and fuzzy C-mean clustering (FCM) to enable a comparison of these approaches. As shown in the results, the AIAE-GRNN achieves a higher classification accuracy than PSO-GRNN, but the running time of AIAE-GRNN is long, which was proved first. FCM and GA-GRNN were eliminated because of their deficiencies in terms of accuracy and convergence. To improve the running speed, the paper adopted principal component analysis (PCA) to reduce the dimensions of the intrusive data. With the reduction in dimensionality, the PCA-AIAE-GRNN decreases in accuracy less and has better convergence than the PCA-PSO-GRNN, and the running speed of the PCA-AIAE-GRNN was relatively improved. The experimental results show that the AIAE-GRNN has a higher robustness and accuracy than the other algorithms considered and can thus be used to classify the intrusive data. PMID:25807466

Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

PubMed

Kang, Min-Joo; Kang, Je-Won

2016-01-01

A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus.

Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security

PubMed Central

Kang, Min-Joo

2016-01-01

A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus. PMID:27271802

Usefulness of DARPA dataset for intrusion detection system evaluation

NASA Astrophysics Data System (ADS)

Thomas, Ciza; Sharma, Vishwas; Balakrishnan, N.

2008-03-01

The MIT Lincoln Laboratory IDS evaluation methodology is a practical solution in terms of evaluating the performance of Intrusion Detection Systems, which has contributed tremendously to the research progress in that field. The DARPA IDS evaluation dataset has been criticized and considered by many as a very outdated dataset, unable to accommodate the latest trend in attacks. Then naturally the question arises as to whether the detection systems have improved beyond detecting these old level of attacks. If not, is it worth thinking of this dataset as obsolete? The paper presented here tries to provide supporting facts for the use of the DARPA IDS evaluation dataset. The two commonly used signature-based IDSs, Snort and Cisco IDS, and two anomaly detectors, the PHAD and the ALAD, are made use of for this evaluation purpose and the results support the usefulness of DARPA dataset for IDS evaluation.

Research on regional intrusion prevention and control system based on target tracking

NASA Astrophysics Data System (ADS)

Liu, Yanfei; Wang, Jieling; Jiang, Ke; He, Yanhui; Wu, Zhilin

2017-08-01

In view of the fact that China’s border is very long and the border prevention and control measures are single, we designed a regional intrusion prevention and control system which based on target-tracking. The system consists of four parts: solar panel, radar, electro-optical equipment, unmanned aerial vehicle and intelligent tracking platform. The solar panel provides independent power for the entire system. The radar detects the target in real time and realizes the high precision positioning of suspicious targets, then through the linkage of electro-optical equipment, it can achieve full-time automatic precise tracking of targets. When the target appears within the range of detection, the drone will be launched to continue the tracking. The system is mainly to realize the full time, full coverage, whole process integration and active realtime control of the border area.

78 FR 12337 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-22

... system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that... equivalent protection to participating Federal civilian agencies pending deployment of EINSTEIN intrusion...-008 Homeland Security Information Network R3 User Accounts (HSIN). Component: Operations Coordination...

Collaborative Point Paper on Border Surveillance Technology

DTIC Science & Technology

2007-06-01

Systems PLC LORHIS (Long Range Hyperspectral Imaging System ) can be configured for either manned or unmanned aircraft to automatically detect and...Airships, and/or Aerostats, (RF, Electro-Optical, Infrared, Video) • Land- based Sensor Systems (Attended/Mobile and Unattended: e.g., CCD, Motion, Acoustic...electronic surveillance technologies for intrusion detection and warning. These ground- based systems are primarily short-range, up to around 500 meters

Intrusion-based reasoning and depression: cross-sectional and prospective relationships.

PubMed

Berle, David; Moulds, Michelle L

2014-01-01

Intrusion-based reasoning refers to the tendency to form interpretations about oneself or a situation based on the occurrence of a negative intrusive autobiographical memory. Intrusion-based reasoning characterises post-traumatic stress disorder, but has not yet been investigated in depression. We report two studies that aimed to investigate this. In Study 1 both high (n = 42) and low (n = 28) dysphoric participants demonstrated intrusion-based reasoning. High-dysphoric individuals engaged in self-referent intrusion-based reasoning to a greater extent than did low-dysphoric participants. In Study 2 there were no significant differences in intrusion-based reasoning between currently depressed (n = 27) and non-depressed (n = 51) participants, and intrusion-based reasoning did not predict depressive symptoms at 6-month follow-up. Interestingly, previously (n = 26) but not currently (n = 27) depressed participants engaged in intrusion-based reasoning to a greater extent than never-depressed participants (n = 25), indicating the possibility that intrusion-based reasoning may serve as a "scar" from previous episodes. The implications of these findings are discussed.

Industrial Control System Process-Oriented Intrusion Detection (iPoid) Algorithm

DTIC Science & Technology

2016-08-01

inspection rules using an intrusion-detection system (IDS) sensor, a simulated Programmable Logic Controller (PLC), and a Modbus client operating...operating system PLC Programmable Logic Controller SCADA supervisory control and data acquisition SIGHUP signal hangup SPAN Switched Port Analyzer

A hybrid protection approaches for denial of service (DoS) attacks in wireless sensor networks

NASA Astrophysics Data System (ADS)

Gunasekaran, Mahalakshmi; Periakaruppan, Subathra

2017-06-01

Wireless sensor network (WSN) contains the distributed autonomous devices with the sensing capability of physical and environmental conditions. During the clustering operation, the consumption of more energy causes the draining in battery power that leads to minimum network lifetime. Hence, the WSN devices are initially operated on low-power sleep mode to maximise the lifetime. But, the attacks arrival cause the disruption in low-power operating called denial of service (DoS) attacks. The conventional intrusion detection (ID) approaches such as rule-based and anomaly-based methods effectively detect the DoS attacks. But, the energy consumption and false detection rate are more. The absence of attack information and broadcast of its impact to the other cluster head (CH) leads to easy DoS attacks arrival. This article combines the isolation and routing tables to detect the attack in the specific cluster and broadcasts the information to other CH. The intercommunication between the CHs prevents the DoS attacks effectively. In addition, the swarm-based defence approach is proposed to migrate the fault channel to normal operating channel through frequency hop approaches. The comparative analysis between the proposed table-based intrusion detection systems (IDSs) and swarm-based defence approaches with the traditional IDS regarding the parameters of transmission overhead/efficiency, energy consumption, and false positive/negative rates proves the capability of DoS prediction/prevention in WSN.

Weighted link graphs: a distributed IDS for secondary intrusion detection and defense

NASA Astrophysics Data System (ADS)

Zhou, Mian; Lang, Sheau-Dong

2005-03-01

While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer"s compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusion detection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.

Intrusion Detection System Visualization of Network Alerts

DTIC Science & Technology

2010-07-01

Intrusion Detection System Visualization of Network Alerts Dolores M. Zage and Wayne M. Zage Ball State University Final Report July 2010...contracts. Staff Wayne Zage, Director of the S2ERC and Professor, Department of Computer Science, Ball State University Dolores Zage, Research

Sleep Deprivation Attack Detection in Wireless Sensor Network

NASA Astrophysics Data System (ADS)

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-02-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maximize the power consumption of sensor nodes, so that their lifetime is minimized. Most of the existing works on sleep deprivation attack detection involve a lot of overhead, leading to poor throughput. The need of the day is to design a model for detecting intrusions accurately in an energy efficient manner. This paper proposes a hierarchical framework based on distributed collaborative mechanism for detecting sleep deprivation torture in wireless sensor network efficiently. Proposed model uses anomaly detection technique in two steps to reduce the probability of false intrusion.

A Hybrid Swarm Intelligence Algorithm for Intrusion Detection Using Significant Features.

PubMed

Amudha, P; Karthik, S; Sivakumari, S

2015-01-01

Intrusion detection has become a main part of network security due to the huge number of attacks which affects the computers. This is due to the extensive growth of internet connectivity and accessibility to information systems worldwide. To deal with this problem, in this paper a hybrid algorithm is proposed to integrate Modified Artificial Bee Colony (MABC) with Enhanced Particle Swarm Optimization (EPSO) to predict the intrusion detection problem. The algorithms are combined together to find out better optimization results and the classification accuracies are obtained by 10-fold cross-validation method. The purpose of this paper is to select the most relevant features that can represent the pattern of the network traffic and test its effect on the success of the proposed hybrid classification algorithm. To investigate the performance of the proposed method, intrusion detection KDDCup'99 benchmark dataset from the UCI Machine Learning repository is used. The performance of the proposed method is compared with the other machine learning algorithms and found to be significantly different.

A Hybrid Swarm Intelligence Algorithm for Intrusion Detection Using Significant Features

PubMed Central

Amudha, P.; Karthik, S.; Sivakumari, S.

2015-01-01

Intrusion detection has become a main part of network security due to the huge number of attacks which affects the computers. This is due to the extensive growth of internet connectivity and accessibility to information systems worldwide. To deal with this problem, in this paper a hybrid algorithm is proposed to integrate Modified Artificial Bee Colony (MABC) with Enhanced Particle Swarm Optimization (EPSO) to predict the intrusion detection problem. The algorithms are combined together to find out better optimization results and the classification accuracies are obtained by 10-fold cross-validation method. The purpose of this paper is to select the most relevant features that can represent the pattern of the network traffic and test its effect on the success of the proposed hybrid classification algorithm. To investigate the performance of the proposed method, intrusion detection KDDCup'99 benchmark dataset from the UCI Machine Learning repository is used. The performance of the proposed method is compared with the other machine learning algorithms and found to be significantly different. PMID:26221625

Passive intrusion detection system

NASA Technical Reports Server (NTRS)

Laue, E. G. (Inventor)

1980-01-01

An intrusion detection system is described in which crystal oscillators are used to provide a frequency which varies as a function of fluctuations of a particular environmental property of the atmosphere, e.g., humidity, in the protected volume. The system is based on the discovery that the frequency of an oscillator whose crystal is humidity sensitive, varies at a frequency or rate which is within a known frequency band, due to the entry of an intruder into the protected volume. The variable frequency is converted into a voltage which is then filtered by a filtering arrangement which permits only voltage variations at frequencies within the known frequency band to activate an alarm, while inhibiting the alarm activation when the voltage frequency is below or above the known frequency band.

Multi-Centrality Graph Spectral Decompositions and Their Application to Cyber Intrusion Detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Pin-Yu; Choudhury, Sutanay; Hero, Alfred

Many modern datasets can be represented as graphs and hence spectral decompositions such as graph principal component analysis (PCA) can be useful. Distinct from previous graph decomposition approaches based on subspace projection of a single topological feature, e.g., the centered graph adjacency matrix (graph Laplacian), we propose spectral decomposition approaches to graph PCA and graph dictionary learning that integrate multiple features, including graph walk statistics, centrality measures and graph distances to reference nodes. In this paper we propose a new PCA method for single graph analysis, called multi-centrality graph PCA (MC-GPCA), and a new dictionary learning method for ensembles ofmore » graphs, called multi-centrality graph dictionary learning (MC-GDL), both based on spectral decomposition of multi-centrality matrices. As an application to cyber intrusion detection, MC-GPCA can be an effective indicator of anomalous connectivity pattern and MC-GDL can provide discriminative basis for attack classification.« less

A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data

NASA Astrophysics Data System (ADS)

Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Inoue, Daisuke; Eto, Masashi; Nakao, Koji

Intrusion Detection Systems (IDS) have been received considerable attention among the network security researchers as one of the most promising countermeasures to defend our crucial computer systems or networks against attackers on the Internet. Over the past few years, many machine learning techniques have been applied to IDSs so as to improve their performance and to construct them with low cost and effort. Especially, unsupervised anomaly detection techniques have a significant advantage in their capability to identify unforeseen attacks, i.e., 0-day attacks, and to build intrusion detection models without any labeled (i.e., pre-classified) training data in an automated manner. In this paper, we conduct a set of experiments to evaluate and analyze performance of the major unsupervised anomaly detection techniques using real traffic data which are obtained at our honeypots deployed inside and outside of the campus network of Kyoto University, and using various evaluation criteria, i.e., performance evaluation by similarity measurements and the size of training data, overall performance, detection ability for unknown attacks, and time complexity. Our experimental results give some practical and useful guidelines to IDS researchers and operators, so that they can acquire insight to apply these techniques to the area of intrusion detection, and devise more effective intrusion detection models.

The Monitoring, Detection, Isolation and Assessment of Information Warfare Attacks Through Multi-Level, Multi-Scale System Modeling and Model Based Technology

DTIC Science & Technology

2004-01-01

login identity to the one under which the system call is executed, the parameters of the system call execution - file names including full path...Anomaly detection COAST-EIMDT Distributed on target hosts EMERALD Distributed on target hosts and security servers Signature recognition Anomaly...uses a centralized architecture, and employs an anomaly detection technique for intrusion detection. The EMERALD project [80] proposes a

An Adaptive Database Intrusion Detection System

ERIC Educational Resources Information Center

Barrios, Rita M.

2011-01-01

Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent…

Day, night and all-weather security surveillance automation synergy from combining two powerful technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Morellas, Vassilios; Johnson, Andrew; Johnston, Chris

2006-07-01

Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, night-time and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff andmore » landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics. (authors)« less

A hierarchical detection method in external communication for self-driving vehicles based on TDMA.

PubMed

Alheeti, Khattab M Ali; Al-Ani, Muzhir Shaban; McDonald-Maier, Klaus

2018-01-01

Security is considered a major challenge for self-driving and semi self-driving vehicles. These vehicles depend heavily on communications to predict and sense their external environment used in their motion. They use a type of ad hoc network termed Vehicular ad hoc networks (VANETs). Unfortunately, VANETs are potentially exposed to many attacks on network and application level. This paper, proposes a new intrusion detection system to protect the communication system of self-driving cars; utilising a combination of hierarchical models based on clusters and log parameters. This security system is designed to detect Sybil and Wormhole attacks in highway usage scenarios. It is based on clusters, utilising Time Division Multiple Access (TDMA) to overcome some of the obstacles of VANETs such as high density, high mobility and bandwidth limitations in exchanging messages. This makes the security system more efficient, accurate and capable of real time detection and quick in identification of malicious behaviour in VANETs. In this scheme, each vehicle log calculates and stores different parameter values after receiving the cooperative awareness messages from nearby vehicles. The vehicles exchange their log data and determine the difference between the parameters, which is utilised to detect Sybil attacks and Wormhole attacks. In order to realize efficient and effective intrusion detection system, we use the well-known network simulator (ns-2) to verify the performance of the security system. Simulation results indicate that the security system can achieve high detection rates and effectively detect anomalies with low rate of false alarms.

76 FR 38089 - Defense Federal Acquisition Regulation Supplement; Safeguarding Unclassified DoD Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-29

... encryption of data for storage and transmission, network protection and intrusion detection, and cyber... review of its unclassified network for evidence of intrusion to include, but is not limited to... DoD information within industry, nor does it address cyber intrusion reporting for that information...

Intrusion Detection for Defense at the MAC and Routing Layers of Wireless Networks

DTIC Science & Technology

2007-01-01

Space DoS Denial of Service DSR Dynamic Source Routing IDS Intrusion Detection System LAR Location-Aided Routing MAC Media Access Control MACA Multiple...different mobility parameters. 10 They simulate interaction between three MAC protocols ( MACA , 802.11 and CSMA) and three routing protocols (AODV, DSR

Multi-User Low Intrusive Occupancy Detection

PubMed Central

Widyawan, Widyawan; Lazovik, Alexander

2018-01-01

Smart spaces are those that are aware of their state and can act accordingly. Among the central elements of such a state is the presence of humans and their number. For a smart office building, such information can be used for saving energy and safety purposes. While acquiring presence information is crucial, using sensing techniques that are highly intrusive, such as cameras, is often not acceptable for the building occupants. In this paper, we illustrate a proposal for occupancy detection which is low intrusive; it is based on equipment typically available in modern offices such as room-level power-metering and an app running on workers’ mobile phones. For power metering, we collect the aggregated power consumption and disaggregate the load of each device. For the mobile phone, we use the Received Signal Strength (RSS) of BLE (Bluetooth Low Energy) nodes deployed around workspaces to localize the phone in a room. We test the system in our offices. The experiments show that sensor fusion of the two sensing modalities gives 87–90% accuracy, demonstrating the effectiveness of the proposed approach. PMID:29509693

An Optimal Method for Detecting Internal and External Intrusion in MANET

NASA Astrophysics Data System (ADS)

Rafsanjani, Marjan Kuchaki; Aliahmadipour, Laya; Javidi, Mohammad M.

Mobile Ad hoc Network (MANET) is formed by a set of mobile hosts which communicate among themselves through radio waves. The hosts establish infrastructure and cooperate to forward data in a multi-hop fashion without a central administration. Due to their communication type and resources constraint, MANETs are vulnerable to diverse types of attacks and intrusions. In this paper, we proposed a method for prevention internal intruder and detection external intruder by using game theory in mobile ad hoc network. One optimal solution for reducing the resource consumption of detection external intruder is to elect a leader for each cluster to provide intrusion service to other nodes in the its cluster, we call this mode moderate mode. Moderate mode is only suitable when the probability of attack is low. Once the probability of attack is high, victim nodes should launch their own IDS to detect and thwart intrusions and we call robust mode. In this paper leader should not be malicious or selfish node and must detect external intrusion in its cluster with minimum cost. Our proposed method has three steps: the first step building trust relationship between nodes and estimation trust value for each node to prevent internal intrusion. In the second step we propose an optimal method for leader election by using trust value; and in the third step, finding the threshold value for notifying the victim node to launch its IDS once the probability of attack exceeds that value. In first and third step we apply Bayesian game theory. Our method due to using game theory, trust value and honest leader can effectively improve the network security, performance and reduce resource consumption.

Verifying the secure setup of UNIX client/servers and detection of network intrusion

NASA Astrophysics Data System (ADS)

Feingold, Richard; Bruestle, Harry R.; Bartoletti, Tony; Saroyan, R. A.; Fisher, John M.

1996-03-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today's global `Infosphere' presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI's broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI's use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on the Ethernet broadcast Local Area Network segment and product transcripts of suspicious user connections. NID's retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.

Data based abnormality detection

NASA Astrophysics Data System (ADS)

Purwar, Yashasvi

Data based abnormality detection is a growing research field focussed on extracting information from feature rich data. They are considered to be non-intrusive and non-destructive in nature which gives them a clear advantage over conventional methods. In this study, we explore different streams of data based anomalies detection. We propose extension and revisions to existing valve stiction detection algorithm supported with industrial case study. We also explored the area of image analysis and proposed a complete solution for Malaria diagnosis. The proposed method is tested over images provided by pathology laboratory at Alberta Health Service. We also address the robustness and practicality of the solution proposed.

Non-Intrusive Magneto-Optic Detecting System for Investigations of Air Switching Arcs

NASA Astrophysics Data System (ADS)

Zhang, Pengfei; Zhang, Guogang; Dong, Jinlong; Liu, Wanying; Geng, Yingsan

2014-07-01

In current investigations of electric arc plasmas, experiments based on modern testing technology play an important role. To enrich the testing methods and contribute to the understanding and grasping of the inherent mechanism of air switching arcs, in this paper, a non-intrusive detecting system is described that combines the magneto-optic imaging (MOI) technique with the solution to inverse electromagnetic problems. The detecting system works in a sequence of main steps as follows: MOI of the variation of the arc flux density over a plane, magnetic field information extracted from the magneto-optic (MO) images, arc current density distribution and spatial pattern reconstruction by inverting the resulting field data. Correspondingly, in the system, an MOI set-up is designed based on the Faraday effect and the polarization properties of light, and an intelligent inversion algorithm is proposed that involves simulated annealing (SA). Experiments were carried out for high current (2 kA RMS) discharge cases in a typical low-voltage switchgear. The results show that the MO detection system possesses the advantages of visualization, high resolution and response, and electrical insulation, which provides a novel diagnostics tool for further studies of the arc.

Shape-based human detection for threat assessment

NASA Astrophysics Data System (ADS)

Lee, Dah-Jye; Zhan, Pengcheng; Thomas, Aaron; Schoenberger, Robert B.

2004-07-01

Detection of intrusions for early threat assessment requires the capability of distinguishing whether the intrusion is a human, an animal, or other objects. Most low-cost security systems use simple electronic motion detection sensors to monitor motion or the location of objects within the perimeter. Although cost effective, these systems suffer from high rates of false alarm, especially when monitoring open environments. Any moving objects including animals can falsely trigger the security system. Other security systems that utilize video equipment require human interpretation of the scene in order to make real-time threat assessment. Shape-based human detection technique has been developed for accurate early threat assessments for open and remote environment. Potential threats are isolated from the static background scene using differential motion analysis and contours of the intruding objects are extracted for shape analysis. Contour points are simplified by removing redundant points connecting short and straight line segments and preserving only those with shape significance. Contours are represented in tangent space for comparison with shapes stored in database. Power cepstrum technique has been developed to search for the best matched contour in database and to distinguish a human from other objects from different viewing angles and distances.

Non-intrusive optical study of gas and its exchange in human maxillary sinuses

NASA Astrophysics Data System (ADS)

Persson, L.; Andersson, M.; Svensson, T.; Cassel-Engquist, M.; Svanberg, K.; Svanberg, S.

2007-07-01

We demonstrate a novel non-intrusive technique based on tunable diode laser absorption spectroscopy to investigate human maxillary sinuses in vivo. The technique relies on the fact that free gases have much sharper absorption features (typical a few GHz) than the surrounding tissue. Molecular oxygen was detected at 760 nm. Volunteers have been investigated by injecting near-infrared light fibre-optically in contact with the palate inside the mouth. The multiply scattered light was detected externally by a handheld probe on and around the cheek bone. A significant signal difference in oxygen imprint was observed when comparing volunteers with widely different anamnesis regarding maxillary sinus status. Control measurements through the hand and through the cheek below the cheekbone were also performed to investigate any possible oxygen offset in the setup. These provided a consistently non-detectable signal level. The passages between the nasal cavity and the maxillary sinuses were also non-intrusively optically studied, to the best of our knowledge for the first time. These measurements provide information on the channel conductivity which may prove useful in facial sinus diagnostics. The results suggest that a clinical trial together with an ear-nose-throat (ENT) clinic should be carried out to investigate the clinical use of the new technique.

A Comparative Analysis of the Snort and Suricata Intrusion-Detection Systems

DTIC Science & Technology

2011-09-01

Category: Test Rules Test #6: Simple LFI Attack 43 Snort True Positive: Snort generated an alert based on the ‘/etc/ passwd ’ string passed...through an HTTP command. Suricata True Positive: Suricata generated an alert based on the ‘/etc/ passwd ’ string passed through an HTTP command

Autonomous navigation system and method

DOEpatents

Bruemmer, David J [Idaho Falls, ID; Few, Douglas A [Idaho Falls, ID

2009-09-08

A robot platform includes perceptors, locomotors, and a system controller, which executes instructions for autonomously navigating a robot. The instructions repeat, on each iteration through an event timing loop, the acts of defining an event horizon based on the robot's current velocity, detecting a range to obstacles around the robot, testing for an event horizon intrusion by determining if any range to the obstacles is within the event horizon, and adjusting rotational and translational velocity of the robot accordingly. If the event horizon intrusion occurs, rotational velocity is modified by a proportion of the current rotational velocity reduced by a proportion of the range to the nearest obstacle and translational velocity is modified by a proportion of the range to the nearest obstacle. If no event horizon intrusion occurs, translational velocity is set as a ratio of a speed factor relative to a maximum speed.

A network security monitor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Heberlein, L.T.; Dias, G.V.; Levitt, K.N.

1989-11-01

The study of security in computer networks is a rapidly growing area of interest because of the proliferation of networks and the paucity of security measures in most current networks. Since most networks consist of a collection of inter-connected local area networks (LANs), this paper concentrates on the security-related issues in a single broadcast LAN such as Ethernet. Specifically, we formalize various possible network attacks and outline methods of detecting them. Our basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, ourmore » work is similar to the host-based intrusion-detection systems such as SRI's IDES. Different from such systems, however, is our use of a hierarchical model to refine the focus of the intrusion-detection mechanism. We also report on the development of our experimental LAN monitor currently under implementation. Several network attacks have been simulated and results on how the monitor has been able to detect these attacks are also analyzed. Initial results demonstrate that many network attacks are detectable with our monitor, although it can surely be defeated. Current work is focusing on the integration of network monitoring with host-based techniques. 20 refs., 2 figs.« less

Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection

NASA Astrophysics Data System (ADS)

Levchuk, Georgiy; Colonna-Romano, John; Eslami, Mohammed

2017-05-01

The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP's host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.

Formal Methods for Information Protection Technology. Task 2: Mathematical Foundations, Architecture and Principles of Implementation of Multi-Agent Learning Components for Attack Detection in Computer Networks. Part 2

DTIC Science & Technology

2003-11-01

Lafayette, IN 47907. [Lane et al-97b] T. Lane and C . E. Brodley. Sequence matching and learning in anomaly detection for computer security. Proceedings of...Mining, pp 259-263. 1998. [Lane et al-98b] T. Lane and C . E. Brodley. Temporal sequence learning and data reduction for anomaly detection ...W. Lee, C . Park, and S. Stolfo. Towards Automatic Intrusion Detection using NFR. 1st USENIX Workshop on Intrusion Detection and Network Monitoring

A Non-Intrusive Pressure Sensor by Detecting Multiple Longitudinal Waves

PubMed Central

Zhou, Hongliang; Lin, Weibin; Ge, Xiaocheng; Zhou, Jian

2016-01-01

Pressure vessels are widely used in industrial fields, and some of them are safety-critical components in the system—for example, those which contain flammable or explosive material. Therefore, the pressure of these vessels becomes one of the critical measurements for operational management. In the paper, we introduce a new approach to the design of non-intrusive pressure sensors, based on ultrasonic waves. The model of this sensor is built based upon the travel-time change of the critically refracted longitudinal wave (LCR wave) and the reflected longitudinal waves with the pressure. To evaluate the model, experiments are carried out to compare the proposed model with other existing models. The results show that the proposed model can improve the accuracy compared to models based on a single wave. PMID:27527183

Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation

PubMed Central

Siraj, Maheyzah Md; Zainal, Anazida; Elshoush, Huwaida Tagelsir; Elhaj, Fatin

2016-01-01

Grouping and clustering alerts for intrusion detection based on the similarity of features is referred to as structurally base alert correlation and can discover a list of attack steps. Previous researchers selected different features and data sources manually based on their knowledge and experience, which lead to the less accurate identification of attack steps and inconsistent performance of clustering accuracy. Furthermore, the existing alert correlation systems deal with a huge amount of data that contains null values, incomplete information, and irrelevant features causing the analysis of the alerts to be tedious, time-consuming and error-prone. Therefore, this paper focuses on selecting accurate and significant features of alerts that are appropriate to represent the attack steps, thus, enhancing the structural-based alert correlation model. A two-tier feature selection method is proposed to obtain the significant features. The first tier aims at ranking the subset of features based on high information gain entropy in decreasing order. The‏ second tier extends additional features with a better discriminative ability than the initially ranked features. Performance analysis results show the significance of the selected features in terms of the clustering accuracy using 2000 DARPA intrusion detection scenario-specific dataset. PMID:27893821

A hierarchical detection method in external communication for self-driving vehicles based on TDMA

PubMed Central

Al-ani, Muzhir Shaban; McDonald-Maier, Klaus

2018-01-01

Security is considered a major challenge for self-driving and semi self-driving vehicles. These vehicles depend heavily on communications to predict and sense their external environment used in their motion. They use a type of ad hoc network termed Vehicular ad hoc networks (VANETs). Unfortunately, VANETs are potentially exposed to many attacks on network and application level. This paper, proposes a new intrusion detection system to protect the communication system of self-driving cars; utilising a combination of hierarchical models based on clusters and log parameters. This security system is designed to detect Sybil and Wormhole attacks in highway usage scenarios. It is based on clusters, utilising Time Division Multiple Access (TDMA) to overcome some of the obstacles of VANETs such as high density, high mobility and bandwidth limitations in exchanging messages. This makes the security system more efficient, accurate and capable of real time detection and quick in identification of malicious behaviour in VANETs. In this scheme, each vehicle log calculates and stores different parameter values after receiving the cooperative awareness messages from nearby vehicles. The vehicles exchange their log data and determine the difference between the parameters, which is utilised to detect Sybil attacks and Wormhole attacks. In order to realize efficient and effective intrusion detection system, we use the well-known network simulator (ns-2) to verify the performance of the security system. Simulation results indicate that the security system can achieve high detection rates and effectively detect anomalies with low rate of false alarms. PMID:29315302

In-situ trainable intrusion detection system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob

A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such thatmore » the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.« less

An artificial bioindicator system for network intrusion detection.

PubMed

Blum, Christian; Lozano, José A; Davidson, Pedro Pinacho

An artificial bioindicator system is developed in order to solve a network intrusion detection problem. The system, inspired by an ecological approach to biological immune systems, evolves a population of agents that learn to survive in their environment. An adaptation process allows the transformation of the agent population into a bioindicator that is capable of reacting to system anomalies. Two characteristics stand out in our proposal. On the one hand, it is able to discover new, previously unseen attacks, and on the other hand, contrary to most of the existing systems for network intrusion detection, it does not need any previous training. We experimentally compare our proposal with three state-of-the-art algorithms and show that it outperforms the competing approaches on widely used benchmark data.

Enhanced Deployment Strategy for Role-based Hierarchical Application Agents in Wireless Sensor Networks with Established Clusterheads

NASA Astrophysics Data System (ADS)

Gendreau, Audrey

Efficient self-organizing virtual clusterheads that supervise data collection based on their wireless connectivity, risk, and overhead costs, are an important element of Wireless Sensor Networks (WSNs). This function is especially critical during deployment when system resources are allocated to a subsequent application. In the presented research, a model used to deploy intrusion detection capability on a Local Area Network (LAN), in the literature, was extended to develop a role-based hierarchical agent deployment algorithm for a WSN. The resulting model took into consideration the monitoring capability, risk, deployment distribution cost, and monitoring cost associated with each node. Changing the original LAN methodology approach to model a cluster-based sensor network depended on the ability to duplicate a specific parameter that represented the monitoring capability. Furthermore, other parameters derived from a LAN can elevate costs and risk of deployment, as well as jeopardize the success of an application on a WSN. A key component of the approach presented in this research was to reduce the costs when established clusterheads in the network were found to be capable of hosting additional detection agents. In addition, another cost savings component of the study addressed the reduction of vulnerabilities associated with deployment of agents to high volume nodes. The effectiveness of the presented method was validated by comparing it against a type of a power-based scheme that used each node's remaining energy as the deployment value. While available energy is directly related to the model used in the presented method, the study deliberately sought out nodes that were identified with having superior monitoring capability, cost less to create and sustain, and are at low-risk of an attack. This work investigated improving the efficiency of an intrusion detection system (IDS) by using the proposed model to deploy monitoring agents after a temperature sensing application had established the network traffic flow to the sink. The same scenario was repeated using a power-based IDS to compare it against the proposed model. To identify a clusterhead's ability to host monitoring agents after the temperature sensing application terminated, the deployed IDS utilized the communication history and other network factors in order to rank the nodes. Similarly, using the node's communication history, the deployed power-based IDS ranked nodes based on their remaining power. For each individual scenario, and after the IDS application was deployed, the temperature sensing application was run for a second time. This time, to monitor the temperature sensing agents as the data flowed towards the sink, the network traffic was rerouted through the new intrusion detection clusterheads. Consequently, if the clusterheads were shared, the re-routing step was not preformed. Experimental results in this research demonstrated the effectiveness of applying a robust deployment metric to improve upon the energy efficiency of a deployed application in a multi-application WSN. It was found that in the scenarios with the intrusion detection application that utilized the proposed model resulted in more remaining energy than in the scenarios that implemented the power-based IDS. The algorithm especially had a positive impact on the small, dense, and more homogeneous networks. This finding was reinforced by the smaller percentage of new clusterheads that was selected. Essentially, the energy cost of the route to the sink was reduced because the network traffic was rerouted through fewer new clusterheads. Additionally, it was found that the intrusion detection topology that used the proposed approach formed smaller and more connected sets of clusterheads than the power-based IDS. As a consequence, this proposed approach essentially achieved the research objective for enhancing energy use in a multi-application WSN.

Cross-layer design for intrusion detection and data security in wireless ad hoc sensor networks

NASA Astrophysics Data System (ADS)

Hortos, William S.

2007-09-01

A wireless ad hoc sensor network is a configuration for area surveillance that affords rapid, flexible deployment in arbitrary threat environments. There is no infrastructure support and sensor nodes communicate with each other only when they are in transmission range. The nodes are severely resource-constrained, with limited processing, memory and power capacities and must operate cooperatively to fulfill a common mission in typically unattended modes. In a wireless sensor network (WSN), each sensor at a node can observe locally some underlying physical phenomenon and sends a quantized version of the observation to sink (destination) nodes via wireless links. Since the wireless medium can be easily eavesdropped, links can be compromised by intrusion attacks from nodes that may mount denial-of-service attacks or insert spurious information into routing packets, leading to routing loops, long timeouts, impersonation, and node exhaustion. A cross-layer design based on protocol-layer interactions is proposed for detection and identification of various intrusion attacks on WSN operation. A feature set is formed from selected cross-layer parameters of the WSN protocol to detect and identify security threats due to intrusion attacks. A separate protocol is not constructed from the cross-layer design; instead, security attributes and quantified trust levels at and among nodes established during data exchanges complement customary WSN metrics of energy usage, reliability, route availability, and end-to-end quality-of-service (QoS) provisioning. Statistical pattern recognition algorithms are applied that use observed feature-set patterns observed during network operations, viewed as security audit logs. These algorithms provide the "best" network global performance in the presence of various intrusion attacks. A set of mobile (software) agents distributed at the nodes implement the algorithms, by moving among the layers involved in the network response at each active node and trust neighborhood, collecting parametric information and executing assigned decision tasks. The communications overhead due to security mechanisms and the latency in network response are thus minimized by reducing the need to move large amounts of audit data through resource-limited nodes and by locating detection/identification programs closer to audit data. If network partitioning occurs due to uncoordinated node exhaustion, data compromise or other effects of the attacks, the mobile agents can continue to operate, thereby increasing fault tolerance in the network response to intrusions. Since the mobile agents behave like an ant colony in securing the WSN, published ant colony optimization (ACO) routines and other evolutionary algorithms are adapted to protect network security, using data at and through nodes to create audit records to detect and respond to denial-of-service attacks. Performance evaluations of algorithms are performed by simulation of a few intrusion attacks, such as black hole, flooding, Sybil and others, to validate the ability of the cross-layer algorithms to enable WSNs to survive the attacks. Results are compared for the different algorithms.

Molecular oxygen detection using frequency modulation diode laser spectroscopy

NASA Technical Reports Server (NTRS)

Wang, Liang-Guo; Sachse, Glen

1990-01-01

A high-sensitivity spectroscopic measurement of O2 using two-tone frequency modulation spectroscopy with a GaAlAs diode laser is presented. An oxygen sensor based on this technique would be non-intrusive, compact and possess high sensitivity and fast time response.

Watchdog Sensor Network with Multi-Stage RF Signal Identification and Cooperative Intrusion Detection

DTIC Science & Technology

2012-03-01

detection and physical layer authentication in mobile Ad Hoc networks and wireless sensor networks (WSNs) have been investigated. Résume Le rapport...IEEE 802.16 d and e (WiMAX); (b) IEEE 802.11 (Wi-Fi) family of a, b, g, n, and s (c) Sensor networks based on IEEE 802.15.4: Wireless USB, Bluetooth... sensor network are investigated for standard compatible wireless signals. The proposed signal existence detection and identification process consists

Geophysical Evidence for Magma Intrusion across the Non-Transform Offset between the Famous and North Famous segments of The Mid-Atlantic Ridge

NASA Astrophysics Data System (ADS)

Giusti, M.; Dziak, R. P.; Maia, M.; Perrot, J.; Sukhovich, A.

2017-12-01

In August of 2010 an unusually large earthquake sequence of >700 events occurred at the Famous and North Famous segments (36.5-37°N) of the Mid-Atlantic Ridge (MAR), recorded by an array of five hydrophones moored on the MAR flanks. The swarm extended spatially >70 km across the two segments. The non-transform offset (NTO) separating the two segements, which is thought to act as strucutural barrier, did not appear to impede or block the earthquake's spatial distribution. Broadband acoustic energy (1-30 Hz) was also observed and accompanied the onset of the swarm, lasting >20 hours. A total of 18 earthquakes from the swarm were detected teleseismically, four had Centroid-Moment Tensor (CMT) solutions derived. The CMT solutions indicated three normal faulting events, and one non-double couple (explosion) event. The spatio-temporal distribution of the seismicity and broadband energy show evidence of two magma dike intrusions at the North Famous segment, with one intrusion crossing the NTO. This is the first evidence for an intrusion event detected on the MAR south of the Azores since the 2001 Lucky Strike intrusion. Gravimetric data were required to identify whether or not the Famous area is indeed comprised of two segments down to the level of the upper mantle. A high resolution gravity anomaly map of the two segments has been realized, based on a two-dimensional polygons model (Chapman, 1979) and will be compared to gravimetric data originated from SUDACORES experiment (1998, Atalante ship, IFREMER research team). Combined with the earthquake observations, this gravity anomaly map should provide a better understanding the geodynamic processes of this non-transform offset and of the deep magmatic system driving the August 2010 swarm.

FRaC: a feature-modeling approach for semi-supervised and unsupervised anomaly detection.

PubMed

Noto, Keith; Brodley, Carla; Slonim, Donna

2012-01-01

Anomaly detection involves identifying rare data instances (anomalies) that come from a different class or distribution than the majority (which are simply called "normal" instances). Given a training set of only normal data, the semi-supervised anomaly detection task is to identify anomalies in the future. Good solutions to this task have applications in fraud and intrusion detection. The unsupervised anomaly detection task is different: Given unlabeled, mostly-normal data, identify the anomalies among them. Many real-world machine learning tasks, including many fraud and intrusion detection tasks, are unsupervised because it is impractical (or impossible) to verify all of the training data. We recently presented FRaC, a new approach for semi-supervised anomaly detection. FRaC is based on using normal instances to build an ensemble of feature models, and then identifying instances that disagree with those models as anomalous. In this paper, we investigate the behavior of FRaC experimentally and explain why FRaC is so successful. We also show that FRaC is a superior approach for the unsupervised as well as the semi-supervised anomaly detection task, compared to well-known state-of-the-art anomaly detection methods, LOF and one-class support vector machines, and to an existing feature-modeling approach.

FRaC: a feature-modeling approach for semi-supervised and unsupervised anomaly detection

PubMed Central

Brodley, Carla; Slonim, Donna

2011-01-01

Anomaly detection involves identifying rare data instances (anomalies) that come from a different class or distribution than the majority (which are simply called “normal” instances). Given a training set of only normal data, the semi-supervised anomaly detection task is to identify anomalies in the future. Good solutions to this task have applications in fraud and intrusion detection. The unsupervised anomaly detection task is different: Given unlabeled, mostly-normal data, identify the anomalies among them. Many real-world machine learning tasks, including many fraud and intrusion detection tasks, are unsupervised because it is impractical (or impossible) to verify all of the training data. We recently presented FRaC, a new approach for semi-supervised anomaly detection. FRaC is based on using normal instances to build an ensemble of feature models, and then identifying instances that disagree with those models as anomalous. In this paper, we investigate the behavior of FRaC experimentally and explain why FRaC is so successful. We also show that FRaC is a superior approach for the unsupervised as well as the semi-supervised anomaly detection task, compared to well-known state-of-the-art anomaly detection methods, LOF and one-class support vector machines, and to an existing feature-modeling approach. PMID:22639542

Verifying the secure setup of Unix client/servers and detection of network intrusion

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feingold, R.; Bruestle, H.R.; Bartoletti, T.

1995-07-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today`s global ``Infosphere`` presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to checkmore » on their security configuration. SPI`s broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI`s use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on an Ethernet broadcast Local Area Network segment and produce transcripts of suspicious user connections. NID`s retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.« less

Repeated magmatic intrusions at El Hierro Island following the 2011-2012 submarine eruption

NASA Astrophysics Data System (ADS)

Benito-Saz, Maria A.; Parks, Michelle M.; Sigmundsson, Freysteinn; Hooper, Andrew; García-Cañada, Laura

2017-09-01

After more than 200 years of quiescence, in July 2011 an intense seismic swarm was detected beneath the center of El Hierro Island (Canary Islands), culminating on 10 October 2011 in a submarine eruption, 2 km off the southern coast. Although the eruption officially ended on 5 March 2012, magmatic activity continued in the area. From June 2012 to March 2014, six earthquake swarms, indicative of magmatic intrusions, were detected underneath the island. We have studied these post-eruption intrusive events using GPS and InSAR techniques to characterize the ground surface deformation produced by each of these intrusions, and to determine the optimal source parameters (geometry, location, depth, volume change). Source inversions provide insight into the depth of the intrusions ( 11-16 km) and the volume change associated with each of them (between 0.02 and 0.13 km3). During this period, > 20 cm of uplift was detected in the central-western part of the island, corresponding to approximately 0.32-0.38 km3 of magma intruded beneath the volcano. We suggest that these intrusions result from deep magma migrating from the mantle, trapped at the mantle/lower crust discontinuity in the form of sill-like bodies. This study, using joint inversion of GPS and InSAR data in a post-eruption period, provides important insight into the characteristics of the magmatic plumbing system of El Hierro, an oceanic intraplate volcanic island.

49 CFR Appendix A to Part 209 - Statement of Agency Policy Concerning Enforcement of the Federal Railroad Safety Laws

Code of Federal Regulations, 2013 CFR

2013-10-01

... exercise of jurisdiction. In this context, the presence of intrusion detection devices to alert one or both... about sufficient intrusion detection and related safety measures designed to avoid a collision between...). By “general railroad system of transportation,” FRA refers to the network of standard gage track over...

49 CFR Appendix A to Part 209 - Statement of Agency Policy Concerning Enforcement of the Federal Railroad Safety Laws

Code of Federal Regulations, 2014 CFR

2014-10-01

... exercise of jurisdiction. In this context, the presence of intrusion detection devices to alert one or both... about sufficient intrusion detection and related safety measures designed to avoid a collision between...). By “general railroad system of transportation,” FRA refers to the network of standard gage track over...

49 CFR Appendix A to Part 209 - Statement of Agency Policy Concerning Enforcement of the Federal Railroad Safety Laws

Code of Federal Regulations, 2012 CFR

2012-10-01

... exercise of jurisdiction. In this context, the presence of intrusion detection devices to alert one or both... about sufficient intrusion detection and related safety measures designed to avoid a collision between...). By “general railroad system of transportation,” FRA refers to the network of standard gage track over...

VMSoar: a cognitive agent for network security

NASA Astrophysics Data System (ADS)

Benjamin, David P.; Shankar-Iyer, Ranjita; Perumal, Archana

2005-03-01

VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration"s weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from experience, the ability to solve a wide range of complex problems, and use of natural language to interact with humans. The approach used by VMSoar is very different from that taken by other vulnerability assessment or intrusion detection systems. VMSoar performs vulnerability assessments by using VMWare to create a virtual copy of the target machine then attacking the simulated machine with a wide assortment of exploits. VMSoar uses this same ability to perform intrusion detection. When trying to understand a sequence of network packets, VMSoar uses VMWare to make a virtual copy of the local portion of the network and then attempts to generate the observed packets on the simulated network by performing various exploits. This approach is initially slow, but VMSoar"s learning ability significantly speeds up both vulnerability assessment and intrusion detection. This paper describes the design and implementation of VMSoar, and initial experiments with Windows NT and XP.

Modeling and Analyzing Intrusion Attempts to a Computer Network Operating in a Defense in Depth Posture

DTIC Science & Technology

2004-09-01

protection. Firewalls, Intrusion Detection Systems (IDS’s), Anti-Virus (AV) software , and routers are such tools used. In recent years, computer security...associated with operating systems, application software , and computing hardware. When IDS’s are utilized on a host computer or network, there are two...primary approaches to detecting and / or preventing attacks. Traditional IDS’s, like most AV software , rely on known “signatures” to detect attacks

Pulsed thermography detection of water and hydraulic oil intrusion in the honeycomb sandwich structure composite

NASA Astrophysics Data System (ADS)

Zhao, Shi-bin; Zhang, Cun-lin; Wu, Nai-ming

2011-08-01

Water and hydraulic oil intrusion inside honeycomb sandwich Structure Composite during service has been linked to in-flight failure in some aircraft. There is an ongoing effort to develop nondestructive testing methods to detect the presence of water and hydraulic oil within the sandwich panels. Pulsed thermography(PT) represents an attractive approach in that it is sensitive to the change of thermal properties. Using a flash lamp PT, testing can be applied directly to the surface of the panel. The viability of PT is demonstrated through laboratory imaging of both water and hydraulic oil within sandwich panels. The detection of water and hydraulic oil intrusion using a one-sided flash lamp PT is presented. It is shown that simple detection, as well as spatial localization of water and hydraulic oil within sandwich panels, and assign the quantity of water and hydraulic oil is possible.

