Framework for evaluating collaborative intrusion detection systems

Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for the network security simulation platform ( NeSSi 2 ). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware-based attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.

Decentralized detector generation in cooperative intrusion detection system

We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.

Key distribution mechanisms for wireless sensor networks : a survey

Advances in technology introduce new application areas for sensor networks. Foreseeable wide deployment of mission critical sensor networks creates concerns on security issues. Security of large scale densely deployed and infrastructure less wireless networks of resource limited sensor nodes requires efficient key distribution and management mechanisms. We consider distributed and hierarchical wireless sensor networks where unicast, multicast and broadcast type of communications can take place. We evaluate deterministic, probabilistic and hybrid type of key pre-distribution and dynamic key generation algorithms for distributing pair-wise, group-wise and network-wise keys.

Optimally increasing secure connectivity in multihop wireless ad hoc networks

We consider the problem of how to maximize secure connectivity of multi-hop wireless ad hoc networks after deployment. Two approaches, based on graph augmentation problems with nonlinear edge costs, are formulated. The first one is based on establishing a secret key using only the links that are already secured by secret keys. This problem is in NP-hard and does not accept polynomial time approximation scheme PTAS since minimum cutsets to be augmented do not admit constant costs. The second one is based of increasing the power level between a pair of nodes that has a secret key to enable them physically connect. This problem can be formulated as the optimal key establishment problem with interference constraints with bi-objectives: (i) maximizing the concurrent key establishment flow, (ii) minimizing the cost. We show that both problems are NP-hard and MAX-SNP (i.e., it is NP-hard to approximate them within a factor of 1 + e for e > 0 ) with a reduction to MAX3SAT problem. Thus, we design and implement a fully distributed algorithm for authenticated key establishment in wireless sensor networks where each sensor knows only its one- hop neighborhood. Our witness based approaches find witnesses in multi-hop neighborhood to authenticate the key establishment between two sensor nodes which do not share a key and which are not connected through a secure path.

Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pair wise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighbouring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighbouring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools. Comparison to probabilistic schemes shows that our combinatorial approach produces better connectivity with smaller key-chain sizes.

Design and analysis of key management schemes for distributed wireless sensor networks

Secure communications in distributed Wireless Sensor Networks (WSN) operating under adversarial conditions necessitate efficient key management schemes. In the absence of a priori knowledge of post-deployment network configuration and due to limited resources at sensor nodes, key management schemes cannot be based on post-deployment computations. Instead, a list of keys, called a key-chain, is distributed to each sensor node before the deployment. For secure communication, either two nodes should have a key in common in their key-chains, or they should establish a key through a secure-path on which every link is secured with a key. We first provide a comparative survey of well known key management solutions for WSN. Probabilistic, deterministic and hybrid key management solutions are presented, and they are compared based on their security properties and re-source usage. We provide a taxonomy of solutions, and identify trade-offs in them to conclude that there is no one size-fits-all solution. Second, we design and analyze deterministic and hybrid techniques to distribute pair-wise keys to sensor nodes before the deployment. We present novel deterministic and hybrid approaches based on combinatorial design theory and graph theory for deciding how many and which keys to assign to each key-chain before the sensor network deployment. Performance and security of the proposed schemes are studied both analytically and computationally. Third, we address the key establishment problem in WSN which requires key agreement algorithms without authentication are executed over a secure-path. The length of the secure-path impacts the power consumption and the initialization delay for a WSN before it becomes operational. We formulate the key establishment problem as a constrained bi-objective optimization problem, break it into two sub-problems, and show that they are both NP-Hard and MAX-SNP-Hard. Having established inapproximability results, we focus on addressing the authentication problem that prevents key agreement algorithms to be used directly over a wireless link. We present a fully distributed algorithm where each pair of nodes can establish a key with authentication by using their neighbors as the witnesses.

