User Behavioral Modeling of Web-based Systems for Continuous User Authentication

Authentication plays an important role in how we interact with computers, mobile devices, the web, etc. The idea of authentication is to uniquely identify a user before granting access to system privileges. For example, in recent years more corporate information and applications have been accessible via the Internet and Intranet. Many employees are working from remote locations and need access to secure corporate files. During this time, it is possible for malicious or unauthorized users to gain access to the system. For this reason, it is logical to have some mechanism in place to detect whether the logged-in user is the same user in control of the user's session. Therefore, highly secure authentication methods must be used. We posit that each of us is unique in our use of computer systems. It is this uniqueness that is leveraged to "continuously authenticate users" while they use web software. To monitor user behavior, n-gram models are used to capture user interactions with web-based software. This statistical language model essentially captures sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique by providing a model of how each user typically behaves. Users are then continuously monitored during software operations. Large deviations from "normal behavior" can possibly indicate malicious or unintended behavior. This approach is implemented in a system called Intruder Detector (ID) that models user actions as embodied in web logs generated in response to a user's actions. User identification through web logs is cost-effective and non-intrusive. We perform experiments on a large fielded system with web logs of approximately 4000 users. For these experiments, we use two classification techniques; binary and multi-class classification. We evaluate model-specific differences of user behavior based on coarse-grain (i.e., role) and fine-grain (i.e., individual) analysis. A specific set of metrics are used to provide valuable insight into how each model performs. Intruder Detector achieves accurate results when identifying legitimate users and user types. This tool is also able to detect outliers in role-based user behavior with optimal performance. In addition to web applications, this continuous monitoring technique can be used with other user-based systems such as mobile devices and the analysis of network traffic.

NUMERICAL SIMULATION STUDY OF VIBRATION MITIGATION EFFECTIVENESS OF TUNED MASS DAMPERS FOR TRAFFIC SIGNAL MAST ARM STRUCTURES

Fatigue damage in the connections of single mast arm signal support structures is one of the primary safety concerns because collapse could result from fatigue induced cracking. This type of cantilever signal support structures typically has very light damping and excessively large wind-induced vibration have been observed. Major changes related to fatigue design were made in the 2001 AASHTO LRFD Specification for Structural Supports for Highway Signs, Luminaries, and Traffic Signals and supplemental damping devices have been shown to be promising in reducing the vibration response and thus fatigue load demand on mast arm signal support structures. The primary objective of this study is to investigate the effectiveness and optimal use of one type of damping devices termed tuned mass damper (TMD) in vibration response mitigation. Three prototype single mast arm signal support structures with 50-ft, 60-ft, and 70-ft respectively are selected for this numerical simulation study. In order to validate the finite element models for subsequent simulation study, analytical modeling of static deflection response of mast arm of the signal support structures was performed and found to be close to the numerical simulation results from beam element based finite element model. A 3-DOF dynamic model was then built using analytically derived stiffness matrix for modal analysis and time history analysis. The free vibration response and forced (harmonic) vibration response of the mast arm structures from the finite element model are observed to be in good agreement with the finite element analysis results. Furthermore, experimental test result from recent free vibration test of a full-scale 50-ft mast arm specimen in the lab is used to verify the prototype structure’s fundamental frequency and viscous damping ratio. After validating the finite element models, a series of parametric study were conducted to examine the trend and determine optimal use of tuned mass damper on the prototype single mast arm signal support structures by varying the following parameters: mass, frequency, viscous damping ratio, and location of TMD. The numerical simulation study results reveal that two parameters that influence most the vibration mitigation effectiveness of TMD on the single mast arm signal pole structures are the TMD frequency and its viscous damping ratio.

Quantifying the Resilience of an Urban Traffic-Electric Power Coupled System

Transportation system resilience has been the subject of several recent studies. To assess the resilience of a transportation network, however, it is essential to model its interactions with and reliance on other lifelines. In this work, a bi-level, mixed-integer, stochastic program is presented for quantifying the resilience of a coupled traffic-power network under a host of potential natural or anthropogenic hazard-impact scenarios. A two-layer network representation is employed that includes details of both systems. Interdependencies between the urban traffic and electric power distribution systems are captured through linking variables and logical constraints. The modeling approach was applied on a case study developed on a portion of the signalized traffic-power distribution system in southern Minneapolis. The results of the case study show the importance of explicitly considering interdependencies between critical infrastructures in transportation resilience estimation. The results also provide insights on lifeline performance from an alternative power perspective.