Distributed fiber optic moisture intrusion sensing system

DOEpatents

Weiss, Jonathan D.

2003-06-24

Method and system for monitoring and identifying moisture intrusion in soil such as is contained in landfills housing radioactive and/or hazardous waste. The invention utilizes the principle that moist or wet soil has a higher thermal conductance than dry soil. The invention employs optical time delay reflectometry in connection with a distributed temperature sensing system together with heating means in order to identify discrete areas within a volume of soil wherein temperature is lower. According to the invention an optical element and, optionally, a heating element may be included in a cable or other similar structure and arranged in a serpentine fashion within a volume of soil to achieve efficient temperature detection across a large area or three dimensional volume of soil. Remediation, moisture countermeasures, or other responsive action may then be coordinated based on the assumption that cooler regions within a soil volume may signal moisture intrusion where those regions are located.

Identifying seawater intrusion in coastal areas by means of 1D and quasi-2D joint inversion of TDEM and VES data

NASA Astrophysics Data System (ADS)

Martínez-Moreno, F. J.; Monteiro-Santos, F. A.; Bernardo, I.; Farzamian, M.; Nascimento, C.; Fernandes, J.; Casal, B.; Ribeiro, J. A.

2017-09-01

Seawater intrusion is an increasingly widespread problem in coastal aquifers caused by climate changes -sea-level rise, extreme phenomena like flooding and droughts- and groundwater depletion near to the coastline. To evaluate and mitigate the environmental risks of this phenomenon it is necessary to characterize the coastal aquifer and the salt intrusion. Geophysical methods are the most appropriate tool to address these researches. Among all geophysical techniques, electrical methods are able to detect seawater intrusions due to the high resistivity contrast between saltwater, freshwater and geological layers. The combination of two or more geophysical methods is recommended and they are more efficient when both data are inverted jointly because the final model encompasses the physical properties measured for each methods. In this investigation, joint inversion of vertical electric and time domain soundings has been performed to examine seawater intrusion in an area within the Ferragudo-Albufeira aquifer system (Algarve, South of Portugal). For this purpose two profiles combining electrical resistivity tomography (ERT) and time domain electromagnetic (TDEM) methods were measured and the results were compared with the information obtained from exploration drilling. Three different inversions have been carried out: single inversion of the ERT and TDEM data, 1D joint inversion and quasi-2D joint inversion. Single inversion results identify seawater intrusion, although the sedimentary layers detected in exploration drilling were not well differentiated. The models obtained with 1D joint inversion improve the previous inversion due to better detection of sedimentary layer and the seawater intrusion appear to be better defined. Finally, the quasi-2D joint inversion reveals a more realistic shape of the seawater intrusion and it is able to distinguish more sedimentary layers recognised in the exploration drilling. This study demonstrates that the quasi-2D joint inversion improves the previous inversions methods making it a powerful tool applicable to different research areas.

Ultra-long high-sensitivity Φ-OTDR for high spatial resolution intrusion detection of pipelines.

PubMed

Peng, Fei; Wu, Han; Jia, Xin-Hong; Rao, Yun-Jiang; Wang, Zi-Nan; Peng, Zheng-Pu

2014-06-02

An ultra-long phase-sensitive optical time domain reflectometry (Φ-OTDR) that can achieve high-sensitivity intrusion detection over 131.5km fiber with high spatial resolution of 8m is presented, which is the longest Φ-OTDR reported to date, to the best of our knowledge. It is found that the combination of distributed Raman amplification with heterodyne detection can extend the sensing distance and enhances the sensitivity substantially, leading to the realization of ultra-long Φ-OTDR with high sensitivity and spatial resolution. Furthermore, the feasibility of applying such an ultra-long Φ-OTDR to pipeline security monitoring is demonstrated and the features of intrusion signal can be extracted with improved SNR by using the wavelet detrending/denoising method proposed.

Real-time determination of the efficacy of residual disinfection to limit wastewater contamination in a water distribution system using filtration-based luminescence.

PubMed

Lee, Jiyoung; Deininger, Rolf A

2010-05-01

Water distribution systems can be vulnerable to microbial contamination through cross-connections, wastewater backflow, the intrusion of soiled water after a loss of pressure resulting from an electricity blackout, natural disaster, or intentional contamination of the system in a bioterrrorism event. The most urgent matter a water treatment utility would face in this situation is detecting the presence and extent of a contamination event in real-time, so that immediate action can be taken to mitigate the problem. The current approved microbiological detection methods are culture-based plate count methods, which require incubation time (1 to 7 days). This long period of time would not be useful for the protection of public health. This study was designed to simulate wastewater intrusion in a water distribution system. The objectives were 2-fold: (1) real-time detection of water contamination, and (2) investigation of the sustainability of drinking water systems to suppress the contamination with secondary disinfectant residuals (chlorine and chloramine). The events of drinking water contamination resulting from a wastewater addition were determined by filtration-based luminescence assay. The water contamination was detected by luminescence method within 5 minutes. The signal amplification attributed to wastewater contamination was clear-102-fold signal increase. After 1 hour, chlorinated water could inactivate 98.8% of the bacterial contaminant, while chloraminated water reduced 77.2%.

Perimeter intrusion detection and assessment system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eaton, M.J.; Jacobs, J.; McGovern, D.E.

1977-01-01

The key elements of the system considered at a materials storage site are intrusion sensors, alarm assessment, and system control and display. Three papers discussing each of these topics are compiled. They are abstracted individually. (JSR)

Detection of deep stratospheric intrusions by cosmogenic 35S

PubMed Central

Su, Lin; Shaheen, Robina; Fung, Jimmy C. H.; Thiemens, Mark H.

2016-01-01

The extent to which stratospheric intrusions on synoptic scales influence the tropospheric ozone (O3) levels remains poorly understood, because quantitative detection of stratospheric air has been challenging. Cosmogenic 35S mainly produced in the stratosphere has the potential to identify stratospheric air masses at ground level, but this approach has not yet been unambiguously shown. Here, we report unusually high 35S concentrations (7,390 atoms m−3; ∼16 times greater than annual average) in fine sulfate aerosols (aerodynamic diameter less than 0.95 µm) collected at a coastal site in southern California on May 3, 2014, when ground-level O3 mixing ratios at air quality monitoring stations across southern California (43 of 85) exceeded the recently revised US National Ambient Air Quality Standard (daily maximum 8-h average: 70 parts per billion by volume). The stratospheric origin of the significantly enhanced 35S level is supported by in situ measurements of air pollutants and meteorological variables, satellite observations, meteorological analysis, and box model calculations. The deep stratospheric intrusion event was driven by the coupling between midlatitude cyclones and Santa Ana winds, and it was responsible for the regional O3 pollution episode. These results provide direct field-based evidence that 35S is an additional sensitive and unambiguous tracer in detecting stratospheric air in the boundary layer and offer the potential for resolving the stratospheric influences on the tropospheric O3 level. PMID:27655890

Trust Management in Mobile Ad Hoc Networks for Bias Minimization and Application Performance Maximization

DTIC Science & Technology

2014-02-26

set of anomaly detection rules 62 I.-R. Chen et al. / Ad Hoc Networks 19 (2014) 59–74 Author’s personal copy including the interval rule (for...deficiencies in anomaly detection (e.g., imperfection of rules) by a false negative probability (PHfn) of misidentifying an unhealthy node as a...multimedia servers, Multimedia Syst. 8 (2) (2000) 83–91. [53] R. Mitchell, I.R. Chen, Adaptive intrusion detection for unmanned aircraft systems based on

Case-Based Multi-Sensor Intrusion Detection

NASA Astrophysics Data System (ADS)

Schwartz, Daniel G.; Long, Jidong

2009-08-01

Multi-sensor intrusion detection systems (IDSs) combine the alerts raised by individual IDSs and possibly other kinds of devices such as firewalls and antivirus software. A critical issue in building a multi-sensor IDS is alert-correlation, i.e., determining which alerts are caused by the same attack. This paper explores a novel approach to alert correlation using case-based reasoning (CBR). Each case in the CBR system's library contains a pattern of alerts raised by some known attack type, together with the identity of the attack. Then during run time, the alert streams gleaned from the sensors are compared with the patterns in the cases, and a match indicates that the attack described by that case has occurred. For this purpose the design of a fast and accurate matching algorithm is imperative. Two such algorithms were explored: (i) the well-known Hungarian algorithm, and (ii) an order-preserving matching of our own device. Tests were conducted using the DARPA Grand Challenge Problem attack simulator. These showed that the both matching algorithms are effective in detecting attacks; but the Hungarian algorithm is inefficient; whereas the order-preserving one is very efficient, in fact runs in linear time.

A climatology of frozen-in anticyclones in the spring arctic stratosphere over the period 1960-2011

NASA Astrophysics Data System (ADS)

ThiéBlemont, RéMi; Orsolini, Yvan J.; Hauchecorne, Alain; Drouin, Marc-Antoine; Huret, Nathalie

2013-02-01

During springtime, following the stratospheric final warming, intrusions from low latitudes can become trapped at polar latitudes in long-lived anticyclones. Such "frozen-in" anticyclones (FrIACs) have occasionally been observed to persist as late as August, advected by summer easterlies. In this study, the high-resolution advection contour model MIMOSA is used to advect a pseudo-potential vorticity tracer. The model is driven by ERA-40 and the ERA-Interim reanalyses over the period 1960-2011. We first identify a remarkable FrIAC event in spring 2011. In addition, we developed a method to detect the characteristic size of low-latitude intrusions into the polar region at the time of the spring transition, over the period 1960-2011. Years are classified as either Type-A when the intrusions are small or as Type-B when intrusions are large, potentially evolving into FrIACs. For a FrIAC to occur, we require an additional criterion based on the in-phase character of the core of the intrusions and the anticyclone. During the 52 analyzed years, 9 events have been identified: 1 in the 1960s, 1 in the 1980s, 2 in the 1990s, and 5 from 2002. FrIAC are predominantly long-lived intrusions, which occur in association with abrupt and early reversal to summer easterlies with a large heat flux pulse around the date of this wind reversal. Finally, the results are discussed in a climatological context.

A Climatology of Frozen-In Anticyclones in the Spring Arctic Stratosphere over the Period 1960-2011

NASA Astrophysics Data System (ADS)

Thiéblemont, Rémi; Orsolini, Yvan J.; Huret, Nathalie; Hauchecorne, Alain; Drouin, Marc-Antoine

2013-04-01

During springtime, following the stratospheric final warming, intrusions from low latitudes can become trapped at polar latitudes in long-lived anticyclones. Such "frozen-in" anticyclones (FrIACs) have occasionally been observed to persist as late as August, advected by summer easterlies. In this study, the high-resolution advection contour model MIMOSA is used to advect a pseudo-potential vorticity tracer. The model is driven by ERA-40 and the ERA-Interim reanalyses over the period 1960-2011. We first identify a remarkable FrIAC event in spring 2011. In addition, we developed a method to detect the characteristic size of low-latitude intrusions into the polar region at the time of the spring transition, over the period 1960-2011. Years are classified as either Type-A when the intrusions are small, or as Type-B when intrusions are large, potentially evolving into FrIACs. For a FrIAC to occur, we require an additional criterion based on the in-phase character of the core of the intrusions and the anticyclone. During the 52 analysed years, 9 events have been identified: 1 in the 1960s, 1 in the 1980s, 2 in the 1990s and 5 from 2002. FrIAC are predominantly long-lived intrusions, which occur in association with abrupt and early reversal to summer easterlies with a large heat flux pulse around the date of this wind reversal. Finally, the results are discussed in a climatological context.

[An Extraction and Recognition Method of the Distributed Optical Fiber Vibration Signal Based on EMD-AWPP and HOSA-SVM Algorithm].

PubMed

Zhang, Yanjun; Liu, Wen-zhe; Fu, Xing-hu; Bi, Wei-hong

2016-02-01

Given that the traditional signal processing methods can not effectively distinguish the different vibration intrusion signal, a feature extraction and recognition method of the vibration information is proposed based on EMD-AWPP and HOSA-SVM, using for high precision signal recognition of distributed fiber optic intrusion detection system. When dealing with different types of vibration, the method firstly utilizes the adaptive wavelet processing algorithm based on empirical mode decomposition effect to reduce the abnormal value influence of sensing signal and improve the accuracy of signal feature extraction. Not only the low frequency part of the signal is decomposed, but also the high frequency part the details of the signal disposed better by time-frequency localization process. Secondly, it uses the bispectrum and bicoherence spectrum to accurately extract the feature vector which contains different types of intrusion vibration. Finally, based on the BPNN reference model, the recognition parameters of SVM after the implementation of the particle swarm optimization can distinguish signals of different intrusion vibration, which endows the identification model stronger adaptive and self-learning ability. It overcomes the shortcomings, such as easy to fall into local optimum. The simulation experiment results showed that this new method can effectively extract the feature vector of sensing information, eliminate the influence of random noise and reduce the effects of outliers for different types of invasion source. The predicted category identifies with the output category and the accurate rate of vibration identification can reach above 95%. So it is better than BPNN recognition algorithm and improves the accuracy of the information analysis effectively.

Performance Assessment of Network Intrusion-Alert Prediction

DTIC Science & Technology

2012-09-01

the threats. In this thesis, we use Snort to generate the intrusion detection alerts. 2. SNORT Snort is an open source network intrusion...standard for IPS. (Snort, 2012) We choose Snort because it is an open source product that is free to download and can be deployed cross-platform...Learning & prediction in relational time series: A survey. 21st Behavior Representation in Modeling & Simulation ( BRIMS ) Conference 2012, 93–100. Tan

Cybersecurity Intrusion Detection and Monitoring for Field Area Network: Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pietrowicz, Stanley

This report summarizes the key technical accomplishments, industry impact and performance of the I2-CEDS grant entitled “Cybersecurity Intrusion Detection and Monitoring for Field Area Network”. Led by Applied Communication Sciences (ACS/Vencore Labs) in conjunction with its utility partner Sacramento Municipal Utility District (SMUD), the project accelerated research on a first-of-its-kind cybersecurity monitoring solution for Advanced Meter Infrastructure and Distribution Automation field networks. It advanced the technology to a validated, full-scale solution that detects anomalies, intrusion events and improves utility situational awareness and visibility. The solution was successfully transitioned and commercialized for production use as SecureSmart™ Continuous Monitoring. Discoveries made withmore » SecureSmart™ Continuous Monitoring led to tangible and demonstrable improvements in the security posture of the US national electric infrastructure.« less

Identification of Tropical-Extratropical Interactions and Extreme Precipitation Events in the Middle East Based On Potential Vorticity and Moisture Transport

NASA Astrophysics Data System (ADS)

de Vries, A. J.; Ouwersloot, H. G.; Feldstein, S. B.; Riemer, M.; El Kenawy, A. M.; McCabe, M. F.; Lelieveld, J.

2018-01-01

Extreme precipitation events in the otherwise arid Middle East can cause flooding with dramatic socioeconomic impacts. Most of these events are associated with tropical-extratropical interactions, whereby a stratospheric potential vorticity (PV) intrusion reaches deep into the subtropics and forces an incursion of high poleward vertically integrated water vapor transport (IVT) into the Middle East. This study presents an object-based identification method for extreme precipitation events based on the combination of these two larger-scale meteorological features. The general motivation for this approach is that precipitation is often poorly simulated in relatively coarse weather and climate models, whereas the synoptic-scale circulation is much better represented. The algorithm is applied to ERA-Interim reanalysis data (1979-2015) and detects 90% (83%) of the 99th (97.5th) percentile of extreme precipitation days in the region of interest. Our results show that stratospheric PV intrusions and IVT structures are intimately connected to extreme precipitation intensity and seasonality. The farther south a stratospheric PV intrusion reaches, the larger the IVT magnitude, and the longer the duration of their combined occurrence, the more extreme the precipitation. Our algorithm detects a large fraction of the climatological rainfall amounts (40-70%), heavy precipitation days (50-80%), and the top 10 extreme precipitation days (60-90%) at many sites in southern Israel and the northern and western parts of Saudi Arabia. This identification method provides a new tool for future work to disentangle teleconnections, assess medium-range predictability, and improve understanding of climatic changes of extreme precipitation in the Middle East and elsewhere.

Scanning seismic intrusion detection method and apparatus. [monitoring unwanted subterranean entry and departure

NASA Technical Reports Server (NTRS)

Lee, R. D. (Inventor)

1983-01-01

An intrusion monitoring system includes an array of seismic sensors, such as geophones, arranged along a perimeter to be monitored for unauthorized intrusion as by surface movement or tunneling. Two wires lead from each sensor to a central monitoring station. The central monitoring station has three modes of operation. In a first mode of operation, the output of all of the seismic sensors is summed into a receiver for amplification and detection. When the amplitude of the summed signals exceeds a certain predetermined threshold value an alarm is sounded. In a second mode of operation, the individual output signals from the sensors are multiplexed into the receiver for sequentially interrogating each of the sensors.

Demonstration of Advanced EMI Models for Live-Site UXO Discrimination at Waikoloa, Hawaii

DTIC Science & Technology

2015-12-01

magnetic source models PNN Probabilistic Neural Network SERDP Strategic Environmental Research and Development Program SLO San Luis Obispo...SNR Signal to noise ratio SVM Support vector machine TD Time Domain TEMTADS Time Domain Electromagnetic Towed Array Detection System TOI... intrusive procedure, which was used by Parsons at WMA, failed to document accurately all intrusive results, or failed to detect and clear all UXO like

A Next Generation Repository for Sharing Sensitive Network and Security Data

DTIC Science & Technology

2018-01-01

submission, and 5 yearly IRB reviews d. Provided legal support for MOA data provider and host agreements and amendments e. Feedback and bug reporting...intrusion detection methods and systems , b) event- reconstruction and evidence-based insights into global trends (e.g., DDoS attacks and malware...propagation), and c) situational awareness (e.g., outage detection). We have leveraged IMPACT’s policy and legal framework to minimize any risks associated

On-line detection of Escherichia coli intrusion in a pilot-scale drinking water distribution system.

PubMed

Ikonen, Jenni; Pitkänen, Tarja; Kosse, Pascal; Ciszek, Robert; Kolehmainen, Mikko; Miettinen, Ilkka T

2017-08-01

Improvements in microbial drinking water quality monitoring are needed for the better control of drinking water distribution systems and for public health protection. Conventional water quality monitoring programmes are not always able to detect a microbial contamination of drinking water. In the drinking water production chain, in addition to the vulnerability of source waters, the distribution networks are prone to contamination. In this study, a pilot-scale drinking-water distribution network with an on-line monitoring system was utilized for detecting bacterial intrusion. During the experimental Escherichia coli intrusions, the contaminant was measured by applying a set of on-line sensors for electric conductivity (EC), pH, temperature (T), turbidity, UV-absorbance at 254 nm (UVAS SC) and with a device for particle counting. Monitored parameters were compared with the measured E. coli counts using the integral calculations of the detected peaks. EC measurement gave the strongest signal compared with the measured baseline during the E. coli intrusion. Integral calculations showed that the peaks in the EC, pH, T, turbidity and UVAS SC data were detected corresponding to the time predicted. However, the pH and temperature peaks detected were barely above the measured baseline and could easily be mixed with the background noise. The results indicate that on-line monitoring can be utilized for the rapid detection of microbial contaminants in the drinking water distribution system although the peak interpretation has to be performed carefully to avoid being mixed up with normal variations in the measurement data. Copyright © 2017 Elsevier Ltd. All rights reserved.

In-ground optical fibre Bragg grating pressure switch for security applications

NASA Astrophysics Data System (ADS)

Allwood, Gary; Wild, Graham; Hinckley, Steven

2012-02-01

In this study, a fibre Bragg grating (FBG) was embedded beneath three common flooring materials acting as a pressure switch for in-ground intrusion detection. This is achieved using an intensiometric detection system, where a laser diode and FBG were optically mismatched so that there was a static dc offset from the transmitted and reflected optical power signals. As pressure was applied, in the form of a footstep, a strain induced wavelength shift occurred that could then be detected by converting the wavelength shift into an intensity change. The change in intensity caused a significant change in the DC offset which behaved as on optical switch. This switch could easily be configured to trigger an alarm if required. The intention is to use the FBG sensor as an in-ground intrusion detection pressure switch to detect an intruder walking within range of the sensor. This type of intrusion detection system can be applied to both external (in soil, etc) and internal (within the foundations or flooring of the home) security systems. The results show that a person's footstep can clearly be detected through solid wood flooring, laminate flooring, and ceramic floor tiles.

Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

NASA Astrophysics Data System (ADS)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

Potential for portal detection of human chemical and biological contamination

NASA Astrophysics Data System (ADS)

Settles, Gary S.; McGann, William J.

2001-08-01

The walk-through metal-detection portal is a paradigm of non-intrusive passenger screening in aviation security. Modern explosive detection portals based on this paradigm will soon appear in airports. This paper suggests that the airborne trace detection technology developed for that purpose can also be adapted to human chemical and biological contamination. The waste heat of the human body produces a rising warm-air sheath of 50-80 liters/sec known as the human thermal plume. Contained within this plume are hundreds of bioeffluents from perspiration and breath, and millions of skin flakes. Since early medicine, the airborne human scent was used in the diagnosis of disease. Recent examples also include toxicity and substance abuse, but this approach has never been quantified. The appearance of new bioeffluents or subtle changes in the steady-state may signal the onset of a chemical/biological attack. Portal sampling of the human thermal plume is suggested, followed by a pre-concentration step and the detection of the attacking agent or the early human response. The ability to detect nanogram levels of explosive trace contamination this way was already demonstrated. Key advantages of the portal approach are its rapidity and non-intrusiveness, and the advantage that it does not require the traditional bodily fluid or tissue sampling.

Intrusion Detection and Forensics for Self-Defending Wireless Networks

DTIC Science & Technology

2012-12-01

ICNP), Nov. 2007. 5. Yao Zhao, Yan Chen, Bo Li, and Qian Zhang, Hop ID: A Virtual Coordinate based Routing for Sparse Mobile Ad Hoc Networks, in...Liu, Hongbo Zhao, Kai Chen and Yan Chen, " DISCO : Memory Efficient and Accurate Flow Statistics for Network Measurement", in the Proc. of IEEE ICDCS

Perimeter intrusion detection and assessment system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eaton, M.J.; Jacobs, J.; McGovern, D.E.

1977-11-01

To obtain an effective perimeter intrusion detection system requires careful sensor selection, procurement, and installation. The selection process involves a thorough understanding of the unique site features and how these features affect the performance of each type of sensor. It is necessary to develop procurement specifications to establish acceptable sensor performance limits. Careful explanation and inspection of critical installation dimensions is required during on-site construction. The implementation of these activities at a particular site is discussed.

A Targeted Attack For Enhancing Resiliency of Intelligent Intrusion Detection Modules in Energy Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Youssef, Tarek; El Hariri, Mohammad; Habib, Hani

Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware tomore » trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.« less

A new intrusion prevention model using planning knowledge graph

NASA Astrophysics Data System (ADS)

Cai, Zengyu; Feng, Yuan; Liu, Shuru; Gan, Yong

2013-03-01

Intelligent plan is a very important research in artificial intelligence, which has applied in network security. This paper proposes a new intrusion prevention model base on planning knowledge graph and discuses the system architecture and characteristics of this model. The Intrusion Prevention based on plan knowledge graph is completed by plan recognition based on planning knowledge graph, and the Intrusion response strategies and actions are completed by the hierarchical task network (HTN) planner in this paper. Intrusion prevention system has the advantages of intelligent planning, which has the advantage of the knowledge-sharing, the response focused, learning autonomy and protective ability.

Modeling And Detecting Anomalies In Scada Systems

NASA Astrophysics Data System (ADS)

Svendsen, Nils; Wolthusen, Stephen

The detection of attacks and intrusions based on anomalies is hampered by the limits of specificity underlying the detection techniques. However, in the case of many critical infrastructure systems, domain-specific knowledge and models can impose constraints that potentially reduce error rates. At the same time, attackers can use their knowledge of system behavior to mask their manipulations, causing adverse effects to observed only after a significant period of time. This paper describes elementary statistical techniques that can be applied to detect anomalies in critical infrastructure networks. A SCADA system employed in liquefied natural gas (LNG) production is used as a case study.

Non-intrusive tunable resonant microwave cavity for optical detected magnetic resonance of NV centres in nanodiamonds

NASA Astrophysics Data System (ADS)

Le Floch, Jean-Michel; Bradac, Carlo; Volz, Thomas; Tobar, Michael E.; Castelletto, Stefania

2013-12-01

Optically detected magnetic resonance (ODMR) in nanodiamond nitrogen-vacancy (NV) centres is usually achieved by applying a microwave field delivered by micron-size wires, strips or antennas directly positioned in very close proximity (~ μm) of the nanodiamond crystals. The microwave field couples evanescently with the ground state spin transition of the NV centre (2.87 GHz at zero magnetic field), which results in a reduction of the centre photoluminescence. We propose an alternative approach based on the construction of a dielectric resonator. We show that such a resonator allows for the efficient detection of NV spins in nanodiamonds without the constraints associated to the laborious positioning of the microwave antenna next to the nanodiamonds, providing therefore improved flexibility. The resonator is based on a tunable Transverse Electric Mode in a dielectric-loaded cavity, and we demonstrate that the resonator can detect single NV centre spins in nanodiamonds using less microwave power than alternative techniques in a non-intrusive manner. This method can achieve higher precision measurement of ODMR of paramagnetic defects spin transition in the micro to millimetre-wave frequency domain. Our approach would permit the tracking of NV centres in biological solutions rather than simply on the surface, which is desirable in light of the recently proposed applications of using nanodiamonds containing NV centres for spin labelling in biological systems with single spin and single particle resolution.

Testing the differential effects of acceptance and attention-based psychological interventions on intrusive thoughts and worry.

PubMed

Ainsworth, B; Bolderston, H; Garner, M

2017-04-01

Worry is a key component of anxiety and may be an effective target for therapeutic intervention. We compared two psychological processes (attention and acceptance) on the frequency of intrusive worrying thoughts in an experimental worry task. 77 participants were randomised across three groups and completed either a 10 min attention or acceptance-based psychological exercise, or progressive muscle relaxation control. We subsequently measured anxiety, and the content and frequency of intrusive thoughts before and after a 'worry induction task'. Groups did not differ in baseline worry, anxiety or thought intrusions. Both attention and acceptance-based groups experienced fewer negative thought intrusions (post-worry) compared to the relaxation control group. The acceptance exercise had the largest effect, preventing 'worry induction'. Increases in negative intrusive thoughts predicted subjective anxiety. We provide evidence that acceptance and attention psychological exercises may reduce anxiety by reducing the negative thought intrusions that characterise worry. Copyright © 2017 The Authors. Published by Elsevier Ltd.. All rights reserved.

From measurements to metrics: PCA-based indicators of cyber anomaly

NASA Astrophysics Data System (ADS)

Ahmed, Farid; Johnson, Tommy; Tsui, Sonia

2012-06-01

We present a framework of the application of Principal Component Analysis (PCA) to automatically obtain meaningful metrics from intrusion detection measurements. In particular, we report the progress made in applying PCA to analyze the behavioral measurements of malware and provide some preliminary results in selecting dominant attributes from an arbitrary number of malware attributes. The results will be useful in formulating an optimal detection threshold in the principal component space, which can both validate and augment existing malware classifiers.

Real Time Intrusion Detection (la detection des intrusions en temps reel)

DTIC Science & Technology

2003-06-01

prometteuses actuelles et nouvelles, susceptibles d’être utilisées pour des applications temps réel, et laisse prévoir ainsi les technologies et les...components, to survivability, as a risk management problem requiring the involvement of the whole organization to support the survival of the organization’s...this topic. In all fairness , until recently “reaction” has not been part of IDS’s functionality. Above all and as stated previously, traditional RT

Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems

PubMed Central

Laftah Al-Yaseen, Wathiq; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree

2015-01-01

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy. PMID:26161437

Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems.

PubMed

Laftah Al-Yaseen, Wathiq; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree

2015-01-01

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

A research using hybrid RBF/Elman neural networks for intrusion detection system secure model

NASA Astrophysics Data System (ADS)

Tong, Xiaojun; Wang, Zhu; Yu, Haining

2009-10-01

A hybrid RBF/Elman neural network model that can be employed for both anomaly detection and misuse detection is presented in this paper. The IDSs using the hybrid neural network can detect temporally dispersed and collaborative attacks effectively because of its memory of past events. The RBF network is employed as a real-time pattern classification and the Elman network is employed to restore the memory of past events. The IDSs using the hybrid neural network are evaluated against the intrusion detection evaluation data sponsored by U.S. Defense Advanced Research Projects Agency (DARPA). Experimental results are presented in ROC curves. Experiments show that the IDSs using this hybrid neural network improve the detection rate and decrease the false positive rate effectively.

Resolving the architecture of monogenetic feeder systems from exposures of extinct volcanic fields

NASA Astrophysics Data System (ADS)

Muirhead, J.; Van Eaton, A. R.; Re, G.; White, J. D. L.; Ort, M. H.

2016-12-01

Monogenetic volcanic fields pose hazards to a number of major cities worldwide. During an eruption, the evolution of the intrusive feeder network modulates eruption behavior and location, as well as the warning signs of impending activity. However, historical examples of monogenetic eruptions are rare, particularly those monitored with the modern tools required to constrain the geometry and interconnectivity of subsurface intrusive feeders (e.g., InSAR, GPS). Geologic exposures in extinct fields around the Colorado Plateau provide clues to the geometry of shallow intrusions (<1000 m depth) that feed monogenetic volcanoes. We present field- and satellite-based observations of exposed intrusions in the Hopi Buttes volcanic field (Arizona), which reveal that many eruptions were fed by interconnected dike-sill systems. Results from the Hopi Buttes show that volcanic cone alignment studies are biased to the identification of dike intrusions, and thereby neglect the important contributions of sills to shallow feeder systems. For example, estimates of intruded volumes in fields exhumed by uplift and erosion in Utah and Arizona show that sills make up 30 - 92% of the shallow intruded volume within 1000 m of the paleosurface. By transporting magma toward and away from eruptive conduits, these sills likely played a role in modulating eruption styles (e.g., explosive vs effusive) and controlling lateral vent migrations. Sill transitions at Hopi Buttes would have produced detectable surface uplifts, and illustrate the importance of geological studies for informing interpretations of geodetic and seismological data during volcanic crises.

Appliance of Independent Component Analysis to System Intrusion Analysis

NASA Astrophysics Data System (ADS)

Ishii, Yoshikazu; Takagi, Tarou; Nakai, Kouji

In order to analyze the output of the intrusion detection system and the firewall, we evaluated the applicability of ICA(independent component analysis). We developed a simulator for evaluation of intrusion analysis method. The simulator consists of the network model of an information system, the service model and the vulnerability model of each server, and the action model performed on client and intruder. We applied the ICA for analyzing the audit trail of simulated information system. We report the evaluation result of the ICA on intrusion analysis. In the simulated case, ICA separated two attacks correctly, and related an attack and the abnormalities of the normal application produced under the influence of the attach.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Baker, J.; Modlin, C.W.; Frerking, C.J.

HIPROTECT (pronounced High-protect) is a system designed to protect national archaeological and natural treasures from destruction by vandals or looters. The system is being developed jointly by the Lawrence Livermore National Laboratory and the University of California at Riverside under the DOD Legacy Resource Management Program. Thousands of archaeological sites are located on military bases and national park lands. Treasure hunters or vandals are pillaging and destroying these sites at will, since the sites are generally located in remote areas, unattended and unprotected. The HIPROTECT system is designed to detect trespassers at the protected sites and to alert park officialsmore » or military officials of intrusions. An array of sensors is used to detect trespassers. The sensors are triggered when a person or vehicle approaches the site. Alarm messages are transmitted to alert park officials or law enforcement officials by way of a cellular telephone link. A video and audio system is included to assist the officials in verifying that an intrusion has occurred and to allow two-way communication with the intruders.« less

Network traffic intelligence using a low interaction honeypot

NASA Astrophysics Data System (ADS)

Nyamugudza, Tendai; Rajasekar, Venkatesh; Sen, Prasad; Nirmala, M.; Madhu Viswanatham, V.

2017-11-01

Advancements in networking technology have seen more and more devices becoming connected day by day. This has given organizations capacity to extend their networks beyond their boundaries to remote offices and remote employees. However as the network grows security becomes a major challenge since the attack surface also increases. There is need to guard the network against different types of attacks like intrusion and malware through using different tools at different networking levels. This paper describes how network intelligence can be acquired through implementing a low-interaction honeypot which detects and track network intrusion. Honeypot allows an organization to interact and gather information about an attack earlier before it compromises the network. This process is important because it allows the organization to learn about future attacks of the same nature and allows them to develop counter measures. The paper further shows how honeypot-honey net based model for interruption detection system (IDS) can be used to get the best valuable information about the attacker and prevent unexpected harm to the network.

A hybrid approach for efficient anomaly detection using metaheuristic methods

PubMed Central

Ghanem, Tamer F.; Elkilani, Wail S.; Abdul-kader, Hatem M.

2014-01-01

Network intrusion detection based on anomaly detection techniques has a significant role in protecting networks and systems against harmful activities. Different metaheuristic techniques have been used for anomaly detector generation. Yet, reported literature has not studied the use of the multi-start metaheuristic method for detector generation. This paper proposes a hybrid approach for anomaly detection in large scale datasets using detectors generated based on multi-start metaheuristic method and genetic algorithms. The proposed approach has taken some inspiration of negative selection-based detector generation. The evaluation of this approach is performed using NSL-KDD dataset which is a modified version of the widely used KDD CUP 99 dataset. The results show its effectiveness in generating a suitable number of detectors with an accuracy of 96.1% compared to other competitors of machine learning algorithms. PMID:26199752

A hybrid approach for efficient anomaly detection using metaheuristic methods.

PubMed

Ghanem, Tamer F; Elkilani, Wail S; Abdul-Kader, Hatem M

2015-07-01

Network intrusion detection based on anomaly detection techniques has a significant role in protecting networks and systems against harmful activities. Different metaheuristic techniques have been used for anomaly detector generation. Yet, reported literature has not studied the use of the multi-start metaheuristic method for detector generation. This paper proposes a hybrid approach for anomaly detection in large scale datasets using detectors generated based on multi-start metaheuristic method and genetic algorithms. The proposed approach has taken some inspiration of negative selection-based detector generation. The evaluation of this approach is performed using NSL-KDD dataset which is a modified version of the widely used KDD CUP 99 dataset. The results show its effectiveness in generating a suitable number of detectors with an accuracy of 96.1% compared to other competitors of machine learning algorithms.

Compendium of Anomaly Detection and Reaction Tools and Projects

DTIC Science & Technology

2000-05-17

identify changes to the risk levels of business network functions based on proposed modifications. Expert can model networks as well (see special...can easily scale to support any size network from departmental systems to enterprise-wide environments. ACX is scaled with the use of a Policy Model ...Defender is a host-based intrusion detector designed for use on home or small business systems. It scans all inbound and outbound Internet traffic for

An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions

DTIC Science & Technology

2007-03-01

Intelligence AIS Artificial Immune System ANN Artificial Neural Networks API Application Programming Interface BFS Breadth-First Search BIS Biological...problem domain is too large for only one algorithm’s application . It ranges from network - based sniffer systems, responsible for Enterprise-wide coverage...options to network administrators in choosing detectors to employ in future ID applications . Objectives Our hypothesis validity is based on a set

Acoustic emission intrusion detector

DOEpatents

Carver, Donald W.; Whittaker, Jerry W.

1980-01-01

An intrusion detector is provided for detecting a forcible entry into a secured structure while minimizing false alarms. The detector uses a piezoelectric crystal transducer to sense acoustic emissions. The transducer output is amplified by a selectable gain amplifier to control the sensitivity. The rectified output of the amplifier is applied to a Schmitt trigger circuit having a preselected threshold level to provide amplitude discrimination. Timing circuitry is provided which is activated by successive pulses from the Schmitt trigger which lie within a selected time frame for frequency discrimination. Detected signals having proper amplitude and frequency trigger an alarm within the first complete cycle time of a detected acoustical disturbance signal.

Seismogenic structures activated during the pre-eruptive and intrusive swarms of Piton de la Fournaise volcano (La Réunion island) between 2008 and 2011

NASA Astrophysics Data System (ADS)

Battaglia, J.; Brenguier, F.

2011-12-01

Piton de la Fournaise is a frequently active basaltic volcano with more than 30 fissure eruptions since 1998. These eruptions are always preceded by pre-eruptive swarms of volcano-tectonic earthquakes which accompany dike propagation. Occasionally, intrusion swarms occur without leading to any eruption. From October 2008 to May 2011, as part of the research project Undervolc, a temporary network of 15 broadband stations has been installed on the volcano to complement the local monitoring network. We examined in detail the 6 intrusive and 5 pre-eruptive swarms which occurred during the temporary experiment. All the crises lasted for a few hours and only included shallow events clustered below the summit craters, around and above sea level, showing no signs of deeper magma transfers. These characteristics are common to most swarms observed at Piton de la Fournaise arising questions about the origin of the seismicity which seems to be poorly linked with dike propagation. With the aim to identify the main seismogenic structures active during the swarms, we applied precise earthquake detection and classification techniques based on waveform cross-correlation. For each swarm, the onsets of all transients, including small amplitude ones, have been precisely detected at a single station by scanning the continuous data with reference waveforms. The classification of the detected transients indicates the presence of several families of similar earthquakes. The two main families (F01 and F02) include several hundred events. They are systematically activated at the beginning of each pre-eruptive swarm but are inactive during the intrusive ones. They group more than 50 percent of the detected events for the corresponding crises. The other clusters are mostly associated with single swarms. To determine the spatial characteristics of the structures corresponding to the main families, we applied precise relocation techniques. Based on the one-station classification, the events have first been picked at all available stations by cross-correlating waveforms with those of master events whose arrival times have been manually determined. All events have been located using a 3D velocity model to determine accurate hypocentral azimuths and take-off angles. Precise relative locations have been computed for each multiplet using cross-correlation delays calculated for all available stations between all pairs of events. The results indicate the presence at sea level of a major structure grouping families F01 and F02 and describing an East-West elongated pattern with sub-vertical extension. Small scale earthquake migrations, mostly horizontal, occur during the pre-eruptive swarms along that structure. The smaller multiplets define vertically elongated patterns extending around and above the main F01-F02 multiplet. Our results show that different processes are involved in pre-eruptive and intrusive crises and that a structure located around 2.5 km below the summit controls the occurrence of recent eruptions of Piton de la Fournaise volcano.

Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (PAIDS)

DTIC Science & Technology

2009-03-01

viii 3.2.3 Sub7 ...from TaskInfo in Excel Format. 3.2.3 Sub7 Also known as SubSeven, this is one of the best known, most widely distributed backdoor programs on the...engineering the spread of viruses, worms, backdoors and other malware. The Sub7 Trojan establishes a server on the victim computer that

2007 Beyond SBIR Phase II: Bringing Technology Edge to the Warfighter

DTIC Science & Technology

2007-08-23

Systems Trade-Off Analysis and Optimization Verification and Validation On-Board Diagnostics and Self - healing Security and Anti-Tampering Rapid...verification; Safety and reliability analysis of flight and mission critical systems On-Board Diagnostics and Self - Healing Model-based monitoring and... self - healing On-board diagnostics and self - healing ; Autonomic computing; Network intrusion detection and prevention Anti-Tampering and Trust

SEADE: Countering the Futility of Network Security

DTIC Science & Technology

2015-10-01

guards, and computer cages) and logical security measures (network firewall and intrusion detection). However, no matter how many layers of network...security built-in and with minimal security dependence on network security appliances (e.g., firewalls ). As Secretary of Defense Ashton Carter...based analysis that assumes nothing bad will happen to applications/data if those defenses prevent malware transactions at the entrance. The

Improved security monitoring method for network bordary

NASA Astrophysics Data System (ADS)

Gao, Liting; Wang, Lixia; Wang, Zhenyan; Qi, Aihua

2013-03-01

This paper proposes a network bordary security monitoring system based on PKI. The design uses multiple safe technologies, analysis deeply the association between network data flow and system log, it can detect the intrusion activities and position invasion source accurately in time. The experiment result shows that it can reduce the rate of false alarm or missing alarm of the security incident effectively.

Evaluating Machine Learning Classifiers for Hybrid Network Intrusion Detection Systems

DTIC Science & Technology

2015-03-26

7 VRT Vulnerability Research Team...and the Talos (formerly the Vulnerability Research Team ( VRT )) [7] 7 ruleset libraries are the two leading rulesets in use. Both libraries offer paid...rule sets to load for the signature-based IDS. Snort is selected as the IDS engine using the “ VRT and ET No/GPL” rule set. The total rule count in the

An ethernet/IP security review with intrusion detection applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Laughter, S. A.; Williams, R. D.

2006-07-01

Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IPmore » networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)« less

Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

PubMed Central

Kaliappan, Jayakumar; Thiagarajan, Revathi; Sundararajan, Karpagam

2015-01-01

An intrusion detection system (IDS) helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU), there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate. PMID:26295058

Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection.

PubMed

Kaliappan, Jayakumar; Thiagarajan, Revathi; Sundararajan, Karpagam

2015-01-01

An intrusion detection system (IDS) helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU), there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

Architecture for an artificial immune system.

PubMed

Hofmeyr, S A; Forrest, S

2000-01-01

An artificial immune system (ARTIS) is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation, and self-monitoring. ARTIS is a general framework for a distributed adaptive system and could, in principle, be applied to many domains. In this paper, ARTIS is applied to computer security in the form of a network intrusion detection system called LISYS. LISYS is described and shown to be effective at detecting intrusions, while maintaining low false positive rates. Finally, similarities and differences between ARTIS and Holland's classifier systems are discussed.

Detecting the thermal aureole of a magmatic intrusion in immature to mature sediments: a case study in the East Greenland Basin (73°N)

NASA Astrophysics Data System (ADS)

Aubourg, Charles; Techer, Isabelle; Geoffroy, Laurent; Clauer, Norbert; Baudin, François

2014-01-01

The Cretaceous and Triassic argillaceous rocks from the passive margin of Greenland have been investigated in order to detect the thermal aureole of magmatic intrusions, ranging from metric dyke to kilometric syenite pluton. Rock-Eval data (Tmax generally <468 °C), vitrinite reflectance data (R0 < 0.9 per cent) and illite cristallinity data (ICI > 0.3), all indicate a maximum of 5 km burial for the argillaceous rocks whatever the distance to an intrusion. The K-Ar dating of the clays <2 μm fraction suggests that illites are mostly detrital, except near magmatic intrusions where younger ages are recorded. To get more information about the extent of the thermal aureole, rock magnetism data were determined. At distance away from the thermal aureole of the syenite intrusion, Triassic argillaceous rocks reveal a standard magnetic assemblage compatible with their burial (R0 ˜ 0.4 per cent). It is constituted essentially by neoformed stoichiometric magnetite (Fe3O4). In contrast, within the thermal aureole of the magmatic intrusions, the Cretaceous argillaceous rocks contain micron-sized pyrrhotite (Fe7S8), firmly identified through the recognition of Besnus transition at 35 K. The thermal demagnetization of natural remanence carried by this pyrrhotite shows a diagnostic `square shouldered' pattern, indicating a narrow grain size distribution of pyrrhotite. The extension of this diagnostic pyrrhotite maps a ˜10-km-thick aureole around the syenitic pluton. Away from this aureole, the magnetic assemblage is diagnostic of those found in argillaceous rocks where organic matter is mature.

Seismic signature of active intrusions in mountain chains.

PubMed

Di Luccio, Francesca; Chiodini, Giovanni; Caliro, Stefano; Cardellini, Carlo; Convertito, Vincenzo; Pino, Nicola Alessandro; Tolomei, Cristiano; Ventura, Guido

2018-01-01

Intrusions are a ubiquitous component of mountain chains and testify to the emplacement of magma at depth. Understanding the emplacement and growth mechanisms of intrusions, such as diapiric or dike-like ascent, is critical to constrain the evolution and structure of the crust. Petrological and geological data allow us to reconstruct magma pathways and long-term magma differentiation and assembly processes. However, our ability to detect and reconstruct the short-term dynamics related to active intrusive episodes in mountain chains is embryonic, lacking recognized geophysical signals. We analyze an anomalously deep seismic sequence (maximum magnitude 5) characterized by low-frequency bursts of earthquakes that occurred in 2013 in the Apennine chain in Italy. We provide seismic evidences of fluid involvement in the earthquake nucleation process and identify a thermal anomaly in aquifers where CO 2 of magmatic origin dissolves. We show that the intrusion of dike-like bodies in mountain chains may trigger earthquakes with magnitudes that may be relevant to seismic hazard assessment. These findings provide a new perspective on the emplacement mechanisms of intrusive bodies and the interpretation of the seismicity in mountain chains.