Raman spectroscopic study of the hydroxy-phosphate mineral plumbogummite PbAl3(PO4)2(OH,H2O)6

Plumbogummite PbAl3(PO4)2(OH,H2O)6 is a mineral of environmental significance and is a member of the alunite-jarosite supergroup. The molecular structure of the mineral has been investigated by Raman spectroscopy. The spectra of different plumbogummite specimens differ although there are many common features. The Raman spectra prove the spectral profile consisting of overlapping bands and shoulders. Raman bands and shoulders observed at 971, 980, 1002 and 1023 cm−1 (China sample) and 913, 981, 996 and 1026 cm−1 (Czech sample) are assigned to the ν1 symmetric stretching modes of the (PO4)3−, at 1002 and 1023 cm−1 (China) and 996 and 1026 cm−1 to the ν1 symmetric stretching vibrations of the (O3POH)2− units, and those at 1057, 1106 and 1182 (China) and at 1102, 1104 and 1179 cm−1 (Czech) to the ν3 (PO4)3− and ν3 (PO3) antisymmetric stretching vibrations. Raman bands and shoulders at 634, 613 and 579 cm−1 (China) and 611 and 596 cm−1 (Czech) are attributed to the ν4 (δ) (PO4)3− bending vibrations and those at 507, 494 and 464 cm−1 (China) and 505 and 464 cm−1 (Czech) to the ν2 (δ) (PO4)3− bending vibrations. The Raman spectrum of the OH stretching region is complex. Raman bands and shoulders are identified at 2824, 3121, 3249, 3372, 3479 and 3602 cm−1 for plumbogummite from China, and at 3077, 3227, 3362, 3480, 3518 and 3601 cm−1 for the Czech Republic sample. These bands are assigned to the ν OH stretching modes of water molecules and hydrogen ions. Approximate O–H⋯O hydrogen bond lengths inferred from the Raman spectra vary in the range >3.2–2.62 Å (China) and >3.2–2.67 Å (Czech). The minority presence of some carbonate ions in the plumbogummite (China sample) is connected with distinctive intensity increasing of the Raman band at 1106 cm−1, in which may participate the ν1 (CO3)2− symmetric stretching vibration overlapped with phosphate stretching vibrations.

Vibrational spectroscopic characterization of the phosphate mineral anapaite Ca2Fe2+(PO4)2 · 4(H2O)

We have characterized anapaite Ca2Fe2+(PO4)2·4(H2O), a rare Ca and Fe phosphate, using a combination of electron microscopy and vibrational spectroscopy. The mineral occurs in soils and lacustrine sediments and is usually related to the diagenetic process in phosphorous rich sediments. The phosphate anion is characterized by its Raman spectrum with an intense sharp band at 943 cm-1, attributed to the ν1 PO4 3- symmetric stretching mode. Three bands at 992, 1039 and 1071 cm-1 are attributed to ν3 PO4 3-antisymmetric stretching modes. The infrared spectrum of anapaite shows complexity with a series of overlapping bands. Water in the structure of anapaite is observed by OH stretching vibrations at 2777, 3022 and 3176 cm-1 (Raman) and 2744, 3014 and 3096 cm-1 (infrared). The position of these bands provides evidence for the strong hydrogen bonding of water in the anapaite structure and contributes to the stability of the mineral.

Infrared and Raman spectroscopic characterization of the phosphate mineral leucophosphite - K(Fe3+)2(PO4)2(OH)·2(H2O)

The phosphate mineral leucophosphite K(Fe2)3þ(PO4)2(OH) · 2H2O has been characterized by SEM-EDS, Raman, and infrared spectro- scopic measurements. The mineral is predominantly a K and Fe phosphate with some minor substitution of Al in the Fe3þ site. Raman bands at 994 and 1058 cm-1 are assigned to the symmetric stretching modes of PO3- and HPO2- units. The Raman bands at 1104, 1135, and 1177 cm-1 are assigned to the PO3- and HPO2- antisymmetric stretching modes. Raman and infrared spectra in the 2600–3800 cm-1 region show a complex set of overlapping bands, which may be resolved into the component bands. The Raman bands observed at 3325, 3355, and 3456 cm-1 are attributed to water stretching vibrations, and in the infrared spectrum, bands at 3237, 3317, and 3453 cm-1 are assigned to water stretching bands.

Visualising security incidents through event aggregation

Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.

