Sensory imagery in craving : from cognitive psychology to new treatments for addiction

Sensory imagery is a powerful tool for inducing craving because it is a key component of the cognitive system that underpins human motivation. The role of sensory imagery in motivation is explained by Elaborated Intrusion (EI) theory. Imagery plays an important role in motivation because it conveys the emotional qualities of the desired event, mimicking anticipated pleasure or relief, and continual elaboration of the imagery ensures that the target stays in mind. We argue that craving is a conscious state, intervening between unconscious triggers and consumption, and summarise evidence that interfering with sensory imagery can weaken cravings. We argue that treatments for addiction can be enhanced by the application of EI theory to maintain motivation, and assist in the management of craving in high-risk situations.

Monitoring smartphones for anomaly detection

In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis was applied which lead to a decrease of about 80 of the amount of monitored features.

Application-level simulation for network security

NeSSi (network security simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for detection algorithm plug-ins allow it to be used for security research and evaluation purposes. NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis and developing overlay security frameworks. NeSSi is built upon the agent framework JIAC, resulting in a distributed and extensible architecture. In this paper, we provide an overview of the NeSSi architecture as well as its distinguishing features and briefly demonstrate its application to current security research projects.

Teamworking for security : the collaborative approach

Collaborative methods are promising tools for solving complex security tasks. In this context, the authors present the security overlay framework CIMD (Collaborative Intrusion and Malware Detection), enabling participants to state objectives and interests for joint intrusion detection and find groups for the exchange of security-related data such as monitoring or detection results accordingly; to these groups the authors refer as detection groups. First, the authors present and discuss a tree-oriented taxonomy for the representation of nodes within the collaboration model. Second, they introduce and evaluate an algorithm for the formation of detection groups. After conducting a vulnerability analysis of the system, the authors demonstrate the validity of CIMD by examining two different scenarios inspired sociology where the collaboration is advantageous compared to the non-collaborative approach. They evaluate the benefit of CIMD by simulation in a novel packet-level simulation environment called NeSSi (Network Security Simulator) and give a probabilistic analysis for the scenarios.

Modeling and detection of complex attacks

A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.

Were intercalated komatiites and dacites at the Black Swan nickel sulphide mine, Yilgarn Craton, Western Australia, emplaced as extrusive lavas or intrusive bodies? The significance of breccia textures and contact relationships

Intercalated Archean komatiites and dacites sit above a thick footwall dacite unit in the host rock succession at the Black Swan Nickel Mine, north of Kalgoorlie in the Yilgarn Craton, Western Australia. Both lithofacies occur in units that vary in scale from laterally extensive at the scale of the mine lease to localized, thin, irregular bodies, from > 100 m thick to only centimetres thick. Some dacites are only slightly altered and deformed, and are interpreted to post-date major deformation and alteration (late porphyries). However, the majority of the dacites display evidence of deformation, especially at contacts, and metamorphism, varying from silicification and chlorite alteration at contacts to pervasive low grade regional metamorphic alteration represented by common assemblages of chlorite, sericite and albite. Texturally, the dacites vary from entirely massive and coherent to partially brecciated to totally brecciated. Strangely, some dacites are coherent at the margins and brecciated internally. Breccia textures vary from cryptically defined, to blocky, closely packed, in situ jig-saw fit textures with secondary minerals in fractures between clasts, to more apparent matrix rich textures with round clast forms, giving apparent conglomerate textures. Some clast zones have multi-coloured clasts, giving the impression of varied provenance. Strangely however, all these textural variants have gradational relationships with each other, and no bedding or depositional structures are present. This indicates that all textures have an in situ origin. The komatiites are generally altered and pervasively carbonate veined. Preservation of original textures is patchy and local, but includes coarse adcumulate, mesocumulate, orthocumulate, crescumulate-harrisite and occasionally spinifex textures. Where original contacts between komatiites and dacites are preserved intact (i.e. not sheared or overprinted by alteration), the komatiites have chilled margins, whereas the dacites do not. The margins of the dacites are commonly silicified, and inclusions of dacite occur in komatiite, even at the top contacts of komatiite units, but komatiite clasts do not occur in the dacites. The komatiites therefore were emplaced as sills into the dacites, and the intercalated relationships are interpreted as intrusive. The brecciation and alteration in the dacites are interpreted as being largely due to hydraulic fracturing and alteration induced by contact metamorphic effects and hydrothermal alteration deriving from the intrusion of komatiites into the felsic pile. The absence of autobreccia and hyaloclastite textures in the dacites suggest that they were emplaced as an earlier intrusive (sill?) complex at a high level in the crust.