Seismic signature of active intrusions in mountain chains

PubMed Central

Di Luccio, Francesca; Chiodini, Giovanni; Caliro, Stefano; Cardellini, Carlo; Convertito, Vincenzo; Pino, Nicola Alessandro; Tolomei, Cristiano; Ventura, Guido

2018-01-01

Intrusions are a ubiquitous component of mountain chains and testify to the emplacement of magma at depth. Understanding the emplacement and growth mechanisms of intrusions, such as diapiric or dike-like ascent, is critical to constrain the evolution and structure of the crust. Petrological and geological data allow us to reconstruct magma pathways and long-term magma differentiation and assembly processes. However, our ability to detect and reconstruct the short-term dynamics related to active intrusive episodes in mountain chains is embryonic, lacking recognized geophysical signals. We analyze an anomalously deep seismic sequence (maximum magnitude 5) characterized by low-frequency bursts of earthquakes that occurred in 2013 in the Apennine chain in Italy. We provide seismic evidences of fluid involvement in the earthquake nucleation process and identify a thermal anomaly in aquifers where CO2 of magmatic origin dissolves. We show that the intrusion of dike-like bodies in mountain chains may trigger earthquakes with magnitudes that may be relevant to seismic hazard assessment. These findings provide a new perspective on the emplacement mechanisms of intrusive bodies and the interpretation of the seismicity in mountain chains. PMID:29326978

Deception Based Intrusion Detection & Prevention for SCADA Environments -

Science.gov Websites

the case of the Ukraine incident, the substations. So here's the idea. Number one, understand from idea is that one of the quotes that he made in that book, it's actually a famous quote, is that all security products. Case in point, I'll be at RSA in February. There's over 2,600 vendors at RSA all solving

Anomaly-Based Intrusion Detection Systems Utilizing System Call Data

DTIC Science & Technology

2012-03-01

Functionality Description Persistence mechanism Mimicry technique Camouflage malware image: • renaming its image • appending its image to victim...particular industrial plant . Exactly which one was targeted still remains unknown, however a majority of the attacks took place in Iran [24]. Due... plant to unstable phase and eventually physical damage. It is interesting to note that a particular block of code - block DB8061 is automatically

Evaluation and analysis of non-intrusive techniques for detecting illicit substances

DOE Office of Scientific and Technical Information (OSTI.GOV)

Micklich, B.J.; Roche, C.T.; Fink, C.L.

1995-12-31

Argonne National Laboratory (ANL) and the Houston Advanced Research Center (HARC) have been tasked by the Counterdrug Technology Assessment Center of the Office of National Drug Control Policy to conduct evaluations and analyses of technologies for the non-intrusive inspection of containers for illicit substances. These technologies span the range of nuclear, X-ray, and chemical techniques used in nondestructive sample analysis. ANL has performed assessments of nuclear and X-ray inspection concepts and undertaken site visits with developers to understand the capabilities and the range of applicability of candidate systems. ANL and HARC have provided support to law enforcement agencies (LEAs), includingmore » participation in numerous field studies. Both labs have provided staff to assist in the Narcotics Detection Technology Assessment (NDTA) program for evaluating drug detection systems. Also, the two labs are performing studies of drug contamination of currency. HARC has directed technical evaluations of automated ballistics imaging and identification systems under consideration by law enforcement agencies. ANL and HARC have sponsored workshops and a symposium, and are participating in a Non-Intrusive Inspection Study being led by Dynamics Technology, Incorporated.« less

Model selection for anomaly detection

NASA Astrophysics Data System (ADS)

Burnaev, E.; Erofeev, P.; Smolyakov, D.

2015-12-01

Anomaly detection based on one-class classification algorithms is broadly used in many applied domains like image processing (e.g. detection of whether a patient is "cancerous" or "healthy" from mammography image), network intrusion detection, etc. Performance of an anomaly detection algorithm crucially depends on a kernel, used to measure similarity in a feature space. The standard approaches (e.g. cross-validation) for kernel selection, used in two-class classification problems, can not be used directly due to the specific nature of a data (absence of a second, abnormal, class data). In this paper we generalize several kernel selection methods from binary-class case to the case of one-class classification and perform extensive comparison of these approaches using both synthetic and real-world data.

Integrated Remote Sensing Modalities for Classification at a Legacy Test Site

NASA Astrophysics Data System (ADS)

Lee, D. J.; Anderson, D.; Craven, J.

2016-12-01

Detecting, locating, and characterizing suspected underground nuclear test sites is of interest to the worldwide nonproliferation monitoring community. Remote sensing provides both cultural and surface geological information over a large search area in a non-intrusive manner. We have characterized a legacy nuclear test site at the Nevada National Security Site (NNSS) using an aerial system based on RGB imagery, light detection and ranging, and hyperspectral imaging. We integrate these different remote sensing modalities to perform pattern recognition and classification tasks on the test site. These tasks include detecting cultural artifacts and exotic materials. We evaluate if the integration of different remote sensing modalities improves classification performance.

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

PubMed

Wen, Shameng; Meng, Qingkun; Feng, Chao; Tang, Chaojing

2017-01-01

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Dike Intrusion Process of 2000 Miyakejima - Kozujima Event estimated from GPS measurements in Kozujima - Niijima Islands, central Japan

NASA Astrophysics Data System (ADS)

Murase, M.; Nakao, S.; Kato, T.; Tabei, T.; Kimata, F.; Fujii, N.

2003-12-01

Kozujima - Niijima Islands of Izu Volcano Islands are located about 180 km southeast of Tokyo, Japan. Although the last volcano eruptions in Kozujima and Niijima volcanoes are recorded more than 1000 year before, the ground deformation of 2-3 cm is detected at Kozujima - Niijima Islands by GPS measurements since 1996. On June 26, 2000, earthquake swarm and large ground deformation more than 20 cm are observed at Miyakejima volcano located 40 km east-southeastward of Kozu Island, and volcano eruption are continued since July 7. Remarkable earthquake swarm including five earthquakes more than M5 is stretching to Kozushima Island from Miyakejima Island. From the rapid ground deformation detected by continuous GPS measurements at Miyakejima Island on June 26, magma intrusion models of two or three dikes are discussed in the south and west part of Miyakejima volcano by Irwan et al.(2003) and Ueda et al.(2003). They also estimate dike intrusions are propagated from southern part of Miyakejima volcano to western part, and finally dike intrusion is stretching to 20 km distance toward Kozujima Island. From the ground deformation detected by GPS daily solution of Nation-wide dense GPS network (GEONET), some dike intrusion models are discussed. Ito et al.(2002) estimate the huge dike intrusion with length of about 20 km and volume of 1 km3 in the sea area between the Miyake Island and Kozu Island. (And) Nishimura et al.(2001) introduce not only dike but also aseismic creep source to explain the deformation in Shikinejima. Yamaoka et al.(2002) discuss the dike and spherical deflation source under the dike, because of no evidence supported large aseismic creep. They indicate a dike and spherical deflation source model is as good as dike and creep source model. In case of dike and creep, magma supply is only from the chamber under the Miyakejima volcano. In dike and spherical deflation source model, magma supply is from under Miyakejima volcano and under the dike. Furuya et al.(2003) discuss the gravity change of Miyakejima and they conclude that the magma supply from the chamber under Miyakejima volcano is too small to explain the dike intrusion. In order to discuss the local ground deformation, Nagoya University additionally operates the local GPS network of single frequency receivers at seven sites in Kozujima, Shikineshima and Niijima. Form the vertical deformation detected on local GPS network, northward tilting is observed in Kozujima. We used Genetic Algorithm (GA) for search the model parameter of dike intrusion and fault. GA is an attractive global search tool suitable for the irregular, multimodal fitness functions typically observed in nonlinear optimization problems. We discuss mechanism of Miyakejima - Kozujima event in detail using data of 20 GPS sites near field by GA. The results suggest that magma intrusion system of the dike between Miyakejima and Kozujima changes on August 18 when a large volcano eruption occurred. Until August 18 the activity of creep fault is high and after then deflation at the point source just under the dike is active.

Development of HIHM (Home Integrated Health Monitor) for ubiquitous home healthcare.

PubMed

Kim, Jung Soo; Kim, Beom Oh; Park, Kwang Suk

2007-01-01

Home Integrated Health Monitor (HIHM) was developed for ubiquitous home healthcare. From quantitative analysis, we have elicited modal of chair. The HIHM could detect Electrocardiogram (ECG) and Photoplethysmography (PPG) non-intrusively. Also, it could estimate blood pressure (BP) non-intrusively, measure blood glucose and ear temperature. Detected signals and information were transmitted to home gateway and home server through Zigbee communication technology. Home server carried them to Healthcare Center, and specialists such as medical doctors could monitor by Internet. There was also feedback system. This device has a potential to study about ubiquitous home healthcare.

Motion-based video monitoring for early detection of livestock diseases: The case of African swine fever

PubMed Central

Martínez-Avilés, Marta; Ivorra, Benjamin; Martínez-López, Beatriz; Ramos, Ángel Manuel; Sánchez-Vizcaíno, José Manuel

2017-01-01

Early detection of infectious diseases can substantially reduce the health and economic impacts on livestock production. Here we describe a system for monitoring animal activity based on video and data processing techniques, in order to detect slowdown and weakening due to infection with African swine fever (ASF), one of the most significant threats to the pig industry. The system classifies and quantifies motion-based animal behaviour and daily activity in video sequences, allowing automated and non-intrusive surveillance in real-time. The aim of this system is to evaluate significant changes in animals’ motion after being experimentally infected with ASF virus. Indeed, pig mobility declined progressively and fell significantly below pre-infection levels starting at four days after infection at a confidence level of 95%. Furthermore, daily motion decreased in infected animals by approximately 10% before the detection of the disease by clinical signs. These results show the promise of video processing techniques for real-time early detection of livestock infectious diseases. PMID:28877181

Sensitivity analysis of some critical factors affecting simulated intrusion volumes during a low pressure transient event in a full-scale water distribution system.

PubMed

Ebacher, G; Besner, M C; Clément, B; Prévost, M

2012-09-01

Intrusion events caused by transient low pressures may result in the contamination of a water distribution system (DS). This work aims at estimating the range of potential intrusion volumes that could result from a real downsurge event caused by a momentary pump shutdown. A model calibrated with transient low pressure recordings was used to simulate total intrusion volumes through leakage orifices and submerged air vacuum valves (AVVs). Four critical factors influencing intrusion volumes were varied: the external head of (untreated) water on leakage orifices, the external head of (untreated) water on submerged air vacuum valves, the leakage rate, and the diameter of AVVs' outlet orifice (represented by a multiplicative factor). Leakage orifices' head and AVVs' orifice head levels were assessed through fieldwork. Two sets of runs were generated as part of two statistically designed experiments. A first set of 81 runs was based on a complete factorial design in which each factor was varied over 3 levels. A second set of 40 runs was based on a latin hypercube design, better suited for experimental runs on a computer model. The simulations were conducted using commercially available transient analysis software. Responses, measured by total intrusion volumes, ranged from 10 to 366 L. A second degree polynomial was used to analyze the total intrusion volumes. Sensitivity analyses of both designs revealed that the relationship between the total intrusion volume and the four contributing factors is not monotonic, with the AVVs' orifice head being the most influential factor. When intrusion through both pathways occurs concurrently, interactions between the intrusion flows through leakage orifices and submerged AVVs influence intrusion volumes. When only intrusion through leakage orifices is considered, the total intrusion volume is more largely influenced by the leakage rate than by the leakage orifices' head. The latter mainly impacts the extent of the area affected by intrusion. Copyright © 2012 Elsevier Ltd. All rights reserved.

Reactive and multiphase modelling for the identification of monitoring parameters to detect CO2 intrusion into freshwater aquifers

NASA Astrophysics Data System (ADS)

Fahrner, S.; Schaefer, D.; Wiegers, C.; Köber, R.; Dahmke, A.

2011-12-01

A monitoring at geological CO2 storage sites has to meet environmental, regulative, financial and public demands and thus has to enable the detection of CO2 leakages. Current monitoring concepts for the detection of CO2 intrusion into freshwater aquifers located above saline storage formations in course of leakage events lack the identification of monitoring parameters. Their response to CO2 intrusion still has to be enlightened. Scenario simulations of CO2 intrusion in virtual synthetic aquifers are performed using the simulators PhreeqC and TOUGH2 to reveal relevant CO2-water-mineral interactions and multiphase behaviour on potential monitoring parameters. The focus is set on pH, total dissolved inorganic carbon (TIC) and the hydroelectric conductivity (EC). The study aims at identifying at which conditions the parameters react rapidly, durable and in a measurable degree. The depth of the aquifer, the mineralogy, the intrusion rates, the sorption specification and capacities, and groundwater flow velocities are varied in the course of the scenario modelling. All three parameters have been found suited in most scenarios. However, in case of a lack of calcite combined with low saturation of the water with respect to CO2 and shallow conditions, changes are close to the measurement resolution. Predicted changes in EC result from the interplay between carbonic acid production and its dissociation, and pH buffering by mineral dissolution. The formation of a discrete gas phase in cases of full saturation of the groundwater in confined aquifers illustrates the potential bipartite resistivity response: An increased hydroelectric conductivity at locations with dissolved CO2, and a high resistivity where the gas phase dominates the pore volume occupation. Increased hydrostatic pressure with depth and enhanced groundwater flow velocities enforce gas dissolution and diminish the formation of a discrete gas phase. Based on the results, a monitoring strategy is proposed which combines electromagnetic surface and in-situ geochemical measurements: The changes in formation resistivity / hydroelectric conductivity could be used as "first-level" parameter to identify potential intrusion locations. Subsequent targeted drilling and probe measurements of pH and TIC could be used to reject or confirm an intrusion event. Further sampling and analysis can be performed at this stage for the impact assessment if required. Next to considering regulative, environmental and public aspects, the approach helps to reduce financial strains by significantly lowering the number of required monitoring wells. This study is funded by the German Federal Ministry of Education and Research (BMBF), EnBW Energie Baden-Württemberg AG, E.ON Energie AG, E.ON Gas Storage AG, RWE Dea AG, Vattenfall Europe Technology Research GmbH, Wintershall Holding AG and Stadtwerke Kiel AG as part of the CO2-MoPa joint project in the framework of the Special Programme GEOTECHNOLOGIEN. Further funding occurred via CLEAN, which is part of the geoscientific research and development programme GEOTECHNOLOGIEN and is funded by the German Federal Ministry for Education and Research (BMBF).

Glyph-based generic network visualization

NASA Astrophysics Data System (ADS)

Erbacher, Robert F.

2002-03-01

Network managers and system administrators have an enormous task set before them in this day of growing network usage. This is particularly true of e-commerce companies and others dependent on a computer network for their livelihood. Network managers and system administrators must monitor activity for intrusions and misuse while at the same time monitoring performance of the network. In this paper, we describe our visualization techniques for assisting in the monitoring of networks for both of these tasks. The goal of these visualization techniques is to integrate the visual representation of both network performance/usage as well as data relevant to intrusion detection. The main difficulties arise from the difference in the intrinsic data and layout needs of each of these tasks. Glyph based techniques are additionally used to indicate the representative values of the necessary data parameters over time. Additionally, our techniques are geared towards providing an environment that can be used continuously for constant real-time monitoring of the network environment.

Probabilistic monitoring in intrusion detection module for energy efficiency in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

De Rango, Floriano; Lupia, Andrea

2016-05-01

MANETs allow mobile nodes communicating to each other using the wireless medium. A key aspect of these kind of networks is the security, because their setup is done without an infrastructure, so external nodes could interfere in the communication. Mobile nodes could be compromised, misbehaving during the multi-hop transmission of data, or they could have a selfish behavior to save energy, which is another important constraint in MANETs. The detection of these behaviors need a framework that takes into account the latest interactions among nodes, so malicious or selfish nodes could be detected also if their behavior is changed over time. The monitoring activity increases the energy consumption, so our proposal takes into account this issue reducing the energy required by the monitoring system, keeping the effectiveness of the intrusion detection system. The results show an improvement in the saved energy, improving the detection performance too.

MFIRE-2: A Multi Agent System for Flow-Based Intrusion Detection Using Stochastic Search

DTIC Science & Technology

2012-03-01

attacks that are distributed in nature , but may not protect individual systems effectively without incurring large bandwidth penalties while collecting...system-level information to help prepare for more significant attacks. The type of information potentially revealed by footprinting includes account...key areas where MAS may be appropriate: • The environment is open, highly dynamic, uncertain, or complex • Agents are a natural metaphor—Many

A Multi Agent System for Flow-Based Intrusion Detection

DTIC Science & Technology

2013-03-01

Student t-test, as it is less likely to spuriously indicate significance because of the presence of outliers [128]. We use the MATLAB ranksum function [77...effectiveness of self-organization and “ entangled hierarchies” for accomplishing scenario objectives. One of the interesting features of SOMAS is the ability...cross-validation and automatic model selection. It has interfaces for Java, Python, R, Splus, MATLAB , Perl, Ruby, and LabVIEW. Kernels: linear

Three Dimensional Vapor Intrusion Modeling: Model Validation and Uncertainty Analysis

NASA Astrophysics Data System (ADS)

Akbariyeh, S.; Patterson, B.; Rakoczy, A.; Li, Y.

2013-12-01

Volatile organic chemicals (VOCs), such as chlorinated solvents and petroleum hydrocarbons, are prevalent groundwater contaminants due to their improper disposal and accidental spillage. In addition to contaminating groundwater, VOCs may partition into the overlying vadose zone and enter buildings through gaps and cracks in foundation slabs or basement walls, a process termed vapor intrusion. Vapor intrusion of VOCs has been recognized as a detrimental source for human exposures to potential carcinogenic or toxic compounds. The simulation of vapor intrusion from a subsurface source has been the focus of many studies to better understand the process and guide field investigation. While multiple analytical and numerical models were developed to simulate the vapor intrusion process, detailed validation of these models against well controlled experiments is still lacking, due to the complexity and uncertainties associated with site characterization and soil gas flux and indoor air concentration measurement. In this work, we present an effort to validate a three-dimensional vapor intrusion model based on a well-controlled experimental quantification of the vapor intrusion pathways into a slab-on-ground building under varying environmental conditions. Finally, a probabilistic approach based on Monte Carlo simulations is implemented to determine the probability distribution of indoor air concentration based on the most uncertain input parameters.

Surveillance for unattended gas compressor stations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stastny, F.J.

1974-06-01

Surveillance devices in unattended compressor stations include those which detect trespassing by unauthorized personnel and those which protect the major operating equipment from damage and/or self-destruction. The latter monitor the critical operating parameters of major equipment and shut down the equipment when these parameters are exceeded; a table presents a function monitor and control list for such devices. Detection and apprehension of unauthorized personnel is a subject of increasing importance to guarantee station operability for reliable service and yet minimize staff personnel. An effective intrusion-detection system must (1) pinpoint the location and indicate the nature of the intrusion and (2)more » detect and respond rapidly to give security personnel a reasonable probability of apprehending or deterring the intruder before damage is done. The 2nd requirement is most difficult to satisfy when the facility is in a remote location, as is usually the case. Some of the parameters to consider in selecting an intrusion-detection system include concealment, legality, active vs. passive detector, back-up power, weather conditions, reliability, maintenance, discrimination, and compromising by intruders. Types of detectors include photo cell, infrared and radio frequency, audio,vibration, taut wire, circuit continuity, radar, and closed-circuit TV. The numerous types of devices and systems available provide sufficient diversity to enable a company to select a single device or a hybrid system which would incorporate several different devices for protecting unattended facilities.« less

Non-intrusive ultrasonic liquid-in-line detector for small diameter tubes. [Patent application

DOEpatents

Piper, T.C.

1980-09-24

An arrangement for detecting liquids in a line, using non-intrusive ultrasonic techniques is disclosed. In this arrangement, four piezoelectric crystals are arranged in pairs about a 0.078 inch o.d. pipe. An ultrasonic tone burst is transmitted along the pipe, between crystal pairs, and the amplitude of the received tone burst indicates the absence/presence of liquid in the pipe.

SAMPLING-BASED APPROACH TO INVESTIGATING VAPOR INTRUSION

EPA Science Inventory

Vapor intrusion is defined as the migration of volatile organic compounds (VOCs) into occupied buildings from contaminated soil or ground water. EPA recently developed guidance to facilitate assessment of vapor intrusion at sites regulated by RCRA and CERCLA. The EPA guidance e...

Contrasting catastrophic eruptions predicted by different intrusion and collapse scenarios.

PubMed

Rincón, M; Márquez, A; Herrera, R; Alonso-Torres, A; Granja-Bruña, J L; van Wyk de Vries, B

2018-04-18

Catastrophic volcanic eruptions triggered by landslide collapses can jet upwards or blast sideways. Magma intrusion is related to both landslide-triggered eruptive scenarios (lateral or vertical), but it is not clear how such different responses are produced, nor if any precursor can be used for forecasting them. We approach this problem with physical analogue modelling enhanced with X-ray Multiple Detector Computed Tomography scanning, used to track evolution of internal intrusion, and its related faulting and surface deformation. We find that intrusions produce three different volcano deformation patterns, one of them involving asymmetric intrusion and deformation, with the early development of a listric slump fault producing pronounced slippage of one sector. This previously undescribed early deep potential slip surface provides a unified explanation for the two different eruptive scenarios (lateral vs. vertical). Lateral blast only occurs in flank collapse when the intrusion has risen into the sliding block. Otherwise, vertical rather than lateral expansion of magma is promoted by summit dilatation and flank buttressing. The distinctive surface deformation evolution detected opens the possibility to forecast the possible eruptive scenarios: laterally directed blast should only be expected when surface deformation begins to develop oblique to the first major fault.

The Later Paleozoic granites of the Greater Caucasus Fore Range zone: geochemistry, magnetic properties and the structural and metamorphic evolution.

NASA Astrophysics Data System (ADS)

Kamzolkin, Vladimir; Latyshev, Anton; Ivanov, Stanislav; Vidjapin, Jury

2017-04-01

Clarification of the position of the granitic intrusions associated with the Blyb Metamorphic Complex is the important problem of the reconstruction of the structural evolution of the Greater Caucasus Fore Range zone. Based of the rock geochemistry we found out that the quartz diorites, granodiorites and syeno-granites of the BMC formed in suprasubduction conditions and refer to I-type granites. However, their emplacement was multistage coinciding with the various stages of the BMC evolution. We detected the mineral associations typical for the epidote-amphibolite facies in the Balkan massif, but these metamorphic features are absent in the granodiorite intrusions in the southern part of the Fore Range zone. Thus, quartz diorites of the Balkan intrusion intruded after the high-pressure metamorphism of the host rocks, but before the epidote-amphibolite stage, and the Southern granodiorite intrusions are younger. The measurements of the anisotropy of the magnetic susceptibility (AMS) in the Balkan intrusion indicated the shallow orientation of the minimal (north-eastern strike) and maximal (north-western strike) axes of the AMS ellipsoid. This result is compatible with the idea of the north-east compression fixed in the fold deformation structures of the BMC host rocks (Vidyapin, Kamzolkin, 2015). However, the macroscopic foliation in the granites dips to the east steeply. The discrepancy of the texture orientation of the granites, the host rock structure and the magnetic fabric can be explained as a result of the repeated changes of the stress field during the evolution of the Fore Range nappe structures. The reported study was partially supported by RFBR, research projects No. 16-35-00571mol_a; 16-05-01012a.

AIDE - Advanced Intrusion Detection Environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Cathy L.

2013-04-28

Would you like to know when someone has dropped an undesirable executable binary on our system? What about something less malicious such as a software installation by a user? What about the user who decides to install a newer version of mod_perl or PHP on your web server without letting you know beforehand? Or even something as simple as when an undocumented config file change is made by another member of the admin group? Do you even want to know about all the changes that happen on a daily basis on your server? The purpose of an intrusion detection systemmore » (IDS) is to detect unauthorized, possibly malicious activity. The purpose of a host-based IDS, or file integrity checker, is check for unauthorized changes to key system files, binaries, libraries, and directories on the system. AIDE is an Open Source file and directory integrity checker. AIDE will let you know when a file or directory has been added, deleted, modified. It is included with the Red Hat Enterprise 6. It is available for other Linux distros. This is a case study describing the process of configuring AIDE on an out of the box RHEL6 installation. Its goal is to illustrate the thinking and the process by which a useful AIDE configuration is built.« less

Non-contact arrhythmia assessment in natural settings: a step toward preventive cardiac care

NASA Astrophysics Data System (ADS)

Amelard, Robert; Hughson, Richard L.; Clausi, David A.; Wong, Alexander

2017-02-01

Cardiovascular disease is a major contributor to US morbidity. Taking preventive action can greatly reduce or eliminate the impact on quality of life. However, many issues often go undetected until the patient presents a physical symptom. Non-intrusive continuous cardiovascular monitoring systems may make detecting and monitoring abnormalities earlier feasible. One candidate system is photoplethysmographic imaging (PPGI), which is able to assess arterial blood pulse characteristics in one or multiple individuals remotely from a distance. In this case study, we showed that PPGI can be used to detect cardiac arrhythmia that would otherwise require contact-based monitoring techniques. Using a novel system, coded hemodynamic imaging (CHI), strong temporal blood pulse waveform signals were extracted at a distance of 1.5 m from the participant using 850-1000 nm diffuse illumination for deep tissue penetration. Data were recorded at a sampling rate of 60 Hz, providing a temporal resolution of 17 ms. The strong fidelity of the signal allowed for both temporal and spectral assessment of abnormal blood pulse waveforms, ultimately to detect the onset of abnormal cardiac events. Data from a participant with arrhythmia was analyzed and compared against normal blood pulse waveform data to validate CHI's ability to assess cardiac arrhythmia. Results indicate that CHI can be used as a non-intrusive continuous cardiac monitoring system.

Natural tooth intrusion and reversal in implant-assisted prosthesis: evidence of and a hypothesis for the occurrence.

PubMed

Sheets, C G; Earthmann, J C

1993-12-01

Based on clinical observation, a hypothesis of the mechanism of intrusion of natural teeth in an implant-assisted prosthesis is suggested. Engineering principles are presented that establish an energy absorption model as it relates to the implant-assisted prosthesis. In addition, in the course of patient treatment it has been discovered that the intrusion of natural teeth can be reversed. Patient histories that demonstrate intrusion reversal are reviewed. The possible mechanisms for the intrusion/reversal phenomenon are presented and preventative recommendations are given.

Co-Simulation Platform For Characterizing Cyber Attacks in Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Ali, Mohammad Hassan; Dasgupta, Dipankar

Smart grid is a complex cyber physical system containing a numerous and variety of sources, devices, controllers and loads. Communication/Information infrastructure is the backbone of the smart grid system where different grid components are connected with each other through this structure. Therefore, the drawbacks of the information technology related issues are also becoming a part of the smart grid. Further, smart grid is also vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and OPNET based co-simulated test bed to carry out a cyber-intrusion inmore » a cyber-network for modern power systems and smart grid. The effect of the cyber intrusion on the physical power system is also presented. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack in the cyber network. Different disturbance situations in the proposed test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

Evaluation of Vehicle Detection Systems for Traffic Signal Operations

DOT National Transportation Integrated Search

2016-10-16

Typical vehicle detection systems used in traffic signal operations are comprised of inductive loop detectors. Because of costs, installation challenges, and operation and maintenance issues, many alternative non-intrusive systems have been dev...

Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

NASA Astrophysics Data System (ADS)

Hu, Haibin

2017-05-01

Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Characterizing and Improving Distributed Intrusion Detection Systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A; Proebstel, Elliot P.

2007-11-01

Due to ever-increasing quantities of information traversing networks, network administrators are developing greater reliance upon statistically sampled packet information as the source for their intrusion detection systems (IDS). Our research is aimed at understanding IDS performance when statistical packet sampling is used. Using the Snort IDS and a variety of data sets, we compared IDS results when an entire data set is used to the results when a statistically sampled subset of the data set is used. Generally speaking, IDS performance with statistically sampled information was shown to drop considerably even under fairly high sampling rates (such as 1:5). Characterizingmore » and Improving Distributed Intrusion Detection Systems4AcknowledgementsThe authors wish to extend our gratitude to Matt Bishop and Chen-Nee Chuah of UC Davis for their guidance and support on this work. Our thanks are also extended to Jianning Mai of UC Davis and Tao Ye of Sprint Advanced Technology Labs for their generous assistance.We would also like to acknowledge our dataset sources, CRAWDAD and CAIDA, without which this work would not have been possible. Support for OC48 data collection is provided by DARPA, NSF, DHS, Cisco and CAIDA members.« less

Non-intrusive head movement analysis of videotaped seizures of epileptic origin.

PubMed

Mandal, Bappaditya; Eng, How-Lung; Lu, Haiping; Chan, Derrick W S; Ng, Yen-Ling

2012-01-01

In this work we propose a non-intrusive video analytic system for patient's body parts movement analysis in Epilepsy Monitoring Unit. The system utilizes skin color modeling, head/face pose template matching and face detection to analyze and quantify the head movements. Epileptic patients' heads are analyzed holistically to infer seizure and normal random movements. The patient does not require to wear any special clothing, markers or sensors, hence it is totally non-intrusive. The user initializes the person-specific skin color and selects few face/head poses in the initial few frames. The system then tracks the head/face and extracts spatio-temporal features. Support vector machines are then used on these features to classify seizure-like movements from normal random movements. Experiments are performed on numerous long hour video sequences captured in an Epilepsy Monitoring Unit at a local hospital. The results demonstrate the feasibility of the proposed system in pediatric epilepsy monitoring and seizure detection.

Non-intrusive appliance monitor apparatus

DOEpatents

Hart, George W.; Kern, Jr., Edward C.; Schweppe, Fred C.

1989-08-15

A non-intrusive monitor of energy consumption of residential appliances is described in which sensors, coupled to the power circuits entering a residence, supply analog voltage and current signals which are converted to digital format and processed to detect changes in certain residential load parameters, i.e., admittance. Cluster analysis techniques are employed to group change measurements into certain categories, and logic is applied to identify individual appliances and the energy consumed by each.

Effects of intrusions on grades and contents of gold and other metals in volcanogenic massive sulfide deposits

USGS Publications Warehouse

Singer, Donald A.; Berger, Vladimir; Mosier, Dan L.

2011-01-01

The reason some VMS deposits contain more gold or other metals than others might be due to the influence of intrusions. A new approach examining this possibility is based on examining the information about many VMS deposits to test statistically if those with associated intrusions have significantly different grades or amounts of metals. A set of 632 VMS deposits with reported grades, tonnages, and information about the observed presence or absence of subvolcanic or plutonic intrusive bodies emplaced at or after VMS mineralization is statistically analyzed.Deposits with syn-mineralization or post-mineralization intrusions nearby have higher tonnages than deposits without reported intrusions, but the differences are not statistically significant. When both kinds of intrusions are reported, VMS deposit sizes are significantly higher than in the deposits without any intrusions. Gold, silver, zinc, lead, and copper average grades are not significantly different in the VMS deposits with nearby intrusions compared to deposits without regardless of relative age of intrusive. Only zinc and copper contents are significantly higher in VMS deposits with both kinds of intrusive reported. These differences in overall metal content are due to significantly larger deposit sizes of VMS deposits where both intrusive kinds are observed and reported, rather than any difference in metal grades.

Evaluation of Flow Paths and Confluences for Saltwater Intrusion and Its Influence on Fish Species Diversity in a Deltaic River Network

NASA Astrophysics Data System (ADS)

Shao, X.; Cui, B.; Zhang, Z.; Fang, Y.; Jawitz, J. W.

2016-12-01

Freshwater in a delta is often at risk of saltwater intrusion, which has been a serious issue in estuarine deltas all over the world. Salinity gradients and hydrologic connectivity in the deltas can be disturbed by saltwater intrusion, which can fluctuate frequently and locally in time and space to affect biotic processes and then to affect the distribution patterns of the riverine fishes throughout the river network. Therefore, identifying the major flow paths or locations at risk of saltwater intrusion in estuarine ecosystems is necessary for saltwater intrusion mitigation and fish species diversity conservation. In this study, we use the betweenness centrality (BC) as the weighted attribute of the river network to identify the critical confluences and detect the preferential flow paths for saltwater intrusion through the least-cost-path algorithm from graph theory approach. Moreover, we analyse the responses of the salinity and fish species diversity to the BC values of confluences calculated in the river network. Our results show that the most likely location of saltwater intrusion is not a simple gradient change from sea to land, but closely dependent on the river segments' characteristics. In addition, a significant positive correlation between the salinity and the BC values of confluences is determined in the Pearl River Delta. Changes in the BC values of confluences can produce significant variation in the fish species diversity. Therefore, the dynamics of saltwater intrusion are a growing consideration for understanding the patterns and subsequent processes driving fish community structure. Freshwater can be diverted into these major flow paths and critical confluences to improve river network management and conservation of fish species diversity under saltwater intrusion.

Framework flexibility of ZIF-8 under liquid intrusion: discovering time-dependent mechanical response and structural relaxation.

PubMed

Sun, Yueting; Li, Yibing; Tan, Jin-Chong

2018-04-18

The structural flexibility of a topical zeolitic imidazolate framework with sodalite topology, termed ZIF-8, has been elucidated through liquid intrusion under moderate pressures (i.e. tens of MPa). By tracking the evolution of water intrusion pressure under cyclic conditions, we interrogate the role of the gate-opening mechanism controlling the size variation of the pore channels of ZIF-8. Interestingly, we demonstrate that its channel deformation is recoverable through structural relaxation over time, hence revealing the viscoelastic mechanical response in ZIF-8. We propose a simple approach employing a glycerol-water solution mixture, which can significantly enhance the sensitivity of intrusion pressure for the detection of structural deformation in ZIF-8. By leveraging the time-dependent gate-opening phenomenon in ZIF-8, we achieved a notable improvement (50%) in energy dissipation during multicycle mechanical deformation experiments.

Autocorrel I: A Neural Network Based Network Event Correlation Approach

DTIC Science & Technology

2005-05-01

which concern any component of the network. 2.1.1 Existing Intrusion Detection Systems EMERALD [8] is a distributed, scalable, hierarchal, customizable...writing this paper, the updaters of this system had not released their correlation unit to the public. EMERALD ex- plicitly divides statistical analysis... EMERALD , NetSTAT is scalable and composi- ble. QuidSCOR [12] is an open-source IDS, though it requires a subscription from its publisher, Qualys Inc

A Survey of Visualization Tools Assessed for Anomaly-Based Intrusion Detection Analysis

DTIC Science & Technology

2014-04-01

objective? • What vulnerabilities exist in the target system? • What damage or other consequences are likely? • What exploit scripts or other attack...languages C, R, and Python; no response capabilities. JUNG https://blogs.reucon.com/asterisk- java /tag/visualization/ Create custom layouts and can...annotate graphs, links, nodes with any Java data type. Must be familiar with coding in Java to call the routines; no monitoring or response

Improvements to video imaging detection for dilemma zone protection.

DOT National Transportation Integrated Search

2009-02-01

The use of video imaging vehicle detection systems (VIVDS) at signalized intersections in Texas has : increased significantly due primarily to safety issues and costs. Installing non-intrusive detectors at : intersections is almost always safer than ...

DETECTION OR WARNING SYSTEM

DOEpatents

Tillman, J E

1953-10-20

This patent application describes a sensitive detection or protective system capable of giving an alarm or warning upon the entrance or intrusion of any body into a defined area or zone protected by a radiation field of suitable direction or extent.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Dasgupta, Dipankar; Ali, Mohammad Hassan

The important backbone of the smart grid is the cyber/information infrastructure, which is primarily used to communicate with different grid components. A smart grid is a complex cyber physical system containing a numerous and variety number of sources, devices, controllers and loads. Therefore, the smart grid is vulnerable to grid related disturbances. For such dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and Opnet based co-simulated platform to carry out a cyber-intrusion in cyber network for modern power systems and the smart grid. The IEEE 30 bus power system model is used tomore » demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack. Different disturbance situations in the considered test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

Intrusion-Tolerant Location Information Services in Intelligent Vehicular Networks

NASA Astrophysics Data System (ADS)

Yan, Gongjun; Yang, Weiming; Shaner, Earl F.; Rawat, Danda B.

Intelligent Vehicular Networks, known as Vehicle-to-Vehicle and Vehicle-to-Roadside wireless communications (also called Vehicular Ad hoc Networks), are revolutionizing our daily driving with better safety and more infortainment. Most, if not all, applications will depend on accurate location information. Thus, it is of importance to provide intrusion-tolerant location information services. In this paper, we describe an adaptive algorithm that detects and filters the false location information injected by intruders. Given a noisy environment of mobile vehicles, the algorithm estimates the high resolution location of a vehicle by refining low resolution location input. We also investigate results of simulations and evaluate the quality of the intrusion-tolerant location service.

Universal explosive detection system for homeland security applications

NASA Astrophysics Data System (ADS)

Lee, Vincent Y.; Bromberg, Edward E. A.

2010-04-01

L-3 Communications CyTerra Corporation has developed a high throughput universal explosive detection system (PassPort) to automatically screen the passengers in airports without requiring them to remove their shoes. The technical approach is based on the patented energetic material detection (EMD) technology. By analyzing the results of sample heating with an infrared camera, one can distinguish the deflagration or decomposition of an energetic material from other clutters such as flammables and general background substances. This becomes the basis of a universal explosive detection system that does not require a library and is capable of detecting trace levels of explosives with a low false alarm rate. The PassPort is a simple turnstile type device and integrates a non-intrusive aerodynamic sampling scheme that has been shown capable of detecting trace levels of explosives on shoes. A detailed description of the detection theory and the automated sampling techniques, as well as the field test results, will be presented.

Non-intrusive appliance monitor apparatus

DOEpatents

Hart, G.W.; Kern, E.C. Jr.; Schweppe, F.C.

1989-08-15

A non-intrusive monitor of energy consumption of residential appliances is described in which sensors, coupled to the power circuits entering a residence, supply analog voltage and current signals which are converted to digital format and processed to detect changes in certain residential load parameters, i.e., admittance. Cluster analysis techniques are employed to group change measurements into certain categories, and logic is applied to identify individual appliances and the energy consumed by each. 9 figs.

Acceptance- and imagery-based strategies can reduce chocolate cravings: A test of the elaborated-intrusion theory of desire.

PubMed

Schumacher, Sophie; Kemps, Eva; Tiggemann, Marika

2017-06-01

The elaborated-intrusion theory of desire proposes that craving is a two-stage process whereby initial intrusions about a desired target are subsequently elaborated with mental imagery. The present study tested whether the craving reduction strategies of cognitive defusion and guided imagery could differentially target the intrusion and elaboration stages, respectively, and thus differentially impact the craving process. Participants were randomly assigned to a cognitive defusion, a guided imagery or a mind-wandering control condition. Pre- and post-intervention chocolate-related thoughts, intrusiveness of thoughts, vividness of imagery, craving intensity, and chocolate consumption were compared. Experiment 1 recruited a general sample of young women (n = 94), whereas Experiment 2 recruited a sample of chocolate cravers who wanted to reduce their chocolate consumption (n = 97). Across both experiments, cognitive defusion lowered intrusiveness of thoughts, vividness of imagery and craving intensity. Guided imagery reduced chocolate-related thoughts, intrusiveness, vividness and craving intensity for chocolate cravers (Experiment 2), but not for the general sample (Experiment 1). There were no group differences in chocolate consumption in either experiment. Results add to existing evidence supporting the elaborated-intrusion theory of desire in the food domain, and suggest that acceptance- and imagery-based techniques have potential for use in combatting problematic cravings. Copyright © 2017 Elsevier Ltd. All rights reserved.

Acute effects of alcohol on intrusive memory development and viewpoint dependence in spatial memory support a dual representation model.

PubMed

Bisby, James A; King, John A; Brewin, Chris R; Burgess, Neil; Curran, H Valerie

2010-08-01

A dual representation model of intrusive memory proposes that personally experienced events give rise to two types of representation: an image-based, egocentric representation based on sensory-perceptual features; and a more abstract, allocentric representation that incorporates spatiotemporal context. The model proposes that intrusions reflect involuntary reactivation of egocentric representations in the absence of a corresponding allocentric representation. We tested the model by investigating the effect of alcohol on intrusive memories and, concurrently, on egocentric and allocentric spatial memory. With a double-blind independent group design participants were administered alcohol (.4 or .8 g/kg) or placebo. A virtual environment was used to present objects and test recognition memory from the same viewpoint as presentation (tapping egocentric memory) or a shifted viewpoint (tapping allocentric memory). Participants were also exposed to a trauma video and required to detail intrusive memories for 7 days, after which explicit memory was assessed. There was a selective impairment of shifted-view recognition after the low dose of alcohol, whereas the high dose induced a global impairment in same-view and shifted-view conditions. Alcohol showed a dose-dependent inverted "U"-shaped effect on intrusions, with only the low dose increasing the number of intrusions, replicating previous work. When same-view recognition was intact, decrements in shifted-view recognition were associated with increases in intrusions. The differential effect of alcohol on intrusive memories and on same/shifted-view recognition support a dual representation model in which intrusions might reflect an imbalance between two types of memory representation. These findings highlight important clinical implications, given alcohol's involvement in real-life trauma. Copyright 2010 Society of Biological Psychiatry. Published by Elsevier Inc. All rights reserved.

Fronts and intrusions in the upper Deep Polar Water of the Eurasian and Makarov basins

NASA Astrophysics Data System (ADS)

Kuzmina, Natalia; Rudels, Bert; Zhurbas, Natalia; Lyzhkov, Dmitry

2013-04-01

CTD data obtained in the Arctic Basin are analyzed to describe structural features of intrusive layers and fronts encountered in the upper Deep Polar Water. This work is an extension of Arctic intrusions studies by Rudels et al. (1999) and Kuzmina et al. (2011). Numerous examples of fronts and intrusions observed in a deep layer (depth range of 600-1300 m) in the Eurasian and Makarov basins where salinity is increasing, and temperature is decreasing with depth (stable-stable thermohaline stratification), are described. The data are used to estimate hydrological parameters capable of determining different types of fronts and characterizing intrusive layers depending on the front structure. Coherence of intrusive layers is shown to get broken with the change of front structure. An evidence is found that enhanced turbulent mixing above local bottom elevations can prevent from intrusive layering. A linear stability model description of the observed intrusions is developed based on the Merryfield's (2000) assumption that interleaving is caused by differential mixing. Theoretical analysis is focused on prediction of the slopes of unstable modes at baroclinic and thermohaline fronts. Apparent vertical diffusivity due to turbulent mixing at baroclinic and thermohaline fronts is estimated on the basis of comparison of observed intrusion slopes with modeled slopes of the most unstable modes. Apparent lateral diffusivity is estimated too, based on Joyce (1980) approach. These estimates show that intrusive instability of fronts caused by differential mixing can result in sizable values of apparent lateral heat diffusivity in the deep Arctic layer that are quite comparable with those of the upper and intermediate Arctic layers (Walsh, Carmack, 2003; Kuzmina et al., 2011).

New Non-Intrusive Inspection Technologies for Nuclear Security and Nonproliferation

NASA Astrophysics Data System (ADS)

Ledoux, Robert J.

2015-10-01

Comprehensive monitoring of the supply chain for nuclear materials has historically been hampered by non-intrusive inspection systems that have such large false alarm rates that they are impractical in the flow of commerce. Passport Systems, Inc. (Passport) has developed an active interrogation system which detects fissionable material, high Z material, and other contraband in land, sea and air cargo. Passport's design utilizes several detection modalities including high resolution imaging, passive radiation detection, effective-Z (EZ-3D™) anomaly detection, Prompt Neutrons from Photofission (PNPF), and Nuclear Resonance Fluorescence (NRF) isotopic identification. These technologies combine to: detect fissionable, high-Z, radioactive and contraband materials, differentiate fissionable materials from high-Z shielding materials, and isotopically identify actinides, Special Nuclear Materials (SNM), and other contraband (e.g. explosives, drugs, nerve agents). Passport's system generates a 3-D image of the scanned object which contains information such as effective-Z and density, as well as a 2-D image and isotopic and fissionable information for regions of interest.

Cognitive avoidance of intrusive memories: recall vantage perspective and associations with depression.

PubMed

Williams, Alishia D; Moulds, Michelle L

2007-06-01

Although recent research demonstrates that intrusive memories represent an overlapping cognitive feature of depression and post-traumatic stress disorder (PTSD), there is still a general paucity of research investigating the prevalence and maintenance of intrusive memories in depression. The current study investigated the association between a range of cognitive avoidant mechanisms that characterize PTSD samples (i.e., suppression, rumination, emotional detachment, and an observer vantage perspective) and intrusive memories of negative autobiographical events in relation to dysphoria. Hypotheses were based on the proposition that employment of these cognitive mechanisms would hinder the emotional processing of the negative event, thus contributing to the maintenance of intrusions. Results supported an association between negative intrusive memories, dysphoria, and avoidant mechanisms. Significant differences were also found between field and observer memories and measures of emotional detachment and rumination. Implications relating to intrusive memory maintenance and treatment approaches are discussed.

