Design and evaluation of intelligent classifier based intrusion detection system

We have discovered a novel approach of intrusion detection system using an intelligent data classifier based on a self organizing map (SOM). We have surveyed all other unsupervised intrusion detection methods, different alternative SOM based techniques and KDD winner IDS methods. This paper provides a robust designed and implemented intelligent data classifier technique based on a single large size (30x30) self organizing map (SOM) having the capability to detect all types of attacks given in the DARPA Archive 1999 the lowest false positive rate being 0.04 % and higher detection rate being 99.73% tested using full KDD data sets and 89.54% comparable detection rate and 0.18% lowest false positive rate tested using corrected data sets.

Unsupervised genetic algorithm deployed for intrusion detection

This paper represents the first step in an on-going work for designing an unsupervised method based on genetic algorithm for intrusion detection. Its main role in a broader system is to notify of an unusual traffic and in that way provide the possibility of detecting unknown attacks. Most of the machine-learning techniques deployed for intrusion detection are supervised as these techniques are generally more accurate, but this implies the need of labeling the data for training and testing which is time-consuming and error-prone. Hence, our goal is to devise an anomaly detector which would be unsupervised, but at the same time robust and accurate. Genetic algorithms are robust and able to avoid getting stuck in local optima, unlike the rest of clustering techniques. The model is verified on KDD99 benchmark dataset, generating a solution competitive with the solutions of the state-of-the-art which demonstrates high possibilities of the proposed method.

The SAFEE on-board threat detection system

Under the framework of the European Union Funded SAFEE project(1), this paper gives an overview of a novel monitoring and scene analysis system developed for use onboard aircraft in spatially constrained environments. The techniques discussed herein aim to warn on-board crew about pre-determined indicators of threat intent (such as running or shouting in the cabin), as elicited from industry and security experts. The subject matter experts believe that activities such as these are strong indicators of the beginnings of undesirable chains of events or scenarios, which should not be allowed to develop aboard aircraft. This project aimes to detect these scenarios and provide advice to the crew. These events may involve unruly passengers or be indicative of the precursors to terrorist threats. With a state of the art tracking system using homography intersections of motion images, and probability based Petri nets for scene understanding, the SAFEE behavioural analysis system automatically assesses the output from multiple intelligent sensors, and creates. recommendations that are presented to the crew using an integrated airborn user interface. Evaluation of the system is conducted within a full size aircraft mockup, and experimental results are presented, showing that the SAFEE system is well suited to monitoring people in confined environments, and that meaningful and instructive output regarding human actions can be derived from the sensor network within the cabin.

An enhanced fall detection system for elderly person monitoring using consumer home networks

Various fall-detection solutions have been previously proposed to create a reliable surveillance system for elderly people with high requirements on accuracy, sensitivity and specificity. In this paper, an enhanced fall detection system is proposed for elderly person monitoring that is based on smart sensors worn on the body and operating through consumer home networks. With treble thresholds, accidental falls can be detected in the home healthcare environment. By utilizing information gathered from an accelerometer, cardiotachometer and smart sensors, the impacts of falls can be logged and distinguished from normal daily activities. The proposed system has been deployed in a prototype system as detailed in this paper. From a test group of 30 healthy participants, it was found that the proposed fall detection system can achieve a high detection accuracy of 97.5%, while the sensitivity and specificity are 96.8% and 98.1% respectively. Therefore, this system can reliably be developed and deployed into a consumer product for use as an elderly person monitoring device with high accuracy and a low false positive rate.

Behaviour-based authentication in the built enviromnent

This paper proposes a novel method of authentication of users in secure buildings. The main objective is to investigate whether user actions in the built environment can produce consistent behavioural signatures upon which a building intrusion detection system could be based. In the process three behavioural expressions were discovered: time-invariant, co-dependent and idiosyncratic.

