Introduction to Wireless Intrusion Detection Systems

The IDS (Intrusion Detection System) is a common means of protecting networked systems from attack or malicious misuse. The development and rollout of an IDS can take many different forms in terms of equipment, protocols, connectivity, cost and automation. This is particularly true of WIDS (Wireless Intrusion Detection Systems) which have many more opportunities and challenges associated with data transmission through an open, shared medium.
The operation of a WIDS is a multistep process from origination of an attack through to human readable evaluation. Attention to the performance of each of the processes in the chain from attack detection to evaluation is imperative if an optimum solution is to be sought. At present, research focuses very much on each discrete aspect of a WIDS with little consideration to the operation of the whole system. Taking a holistic view of the technology shows the interconnectivity and inter-dependence between stages, leading to improvements and novel research areas for investigation.
This chapter will outline the general structure of Wireless Intrusion Detection Systems and briefly describe the functions of each development stage, categorised into the following 6 areas:
• Threat Identification,
• Architecture,
• Data Collection,
• Intrusion Detection,
• Alert Correlation,
• Evaluation.
These topics will be considered in broad terms designed for those new to the area. Focus will be placed on ensuring the readers are aware of the impact of choices made at early stages in WIDS development on future stages.

Molecularly Imprinted Polymers for Corticosteroids: Impact of polymer format on recognition behaviour

A comparative study of different polymeric formats for the targeting of corticosteroids, focusing on the use of bulk monolith and precipitation polymerisation strategies, was performed and the effect on recognition behaviour was studied. Hydrocortisone-17-butyrate was selected as the template and methacrylic acid as the functional monomer, following 1H NMR investigation of the pre-polymerisation mixture. Three different cross-linkers were tested, ranging from moderate to highly hydrophobic. The synthesised bulk and precipitated imprinted polymers were physically characterised by nitrogen sorption and evaluated by means of HPLC and frontal chromatography against a range of template analogues. While some degree of selectivity for the template was achieved for all tested polymers, the ones based on the tri-functional cross-linking monomer TRIM exhibited the longest retention for all corticosteroids, especially in the precipitated format, which suggested 31 broader group selectivity.

Intrusion Detection System for Network Security in Synchrophasor Systems

Synchrophasor systems will play a crucial role in next generation Smart Grid monitoring, protection and control. However these systems also introduce a multitude of potential vulnerabilities from malicious and inadvertent attacks, which may render erroneous operation or severe damage. This paper proposes a Synchrophasor Specific Intrusion Detection System (SSIDS) for malicious cyber attack and unintended misuse. The SSIDS comprises a heterogeneous whitelist and behavior-based approach to detect known attack types and unknown and so-called ‘zero-day’ vulnerabilities and attacks. The paper describes reconnaissance, Man-in-the-Middle (MITM) and Denial-of-Service (DoS) attack types executed against a practical synchrophasor system which are used to validate the real-time effectiveness of the proposed SSIDS cyber detection method.

Multi-Attribute SCADA-Specific Intrusion Detection System for Power Networks

The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach.

Model selection for prognostic time-to-event gene signature discovery with applications in early breast cancer data

Model selection between competing models is a key consideration in the discovery of prognostic multigene signatures. The use of appropriate statistical performance measures as well as verification of biological significance of the signatures is imperative to maximise the chance of external validation of the generated signatures. Current approaches in time-to-event studies often use only a single measure of performance in model selection, such as logrank test p-values, or dichotomise the follow-up times at some phase of the study to facilitate signature discovery. In this study we improve the prognostic signature discovery process through the application of the multivariate partial Cox model combined with the concordance index, hazard ratio of predictions, independence from available clinical covariates and biological enrichment as measures of signature performance. The proposed framework was applied to discover prognostic multigene signatures from early breast cancer data. The partial Cox model combined with the multiple performance measures were used in both guiding the selection of the optimal panel of prognostic genes and prediction of risk within cross validation without dichotomising the follow-up times at any stage. The signatures were successfully externally cross validated in independent breast cancer datasets, yielding a hazard ratio of 2.55 [1.44, 4.51] for the top ranking signature.