Storage-based Intrusion Detection: Watching storage activity for suspicious behavior

DTIC Science & Technology

2002-10-01

password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access pat- terns seen at the storage...example, consider a UNIX system password file (/etc/ passwd ), which con- sists of a set of well-defined records. Records are delimited by a line-break, and...etc/ passwd and verify that they conform to a set of basic integrity rules: 7-field records, non-empty password field, legal default shell, legal home

A Multi Agent System for Flow-Based Intrusion Detection Using Reputation and Evolutionary Computation

DTIC Science & Technology

2011-03-01

the actions of malicious and benign users of the Internet, as well as the engi- neering decisions giving rise to observed network topologies. Say and...with resilience, which is particularly important in the domain of quickly-evolving cyber threats. “Self-organization,” says Meadows, “is basically the...system design paradigm is to leverage the advantages of a distributed approach? What is meant by saying the witness conceptually rates the target

Prospects for Evidence -Based Software Assurance: Models and Analysis

DTIC Science & Technology

2015-09-01

virtual machine is much lighter than the workstation. The virtual machine doesn’t need to run anti- virus , firewalls, intrusion preven- tion systems...34] Maiorca, D., Corona , I., and Giacinto, G. Looking at the bag is not enough to find the bomb: An evasion of structural methods for malicious PDF...CCS ’13, ACM, pp. 119–130. [35] Maiorca, D., Giacinto, G., and Corona , I. A pattern recognition system for malicious PDF files detection. In

Towards Reliable Evaluation of Anomaly-Based Intrusion Detection Performance

NASA Technical Reports Server (NTRS)

Viswanathan, Arun

2012-01-01

This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this variability in training data for anomaly detectors, but has ignored variability in the attack signal that will necessarily affect the evaluation results for such detectors. We posit that current evaluation strategies implicitly assume that attacks always manifest in a stable manner; we show that this assumption is wrong. We describe a simple experiment to demonstrate the effects of environmental noise on the manifestation of attacks in data and introduce the notion of attack manifestation stability. Finally, we argue that conclusions about detector performance will be unreliable and incomplete if the stability of attack manifestation is not accounted for in the evaluation strategy.

Low Cost Efficient Deliverying Video Surveillance Service to Moving Guard for Smart Home.

PubMed

Gualotuña, Tatiana; Macías, Elsa; Suárez, Álvaro; C, Efraín R Fonseca; Rivadeneira, Andrés

2018-03-01

Low-cost video surveillance systems are attractive for Smart Home applications (especially in emerging economies). Those systems use the flexibility of the Internet of Things to operate the video camera only when an intrusion is detected. We are the only ones that focus on the design of protocols based on intelligent agents to communicate the video of an intrusion in real time to the guards by wireless or mobile networks. The goal is to communicate, in real time, the video to the guards who can be moving towards the smart home. However, this communication suffers from sporadic disruptions that difficults the control and drastically reduces user satisfaction and operativity of the system. In a novel way, we have designed a generic software architecture based on design patterns that can be adapted to any hardware in a simple way. The implanted hardware is of very low economic cost; the software frameworks are free. In the experimental tests we have shown that it is possible to communicate to the moving guard, intrusion notifications (by e-mail and by instant messaging), and the first video frames in less than 20 s. In addition, we automatically recovered the frames of video lost in the disruptions in a transparent way to the user, we supported vertical handover processes and we could save energy of the smartphone's battery. However, the most important thing was that the high satisfaction of the people who have used the system.

Low Cost Efficient Deliverying Video Surveillance Service to Moving Guard for Smart Home

PubMed Central

Gualotuña, Tatiana; Fonseca C., Efraín R.; Rivadeneira, Andrés

2018-01-01

Low-cost video surveillance systems are attractive for Smart Home applications (especially in emerging economies). Those systems use the flexibility of the Internet of Things to operate the video camera only when an intrusion is detected. We are the only ones that focus on the design of protocols based on intelligent agents to communicate the video of an intrusion in real time to the guards by wireless or mobile networks. The goal is to communicate, in real time, the video to the guards who can be moving towards the smart home. However, this communication suffers from sporadic disruptions that difficults the control and drastically reduces user satisfaction and operativity of the system. In a novel way, we have designed a generic software architecture based on design patterns that can be adapted to any hardware in a simple way. The implanted hardware is of very low economic cost; the software frameworks are free. In the experimental tests we have shown that it is possible to communicate to the moving guard, intrusion notifications (by e-mail and by instant messaging), and the first video frames in less than 20 s. In addition, we automatically recovered the frames of video lost in the disruptions in a transparent way to the user, we supported vertical handover processes and we could save energy of the smartphone's battery. However, the most important thing was that the high satisfaction of the people who have used the system. PMID:29494551

33 CFR 105.260 - Security measures for restricted areas.

Code of Federal Regulations, 2010 CFR

2010-07-01

...; (7) Control the entry, parking, loading and unloading of vehicles; (8) Control the movement and...) Using security personnel, automatic intrusion detection devices, surveillance equipment, or surveillance systems to detect unauthorized entry or movement within restricted areas; (7) Directing the parking...

33 CFR 105.260 - Security measures for restricted areas.

Code of Federal Regulations, 2011 CFR

2011-07-01

...; (7) Control the entry, parking, loading and unloading of vehicles; (8) Control the movement and...) Using security personnel, automatic intrusion detection devices, surveillance equipment, or surveillance systems to detect unauthorized entry or movement within restricted areas; (7) Directing the parking...

Classifying threats with a 14-MeV neutron interrogation system.

PubMed

Strellis, Dan; Gozani, Tsahi

2005-01-01

SeaPODDS (Sea Portable Drug Detection System) is a non-intrusive tool for detecting concealed threats in hidden compartments of maritime vessels. This system consists of an electronic neutron generator, a gamma-ray detector, a data acquisition computer, and a laptop computer user-interface. Although initially developed to detect narcotics, recent algorithm developments have shown that the system is capable of correctly classifying a threat into one of four distinct categories: narcotic, explosive, chemical weapon, or radiological dispersion device (RDD). Detection of narcotics, explosives, and chemical weapons is based on gamma-ray signatures unique to the chemical elements. Elements are identified by their characteristic prompt gamma-rays induced by fast and thermal neutrons. Detection of RDD is accomplished by detecting gamma-rays emitted by common radioisotopes and nuclear reactor fission products. The algorithm phenomenology for classifying threats into the proper categories is presented here.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Do you see what I hear: experiments in multi-channel sound and 3D visualization for network monitoring?

NASA Astrophysics Data System (ADS)

Ballora, Mark; Hall, David L.

2010-04-01

Detection of intrusions is a continuing problem in network security. Due to the large volumes of data recorded in Web server logs, analysis is typically forensic, taking place only after a problem has occurred. This paper describes a novel method of representing Web log information through multi-channel sound, while simultaneously visualizing network activity using a 3-D immersive environment. We are exploring the detection of intrusion signatures and patterns, utilizing human aural and visual pattern recognition ability to detect intrusions as they occur. IP addresses and return codes are mapped to an informative and unobtrusive listening environment to act as a situational sound track of Web traffic. Web log data is parsed and formatted using Python, then read as a data array by the synthesis language SuperCollider [1], which renders it as a sonification. This can be done either for the study of pre-existing data sets or in monitoring Web traffic in real time. Components rendered aurally include IP address, geographical information, and server Return Codes. Users can interact with the data, speeding or slowing the speed of representation (for pre-existing data sets) or "mixing" sound components to optimize intelligibility for tracking suspicious activity.

Dynamics of large-diameter water pipes in hydroelectric power plants

NASA Astrophysics Data System (ADS)

Pavić, G.; Chevillotte, F.; Heraud, J.

2017-04-01

An outline is made of physical behaviour of water - filled large pipes. The fluid-wall coupling, the key factor governing the pipe dynamics, is discussed in some detail. Different circumferential pipe modes and the associated cut-on frequencies are addressed from a theoretical as well as practical point of view. Major attention is paid to the breathing mode in view of its importance regarding main dynamic phenomena, such as water hammer. Selected measurement results done at EDF are presented to demonstrate how an external, non-intrusive sensor can detect pressure pulsations of the breathing mode in a pressure pipe. Differences in the pressure measurement using intrusive and non-intrusive sensors reveal the full complexity of large-diameter pipe dynamics.

Robotic guarded motion system and method

DOEpatents

Bruemmer, David J.

2010-02-23

A robot platform includes perceptors, locomotors, and a system controller. The system controller executes instructions for repeating, on each iteration through an event timing loop, the acts of defining an event horizon, detecting a range to obstacles around the robot, and testing for an event horizon intrusion. Defining the event horizon includes determining a distance from the robot that is proportional to a current velocity of the robot and testing for the event horizon intrusion includes determining if any range to the obstacles is within the event horizon. Finally, on each iteration through the event timing loop, the method includes reducing the current velocity of the robot in proportion to a loop period of the event timing loop if the event horizon intrusion occurs.

The Experiences and Challenges in Drilling into Semi molten or Molten Intrusive in Menengai Geothermal Field

NASA Astrophysics Data System (ADS)

Mortensen, A. K.; Mibei, G. K.

2017-12-01

Drilling in Menengai has experienced various challenges related to drilling operations and the resource itself i.e. quality discharge fluids vis a vis gas content. The main reason for these challenges is related to the nature of rocks encountered at depths. Intrusives encountered within Menengai geothermal field have been group into three based on their geological characteristics i.e. S1, S2 and S3.Detailed geology and mineralogical characterization have not been done on these intrusive types. However, based on physical appearances, S1 is considered as a diorite dike, S2 is syenite while S3 is molten rock material. This paper summarizes the experiences in drilling into semi molten or molten intrusive (S3).

Investigating subsidence at volcanoes in northern California using InSAR

NASA Astrophysics Data System (ADS)

Parker, A. L.; Biggs, J.; Annen, C.; Lu, Z.

2013-12-01

Both Medicine Lake Volcano (MLV) and Lassen Volcanic Center (LVC), northern CA, show signs of subsidence at rates of ~1 cm/yr. Leveling and campaign GPS measurements show that MLV has subsided at a constant rate for over 50 years, making the geodetic history of this volcano unique in both its duration and continuity. Here, we summarise and build upon the existing geodetic records at MLV and LVC, using interferometric synthetic aperture radar (InSAR) to extend the time-series of deformation measurements to 2011. We also use the improved spatial resolution of InSAR measurements to investigate causes of long-term subsidence, providing new insight into magmatic storage conditions at MLV and the timescales of deformation due to cooling and crystallization. A large InSAR dataset has been acquired for the volcanoes of northern CA, but application of the data has been limited by extensive noise and incoherence. We analyse multiple datasets from MLV and LVC and, with the use of multi-temporal InSAR analysis methods (noise-based stacking, π-RATE and StaMPS), demonstrate how InSAR may be used more successfully as a monitoring tool in this region. By comparing InSAR results for MLV to past geodetic studies, we demonstrate that subsidence is on going at ~1 cm/yr with no detectable change in rate. We find that the best fitting source geometry to InSAR data is a sill approximated by a horizontal penny-shaped crack, with radius 2 km and depth 11 km, undergoing volume loss at a rate of -0.0022 km3/yr. We discuss possible source mechanisms of long-term subsidence, investigating volume loss due to cooling and crystallization of an intrusion. We calculate the temperature, melt fraction and volume loss of an intrusion over time using petrological information and a numerical thermal model of heat loss by conduction. The geometry of the intrusion is based upon the depth and radius of the penny-shaped crack model. We run simulations for a range of thicknesses between that of a single intrusion (~50 m) and that of the larger column of intrusive material thought to exist beneath the edifice (~7000 m). Using constraints from the geodetic record, we identify a range of sills with volumes < 10 km3 that can account for the deformation recorded at MLV. We use these models to discuss the timing of intrusion and forecast the total duration of cooling. These processes are also significant at LVC and other Cascade volcanoes, where hydrothermal activity is likely to be driven by heat from magmatic intrusions and the exsolution of volatiles that occurs during cooling and crystallization.

Why seawater intrusion has not yet occurred in the Kaluvelli-Pondicherry basin, Tamil Nadu, India

NASA Astrophysics Data System (ADS)

Vincent, Aude; Violette, Sophie

2017-09-01

Worldwide, coastal aquifers are threatened by seawater intrusion. The threat is greatest when aquifers are overexploited or when recharge is low due to a semi-arid or arid climate. The Kaluvelli-Pondicherry sedimentary basin in Tamil Nadu (India) presents both these characteristics. Groundwater levels in the Vanur aquifer can reach 50 m below sea level at less than 20 km inland. This groundwater depletion is due to an exponential increase in extraction for irrigation over 35 years. No seawater intrusion has yet been detected, but a sulphate-rich mineralization is observed, the result of upward vertical leakage from the underlying Ramanathapuram aquifer. To characterize the mechanisms involved, and to facilitate effective water management, hydrogeological numerical modelling of this multi-layered system has been conducted. Existing and acquired geological and hydrodynamic data have been applied to a quasi-3D hydrogeological model, NEWSAM. Recharge had been previously quantified through the inter-comparison of hydrological models, based on climatological and surface-flow field measurements. Sensitivity tests on parameters and boundary conditions associated with the sea were performed. The resulting water balances for each aquifer led to hypotheses of (1) an offshore fresh groundwater stock, and (2) a reversal and increase of the upward leakage from the Ramanathapuram aquifer, thus corroborating the hypothesis proposed to explain geochemical results of the previous study, and denying a seawater intrusion. Palaeo-climate review supports the existence of favourable hydro-climatological conditions to replenish an offshore groundwater stock of the Vanur aquifer in the past. The extent of this fresh groundwater stock was calculated using the Kooi and Groen method.

The importance of context: evidence that contextual representations increase intrusive memories.

PubMed

Pearson, David G; Ross, Fiona D C; Webster, Victoria L

2012-03-01

Intrusive memories appear to enter consciousness via involuntary rather than deliberate recollection. Some clinical accounts of PTSD seek to explain this phenomenon by making a clear distinction between the encoding of sensory-based and contextual representations. Contextual representations have been claimed to actively reduce intrusions by anchoring encoded perceptual data for an event in memory. The current analogue trauma study examined this hypothesis by manipulating contextual information independently from encoded sensory-perceptual information. Participants' viewed images selected from the International Affective Picture System that depicted scenes of violence and bodily injury. Images were viewed either under neutral conditions or paired with contextual information. Two experiments revealed a significant increase in memory intrusions for images paired with contextual information in comparison to the same images viewed under neutral conditions. In contrast to the observed increase in intrusion frequency there was no effect of contextual representations on voluntary memory for the images. The vividness and emotionality of memory intrusions were also unaffected. The analogue trauma paradigm may fail to replicate the effect of extreme stress on encoding postulated to occur during PTSD. These findings question the assertion that intrusive memories develop from a lack of integration between sensory-based and contextual representations in memory. Instead it is argued contextual representations play a causal role in increasing the frequency of intrusions by increasing the sensitivity of memory to involuntary retrieval by associated internal and external cues. Copyright © 2011 Elsevier Ltd. All rights reserved.

Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Chen, Qian; Nichols, Jeff A.

Supervisory control and data acquisition (SCADA) is an industrial automation system that remotely monitor, and control critical infrastructures. SCADA systems are major targets for espionage and sabotage attackers. According to the 2015 Dell security annual threat report, the number of cyber-attacks against SCADA systems has doubled in the past year. Cyber-attacks (i.e., buffer overflow, rootkits and code injection) could cause serious financial losses and physical infrastructure damages. Moreover, some specific cyber-attacks against SCADA systems could become a threat to human life. Current commercial off-the-shelf security solutions are insufficient in protecting SCADA systems against sophisticated cyber-attacks. In 2014 a report bymore » Mandiant stated that only 69% of organizations learned about their breaches from third entities, meaning that these companies lack of their own detection system. Furthermore, these breaches are not detected in real-time or fast enough to prevent further damages. The average time between compromise and detection (for those intrusions that were detected) was 205 days. To address this challenge, we propose an Intrusion Detection System (IDS) that detects SCADA-specific cyber-attacks by analyzing the power consumption of a SCADA device. Specifically, to validate the proposed approach, we chose to monitor in real-time the power usage of a a Programmable Logic Controller (PLC). To this end, we configured the hardware of the tetsbed by installing the required sensors to monitor and collect its power consumption. After that two SCADA-specific cyber-attacks were simulated and TracerDAQ Pro was used to collect the power consumption of the PLC under normal and anomalous scenarios. Results showed that is possible to distinguish between the regular power usage of the PLC and when the PLC was under specific cyber-attacks.« less

Markerless video analysis for movement quantification in pediatric epilepsy monitoring.

PubMed

Lu, Haiping; Eng, How-Lung; Mandal, Bappaditya; Chan, Derrick W S; Ng, Yen-Ling

2011-01-01

This paper proposes a markerless video analytic system for quantifying body part movements in pediatric epilepsy monitoring. The system utilizes colored pajamas worn by a patient in bed to extract body part movement trajectories, from which various features can be obtained for seizure detection and analysis. Hence, it is non-intrusive and it requires no sensor/marker to be attached to the patient's body. It takes raw video sequences as input and a simple user-initialization indicates the body parts to be examined. In background/foreground modeling, Gaussian mixture models are employed in conjunction with HSV-based modeling. Body part detection follows a coarse-to-fine paradigm with graph-cut-based segmentation. Finally, body part parameters are estimated with domain knowledge guidance. Experimental studies are reported on sequences captured in an Epilepsy Monitoring Unit at a local hospital. The results demonstrate the feasibility of the proposed system in pediatric epilepsy monitoring and seizure detection.

Textural, mineralogical and stable isotope studies of hydrothermal alteration in the main sulfide zone of the Great Dyke, Zimbabwe and the precious metals zone of the Sonju Lake Intrusion, Minnesota, USA

USGS Publications Warehouse

Li, C.; Ripley, E.M.; Oberthur, T.; Miller, J.D.; Joslin, G.D.

2008-01-01

Stratigraphic offsets in the peak concentrations of platinum-group elements (PGE) and base-metal sulfides in the main sulfide zone of the Great Dyke and the precious metals zone of the Sonju Lake Intrusion have, in part, been attributed to the interaction between magmatic PGE-bearing base-metal sulfide assemblages and hydrothermal fluids. In this paper, we provide mineralogical and textural evidence that indicates alteration of base-metal sulfides and mobilization of metals and S during hydrothermal alteration in both mineralized intrusions. Stable isotopic data suggest that the fluids involved in the alteration were of magmatic origin in the Great Dyke but that a meteoric water component was involved in the alteration of the Sonju Lake Intrusion. The strong spatial association of platinum-group minerals, principally Pt and Pd sulfides, arsenides, and tellurides, with base-metal sulfide assemblages in the main sulfide zone of the Great Dyke is consistent with residual enrichment of Pt and Pd during hydrothermal alteration. However, such an interpretation is more tenuous for the precious metals zone of the Sonju Lake Intrusion where important Pt and Pd arsenides and antimonides occur as inclusions within individual plagioclase crystals and within alteration assemblages that are free of base-metal sulfides. Our observations suggest that Pt and Pd tellurides, antimonides, and arsenides may form during both magmatic crystallization and subsolidus hydrothermal alteration. Experimental studies of magmatic crystallization and hydrothermal transport/deposition in systems involving arsenides, tellurides, antimonides, and base metal sulfides are needed to better understand the relative importance of magmatic and hydrothermal processes in controlling the distribution of PGE in mineralized layered intrusions of this type. ?? Springer-Verlag 2007.

X-Ray Scan Detection for Cargo Integrity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Valencia, Juan D.; Miller, Steven D.

ABSTRACT The increase of terrorism and its global impact has made the determination of the contents of cargo containers a necessity. Existing technology allows non-intrusive inspections to determine the contents of a container rapidly and accurately. However, some cargo shipments are exempt from such inspections. Hence, there is a need for a technology that enables rapid and accurate means of detecting whether such containers were non-intrusively inspected. Non-intrusive inspections are most commonly performed utilizing high powered X-ray equipment. The challenge is creating a device that can detect short duration X-ray scans while maintaining a portable, battery powered, low cost, andmore » easy to use platform. The Pacific Northwest National Laboratory (PNNL) has developed a methodology and prototype device focused on this challenge. The prototype, developed by PNNL, is a battery powered electronic device that continuously measures its X-ray and Gamma exposure, calculates the dose equivalent rate, and makes a determination of whether the device has been exposed to the amount of radiation experienced during an X-ray inspection. Once an inspection is detected, the device will record a timestamp of the event and relay the information to authorized personnel via a visual alert, USB connection, and/or wireless communication. The results of this research demonstrate that PNNL’s prototype device can be effective at determining whether a container was scanned by X-ray equipment typically used for cargo container inspections. This paper focuses on laboratory measurements and test results acquired with the PNNL prototype device using several X-ray radiation levels. Keywords: Radiation, Scan, X-ray, Gamma, Detection, Cargo, Container, Wireless, RF« less

Research on Abnormal Detection Based on Improved Combination of K - means and SVDD

NASA Astrophysics Data System (ADS)

Hao, Xiaohong; Zhang, Xiaofeng

2018-01-01

In order to improve the efficiency of network intrusion detection and reduce the false alarm rate, this paper proposes an anomaly detection algorithm based on improved K-means and SVDD. The algorithm first uses the improved K-means algorithm to cluster the training samples of each class, so that each class is independent and compact in class; Then, according to the training samples, the SVDD algorithm is used to construct the minimum superspheres. The subordinate relationship of the samples is determined by calculating the distance of the minimum superspheres constructed by SVDD. If the test sample is less than the center of the hypersphere, the test sample belongs to this class, otherwise it does not belong to this class, after several comparisons, the final test of the effective detection of the test sample.In this paper, we use KDD CUP99 data set to simulate the proposed anomaly detection algorithm. The results show that the algorithm has high detection rate and low false alarm rate, which is an effective network security protection method.

Mellin Transform-Based Correction Method for Linear Scale Inconsistency of Intrusion Events Identification in OFPS

NASA Astrophysics Data System (ADS)

Wang, Baocheng; Qu, Dandan; Tian, Qing; Pang, Liping

2018-05-01

For the problem that the linear scale of intrusion signals in the optical fiber pre-warning system (OFPS) is inconsistent, this paper presents a method to correct the scale. Firstly, the intrusion signals are intercepted, and an aggregate of the segments with equal length is obtained. Then, the Mellin transform (MT) is applied to convert them into the same scale. The spectral characteristics are obtained by the Fourier transform. Finally, we adopt back-propagation (BP) neural network to identify intrusion types, which takes the spectral characteristics as input. We carried out the field experiments and collected the optical fiber intrusion signals which contain the picking signal, shoveling signal, and running signal. The experimental results show that the proposed algorithm can effectively improve the recognition accuracy of the intrusion signals.

Individual differences in spatial configuration learning predict the occurrence of intrusive memories.

PubMed

Meyer, Thomas; Smeets, Tom; Giesbrecht, Timo; Quaedflieg, Conny W E M; Girardelli, Marta M; Mackay, Georgina R N; Merckelbach, Harald

2013-03-01

The dual-representation model of posttraumatic stress disorder (PTSD; Brewin, Gregory, Lipton, & Burgess, Psychological Review, 117, 210-232 2010) argues that intrusions occur when people fail to construct context-based representations during adverse experiences. The present study tested a specific prediction flowing from this model. In particular, we investigated whether the efficiency of temporal-lobe-based spatial configuration learning would account for individual differences in intrusive experiences and physiological reactivity in the laboratory. Participants (N = 82) completed the contextual cuing paradigm, which assesses spatial configuration learning that is believed to depend on associative encoding in the parahippocampus. They were then shown a trauma film. Afterward, startle responses were quantified during presentation of trauma reminder pictures versus unrelated neutral and emotional pictures. PTSD symptoms were recorded in the week following participation. Better configuration learning performance was associated with fewer perceptual intrusions, r = -.33, p < .01, but was unrelated to physiological responses to trauma reminder images (ps > .46) and had no direct effect on intrusion-related distress and overall PTSD symptoms, rs > -.12, ps > .29. However, configuration learning performance tended to be associated with reduced physiological responses to unrelated negative images, r = -.20, p = .07. Thus, while spatial configuration learning appears to be unrelated to affective responding to trauma reminders, our overall findings support the idea that the context-based memory system helps to reduce intrusions.

Rapid dike intrusion into Sakurajima volcano on August 15, 2015, as detected by multi-parameter ground deformation observations

NASA Astrophysics Data System (ADS)

Hotta, Kohei; Iguchi, Masato; Tameguri, Takeshi

2016-04-01

We present observations of ground deformation at Sakurajima in August 2015 and model the deformation using a combination of GNSS, tilt and strain data in order to interpret a rapid deformation event on August 15, 2015. The pattern of horizontal displacement during the period from August 14 to 16, 2015, shows a WNW-ESE extension, which suggests the opening of a dike. Using a genetic algorithm, we obtained the position, dip, strike length, width and opening of a dislocation source based on the combined data. A nearly vertical dike with a NNE-SSW strike was found at a depth of 1.0 km below sea level beneath the Showa crater. The length and width are 2.3 and 0.6 km, respectively, and a dike opening of 1.97 m yields a volume increase of 2.7 × 106 m3. 887 volcano-tectonic (VT) earthquakes beside the dike suggest that the rapid opening of the dike caused an accumulation of strain in the surrounding rocks, and the VT earthquakes were generated to release this strain. Half of the total amount of deformation was concentrated between 10:27 and 11:54 on August 15. It is estimated that the magma intrusion rate was 1 × 106 m3/h during this period. This is 200 times larger than the magma intrusion rate prior to one of the biggest eruptions at the summit crater of Minami-dake on July 24, 2012, and 2200 times larger than the average magma intrusion rate during the period from October 2011 to March 2012. The previous Mogi-type ground deformation is considered to be a process of magma accumulation in preexisting spherical reservoirs. Conversely, the August 2015 event was a dike intrusion and occurred in a different location to the preexisting reservoirs. The direction of the opening of the dike coincides with the T-axes and direction of faults creating a graben structure.

Department of Defense counterdrug technology development of non-intrusive inspection systems

NASA Astrophysics Data System (ADS)

Pennella, John J.

1997-02-01

The Naval Surface Warfare Center Dahlgren Division serves as the executive agent for the DoD's Contraband Detection and Cargo Container Inspection Technology Development Program. The goal of the DoD non-intrusive inspection (NII) program is to develop prototype equipment that can be used to inspect containers and vehicles, quickly and in large numbers without unnecessary delays in the movement of legitimate cargo. This paper summaries the past accomplishments of the program, current status, and future plans.

Simple, Efficient, and Rapid Methods to Determine the Potential for Vapor Intrusion into the Home: Temporal Trends, Vapor Intrusion Forecasting, Sampling Strategies, and Contaminant Migration Routes

EPA Science Inventory

Current practice for evaluating the vapor intrusion pathway involves a multiple line of evidence approach based on direct measurements of volatile organic compound (VOC) concentrations in groundwater, external soil gas, subslab soil gas, and/or indoor air. No single line of evide...

X-ray scan detection for cargo integrity

NASA Astrophysics Data System (ADS)

Valencia, Juan; Miller, Steve

2011-04-01

The increase of terrorism and its global impact has made the determination of the contents of cargo containers a necessity. Existing technology allows non-intrusive inspections to determine the contents of a container rapidly and accurately. However, some cargo shipments are exempt from such inspections. Hence, there is a need for a technology that enables rapid and accurate means of detecting whether such containers were non-intrusively inspected. Non-intrusive inspections are most commonly performed utilizing high powered X-ray equipment. The challenge is creating a device that can detect short duration X-ray scans while maintaining a portable, battery powered, low cost, and easy to use platform. The Pacific Northwest National Laboratory (PNNL) has developed a methodology and prototype device focused on this challenge. The prototype, developed by PNNL, is a battery powered electronic device that continuously measures its X-ray and Gamma exposure, calculates the dose equivalent rate, and makes a determination of whether the device has been exposed to the amount of radiation experienced during an X-ray inspection. Once an inspection is detected, the device will record a timestamp of the event and relay the information to authorized personnel via a visual alert, USB connection, and/or wireless communication. The results of this research demonstrate that PNNL's prototype device can be effective at determining whether a container was scanned by X-ray equipment typically used for cargo container inspections. This paper focuses on laboratory measurements and test results acquired with the PNNL prototype device using several X-ray radiation levels.

Artificial Intelligence-Based Models for the Optimal and Sustainable Use of Groundwater in Coastal Aquifers

NASA Astrophysics Data System (ADS)

Sreekanth, J.; Datta, Bithin

2011-07-01

Overexploitation of the coastal aquifers results in saltwater intrusion. Once saltwater intrusion occurs, it involves huge cost and long-term remediation measures to remediate these contaminated aquifers. Hence, it is important to have strategies for the sustainable use of coastal aquifers. This study develops a methodology for the optimal management of saltwater intrusion prone aquifers. A linked simulation-optimization-based management strategy is developed. The methodology uses genetic-programming-based models for simulating the aquifer processes, which is then linked to a multi-objective genetic algorithm to obtain optimal management strategies in terms of groundwater extraction from potential well locations in the aquifer.

THE POTENTIAL FOR THE USE OF CANINES IN VAPOR INTRUSION INVESTIGATIONS

EPA Science Inventory

Dogs have been used extensively in law enforcement and military applications to detect narcotics and explosives for over thirty years and in arson investigations to detect accelerants since they are much more accurate at discriminating between accelerants and by-products of combu...

Time-resolved seismic tomography detects magma intrusions at Mount Etna.

PubMed

Patanè, D; Barberi, G; Cocina, O; De Gori, P; Chiarabba, C

2006-08-11

The continuous volcanic and seismic activity at Mount Etna makes this volcano an important laboratory for seismological and geophysical studies. We used repeated three-dimensional tomography to detect variations in elastic parameters during different volcanic cycles, before and during the October 2002-January 2003 flank eruption. Well-defined anomalous low P- to S-wave velocity ratio volumes were revealed. Absent during the pre-eruptive period, the anomalies trace the intrusion of volatile-rich (>/=4 weight percent) basaltic magma, most of which rose up only a few months before the onset of eruption. The observed time changes of velocity anomalies suggest that four-dimensional tomography provides a basis for more efficient volcano monitoring and short- and midterm eruption forecasting of explosive activity.

Algorithms Based on CWT and Classifiers to Control Cardiac Alterations and Stress Using an ECG and a SCR

PubMed Central

Villarejo, María Viqueira; Zapirain, Begoña García; Zorrilla, Amaia Méndez

2013-01-01

This paper presents the results of using a commercial pulsimeter as an electrocardiogram (ECG) for wireless detection of cardiac alterations and stress levels for home control. For these purposes, signal processing techniques (Continuous Wavelet Transform (CWT) and J48) have been used, respectively. The designed algorithm analyses the ECG signal and is able to detect the heart rate (99.42%), arrhythmia (93.48%) and extrasystoles (99.29%). The detection of stress level is complemented with Skin Conductance Response (SCR), whose success is 94.02%. The heart rate variability does not show added value to the stress detection in this case. With this pulsimeter, it is possible to prevent and detect anomalies for a non-intrusive way associated to a telemedicine system. It is also possible to use it during physical activity due to the fact the CWT minimizes the motion artifacts. PMID:23666135

Algorithms based on CWT and classifiers to control cardiac alterations and stress using an ECG and a SCR.

PubMed

Villarejo, María Viqueira; Zapirain, Begoña García; Zorrilla, Amaia Méndez

2013-05-10

This paper presents the results of using a commercial pulsimeter as an electrocardiogram (ECG) for wireless detection of cardiac alterations and stress levels for home control. For these purposes, signal processing techniques (Continuous Wavelet Transform (CWT) and J48) have been used, respectively. The designed algorithm analyses the ECG signal and is able to detect the heart rate (99.42%), arrhythmia (93.48%) and extrasystoles (99.29%). The detection of stress level is complemented with Skin Conductance Response (SCR), whose success is 94.02%. The heart rate variability does not show added value to the stress detection in this case. With this pulsimeter, it is possible to prevent and detect anomalies for a non-intrusive way associated to a telemedicine system. It is also possible to use it during physical activity due to the fact the CWT minimizes the motion artifacts.

Using Hybrid Algorithm to Improve Intrusion Detection in Multi Layer Feed Forward Neural Networks

ERIC Educational Resources Information Center

Ray, Loye Lynn

2014-01-01

The need for detecting malicious behavior on a computer networks continued to be important to maintaining a safe and secure environment. The purpose of this study was to determine the relationship of multilayer feed forward neural network architecture to the ability of detecting abnormal behavior in networks. This involved building, training, and…

Integration of 2D and 3D reflection seismic data with deep boreholes in the Kevitsa Ni-Cu-PGE deposit, northern Finland

NASA Astrophysics Data System (ADS)

Koivisto, Emilia; Malehmir, Alireza; Voipio, Teemu; Wijns, Chris

2013-04-01

Kevitsa is a large disseminated sulphide Ni-Cu-PGE deposit hosted by the Kevitsa mafic-ultramafic intrusion in northern Finland and dated as about 2.06 Ga old. The Geological Survey of Finland first discovered the Kevitsa deposit in 1987. Open pit mining by Kevitsa Mining Oy/First Quantum Minerals Ltd. commenced in June 2012. The final pit depth is planned to be 550-600 m. The estimated ore reserves of the Kevitsa intrusion are about 240 million tones (using a nickel cut-off grade of 0.1%). The expected life-of-mine is 20-30 years. More than 400 hundred holes have been drilled in the Kevitsa area, but most are concentrated close to the known deposit and do not provide a comprehensive understanding of the extent of the intrusion. The basal contact of the intrusion is penetrated by only about 30 drill holes, most of which are shallow. A better knowledge of the geometry of the intrusion would provide a framework for near-mine and deep exploration in the area. An exact knowledge on the basal contact of the intrusion would also provide an exploration target for the contact-type mineralization that is often more massive and richer in Ni-Cu. In December 2007, a series of 2D reflection seismic profiles was acquired in the Kevitsa area. It consisted of four connected survey lines between 6 and 11 km long. In 2010, the initial positive results of the 2D seismic survey led Kevitsa Mining Oy/First Quantum Minerals Ltd. to initiate a 3D reflection seismic survey. The 3D seismic survey is limited to the closer vicinity of the known deposit, while the 2D seismic survey was designed to provide a more regional view of the Kevitsa intrusive complex. The main aims of the 2D and 3D seismic surveys were to delineate the shape and extent of the ore-bearing Kevitsa intrusion and the geometry of some of the host rock and surrounding units, and extract information about the larger-scale structures and structures important for mine-planning purposes. The 2D and 3D seismic data were used to create a 3D lithological and structural model for the architecture of the whole complex. The information on the extent of the ore-bearing Kevitsa intrusion can be used for more effective exploration in the area. The base of the intrusion is particularly clear in the northern and eastern sectors. Toward the east, the base is mostly defined by disruption of the reflectors internal to the intrusion. The 2D seismic data, which extend beyond the 3D seismic study, reveal that the prominent reflectors at the base of the intrusion continue deeper toward the south-southwest. This has been interpreted as a previously unknown southern continuation of the intrusion. Furthermore, the data reveal strong reflectors at the base of the intrusion that have been penetrated by two deep drill holes in the area. These drill holes reveal contact-type mineralization at the onset of the reflectors. Thus, the seismic data can be directly used for exploration of the contact-type mineralization.

Access Control of Web and Java Based Applications

NASA Technical Reports Server (NTRS)

Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

2011-01-01

Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

Hybrid Intrusion Forecasting Framework for Early Warning System

NASA Astrophysics Data System (ADS)

Kim, Sehun; Shin, Seong-Jun; Kim, Hyunwoo; Kwon, Ki Hoon; Han, Younggoo

Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.

Time to face it! Facebook intrusion and the implications for romantic jealousy and relationship satisfaction.

PubMed

Elphinston, Rachel A; Noller, Patricia

2011-11-01

Young people's exposure to social network sites such as Facebook is increasing, along with the potential for such use to complicate romantic relationships. Yet, little is known about the overlaps between the online and offline worlds. We extended previous research by investigating the links between Facebook intrusion, jealousy in romantic relationships, and relationship outcomes in a sample of undergraduates currently in a romantic relationship. A Facebook Intrusion Questionnaire was developed based on key features of technological (behavioral) addictions. An eight-item Facebook Intrusion Questionnaire with a single-factor structure was supported; internal consistency was high. Facebook intrusion was linked to relationship dissatisfaction, via jealous cognitions and surveillance behaviors. The results highlight the possibility of high levels of Facebook intrusion spilling over into romantic relationships, resulting in problems such as jealousy and dissatisfaction. The results have implications for romantic relationships and for Facebook users in general.

Fracturing of doleritic intrusions and associated contact zones: Implications for fluid flow in volcanic basins

NASA Astrophysics Data System (ADS)

Senger, Kim; Buckley, Simon J.; Chevallier, Luc; Fagereng, Åke; Galland, Olivier; Kurz, Tobias H.; Ogata, Kei; Planke, Sverre; Tveranger, Jan

2015-02-01

Igneous intrusions act as both carriers and barriers to subsurface fluid flow and are therefore expected to significantly influence the distribution and migration of groundwater and hydrocarbons in volcanic basins. Given the low matrix permeability of igneous rocks, the effective permeability in- and around intrusions is intimately linked to the characteristics of their associated fracture networks. Natural fracturing is caused by numerous processes including magma cooling, thermal contraction, magma emplacement and mechanical disturbance of the host rock. Fracturing may be locally enhanced along intrusion-host rock interfaces, at dyke-sill junctions, or at the base of curving sills, thereby potentially enhancing permeability associated with these features. In order to improve our understanding of fractures associated with intrusive bodies emplaced in sedimentary host rocks, we have investigated a series of outcrops from the Karoo Basin of the Eastern Cape province of South Africa, where the siliciclastic Burgersdorp Formation has been intruded by various intrusions (thin dykes, mid-sized sheet intrusions and thick sills) belonging to the Karoo dolerite. We present a quantified analysis of fracturing in- and around these igneous intrusions based on five outcrops at three individual study sites, utilizing a combination of field data, high-resolution lidar virtual outcrop models and image processing. Our results show a significant difference between the three sites in terms of fracture orientation. The observed differences can be attributed to contrasting intrusion geometries, outcrop geometry (for lidar data) and tectonic setting. Two main fracture sets were identified in the dolerite at two of the sites, oriented parallel and perpendicular to the contact respectively. Fracture spacing was consistent between the three sites, and exhibits a higher degree of variation in the dolerites compared to the host rock. At one of the study sites, fracture frequency in the surrounding host rock increases slightly toward the intrusion at approximately 3 m from the contact. We conclude by presenting a conceptual fluid flow model, showing permeability enhancement and a high potential for fluid flow-channeling along the intrusion-host rock interfaces.

Non-intrusive practitioner pupil detection for unmodified microscope oculars.

PubMed

Fuhl, Wolfgang; Santini, Thiago; Reichert, Carsten; Claus, Daniel; Herkommer, Alois; Bahmani, Hamed; Rifai, Katharina; Wahl, Siegfried; Kasneci, Enkelejda

2016-12-01

Modern microsurgery is a long and complex task requiring the surgeon to handle multiple microscope controls while performing the surgery. Eye tracking provides an additional means of interaction for the surgeon that could be used to alleviate this situation, diminishing surgeon fatigue and surgery time, thus decreasing risks of infection and human error. In this paper, we introduce a novel algorithm for pupil detection tailored for eye images acquired through an unmodified microscope ocular. The proposed approach, the Hough transform, and six state-of-the-art pupil detection algorithms were evaluated on over 4000 hand-labeled images acquired from a digital operating microscope with a non-intrusive monitoring system for the surgeon eyes integrated. Our results show that the proposed method reaches detection rates up to 71% for an error of ≈3% w.r.t the input image diagonal; none of the state-of-the-art pupil detection algorithms performed satisfactorily. The algorithm and hand-labeled data set can be downloaded at:: www.ti.uni-tuebingen.de/perception. Copyright © 2016 Elsevier Ltd. All rights reserved.

Characterization of computer network events through simultaneous feature selection and clustering of intrusion alerts

NASA Astrophysics Data System (ADS)

Chen, Siyue; Leung, Henry; Dondo, Maxwell

2014-05-01

As computer network security threats increase, many organizations implement multiple Network Intrusion Detection Systems (NIDS) to maximize the likelihood of intrusion detection and provide a comprehensive understanding of intrusion activities. However, NIDS trigger a massive number of alerts on a daily basis. This can be overwhelming for computer network security analysts since it is a slow and tedious process to manually analyse each alert produced. Thus, automated and intelligent clustering of alerts is important to reveal the structural correlation of events by grouping alerts with common features. As the nature of computer network attacks, and therefore alerts, is not known in advance, unsupervised alert clustering is a promising approach to achieve this goal. We propose a joint optimization technique for feature selection and clustering to aggregate similar alerts and to reduce the number of alerts that analysts have to handle individually. More precisely, each identified feature is assigned a binary value, which reflects the feature's saliency. This value is treated as a hidden variable and incorporated into a likelihood function for clustering. Since computing the optimal solution of the likelihood function directly is analytically intractable, we use the Expectation-Maximisation (EM) algorithm to iteratively update the hidden variable and use it to maximize the expected likelihood. Our empirical results, using a labelled Defense Advanced Research Projects Agency (DARPA) 2000 reference dataset, show that the proposed method gives better results than the EM clustering without feature selection in terms of the clustering accuracy.

Method for detecting moment connection fracture using high-frequency transients in recorded accelerations

USGS Publications Warehouse

Rodgers, J.E.; Elebi, M.

2011-01-01

The 1994 Northridge earthquake caused brittle fractures in steel moment frame building connections, despite causing little visible building damage in most cases. Future strong earthquakes are likely to cause similar damage to the many un-retrofitted pre-Northridge buildings in the western US and elsewhere. Without obvious permanent building deformation, costly intrusive inspections are currently the only way to determine if major fracture damage that compromises building safety has occurred. Building instrumentation has the potential to provide engineers and owners with timely information on fracture occurrence. Structural dynamics theory predicts and scale model experiments have demonstrated that sudden, large changes in structure properties caused by moment connection fractures will cause transient dynamic response. A method is proposed for detecting the building-wide level of connection fracture damage, based on observing high-frequency, fracture-induced transient dynamic responses in strong motion accelerograms. High-frequency transients are short (<1 s), sudden-onset waveforms with frequency content above 25 Hz that are visually apparent in recorded accelerations. Strong motion data and damage information from intrusive inspections collected from 24 sparsely instrumented buildings following the 1994 Northridge earthquake are used to evaluate the proposed method. The method's overall success rate for this data set is 67%, but this rate varies significantly with damage level. The method performs reasonably well in detecting significant fracture damage and in identifying cases with no damage, but fails in cases with few fractures. Combining the method with other damage indicators and removing records with excessive noise improves the ability to detect the level of damage. ?? 2010 Elsevier B.V. All rights reserved.

An Intelligent Parking Management System for Urban Areas.

PubMed

Vera-Gómez, Juan A; Quesada-Arencibia, Alexis; García, Carmelo R; Suárez Moreno, Raúl; Guerra Hernández, Fernando

2016-06-21

In this article we describe a low-cost, minimally-intrusive system for the efficient management of parking spaces on both public roads and controlled zones. This system is based on wireless networks of photoelectric sensors that are deployed on the access roads into and out of these areas. The sensors detect the passage of vehicles on these roads and communicate this information to a data centre, thus making it possible to know the number of vehicles in the controlled zone and the occupancy levels in real-time. This information may be communicated to drivers to facilitate their search for a parking space and to authorities so that they may take steps to control traffic when congestion is detected.

A prototype forensic toolkit for industrial-control-systems incident response

NASA Astrophysics Data System (ADS)

Carr, Nickolas B.; Rowe, Neil C.

2015-05-01

Industrial control systems (ICSs) are an important part of critical infrastructure in cyberspace. They are especially vulnerable to cyber-attacks because of their legacy hardware and software and the difficulty of changing it. We first survey the history of intrusions into ICSs, the more serious of which involved a continuing adversary presence on an ICS network. We discuss some common vulnerabilities and the categories of possible attacks, noting the frequent use of software written a long time ago. We propose a framework for designing ICS incident response under the constraints that no new software must be required and that interventions cannot impede the continuous processing that is the norm for such systems. We then discuss a prototype toolkit we built using the Windows Management Instrumentation Command-Line tool for host-based analysis and the Bro intrusion-detection software for network-based analysis. Particularly useful techniques we used were learning the historical range of parameters of numeric quantities so as to recognize anomalies, learning the usual addresses of connections to a node, observing Internet addresses (usually rare), observing anomalous network protocols such as unencrypted data transfers, observing unusual scheduled tasks, and comparing key files through registry entries and hash values to find malicious modifications. We tested our methods on actual data from ICSs including publicly-available data, voluntarily-submitted data, and researcher-provided "advanced persistent threat" data. We found instances of interesting behavior in our experiments. Intrusions were generally easy to see because of the repetitive nature of most processing on ICSs, but operators need to be motivated to look.

