Watermark-only security attack on DM-QIM watermarking:vulnerability to guided key guessing

This paper addresses the security of a specific class of common watermarking methods based on Dither modulation-quantisation index modulation (DM-QIM) and focusing on watermark-only attacks (WOA). The vulnerabilities of and probable attacks on lattice structure based watermark embedding methods have been presented in the literature. DM-QIM is one of the best known lattice structure based watermarking techniques. In this paper, the authors discuss a watermark-only attack scenario (the attacker has access to a single watermarked content only). In the literature it is an assumption that DM-QIM methods are secure to WOA. However, the authors show that the DM-QIM based embedding method is vulnerable against a guided key guessing attack by exploiting subtle statistical regularities in the feature space embeddings for time series and images. Using a distribution-free algorithm, this paper presents an analysis of the attack and numerical results for multiple examples of image and time series data.

Government preparedness:using simulation to prepare for a terrorist attack

The heightened threat of terrorism has caused governments worldwide to plan for responding to large-scale catastrophic incidents. In England the New Dimension Programme supplies equipment, procedures and training to the Fire and Rescue Service to ensure the country's preparedness to respond to a range of major critical incidents. The Fire and Rescue Service is involved partly by virtue of being able to very quickly mobilize a large skilled workforce and specialist equipment. This paper discusses the use of discrete event simulation modeling to understand how a fire and rescue service might position its resources before an incident takes place, to best respond to a combination of different incidents at different locations if they happen. Two models are built for this purpose. The first model deals with mass decontamination of a population following a release of a hazardous substance—aiming to study resource requirements (vehicles, equipment and manpower) necessary to meet performance targets. The second model deals with the allocation of resources across regions—aiming to study cover level and response times, analyzing different allocations of resources, both centralized and decentralized. Contributions to theory and practice in other contexts (e.g. the aftermath of natural disasters such as earthquakes) are outlined.

Neurophysiological investigations for the diagnosis of non-epileptic attack disorder in neuropsychiatry services:from safety standards to improved effectiveness

OBJECTIVE: The discipline of clinical neuropsychiatry currently provides specialised services for a number of conditions that cross the traditional boundaries of neurology and psychiatry, including non-epileptic attack disorder. Neurophysiological investigations have an important role within neuropsychiatry services, with video-electroencephalography (EEG) telemetry being the gold standard investigation for the differential diagnosis between epileptic seizures and non-epileptic attacks. This article reviews existing evidence on best practices for neurophysiology investigations, with focus on safety measures for video-EEG telemetry. METHODS: We conducted a systematic literature review using the PubMed database in order to identify the scientific literature on the best practices when using neurophysiological investigations in patients with suspected epileptic seizures or non-epileptic attacks. RESULTS: Specific measures need to be implemented for video-EEG telemetry to be safely and effectively carried out by neuropsychiatry services. A confirmed diagnosis of non-epileptic attack disorder following video-EEG telemetry carried out within neuropsychiatry units has the inherent advantage of allowing diagnosis communication and implementation of treatment strategies in a timely fashion, potentially improving clinical outcomes and cost-effectiveness significantly. CONCLUSION: The identified recommendations set the stage for the development of standardised guidelines to enable neuropsychiatry services to implement streamlined and evidence-based care pathways.

Biological fluorination from the sea : discovery of a SAM-dependent nucleophilic fluorinating enzyme from the marine-derived bacterium Streptomyces xinghaiensis NRRL B24674

We thank Prof. David O’Hagan and Dr Qingzhi Zhang (University of St Andrews, UK) for their helpful discussion and for providing the synthetic 50 -FDA sample. This work is supported by National Natural Science Foundation of China (No. 81503086), a starting funding (No. 20140520) from Tianjin University of Science & Technology, a research funding of “1000 Talents Plan” of Tianjin (to LM) and Foundation of Key Laboratory of Industrial Fermentation Microbiology of Ministry of Education and Tianjin Key Lab of Industrial Microbiology (No. 2015IM106)

Mitigate DoS and DDoS Attack in Ad Hoc Networks

This paper proposes a technique to defeat Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in Ad Hoc Networks. The technique is divided into two main parts and with game theory and cryptographic puzzles. Introduced first is a new client puzzle to prevent DoS attacks in such networks. The second part presents a multiplayer game that takes place between the nodes of an ad hoc network and based on fundamental principles of game theory. By combining computational problems with puzzles, improvement occurs in the efficiency and latency of the communicating nodes and resistance in DoS and DDoS attacks. Experimental results show the effectiveness of the approach for devices with limited resources and for environments like ad hoc networks where nodes must exchange information quickly.

Oceans Deep: Lesson B (Shark Attack)

Teacher resources for Lesson B in the Discover Oceanography 'Scheme of Work' for use in schools.

Attack simulation based software protection assessment method

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.

Analysis of Automotive Cybersecurity - Attack surfaces and users’ privacy concerns

Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.

Applied web traffic analysis for numerical encoding of SQL Injection attack features.

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.

Early analysis of fault-attack effects for cryptographic hardware

International audience

Patterns of Play in the Fast attack of F. C. Barcelona, Manchester United and F. C. Internazionale Milano: a Mixed Method Approach

This study aimed to detect and analyse regular patterns of play in fast attack of football teams, through the combination of the sequential analysis technique and semi-structured interviews to experienced first League Portuguese coaches. The sample included 36 games (12 games of the respective national leagues per team) of the F.C. Barcelona, Inter Milan, and Manchester United teams that were coded with the observational instrument tool developed by Sarmento et al. (2010) and the data analysed through sequential analysis with the software SDIS-GSEQ 5.0. Based on the detected patterns, semi-structured interviews were carried out to 8 expert high-performance football coaches and data were analysed through the content analysis technique using the software NVivo 10. The detected patterns of play revealed specific characteristics of the teams under study. The combination of the results of sequential analysis with the qualitative interviews to the professional coaches proved to be very fruitful in this game the analysis of scope, allowing reconcile scientific knowledge with practical interpretation of coaches who develop their tasks in the field.

Cyber security in home and small office local area networks - Attack vectors and vulnerabilities

This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not many papers present full scale attack examples towards LAN. First this thesis categorizes different security threads and later in the paper methods to launch the attacks are shown by example. Offensive security and penetration testing is used as research methods in this thesis. As a result of this thesis an attack is conducted using vulnerabilities in WLAN, ARP protocol, browser as well as methods of social engineering. In the end reverse shell access is gained to the target machine. Ready-made tools are used in the attack and their inner workings are described. Prevention methods are presented towards the attacks in the end of the thesis.