Unsupervised genetic algorithm deployed for intrusion detection

This paper represents the first step in an on-going work for designing an unsupervised method based on genetic algorithm for intrusion detection. Its main role in a broader system is to notify of an unusual traffic and in that way provide the possibility of detecting unknown attacks. Most of the machine-learning techniques deployed for intrusion detection are supervised as these techniques are generally more accurate, but this implies the need of labeling the data for training and testing which is time-consuming and error-prone. Hence, our goal is to devise an anomaly detector which would be unsupervised, but at the same time robust and accurate. Genetic algorithms are robust and able to avoid getting stuck in local optima, unlike the rest of clustering techniques. The model is verified on KDD99 benchmark dataset, generating a solution competitive with the solutions of the state-of-the-art which demonstrates high possibilities of the proposed method.

Design and evaluation of intelligent classifier based intrusion detection system

We have discovered a novel approach of intrusion detection system using an intelligent data classifier based on a self organizing map (SOM). We have surveyed all other unsupervised intrusion detection methods, different alternative SOM based techniques and KDD winner IDS methods. This paper provides a robust designed and implemented intelligent data classifier technique based on a single large size (30x30) self organizing map (SOM) having the capability to detect all types of attacks given in the DARPA Archive 1999 the lowest false positive rate being 0.04 % and higher detection rate being 99.73% tested using full KDD data sets and 89.54% comparable detection rate and 0.18% lowest false positive rate tested using corrected data sets.

Evolving features-algorithms knowledge map to support NIDS data intelligence and learning loop architecting – a generalised approach to NIDS pattern feature space knowledge processing

This paper describes a proposed new approach to the Computer Network Security Intrusion Detection Systems (NIDS) application domain knowledge processing focused on a topic map technology-enabled representation of features of the threat pattern space as well as the knowledge of situated efficacy of alternative candidate algorithms for pattern recognition within the NIDS domain. Thus an integrative knowledge representation framework for virtualisation, data intelligence and learning loop architecting in the NIDS domain is described together with specific aspects of its deployment.

Efficient FPGA-based regular expression pattern matching

An approach to the automatic generation of efficient Field Programmable Gate Arrays (FPGAs) circuits for the Regular Expression-based (RegEx) Pattern Matching problems is presented. Using a novel design strategy, as proposed, circuits that are highly area-and-time-efficient can be automatically generated for arbitrary sets of regular expressions. This makes the technique suitable for applications that must handle very large sets of patterns at high speed, such as in the network security and intrusion detection application domains. We have combined several existing techniques to optimise our solution for such domains and proposed the way the whole process of dynamic generation of FPGAs for RegEX pattern matching could be automated efficiently.

Real-time context-aware network security policy enforcement system (RC-NSPES)

The major technical objectives of the RC-NSPES are to provide a framework for the concurrent operation of reactive and pro-active security functions to deliver efficient and optimised intrusion detection schemes as well as enhanced and highly correlated rule sets for more effective alerts management and root-cause analysis. The design and implementation of the RC-NSPES solution includes a number of innovative features in terms of real-time programmable embedded hardware (FPGA) deployment as well as in the integrated management station. These have been devised so as to deliver enhanced detection of attacks and contextualised alerts against threats that can arise from both the network layer and the application layer protocols. The resulting architecture represents an efficient and effective framework for the future deployment of network security systems.

Behaviour-based authentication in the built enviromnent

This paper proposes a novel method of authentication of users in secure buildings. The main objective is to investigate whether user actions in the built environment can produce consistent behavioural signatures upon which a building intrusion detection system could be based. In the process three behavioural expressions were discovered: time-invariant, co-dependent and idiosyncratic.

Kinetic studies of reactions of the nitrate radical (NO3) with peroxy radicals (RO2): an indirect source of OH at night?

A discharge-flow system, coupled to cavity-enhanced absorption spectroscopy (CEAS) detection systems for NO3 at lambda = 662 nm and NO2 at lambda = 404 nm, was used to investigate the kinetics of the reactions of NO3 with eight peroxy radicals at P similar to 5 Torr and T similar to 295 K. Values of the rate constants obtained were (k/10(-12) cm(3) molecule(-1) s(-1)): CH3O2 (1.1 +/- 0.5), C2H5O2 (2.3 +/- 0.7), CH2FO2 (1.4 +/- 0.9), CH2ClO2 (3.8(-2.6)(+1.4)), c-C5H9O2 (1.2(-0.5)(+1.1)), c-C6H11O2 (1.9 +/- 0.7), CF3O2 (0.62 +/- 0.17) and CF3CFO2CF3 (0.24 +/- 0.13). We explore possible relationships between k and the orbital energies of the reactants. We also provide a brief discussion of the potential impact of the reactions of NO3 with RO2 on the chemistry of the night-time atmosphere.