Igneous intrusion models for floor fracturing in lunar craters

NASA Technical Reports Server (NTRS)

Wichman, R. W.; Schultz, P. H.

1991-01-01

Lunar floor-fractured craters are primarily located near the maria and frequently contain ponded mare units and dark mantling deposits. Fracturing is confined to the crater interior, often producing a moat-like feature near the floor edge, and crater depth is commonly reduced by uplift of the crater floor. Although viscous relaxation of crater topography can produce such uplift, the close association of modification with surface volcanism supports a model linking floor fracture to crater-centered igneous intrusions. The consequences of two intrusion models for the lunar interior are quantitatively explored. The first model is based on terrestrial laccoliths and describes a shallow intrusion beneath the crater. The second model is based on cone sheet complexes where surface deformation results from a deeper magma chamber. Both models, their fit to observed crater modifications and possible implications for local volcanism are described.

An adaptive neural swarm approach for intrusion defense in ad hoc networks

NASA Astrophysics Data System (ADS)

Cannady, James

2011-06-01

Wireless sensor networks (WSN) and mobile ad hoc networks (MANET) are being increasingly deployed in critical applications due to the flexibility and extensibility of the technology. While these networks possess numerous advantages over traditional wireless systems in dynamic environments they are still vulnerable to many of the same types of host-based and distributed attacks common to those systems. Unfortunately, the limited power and bandwidth available in WSNs and MANETs, combined with the dynamic connectivity that is a defining characteristic of the technology, makes it extremely difficult to utilize traditional intrusion detection techniques. This paper describes an approach to accurately and efficiently detect potentially damaging activity in WSNs and MANETs. It enables the network as a whole to recognize attacks, anomalies, and potential vulnerabilities in a distributive manner that reflects the autonomic processes of biological systems. Each component of the network recognizes activity in its local environment and then contributes to the overall situational awareness of the entire system. The approach utilizes agent-based swarm intelligence to adaptively identify potential data sources on each node and on adjacent nodes throughout the network. The swarm agents then self-organize into modular neural networks that utilize a reinforcement learning algorithm to identify relevant behavior patterns in the data without supervision. Once the modular neural networks have established interconnectivity both locally and with neighboring nodes the analysis of events within the network can be conducted collectively in real-time. The approach has been shown to be extremely effective in identifying distributed network attacks.

Extruded upper first molar intrusion: Comparison between unilateral and bilateral miniscrew anchorage.

PubMed

Sugii, Mari Miura; Barreto, Bruno de Castro Ferreira; Francisco Vieira-Júnior, Waldemir; Simone, Katia Regina Izola; Bacchi, Ataís; Caldas, Ricardo Armini

2018-01-01

The aim of his study was to evaluate the stress on tooth and alveolar bone caused by orthodontic intrusion forces in a supraerupted upper molar, by using a three-dimensional Finite Element Method (FEM). A superior maxillary segment was modeled in the software SolidWorks 2010 (SolidWorks Corporation, Waltham, MA, USA) containing: cortical and cancellous bone, supraerupted first molar, periodontal tissue and orthodontic components. A finite element model has simulated intrusion forces of 4N onto a tooth, directed to different mini-screw locations. Three different intrusion mechanics vectors were simulated: anchoring on a buccal mini-implant; anchoring on a palatal mini-implant and the association of both anchorage systems. All analyses were performed considering the minimum principal stress and total deformation. Qualitative analyses exhibited stress distribution by color maps. Quantitative analysis was performed with a specific software for reading and solving numerical equations (ANSYS Workbench 14, Ansys, Canonsburg, Pennsylvania, USA). Intrusion forces applied from both sides (buccal and palatal) resulted in a more homogeneous stress distribution; no high peak of stress was detected and it has allowed a vertical resultant movement. Buccal or palatal single-sided forces resulted in concentrated stress zones with higher values and tooth tipping to respective force side. Unilateral forces promoted higher stress in root apex and higher dental tipping. The bilateral forces promoted better distribution without evidence of dental tipping. Bilateral intrusion technique suggested lower probability of root apex resorption.

Holistic Network Defense: Fusing Host and Network Features for Attack Classification

DTIC Science & Technology

2011-03-01

Measures for Anomaly Detection," IEEE Symposium on Security and Privacy, Oakland, CA, (May 2001). 33. Mahoney , Matthew V, and Phillip K. Chan...University of London, August 2005. 44. Newman , Daniel, Kristina M. Manalo, and Ed Tittel. "Intrusion Detection Overview," InformIT, (June 2004). 20 Feb

The Unexplored Impact of IPv6 on Intrusion Detection Systems

DTIC Science & Technology

2012-03-01

of cross-NIDS, standardized, rule sets such as SNORT’s VRT [23]. • Continuously monitor vulnerability or exploit development sites. For example, the...and BRO polices should be written to enhance detection. The bolstering of built-in databases and repositories such as VRT [23] for specific IPv6 issues

Genetic Aspects of Gold Mineralization at Some Occurrences in the Eastern Desert of Egypt

NASA Astrophysics Data System (ADS)

Abd El Monsef, M.; Slobodník, M.; Salem, I. A.

2012-04-01

The Eastern Desert of Egypt is well known as a gold-mining area since ancient times, there're more than 95 gold deposits and occurrences spread the whole area covered by the basement rocks of Precambrian age. The basement rocks of the Eastern Desert of Egypt constitute the Nubian Shield that has formed a continuous part of the Arabian-Nubian Shield before the opening of Red Sea (Oligocene-Early Miocene). Commonly, the system of gold-bearing quartz veins in the Eastern Desert is clearly structural controlled related to brittle-ductile shear zones that mostly developed during late deformational stages of the evolution history for basement rocks in the Eastern Desert. This running study principally aims to contribute the mineral resource potential of the gold deposits in Egypt, so particularly Fatira, Gidami and Atalla occurrences have been involved into a comprehensive study based on field, structural, mineralogical, geochemical and genetic investigations. It is intended to better understanding for the characteristics, distribution controls, conditions and age of mineralization in relation to the age of the hosting rocks intrusion to find if there're genetic links between the gold mineralization and the evolution of the host intrusive complex. Several authors suggested that the gold mineralization was related to the intrusion of the (postorogenic) Younger granites. Other authors interpret these deposits as products of hydrothermal activity induced either by metamorphism or cooling effects of early Paleozoic magmatism or as combined metamorphic/magmatic episodes. The prime focus will be directed to the ore itself and the associated hydrothermal alteration zones based on detailed maps and well-distributed samples network and geochemical anomalies distribution. The laboratory studies included microscopic examination (reflecting and transmitting microscopy) to allow for determination of the hosting rocks types and mineralogical changes related to the gold mineralization in each area and revealing the ore mineralogy and the ore textures, geochemical analyses (including rare earth elements) are to be used in order to determine the tectonic setting and magmatic evolution of the host intrusions, scanning electron microscope, microprobe analysis, stable isotopes and fluid inclusions will serve as a new part of this study in detection of the origin and the physico-chemical conditions (P-T condition) for the gold precipitation, Age dating of the host intrusion and mineralization will be based on K-Ar for dating potassium-bearing minerals in fresh host rocks and hydrothermal mineral phases.

A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems.

PubMed

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization's internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

Forced-folding by laccolith and saucer-shaped sill intrusions on the Earth, planets and icy satellites

NASA Astrophysics Data System (ADS)

Michaut, Chloé

2017-04-01

Horizontal intrusions probably initially start as cracks, with negligible surface deformation. Once their horizontal extents become large enough compared to their depths, they make room for themselves by lifting up their overlying roofs, creating characteristic surface deformations that can be observed at the surface of planets. We present a model where magma flows below a thin elastic overlying layer characterized by a flexural wavelength Λ and study the dynamics and morphology of such a magmatic intrusion. Our results show that, depending on its size, the intrusion present different shapes and thickness-to-radius relationships. During a first phase, elastic bending of the overlying layer is the main source of driving pressure in the flow; the pressure decreases as the flow radius increases, the intrusion is bell-shaped and its thickness is close to being proportional to its radius. When the intrusion radius becomes larger than 4 times Λ, the flow enters a gravity current regime and progressively develops a pancake shape with a flat top. We study the effect of topography on flow spreading in particular in the case where the flow is constrained by a lithostatic barrier within a depression, such as an impact crater on planets or a caldera on Earth. We show that the resulting shape for the flow depends on the ratio between the flexural wavelength of the layer overlying the intrusion and the depression radius. The model is tested against terrestrial data and is shown to well explain the size and morphology of laccoliths and saucer-shaped sills on Earth. We use our results to detect and characterize shallow solidified magma reservoirs in the crust of terrestrial planets and potential shallow water reservoirs in the ice shell of icy satellites.

Cultural syndromes and age moderate the emotional impact of illness intrusiveness in rheumatoid arthritis.

PubMed

Devins, Gerald M; Gupta, Anita; Cameron, Jill; Woodend, Kirsten; Mah, Kenneth; Gladman, Dafna

2009-02-01

The authors investigated cultural syndromes (multidimensional vectors comprising culturally based attitudes, values, and beliefs) and age as moderators of the emotional impact of illness intrusiveness--illness-induced lifestyle disruptions--in rheumatoid arthritis (RA) and examined illness intrusiveness effects in total and separately for three life domains (relationships and personal development, intimacy, and instrumental). People with RA (n = 105) completed the Illness Intrusiveness Ratings, Individualism-Collectivism, and Center for Epidemiologic Studies--Depression scales in a one-on-one interview. Controlling for disease and background characteristics, the association between illness intrusiveness (total score and the Relationships and Personal Development subscale) and distress was inverse when young adults with RA endorsed high horizontal individualism. Illness intrusiveness into intimacy was associated with increased distress, and this intensified when respondents endorsed high vertical individualism, horizontal collectivism, vertical collectivism, or low horizontal individualism. The negative emotional impact of illness intrusiveness into intimacy diminished with increasing age. Given an aging and increasingly pluralistic society, diversity can no longer be ignored in addressing the psychosocial impact of chronic, disabling disease.

A machine learning evaluation of an artificial immune system.

PubMed

Glickman, Matthew; Balthrop, Justin; Forrest, Stephanie

2005-01-01

ARTIS is an artificial immune system framework which contains several adaptive mechanisms. LISYS is a version of ARTIS specialized for the problem of network intrusion detection. The adaptive mechanisms of LISYS are characterized in terms of their machine-learning counterparts, and a series of experiments is described, each of which isolates a different mechanism of LISYS and studies its contribution to the system's overall performance. The experiments were conducted on a new data set, which is more recent and realistic than earlier data sets. The network intrusion detection problem is challenging because it requires one-class learning in an on-line setting with concept drift. The experiments confirm earlier experimental results with LISYS, and they study in detail how LISYS achieves success on the new data set.

Cup-shaped Intrusions, Morphology and Emplacement Mechanism Investigate Through Analogue Modelling

NASA Astrophysics Data System (ADS)

Mathieu, L.; van Wyk de Vries, B.

2007-12-01

We investigate the morphology of large-scale shallow-depth magma intrusions and sub-volcanic complexes with analogue models. Intrusions of analogue magma are done in a granular material that can contain a ductile layer. The model surface is flat to model the formation of plutonic intrusions and it is overlain by a cone when modelling late sub-volcanic complexes. For flat-top models, we obtain cup-shaped intrusions fed by dykes. Cup-shaped intrusions are inverted-cone like bodies. They are different from saucer-shaped intrusions as they possess neither a well developed sill-base, nor an outer rim. However, like saucers, cups are shallow depth intrusions that dome the country rocks. They initiate from an advancing dyke and first develop an inverted-cone like morphology. Then, the central thickness increases and thrusts form at the edge of the domed country rocks. At this stage, the intrusions progressively involve toward a lopolith shape. By using analogue magma of various viscosities we have been able to constrain key relationships: higher intrusion viscosity causes deeper initiation and the deeper they initiate, the larger is the intrusion diameter. A natural example of such intrusion might by the circles of volcanoes like the Azufre-Lastaria (Peru) that might be overlain be a large-scale cup-shaped intrusion. When adding a cone at the surface of the model and, sometimes, a thin ductile layer in the substratum, the morphology of cup-shaped intrusions vary. Note that the ductile layer of our models is not thick enough to induce the gravitational spreading of the cone. Generally, cup-shaped intrusions are asymmetric in cross section and elliptical in plan view. Their formation creates extension structures in the cone (croissant-shaped rift, straight rift or normal fault) and thrusts in some sectors below the cone. Both types of structures are bordered by strike-slip faults. Cups and saucers share many similarities, but differ probably in the fact that saucers are partially sills that are guided by stratigraphic horizons. However, the basic formation mechanisms may be the same and saucers could be regarded as a special form of cup.

WISESight : a multispectral smart video-track intrusion monitor.

DOT National Transportation Integrated Search

2015-05-01

International Electronic Machines : Corporation (IEM) developed, tested, and : validated a unique smart video-based : intrusion monitoring system for use at : highway-rail grade crossings. The system : used both thermal infrared (IR) and : visible/ne...

Associations of hallucination proneness with free-recall intrusions and response bias in a nonclinical sample.

PubMed

Brébion, Gildas; Larøi, Frank; Van der Linden, Martial

2010-10-01

Hallucinations in patients with schizophrenia have been associated with a liberal response bias in signal detection and recognition tasks and with various types of source-memory error. We investigated the associations of hallucination proneness with free-recall intrusions and false recognitions of words in a nonclinical sample. A total of 81 healthy individuals were administered a verbal memory task involving free recall and recognition of one nonorganizable and one semantically organizable list of words. Hallucination proneness was assessed by means of a self-rating scale. Global hallucination proneness was associated with free-recall intrusions in the nonorganizable list and with a response bias reflecting tendency to make false recognitions of nontarget words in both types of list. The verbal hallucination score was associated with more intrusions and with a reduced tendency to make false recognitions of words. The associations between global hallucination proneness and two types of verbal memory error in a nonclinical sample corroborate those observed in patients with schizophrenia and suggest that common cognitive mechanisms underlie hallucinations in psychiatric and nonclinical individuals.

Vulnerability of water distribution systems to pathogen intrusion: how effective is a disinfectant residual?

PubMed

Propato, Marco; Uber, James G

2004-07-01

Can the spread of infectious disease through water distribution systems be halted by a disinfectant residual? This question is overdue for an answer. Regulatory agencies and water utilities have long been concerned about accidental intrusions of pathogens into distribution system pipelines (i.e., cross-connections) and are increasingly concerned about deliberate pathogen contamination. Here, a simulation framework is developed and used to assess the vulnerability of a water system to microbiological contamination. The risk of delivering contaminated water to consumers is quantified by a network water quality model that includes disinfectant decay and disinfection kinetics. The framework is applied to two example networks under a worst-case deliberate intrusion scenario. Results show that the risk of consumer exposure is affected by the residual maintenance strategy employed. The common regulation that demands a "detectable" disinfectant residual may not provide effective consumer protection against microbial contamination. A chloramine residual, instead of free chlorine, may significantly weaken this final barrier against pathogen intrusions. Moreover, the addition of a booster station at storage tanks may improve consumer protection without requiring excessive disinfectant.

Security barriers with automated reconnaissance

DOEpatents

McLaughlin, James O; Baird, Adam D; Tullis, Barclay J; Nolte, Roger Allen

2015-04-07

An intrusion delaying barrier includes primary and secondary physical structures and can be instrumented with multiple sensors incorporated into an electronic monitoring and alarm system. Such an instrumented intrusion delaying barrier may be used as a perimeter intrusion defense and assessment system (PIDAS). Problems with not providing effective delay to breaches by intentional intruders and/or terrorists who would otherwise evade detection are solved by attaching the secondary structures to the primary structure, and attaching at least some of the sensors to the secondary structures. By having multiple sensors of various types physically interconnected serves to enable sensors on different parts of the overall structure to respond to common disturbances and thereby provide effective corroboration that a disturbance is not merely a nuisance or false alarm. Use of a machine learning network such as a neural network exploits such corroboration.

Automatic Fatigue Detection of Drivers through Yawning Analysis

NASA Astrophysics Data System (ADS)

Azim, Tayyaba; Jaffar, M. Arfan; Ramzan, M.; Mirza, Anwar M.

This paper presents a non-intrusive fatigue detection system based on the video analysis of drivers. The focus of the paper is on how to detect yawning which is an important cue for determining driver's fatigue. Initially, the face is located through Viola-Jones face detection method in a video frame. Then, a mouth window is extracted from the face region, in which lips are searched through spatial fuzzy c-means (s-FCM) clustering. The degree of mouth openness is extracted on the basis of mouth features, to determine driver's yawning state. If the yawning state of the driver persists for several consecutive frames, the system concludes that the driver is non-vigilant due to fatigue and is thus warned through an alarm. The system reinitializes when occlusion or misdetection occurs. Experiments were carried out using real data, recorded in day and night lighting conditions, and with users belonging to different race and gender.

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Min-max hyperellipsoidal clustering for anomaly detection in network security.

PubMed

Sarasamma, Suseela T; Zhu, Qiuming A

2006-08-01

A novel hyperellipsoidal clustering technique is presented for an intrusion-detection system in network security. Hyperellipsoidal clusters toward maximum intracluster similarity and minimum intercluster similarity are generated from training data sets. The novelty of the technique lies in the fact that the parameters needed to construct higher order data models in general multivariate Gaussian functions are incrementally derived from the data sets using accretive processes. The technique is implemented in a feedforward neural network that uses a Gaussian radial basis function as the model generator. An evaluation based on the inclusiveness and exclusiveness of samples with respect to specific criteria is applied to accretively learn the output clusters of the neural network. One significant advantage of this is its ability to detect individual anomaly types that are hard to detect with other anomaly-detection schemes. Applying this technique, several feature subsets of the tcptrace network-connection records that give above 95% detection at false-positive rates below 5% were identified.

Detection and Classification of Network Intrusions Using Hidden Markov Models

DTIC Science & Technology

2002-01-01

31 2.2.3 High-level state machines for misuse detection . . . . . . . 32 2.2.4 EMERALD ...Solaris host audit data to detect Solaris R2L (Remote-to-Local) and U2R (User-to-Root) attacks. 7 login as a legitimate user on a local system and use a...as suspicious rather than the entire login session and it can detect some anomalies that are difficult to detect with traditional approaches. It’s

Accounting for intrusive thoughts in PTSD: Contributions of cognitive control and deliberate regulation strategies.

PubMed

Bomyea, Jessica; Lang, Ariel J

2016-03-01

Persistent, trauma-related intrusive thoughts are common in individuals with posttraumatic stress disorder (PTSD). Automatic aspects of cognitive functioning (including executive functioning) and maladaptive deliberate attempts at cognitive regulation have been proposed as individual difference factors that may perpetuate intrusive thoughts. The current study sought to examine the joint contribution of these two factors on intrusive thoughts in PTSD. Forty-two women with PTSD completed an executive functioning assessment followed by a thought suppression task. Intrusive thoughts (frequency and duration), as well as participants' use of specific cognitive regulation strategies (avoidance-based thought regulation strategies; TRS), were measured during the task. Hierarchical linear regression was used to examine the interaction of executive functioning and TRS on intrusive thoughts. Greater use of TRS was associated with greater intrusive thought persistence for those with low executive functioning, but not those with high executive functioning. Data was collected cross-sectionally and the laboratory thought suppression task may not correspond to naturalistic thought regulation. Results are consistent with prior literature suggesting that certain responses deployed by individuals to control intrusive thoughts may be unhelpful, but that a higher level of cognitive capacity may mitigate this effect. Implications of these findings for recent models of cognition in PTSD are discussed. Published by Elsevier B.V.

The Effects of Saltwater Intrusion to Flood Mitigation Project

NASA Astrophysics Data System (ADS)

Azida Abu Bakar, Azinoor; Khairudin Khalil, Muhammad

2018-03-01

The objective of this study is to determine the effects of saltwater intrusion to flood mitigation project located in the flood plains in the district of Muar, Johor. Based on the studies and designs carried out, one of the effective flood mitigation options identified is the Kampung Tanjung Olak bypass and Kampung Belemang bypass at the lower reaches of Sungai Muar. But, the construction of the Kampung Belemang and Tanjung Olak bypass, while speeding up flood discharges, may also increase saltwater intrusion during drought low flows. Establishing the dynamics of flooding, including replicating the existing situation and the performance with prospective flood mitigation interventions, is most effectively accomplished using computer-based modelling tools. The finding of this study shows that to overcome the problem, a barrage should be constructed at Sungai Muar to solve the saltwater intrusion and low yield problem of the river.

Study of Threat Scenario Reconstruction based on Multiple Correlation

NASA Astrophysics Data System (ADS)

Yuan, Xuejun; Du, Jing; Qin, Futong; Zhou, Yunyan

2017-10-01

The emergence of intrusion detection technology has solved many network attack problems, ensuring the safety of computer systems. However, because of the isolated output alarm information, large amount of data, and mixed events, it is difficult for the managers to understand the deep logic relationship between the alarm information, thus they cannot deduce the attacker’s true intentions. This paper presents a method of online threat scene reconstruction to handle the alarm information, which reconstructs of the threat scene. For testing, the standard data set is used.

Quantifying Performance Bias in Label Fusion

DTIC Science & Technology

2012-08-21

detect ), may provide the end-user with the means to appropriately adjust the performance and optimal thresholds for performance by fusing legacy systems...boolean combination of classification systems in ROC space: An application to anomaly detection with HMMs. Pattern Recognition, 43(8), 2732-2752. 10...Shamsuddin, S. (2009). An overview of neural networks use in anomaly intrusion detection systems. Paper presented at the Research and Development (SCOReD

75 FR 37483 - Request for Comments on the Draft Policy Statement on the Protection of Cesium-137 Chloride...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-29

... instruments for end users. This network of facilities ensures that every radiation detection instrument that... associated test-and-evaluation protocols for radiation detection, instrumentation, and personal dosimetry... intrusion. The NRC supports efforts to develop alternate forms of Cs-137 that would reduce the security...

Department of Defense Fiscal Year (FY) 2005 Budget Estimates. Research, Development, Test and Evaluation, Defense-Wide. Volume 1 - Defense Advanced Research Projects Agency

DTIC Science & Technology

2004-02-01

UNCLASSIFIED − Conducted experiments to determine the usability of general-purpose anomaly detection algorithms to monitor a large, complex military...reaction and detection modules to perform tailored analysis sequences to monitor environmental conditions, health hazards and physiological states...scalability of lab proven anomaly detection techniques for intrusion detection in real world high volume environments. Narrative Title FY 2003

Acoustic intrusion detection and positioning system

NASA Astrophysics Data System (ADS)

Berman, Ohad; Zalevsky, Zeev

2002-08-01

Acoustic sensors are becoming more and more applicable as a military battlefield technology. Those sensors allow a detection and direciton estimation with low false alarm rate and high probability of detection. The recent technological progress related to these fields of reserach, together with an evolution of sophisticated algorithms, allow the successful integration of those sensoe in battlefield technologies. In this paper the performances of an acoustic sensor for a detection of avionic vessels is investigated and analyzed.

Intrusive and Non-Intrusive Instruction in Dynamic Skill Training.

DTIC Science & Technology

1981-10-01

less sensitive to the processing load imposed by the dynaic task together with instructional feedback processing than were the decison - making and...betwee computer based instruction of knowledge systems and computer based instruction of dynamic skills. There is reason to expect that the findings of...knowledge 3Ytm and computer based instruction of dynlamic skill.. There is reason to expect that the findings of research on knowledge system

A novel CUSUM-based approach for event detection in smart metering

NASA Astrophysics Data System (ADS)

Zhu, Zhicheng; Zhang, Shuai; Wei, Zhiqiang; Yin, Bo; Huang, Xianqing

2018-03-01

Non-intrusive load monitoring (NILM) plays such a significant role in raising consumer awareness on household electricity use to reduce overall energy consumption in the society. With regard to monitoring low power load, many researchers have introduced CUSUM into the NILM system, since the traditional event detection method is not as effective as expected. Due to the fact that the original CUSUM faces limitations given the small shift is below threshold, we therefore improve the test statistic which allows permissible deviation to gradually rise as the data size increases. This paper proposes a novel event detection and corresponding criterion that could be used in NILM systems to recognize transient states and to help the labelling task. Its performance has been tested in a real scenario where eight different appliances are connected to main line of electric power.

Sulfide intrusion in the tropical seagrasses Thalassia testudinum and Syringodium filiforme

NASA Astrophysics Data System (ADS)

Holmer, Marianne; Pedersen, Ole; Krause-Jensen, Dorte; Olesen, Birgit; Hedegård Petersen, Malene; Schopmeyer, Stephanie; Koch, Marguerite; Lomstein, Bente Aa.; Jensen, Henning S.

2009-11-01

Sulfur and oxygen dynamics in the seagrasses Thalassia testudinum and Syringodium filiforme and their sediments were studied in the US Virgin Islands (USVI) in order to explore sulfide intrusion into tropical seagrasses. Four study sites were selected based on the iron concentration in sediments and on proximity to anthropogenic nutrient sources. Meadow characteristics (shoot density, above- and below-ground biomass, nutrient content) were sampled along with sediment biogeochemistry. Sulfide intrusion was high in T. testudinum, as up to 96% of total sulfur in the plant was derived from sediment-derived sulfides. The sulfide intrusion was negatively correlated to the turnover of sulfides in the sediments regulated by both plant parameters and sediment sulfur pools. Sediment iron content played an indirect role by affecting sulfide turnover rates. Leaf production was negatively correlated with sulfide intrusion suggesting that active growth reduced sulfide intrusion. Sulfide intrusion was lower in S. filiforme (up to 44%) compared to T. testudinum consistent with a higher internal nighttime oxygen concentrations found for S. filiforme. When S. filiforme can take advantage of its ability to maintain high internal oxygen concentrations, as was the case on the USVI, it could increase its success in colonizing unvegetated disturbed sediments with potentially high sulfide concentrations.

Building Intrusion Detection with a Wireless Sensor Network

NASA Astrophysics Data System (ADS)

Wälchli, Markus; Braun, Torsten

This paper addresses the detection and reporting of abnormal building access with a wireless sensor network. A common office room, offering space for two working persons, has been monitored with ten sensor nodes and a base station. The task of the system is to report suspicious office occupation such as office searching by thieves. On the other hand, normal office occupation should not throw alarms. In order to save energy for communication, the system provides all nodes with some adaptive short-term memory. Thus, a set of sensor activation patterns can be temporarily learned. The local memory is implemented as an Adaptive Resonance Theory (ART) neural network. Unknown event patterns detected on sensor node level are reported to the base station, where the system-wide anomaly detection is performed. The anomaly detector is lightweight and completely self-learning. The system can be run autonomously or it could be used as a triggering system to turn on an additional high-resolution system on demand. Our building monitoring system has proven to work reliably in different evaluated scenarios. Communication costs of up to 90% could be saved compared to a threshold-based approach without local memory.

An Intelligent Parking Management System for Urban Areas

PubMed Central

Vera-Gómez, Juan A.; Quesada-Arencibia, Alexis; García, Carmelo R.; Suárez Moreno, Raúl; Guerra Hernández, Fernando

2016-01-01

In this article we describe a low-cost, minimally-intrusive system for the efficient management of parking spaces on both public roads and controlled zones. This system is based on wireless networks of photoelectric sensors that are deployed on the access roads into and out of these areas. The sensors detect the passage of vehicles on these roads and communicate this information to a data centre, thus making it possible to know the number of vehicles in the controlled zone and the occupancy levels in real-time. This information may be communicated to drivers to facilitate their search for a parking space and to authorities so that they may take steps to control traffic when congestion is detected. PMID:27338397

Laser spectroscopy for totally non-intrusive detection of oxygen in modified atmosphere food packages

NASA Astrophysics Data System (ADS)

Cocola, L.; Fedel, M.; Poletto, L.; Tondello, G.

2015-04-01

A device for measuring the oxygen concentration inside packages in modified atmosphere working in a completely non-intrusive way has been developed and tested. The device uses tunable diode laser spectroscopy in a geometry similar to a short distance LIDAR: A laser beam is sent through the top film of a food package, and the absorption is measured by detecting the light scattered by the bottom of the container or by a portion of the food herein contained. The device can operate completely in a contactless way from the package, and the distances of absorption both outside and inside the package are measured with a triangulation system. The performances of the device have been tested for various types of containers, and absolute values for the oxygen concentration have been compared with standard albeit destructive measurements.

Implementation of Multipattern String Matching Accelerated with GPU for Intrusion Detection System

NASA Astrophysics Data System (ADS)

Nehemia, Rangga; Lim, Charles; Galinium, Maulahikmah; Rinaldi Widianto, Ahmad

2017-04-01

As Internet-related security threats continue to increase in terms of volume and sophistication, existing Intrusion Detection System is also being challenged to cope with the current Internet development. Multi Pattern String Matching algorithm accelerated with Graphical Processing Unit is being utilized to improve the packet scanning performance of the IDS. This paper implements a Multi Pattern String Matching algorithm, also called Parallel Failureless Aho Corasick accelerated with GPU to improve the performance of IDS. OpenCL library is used to allow the IDS to support various GPU, including popular GPU such as NVIDIA and AMD, used in our research. The experiment result shows that the application of Multi Pattern String Matching using GPU accelerated platform provides a speed up, by up to 141% in term of throughput compared to the previous research.

Assessing Human Activity in Elderly People Using Non-Intrusive Load Monitoring.

PubMed

Alcalá, José M; Ureña, Jesús; Hernández, Álvaro; Gualda, David

2017-02-11

The ageing of the population, and their increasing wish of living independently, are motivating the development of welfare and healthcare models. Existing approaches based on the direct heath-monitoring using body sensor networks (BSN) are precise and accurate. Nonetheless, their intrusiveness causes non-acceptance. New approaches seek the indirect monitoring through monitoring activities of daily living (ADLs), which proves to be a suitable solution. ADL monitoring systems use many heterogeneous sensors, are less intrusive, and are less expensive than BSN, however, the deployment and maintenance of wireless sensor networks (WSN) prevent them from a widespread acceptance. In this work, a novel technique to monitor the human activity, based on non-intrusive load monitoring (NILM), is presented. The proposal uses only smart meter data, which leads to minimum intrusiveness and a potential massive deployment at minimal cost. This could be the key to develop sustainable healthcare models for smart homes, capable of complying with the elderly people' demands. This study also uses the Dempster-Shafer theory to provide a daily score of normality with regard to the regular behavior. This approach has been evaluated using real datasets and, additionally, a benchmarking against a Gaussian mixture model approach is presented.

Assessing Human Activity in Elderly People Using Non-Intrusive Load Monitoring

PubMed Central

Alcalá, José M.; Ureña, Jesús; Hernández, Álvaro; Gualda, David

2017-01-01

The ageing of the population, and their increasing wish of living independently, are motivating the development of welfare and healthcare models. Existing approaches based on the direct heath-monitoring using body sensor networks (BSN) are precise and accurate. Nonetheless, their intrusiveness causes non-acceptance. New approaches seek the indirect monitoring through monitoring activities of daily living (ADLs), which proves to be a suitable solution. ADL monitoring systems use many heterogeneous sensors, are less intrusive, and are less expensive than BSN, however, the deployment and maintenance of wireless sensor networks (WSN) prevent them from a widespread acceptance. In this work, a novel technique to monitor the human activity, based on non-intrusive load monitoring (NILM), is presented. The proposal uses only smart meter data, which leads to minimum intrusiveness and a potential massive deployment at minimal cost. This could be the key to develop sustainable healthcare models for smart homes, capable of complying with the elderly people’ demands. This study also uses the Dempster-Shafer theory to provide a daily score of normality with regard to the regular behavior. This approach has been evaluated using real datasets and, additionally, a benchmarking against a Gaussian mixture model approach is presented. PMID:28208672

Petrogenesis of the Ni-Cu-PGE sulfide-bearing Tamarack Intrusive Complex, Midcontinent Rift System, Minnesota

NASA Astrophysics Data System (ADS)

Taranovic, Valentina; Ripley, Edward M.; Li, Chusi; Rossell, Dean

2015-01-01

The Tamarack Intrusive Complex (TIC, 1105.6 ± 1.2 Ma) in NE Minnesota, was emplaced during the early stages of the development of the Midcontinent Rift System (MRS, "Early Stage": 1110-1106 Ma). Country rocks of the TIC are those of the Paleoproterozoic Thomson Formation, part of the Animikie Group including sulfide-bearing metasedimentary black shale. The magmatic system is composed of at least two principal mafic-ultramafic intrusive sequences: the sulfide-barren Bowl Intrusion in the south and the "dike" area intrusions in the north which host Ni-Cu-Platinum Group Elements (PGE) mineralization with up to 2.33% Ni, 1.24% Cu, 0.34 g/t Pt, 0.23 g/t Pd and 0.18 g/t Au. Two distinct intrusive units in the "dike" area are the CGO (coarse-grained olivine-bearing) Intrusion, a sub-vertical dike-like body, and the overlying sub-horizontal FGO (fine-grained olivine-bearing) Intrusion. Both intrusions comprise peridotite, feldspathic peridotite, feldspathic pyroxenite, melatroctolite and melagabbro. Massive sulfides are volumetrically minor and mainly occur as lenses emplaced into the country rocks associated with both intrusions. Semi-massive (net-textured) sulfides are distributed at the core of the CGO Intrusion, surrounded by a halo of the disseminated sulfides. Disseminated sulfides also occur in lenses along the base of the FGO Intrusion. Olivine compositions in the CGO Intrusion are between Fo89 and Fo82 and in the FGO Intrusion from Fo84 to Fo82. TIC intrusions have more primitive olivine compositions than that of olivine in the sheet-like intrusions in the Duluth Complex (below Fo70), as well as olivine from the smaller, conduit-related, Eagle and East Eagle Intrusions in Northern Michigan (Fo86 to Fo75). The FeO/MgO ratios of the CGO and FGO Intrusion parental magmas, inferred from olivine compositions, are similar to those of picritic basalts erupted during the early stages of the MRS formation. Trace element ratios differ slightly from other intrusions in the MRS, and are indicative of significant crustal contamination. Differences in textures, whole-rock and mineral compositions, and sulfide distribution are consistent with the emplacement of at least two distinct sulfide saturated magmatic pulses. Ni-enrichment in the TIC indicates that sulfide saturation was attained prior to the sequestration of major proportions of Ni by olivine, possibly at a deeper chamber in the magmatic system. The addition of crustal S from the Thomson Formation sulfidic country rocks is thought to have been the principal process which drove the early attainment of sulfide saturation in the magmas. The CGO Intrusion carried the greater abundance of sulfide liquid, but both the CGO and FGO intrusive sequences represent the accumulation of dense silicate minerals and sulfide liquid in a conduit system. The genetic processes that were operative in the formation of Ni-Cu-PGE mineralization in the Tamarack Intrusive Complex appear to be typical of conduit-style magmatic sulfide deposits associated with large continental basaltic provinces.

Diagnosing and Reconstructing Real-World Hydroclimatic Dynamics from Time Sequenced Data: The Case of Saltwater Intrusion into Coastal Wetlands in Everglades National Park

NASA Astrophysics Data System (ADS)

Huffaker, R.; Munoz-Carpena, R.

2016-12-01

There are increasing calls to audit decision-support models used for environmental policy to ensure that they correspond with the reality facing policy makers. Modelers can establish correspondence by providing empirical evidence of real-world dynamic behavior that their models skillfully simulate. We present a pre-modeling diagnostic framework—based on nonlinear dynamic analysis—for detecting and reconstructing real-world environmental dynamics from observed time-sequenced data. Phenomenological (data-driven) modeling—based on machine learning regression techniques—extracts a set of ordinary differential equations governing empirically-diagnosed system dynamics from a single time series, or from multiple time series on causally-interacting variables. We apply the framework to investigate saltwater intrusion into coastal wetlands in Everglades National Park, Florida, USA. We test the following hypotheses posed in the literature linking regional hydrologic variables with global climatic teleconnections: (1) Sea level in Florida Bay drives well level and well salinity in the coastal Everglades; (2) Atlantic Multidecadal Oscillation (AMO) drives sea level, well level and well salinity; and (3) AMO and (El Niño Southern Oscillation) ENSO bi-causally interact. The thinking is that salt water intrusion links ocean-surface salinity with salinity of inland water sources, and sea level with inland water; that AMO and ENSO share a teleconnective relationship (perhaps through the atmosphere); and that AMO and ENSO both influence inland precipitation and thus well levels. Our results support these hypotheses, and we successfully construct a parsimonious phenomenological model that reproduces diagnosed nonlinear dynamics and system interactions. We propose that reconstructed data dynamics be used, along with other expert information, as a rigorous benchmark to guide specification and testing of hydrologic decision support models corresponding with real-world behavior.

Subsurface Intrusion Detection System

DTIC Science & Technology

2014-02-25

deployed along the boundary. The outputs of the vibration sensors are taken as an indication of underground activity and can therefore be used to...for detecting underground activity. The system has a first sensor located at a first depth below the surface of the ground and a second sensor...and the second sensor has a second output indicative of vibrations at the second depth. A processor adapted to detect underground activity compares

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

SUPPLEMENT TO EPA COMPENDIUM METHOD TO-15 - REDUCTION OF METHOD DETECTION LIMITS TO MEET VAPOR INTRUSION MONITORING NEEDS

EPA Science Inventory

The Supplement to EPA Compendium Method TO-15 provides guidance for reducing the method detection limit (MDL) for the compound 1,1- dichloroethene (1,1-DCE) and for other volatile organic compounds (VOCs) from 0.5 ppbv, as cited in Method TO-15, to much lower concentrations. R...

SUPPLEMENT TO EPA COMPENDIUM METHOD TO-15 - REDUCTION OF METHOD DETECTION LIMITS TO MEET VAPOR INTRUSION MONITORING NEEDS

EPA Science Inventory

The Supplement to EPA Compendium Method TO-15 provides guidance for reducing the method detection limit (MDL) for the compound 1,1-dichloroethene (1,1-DCE) and for other volatile organic compounds (VOCs) from 0.5 parts per billion by volume (ppbv), as cited in Method TO-15, to ...

Final work plan : supplemental upward vapor intrusion investigation at the former CCC/USDA grain storage facility in Hanover, Kansas.

DOE Office of Scientific and Technical Information (OSTI.GOV)

LaFreniere, L. M.; Environmental Science Division

The Commodity Credit Corporation (CCC), an agency of the U.S. Department of Agriculture (USDA), operated a grain storage facility at the northeastern edge of the city of Hanover, Kansas, from 1950 until the early 1970s. During this time, commercial grain fumigants containing carbon tetrachloride were in common use by the grain storage industry to preserve grain in their facilities. In February 1998, trace to low levels of carbon tetrachloride (below the maximum contaminant level [MCL] of 5.0 {micro}g/L) were detected in two private wells near the former grain storage facility at Hanover, as part of a statewide USDA private wellmore » sampling program that was implemented by the Kansas Department of Health and Environment (KDHE) near former CCC/USDA facilities. In 2007, the CCC/USDA conducted near-surface soil sampling at 61 locations and also sampled indoor air at nine residences on or adjacent to its former Hanover facility to address the residents concerns regarding vapor intrusion. Low levels of carbon tetrachloride were detected at four of the nine homes. The results were submitted to the KDHE in October 2007 (Argonne 2007). On the basis of the results, the KDHE requested sub-slab sampling and/or indoor air sampling (KDHE 2007). This Work Plan describes, in detail, the proposed additional scope of work requested by the KDHE and has been developed as a supplement to the comprehensive site investigation work plan that is pending (Argonne 2008). Indoor air samples collected previously from four homes at Hanover were shown to contain the carbon tetrachloride at low concentrations (Table 2.1). It cannot be concluded from these previous data that the source of the detected carbon tetrachloride is vapor intrusion attributable to former grain storage operations of the CCC/USDA at Hanover. The technical objective of the vapor intrusion investigation described here is to assess the risk to human health due to the potential for upward migration of carbon tetrachloride and chloroform into four homes located on or adjacent to the former CCC/USDA facility. The technical objective will be accomplished by collecting sub-slab vapor samples. The preliminary data collected during the July 2007 investigation did not fully address the source of or migration pathway for the carbon tetrachloride detected in the four homes. The scope of work proposed here will generate additional data needed to help evaluate whether the source of the detected carbon tetrachloride is vapor intrusion attributable to activities of the CCC/USDA. The additional vapor sampling at Hanover will be performed, on behalf of the CCC/USDA, by the Environmental Science Division of Argonne National Laboratory and H&P Mobile Geochemistry of San Diego (http://www.handpmg.com). Argonne is a nonprofit, multidisciplinary research center operated by UChicago Argonne, LLC, for the U.S. Department of Energy (DOE). The CCC/USDA has entered into an interagency agreement with DOE, under which Argonne provides technical assistance to the CCC/USDA with environmental site characterization and remediation at its former grain storage facilities. The professional staff members of H&P Mobile Geochemistry are nationally leading experts in soil gas sampling and vapor intrusion investigations.« less

Assessment of Mitigation Systems on Vapor Intrusion ...

EPA Pesticide Factsheets

Vapor intrusion is the migration of subsurface vapors, including radon and volatile organic compounds (VOCs), in soil gas from the subsurface to indoor air. Vapor intrusion happens because there are pressure and concentration differentials between indoor air and soil gas. Indoor environments are often negatively pressurized with respect to outdoor air and soil gas (for example, from exhaust fans or the stack effect), and this pressure difference allows soil gas containing subsurface vapors to flow into indoor air through advection. In addition, concentration differentials cause VOCs and radon to migrate from areas of higher to lower concentrations through diffusion, which is another cause of vapor intrusion. Current practice for evaluating the vapor intrusion pathway involves a multiple line of evidence approach based on direct measurements in groundwater, external soil gas, subslab soil gas, and/or indoor air. No single line of evidence is considered definitive, and direct measurements of vapor intrusion can be costly, especially where significant spatial and temporal variability require repeated measurements at multiple locations to accurately assess the chronic risks of long-term exposure to volatile organic compounds (VOCs) like chloroform, perchloroethylene (PCE), and trichloroethylene (TCE).

IDAS : ITS Deployment Analysis System

DOT National Transportation Integrated Search

1997-05-01

This report documents the activities and results of a 2-year test of non-intrusive traffic detection technologies. The test was initiated by the Federal Highway Administration (FHWA) and conducted by the Minnesota Department of Transportation (Mn/DOT...

RTO Technical Report: A Quarterly Listing

NASA Technical Reports Server (NTRS)

2002-01-01

This is a listing of recent unclassified RTO technical publications processed by the NASA Center for AeroSpace Information from April 1,2002 through June 30, 2002. Topics covered include: intrusion detection and design loads for aircraft.

Effectiveness of Audible Warning Devices on Emergency Vehicles.

DOT National Transportation Integrated Search

1977-08-01

The purpose of the study was to examine the effectiveness of audible warning devices (AWD's) on emergency vehicles in terms of aural detectability. Community noise intrusion and opportunities for AWD optimization were also investigated. Measurements ...

A review of physical security robotics at Sandia National Laboratories

DOE Office of Scientific and Technical Information (OSTI.GOV)

Roerig, S.C.

1990-01-01

As an outgrowth of research into physical security technologies, Sandia is investigating the role of robotics in security systems. Robotics may allow more effective utilization of guard forces, especially in scenarios where personnel would be exposed to harmful environments. Robots can provide intrusion detection and assessment functions for failed sensors or transient assets, can test existing fixed site sensors, and can gather additional intelligence and dispense delaying elements. The Robotic Security Vehicle (RSV) program for DOE/OSS is developing a fieldable prototype for an exterior physical security robot based upon a commercial four wheel drive vehicle. The RSV will be capablemore » of driving itself, being driven remotely, or being driven by an onboard operator around a site and will utilize its sensors to alert an operator to unusual conditions. The Remote Security Station (RSS) program for the Defense Nuclear Agency is developing a proof-of-principle robotic system which will be used to evaluate the role, and associated cost, of robotic technologies in exterior security systems. The RSS consists of an independent sensor pod, a mobile sensor platform and a control and display console. Sensor data fusion is used to optimize the system's intrusion detection performance. These programs are complementary, the RSV concentrates on developing autonomous mobility, while the RSS thrust is on mobile sensor employment. 3 figs.« less

Identifying and forecasting deep stratospheric ozone intrusions over the western United States from space

NASA Astrophysics Data System (ADS)

Lin, M.; Fiore, A. M.; Horowitz, L. W.; Cooper, O. R.; Langford, A. O.; Pan, L.; Liu, X.; Reddy, P. J.

