987 resultados para MAFIC INTRUSION
Resumo:
We propose CIMD (Collaborative Intrusion and Malware Detection), a scheme for the realization of collaborative intrusion detection approaches. We argue that teams, respectively detection groups with a common purpose for intrusion detection and response, improve the measures against malware. CIMD provides a collaboration model, a decentralized group formation and an anonymous communication scheme. Participating agents can convey intrusion detection related objectives and associated interests for collaboration partners. These interests are based on intrusion objectives and associated interests for collaboration partners. These interests are based on intrusion detection related ontology, incorporating network and hardware configurations and detection capabilities. Anonymous Communication provided by CIMD allows communication beyond suspicion, i.e. the adversary can not perform better than guessing an IDS to be the source of a message at random. The evaluation takes place with the help of NeSSi² (www.nessi2.de), the Network Security Simulator, a dedicated environment for analysis of attacks and countermeasures in mid-scale and large-scale networks. A CIMD prototype is being built based on the JIAC agent framework(www.jiac.de).
Resumo:
Small-angle and ultra-small-angle neutron scattering (SANS and USANS), low-pressure adsorption (N2 and CO2), and high-pressure mercury intrusion measurements were performed on a suite of North American shale reservoir samples providing the first ever comparison of all these techniques for characterizing the complex pore structure of shales. The techniques were used to gain insight into the nature of the pore structure including pore geometry, pore size distribution and accessible versus inaccessible porosity. Reservoir samples for analysis were taken from currently-active shale gas plays including the Barnett, Marcellus, Haynesville, Eagle Ford, Woodford, Muskwa, and Duvernay shales. Low-pressure adsorption revealed strong differences in BET surface area and pore volumes for the sample suite, consistent with variability in composition of the samples. The combination of CO2 and N2 adsorption data allowed pore size distributions to be created for micro–meso–macroporosity up to a limit of �1000 Å. Pore size distributions are either uni- or multi-modal. The adsorption-derived pore size distributions for some samples are inconsistent with mercury intrusion data, likely owing to a combination of grain compression during high-pressure intrusion, and the fact that mercury intrusion yields information about pore throat rather than pore body distributions. SANS/USANS scattering data indicate a fractal geometry (power-law scattering) for a wide range of pore sizes and provide evidence that nanometer-scale spatial ordering occurs in lower mesopore–micropore range for some samples, which may be associated with inter-layer spacing in clay minerals. SANS/USANS pore radius distributions were converted to pore volume distributions for direct comparison with adsorption data. For the overlap region between the two methods, the agreement is quite good. Accessible porosity in the pore size (radius) range 5 nm–10 lm was determined for a Barnett shale sample using the contrast matching method with pressurized deuterated methane fluid. The results demonstrate that accessible porosity is pore-size dependent.
Resumo:
The objective of this PhD research program is to investigate numerical methods for simulating variably-saturated flow and sea water intrusion in coastal aquifers in a high-performance computing environment. The work is divided into three overlapping tasks: to develop an accurate and stable finite volume discretisation and numerical solution strategy for the variably-saturated flow and salt transport equations; to implement the chosen approach in a high performance computing environment that may have multiple GPUs or CPU cores; and to verify and test the implementation. The geological description of aquifers is often complex, with porous materials possessing highly variable properties, that are best described using unstructured meshes. The finite volume method is a popular method for the solution of the conservation laws that describe sea water intrusion, and is well-suited to unstructured meshes. In this work we apply a control volume-finite element (CV-FE) method to an extension of a recently proposed formulation (Kees and Miller, 2002) for variably saturated groundwater flow. The CV-FE method evaluates fluxes at points where material properties and gradients in pressure and concentration are consistently defined, making it both suitable for heterogeneous media and mass conservative. Using the method of lines, the CV-FE discretisation gives a set of differential algebraic equations (DAEs) amenable to solution using higher-order implicit solvers. Heterogeneous computer systems that use a combination of computational hardware such as CPUs and GPUs, are attractive for scientific computing due to the potential advantages offered by GPUs for accelerating data-parallel operations. We present a C++ library that implements data-parallel methods on both CPU and GPUs. The finite volume discretisation is expressed in terms of these data-parallel operations, which gives an efficient implementation of the nonlinear residual function. This makes the implicit solution of the DAE system possible on the GPU, because the inexact Newton-Krylov method used by the implicit time stepping scheme can approximate the action of a matrix on a vector using residual evaluations. We also propose preconditioning strategies that are amenable to GPU implementation, so that all computationally-intensive aspects of the implicit time stepping scheme are implemented on the GPU. Results are presented that demonstrate the efficiency and accuracy of the proposed numeric methods and formulation. The formulation offers excellent conservation of mass, and higher-order temporal integration increases both numeric efficiency and accuracy of the solutions. Flux limiting produces accurate, oscillation-free solutions on coarse meshes, where much finer meshes are required to obtain solutions with equivalent accuracy using upstream weighting. The computational efficiency of the software is investigated using CPUs and GPUs on a high-performance workstation. The GPU version offers considerable speedup over the CPU version, with one GPU giving speedup factor of 3 over the eight-core CPU implementation.