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Design and modeling of collaboration architecture for security

Threats against computer networks evolve very fast and require more and more complex measures. We argue that teams respectively groups with a common purpose for intrusion detection and prevention improve the measures against rapid propagating attacks similar to the concept of teams solving complex tasks known from field of work sociology. Collaboration in this sense is not easy task especially for heterarchical environments. We propose CIMD (collaborative intrusion and malware detection) as a security overlay framework to enable cooperative intrusion detection approaches. Objectives and associated interests are used to create detection groups for exchange of security-related data. In this work, we contribute a tree-oriented data model for device representation in the scope of security. We introduce an algorithm for the formation of detection groups, show realization strategies for the system and conduct vulnerability analysis. We evaluate the benefit of CIMD by simulation and probabilistic analysis.

Monitoring android for collaborative anomaly detection : a first architectural draft

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways, e.g. for payment systems or assisting the lives of elderly or disabled people. Security threats for these devices become more and more dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level and where third-party developers first time have the opportunity to develop kernel-based low-level security tools. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS, holding the greatest market share among all smartphone OSs, was even closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. Since signature-based approaches mainly detect known malwares, anomaly-based approaches can be a valuable addition to these systems. They base on mathematical algorithms processing data that describe the state of a certain device. For gaining this data, a monitoring client is needed that has to extract usable information (features) from the monitored system. Our approach follows a dual system for analyzing these features. On the one hand, functionality for on-device light-weight detection is provided. But since most algorithms are resource exhaustive, remote feature analysis is provided on the other hand. Having this dual system enables event-based detection that can react to the current detection need. In our ongoing research we aim to investigates the feasibility of light-weight on-device detection for certain occasions. On other occasions, whenever significant changes are detected on the device, the system can trigger remote detection with heavy-weight algorithms for better detection results. In the absence of the server respectively as a supplementary approach, we also consider a collaborative scenario. Here, mobile devices sharing a common objective are enabled by a collaboration module to share information, such as intrusion detection data and results. This is based on an ad-hoc network mode that can be provided by a WiFi or Bluetooth adapter nearly every smartphone possesses.

Solving inherent problems of anomaly detection by cooperation

Anomaly detection compensates shortcomings of signature-based detection such as protecting against Zero-Day exploits. However, Anomaly Detection can be resource-intensive and is plagued by a high false-positive rate. In this work, we address these problems by presenting a Cooperative Intrusion Detection approach for the AIS, the Artificial Immune System, as an example for an anomaly detection approach. In particular we show, how the cooperative approach reduces the false-positive rate of the detection and how the overall detection process can be organized to account for the resource constraints of the participating devices. Evaluations are carried out with the novel network simulation environment NeSSi as well as formally with an extension to the epidemic spread model SIR

Characterization of tight gas reservoir pore structure using USANS/SANS and gas adsorption analysis

Small-angle and ultra-small-angle neutron scattering (SANS and USANS) measurements were performed on samples from the Triassic Montney tight gas reservoir in Western Canada in order to determine the applicability of these techniques for characterizing the full pore size spectrum and to gain insight into the nature of the pore structure and its control on permeability. The subject tight gas reservoir consists of a finely laminated siltstone sequence; extensive cementation and moderate clay content are the primary causes of low permeability. SANS/USANS experiments run at ambient pressure and temperature conditions on lithologically-diverse sub-samples of three core plugs demonstrated that a broad pore size distribution could be interpreted from the data. Two interpretation methods were used to evaluate total porosity, pore size distribution and surface area and the results were compared to independent estimates derived from helium porosimetry (connected porosity) and low-pressure N2 and CO2 adsorption (accessible surface area and pore size distribution). The pore structure of the three samples as interpreted from SANS/USANS is fairly uniform, with small differences in the small-pore range (<2000 Å), possibly related to differences in degree of cementation, and mineralogy, in particular clay content. Total porosity interpreted from USANS/SANS is similar to (but systematically higher than) helium porosities measured on the whole core plug. Both methods were used to estimate the percentage of open porosity expressed here as a ratio of connected porosity, as established from helium adsorption, to the total porosity, as estimated from SANS/USANS techniques. Open porosity appears to control permeability (determined using pressure and pulse-decay techniques), with the highest permeability sample also having the highest percentage of open porosity. Surface area, as calculated from low-pressure N2 and CO2 adsorption, is significantly less than surface area estimates from SANS/USANS, which is due in part to limited accessibility of the gases to all pores. The similarity between N2 and CO2-accessible surface area suggests an absence of microporosity in these samples, which is in agreement with SANS analysis. A core gamma ray profile run on the same core from which the core plug samples were taken correlates to profile permeability measurements run on the slabbed core. This correlation is related to clay content, which possibly controls the percentage of open porosity. Continued study of these effects will prove useful in log-core calibration efforts for tight gas.

A basis for instrusion detection in distributed systems using kernel-level data tainting

This project was a step forward in developing intrusion detection systems in distributed environments such as web services. It investigates a new approach of detection based on so-called "taint-marking" techniques and introduces a theoretical framework along with its implementation in the Linux kernel.