2012-12-01

Recent studies have shown that deep stratospheric ozone intrusions can episodically enhance ground-level ozone above the health-based standard over the western U.S. in spring. Advanced warning of incoming intrusions could be used by state agencies to inform the public about poor air quality days. Here we explore the potential for using total ozone retrievals (version 5.2, level 3) at twice daily near global coverage from the AIRS instrument aboard the NASA Aqua satellite to identify stratospheric intrusions and forecast the eventual surface destination of transported stratospheric ozone. The method involves the correlation of AIRS daily total ozone columns at each 1ox1o grid box ~1-3 days prior to stratospheric enhancements to daily maximum 8-hour average ozone at a selected surface site using datasets from April to June in 2003-2011. The surface stratospheric enhancements are estimated by the GFDL AM3 chemistry-climate model which includes full stratospheric and tropospheric chemistry and is nudged to reanalysis winds. Our earlier work shows that the model presents deep stratospheric intrusions over the Western U.S. consistently with observations from AIRS, surface networks, daily ozone sondes, and aircraft lidar available in spring of 2010 during the NOAA CalNex field campaign. For the 15 surface sites in the U.S. Mountain West considered, a correlation coefficient of 0.4-0.7 emerges with AIRS ozone columns over 30o-50oN latitudes and 125o-105oW longitudes - variability in the AIRS column within this spatial domain indicates incoming intrusions. For each "surface receptor site", the spatial domain can narrow to an area ~5ox5o northwest of the individual site, with the strong correlation (0.5-0.7) occurring when the AIRS data is lagged by 1 day from the AM3 stratospheric enhancements in surface air. The spatial pattern of correlations is consistent with our process-oriented understanding developed from case studies of extreme intrusions. Surface observations during these events show that the sites experiencing elevated ozone levels are typically located over the southeastern side of the enhanced ozone columns captured by AIRS ~12 hours to 1 day prior. This first scoping study suggests there is potential to use near-daily global coverage of ozone in total column or in UT/LS levels from the space-based instruments (e.g. AIRS, OMI, MLS) to serve as a qualitative early-warning indicator of incoming stratospheric intrusions with a lead time of ~1-3 days. There is more skill in ~12 hours to 1 day as to where the intrusion will reach the surface, particularly during the ENSO years (i.e. 2003, 2008, 2010, 2011) when deep intrusions are more likely to occur as compared to other years. These space-based ozone products can also provide some indication of whether a historic exceedance was caused by an intrusion.

Paleozoic mafic-intermediate intrusions (320-287 Ma) in the Kalatongke area, southern Altai, NW China: Products of protracted magmatism in a convergent tectonic setting

NASA Astrophysics Data System (ADS)

Qian, Zhuangzhi; Duan, Jun; Li, Chusi; Xu, Gang; Feng, Yanqing; Ren, Meng

2018-06-01

Numerous small mafic-intermediate intrusions are present in the Kalatongke area in the southern part of the Paleozoic Altai Orogenic Belt, NW China. Previous studies reveal that most of these intrusions were emplaced at ∼287 Ma, broadly coeval with the eruption of alkaline flood basalts at ⩽282 Ma in the Tarim Craton. The similar ages have led some researchers to believe that the Tarim flood basalts and the Kalatongke mafic-intermediate intrusions are related to the same mantle plume. New and existing geochronological and geochemical data for the mafic-intermediate intrusions in the Kalatongke area together do not support such interpretation. Most of the intrusions in this small area (4.5 × 2 km) were emplaced at ∼287 Ma but our new data reveal that older intrusive rocks with zircon U-Pb ages from 290 ± 1.5 to 320 ± 2 Ma are also present. The temporal and spatial distribution of these intrusions does not show a hotspot track as expected by the mantle plume model. The intrusive rocks have similar Nd-Hf isotope compositions (εNd = 3-9, εHf = 15-19) and are all characterized by light REE enrichments relative to heavy REE, plus pronounced negative Nb-Ta anomalies. The oldest intrusion (∼320 Ma) also shows negative Zr-Hf anomalies, which are common in arc basalts but absent in continental flood basalts. The results of mixing calculations based on Sr-Nd-Hf isotopes and selected trace elements (Th, Nb and Yb) indicate that the parental magmas for these intrusions were all enriched in Th and depleted in Nb prior to crustal contamination, similar to the magmas generated in a convergent tectonic setting from subduction to post-subduction elsewhere in the world. The results from this study remind us that temporal correlation is not a reliable tool to determine the size of a mantle plume.

Stress reaction process-based hierarchical recognition algorithm for continuous intrusion events in optical fiber prewarning system

NASA Astrophysics Data System (ADS)

Qu, Hongquan; Yuan, Shijiao; Wang, Yanping; Yang, Dan

2018-04-01

To improve the recognition performance of optical fiber prewarning system (OFPS), this study proposed a hierarchical recognition algorithm (HRA). Compared with traditional methods, which employ only a complex algorithm that includes multiple extracted features and complex classifiers to increase the recognition rate with a considerable decrease in recognition speed, HRA takes advantage of the continuity of intrusion events, thereby creating a staged recognition flow inspired by stress reaction. HRA is expected to achieve high-level recognition accuracy with less time consumption. First, this work analyzed the continuity of intrusion events and then presented the algorithm based on the mechanism of stress reaction. Finally, it verified the time consumption through theoretical analysis and experiments, and the recognition accuracy was obtained through experiments. Experiment results show that the processing speed of HRA is 3.3 times faster than that of a traditional complicated algorithm and has a similar recognition rate of 98%. The study is of great significance to fast intrusion event recognition in OFPS.

A new interpretation of the structure of the Sept Iles Intrusive suite, Canada

NASA Astrophysics Data System (ADS)

Higgins, Michael D.

2005-08-01

The layered mafic intrusion at Sept Iles, Canada, is one of the largest intrusions in the world. A new interpretation of its structure is proposed, based on a review of its geology and a comparison with the Skaergaard intrusion, Greenland. Several different magmatic components are recognized; hence the name Sept Iles Intrusive suite (SIIS) is proposed. Emplacement of the suite may have been preceded by eruption of flood basalts. The first magmas of the suite rose in the crust to accumulate beneath the density filter afforded by the basalts. The largest component is the Sept Iles Mafic intrusion (SIMI). The Lower series of the SIMI is dominated by leucotroctolites and leucogabbros. Above it lie the Layered series, which is largely comprised of gabbro and troctolite. Both these units are unchanged from earlier interpretations. The anorthosites (s.l.), gabbros and monzogabbros, formerly called the Transitional series, are now considered to be the Upper Border series, developed by floatation of plagioclase. Common autoliths in the Layered series are parts of the hydrothermally altered Upper Border series from towards the interior of the intrusion, which have foundered and settled through the magma. The contamination of the magma that accompanied this event oxidised iron in the magma and led to the precipitation of magnetite around the periphery of the intrusion. The subsequent depletion of Fe 3+ and/or increase in SiO 2, CaO and P 2O 5 may have induced apatite saturation and accumulation to form two layers rich in apatite, near the base and at top of the Layered series. Granitic magma was developed by fractional crystallisation and was emplaced along the roof of the chamber, where it acquired large quantities of xenoliths. These were probably derived from the flood basalts, their evolved members and fragments of mafic dykes chilled by the granitic magma. Accumulations of monzonite pillows in this unit testify to another magmatic event and a floor to the granitic magma chamber, indicating lateral transport of magma. Chemically distinct syenites in the upper part of the intrusion are part of the Point du Criade intrusion, a large, late composite sill. Diabase and leucogabbro components show a close link with the SIMI and all the acidic magmas may have originally formed by differentiation of the main magma in cupolas towards the centre of the intrusion. A series of late gabbro intrusions that cut the SIMI may represent a rejuvenation of magmatism. The Border zone is a mass of fine-grained rocks that occurs along the border of the SIMI: it may be another magmatic component, or just the lateral border series of the SIMI.

The effects of an anchovy (stolephorus insularis) substrate application on the level of fluor intrusion on Sprague Dawley rat teeth (in vivo)

NASA Astrophysics Data System (ADS)

Sakinah, N. R.; Gunawan, H. A.; Puspitawati, R.

2017-08-01

Fluoride intrusion is one of the efficacy parameters of fluoridation. Anchovy (Stolephorus insularis), which contains a high fluoride concentration in the CaF2compound, can be used as a fluoridative agent which is affordable and easily obtained. The aim of this study is to prove the effectiveness of the application of an anchovy substrate (Stolephorus insularis), either by a feeding method or a topical method, for tooth fluoridation based on the depth of fluoride intrusion on the enamel. An in vivo experimental laboratory method was used. The subjects were 14 Sprague Dawley rats divided into five groups. The groups included a baseline control, a feeding negative control, a topical negative control, an anchovy feeding method, and a topical solution anchovy method. After 15 days of treatment, the teeth were cut transversely with a 0.5 mm thickness then processed to test for fluoride intrusion using fluorescence microscopy. There was increased fluor intrusion on the enamel of the experimental groups compared to the negative control groups (p<0.05).Fluoride intrusion using the topical fluoride method is higher than with the feeding method (p <0.05). Thus, the application of an anchovy substrate, either by chewing or smearing, increases fluoride intrusion on the enamel.

A Markov game theoretic data fusion approach for cyber situational awareness

NASA Astrophysics Data System (ADS)

Shen, Dan; Chen, Genshe; Cruz, Jose B., Jr.; Haynes, Leonard; Kruger, Martin; Blasch, Erik

2007-04-01

This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusion based on Markov game model and Hierarchical Entity Aggregation (HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new unknown features. A Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack pattern. Game theory captures the nature of cyber conflicts: determination of the attacking-force strategies is tightly coupled to determination of the defense-force strategies and vice versa. Also, Markov game theory deals with uncertainty and incompleteness of available information. A software tool is developed to demonstrate the performance of the high level information fusion for cyber network defense situation and a simulation example shows the enhanced understating of cyber-network defense.

Impact of Saharan dust particles on hospital admissions in Madrid (Spain).

PubMed

Reyes, María; Díaz, Julio; Tobias, Aurelio; Montero, Juan Carlos; Linares, Cristina

2014-01-01

Saharan dust intrusions make a major contribution to levels of particulate matter (PM) present in the atmosphere of large cities. We analysed the impact of different PM fractions during periods with and without Saharan dust intrusions, using time-series analysis with Poisson regression models, based on: concentrations of coarse PM (PM10 and PM10-2.5) and fine PM (PM2.5); and daily all-, circulatory- and respiratory-cause hospital admissions. While periods without Saharan dust intrusions were marked by a statistically significant association between daily mean PM2.5 concentrations and all- and circulatory-cause hospital admissions, periods with such intrusions saw a significant increase in respiratory-cause admissions associated with fractions corresponding to PM10 and PM10-2.5.

New trends in logic synthesis for both digital designing and data processing

NASA Astrophysics Data System (ADS)

Borowik, Grzegorz; Łuba, Tadeusz; Poźniak, Krzysztof

2016-09-01

FPGA devices are equipped with memory-based structures. These memories act as very large logic cells where the number of inputs equals the number of address lines. At the same time, there is a huge demand in the market of Internet of Things for devices implementing virtual routers, intrusion detection systems, etc.; where such memories are crucial for realizing pattern matching circuits, IP address tables, and other. Unfortunately, existing CAD tools are not well suited to utilize capabilities that such large memory blocks offer due to the lack of appropriate synthesis procedures. This paper presents methods which are useful for memory-based implementations: minimization of the number of input variables and functional decomposition.

Relationship between vapor intrusion and human exposure to trichloroethylene.

PubMed

Archer, Natalie P; Bradford, Carrie M; Villanacci, John F; Crain, Neil E; Corsi, Richard L; Chambers, David M; Burk, Tonia; Blount, Benjamin C

2015-01-01

Trichloroethylene (TCE) in groundwater has the potential to volatilize through soil into indoor air where it can be inhaled. The purpose of this study was to determine whether individuals living above TCE-contaminated groundwater are exposed to TCE through vapor intrusion. We examined associations between TCE concentrations in various environmental media and TCE concentrations in residents. For this assessment, indoor air, outdoor air, soil gas, and tap water samples were collected in and around 36 randomly selected homes; blood samples were collected from 63 residents of these homes. Additionally, a completed exposure survey was collected from each participant. Environmental and blood samples were analyzed for TCE. Mixed model multiple linear regression analyses were performed to determine associations between TCE in residents' blood and TCE in indoor air, outdoor air, and soil gas. Blood TCE concentrations were above the limit of quantitation (LOQ; ≥ 0.012 µg L(-1)) in 17.5% of the blood samples. Of the 36 homes, 54.3%, 47.2%, and >84% had detectable concentrations of TCE in indoor air, outdoor air, and soil gas, respectively. Both indoor air and soil gas concentrations were statistically significantly positively associated with participants' blood concentrations (P = 0.0002 and P = 0.04, respectively). Geometric mean blood concentrations of residents from homes with indoor air concentrations of >1.6 µg m(-3) were approximately 50 times higher than geometric mean blood TCE concentrations in participants from homes with no detectable TCE in indoor air (P < .0001; 95% CI 10.4-236.4). This study confirms the occurrence of vapor intrusion and demonstrates the magnitude of exposure from vapor intrusion of TCE in a residential setting.

Relationship between vapor intrusion and human exposure to trichloroethylene

PubMed Central

ARCHER, NATALIE P.; BRADFORD, CARRIE M.; VILLANACCI, JOHN F.; CRAIN, NEIL E.; CORSI, RICHARD L.; CHAMBERS, DAVID M.; BURK, TONIA; BLOUNT, BENJAMIN C.

2015-01-01

Trichloroethylene (TCE) in groundwater has the potential to volatilize through soil into indoor air where it can be inhaled. The purpose of this study was to determine whether individuals living above TCE-contaminated groundwater are exposed to TCE through vapor intrusion. We examined associations between TCE concentrations in various environmental media and TCE concentrations in residents. For this assessment, indoor air, outdoor air, soil gas, and tap water samples were collected in and around 36 randomly selected homes; blood samples were collected from 63 residents of these homes. Additionally, a completed exposure survey was collected from each participant. Environmental and blood samples were analyzed for TCE. Mixed model multiple linear regression analyses were performed to determine associations between TCE in residents' blood and TCE in indoor air, outdoor air, and soil gas. Blood TCE concentrations were above the limit of quantitation (LOQ; ≥0.012 μg/L) in 17.5% of the blood samples. Of the 36 homes, 54.3%, 47.2%, and >84% had detectable concentrations of TCE in indoor air, outdoor air, and soil gas, respectively. Both indoor air and soil gas concentrations were statistically significantly positively associated with participants' blood concentrations (p=0.0002 and p=0.04, respectively). Geometric mean blood concentrations of residents from homes with indoor air concentrations of >1.6 μg/m3 were approximately 50 times higher than geometric mean blood TCE concentrations in participants from homes with no detectable TCE in indoor air (p<.0001; 95% CI 10.4 – 236.4). This study confirms the occurrence of vapor intrusion and demonstrates the magnitude of exposure from vapor intrusion of TCE in a residential setting. PMID:26259926

ODOT research news : winter quarter 2003.

DOT National Transportation Integrated Search

2003-01-01

The newsletter includes: : 1) Cracked Bridges; : 2) Research Outreach; : 3) LTPP Update: A Long Shot Pays Off; : 4) Railroad Crossing Intrusion Detection Update; : 5) Guiding Drivers through Work Zones; : 6) New Projects to start in July; : and other...

High-speed and high-fidelity system and method for collecting network traffic

DOEpatents

Weigle, Eric H [Los Alamos, NM

2010-08-24

A system is provided for the high-speed and high-fidelity collection of network traffic. The system can collect traffic at gigabit-per-second (Gbps) speeds, scale to terabit-per-second (Tbps) speeds, and support additional functions such as real-time network intrusion detection. The present system uses a dedicated operating system for traffic collection to maximize efficiency, scalability, and performance. A scalable infrastructure and apparatus for the present system is provided by splitting the work performed on one host onto multiple hosts. The present system simultaneously addresses the issues of scalability, performance, cost, and adaptability with respect to network monitoring, collection, and other network tasks. In addition to high-speed and high-fidelity network collection, the present system provides a flexible infrastructure to perform virtually any function at high speeds such as real-time network intrusion detection and wide-area network emulation for research purposes.

Intrusion detection using secure signatures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, Trent Darnel; Haile, Jedediah

A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of themore » secure signatures table having a hash value equal to the generated search hash value are then decrypted using the generated decryption key. The one or more decrypted secure signature rules are then processed for a match and one or more user notifications are deployed if a match is identified.« less

MODEL UNCERTAINTY ANALYSIS, FIELD DATA COLLECTION AND ANALYSIS OF CONTAMINATED VAPOR INTRUSION INTO BUILDINGS

EPA Science Inventory

To address uncertainty associated with the evaluation of vapor intrusion problems we are working on a three part strategy that includes: evaluation of uncertainty in model-based assessments; collection of field data and assessment of sites using EPA and state protocols.

Critical Infrastructure Protection and Resilience Literature Survey: Modeling and Simulation

DTIC Science & Technology

2014-11-01

2013 Page 34 of 63 Below the yellow set is a purple cluster bringing together detection , anomaly , intrusion, sensors, monitoring and alerting (early...hazards and threats to security56 Water ADWICE, PSS®SINCAL ADWICE for real-time anomaly detection in water management systems57 One tool that...Systems. Cybernetics and Information Technologies. 2008;8(4):57-68. 57. Raciti M, Cucurull J, Nadjm-Tehrani S. Anomaly detection in water management

Magma emplacement in 3D

NASA Astrophysics Data System (ADS)

Gorczyk, W.; Vogt, K.

2017-12-01

Magma intrusion is a major material transfer process in Earth's continental crust. Yet, the mechanical behavior of the intruding magma and its host are a matter of debate. In this study, we present a series of numerical thermo-mechanical experiments on mafic magma emplacement in 3D.In our model, we place the magmatic source region (40 km diameter) at the base of the mantle lithosphere and connect it to the crust by a 3 km wide channel, which may have evolved at early stages of magmatism during rapid ascent of hot magmatic fluids/melts. Our results demonstrate continental crustal response due to magma intrusion. We observe change in intrusion geometries between dikes, cone-sheets, sills, plutons, ponds, funnels, finger-shaped and stock-like intrusions as well as injection time. The rheology and temperature of the host-rock are the main controlling factors in the transition between these different modes of intrusion. Viscous deformation in the warm and deep crust favours host rock displacement and magma pools along the crust-mantle boundary forming deep-seated plutons or magma ponds in the lower to middle-crust. Brittle deformation in the cool and shallow crust induces cone-shaped fractures in the host rock and enables emplacement of finger- or stock-like intrusions at shallow or intermediate depth. A combination of viscous and brittle deformation forms funnel-shaped intrusions in the middle-crust. Low-density source magma results in T-shaped intrusions in cross-section with magma sheets at the surface.

Hydrogeologic controls on ground-water discharge to the Washington METRO subway tunnel near the Medical Center station and Crossover, Montgomery County, Maryland

USGS Publications Warehouse

Greene, Earl A.; Shapiro, Allen M.; LaMotte, Andrew E.

2004-01-01

Excessive water intrusion has been observed inside several of the Washington Metropolitan Area Transit Authority subway tunnels, with the worst leakage occurring along the Red Line tunnels and stations north of Dupont Circle in Washington, D.C. These tunnels were constructed in bedrock that contains permeable (water-bearing) joints and fractures. Excessive water leakage through the walls and water inside the underground facilities has damaged mechanical and electrical components in the tunnel, and has escalated the deterioration rate of the rail system. The U.S. Geological Survey and the Washington Metropolitan Area Transit Authority have worked cooperatively on a study from 200003 to describe and quantify the factors controlling ground-water flow into the Red Line subway tunnel near the Medical Center Station and Crossover in Montgomery County, Maryland. The Red Line near the Medical Center Station and Crossover passes through or beneath the gneissic Sykesville Formation and the biotite-hornblende tonalite member of the Georgetown Intrusive Suite, both of which contain numerous fractures. The mapped foliation and joints of the Sykesville Formation in the vicinity of the Medical Center Station and Crossover are generally orientated north-south. Fractures in the Sykesville Formation in outcrops appear to be poorly connected. In the biotite-hornblende tonalite member of the Georgetown Intrusive Suite, the general orientation of the mapped foliation and joints is east-west. In contrast to the fractures in the Sykesville Formation, the fractures in the Georgetown Intrusive Suite in outcrops appear to be more numerous and have a greater degree of connectivity. Fractures intersecting four bedrock wells near the Medical Center Station and Crossover that were drilled into the biotite-hornblende tonalite member of the Georgetown Intrusive Suite show an east-west orientation matching the foliation and joints shown on geologic maps. The excessive water intrusion at the Medical Center Station and Crossover could be the result of its location within the Georgetown Intrusive Suite. The abrupt changes in the mapped directions of ground-water flow based on the hydraulic heads at the contact between the Sykesville Formation and biotite-hornblende tonalite member of the Georgetown Intrusive Suite could also be the result of the change in fracturing between these two lithologies. Saprolite, a residual of soft, red/brown to gray clay from decomposed crystalline rock, overlies the bedrock and varies from about 20 to 55 feet thick, depending on location. On the basis of a slug test conducted in the lower part of the saprolite near the Medical Center Station and Crossover, transmissivity and storativity of the saprolite were estimated to be 10 feet squared per day and 10-6 , respectively. The transmissivity of fractures intersecting bedrock boreholes drilled in the biotite-hornblende tonalite member of the Georgetown Intrusive Suite varies over five orders of magnitude, from a maximum of approximately 10 feet squared per day to the detection limit of the in situ testing apparatus, which is approximately 10-4 feet squared per day. In general, the transmissivity of fractures intersecting the boreholes increases with depth. The low transmissivity of bedrock fractures in close proximity to the saprolite is likely to be caused by the fractures being filled with byproducts of rock weathering, resulting in reduced permeability. 2 Hydrogeologic Controls on Ground-Water Discharge to the Washington METRO Subway Tunnel The bulk transmissivity of the bedrock aquifer is approximately 3.7 feet squared per day, as determined from an aquifer test conducted by pumping a 240-foot-deep borehole and monitoring the drawdown over 3 days in the pumped borehole and several observation boreholes. In general, the hydraulic head decreases with depth in bedrock boreholes, indicating the potential for downward ground-water flow. Based on hydraulic head values mea

Intrusion Pattern of the Offshore Kuroshio Branch Current and Its Effects on Nutrient Contributions in the East China Sea

NASA Astrophysics Data System (ADS)

Wang, Wentao; Yu, Zhiming; Song, Xiuxian; Yuan, Yongquan; Wu, Zaixing; Zhou, Peng; Cao, Xihua

2018-03-01

During the autumn season of 2014 (October-November), nutrient samples and nitrogen and oxygen isotope samples from the East China Sea (ECS) were collected and analyzed, and auxiliary physical parameters were determined. Distinctive high-salinity water column conditions with significant haloclines and pycnoclines similar to those observed during the spring were detected at the bottom of the ECS during the autumn. These water column conditions were attributed to the intrusion of the Kuroshio Subsurface Water (KSSW), which then separated into two currents, including the Offshore Kuroshio Branch Current (OKBC). Compared with spring, this intrusion transported higher phosphorus (P) concentrations onto the ECS continental shelf in autumn. However, according to multiple analyses, biogeochemical nitrogen processes are unable to explain the variations in the P concentrations (increase) while assuming that each distinctive water column is consistent. Identifying the water columns by their salinities and P concentrations revealed that the northern ECS water column was similar to the deep KSSW while the southern ECS water column was similar to the shallow KSSW. Therefore, we speculate that the distinctions among the seasonal variations of P-enriched water masses were attributable to the different intrusion positions of the Kuroshio. The shift of the KSSW intrusion location moved toward the northeast during the autumn relative to the spring. This shift, which was proved by the oceanic vortex data, caused the deeper KSSW water upwelled to the ECS and formed the OKBC, thereby supplying additional P during the autumn.

a Continuous Health Monitoring Guided Wave Fmd System for Retrofit to Existing Offshore Oilrigs

NASA Astrophysics Data System (ADS)

Mijarez, R.; Solis, L.; Martinez, F.

2010-02-01

An automatic health monitoring guided wave flood member detection (FMD) system, for retrofit to existing offshore oilrigs is presented. The system employs a microcontroller piezoelectric (PZT) based transmitter and a receiver instrumentation package composed of a PZT 40 kHz ultrasound transducer and a digital signal processor (DSP) module connected to a PC via USB for monitoring purposes. The transmitter and receiver were attached, non-intrusively, to the external wall of a steel tube; 1 m×27 cm×2 mm. Experiments performed in the laboratory have successfully identified automatically flooded tubes.

Trauma Films, Information Processing, and Intrusive Memory Development

ERIC Educational Resources Information Center

Holmes, Emily A.; Brewin, Chris R.; Hennessy, Richard G.

2004-01-01

Three experiments indexed the effect of various concurrent tasks, while watching a traumatic film, on intrusive memory development. Hypotheses were based on the dual-representation theory of posttraumatic stress disorder (C. R. Brewin, T. Dalgleish, & S. Joseph, 1996). Nonclinical participants viewed a trauma film under various encoding conditions…

VERTICAL PROFILING OF VOCS IN GROUNDWATER AND SOIL VAPORS TO EVALUATE THE RISK OF VAPOR INTRUSION

EPA Science Inventory

The Draft EPA Subsurface Vapor Intrusion Guidance Document was established to address the incremental increases in exposures and risks from subsurface contaminants that may be intruding into indoor air@. The document utilizes attenuation factors based on indoor air/soil gas or i...

METHOD AND LOCATION OF GROUND WATER SAMPLING: IMPACT ON ATTENUATION FACTORS FOR ASSESSING IMPACT ON VAPOR INTRUSION

EPA Science Inventory

The Draft EPA Subsurface Vapor Intrusion Guidance Document was established to "address the incremental increases in exposures and risks from subsurface contaminants that my be intruding into indoor air". The document utilizes attenuation factors based on indoor air/soil gas or i...

Development and Application of a Three-Dimensional Finite Element Vapor Intrusion Model

PubMed Central

Pennell, Kelly G.; Bozkurt, Ozgur; Suuberg, Eric M.

2010-01-01

Details of a three-dimensional finite element model of soil vapor intrusion, including the overall modeling process and the stepwise approach, are provided. The model is a quantitative modeling tool that can help guide vapor intrusion characterization efforts. It solves the soil gas continuity equation coupled with the chemical transport equation, allowing for both advective and diffusive transport. Three-dimensional pressure, velocity, and chemical concentration fields are produced from the model. Results from simulations involving common site features, such as impervious surfaces, porous foundation sub-base material, and adjacent structures are summarized herein. The results suggest that site-specific features are important to consider when characterizing vapor intrusion risks. More importantly, the results suggest that soil gas or subslab gas samples taken without proper regard for particular site features may not be suitable for evaluating vapor intrusion risks; rather, careful attention needs to be given to the many factors that affect chemical transport into and around buildings. PMID:19418819

Low-Cost Ground Sensor Network for Intrusion Detection

DTIC Science & Technology

2017-09-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release. Distribution is unlimited. LOW- COST GROUND...Gurminder Singh THIS PAGE INTENTIONALLY LEFT BLANK i REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burden for this...

Detailed Field Investigation of Vapor Intrusion Processes

DTIC Science & Technology

2008-08-01

difluoroethane DQO data quality objective ESTCP Environmental Security Technology Certification Program HCl hydrochloric acid OU-5 Operable Unit...impacted by significant leakage of ambient air. Some leak tracer compounds such as difluoroethane (DFA) and isopropyl alcohol may cause elevated detection

Early Warning Systems Assure Safe Schools

ERIC Educational Resources Information Center

Greenhalgh, John

1973-01-01

Fairfield, Connecticut, public schools are protected by an automatic fire detection system covering every area of every building through an electric monitor. An intrusion alarm system that relies primarily on pulsed infra-red beams protects the plant investment. (Author/MF)

A Security Framework for Online Distance Learning and Training.

ERIC Educational Resources Information Center

Furnell, S. M.; Onions, P. D.; Bleimann, U.; Gojny, U.; Knahl, M.; Roder, H. F.; Sanders, P. W.

1998-01-01

Presents a generic reference model for online distance learning and discusses security issues for each stage (enrollment, study, completion, termination, suspension). Discusses a security framework (authentication and accountability, access control, intrusion detection, network communications, nonrepudiation, learning resources provider…

High-resolution seismic imaging of the Kevitsa mafic-ultramafic Cu-Ni-PGE hosted intrusion, northern Finland

NASA Astrophysics Data System (ADS)

Malehmir, Alireza; Koivisto, Emilia; Wjins, Chris; Tryggvason, Ari; Juhlin, Christopher

2014-05-01

Kevitsa, in northern Finland, is a large nickel/copper ore body hosted by a massive mafic-ultramafic intrusion with measured and indicated resources of 240 million tons (cutoff 0.1%) grading 0.30% Ni and 0.41% Cu. Mining started in 2012 with an open pit that will extend down to about 550-600 m depth. The expected mine life is more than 20 years. Numerous boreholes are available in the area, but the majority of them are shallow and do not provide a comprehensive understanding of the dimensions of the intrusion. However, a number of boreholes do penetrate the basal contact of the intrusion. Most of these are also shallow and concentrated at the edge of the intrusion. A better knowledge of the geometry of the intrusion would provide a framework for near-mine and deep exploration in the area, but also a better understanding of the geology. Exact mapping of the basal contact of the intrusion would also provide an exploration target for the contact-type mineralization that is often more massive and richer in Ni-Cu than the disseminated mineralization away from the contact. With the objective of better characterizing the intrusion, a series of 2D profiles were acquired followed by a 3D reflection survey that covered an area of about 3 km by 3 km. Even though the geology is complex and the seismic P-wave velocity ranges between 5 to 8 km/s, conventional processing results show gently- to steeply-dipping reflections from depths of approximately 2 km to as shallow as 100 m. Many of these reflections are interpreted to originate from either fault systems or internal magmatic layering within the Kevitsa main intrusion. Correlations between the 3D surface seismic data and VSP data, based upon time shifts or phase changes along the reflections, support the interpretation that numerous faults are imaged in the volume. Some of these faults cross the planned open-pit mine at depths of about 300-500 m, and it is, therefore, critical to map them for mine planning. The seismic 3D volume better represents the geology around the mine and in the vicinity of the known deposit, while the 2D seismic profiles were designed to provide information on larger-scale structures in the area. Both the 2D and 3D seismic data were used to create a 3D lithological and structural model of the entire complex. Information on the dimensions of the ore-bearing Kevitsa intrusion can be used for more effective exploration in the area. The base of the intrusion is particularly clear in the northern and western sectors of the seismic data. Toward the east, the base is mostly defined by disruption of the reflectors internal to the intrusion. Recent tests using prestack migration methods on the 3D data show partial improvements in the image, especially at shallow depths. 3D seismic tomography has also been performed and the results indicate low velocity zones crossing the open pit that can be interpreted as zones of weakness. Future studies will focus on using the tomography results as the input velocity field for prestack depth migration of the 3D data and also improving the 3D geological model of the study area. Acknowledgments: FQM, GTK, HiSeis and Vibrometric

Sulfide mineralization associated with arc magmatism in the Qilian Block, western China: zircon U-Pb age and Sr-Nd-Os-S isotope constraints from the Yulonggou and Yaqu gabbroic intrusions

NASA Astrophysics Data System (ADS)

Zhang, Zhao-Wei; Li, Wen-Yuan; Gao, Yong-Bao; Li, Chusi; Ripley, Edward M.; Kamo, Sandra

2014-02-01

The sulfide-bearing Yulonggou and Yaqu mafic intrusions are located in the southern margin of the Qilian Block, Qinghai Province, western China. They are small dike-like bodies mainly composed of gabbros and diorites. Disseminated sulfides (pyrrhotite, pentlandite, and chalcopyrite) are present as concordant lenses within the intrusions. Precise CA-ID-TIMS zircon U-Pb dating yields the crystallization ages of 443.39 ± 0.42 and 440.74 ± 0.33 Ma for the Yulonggou and Yaqu intrusions, respectively. Whole rock samples from both intrusions show light rare earth element (REE) enrichments relative to heavy REE and pronounced negative Nb-Ta anomalies relative to Th and La, which are consistent with the products of arc basaltic magmatism. The Yulonggou intrusion has negative ɛ Nd values from -5.7 to -7.7 and elevated (87Sr/86Sr) i ratios from 0.711 to 0.714. In contrast, the Yaqu intrusion has higher ɛ Nd values from -4.1 to +8.4 and lower (87Sr/86Sr) i ratios from 0.705 to 0.710. The δ34S values of sulfide separates from the Yulonggou and Yaqu deposits vary from 0.8 to 2.4 ‰ and from 2 to 4.3 ‰, respectively. The γ Os values of sulfide separates from the Yulonggou and Yaqu deposits vary between 80 and 123 and between 963 and 1,191, respectively. Higher γ Os values coupled with higher δ34S values for the Yaqu deposit relative to the Yulonggou deposit indicate that external sulfur played a bigger role in sulfide mineralization in the Yaqu intrusion than in the Yulonggou intrusion. Mixing calculations using Sr-Nd isotope data show that contamination with siliceous crustal materials is more pronounced in the Yulonggou intrusion (up to 20 wt%) than in the Yaqu intrusion (<15 wt%). The distribution of sulfides in both intrusions is consistent with multiple emplacements of sulfide-saturated magmas from depth. The Yulonggou and Yaqu sulfide deposits are not economically valuable under current market condition due to small sizes and low Ni grades, which can be explained by late-stage sulfide saturation after extensive olivine fractional crystallization from the magmas. Based on these observations, we suggest a shift of focus for Ni exploration in the region from mafic/gabbroic intrusions to olivine-rich ultramafic intrusions.

The Sonju Lake layered intrusion, northeast Minnesota: Internal structure and emplacement history inferred from magnetic fabrics

USGS Publications Warehouse

Maes, S.M.; Tikoff, B.; Ferre, E.C.; Brown, P.E.; Miller, J.D.

2007-01-01

The Sonju Lake intrusion (SLI), in northeastern Minnesota, is a layered mafic complex of Keweenawan age (1096.1 ?? 0.8 Ma) related to the Midcontinent rift. The cumulate paragenesis of the intrusion is recognized as broadly similar to the Skaergaard intrusion, a classic example of closed-system differentiation of a tholeiitic mafic magma. The SLI represents nearly closed-system differentiation through bottom-up fractional crystallization. Geochemical studies have identified the presence of a stratabound, 50-100 m thick zone anomalously enriched in Au + PGE. Similar to the PGE reefs of the Skaergaard intrusion, this PGE-enriched zone is hosted within oxide gabbro cumulates, about two-third of the way up from the base of the intrusion. We present a petrofabric study using the anisotropy of magnetic susceptibility (AMS) to investigate the emplacement and flow patterns within the Sonju Lake intrusion. Petrographic and electron microprobe studies, combined with AMS and hysteresis measurements indicate the primary source of the magnetic signal is pseudo-single domain (PSD) magnetite or titanomagnetite. Low field AMS was measured at 32 sites within the Sonju Lake intrusion, which provided information about primary igneous fabrics. The magnetic fabrics in the layered series of the Sonju Lake intrusion are consistent with sub-horizontal to inclined emplacement of the intrusion and show evidence that the cumulate layers were deposited in a dynamic environment. Well-aligned magnetic lineations, consistently plunging shallowly toward the southwest, indicate the source of the magma is a vertical sill-like feeder, presumably located beneath the Finland granite. The Finland granite acted as a density trap for the Sonju Lake magmas, forcing lateral flow of magma to the northeast. The strongly oblate magnetic shape fabrics indicate the shallowly dipping planar fabrics were enhanced by compaction of the crystal mush. ?? 2007 Elsevier B.V. All rights reserved.

Distributed intrusion monitoring system with fiber link backup and on-line fault diagnosis functions

NASA Astrophysics Data System (ADS)

Xu, Jiwei; Wu, Huijuan; Xiao, Shunkun

2014-12-01

A novel multi-channel distributed optical fiber intrusion monitoring system with smart fiber link backup and on-line fault diagnosis functions was proposed. A 1× N optical switch was intelligently controlled by a peripheral interface controller (PIC) to expand the fiber link from one channel to several ones to lower the cost of the long or ultra-long distance intrusion monitoring system and also to strengthen the intelligent monitoring link backup function. At the same time, a sliding window auto-correlation method was presented to identify and locate the broken or fault point of the cable. The experimental results showed that the proposed multi-channel system performed well especially whenever any a broken cable was detected. It could locate the broken or fault point by itself accurately and switch to its backup sensing link immediately to ensure the security system to operate stably without a minute idling. And it was successfully applied in a field test for security monitoring of the 220-km-length national borderline in China.

Report: Improvements Needed in EPA’s Network Traffic Management Practices

EPA Pesticide Factsheets

Report #11-P-0159, March 14, 2011. OEI does not have consistent, repeatable intrusion detection system monitoring practices in place, which inhibits EPA’s ability to monitor unusual network activity and thus protect Agency systems and associated data.

Off-road axle detection sensor (ORADS) : executive summary, April 2001.

DOT National Transportation Integrated Search

2001-04-01

Spectra Research has developed a non-intrusive lane monitoring sensor which can be used to measure and classify vehicular traffic over multiple lane roadways. This sensor employs dual beam laser radar (LADAR) that accurately measures location and pas...

Off-road axle detection sensor (ORADS) : final report, April 2001.

DOT National Transportation Integrated Search

2001-04-01

Spectra Research has developed a non-intrusive lane monitoring sensor which can be used to measure and classify vehicular traffic over multiple lane roadways. This sensor employs dual beam laser radar (LADAR) that accurately measures location and pas...

33 CFR 104.210 - Company Security Officer (CSO).

Code of Federal Regulations, 2014 CFR

2014-07-01

... operational limitations; (vi) Methods of conducting audits, inspection and control and monitoring techniques... threats and patterns; (ix) Recognition and detection of dangerous substances and devices; (x) Recognition...) Techniques used to circumvent security measures; (xii) Methods of physical screening and non-intrusive...

33 CFR 104.210 - Company Security Officer (CSO).

Code of Federal Regulations, 2013 CFR

2013-07-01

... operational limitations; (vi) Methods of conducting audits, inspection and control and monitoring techniques... threats and patterns; (ix) Recognition and detection of dangerous substances and devices; (x) Recognition...) Techniques used to circumvent security measures; (xii) Methods of physical screening and non-intrusive...

33 CFR 104.210 - Company Security Officer (CSO).

Code of Federal Regulations, 2012 CFR

2012-07-01

... operational limitations; (vi) Methods of conducting audits, inspection and control and monitoring techniques... threats and patterns; (ix) Recognition and detection of dangerous substances and devices; (x) Recognition...) Techniques used to circumvent security measures; (xii) Methods of physical screening and non-intrusive...

75 FR 76426 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-08

..., access control lists, file system permissions, intrusion detection and prevention systems and log..., address, mailing address, country, organization, phone, fax, mobile, pager, Defense Switched Network (DSN..., address, mailing address, country, organization, phone, fax, mobile, pager, Defense Switched Network (DSN...

A Security Monitoring Framework For Virtualization Based HEP Infrastructures

NASA Astrophysics Data System (ADS)

Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

2017-10-01

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Application of Remote-Sensing Observations for Detecting Patterns of Localization of Cu-Ni Mineralization of the Norilsk Ore Region

NASA Astrophysics Data System (ADS)

Milovsky, G. A.; Ishmukhametova, V. T.; Shemyakina, E. M.

2017-12-01

The methods of a complex analysis of materials of space, gravimetric, and magnetometric surveys were developed on the basis of a study of reference fields of the Norilsk ore region (Imangda, etc.) for detection patterns of the localization of Cu-Ni (with PGMs) mineralization in intrusive complexes of the northwestern frame of the Siberian Platform.

Information Assurance Technology Analysis Center Information Assurance Tools Report Intrusion Detection

DTIC Science & Technology

1998-01-01

such as central processing unit (CPU) usage, disk input/output (I/O), memory usage, user activity, and number of logins attempted. The statistics... EMERALD Commercial anomaly detection, system monitoring SRI porras@csl.sri.com www.csl.sri.com/ emerald /index. html Gabriel Commercial system...sensors, it starts to protect the network with minimal configuration and maximum intelligence. T 11 EMERALD TITLE EMERALD (Event Monitoring

Large Scale System Defense

DTIC Science & Technology

2008-10-01

AD); Aeolos, a distributed intrusion detection and event correlation infrastructure; STAND, a training-set sanitization technique applicable to ADs...UU 18. NUMBER OF PAGES 25 19a. NAME OF RESPONSIBLE PERSON Frank H. Born a. REPORT U b. ABSTRACT U c . THIS PAGE U 19b. TELEPHONE...Summary of findings 2 (a) Automatic Patch Generation 2 (b) Better Patch Management 2 ( c ) Artificial Diversity 3 (d) Distributed Anomaly Detection 3

Developments toward a Low-Cost Approach for Long-Term, Unattended Vapor Intrusion Monitoring

PubMed Central

Tolley, William K.

2014-01-01

There are over 450,000 sites contaminated by chemicals in the US. This large number of contaminated sites and the speed of subsurface migration of chemicals pose considerable risk to nearby residences and commercial buildings. The high costs for monitoring around these site stem from the labor involved in placing and replacing the passive sorbent vapor samplers and the resultant laboratory analysis. This monitoring produces sparse data sets that do not track temporal changes well. To substantially reduce costs and better track exposures, less costly, unattended systems for monitoring soil gases and vapor intrusion into homes and businesses are desirable to aid in the remediation of contaminated sites. This paper describes progress toward the development of an inexpensive system specifically for monitoring vapor intrusion; the system can operate repeatedly without user intervention with low detection limits (1 × 10−9, or 1 part-per-billion). Targeted analytes include chlorinated hydrocarbons (dichloroethylene, trichloroethane, trichloroethylene, and perchloroethylene) and benzene. The system consists of a trap-and-purge preconcentrator for vapor collection in conjunction with a compact gas chromatography instrument to separate individual compounds. Chemical detection is accomplished with an array of chemicapacitors and a metal-oxide semiconductor combustibles sensor. Both the preconcentrator and the chromatography column are resistively heated. All components are compatible with ambient air, which serves as the carrier gas for the gas chromatography and detectors. PMID:24903107

Design process and preliminary psychometric study of a video game to detect cognitive impairment in senior adults.

PubMed

Valladares-Rodriguez, Sonia; Perez-Rodriguez, Roberto; Facal, David; Fernandez-Iglesias, Manuel J; Anido-Rifon, Luis; Mouriño-Garcia, Marcos

2017-01-01

Assessment of episodic memory has been traditionally used to evaluate potential cognitive impairments in senior adults. Typically, episodic memory evaluation is based on personal interviews and pen-and-paper tests. This article presents the design, development and a preliminary validation of a novel digital game to assess episodic memory intended to overcome the limitations of traditional methods, such as the cost of its administration, its intrusive character, the lack of early detection capabilities, the lack of ecological validity, the learning effect and the existence of confounding factors. Our proposal is based on the gamification of the California Verbal Learning Test (CVLT) and it has been designed to comply with the psychometric characteristics of reliability and validity. Two qualitative focus groups and a first pilot experiment were carried out to validate the proposal. A more ecological, non-intrusive and better administrable tool to perform cognitive assessment was developed. Initial evidence from the focus groups and pilot experiment confirmed the developed game's usability and offered promising results insofar its psychometric validity is concerned. Moreover, the potential of this game for the cognitive classification of senior adults was confirmed, and administration time is dramatically reduced with respect to pen-and-paper tests. Additional research is needed to improve the resolution of the game for the identification of specific cognitive impairments, as well as to achieve a complete validation of the psychometric properties of the digital game. Initial evidence show that serious games can be used as an instrument to assess the cognitive status of senior adults, and even to predict the onset of mild cognitive impairments or Alzheimer's disease.