Stochastic Analysis of Saltwater Intrusion in Heterogeneous Aquifers using Local Average Subdivision

This study investigates the effects of ground heterogeneity, considering permeability as a random variable, on an intruding SW wedge using Monte Carlo simulations. Random permeability fields were generated, using the method of Local Average Subdivision (LAS), based on a lognormal probability density function. The LAS method allows the creation of spatially correlated random fields, generated using coefficients of variation (COV) and horizontal and vertical scales of fluctuation (SOF). The numerical modelling code SUTRA was employed to solve the coupled flow and transport problem. The well-defined 2D dispersive Henry problem was used as the test case for the method. The intruding SW wedge is defined by two key parameters, the toe penetration length (TL) and the width of mixing zone (WMZ). These parameters were compared to the results of a homogeneous case simulated using effective permeability values. The simulation results revealed: (1) an increase in COV resulted in a seaward movement of TL; (2) the WMZ extended with increasing COV; (3) a general increase in horizontal and vertical SOF produced a seaward movement of TL, with the WMZ increasing slightly; (4) as the anisotropic ratio increased the TL intruded further inland and the WMZ reduced in size. The results show that for large values of COV, effective permeability parameters are inadequate at reproducing the effects of heterogeneity on SW intrusion.

Experimental Investigation of Transient Saltwater Intrusion in Heterogeneous Porous Media

A 2D sandbox style experiment was developed to compare the results of numerical modelling to physical testing for saltwater intrusion in homogeneous and heterogeneous aquifers. The sandbox consisted of a thin central viewing chamber filled with glass beads of varying diameters (780μm, 1090μm and 1325μm) under fully saturated conditions. Dyed saltwater (SW) was introduced at the side boundary and a head difference imposed across the porous media. Images of the SW wedge were recorded at intervals in order to assess the suitability of the numerical models predictions of transient SW intrusion. Numerical modelling of the experimental cases were simulated using SUTRA. Two main parameters were chosen to express the condition of the intruding SW wedge at each recorded time step; the toe penetration length (TL) and the width of the mixing zone (WMZ). The WMZ was larger under transient conditions in the heterogeneous case, while the TL was longer for the homogeneous case. The increased variability in the flow field fo the heterogeneous case resulted in increased dispersion, and thus, increased WMZ.

Stateful Intrusion Detection for IEC 60870-5-104 SCADA Security

Cyber threats in Supervisory Control and Data Acquisition (SCADA) systems have the potential to render physical damage and jeopardize power system operation, safety and stability. SCADA systems were originally designed with little consideration of escalating cyber threats and hence the problem of how to develop robust intrusion detection technologies to tailor the requirements of SCADA is an emerging topic and a big challenge. This paper proposes a stateful Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method to improve the cyber-security of SCADA systems using the IEC 60870-5-104 protocol which is tailored for basic telecontrol communications. The proposed stateful protocol analysis approach is presented that is designed specifically for the IEC 60870-5-104 protocol. Finally, the novel intrusion detection approach are implemented and validated.

Modelling the brightness increase signature due to asteroid collisions

We have developed a model to predict the post-collision brightness increase of sub-catastrophic collisions between asteroids and to evaluate the likelihood of a survey detecting these events. It is based on the cratering scaling laws of Holsapple and Housen (2007) and models the ejecta expansion following an impact as occurring in discrete shells each with their own velocity. We estimate the magnitude change between a series of target/impactor pairs, as- suming it is given by the increase in reflecting surface area within a photometric aperture due to the resulting ejecta. As expected the photometric signal increases with impactor size, but we find also that the photometric signature decreases rapidly as the target aster- oid diameter increases, due to gravitational fallback. We have used the model results to make an estimate of the impactor diameter for the (596) Scheila collision of D = 49 − 65m depending on the impactor taxonomy, which is broadly consistent with previous estimates. We varied both the strength regime (highly porous and sand/cohesive soil) and the tax- onomic type (S-, C- and D-type) to examine the effect on the magnitude change, finding that it is significant at early stages but has only a small effect on the overall lifetime of the photometric signal. Combining the results of this model with the collision frequency estimates of Bottke et al. (2005), we find that low-cadence surveys of ∼one visit per luna- tion will be insensitive to impacts on asteroids with D < 20km if relying on photometric detections.