Resumo:
This paper presents a new framework for distributed intrusion detection based on taint marking. Our system tracks information flows between applications of multiple hosts gathered in groups (i.e., sets of hosts sharing the same distributed information flow policy) by attaching taint labels to system objects such as files, sockets, Inter Process Communication (IPC) abstractions, and memory mappings. Labels are carried over the network by tainting network packets. A distributed information flow policy is defined for each group at the host level by labeling information and defining how users and applications can legally access, alter or transfer information towards other trusted or untrusted hosts. As opposed to existing approaches, where information is most often represented by two security levels (low/high, public/private, etc.), our model identifies each piece of information within a distributed system, and defines their legal interaction in a fine-grained manner. Hosts store and exchange security labels in a peer to peer fashion, and there is no central monitor. Our IDS is implemented in the Linux kernel as a Linux Security Module (LSM) and runs standard software on commodity hardware with no required modification. The only trusted code is our modified operating system kernel. We finally present a scenario of intrusion in a web service running on multiple hosts, and show how our distributed IDS is able to report security violations at each host level.
Resumo:
Introduction: Ten years after the publication of Elaborated Intrusion (EI) Theory, there is now substantial research into its key predictions. The distinction between intrusive thoughts, which are driven by automatic processes, and their elaboration, involving controlled processing, is well established. Desires for both addictive substances and other desired targets are typically marked by imagery, especially when they are intense. Attention training strategies such as body scanning reduce intrusive thoughts, while concurrent tasks that introduce competing sensory information interfere with elaboration, especially if they compete for the same limited-capacity working memory resources. Conclusion: EI Theory has spawned new assessment instruments that are performing strongly and offer the ability to more clearly delineate craving from correlated processes. It has also inspired new approaches to treatment. In particular, training people to use vivid sensory imagery for functional goals holds promise as an intervention for substance misuse, since it is likely to both sustain motivation and moderate craving.
Resumo:
Geochemical and Rb---Sr isotope studies indicate that the meta-anorthosites of Holénarasipur, occurring as minor differentiates in ultramafic-mafic complex are igneous intrusives with cumulus character, emplaced around 3095 m.y. ago. The fine-grained nature is secondary; relict cumulus features are preserved in less deformed bodies. In major element chemistry, they compare well with other Archean anorthosites. Abundance levels of Ti, Zr, Y and P indicate the evolution through crystal fractionation of a parental magma; cumulus olivine and pyroxenes dominated chemistry for ultramafites, cumulus plagioclase and possibly clinopyroxene controlled chemistry for anorthosite-gabbros and cumulus magnetite in magnetite-gabbros. Magnetite is not an early cumulate. REE geochemistry is dominated by plagioclase with low abundance levels, slightly LREE enriched and variable positive Eu anomaly. Sr and Image values vary with An content in plagioclase. Isotopic studies show low initial Image (=0.7016) indicating that Rb---Sr isochron age represents the time of intrusion rather than the time of metamorphism.