Alcohol consumption in young adults : the role of multisensory imagery

Little is known about the subjective experience of alcohol desire and craving in young people. Descriptions of alcohol urges continue to be extensively used in the everyday lexicon of young, non-dependent drinkers. Elaborated Intrusion (EI) Theory contends that imagery is central to craving and desires, and predicts that alcohol-related imagery will be associated with greater frequency and amount of drinking. This study involved 1,535 age stratified 18–25 year olds who completed an alcohol–related survey that included the Imagery scale of the Alcohol Craving Experience (ACE) questionnaire. Imagery items predicted 12-16% of the variance in concurrent alcohol consumption. Higher total Imagery subscale scores were linearly associated with greater drinking frequency and lower self-efficacy for moderate drinking. Interference with alcohol imagery may have promise as a preventive or early intervention target in young people.

Timing and source constraints on the relationship between mafic and felsic intrusions in the Emeiashan large igneous province

Several I- and A-type granite, syenite plutons and spatially associated, giant Fe–Ti–V deposit-bearing mafic ultramafic layered intrusions occur in the Pan–Xi(Panzhihua–Xichang) area within the inner zone of the Emeishan large igneous province (ELIP). These complexes are interpreted to be related to the Emeishan mantle plume. We present LA-ICP-MS and SIMS zircon U–Pb ages and Hf–Nd isotopic compositions for the gabbros, syenites and granites from these complexes. The dating shows that the age of the felsic intrusive magmatism (256.2 ± 3.0–259.8 ± 1.6 Ma) is indistinguishable from that of the mafic intrusive magmatism (255.4 ± 3.1–259.5 ± 2.7 Ma) and represents the final phase of a continuous magmatic episode that lasted no more than 10 Myr. The upper gabbros in the mafic–ultramafic intrusions are generally more isotopically enriched (lower eNd and eHf) than the middle and lower gabbros, suggesting that the upper gabbros have experienced a higher level of crustal contamination than the lower gabbros. The significantly positive eHf(t) values of the A-type granites and syenites (+4.9 to +10.8) are higher than those of the upper gabbros of the associated mafic intrusion, which shows that they cannot be derived by fractional crystallization of these bodies. They are however identical to those of the mafic enclaves (+7.0 to +11.4) and middle and lower gabbros, implying that they are cogenetic. We suggest that they were generated by fractionation of large-volume, plume-related basaltic magmas that ponded deep in the crust. The deep-seated magma chamber erupted in two stages: the first near a density minimum in the basaltic fractionation trend and the second during the final stage of fractionation when the magma was a low density Fe-poor, Si-rich felsic magma. The basaltic magmas emplaced in the shallowlevel magma chambers differentiated to form mafic–ultramafic layered intrusions accompanied by a small amount of crustal assimilation through roof melting. Evolved A-type granites (synenites and syenodiorites) were produced dominantly by crystallization in the deep crustal magma chamber. In contrast, the I-type granites have negative eNd(t) [-6.3 to -7.5] and eHf(t) [-1.3 to -6.7] values, with the Nd model ages (T Nd DM2) of 1.63-1.67 Ga and Hf model ages (T Hf DM2) of 1.56-1.58 Ga, suggesting that they were mainly derived from partial melting of Mesoproterozoic crust. In combination with previous studies, this study also shows that plume activity not only gave rise to reworking of ancient crust, but also significant growth of juvenile crust in the center of the ELIP.

Geologic map of the Valley Mountain 15’ quadrangle, San Bernardino and Riverside Counties, California: U.S. Geological Survey Geologic Quadrangle Map GQ–1767, scale 1:62,500

The Valley Mountain 15’ quadrangle straddles the Pinto Mountain Fault, which bounds the eastern Transverse Ranges in the south against the Mojave Desert province in the north. The Pinto Mountains, part of the eastern Transverse Ranges in the south part of the quadrangle expose a series of Paleoproterozoic gneisses and granite and the Proterozoic quartzite of Pinto Mountain. Early Triassic quartz monzonite intruded the gneisses and was ductiley deformed prior to voluminous Jurassic intrusion of diorite, granodiorite, quartz monzonite, and granite plutons. The Jurassic rocks include part of the Bullion Mountains Intrusive Suite, which crops out prominently at Valley Mountain and in the Bullion Mountains, as well as in the Pinto Mountains. Jurassic plutons in the southwest part of the quadrangle are deeply denuded from midcrustal emplacement levels in contrast to supracrustal Jurassic limestone and volcanic rocks exposed in the northeast. Dikes inferred to be part of the Jurassic Independence Dike Swarm intrude the Jurassic plutons and Proterozoic rocks. Late Cretaceous intrusion of the Cadiz Valley Batholith in the northeast caused contact metamorphism of adjacent Jurassic plutonic rocks...