Real-time context-aware network security policy enforcement system (RC-NSPES)

The major technical objectives of the RC-NSPES are to provide a framework for the concurrent operation of reactive and pro-active security functions to deliver efficient and optimised intrusion detection schemes as well as enhanced and highly correlated rule sets for more effective alerts management and root-cause analysis. The design and implementation of the RC-NSPES solution includes a number of innovative features in terms of real-time programmable embedded hardware (FPGA) deployment as well as in the integrated management station. These have been devised so as to deliver enhanced detection of attacks and contextualised alerts against threats that can arise from both the network layer and the application layer protocols. The resulting architecture represents an efficient and effective framework for the future deployment of network security systems.

Instantaneous threat detection based on a semantic representation of activities, zones and trajectories

Threat detection is a challenging problem, because threats appear in many variations and differences to normal behaviour can be very subtle. In this paper, we consider threats on a parking lot, where theft of a truck’s cargo occurs. The threats range from explicit, e.g. a person attacking the truck driver, to implicit, e.g. somebody loitering and then fiddling with the exterior of the truck in order to open it. Our goal is a system that is able to recognize a threat instantaneously as they develop. Typical observables of the threats are a person’s activity, presence in a particular zone and the trajectory. The novelty of this paper is an encoding of these threat observables in a semantic, intermediate-level representation, based on low-level visual features that have no intrinsic semantic meaning themselves. The aim of this representation was to bridge the semantic gap between the low-level tracks and motion and the higher-level notion of threats. In our experiments, we demonstrate that our semantic representation is more descriptive for threat detection than directly using low-level features. We find that a person’s activities are the most important elements of this semantic representation, followed by the person’s trajectory. The proposed threat detection system is very accurate: 96.6 % of the tracks are correctly interpreted, when considering the temporal context.

Higher oxides of chlorine: absorption cross-sections of Cl2O6 and Cl2O4, the decomposition of Cl2O6, and the reactions of OClO with O and O-3

The absorption cross-sections of Cl2O6 and Cl2O4 have been obtained using a fast flow reactor with a diode array spectrometer (DAS) detection system. The absorption cross-sections at the wavelengths of maximum absorption (lambda(max)) determined in this study are those of Cl2O6: (1.47 +/- 0.15) x 10(-17) cm(2) molecule(-1), at lambda(max) = 276 nm and T = 298 K; and Cl2O4: (9.0 +/- 2.0) x 10(-19) cm(2) molecule(-1), at lambda(max) = 234 nm and T = 298 K. Errors quoted are two standard deviations together with estimates of the systematic error. The shapes of the absorption spectra were obtained over the wavelength range 200-450 nm for Cl2O6 and 200-350 nm for Cl2O4, and were normalized to the absolute cross-sections obtained at lambda(max) for each oxide, and are presented at 1 nm intervals. These data are discussed in relation to previous measurements. The reaction of O with OCIO has been investigated with the objective of observing transient spectroscopic absorptions. A transient absorption was seen, and the possibility is explored of identifying the species with the elusive sym-ClO3 or ClO4, both of which have been characterized in matrices, but not in the gas-phase. The photolysis of OCIO was also re-examined, with emphasis being placed on the products of reaction. UV absorptions attributable to one of the isomers of the ClO dimer, chloryl chloride (ClClO2) were observed; some Cl2O4 was also found at long photolysis times, when much of the ClClO2 had itself been photolysed. We suggest that reports of Cl2O6 formation in previous studies could be a consequence of a mistaken identification. At low temperatures, the photolysis of OCIO leads to the formation of Cl2O3 as a result of the addition of the ClO primary product to OCIO. ClClO2 also appears to be one product of the reaction between O-3 and OCIO, especially when the reaction occurs under explosive conditions. We studied the kinetics of the non-explosive process using a stopped-flow technique, and suggest a value for the room-temperature rate coefficient of (4.6 +/- 0.9) x 10(-19) cm(3) molecule(-1) s(-1) (limit quoted is 2sigma random errors). The photochemical and thermal decomposition of Cl2O6 is described in this paper. For photolysis at k = 254 nm, the removal of Cl2O6 is not accompanied by the build up of any other strong absorber. The implications of the results are either that the photolysis of Cl2O6 produces Cl-2 directly, or that the initial photofragments are converted rapidly to Cl-2. In the thermal decomposition of Cl2O6, Cl2O4 was shown to be a product of reaction, although not necessarily the major one. The kinetics of decomposition were investigated using the stopped-flow technique. At relatively high [OCIO] present in the system, the decay kinetics obeyed a first-order law, with a limiting first-order rate coefficient of 0.002 s(-1). (C) 2004 Elsevier B.V. All rights reserved.