Design process and preliminary psychometric study of a video game to detect cognitive impairment in senior adults

PubMed Central

Perez-Rodriguez, Roberto; Facal, David; Fernandez-Iglesias, Manuel J.; Anido-Rifon, Luis; Mouriño-Garcia, Marcos

2017-01-01

Introduction Assessment of episodic memory has been traditionally used to evaluate potential cognitive impairments in senior adults. Typically, episodic memory evaluation is based on personal interviews and pen-and-paper tests. This article presents the design, development and a preliminary validation of a novel digital game to assess episodic memory intended to overcome the limitations of traditional methods, such as the cost of its administration, its intrusive character, the lack of early detection capabilities, the lack of ecological validity, the learning effect and the existence of confounding factors. Materials and Methods Our proposal is based on the gamification of the California Verbal Learning Test (CVLT) and it has been designed to comply with the psychometric characteristics of reliability and validity. Two qualitative focus groups and a first pilot experiment were carried out to validate the proposal. Results A more ecological, non-intrusive and better administrable tool to perform cognitive assessment was developed. Initial evidence from the focus groups and pilot experiment confirmed the developed game’s usability and offered promising results insofar its psychometric validity is concerned. Moreover, the potential of this game for the cognitive classification of senior adults was confirmed, and administration time is dramatically reduced with respect to pen-and-paper tests. Limitations Additional research is needed to improve the resolution of the game for the identification of specific cognitive impairments, as well as to achieve a complete validation of the psychometric properties of the digital game. Conclusion Initial evidence show that serious games can be used as an instrument to assess the cognitive status of senior adults, and even to predict the onset of mild cognitive impairments or Alzheimer’s disease. PMID:28674661

Ore-forming adakitic porphyry produced by fractional crystallization of oxidized basaltic magmas in a subcrustal chamber (Jiamate, East Junggar, NW China)

NASA Astrophysics Data System (ADS)

Hong, Tao; Xu, Xing-Wang; Gao, Jun; Peters, Stephen G.; Zhang, Di; Jielili, Reyaniguli; Xiang, Peng; Li, Hao; Wu, Chu; You, Jun; Liu, Jie; Ke, Qiang

2018-01-01

Adakitic intrusions are supposed to have a close genetic and spatial relationship to porphyry Cu deposits. However, the genesis of adakitic intrusions is still under dispute. Here, we describe newly discovered intrusive complex rocks, which are composed of ore-bearing, layered magnetite-bearing gabbroic and adakitic rocks in Jiamate, East Junggar, NW China. These Jiamate Complex intrusions have diagnostic petrologic, geochronologic and geochemical signatures that indicate they were all generated from the same oxidized precursor magma source. Additionally, these layered rocks underwent the same fractional crystallization process as the ore-bearing adakitic rocks in the adjacent Kalaxiangar Porphyry Cu Belt (KPCB) in an oceanic island arc (OIA) setting. The rocks studied for this paper include layered magnetite-bearing gabbroic intrusive rocks that contain: (1) gradual contact changes between lithological units of mafic and intermediate rocks, (2) geochemical signatures that are the same as those found in oceanic island arc (OIA) rocks, (3) typical adakitic geochemistry, and (4) similar characteristics and apparent fractional crystallization relationships of ultra-basic to basic rocks to those in the nearby Beitashan Formation and to ore-bearing adakitic rocks in the KPCB. They also display similar zircon U-Pb and zircon Hf model ages. The Jiamate Complex intrusions contain intergrowths of magnetite and layered gabbro, and the intermediate-acidic intrusions of the Complex display typical adakitic affinities. Moreover, in conjunction with previously published geochronological and geochemistry data of the mafic rocks in the Beitashan Formation and in the KPCB area, additional data generated for the Jiamate Complex intrusions rocks indicate that they were formed from fractional crystallization processes. The Jiamate Complex intrusions most likely were derived from a metasomatized mantle wedge that was underplated at the root of the Saur oceanic island arc (Saur OIA). The ore-bearing adakitic intrusions in the KPCB and the adakitic Jiamate Complex intrusions were both probably generated from the same basaltic parental magmas through fractional crystallization. In addition, characteristics of the layered, magnetite-bearing, oxidized, basaltic Jiamate Complex intrusive rocks indicate that they are likely to be the parental arc magmas for the nearby porphyry Cu deposits. This conclusion is based on new interpretations of the regional and local geology, on interpretation of new geochemical analysis, new stable isotope analysis, new geothermobarometry, and new zircon age dating as well as other techniques and interpretations.

Ore-forming adakitic porphyry produced by fractional crystallization of oxidized basaltic magmas in a subcrustal chamber (Jiamate, East Junggar, NW China)

USGS Publications Warehouse

Hong, Tao; Xu, Xing-Wang; Gao, Jun; Peters, Stephen; Zhang, Di; Jielili, Reyaniguli; Xiang, Peng; Li, Hao; Wu, Chu; You, Jun; Liu, Jie; Ke, Qiang

2018-01-01

Adakitic intrusions are supposed to have a close genetic and spatial relationship to porphyry Cu deposits. However, the genesis of adakitic intrusions is still under dispute. Here, we describe newly discovered intrusive complex rocks, which are composed of ore-bearing, layered magnetite-bearing gabbroic and adakitic rocks in Jiamate, East Junggar, NW China. These Jiamate Complex intrusions have diagnostic petrologic, geochronologic and geochemical signatures that indicate they were all generated from the same oxidized precursor magma source. Additionally, these layered rocks underwent the same fractional crystallization process as the ore-bearing adakitic rocks in the adjacent Kalaxiangar Porphyry Cu Belt (KPCB) in an oceanic island arc (OIA) setting. The rocks studied for this paper include layered magnetite-bearing gabbroic intrusive rocks that contain: (1) gradual contact changes between lithological units of mafic and intermediate rocks, (2) geochemical signatures that are the same as those found in oceanic island arc (OIA) rocks, (3) typical adakitic geochemistry, and (4) similar characteristics and apparent fractional crystallization relationships of ultra-basic to basic rocks to those in the nearby Beitashan Formation and to ore-bearing adakitic rocks in the KPCB. They also display similar zircon U-Pb and zircon Hf model ages.The Jiamate Complex intrusions contain intergrowths of magnetite and layered gabbro, and the intermediate-acidic intrusions of the Complex display typical adakitic affinities. Moreover, in conjunction with previously published geochronological and geochemistry data of the mafic rocks in the Beitashan Formation and in the KPCB area, additional data generated for the Jiamate Complex intrusions rocks indicate that they were formed from fractional crystallization processes. The Jiamate Complex intrusions most likely were derived from a metasomatized mantle wedge that was underplated at the root of the Saur oceanic island arc (Saur OIA). The ore-bearing adakitic intrusions in the KPCB and the adakitic Jiamate Complex intrusions were both probably generated from the same basaltic parental magmas through fractional crystallization. In addition, characteristics of the layered, magnetite-bearing, oxidized, basaltic Jiamate Complex intrusive rocks indicate that they are likely to be the parental arc magmas for the nearby porphyry Cu deposits. This conclusion is based on new interpretations of the regional and local geology, on interpretation of new geochemical analysis, new stable isotope analysis, new geothermobarometry, and new zircon age dating as well as other techniques and interpretations.

Off-the-shelf mobile handset environments for deploying accelerometer based gait and activity analysis algorithms.

PubMed

Hynes, Martin; Wang, Han; Kilmartin, Liam

2009-01-01

Over the last decade, there has been substantial research interest in the application of accelerometry data for many forms of automated gait and activity analysis algorithms. This paper introduces a summary of new "of-the-shelf" mobile phone handset platforms containing embedded accelerometers which support the development of custom software to implement real time analysis of the accelerometer data. An overview of the main software programming environments which support the development of such software, including Java ME based JSR 256 API, C++ based Motion Sensor API and the Python based "aXYZ" module, is provided. Finally, a sample application is introduced and its performance evaluated in order to illustrate how a standard mobile phone can be used to detect gait activity using such a non-intrusive and easily accepted sensing platform.

Intrusion Triggering of Explosive Eruptions: Lessons Learned from EYJAFJALLAJÖKULL 2010 Eruptions and Crustal Deformation Studies

NASA Astrophysics Data System (ADS)

Sigmundsson, F.; Hreinsdottir, S.; Hooper, A. J.; Arnadottir, T.; Pedersen, R.; Roberts, M. J.; Oskarsson, N.; Auriac, A.; Decriem, J.; Einarsson, P.; Geirsson, H.; Hensch, M.; Ofeigsson, B. G.; Sturkell, E. C.; Sveinbjornsson, H.; Feigl, K.

2010-12-01

Gradual inflation of magma chambers often precedes eruptions at highly active volcanoes. During eruptions, rapid deflation occurs as magma flows out and pressure is reduced. Less is known about the deformation style at moderately active volcanoes, such as Eyjafjallajökull, Iceland, where an explosive summit eruption of trachyandesite beginning on 14 April 2010 caused exceptional disruption to air traffic. This eruption was preceded by an effusive flank eruption of olivine basalt from 20 March - 12 April 2010. Geodetic and seismic observations revealed the growth of an intrusive complex in the roots of the volcano during three months prior to eruptions. After initial horizontal growth, modelling indicates both horizontal and sub-vertical growth in three weeks prior the first eruption. The behaviour is attributed to subsurface variations in crustal stress and strength originating from complicated volcano foundations. A low-density layer may capture magma allowing pressure to build before an intrusion can ascend towards higher levels. The intrusive complex was formed by olivine basalt as erupted on the volcano flank 20 March - 12 April; the intrusive growth halted at the onset of this eruption. Deformation associated with the eruption onset was minor as the dike had reached close to the surface in the days before. Isolated eruptive vents opening on long-dormant volcanoes may represent magma leaking upwards from extensive pre-eruptive intrusions formed at depth. A deflation source activated during the summit eruption of trachyandesite is distinct from, and adjacent to, all documented sources of inflation in the volcano roots. Olivine basalt magma which recharged the volcano appears to have triggered the summit eruption, although the exact mode of triggering is uncertain. Scenarios include stress triggering or propagation of olivine basalt into more evolved magma. The trachyandesite includes crystals that can be remnants of minor recent intrusion of olivine basalt. Alternatively, mixing of larger portion of olivine basalt with more evolved magma may have occurred. Intrusions may lead to eruptions not only when they find their way to the surface; at Eyjafjallajökull our observation show how primitive melts in an intrusive complex active since 1992 catalyzed an explosive eruption of trachyandesite. Eyjafjallajökull’s behaviour can be attributed to its off-rift setting with a relatively cold subsurface structure and limited magma at shallow depth, as may be typical for moderately active volcanoes. Clear signs of volcanic unrest signals over years to weeks may indicate reawakening of such volcanoes whereas immediate short-term precursors may be subtle and difficult to detect.

Magmatism at different crustal levels in the ancient North Cascades magmatic arc

NASA Astrophysics Data System (ADS)

Shea, E. K.; Bowring, S. A.; Miller, R. B.; Miller, J. S.

2013-12-01

The mechanisms of magma ascent and emplacement inferred from study of intrusive complexes have long been the subject of intense debate. Current models favor incremental construction based on integration of field, geochemical, geochronologic, and modeling studies. Much of this work has been focused on a single crustal level. However, study of magmatism throughout the crust is critical for understanding how magma ascends through and intrudes surrounding crustal material. Here, we present new geochronologic and geochemical work from intrusive complexes emplaced at a range of crustal depths in the Cretaceous North Cascades magmatic arc. These complexes were intruded between 92 and 87 Ma at depths of at ≤5 -10 km, ~20 km, and ~25 km during this time. U-Pb CA-TIMS geochronology in zircon can resolve <0.1% differences in zircon dates and when combined with detailed field relationships allow new insights into how magmatic systems are assembled. We can demonstrate highly variable rates of intrusion at different crustal levels: the shallow-crustal (5-10 km) Black Peak intrusive complex was assembled semi-continuously over ~5 My, while the deep-crustal (25-30 km) Tenpeak intrusive complex was assembled in brief, high-flux events over ~2.6 My. Between these bodies is the Seven-Fingered Jack-Entiat intrusive complex, a highly elongate amalgamation of intrusions recording two episodes of magmatism between~92-88 Ma and ~80-77 Ma. Each of these complexes provides a window into crustal processes that occur at different depths. Our data suggest assembly of the Black Peak intrusive complex occurred via a series of small (0.5-2 km2) magmatic increments from ~92 Ma to ~87 Ma. Field relations and zircon trace element geochemistry indicate each of these increments were emplaced and crystallized as closed systems-we find no evidence for mixing between magmas in the complex. However, zircon inheritance becomes more common in younger intrusions, indicating assimilation of older plutonic material, possibly during magma production or transport. The Seven-Fingered Jack intrusive complex, emplaced around 15-20 km, preserves a much more discontinuous record of intrusion than the Black Peak. Our data indicate major magmatism in the complex occurred between ~92.1-91.1 Ma. Inheritance in the Seven-Fingered Jack is common, particularly along contacts between intrusions. The Tenpeak intrusive complex, assembled between ~92 Ma and 89 Ma, represents one of the deepest exhumed complexes in the North Cascades. Our geochronology indicates that plutons comprising the complex were intruded rapidly (<200 ka) and followed by periods of magmatic quiescence. Contact relations between contemporaneous intrusions are often mixed, further supporting rapid assembly. Zircon systematics in the Tenpeak are relatively simple, showing no evidence for inheritance from the surrounding host rock or from earlier intrusions. However, zircon oxygen isotope data indicates many magmas contain significant crustal input. The Black Peak, Seven-Fingered Jack, and Tenpeak intrusions illustrate the complicated nature of magmatism at different crustal levels in the 92-87 Ma North Cascades magmatic arc. Our data support incremental assembly of these complexes, but show that many features, such as style of emplacement, zircon chemical and temporal systematics, and magma composition vary between these intrusions.

Surface deformation induced by magmatic processes at Pacaya Volcano, Guatemala revealed by InSAR

NASA Astrophysics Data System (ADS)

Wnuk, K.; Wauthier, C.

2017-09-01

Pacaya Volcano, Guatemala is a continuously active, basaltic volcano with an unstable western flank. Despite continuous activity since 1961, a lack of high temporal resolution geodetic surveying has prevented detailed modeling of Pacaya's underlying magmatic plumbing system. A new, temporally dense dataset of Interferometric Synthetic Aperture Radar (InSAR) RADARSAT-2 images, spanning December 2012 to March 2014, show magmatic deformation before and during major eruptions in January and March 2014. Inversion of InSAR surface displacements using simple analytical forward models suggest that three magma bodies are responsible for the observed deformation: (1) a 4 km deep spherical reservoir located northwest of the summit, (2) a 0.4 km deep spherical source located directly west of the summit, and (3) a shallow dike below the summit. Periods of heightened volcanic activity are instigated by magma pulses at depth, resulting in rapid inflation of the edifice. We observe an intrusion cycle at Pacaya that consists of deflation of one or both magma reservoirs followed by dike intrusion. Intrusion volumes are proportional to reservoir volume loss and do not always result in an eruption. Periods of increased activity culminate with larger dike-fed eruptions. Large eruptions are followed by inter-eruptive periods marked by a decrease in crater explosions and a lack of detected deformation. Co-eruptive flank motion appears to have initiated a new stage of volcanic rifting at Pacaya defined by repeated NW-SE oriented dike intrusions. This creates a positive feedback relationship whereby magmatic forcing from eruptive dike intrusions induce flank motion.

Detection of ethene and other hydrocarbons in gas turbine engine exhaust using non-intrusive FTIR spectroscopy

NASA Astrophysics Data System (ADS)

Arrigone, Giovanni M.; Welch, Michael A.; Hilton, Moira; Miller, Michael N.; Wilson, Christopher W.

2003-04-01

As part of the EU funded project AEROJET2, a number of gas turbine engine tests were performed in different facilities around Europe. At Farnborough, UK a Spey engine was used to test a suite of prototype optically based instrumentation designed to measure exhaust gas emissions without using extractive probe systems. In addition to the AEROJET 2 prototype instrumentation, a Bruker Equinox 55 Fourier transform infrared (FTIR) spectrometer was used to obtain infrared spectra of the exhaust plume both in emission and absorption mode. The Bruker FTIR spectrometer was fitted with a periscope system so that different lines of sight could be monitored in the plume in a vertical plane 25 cm downstream from the nozzle exit and 20 cm upstream of the center line of sight of the AEROJET 2 prototype instrumentation. DERA (now QinetiQ) provided exhaust gas analysis data for different engine running conditions using samples extracted from the plume with an intrusive probe. The probe sampled along a horizontal plane across the centerline of the engine 45 cm downstream of the nozzle exit. The Bruker spectrometer used both InSb (indium antimonide) and MCT (mercury-cadmium-telluride) detectors to maximize the sensitivity across the IR range 600-4000 cm-1. Typically, CO2 and H2O IR signatures dominate the observed spectra of the plume. However, the engine tests showed that at low power engine conditions spectral features associated with CO around 2147 cm-1 and with hydrocarbons could be observed at around 3000 cm-1. In particular the presence of ethene (C2H2) was detected from observation of its characteristic in and out of plane vibration mode at 949 cm-1. At high engine powers the presence of NO was detected at 1900.3 cm-1. Species concentrations were calculated using a slab model for each line of sight compared against reference spectra. The engine plume was assumed to be symmetric about the centerline. On this basis, data from the extractive sampling gas analysis that had been obtained by traversing the probe across a horizontal plane through the centerline could be compared with non-intrusive measurements made by scanning vertically. Adjustments have been made to account for the 20 cm downstream offset in measurement planes of the probe and the spectrometer behind the nozzle exit.

Risk-Based Evaluation of Total Petroleum Hydrocarbons in Vapor Intrusion Studies

PubMed Central

Brewer, Roger; Nagashima, Josh; Kelley, Michael; Heskett, Marvin; Rigby, Mark

2013-01-01

This paper presents a quantitative method for the risk-based evaluation of Total Petroleum Hydrocarbons (TPH) in vapor intrusion investigations. Vapors from petroleum fuels are characterized by a complex mixture of aliphatic and, to a lesser extent, aromatic compounds. These compounds can be measured and described in terms of TPH carbon ranges. Toxicity factors published by USEPA and other parties allow development of risk-based, air and soil vapor screening levels for each carbon range in the same manner as done for individual compounds such as benzene. The relative, carbon range makeup of petroleum vapors can be used to develop weighted, site-specific or generic screening levels for TPH. At some critical ratio of TPH to a targeted, individual compound, the overwhelming proportion of TPH will drive vapor intrusion risk over the individual compound. This is particularly true for vapors associated with diesel and other middle distillate fuels, but can also be the case for low-benzene gasolines or even for high-benzene gasolines if an adequately conservative, target risk is not applied to individually targeted chemicals. This necessitates a re-evaluation of the reliance on benzene and other individual compounds as a stand-alone tool to evaluate vapor intrusion risk associated with petroleum. PMID:23765191

Using Machine Learning in Adversarial Environments.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Warren Leon Davis

Intrusion/anomaly detection systems are among the first lines of cyber defense. Commonly, they either use signatures or machine learning (ML) to identify threats, but fail to account for sophisticated attackers trying to circumvent them. We propose to embed machine learning within a game theoretic framework that performs adversarial modeling, develops methods for optimizing operational response based on ML, and integrates the resulting optimization codebase into the existing ML infrastructure developed by the Hybrid LDRD. Our approach addresses three key shortcomings of ML in adversarial settings: 1) resulting classifiers are typically deterministic and, therefore, easy to reverse engineer; 2) ML approachesmore » only address the prediction problem, but do not prescribe how one should operationalize predictions, nor account for operational costs and constraints; and 3) ML approaches do not model attackers’ response and can be circumvented by sophisticated adversaries. The principal novelty of our approach is to construct an optimization framework that blends ML, operational considerations, and a model predicting attackers reaction, with the goal of computing optimal moving target defense. One important challenge is to construct a realistic model of an adversary that is tractable, yet realistic. We aim to advance the science of attacker modeling by considering game-theoretic methods, and by engaging experimental subjects with red teaming experience in trying to actively circumvent an intrusion detection system, and learning a predictive model of such circumvention activities. In addition, we will generate metrics to test that a particular model of an adversary is consistent with available data.« less

Quantifying Associations between Environmental Stressors and Demographic Factors

EPA Science Inventory

Association rule mining (ARM) [1-3], also known as frequent item set mining [4] or market basket analysis [1], has been widely applied in many different areas, such as business product portfolio planning [5], intrusion detection infrastructure design [6], gene expression analysis...

Techniques for Cyber Attack Attribution

DTIC Science & Technology

2003-10-01

Asaka, Midori, Shunji Okazawa, Atsushi Taguchi, and Shigeki Goto. June 1999. “A Method of Tracing Intruders by Use of Mobile Agents”, INET’99. http...Tsuchiya, Takefumi Onabuta, Shunji Okazawa, and Shigeki Goto. November 1999. “Local Attack Detection and Intrusion Route Tracing”, IEICE Transaction on

Breakup magmatism style on the North Atlantic Igneous Province: insight from Mid-Norwegian volcanic margin

NASA Astrophysics Data System (ADS)

Mansour Abdelmalak, Mohamed; Faleide, Jan Inge; Planke, Sverre; Theissen-Krah, Sonja; Zastrozhnov, Dmitrii; Breivik, Asbjørn Johan; Gernigon, Laurent; Myklebust, Reidun

2014-05-01

The distribution of breakup-related igneous rocks on rifted margins provide important constraints on the magmatic processes during continental extension and lithosphere separation which lead to a better understanding of the melt supply from the upper mantle and the relationship between tectonic setting and volcanism. The results can lead to a better understanding of the processes forming volcanic margins and thermal evolution of associated prospective basins. We present a revised mapping of the breakup-related igneous rocks in the NE Atlantic area, which are mainly based on the Mid-Norwegian (case example) margin. We divided the breakup related igneous rocks into (1) extrusive complexes, (2) shallow intrusive complexes (sills/dykes) and (3) deep intrusive complexes (Lower Crustal Body: LCB). The extrusive complex has been mapped using the seismic volcanostratigraphic method. Several distinct volcanic seismic facies units have been identified. The top basalt reflection is easily identified because of the high impedance contrast between the sedimentary and volcanic rocks resulting in a major reflector. The basal sequence boundary is frequently difficult to identify but it lies usually over the intruded sedimentary basin. Then the base is usually picked above the shallow sill intrusions identified on seismic profile. The mapping of the top and the base of the basaltic sequences allows us to determine the basalt thickness and estimate the volume of the magma production on the Mid- Norwegian margin. The thicker part of the basalt corresponds to the seaward dipping reflector (SDR). The magma feeder system, mainly formed by dyke and sill intrusions, represents the shallow intrusive complex. Deeper interconnected high-velocity sills are also mappable in the margin. Interconnected sill complexes can define continuous magma network >10 km in vertical ascent. The large-scale sill complexes, in addition to dyke swarm intrusions, represent a mode of vertical long-range magma transport through the upper crust. The deep intrusive complex represents the Lower Crustal Body (LCB) which is observed along the margin and characterized by high P-wave velocity bodies (Vp> 7km/s). On the Vøring margin a strong amplitude dome-shaped reflection (the so-called T-Reflection) has been identified and interpreted as the top LCB. In the sedimentary part of the margin, sill intrusions are the major feeder system and seem to be connected with LCB. In the volcanic part of the margin, dykes represent the main feeder system and lie above the thicker part of the LCB.

Paleomagnetism of the Permian-Triassic intrusions from the Tunguska syncline and the Angara-Taseeva depression, Siberian Traps Large Igneous Province: Evidence of contrasting styles of magmatism

NASA Astrophysics Data System (ADS)

Latyshev, A. V.; Veselovskiy, R. V.; Ivanov, A. V.

2018-01-01

Based on the detailed paleomagnetic investigation, we distinguished different styles of intrusive magmatic activity in two regions of the Siberian Traps Large Igneous Province (LIP). The emplacement of intrusions in the Angara-Taseeva depression (the southern periphery of the Siberian Traps LIP) occurred as brief but intense bursts of magmatic activity that led to the emplacement of large and extensive sills. We argue that this pulsating style of intrusive magmatic activity is common for the margins of the Siberian Traps LIP. We also estimated the duration of the main magmatic events as < 104-105 years for the large sills and their area of manifestation (> 200-250 km in diameter and dozens of thousands km2 in square). On the contrary, in the central part of the Siberian Traps LIP (the Tunguska syncline) the intrusive magmatism was more or less continuous without intense peaks of magmatic activity. Furthermore, we obtained the first reliable magnetostratigraphic data from the volcanic section of the Tunguska syncline. Finally, we analyzed the available paleomagnetic and geochronological data from the Siberian platform and suggested the correlation scheme of the studied intrusive complexes with the volcanic sequences of the Siberian Traps LIP.

Indoor Air Contamination from Hazardous Waste Sites: Improving the Evidence Base for Decision-Making.

PubMed

Johnston, Jill; MacDonald Gibson, Jacqueline

2015-11-27

At hazardous waste sites, volatile chemicals can migrate through groundwater and soil into buildings, a process known as vapor intrusion. Due to increasing recognition of vapor intrusion as a potential indoor air pollution source, in 2015 the U.S. Environmental Protection Agency (EPA) released a new vapor intrusion guidance document. The guidance specifies two conditions for demonstrating that remediation is needed: (1) proof of a vapor intrusion pathway; and (2) evidence that human health risks exceed established thresholds (for example, one excess cancer among 10,000 exposed people). However, the guidance lacks details on methods for demonstrating these conditions. We review current evidence suggesting that monitoring and modeling approaches commonly employed at vapor intrusion sites do not adequately characterize long-term exposure and in many cases may underestimate risks. On the basis of this evidence, we recommend specific approaches to monitoring and modeling to account for these uncertainties. We propose a value of information approach to integrate the lines of evidence at a site and determine if more information is needed before deciding whether the two conditions specified in the vapor intrusion guidance are satisfied. To facilitate data collection and decision-making, we recommend a multi-directional community engagement strategy and consideration of environment justice concerns.

Indoor Air Contamination from Hazardous Waste Sites: Improving the Evidence Base for Decision-Making

PubMed Central

Johnston, Jill; MacDonald Gibson, Jacqueline

2015-01-01

At hazardous waste sites, volatile chemicals can migrate through groundwater and soil into buildings, a process known as vapor intrusion. Due to increasing recognition of vapor intrusion as a potential indoor air pollution source, in 2015 the U.S. Environmental Protection Agency (EPA) released a new vapor intrusion guidance document. The guidance specifies two conditions for demonstrating that remediation is needed: (1) proof of a vapor intrusion pathway; and (2) evidence that human health risks exceed established thresholds (for example, one excess cancer among 10,000 exposed people). However, the guidance lacks details on methods for demonstrating these conditions. We review current evidence suggesting that monitoring and modeling approaches commonly employed at vapor intrusion sites do not adequately characterize long-term exposure and in many cases may underestimate risks. On the basis of this evidence, we recommend specific approaches to monitoring and modeling to account for these uncertainties. We propose a value of information approach to integrate the lines of evidence at a site and determine if more information is needed before deciding whether the two conditions specified in the vapor intrusion guidance are satisfied. To facilitate data collection and decision-making, we recommend a multi-directional community engagement strategy and consideration of environment justice concerns. PMID:26633433

Testing a 1-D Analytical Salt Intrusion Model and the Predictive Equation in Malaysian Estuaries

NASA Astrophysics Data System (ADS)

Gisen, Jacqueline Isabella; Savenije, Hubert H. G.

2013-04-01

Little is known about the salt intrusion behaviour in Malaysian estuaries. Study on this topic sometimes requires large amounts of data especially if a 2-D or 3-D numerical models are used for analysis. In poor data environments, 1-D analytical models are more appropriate. For this reason, a fully analytical 1-D salt intrusion model, based on the theory of Savenije in 2005, was tested in three Malaysian estuaries (Bernam, Selangor and Muar) because it is simple and requires minimal data. In order to achieve that, site surveys were conducted in these estuaries during the dry season (June-August) at spring tide by moving boat technique. Data of cross-sections, water levels and salinity were collected, and then analysed with the salt intrusion model. This paper demonstrates a good fit between the simulated and observed salinity distribution for all three estuaries. Additionally, the calibrated Van der Burgh's coefficient K, Dispersion coefficient D0, and salt intrusion length L, for the estuaries also displayed a reasonable correlations with those calculated from the predictive equations. This indicates that not only is the salt intrusion model valid for the case studies in Malaysia but also the predictive model. Furthermore, the results from this study describe the current state of the estuaries with which the Malaysian water authority in Malaysia can make decisions on limiting water abstraction or dredging. Keywords: salt intrusion, Malaysian estuaries, discharge, predictive model, dispersion

Geologic structures related to New Madrid earthquakes near Memphis, Tennessee, based on gravity and magnetic interpretations

USGS Publications Warehouse

Hildenbrand, T.G.; Stuart, W.D.; Talwani, P.

2001-01-01

New inversions of gravity and magnetic data in the region north of memphis. Tennessee, and south of latitude 36?? define boundaries of regional structures and igneous complexes in the upper crust. Microseismicity patterns near interpreted boundaries suggest that igneous complexes influence the locations of microseismicity. A weak seismicity cluster occurs near one intrusion (Covington pluton), at the intersection of the southwest margin of the Missouri batholith and the southeast margin of the Reelfoot rift. A narrow seismicity trend along the Reelfoot rift axis becomes diffuse near a second intrusion (Osceola intrusive complex) and changes direction to an area along the northwest flank of the intrusion. The axial seismicity trend also contains a tight cluster of earthquakes located just outside the Osceola intrusive complex. The mechanical explanation of the two seismicity patterns is uncertain, but the first cluster may be caused by stress concentration due to the high elastic stiffness and strength of the Covington intrusion. The spatially changing seismicity pattern near the Osceola complex may be caused by the preceding factors plus interaction with faulting along the rift axis. The axial seismicity strand itself is one of several connected and interacting active strands that may produce stress concentrations at strand ends and junctions. The microseismicity clusters at the peripheries of the two intrusions lead us to conclude that these stress concentrations or stressed volumes may be locations of future moderate to large earthquakes near Memphis. Published by Elsevier Science B.V.

Reassessment of the volume of the Las Aguilas mafic-ultramafic intrusives, San Luis, Argentina, based on an alternative geophysical model

NASA Astrophysics Data System (ADS)

Claudia, Zaffarana; Silvana, Geuna; Stella, Poma; Alberto, Patiño Douce

2011-10-01

In the Sierra de San Luis, Central Argentina, a belt of small and discontinuous lenses of mafic-ultramafic rocks intrude a polydeformed basement and are thought to be the cause of a local increase of the metamorphic grade from amphibolite to granulite facies conditions. This assumption was especially based on forward modelling of a huge gravity anomaly centered over the Sierra de San Luis, which lead some workers to think that a vast volume of mafic-ultramafic rocks lay in shallow levels. Here, we propose an alternative model to explain this anomaly, in which the mafic-ultramafic intrusion is not the ultimate source. Therefore, there is no need to propose a bigger size than that observed in outcrops for the mafic-ultramafic bodies. The thermal effect of the emplacement of mafic-ultramafic sills and dikes on the host rocks was estimated applying a simple analytical solution (error function) for heating of a semi-infinite half space (the country rocks) in contact with a hotter sheet of finite thickness (the mafic-ultramafic intrusion). Results indicate that the effect of the intrusion of these hot mafic magmas is local, because beyond a few hundred meters from the contact zone temperatures never exceed 600 °C, and a few km from the intrusion they barely increase 50 °C relative to the initial temperature. These results, together with the preservation of primary igneous characteristics (such as rhythmic layering) being overprinted by metamorphic textural changes, indicate that the intrusion occurred before regional deformation. It is suggested that the thermal anomaly in the Pringles Metamorphic Complex could have been mainly caused by factors inherent to their geodynamic setting.

Development and evaluation of a decision-supporting model for identifying the source location of microbial intrusions in real gravity sewer systems.

PubMed

Kim, Minyoung; Choi, Christopher Y; Gerba, Charles P

2013-09-01

Assuming a scenario of a hypothetical pathogenic outbreak, we aimed this study at developing a decision-support model for identifying the location of the pathogenic intrusion as a means of facilitating rapid detection and efficient containment. The developed model was applied to a real sewer system (the Campbell wash basin in Tucson, AZ) in order to validate its feasibility. The basin under investigation was divided into 14 sub-basins. The geometric information associated with the sewer network was digitized using GIS (Geological Information System) and imported into an urban sewer network simulation model to generate microbial breakthrough curves at the outlet. A pre-defined amount of Escherichia coli (E. coli), which is an indicator of fecal coliform bacteria, was hypothetically introduced into 56 manholes (four in each sub-basin, chosen at random), and a total of 56 breakthrough curves of E. coli were generated using the simulation model at the outlet. Transport patterns were classified depending upon the location of the injection site (manhole), various known characteristics (peak concentration and time, pipe length, travel time, etc.) extracted from each E. coli breakthrough curve and the layout of sewer network. Using this information, we back-predicted the injection location once an E. coli intrusion was detected at a monitoring site using Artificial Neural Networks (ANNs). The results showed that ANNs identified the location of the injection sites with 57% accuracy; ANNs correctly recognized eight out of fourteen expressions with relying on data from a single detection sensor. Increasing the available sensors within the basin significantly improved the accuracy of the simulation results (from 57% to 100%). Copyright © 2013 Elsevier Ltd. All rights reserved.

LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition

DOE Office of Scientific and Technical Information (OSTI.GOV)

Oehmen, Christopher S.; Bruillard, Paul J.; Matzke, Brett D.

2016-08-04

The cyber world is a complex domain, with digital systems mediating a wide spectrum of human and machine behaviors. While this is enabling a revolution in the way humans interact with each other and data, it also is exposing previously unreachable infrastructure to a worldwide set of actors. Existing solutions for intrusion detection and prevention that are signature-focused typically seek to detect anomalous and/or malicious activity for the sake of preventing or mitigating negative impacts. But a growing interest in behavior-based detection is driving new forms of analysis that move the emphasis from static indicators (e.g. rule-based alarms or tripwires)more » to behavioral indicators that accommodate a wider contextual perspective. Similar to cyber systems, biosystems have always existed in resource-constrained hostile environments where behaviors are tuned by context. So we look to biosystems as an inspiration for addressing behavior-based cyber challenges. In this paper, we introduce LINEBACKER, a behavior-model based approach to recognizing anomalous events in network traffic and present the design of this approach of bio-inspired and statistical models working in tandem to produce individualized alerting for a collection of systems. Preliminary results of these models operating on historic data are presented along with a plugin to support real-world cyber operations.« less

The geology of the Inconsolable Range, east-central Sierra Nevada, California

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hathaway, G.M; Reed, W.E.

1993-04-01

Detailed mapping of the Inconsolable Range in the east-central Sierra Nevada reveals a structurally and lithologically complex region of multi-phase intrusions. Some plutons are compositionally-zoned [e.g., Inconsolable (100 Ma) and Lamarck (90 Ma)]; others may be the result of magma mixing. Intrusive borders vary from brittle to ductile and sharp to gradational, and are bounded by contact aureoles of varying metamorphic grade. A shear zone (Long Lake shear zone -- LLSZ) bounds the western margin of the Inconsolable Range for 8 km; this is truncated in the south by the Cretaceous Lamarck intrusive suite, and is tectonically overlain in themore » north by the Bishop Creek Pendant (Ordovician ). The LLSZ is a complex zone of interleaved septa of biotite schists, orthogneisses, aplitic screens, and calc-silicate gneisses approximately 500 to 800 m wide. Preliminary interpretation suggests that the LLSZ is the sheared remnant of a Triassic-Jurassic igneous terrane complete with metasedimentary pendants. Juxtaposition of greenschist facies meta-sedimentary rocks of the Chocolate Peak klippe over highly deformed amphibolite grade meta-igneous rocks of the LLSZ postdates movement along the LLSZ. Metamorphic grades suggest that deeper structural levels are exposed within the LLSZ near its southern terminus. Twenty plutonic lithologies have been mapped and informally named (e.g., Spotted biotite quartz diorite), including 3 compositionally-zoned plutons. Zonation within the Lamarck, Inconsolable, and Spotted intrusions are the result of multiple emplacement events into partially crystallized host plutons. Along the eastern border of the Lamarck intrusive suite field evidence indicates four separate intrusive events. The Inconsolable body is a compositionally-zoned biotite, clinopyroxene, quartz diorite with irregular granodiorite margins. The base of the Spotted intrusion appears to have been magmatically eroded by a pulse of the younger Lamarck intrusion.« less

Episodic intrusion, internal differentiation, and hydrothermal alteration of the miocene tatoosh intrusive suite south of Mount Rainier, Washington

USGS Publications Warehouse

du Bray, E.A.; Bacon, C.R.; John, D.A.; Wooden, J.L.; Mazdab, F.K.

2011-01-01

The Miocene Tatoosh intrusive suite south of Mount Rainier is composed of three broadly granodioritic plutons that are manifestations of ancestral Cascades arc magmatism. Tatoosh intrusive suite plutons have individually diagnostic characteristics, including texture, mineralogy, and geochemistry, and apparently lack internal contacts. New ion-microprobe U-Pb zircon ages indicate crystallization of the Stevens pluton ca. 19.2 Ma, Reflection-Pyramid pluton ca. 18.5 Ma, and Nisqually pluton ca. 17.5 Ma. The Stevens pluton includes rare, statistically distinct ca. 20.1 Ma zircon antecrysts. Wide-ranging zircon rare earth element (REE), Hf, U, and Th concentrations suggest late crystallization from variably evolved residual liquids. Zircon Eu/Eu*-Hf covariation is distinct for each of the Reflection-Pyramid, Nisqually, and Stevens plutons. Although most Tatoosh intrusive suite rocks have been affected by weak hydrothermal alteration, and sparse mineralized veins cut some of these rocks, significant base or precious metal mineralization is absent. At the time of shallow emplacement, each of these magma bodies was largely homogeneous in bulk composition and petrographic features, but, prior to final solidification, each of the Tatoosh intrusive suite plutons developed internal compositional variation. Geochemical and petrographic trends within each pluton are most consistent with differential loss of residual melt, possibly represented by late aplite dikes or erupted as rhyolite, from crystal-rich magma. Crystal-rich magma that formed each pluton evidently accumulated in reservoirs below the present level of exposure and then intruded to a shallow depth. Assembled by episodic intrusion, the Tatoosh intrusive suite may be representative of midsized composite plutonic complexes beneath arc volcanoes. ?? 2011 Geological Society of America.

"SmartMonitor"--an intelligent security system for the protection of individuals and small properties with the possibility of home automation.

PubMed

Frejlichowski, Dariusz; Gościewska, Katarzyna; Forczmański, Paweł; Hofman, Radosław

2014-06-05

"SmartMonitor" is an intelligent security system based on image analysis that combines the advantages of alarm, video surveillance and home automation systems. The system is a complete solution that automatically reacts to every learned situation in a pre-specified way and has various applications, e.g., home and surrounding protection against unauthorized intrusion, crime detection or supervision over ill persons. The software is based on well-known and proven methods and algorithms for visual content analysis (VCA) that were appropriately modified and adopted to fit specific needs and create a video processing model which consists of foreground region detection and localization, candidate object extraction, object classification and tracking. In this paper, the "SmartMonitor" system is presented along with its architecture, employed methods and algorithms, and object analysis approach. Some experimental results on system operation are also provided. In the paper, focus is put on one of the aforementioned functionalities of the system, namely supervision over ill persons.

Practical results from a mathematical analysis of guard patrols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Indusi, Joseph P.

1978-12-01

Using guard patrols as a primary detection mechanism is not generally viewed as a highly efficient detection method when compared to electronic means. Many factors such as visibility, alertness, and the space-time coincidence of guard and adversary presence all have an effect on the probability of detection. Mathematical analysis of the guard patrol detection problem is related to that of classical search theory originally developed for naval search operations. The results of this analysis tend to support the current practice of using guard forces to assess and respond to previously detected intrusions and not as the primary detection mechanism. 6more » refs.« less

Diagnosis of femtosecond plasma filament by channeling microwaves along the filament

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alshershby, Mostafa; Ren, Yu; Qin, Jiang

2013-05-20

We introduce a simple, fast, and non-intrusive experimental method to obtain the basic parameters of femtosecond laser-generated plasma filament. The method is based on the channeling of microwaves along both a plasma filament and a well-defined conducting wire. By comparing the detected microwaves that propagate along the plasma filament and a copper wire with known conductivity and spatial dimension, the basic parameters of the plasma filament can be easily obtained. As a result of the possibility of channeling microwave radiation along the plasma filament, we were then able to obtain the plasma density distribution along the filament length.

Event Detection for Hydrothermal Plumes: A case study at Grotto Vent

NASA Astrophysics Data System (ADS)

Bemis, K. G.; Ozer, S.; Xu, G.; Rona, P. A.; Silver, D.

2012-12-01

Evidence is mounting that geologic events such as volcanic eruptions (and intrusions) and earthquakes (near and far) influence the flow rates and temperatures of hydrothermal systems. Connecting such suppositions to observations of hydrothermal output is challenging, but new ongoing time series have the potential to capture such events. This study explores using activity detection, a technique modified from computer vision, to identify pre-defined events within an extended time series recorded by COVIS (Cabled Observatory Vent Imaging Sonar) and applies it to a time series, with gaps, from Sept 2010 to the present; available measurements include plume orientation, plume rise rate, and diffuse flow area at the NEPTUNE Canada Observatory at Grotto Vent, Main Endeavour Field, Juan de Fuca Ridge. Activity detection is the process of finding a pattern (activity) in a data set containing many different types of patterns. Among many approaches proposed to model and detect activities, we have chosen a graph-based technique, Petri Nets, as they do not require training data to model the activity. They use the domain expert's knowledge to build the activity as a combination of feature states and their transitions (actions). Starting from a conceptual model of how hydrothermal plumes respond to daily tides, we have developed a Petri Net based detection algorithm that identifies deviations from the specified response. Initially we assumed that the orientation of the plume would change smoothly and symmetrically in a consistent daily pattern. However, results indicate that the rate of directional changes varies. The present Petri Net detects unusually large and rapid changes in direction or amount of bending; however inspection of Figure 1 suggests that many of the events detected may be artifacts resulting from gaps in the data or from the large temporal spacing. Still, considerable complexity overlies the "normal" tidal response pattern (the data has a dominant frequency of ~12.9 hours). We are in the process of defining several events of particular scientific interest: 1) transient behavioral changes associated with atmospheric storms, earthquakes or volcanic intrusions or eruptions, 2) mutual interaction of neighboring plumes on each other's behavior, and 3) rapid shifts in plume direction that indicate the presence of unusual currents or changes in currents. We will query the existing data to see if these relationships are ever observed as well as testing our understanding of the "normal" pattern of response to tidal currents.Figure 1. Arrows indicate plume orientation at a given time (time axis in days after 9/29/10) and stars indicate times when orientation changes rapidly.

Acoustic measurements of soil-pipeflow and internal erosion

USDA-ARS?s Scientific Manuscript database

Internal erosion of soil pipes can lead to embankment failures, landslides, and gully erosion. Therefore, non-intrusive methods are needed to detect and monitor soil pipeflow and the resulting internal erosion. This paper presents a laboratory study using both active and passive acoustic techniques ...

Acoustic measurements of soil pipeflow and internal erosion

USDA-ARS?s Scientific Manuscript database

Internal erosion of soil pipes can lead to embankment failures, landslides, and gully erosion therefore non-intrusive methods are needed to detect and monitor soil pipeflow and the resulting internal erosion. This paper presents a laboratory study using both active and passive acoustic techniques to...

Numerical Analysis for Relevant Features in Intrusion Detection (NARFid)

DTIC Science & Technology

2009-03-01

Rosenblatt, Frank. Principles of Neurodynamics : Perceptrons and the Theory of Brain Mechanisms. Spartan Books, Washington DC, 1961. 74. Rossey, Lee M., Robert...editors), Parallel distributed process- ing: Explorations in the microstructure of cognition , Volume 1: Foundations. MIT Press, 1986. 76. Russel, Stuart and

How to say no: single- and dual-process theories of short-term recognition tested on negative probes.

PubMed

Oberauer, Klaus

2008-05-01

Three experiments with short-term recognition tasks are reported. In Experiments 1 and 2, participants decided whether a probe matched a list item specified by its spatial location. Items presented at study in a different location (intrusion probes) had to be rejected. Serial position curves of positive, new, and intrusion probes over the probed location's position were mostly parallel. Serial position curves of intrusion probes over their position of origin were again parallel to those of positive probes. Experiment 3 showed largely parallel serial position effects for positive probes and for intrusion probes plotted over positions in a relevant and an irrelevant list, respectively. The results support a dual-process theory in which recognition is based on familiarity and recollection, and recollection uses 2 retrieval routes, from context to item and from item to context.

Variation of depth to the brittle-ductile transition due to cooling of a midcrustal intrusion.

USGS Publications Warehouse

Gettings, M.E.

1988-01-01

The depth to the brittle-ductile transition in the crust is often defined by the intersection of a shear resistance relation in the brittle upper crust that increases linearly with depth and a power law relation for ductile flow in the lower crust that depends strongly on T. Transient variation of this depth caused by a magmatic intrusion at a depth near the regional transition can be modelled by a heat conduction model for a rectangular parallelepiped superimposed on a linear geothermal gradient. When parameters appropriate for the southeastern US are used, a moderate-sized intrusion is found to decrease the transition depth by as much as 7 km; significant variations last approx 10 m.y. Since the base of the seismogenic zone is identified with the brittle-ductile transition, these results imply that intrusions of late Tertiary age or younger could be important sources of clustered seismicity. -A.W.H.

Comparison and characterization of Android-based fall detection systems.