Structurally-related (−)-epicatechin metabolites in humans: assessment using de novo chemically synthesized authentic standards

Accumulating data suggest that diets rich in flavanols and procyanidins are beneficial for human health. In this context, there has been a great interest in elucidating the systemic levels and metabolic profiles at which these compounds occur in humans. While recent progress has been made, there still exist considerable differences and various disagreements with regard to the mammalian metabolites of these compounds, which in turn is largely a consequence of the lack of availability of authentic standards that would allow for the directed development and validation of expedient analytical methodologies. In the present study, we developed a method for the analysis of structurally-related flavanol metabolites using a wide range of authentic standards. Applying this method in the context of a human dietary intervention study using comprehensively characterized and standardized flavanol- and procyanidin-containing cocoa, we were able to identify the structurally-related (−)-epicatechin metabolites (SREM) postprandially extant in the systemic circulation of humans. Our results demonstrate that (−)-epicatechin-3′-β-D-glucuronide, (−)-epicatechin-3′-sulfate, and a 3′-O-methyl(−)-epicatechin-5/7-sulfate are the predominant SREM in humans, and further confirm the relevance of the stereochemical configuration in the context of flavanol metabolism. In addition, we also identified plausible causes for the previously reported discrepancies regarding flavanol metabolism, consisting to a significant extent of inter-laboratory differences in sample preparation (enzymatic treatment and sample conditioning for HPLC analysis) and detection systems. Thus, these findings may also aid in the establishment of consensus on this topic.

Determination of the embedded thermo-optical expansion coefficients of PbTe and ZnSe thin film infrared multilayers

This paper reports the first derived thermo-optical properties for vacuum deposited infrared thin films embedded in multilayers. These properties were extracted from the temperature-dependence of manufactured narrow bandpass filters across the 4-17 µm mid-infrared wavelength region. Using a repository of spaceflight multi-cavity bandpass filters, the thermo-optical expansion coefficients of PbTe and ZnSe were determined across an elevated temperature range 20-160 ºC. Embedded ZnSe films showed thermo-optical properties similar to reported bulk values, whilst the embedded PbTe films of lower optical density, deviate from reference literature sources. Detailed knowledge of derived coefficients is essential to the multilayer design of temperature-invariant narrow bandpass filters for use in non-cooled infrared detection systems. We further present manufacture of the first reported temperature-invariant multi-cavity narrow bandpass filter utilizing PbS chalcogenide layer material.

Evaluation of probabilistic occupancy map people detection for surveillance systems

In this paper, we evaluate the Probabilistic Occupancy Map (POM) pedestrian detection algorithm on the PETS 2009 benchmark dataset. POM is a multi-camera generative detection method, which estimates ground plane occupancy from multiple background subtraction views. Occupancy probabilities are iteratively estimated by fitting a synthetic model of the background subtraction to the binary foreground motion. Furthermore, we test the integration of this algorithm into a larger framework designed for understanding human activities in real environments. We demonstrate accurate detection and localization on the PETS dataset, despite suboptimal calibration and foreground motion segmentation input.

Signal detection for orthogonal space-time block coding over time-selective fading channels: the H(i) systems

One major assumption in all orthogonal space-time block coding (O-STBC) schemes is that the channel remains static over the length of the code word. However, time-selective fading channels do exist, and in such case conventional O-STBC detectors can suffer from a large error floor in the high signal-to-noise ratio (SNR) cases. As a sequel to the authors' previous papers on this subject, this paper aims to eliminate the error floor of the H(i)-coded O-STBC system (i = 3 and 4) by employing the techniques of: 1) zero forcing (ZF) and 2) parallel interference cancellation (PIC). It is. shown that for an H(i)-coded system the PIC is a much better choice than the ZF in terms of both performance and computational complexity. Compared with the, conventional H(i) detector, the PIC detector incurs a moderately higher computational complexity, but this can well be justified by the enormous improvement.

Signal detection for orthogonal space-time block coding over time-selective fading channels: a PIC approach for the Gi Systems

One major assumption in all orthogonal space-time block coding (O-STBC) schemes is that the channel remains static over the entire length of the codeword. However, time selective fading channels do exist, and in such case the conventional O-STBC detectors can suffer from a large error floor in the high signal-to-noise ratio (SNR) cases. This paper addresses such an issue by introducing a parallel interference cancellation (PIC) based detector for the Gi coded systems (i=3 and 4).

Space-time multirate blind multiuser detection for synchronous DS/CDMA systems

This paper proposes the subspace-based space-time (ST) dual-rate blind linear detectors for synchronous DS/CDMA systems, which can be viewed as the ST extension of our previously presented purely temporal dual-rate blind linear detectors. The theoretical analyses on their performances are also carried out. Finally, the two-stage ST blind detectors are presented, which combine the adaptive purely temporal dual-rate blind MMSE filters with the non-adaptive beamformer. Their adaptive stages with parallel structure converge much faster than the corresponding adaptive ST dual-rate blind MMSE detectors, while having a comparable computational complexity to the latter.