Information Fusion for Anomaly Detection with the Dendritic Cell Algorithm

Dendritic cells are antigen presenting cells that provide a vital link between the innate and adaptive immune system, providing the initial detection of pathogenic invaders. Research into this family of cells has revealed that they perform information fusion which directs immune responses. We have derived a Dendritic Cell Algorithm based on the functionality of these cells, by modelling the biological signals and differentiation pathways to build a control mechanism for an artificial immune system. We present algorithmic details in addition to experimental results, when the algorithm was applied to anomaly detection for the detection of port scans. The results show the Dendritic Cell Algorithm is successful at detecting port scans.

Introducting Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection

Dendritic cells are antigen presenting cells that provide a vital link between the innate and adaptive immune system. Research into this family of cells has revealed that they perform the role of coordinating T-cell based immune responses, both reactive and for generating tolerance. We have derived an algorithm based on the functionality of these cells, and have used the signals and differentiation pathways to build a control mechanism for an artificial immune system. We present our algorithmic details in addition to some preliminary results, where the algorithm was applied for the purpose of anomaly detection. We hope that this algorithm will eventually become the key component within a large, distributed immune system, based on sound imnological concepts.

An Immune Inspired Approach to Anomaly Detection

The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early artificial immune system approaches for computer security had only limited success. Arguably, this was due to these artificial systems being based on too simplistic a view of the immune system. We present here a second generation artificial immune system for process anomaly detection. It improves on earlier systems by having different artificial cell types that process information. Following detailed information about how to build such second generation systems, we find that communication between cells types is key to performance. Through realistic testing and validation we show that second generation artificial immune systems are capable of anomaly detection beyond generic system policies. The paper concludes with a discussion and outline of the next steps in this exciting area of computer security.

Dempster-Shafer for Anomaly Detection

In this paper, we implement an anomaly detection system using the Dempster-Shafer method. Using two standard benchmark problems we show that by combining multiple signals it is possible to achieve better results than by using a single signal. We further show that by applying this approach to a real-world email dataset the algorithm works for email worm detection. Dempster-Shafer can be a promising method for anomaly detection problems with multiple features (data sources), and two or more classes.

Dendritic Cells for Real-Time Anomaly Detection

Dendritic Cells (DCs) are innate immune system cells which have the power to activate or suppress the immune system. The behaviour of human DCs is abstracted to form an algorithm suitable for anomaly detection. We test this algorithm on the real-time problem of port scan detection. Our results show a significant difference in artificial DC behaviour for an outgoing portscan when compared to behaviour for normal processes.

Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human immune system. DCs perform the vital role of combining signals from the host tissue and correlate these signals with proteins known as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.

'Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection'

Abstract. Dendritic cells are antigen presenting cells that provide a vital link between the innate and adaptive immune system. Research into this family of cells has revealed that they perform the role of coordinating T-cell based immune responses, both reactive and for generating tolerance. We have derived an algorithm based on the functionality of these cells, and have used the signals and differentiation pathways to build a control mechanism for an artificial immune system. We present our algorithmic details in addition to some preliminary results, where the algorithm was applied for the purpose of anomaly detection. We hope that this algorithm will eventually become the key component within a large, distributed immune system, based on sound immunological concepts.

Anomaly diagnosis in ceramic claddings by thermography - A review

With the increasing importance given to building rehabilitation comes the need to create simple, fast and non-destructive testing methods (NDT) to identify problems and for anomaly diagnosis. Ceramic tiles are one of the most typical kinds of exterior wall cladding in several countries; the earliest known examples are Egyptian dating from 4000 BC. This type of building facade coating, though being quite often used in due to its aesthetic and architectural characteristics, is one of the most complex that can be applied given the several parts from which it is composed; hence, it is also one of the most difficult to correctly diagnose with expeditious methods. The detachment of ceramic wall tiles is probably the most common and difficult to identify anomaly associated with this kind of cladding and it is also definitely the one that can compromise security the most. Thus, it is necessary to study a process of inspection more efficient and economic than the currently used which often consist in semi-destructive methods (the most common is the pull off test), that can only be used in a small part of the building at a time, allowing some assumptions of what can the rest of the cladding be like. Infrared thermography (IRT) is a NDT with a wide variety of applications in building inspection that is becoming commonly used to identify anomalies related with thermal variations in the inspected surfaces. Few authors have studied the application of IRT in anomalies associated with ceramic claddings claiming that the presence of air or water beneath the superficial layer will influence the heat transfer in a way that can be detected in both a qualitative and a quantitative way by the thermal camera, providing information about the state of the wall in a much broad area per trial than other methods commonly used nowadays. This article intends to present a review of the state of art of this NDT and its potentiality in becoming a more efficient way to diagnose anomalies in ceramic wall claddings.