Pressure ulcers in the adult intensive care unit : a literature review of patient risk factors and risk assessment scales

Background: Critically ill patients are at high risk for pressure ulcer (PrU) development due to their high acuity and the invasive nature of the multiple interventions and therapies they receive. With reported incidence rates of PrU development in the adult critical care population as high as 56%, the identification of patients at high risk of PrU development is essential. This paper will explore the association between PrU development and risk factors. It will also explore PrU development and the use of risk assessment scales for critically ill patients in adult intensive care units. Method: A literature search from 2000 to 2012 using the CINHAL, Cochrane Library, EBSCOHost, Medline (via EBSCOHost), PubMed, ProQuest and Google Scholar databases was conducted. Key words used were: pressure ulcer/s; pressure sore/s; decubitus ulcer/s; bed sore/s; critical care; intensive care; critical illness; prevalence; incidence; prevention; management; risk factor; risk assessment scale. Results: Nineteen articles were included in this review; eight studies addressing PrU risk factors, eight studies addressing risk assessment scales and three studies overlapping both. Results from the studies reviewed identified 28 intrinsic and extrinsic risk factors which may lead to PrU development. Development of a risk factor prediction model in this patient population, although beneficial, appears problematic due to many issues such as diverse diagnoses and subsequent patient needs. Additionally, several risk assessment instruments have been developed for early screening of patients at higher risk of developing PrU in the ICU. No existing risk assessment scales are valid for identification high risk critically ill patient,with the majority of scales potentially over-predicting patients at risk for PrU development. Conclusion: Research studies to inform the risk factors for potential pressure ulcer development are inconsistent. Additionally, there is no consistent or clear evidence which demonstrates any scale to better or more effective than another when used to identify the patients at risk for PrU development. Furthermore robust research is needed to identify the risk factors and develop valid scales for measuring the risk of PrU development in ICU.

Complexity of increasing the secure connectivity in wireless ad hoc networks

We consider the problem of maximizing the secure connectivity in wireless ad hoc networks, and analyze complexity of the post-deployment key establishment process constrained by physical layer properties such as connectivity, energy consumption and interference. Two approaches, based on graph augmentation problems with nonlinear edge costs, are formulated. The first one is based on establishing a secret key using only the links that are already secured by shared keys. This problem is in NP-hard and does not accept polynomial time approximation scheme PTAS since minimum cutsets to be augmented do not admit constant costs. The second one extends the first problem by increasing the power level between a pair of nodes that has a secret key to enable them physically connect. This problem can be formulated as the optimal key establishment problem with interference constraints with bi-objectives: (i) maximizing the concurrent key establishment flow, (ii) minimizing the cost. We prove that both problems are NP-hard and MAX-SNP with a reduction to MAX3SAT problem.

Antiproton induced DNA damage : proton like in flight, carbon-ion light near rest

Biological validation of new radiotherapy modalities is essential to understand their therapeutic potential. Antiprotons have been proposed for cancer therapy due to enhanced dose deposition provided by antiproton-nucleon annihilation. We assessed cellular DNA damage and relative biological effectiveness (RBE) of a clinically relevant antiproton beam. Despite a modest LET (~19 keV/μm), antiproton spread out Bragg peak (SOBP) irradiation caused significant residual γ-H2AX foci compared to X-ray, proton and antiproton plateau irradiation. RBE of ~1.48 in the SOBP and ~1 in the plateau were measured and used for a qualitative effective dose curve comparison with proton and carbon-ions. Foci in the antiproton SOBP were larger and more structured compared to X-rays, protons and carbon-ions. This is likely due to overlapping particle tracks near the annihilation vertex, creating spatially correlated DNA lesions. No biological effects were observed at 28–42 mm away from the primary beam suggesting minimal risk from long-range secondary particles.

Cross-calbration of push-broom 2D LIDARs and cameras in natural scenes

This paper addresses the problem of automatically estimating the relative pose between a push-broom LIDAR and a camera without the need for artificial calibration targets or other human intervention. Further we do not require the sensors to have an overlapping field of view, it is enough that they observe the same scene but at different times from a moving platform. Matching between sensor modalities is achieved without feature extraction. We present results from field trials which suggest that this new approach achieves an extrinsic calibration accuracy of millimeters in translation and deci-degrees in rotation.

Improving the Walkability of Subtropical Urban Areas: a case study analysis for the development of a design process

This research develops a new framework to be used as a tool for analysing and designing walkable communities. The literature review recognises the work of other researchers combining their findings with the theory of activity nodes and considers how a framework may be used on a more global basis. The methodology develops a set of criteria through the analysis of noted successful case studies and this is then tested against an area with very low walking rates in Brisbane, Australia. Results of the study suggest that as well as the accepted criteria of connectivity, accessibility, safety, security, and path quality further criteria in the form or planning hierarchy, activity nodes and climate mitigation could be added to allow the framework to cover a broader context. Of particular note is the development of the nodal approach, which allows simple and effective analysis of existing conditions, and may also prove effective as a tool for planning and design of walkable communities.