PubMed

Luque, Rafael; Casilari, Eduardo; Morón, María-José; Redondo, Gema

2014-10-08

Falls are a foremost source of injuries and hospitalization for seniors. The adoption of automatic fall detection mechanisms can noticeably reduce the response time of the medical staff or caregivers when a fall takes place. Smartphones are being increasingly proposed as wearable, cost-effective and not-intrusive systems for fall detection. The exploitation of smartphones' potential (and in particular, the Android Operating System) can benefit from the wide implantation, the growing computational capabilities and the diversity of communication interfaces and embedded sensors of these personal devices. After revising the state-of-the-art on this matter, this study develops an experimental testbed to assess the performance of different fall detection algorithms that ground their decisions on the analysis of the inertial data registered by the accelerometer of the smartphone. Results obtained in a real testbed with diverse individuals indicate that the accuracy of the accelerometry-based techniques to identify the falls depends strongly on the fall pattern. The performed tests also show the difficulty to set detection acceleration thresholds that allow achieving a good trade-off between false negatives (falls that remain unnoticed) and false positives (conventional movements that are erroneously classified as falls). In any case, the study of the evolution of the battery drain reveals that the extra power consumption introduced by the Android monitoring applications cannot be neglected when evaluating the autonomy and even the viability of fall detection systems.

Comparison and Characterization of Android-Based Fall Detection Systems

PubMed Central

Luque, Rafael; Casilari, Eduardo; Morón, María-José; Redondo, Gema

2014-01-01

Falls are a foremost source of injuries and hospitalization for seniors. The adoption of automatic fall detection mechanisms can noticeably reduce the response time of the medical staff or caregivers when a fall takes place. Smartphones are being increasingly proposed as wearable, cost-effective and not-intrusive systems for fall detection. The exploitation of smartphones' potential (and in particular, the Android Operating System) can benefit from the wide implantation, the growing computational capabilities and the diversity of communication interfaces and embedded sensors of these personal devices. After revising the state-of-the-art on this matter, this study develops an experimental testbed to assess the performance of different fall detection algorithms that ground their decisions on the analysis of the inertial data registered by the accelerometer of the smartphone. Results obtained in a real testbed with diverse individuals indicate that the accuracy of the accelerometry-based techniques to identify the falls depends strongly on the fall pattern. The performed tests also show the difficulty to set detection acceleration thresholds that allow achieving a good trade-off between false negatives (falls that remain unnoticed) and false positives (conventional movements that are erroneously classified as falls). In any case, the study of the evolution of the battery drain reveals that the extra power consumption introduced by the Android monitoring applications cannot be neglected when evaluating the autonomy and even the viability of fall detection systems. PMID:25299953

Combining urbanization and hydrodynamics data to evaluate sea level rise impacts on coastal water resources

NASA Astrophysics Data System (ADS)

Young, C. R.; Martin, J. B.

2016-02-01

Assessments of the potential for salt water intrusion due to sea level rise require consideration of both coastal hydrodynamic and human activity thresholds. In siliciclastic systems, sea level rise may cause salt intrusion to coastal aquifers at annual or decadal scales, whereas in karst systems salt intrudes at the tidal scalse. In both cases, human activity impacts the freshwater portion of the system by altering the water demand on the aquifer. We combine physicochemical and human activity data to evaluate impact of sea level rise on salt intrusion to siliclastic (Indian River Lagoon, Fl, USA) and karst (Puerto Morelos, Yucatan, Mexico) systems under different sea level rise rate scenarios. Two hydrodynamic modeling scenarios are considered; flux controlled and head controlled. Under a flux controlled system hydraulic head gradients remain constant during sea level rise while under a head controlled system hydraulic graidents diminish, allowing saltwater intrusion. Our model contains three key terms; aquifer recharge, groundwater discharge and hydraulic conductivity. Groundwater discharge and hydraulic conductivity were calculated based on high frequency (karst system) and decadal (siliciclastic system) field measurements. Aquifer recharge is defined as precipitation less evapotranspiration and water demand was evaluated based on urban planning data that provided the regional water demand. Water demand includes agricultural area, toursim, traffic patterns, garbage collection and total population. Water demand was initially estimated using a partial leaset squares regression based on these variables. Our model indicates that water demand depends most on agricultural area, which has changed significantly over the last 30 years. In both systems, additional water demand creates a head controlled scenario, thus increaseing the protential fo salt intrusion with projected sea level rise.

A Quantitative Risk Assessment Model Involving Frequency and Threat Degree under Line-of-Business Services for Infrastructure of Emerging Sensor Networks.

PubMed

Jing, Xu; Hu, Hanwen; Yang, Huijun; Au, Man Ho; Li, Shuqin; Xiong, Naixue; Imran, Muhammad; Vasilakos, Athanasios V

2017-03-21

The prospect of Line-of-Business Services (LoBSs) for infrastructure of Emerging Sensor Networks (ESNs) is exciting. Access control remains a top challenge in this scenario as the service provider's server contains a lot of valuable resources. LoBSs' users are very diverse as they may come from a wide range of locations with vastly different characteristics. Cost of joining could be low and in many cases, intruders are eligible users conducting malicious actions. As a result, user access should be adjusted dynamically. Assessing LoBSs' risk dynamically based on both frequency and threat degree of malicious operations is therefore necessary. In this paper, we proposed a Quantitative Risk Assessment Model (QRAM) involving frequency and threat degree based on value at risk. To quantify the threat degree as an elementary intrusion effort, we amend the influence coefficient of risk indexes in the network security situation assessment model. To quantify threat frequency as intrusion trace effort, we make use of multiple behavior information fusion. Under the influence of intrusion trace, we adapt the historical simulation method of value at risk to dynamically access LoBSs' risk. Simulation based on existing data is used to select appropriate parameters for QRAM. Our simulation results show that the duration influence on elementary intrusion effort is reasonable when the normalized parameter is 1000. Likewise, the time window of intrusion trace and the weight between objective risk and subjective risk can be set to 10 s and 0.5, respectively. While our focus is to develop QRAM for assessing the risk of LoBSs for infrastructure of ESNs dynamically involving frequency and threat degree, we believe it is also appropriate for other scenarios in cloud computing.

A Quantitative Risk Assessment Model Involving Frequency and Threat Degree under Line-of-Business Services for Infrastructure of Emerging Sensor Networks

PubMed Central

Jing, Xu; Hu, Hanwen; Yang, Huijun; Au, Man Ho; Li, Shuqin; Xiong, Naixue; Imran, Muhammad; Vasilakos, Athanasios V.

2017-01-01

The prospect of Line-of-Business Services (LoBSs) for infrastructure of Emerging Sensor Networks (ESNs) is exciting. Access control remains a top challenge in this scenario as the service provider’s server contains a lot of valuable resources. LoBSs’ users are very diverse as they may come from a wide range of locations with vastly different characteristics. Cost of joining could be low and in many cases, intruders are eligible users conducting malicious actions. As a result, user access should be adjusted dynamically. Assessing LoBSs’ risk dynamically based on both frequency and threat degree of malicious operations is therefore necessary. In this paper, we proposed a Quantitative Risk Assessment Model (QRAM) involving frequency and threat degree based on value at risk. To quantify the threat degree as an elementary intrusion effort, we amend the influence coefficient of risk indexes in the network security situation assessment model. To quantify threat frequency as intrusion trace effort, we make use of multiple behavior information fusion. Under the influence of intrusion trace, we adapt the historical simulation method of value at risk to dynamically access LoBSs’ risk. Simulation based on existing data is used to select appropriate parameters for QRAM. Our simulation results show that the duration influence on elementary intrusion effort is reasonable when the normalized parameter is 1000. Likewise, the time window of intrusion trace and the weight between objective risk and subjective risk can be set to 10 s and 0.5, respectively. While our focus is to develop QRAM for assessing the risk of LoBSs for infrastructure of ESNs dynamically involving frequency and threat degree, we believe it is also appropriate for other scenarios in cloud computing. PMID:28335569

Is mindfulness-based therapy an effective intervention for obsessive-intrusive thoughts: a case series.

PubMed

Wilkinson-Tough, Megan; Bocci, Laura; Thorne, Kirsty; Herlihy, Jane

2010-01-01

Despite the efficacy of cognitive-behavioural interventions in improving the experience of obsessions and compulsions, some people do not benefit from this approach. The present research uses a case series design to establish whether mindfulness-based therapy could benefit those experiencing obsessive-intrusive thoughts by targeting thought-action fusion and thought suppression. Three participants received a relaxation control intervention followed by a six-session mindfulness-based intervention which emphasized daily practice. Following therapy all participants demonstrated reductions in Yale-Brown Obsessive-Compulsive Scale scores to below clinical levels, with two participants maintaining this at follow-up. Qualitative analysis of post-therapy feedback suggested that mindfulness skills such as observation, awareness and acceptance were seen as helpful in managing thought-action fusion and suppression. Despite being limited by small participant numbers, these results suggest that mindfulness may be beneficial to some people experiencing intrusive unwanted thoughts and that further research could establish the possible efficacy of this approach in larger samples. Copyright (c) 2009 John Wiley & Sons, Ltd.

Carbon nanopipettes for cell probes and intracellular injection

NASA Astrophysics Data System (ADS)

Schrlau, Michael G.; Falls, Erica M.; Ziober, Barry L.; Bau, Haim H.

2008-01-01

We developed integrated, carbon-based pipettes with nanoscale dimensions (CNP) that can probe cells with minimal intrusion, inject fluids into the cells, and concurrently carry out electrical measurements. Our manufacturing technique does not require cumbersome nanoassembly and is amenable to mass production. Using CNPs, we demonstrate the injection of reagents into cells with minimal intrusion and without inhibiting cell growth.

Carbon nanopipettes for cell probes and intracellular injection.

PubMed

Schrlau, Michael G; Falls, Erica M; Ziober, Barry L; Bau, Haim H

2008-01-09

We developed integrated, carbon-based pipettes with nanoscale dimensions (CNP) that can probe cells with minimal intrusion, inject fluids into the cells, and concurrently carry out electrical measurements. Our manufacturing technique does not require cumbersome nanoassembly and is amenable to mass production. Using CNPs, we demonstrate the injection of reagents into cells with minimal intrusion and without inhibiting cell growth.

Modality-Specific Imagery Reduces Cravings for Food: An Application of the Elaborated Intrusion Theory of Desire to Food Craving

ERIC Educational Resources Information Center

Kemps, Eva; Tiggemann, Marika

2007-01-01

Based on converging evidence that visual and olfactory images are key components of food cravings, the authors tested a central prediction of the elaborated intrusion theory of desire, that mutual competition between modality-specific tasks and desire-related imagery can suppress such cravings. In each of Experiments 1 and 2, 90 undergraduate…

An Efficient Method for Detecting Misbehaving Zone Manager in MANET

NASA Astrophysics Data System (ADS)

Rafsanjani, Marjan Kuchaki; Pakzad, Farzaneh; Asadinia, Sanaz

In recent years, one of the wireless technologies increased tremendously is mobile ad hoc networks (MANETs) in which mobile nodes organize themselves without the help of any predefined infrastructure. MANETs are highly vulnerable to attack due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring, management point and lack of a clear defense line. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. In our proposed scheme, the network with distributed hierarchical architecture is partitioned into zones, so that in each of them there is one zone manager. The zone manager is responsible for monitoring the cluster heads in its zone and cluster heads are in charge of monitoring their members. However, the most important problem is how the trustworthiness of the zone manager can be recognized. So, we propose a scheme in which "honest neighbors" of zone manager specify the validation of their zone manager. These honest neighbors prevent false accusations and also allow manager if it is wrongly misbehaving. However, if the manger repeats its misbehavior, then it will lose its management degree. Therefore, our scheme will be improved intrusion detection and also provide a more reliable network.

Differences in clinical intrusive thoughts between obsessive-compulsive disorder, generalized anxiety disorder, and hypochondria.

PubMed

Romero-Sanchiz, Pablo; Nogueira-Arjona, Raquel; Godoy-Ávila, Antonio; Gavino-Lázaro, Aurora; Freeston, Mark H

2017-11-01

Differences and similarities between intrusive thoughts typical of obsessive-compulsive disorder, generalized anxiety disorder, and hypochondriasis are relevant for their differential diagnosis, formulation, and psychological treatment. Previous research in non-clinical samples pointed out the relevance of some process variables, such as responsibility, guilt, or neutralization strategies. This research is aimed to investigate the differences and similarities between clinical obsessions, worries, and illness intrusions in some of these process variables. A second aim is to identify models based on these variables that could reliably differentiate between them. Three groups of patients with obsessive-compulsive disorder (n = 35; 60% women, mean age 38.57), generalized anxiety disorder (n = 36; 61.1% women, mean age 41.50), and hypochondriasis (n = 34; 70.6% women, mean age 31.59) were evaluated using the Cognitive Intrusions Questionnaire-Transdiagnostic Version (Romero-Sanchiz, Nogueira-Arjona, Godoy-Ávila, Gavino-Lázaro, & Freeston, ). The results showed that some appraisals (e.g., responsibility or egodystonicity), emotions (e.g., guilt or insecurity), neutralization strategies, and other variables (e.g., verbal content or trigger from body sensation) are relevant for the discrimination between obsessions, worries, and illness intrusions. The results also showed 3 stable models based on these variables for the discrimination between these thoughts. The implication of these results in the diagnosis, formulation, and psychological treatment of obsessive-compulsive disorder, generalized anxiety disorder, and hypochondriasis is discussed. Copyright © 2017 John Wiley & Sons, Ltd.

Igneous layering in the peralkaline intrusions ,Kola Peninsula :leading role of gravitational differentiation

NASA Astrophysics Data System (ADS)

Kogarko, L. N..

2012-04-01

In the center of Kola Peninsula there are two large layered intrusions of agpaitic nepheline syenites - Khibina and Lovozero. . The Khibina alkaline massif (Kola Peninsula,Russia) hosts the world's largest and economically most important apatite deposit. The Khibina massif is a complex multiphase body built up from a number of ring-like and conical intrusions. The apatite bearing intrusion is ring-like and is represented by a layered body of ijolitic composition with a thickness of about 1 - 2 km. The upper zone is represented by different types of apatite ores. These rocks consist of 60-90% euhedral very small (tenths of mm)apatite crystals. The lower zone has mostly ijolitic composition. The lower zone grades into underlying massive urtite consisting of 75-90% large (several mm) euhedral nepheline. Our experimental studies of systems with apatite demonstrated the near-eutectic nature of the apatite-bearing intrusion, resulting in practically simultaneous crystallization of nepheline, apatite and pyroxene. The mathematical model of the formation of the layered apatite-bearing intrusion based on the processes of sedimentation under the conditions of steady state convection taking account of crystal sizes is proposed. Under the conditions of steady-state convection large crystals of nepheline continuously had been settling forming massive underlying urtite whereas smaller crystals of pyroxenes, nepheline and apatite had been stirred in the convecting melt. During the cooling the intensity of convection decreased causing a settling of smaller crystals of nepheline and pyroxene and later very small crystalls of apatite in the upper part of alkaline magma chamber. The Lovozero massif, the largest of the Globe layered peralkaline intrusion, comprises super-large rare-metal (Nb, Ta, REE) deposit. The main ore mineral is loparite (Na, Ce, Ca)2 (Ti, Nb)2O6 which was mined during many years. The composition of cumulus loparite changed systematically upward through the intrusion with an increase in Na, Sr, Nb, Th, Nb/Ta, U/Th and decrease in REE, Zr, V, Zn, Ba and Ti. Our investigation indicates that the formation of loparite ore was the result of several factors including the chemical evolution of highly alkaline magmatic system and mechanical accumulation of loparite at the base of convecting unit.

75 FR 69644 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

..., organization, phone, fax, mobile, pager, Defense Switched Network (DSN) phone, other fax, other mobile, other.../Transport Layer Security (SSL/ TLS) connections, access control lists, file system permissions, intrusion detection and prevention systems and log monitoring. Complete access to all records is restricted to and...

Composition and source of salinity of ore-bearing fluids in Cu-Au systems of the Carajás Mineral Province, Brazil

USGS Publications Warehouse

Xavier, Roberto; Rusk, Brian; Emsbo, Poul; Monteiro, Lena

2009-01-01

The composition and Cl/Br – NaCl ratios of highly saline aqueous inclusions from large tonnage (> 100 t) IOCG deposits (Sossego, Alvo 118, and Igarapé Bahia) and a Paleoproterozoic intrusion-related Cu-Au-(Mo-W-Bi-Sn) deposit (Breves; < 50 Mt)) in the Carajás Mineral Province have been analysed by LA-ICP-MS and ion chromatography. In both Cu-Au systems, brine inclusions are Ca-dominated (5 to 10 times more than in porphyry Cu-Au fluids), and contain percent level concentrations of Na and K. IOCG inclusion fluids, however, contain higher Sr, Ba, Pb, and Zn concentrations, but significantly less Bi, than the intrusion-related Breves inclusion fluids. Cu is consistently below detection limits in brine inclusions from the IOCG and intrusion-related systems and Fe was not detected in the latter. Cl/Br and Na/Cl ratios of the IOCG inclusion fluids range from entirely evaporative brines (bittern fluids; e.g. Igarapé Bahia and Alvo 118) to values that indicate mixing with magma-derived brines. Cl/Br and Na/Cl ratios of the Breves inclusion fluids strongly suggest the involvement of magmatic brines, but that possibly also incorporated bittern fluids. Collectively, these data demonstrate that residual evaporative and magmatic brines were important components of the fluid regime involved in the formation of Cu-Au systems in the Carajás Mineral Province.

Profiler-2000: Attacking the Insider Threat

DTIC Science & Technology

2005-09-01

detection approach and its incorporation into a number of current automated intrusion-detection strategies (e.g., AT&T’s Com- puterWatch, SRI’s Emerald ...administrative privileges, to be activated upon his or her next login . The system calls required to implement this method are chmod and exit. These two calls...kinds of information that can be derived from these (and other) logs are: time of login , physical location of login , duration of user session

Investigation of a Neural Network Implementation of a TCP Packet Anomaly Detection System

DTIC Science & Technology

2004-05-01

reconnatre les nouvelles variantes d’attaque. Les réseaux de neurones artificiels (ANN) ont les capacités d’apprendre à partir de schémas et de...Computational Intelligence Techniques in Intrusion Detection Systems. In IASTED International Conference on Neural Networks and Computational Intelligence , pp...Neural Network Training: Overfitting May be Harder than Expected. In Proceedings of the Fourteenth National Conference on Artificial Intelligence , AAAI-97

An Excel®-based visualization tool of 2-D soil gas concentration profiles in petroleum vapor intrusion

PubMed Central

Verginelli, Iason; Yao, Yijun; Suuberg, Eric M.

2017-01-01

In this study we present a petroleum vapor intrusion tool implemented in Microsoft® Excel® using Visual Basic for Applications (VBA) and integrated within a graphical interface. The latter helps users easily visualize two-dimensional soil gas concentration profiles and indoor concentrations as a function of site-specific conditions such as source strength and depth, biodegradation reaction rate constant, soil characteristics and building features. This tool is based on a two-dimensional explicit analytical model that combines steady-state diffusion-dominated vapor transport in a homogeneous soil with a piecewise first-order aerobic biodegradation model, in which rate is limited by oxygen availability. As recommended in the recently released United States Environmental Protection Agency's final Petroleum Vapor Intrusion guidance, a sensitivity analysis and a simplified Monte Carlo uncertainty analysis are also included in the spreadsheet. PMID:28163564

An Excel®-based visualization tool of 2-D soil gas concentration profiles in petroleum vapor intrusion.

PubMed

Verginelli, Iason; Yao, Yijun; Suuberg, Eric M

2016-01-01

In this study we present a petroleum vapor intrusion tool implemented in Microsoft ® Excel ® using Visual Basic for Applications (VBA) and integrated within a graphical interface. The latter helps users easily visualize two-dimensional soil gas concentration profiles and indoor concentrations as a function of site-specific conditions such as source strength and depth, biodegradation reaction rate constant, soil characteristics and building features. This tool is based on a two-dimensional explicit analytical model that combines steady-state diffusion-dominated vapor transport in a homogeneous soil with a piecewise first-order aerobic biodegradation model, in which rate is limited by oxygen availability. As recommended in the recently released United States Environmental Protection Agency's final Petroleum Vapor Intrusion guidance, a sensitivity analysis and a simplified Monte Carlo uncertainty analysis are also included in the spreadsheet.

Perceptual processing advantages for trauma-related visual cues in post-traumatic stress disorder

PubMed Central

Kleim, B.; Ehring, T.; Ehlers, A.

2012-01-01

Background Intrusive re-experiencing in post-traumatic stress disorder (PTSD) comprises distressing sensory impressions from the trauma that seem to occur ‘out of the blue’. A key question is how intrusions are triggered. One possibility is that PTSD is characterized by a processing advantage for stimuli that resemble those that accompanied the trauma, which would lead to increased detection of such cues in the environment. Method We used a blurred picture identification task in a cross-sectional (n=99) and a prospective study (n=221) of trauma survivors. Results Participants with acute stress disorder (ASD) or PTSD, but not trauma survivors without these disorders, identified trauma-related pictures, but not general threat pictures, better than neutral pictures. There were no group differences in the rate of trauma-related answers to other picture categories. The relative processing advantage for trauma-related pictures correlated with re-experiencing and dissociation, and predicted PTSD at follow-up. Conclusions A perceptual processing bias for trauma-related stimuli may contribute to the involuntary triggering of intrusive trauma memories in PTSD. PMID:21733208

Designing and Implementing a Family of Intrusion Detection Systems

DTIC Science & Technology

2004-11-01

configure (train), generates many false alarms – Misuse detection (signature analysis) (NFR, Emerald , Snort, STAT) • Generates few false alarms • Detects...to create .rhosts file in world-writable ftp home directory – rlogin using bogus .rhosts file S0 create_file read_rhosts S3S2 login S1 STAT KN-14...world-writable ftp home directory – rlogin using bogus .rhosts file S0 create_file read_rhosts S3S2 login S1 STAT KN-17 ftp-write in STATL use ustat

Vapor intrusion risk of lead scavengers 1,2-dibromoethane (EDB) and 1,2-dichloroethane (DCA).

PubMed

Ma, Jie; Li, Haiyan; Spiese, Richard; Wilson, John; Yan, Guangxu; Guo, Shaohui

2016-06-01

Vapor intrusion of synthetic fuel additives represented a critical yet still neglected problem at sites impacted by petroleum fuel releases. This study used an advanced numerical model to simulate the vapor intrusion risk of lead scavengers 1,2-dibromoethane (ethylene dibromide, EDB) and 1,2-dichloroethane (DCA) under different site conditions. We found that simulated EDB and DCA indoor air concentrations can exceed USEPA screening level (4.7 × 10(-3) μg/m(3) for EDB and 1.1 × 10(-1) μg/m(3) for DCA) if the source concentration is high enough (is still within the concentration range found at leaking UST site). To evaluate the chance that vapor intrusion of EDB might exceed the USEPA screening levels for indoor air, the simulation results were compared to the distribution of EDB at leaking UST sites in the US. If there is no degradation of EDB or only abiotic degradation of EDB, from 15% to 37% of leaking UST sites might exceed the USEPA screening level. This study supports the statements made by USEPA in the Petroleum Vapor Intrusion (PVI) Guidance that the screening criteria for petroleum hydrocarbon may not provide sufficient protectiveness for fuel releases containing EDB and DCA. Based on a thorough literature review, we also compiled previous published data on the EDB and DCA groundwater source concentrations and their degradation rates. These data are valuable in evaluating EDB and DCA vapor intrusion risk. In addition, a set of refined attenuation factors based on site-specific information (e.g., soil types, source depths, and degradation rates) were provided for establishing site-specific screening criteria for EDB and DCA. Overall, this study points out that lead scavengers EDB and DCA may cause vapor intrusion problems. As more field data of EDB and DCA become available, we recommend that USEPA consider including these data in the existing PVI database and possibly revising the PVI Guidance as necessary. Copyright © 2016 Elsevier Ltd. All rights reserved.

Numerical simulations of hydrothermal circulation resulting from basalt intrusions in a buried spreading center

USGS Publications Warehouse

Fisher, A.T.; Narasimhan, T.N.

1991-01-01

A two-dimensional, one by two-kilometer section through the seafloor was simulated with a numerical model to investigate coupled fluid and heat flow resulting from basalt intrusions in a buried spreading center. Boundary and initial conditions and physical properties of both sediments and basalt were constrained by field surveys and drilling in the Guaymas Basin, central Gulf of California. Parametric variations in these studies included sediment and basalt permeability, anisotropy in sediment permeability, and the size of heat sources. Faults were introduced through new intrusions both before and after cooling.Background heat input caused fluid convection at velocities ≤ 3 cm a−1 through shallow sediments. Eighty to ninety percent of the heat introduced at the base of the simulations exited through the upper, horizontal surface, even when the vertical boundaries were made permeable to fluid flow. The simulated injection of a 25–50 m thick basalt intrusion at a depth of 250 m resulted in about 10 yr of pore-fluid expulsion through the sea-floor in all cases, leaving the sediments above the intrusions strongly underpressured. A longer period of fluid recharge followed, sometimes accompanied by reductions in total seafloor heat output of 10% in comparison to pre-intrusion values. Additional discharge-recharge events were dispersed chaotically through the duration of the cooling period. These cycles in heat and fluid flow resulted from the response of the simulated system to a thermodynamic shock, the sudden emplacement of a large heat source, and not from mechanical displacement of sediments and pore fluids, which was not simulated.Water/rock mass ratios calculated from numerical simulations are in good agreement with geochemical estimates from materials recovered from the Guaymas Basin, assuming a bulk basalt permeability value of at least 10−17 m2/(10−2 mD). The addition of faults through intrusions and sediments in these simulations did not facilitate continuous, rapid venting. Increased heat input at the base of the faults resulted in temporarily greater fluid discharge, but the flow could not be sustained because the modeled system could not recharge cold fluid quickly enough to remove sufficient heat through the vents.

Identification and Lagrangian analysis of oceanographic structures favorable for fishery of neon flying squid ( Ommastrephes bartramii) in the South Kuril area

NASA Astrophysics Data System (ADS)

Budyansky, M. V.; Prants, S. V.; Samko, E. V.; Uleysky, M. Yu.

2017-09-01

Based on the AVISO velocity field, we compute daily synoptic Lagrangian maps in the South Kuril area for the fishery seasons of 1998, 1999, and 2001-2005 from available catching data on neon flying squid (NFS). With the help of drift maps for artificial particles, we found that the majority of NFS fishing grounds featuring maximum catches are situated near large-scale Lagrangian intrusions: tongues of water penetrating the surrounding water of other Lagrangian properties. It is shown that the NFS catch locations tend to accumulate at places where waters with different magnitudes of certain Lagrangian indicators converge, mix, and produce filaments, swirls, and tendrils typical of chaotic advection. Potential NFS fishing grounds are mainly located near (1) Lagrangian intrusions of the Subarctic front, (2) intrusions of Okhotsk Sea and Oyashio waters around mesoscale anticyclones east of Hokkaido with subsequent penetration of catch locations inside eddies and (3) intrusions of subtropical waters into the central part of the South Kuril area due to interaction with eddies of different size and polarity. Possible reasons for increased biological production and fishery in the vicinity of Lagrangian intrusions are discussed.

Experimental saltwater intrusion in coastal aquifers using automated image analysis: Applications to homogeneous aquifers

NASA Astrophysics Data System (ADS)

Robinson, G.; Ahmed, Ashraf A.; Hamill, G. A.

2016-07-01

This paper presents the applications of a novel methodology to quantify saltwater intrusion parameters in laboratory-scale experiments. The methodology uses an automated image analysis procedure, minimising manual inputs and the subsequent systematic errors that can be introduced. This allowed the quantification of the width of the mixing zone which is difficult to measure in experimental methods that are based on visual observations. Glass beads of different grain sizes were tested for both steady-state and transient conditions. The transient results showed good correlation between experimental and numerical intrusion rates. The experimental intrusion rates revealed that the saltwater wedge reached a steady state condition sooner while receding than advancing. The hydrodynamics of the experimental mixing zone exhibited similar traits; a greater increase in the width of the mixing zone was observed in the receding saltwater wedge, which indicates faster fluid velocities and higher dispersion. The angle of intrusion analysis revealed the formation of a volume of diluted saltwater at the toe position when the saltwater wedge is prompted to recede. In addition, results of different physical repeats of the experiment produced an average coefficient of variation less than 0.18 of the measured toe length and width of the mixing zone.

Initial assessment of the ground-water resources in the Monterey Bay region, California

USGS Publications Warehouse

Muir, K.S.

1977-01-01

Because urban growth has placed an increasing demand on the ground-water resources of the Monterey Bay region, Calif., an assessment of the ground-water conditions was made to aid the development of local and regional plans. Ground water provides 80 percent of the water used in the region, which includes six ground-water subbasins. In several of the subbasins, pumpage exceeds safe yield. Existing water-quality degradation results from seawater intrusion, septic-tank effluent, and irrigation-return water. Potential sources of degradation include municipal sewage disposal, leachates from solid-waste disposal sites, and poor-quality connate water. High-priority items for future study include location of recharge areas, detection of seawater intrusion, and well-monitoring of landfill sites. (Woodard-USGS)

Project WP#422: Consolidated Research Program, Right of Way Automated Monitoring Threat Prevention (Topic Area #1); Leak Detection (Topic Area #2)

DOT National Transportation Integrated Search

2012-08-30

Preventing unauthorized intrusions on pipeline Right of Ways (ROWs) and mechanical damage due to third party strikes by machinery is a constant challenge for the pipeline industry. Equally important for safety and environmental protection is the dete...

Evaluation of intrusion detection technologies for high speed rail grade crossings : final report.

DOT National Transportation Integrated Search

2003-12-01

The rail industry is in the process of developing a prototype system for high speed rail. One of the concerns when using high speed rail is the danger of obstructions on the track. This level of danger is much higher than with traditional railway veh...

Security of Data, Stored in Information Systems of Bulgarian Municipal Administrations

NASA Astrophysics Data System (ADS)

Kapralyakov, Petko

2011-12-01

Massive influx of information technology in municipal administrations increases their efficiency in delivering public services but increased the risk of theft of confidential information electronically. The report proposed an approach for improving information security for small municipal governments in Bulgaria through enhanced intrusion detection and prevention system.

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2014 CFR

2014-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2012 CFR

2012-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2013 CFR

2013-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

10 CFR 73.23 - Protection of Safeguards Information-Modified Handling: Specific requirements.

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Information not classified as Restricted Data or National Security Information related to physical protection... stored in a locked file drawer or cabinet. (3) A mobile device (such as a laptop computer) may also be... of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power...

An Intelligent Tutor for Intrusion Detection on Computer Systems.

ERIC Educational Resources Information Center

Rowe, Neil C.; Schiavo, Sandra

1998-01-01

Describes an intelligent tutor incorporating a program using artificial-intelligence planning methods to generate realistic audit files reporting actions of simulated users and intruders of a UNIX system, and a program simulating the system afterwards that asks students to inspect the audit and fix problems. Experiments show that students using…

Information Communications Technology Support to Reconstruction and Development: Some Observations from Afghanistan

DTIC Science & Technology

2007-06-01

banditry. Afghan women are still among the worst off in the world: most are illite many have no access to healthcare, and child and forced marriages...Cyber security » Virus and spyware protection, intrusion detection-protection, firewalls » Control use of pirated software and porn surfing by

Getting Employees Involved in Information Security: The Case of Strong Passwords

ERIC Educational Resources Information Center

Taylor, Richard G.

2009-01-01

With the increasing amount and severity of information security incidents, organizations are constantly looking for better ways to protect their information. The implementation of physical safeguards such as firewalls and intrusion detection systems is an integral part on an organization's overall information security; however these safeguards…

Impact of CO2 Intrusion into USDWs, the Vadose Zone, and Indoor Air

EPA Science Inventory

The U.S. Environmental Protection Agency’s (EPA) Water Research Program in the Office of Research and Development is conducting research to better detect and quantify leakage into USDWs, the vadose zone, the atmosphere, and buildings. Research in this initiative is focused in thr...

Airborne and Ground-Based Optical Characterization of Legacy Underground Nuclear Test Sites

NASA Astrophysics Data System (ADS)

Vigil, S.; Craven, J.; Anderson, D.; Dzur, R.; Schultz-Fellenz, E. S.; Sussman, A. J.

2015-12-01

Detecting, locating, and characterizing suspected underground nuclear test sites is a U.S. security priority. Currently, global underground nuclear explosion monitoring relies on seismic and infrasound sensor networks to provide rapid initial detection of potential underground nuclear tests. While seismic and infrasound might be able to generally locate potential underground nuclear tests, additional sensing methods might be required to further pinpoint test site locations. Optical remote sensing is a robust approach for site location and characterization due to the ability it provides to search large areas relatively quickly, resolve surface features in fine detail, and perform these tasks non-intrusively. Optical remote sensing provides both cultural and surface geological information about a site, for example, operational infrastructure, surface fractures. Surface geological information, when combined with known or estimated subsurface geologic information, could provide clues concerning test parameters. We have characterized two legacy nuclear test sites on the Nevada National Security Site (NNSS), U20ak and U20az using helicopter-, ground- and unmanned aerial system-based RGB imagery and light detection and ranging (lidar) systems. The multi-faceted information garnered from these different sensing modalities has allowed us to build a knowledge base of how a nuclear test site might look when sensed remotely, and the standoff distances required to resolve important site characteristics.

Optical sensor for real-time weld defect detection

NASA Astrophysics Data System (ADS)

Ancona, Antonio; Maggipinto, Tommaso; Spagnolo, Vincenzo; Ferrara, Michele; Lugara, Pietro M.

2002-04-01

In this work we present an innovative optical sensor for on- line and non-intrusive welding process monitoring. It is based on the spectroscopic analysis of the optical VIS emission of the welding plasma plume generated in the laser- metal interaction zone. Plasma electron temperature has been measured for different chemical species composing the plume. Temperature signal evolution has been recorded and analyzed during several CO2-laser welding processes, under variable operating conditions. We have developed a suitable software able to real time detect a wide range of weld defects like crater formation, lack of fusion, excessive penetration, seam oxidation. The same spectroscopic approach has been applied for electric arc welding process monitoring. We assembled our optical sensor in a torch for manual Gas Tungsten Arc Welding procedures and tested the prototype in a manufacturing industry production line. Even in this case we found a clear correlation between the signal behavior and the welded joint quality.

Effect of ultramafic intrusions and associated mineralized rocks on the aqueous geochemistry of the Tangle Lakes Area, Alaska: Chapter C in Studies by the U.S. Geological Survey in Alaska, 2011

USGS Publications Warehouse

Wang, Bronwen; Gough, Larry P.; Wanty, Richard B.; Lee, Gregory K.; Vohden, James; O’Neill, J. Michael; Kerin, L. Jack

2013-01-01

Stream water was collected at 30 sites within the Tangle Lakes area of the Delta mineral belt in Alaska. Sampling focused on streams near the ultramafic rocks of the Fish Lake intrusive complex south of Eureka Creek and the Tangle Complex area east of Fourteen Mile Lake, as well as on those within the deformed metasedimentary, metavolcanic, and intrusive rocks of the Specimen Creek drainage and drainages east of Eureka Glacier. Major, minor, and trace elements were analyzed in aqueous samples for this reconnaissance aqueous geochemistry effort. The lithologic differences within the study area are reflected in the major-ion chemistry of the water. The dominant major cation in streams draining mafic and ultramafic rocks is Mg2+; abundant Mg and low Ca in these streams reflect the abundance of Mg-rich minerals in these intrusions. Nickel and Cu are detected in 84 percent and 87 percent of the filtered samples, respectively. Nickel and Cu concentrations ranged from Ni <0.4 to 10.1 micrograms per liter (mg/L), with a median of 4.2 mg/L, and Cu <0.5 to 27 mg/L, with a median of 1.2 mg/L. Trace-element concentrations in water are generally low relative to U.S. Environmental Protection Agency freshwater aquatic-life criteria; however, Cu concentrations exceed the hardness-based criteria for both chronic and acute exposure at some sites. The entire rare earth element (REE) suite is found in samples from the Specimen Creek sites MH5, MH4, and MH6 and, with the exception of Tb and Tm, at site MH14. These samples were all collected within drainages containing or downstream from Tertiary gabbro, diabase, and metagabbro (Trgb) exposures. Chondrite and source rock fractionation profiles for the aqueous samples were light rare earth element depleted, with negative Ce and Eu anomalies, indicating fractionation of the REE during weathering. Fractionation patterns indicate that the REE are primarily in the dissolved, as opposed to colloidal, phase.

Paleoproterozoic Keulik-Kenirim Ore-Bearing Gabbro-Peridotite Complex, Kola Region: A New Occurrence of Ferropicritic Magmatism

NASA Astrophysics Data System (ADS)

Smolkin, V. F.; Lokhov, K. I.; Skublov, S. G.; Sergeeva, L. Yu.; Lokhov, D. K.; Sergeev, S. A.

2018-03-01

Comprehensive research of ore-bearing differentiated intrusions of the Keulik-Kenirim structural unit, which represents a fragment of the Paleoproterozoic Pechenga-Varzuga Belt, has been carried out for the first time. The intrusions are subvolcanic by type and lenticular in shape, nearly conformable and steeply dipping. They are made up of peridotite, olivine and plagioclase pyroxenites, and gabbro metamorphosed under amphibolite facies conditions along with host basic volcanics. All intrusive rocks are enriched in TiO2 and FeO. Sulfide Cu-Ni mineralization is represented by disseminated, pocket, and stringer-disseminated types, which are clustered in the peridotitic zone as hanging units and bottom lodes. The Ni content in disseminated ore is estimated at 0.45-0.55 wt % and 1.15-3.32 wt % in ore pockets; the Cu grades are 0.17-0.20 and 0.46-5.65 wt %, respectively. To determine the age of intrusions and metamorphism of intrusive and volcanic rocks, various isotopic systems have been used: Sm-Nd (TIMS) in rock and U-Pb (SIMS SHRIMP) and Lu-Hf (LA-ICP-MS) in zircon. Conclusions on the origin of zircons are based on concentrations of trace elements including REE therein and Hf-Nd correlation in zircons and rocks. The U-Pb system of zircons reflects episodes of igneous rock formation (1982 ± 12 Ma) and their postmagmatic transformation (1938 ± 20 Ma). The last disturbance of the U-Pb isotopic system occurred 700 and 425 Ma. Xenogenic zircons dated from 3.17 to 2.65 Ga have been revealed in the studied samples. These zircons were captured by magma from the Archean basement during its ascent. The intrusions were emplaced synchronously with economic ore formation in the Pechenga ore field (1985 ± 10 Ma). The peak metamorphism of intrusive rocks under amphibolite facies conditions is recorded at 40 Ma later. The differentiated intrusions of the Keulik-Kenirim structural unit are close in their internal structure, mineralogy, and geochemistry, as well as in age and features of related Cu-Ni mineralization to ore-bearing intrusions of the Pechenga ore field, which are derivatives of ferropicritic (ferriferous) magmatism.

Intrusive images and intrusive thoughts as different phenomena: two experimental studies.

PubMed

Hagenaars, Muriel A; Brewin, Chris R; van Minnen, Agnes; Holmes, Emily A; Hoogduin, Kees A L

2010-01-01

According to the dual representation theory of PTSD, intrusive trauma images and intrusive verbal thoughts are produced by separate memory systems. In a previous article it was shown that after watching an aversive film, participants in non-movement conditions reported more intrusive images than participants in a free-to-move control condition (Hagenaars, Van Minnen, Holmes, Brewin, & Hoogduin, 2008). The present study investigates whether the experimental conditions of the Hagenaars et al. study had a different effect on intrusive thoughts than on intrusive images. Experiment 2 further investigated the image-thoughts distinction by manipulating stimulus valence (trauma film versus neutral film) and assessing the subsequent development of intrusive images and thoughts. In addition, both experiments studied the impact of peri-traumatic emotions on subsequent intrusive images and thoughts frequency across conditions. Results showed that experimental manipulations (non-movement and trauma film) caused higher levels of intrusive images relative to control conditions (free movement and neutral film) but they did not affect intrusive thoughts. Peri-traumatic anxiety and horror were associated with subsequent higher levels of intrusive images, but not intrusive thoughts. Correlations were inconclusive for anger and sadness. The results suggest intrusive images and thoughts can be manipulated independently and as such can be considered different phenomena.

Heterogeneous VM Replication: A New Approach to Intrusion Detection, Active Response and Recovery in Cloud Data Centers

DTIC Science & Technology

2015-08-17

from the same execution history, and cost-effective active response by proactively setting up standby VM replicas: migration from a compromised VM...the guest OSes system call code to be reused inside a “shadowed” portion of the context of the out-of- guest inspection program. Besides...by the rootkits in cloud environments. RootkitDet detects rootkits by identifying suspicious code region in the kernel space of guest OSes through

Report of the Task Group on Independent Research and Development

DTIC Science & Technology

1967-02-01

in 1959 when the technology used in prospecting for oil by seismic means was employed to detect and sug- gest the source of earth shocks generated by...result of TI’ s work in seismology for oil exploration. The use of seismometers for intrusion detection stemmed from the large, unde- sirable signals...produced by any human movement during oil -field seismic tests. The first military contract for six test models of these devices was received in 1963

Nocturnal insomnia symptoms and stress-induced cognitive intrusions in risk for depression: A 2-year prospective study

PubMed Central

Pillai, Vivek; Drake, Christopher L.

2018-01-01

Nearly half of US adults endorse insomnia symptoms. Sleep problems increase risk for depression during stress, but the mechanisms are unclear. During high stress, individuals having difficulty falling or staying asleep may be vulnerable to cognitive intrusions after stressful events, given that the inability to sleep creates a period of unstructured and socially isolated time in bed. We investigated the unique and combined effects of insomnia symptoms and stress-induced cognitive intrusions on risk for incident depression. 1126 non-depressed US adults with no history of DSM-5 insomnia disorder completed 3 annual web-based surveys on sleep, stress, and depression. We examined whether nocturnal insomnia symptoms and stress-induced cognitive intrusions predicted depression 1y and 2y later. Finally, we compared depression-risk across four groups: non-perseverators with good sleep, non-perseverators with insomnia symptoms, perseverators with good sleep, and perseverators with insomnia symptoms. Insomnia symptoms (β = .10–.13, p < .001) and cognitive intrusions (β = .19–.20, p < .001) predicted depression severity 1y and 2y later. Depression incidence across 2 years was 6.2%. Perseverators with insomnia had the highest rates of depression (13.0%), whereas good sleeping non-perseverators had the lowest rates (3.3%, Relative Risk = 3.94). Perseverators with sleep latency >30 m reported greater depression than good sleeping perseverators (t = 2.09, p < .04). Cognitive intrusions following stress creates a depressogenic mindset, and nocturnal wakefulness may augment the effects of cognitive arousal on depression development. Poor sleepers may be especially vulnerable to cognitive intrusions when having difficulty initiating sleep. As treatable behaviors, nighttime wakefulness and cognitive arousal may be targeted to reduce risk for depression in poor sleepers. PMID:29438400

Nocturnal insomnia symptoms and stress-induced cognitive intrusions in risk for depression: A 2-year prospective study.

PubMed

Kalmbach, David A; Pillai, Vivek; Drake, Christopher L

2018-01-01

Nearly half of US adults endorse insomnia symptoms. Sleep problems increase risk for depression during stress, but the mechanisms are unclear. During high stress, individuals having difficulty falling or staying asleep may be vulnerable to cognitive intrusions after stressful events, given that the inability to sleep creates a period of unstructured and socially isolated time in bed. We investigated the unique and combined effects of insomnia symptoms and stress-induced cognitive intrusions on risk for incident depression. 1126 non-depressed US adults with no history of DSM-5 insomnia disorder completed 3 annual web-based surveys on sleep, stress, and depression. We examined whether nocturnal insomnia symptoms and stress-induced cognitive intrusions predicted depression 1y and 2y later. Finally, we compared depression-risk across four groups: non-perseverators with good sleep, non-perseverators with insomnia symptoms, perseverators with good sleep, and perseverators with insomnia symptoms. Insomnia symptoms (β = .10-.13, p < .001) and cognitive intrusions (β = .19-.20, p < .001) predicted depression severity 1y and 2y later. Depression incidence across 2 years was 6.2%. Perseverators with insomnia had the highest rates of depression (13.0%), whereas good sleeping non-perseverators had the lowest rates (3.3%, Relative Risk = 3.94). Perseverators with sleep latency >30 m reported greater depression than good sleeping perseverators (t = 2.09, p < .04). Cognitive intrusions following stress creates a depressogenic mindset, and nocturnal wakefulness may augment the effects of cognitive arousal on depression development. Poor sleepers may be especially vulnerable to cognitive intrusions when having difficulty initiating sleep. As treatable behaviors, nighttime wakefulness and cognitive arousal may be targeted to reduce risk for depression in poor sleepers.