Efficient FPGA-based regular expression pattern matching

An approach to the automatic generation of efficient Field Programmable Gate Arrays (FPGAs) circuits for the Regular Expression-based (RegEx) Pattern Matching problems is presented. Using a novel design strategy, as proposed, circuits that are highly area-and-time-efficient can be automatically generated for arbitrary sets of regular expressions. This makes the technique suitable for applications that must handle very large sets of patterns at high speed, such as in the network security and intrusion detection application domains. We have combined several existing techniques to optimise our solution for such domains and proposed the way the whole process of dynamic generation of FPGAs for RegEX pattern matching could be automated efficiently.

Evolving features-algorithms knowledge map to support NIDS data intelligence and learning loop architecting – a generalised approach to NIDS pattern feature space knowledge processing

This paper describes a proposed new approach to the Computer Network Security Intrusion Detection Systems (NIDS) application domain knowledge processing focused on a topic map technology-enabled representation of features of the threat pattern space as well as the knowledge of situated efficacy of alternative candidate algorithms for pattern recognition within the NIDS domain. Thus an integrative knowledge representation framework for virtualisation, data intelligence and learning loop architecting in the NIDS domain is described together with specific aspects of its deployment.

The location of lightning affecting the ionospheric sporadic-E layer as evidence for multiple enhancement mechanisms

We present a study of the geographic location of lightning affecting the ionospheric sporadic-E (Es) layer over the ionospheric monitoring station at Chilton, UK. Data from the UK Met Office's Arrival Time Difference (ATD) lightning detection system were used to locate lightning strokes in the vicinity of the ionospheric monitoring station. A superposed epoch study of this data has previously revealed an enhancement in the Es layer caused by lightning within 200km of Chilton. In the current paper, we use the same data to investigate the location of the lightning strokes which have the largest effect on the Es layer above Chilton. We find that there are several locations where the effect of lightning on the ionosphere is most significant statistically, each producing different ionospheric responses. We interpret this as evidence that there is more than one mechanism combining to produce the previously observed enhancement in the ionosphere.

Portable smartphone quantitation of prostate specific antigen (PSA) in a fluoropolymer microfluidic device

We present a new, power-free and flexible detection system named MCFphone for portable colorimetric and fluorescence quantitative sandwich immunoassay detection of prostate specific antigen (PSA). The MCFphone is composed by a smartphone integrated with a magnifying lens, a simple light source and a miniaturised immunoassay platform, the Microcapillary Film (MCF). The excellent transparency and flat geometry of fluoropolymer MCF allowed quantitation of PSA in the range 0.9 to 60 ng/ml with < 7 % precision in 13 minutes using enzymatic amplification and a chromogenic substrate. The lower limit of detection was further improved from 0.4 to 0.08 ng/ml in whole blood samples with the use of a fluorescence substrate. The MCFphone has shown capable of performing rapid (13 to 22 minutes total assay time) colorimetric quantitative and highly sensitive fluorescence tests with good %Recovery, which represents a major step in the integration of a new generation of inexpensive and portable microfluidic devices with commercial immunoassay reagents and off-the-shelf smartphone technology.

Hybrid fault detection and isolation in an heater bank of an HVAC system

In this work a hybrid technique that includes probabilistic and optimization based methods is presented. The method is applied, both in simulation and by means of real-time experiments, to the heating unit of a Heating, Ventilation Air Conditioning (HVAC) system. It is shown that the addition of the probabilistic approach improves the fault diagnosis accuracy.