On the effect of Arabian Sea and Indian Ocean sea surface temperature anomaly on the monsoon rainfall of south-east of Iran

Southeast region of the country has hot and dry weather which causes to happen heavy rainfall in short time period of warm seasons and to occur river flooding. These precipitations are influenced by monsoon system of India ocean. In these thesis, It was tried to evaluate the relation between thermal anomaly of sea surface in India ocean and Arab sea which effects on southeast monsoon precipitations of Iran, For evaluation of this happening in southeast, data were collected from 7 synoptic observation stations of Bandar Abbas, Minab, Kerman , Bam, Chabahar, Iranshahr, Zahedan and 17 rain gauge stations during June to September of each year from 1980 to 2010. Rainy days were determine and then some information about synoptic circulation models, maps of average pressure of sea surface, geopotential height of 700hP surface, geopotential height of 500hP surface, temperature of 850 hPa surface, humidity of 700 hPa surface, vertical velocity of 700 hPa surface, vertical velocity of 500 hP and humidity of 2 meters height for 6 systems were extracted from NCEP/NCAR website for evaluation. By evaluation of these systems it was determined that the monsoon low pressure system tab brings needed humidity of these precipitations to this region from India ocean and Arab sea with a vast circulation. It is seen that warm air pool locates on Iran and cold air pool locates on west of India at 800 hPa surface. In a rainy day this warm air transfers to high latitudes and influences the temperature trough of southeast cold air pool of the country. In the middle surfaces of 700 and 500 hPa, the connection between low height system above India and low height system above the higher latitudes causes the low height system above India to be strength and developed. By evaluation of humidity at 2 meters height and 700 hPa surface we observe that humidity Increases in the southeast region. With penetrating of the low height system of India above the 700 and 500 hPa surfaces of southeast of Iran, the value of negative omega (Rising vertical velocity) is increased. In the second pace, it was shown the evaluation of how the correlation between sea surface temperature anomaly in India Ocean and Arab sea influences southeast monsoon precipitation of Iran. For this purpose the data of water surface temperature anomaly of Arab sea and India ocean, the data of precipitation anomaly of 7 synoptic stations , mentioned above, and correlation coefficient among the data of precipitation anomaly and water surface temperature anomaly of Arab Sea, east and west of India ocean were calculated. In conclusion it was shown that the maximum correlation coefficient of precipitation anomaly had belonged to India Ocean in June and no meaningful correlation was resulted in July among precipitation anomaly and sea surface temperature anomaly for three regions, which were evaluated.

On the trace anomaly of a Weyl fermion

La seguente tesi si sviluppa in tre parti: un'introduzione alle simmetrie conformi e di scala, una parte centrale dedicata alle anomalie quantistiche ed una terza parte dedicata all'anomalia di traccia per fermioni. Nella seconda parte in particolare si introduce il metodo di calcolo alla Fujikawa e si discute la scelta di regolatori adeguati ed un metodo per ottenerli, si applicano poi questi metodi ai campi, scalare e vettoriale, per l'anomalia di traccia in spazio curvo. Nell'ultimo capitolo si calcolano le anomalie di traccia per un fermione di Dirac e per uno di Weyl; la motivazione per calcolare queste anomalie nasce dal fatto che recenti articoli hanno suggerito che possa emergere un termine immaginario proporzionale alle densità di Pontryagin nell'anomalia di Weyl. Noi non abbiamo trovato questo termine e il risultato è che l'anomalia di traccia risulta essere metà di quella per il caso di Dirac.

Adaptive unsupervised learning of human actions

Automatic detection of suspicious activities in CCTV camera feeds is crucial to the success of video surveillance systems. Such a capability can help transform the dumb CCTV cameras into smart surveillance tools for fighting crime and terror. Learning and classification of basic human actions is a precursor to detecting suspicious activities. Most of the current approaches rely on a non-realistic assumption that a complete dataset of normal human actions is available. This paper presents a different approach to deal with the problem of understanding human actions in video when no prior information is available. This is achieved by working with an incomplete dataset of basic actions which are continuously updated. Initially, all video segments are represented by Bags-Of-Words (BOW) method using only Term Frequency-Inverse Document Frequency (TF-IDF) features. Then, a data-stream clustering algorithm is applied for updating the system's knowledge from the incoming video feeds. Finally, all the actions are classified into different sets. Experiments and comparisons are conducted on the well known Weizmann and KTH datasets to show the efficacy of the proposed approach.

Intrusion detection techniques in wireless local area networks

This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.

A role mining inspired approach to representing user behaviour in ERP systems

Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the most predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.

Poverty in perception : a study of the twentieth-century prime ministers of Australia and New Zealand

Australia and New Zealand, as English-speaking nations with dominant white populations, present an ethnic anomaly not only in South East Asia, but also in the Southern Hemisphere. Colonised by predominantly workingclass British immigrants from the late eighteenth century, an ethnic and cultural connection grew between these two countries even though their indigenous populations and ecological environments were otherwise very different. Building a new life in Australia and New Zealand, the colonists shared similar historic perceptions of poverty – perceptions from their homelands that they did not want to see replicated in their new adopted countries. Dreams of a better life shaped their aspirations, self-identity and nationalistic outlook. By the twentieth century, national independence and self-government had replaced British colonial rule. The inveterate occurrence of poverty in Australia and New Zealand had created new local perspectives and different perceptions of, and about, poverty. This study analyses what relationship existed between the political directions adopted by the twentieth-century prime ministers of Australia and New Zealand and their perceptions of poverty. Using the existential phenomenological theory and methodology of Maurice Merleau-Ponty, the study adds to the body of knowledge about poverty in Australia and New Zealand by revealing the structure and origin of the poverty perceptions of the twentieth-century prime ministers.

Transaction mining for fraud detection in ERP Systems

Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour, and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.