Resumo:
Various intrusion detection systems (IDSs) reported in the literature have shown distinct preferences for detecting a certain class of attack with improved accuracy, while performing moderately on the other classes. In view of the enormous computing power available in the present-day processors, deploying multiple IDSs in the same network to obtain best-of-breed solutions has been attempted earlier. The paper presented here addresses the problem of optimizing the performance of IDSs using sensor fusion with multiple sensors. The trade-off between the detection rate and false alarms with multiple sensors is highlighted. It is illustrated that the performance of the detector is better when the fusion threshold is determined according to the Chebyshev inequality. In the proposed data-dependent decision ( DD) fusion method, the performance optimization of ndividual IDSs is first addressed. A neural network supervised learner has been designed to determine the weights of individual IDSs depending on their reliability in detecting a certain attack. The final stage of this DD fusion architecture is a sensor fusion unit which does the weighted aggregation in order to make an appropriate decision. This paper theoretically models the fusion of IDSs for the purpose of demonstrating the improvement in performance, supplemented with the empirical evaluation.
Resumo:
Intrusion (unauthorized stepping-into/staying-in a hazardous area), as a common type of near-miss, is the prime cause of the majority of incidents on construction sites including fall from heights, and striking against or being struck by moving objects. Accidents often occur because workers take shortcuts moving about the site without fully perceiving the potential dangers. A number of researches have been devoted to developing methods to prevent such behaviors mainly based on the theory of Behavior-Based Safety (BBS), which aims to cultivate safety behaviors among workers in accordance with safety regulations. In current BBS practice, trained observers and safety supervisors are responsible for safety behavior inspections following safety plans and operation regulations. The observation process is time-consuming and its effectiveness depends largely on the observer’s safety knowledge and experience, which often results in omissions or bias. This paper presents a reformed safety behavior modification approach by integrating a location-based technology with BBS. Firstly, a detailed background is provided, covering current intrusion problems on site, existing use of BBS for behavior improvement, difficulties in achieving widespread adoption and potential technologies for location tracking and in-time feedback. Then, a conceptual framework of positioning technology-enhanced BBS is developed, followed by details of the corresponding on-line supporting system, Real Time Location System (RTLS) and Virtual Construction System (VCS). The application of the system is then demonstrated and tested in a construction site in Hong Kong. Final comments are made concerning further research direction and prospects for wider adoption.
Resumo:
This study brings new insights into the magmatic evolution of natural F-enriched peraluminous granitic systems. The Artjärvi, Sääskjärvi and Kymi granite stocks within the 1.64 Ga Wiborg rapakivi granite batholith have been investigated by petrographic, geochemical, experimental and melt inclusion methods. These stocks represent late-stage leucocratic and weakly peraluminous intrusive phases typical of rapakivi granites worldwide. The Artjärvi and Sääskjärvi stocks are multiphase intrusions in which the most evolved phase is topaz granite. The Kymi stock contains topaz throughout and has a well-developed zoned structure, from the rim to the center: stockscheider pegmatite equigranular topaz granite porphyritic topaz granite. Geochemically the topaz granites are enriched in F, Li, Be, Ga, Rb, Sn and Nb and depleted in Mg, Fe, Ti, Ba, Sr, Zr and Eu. The anomalous geochemistry and mineralogy of the topaz granites are essentially magmatic in origin; postmagmatic reactions have only slightly modified the compositions. The Kymi equigranular topaz granite shows the most evolved character, and the topaz granites at Artjärvi and Sääskjärvi resemble the less evolved porphyritic topaz granite of the Kymi stock. Stockscheiders are found at the roof contacts of the Artjärvi and Kymi stocks. The stockscheider at Artjärvi is composed of biotite-rich schlieren and pegmatite layers parallel to the contact. The schlieren layering is considered to have formed by velocity-gradient sorting mechanism parallel to the flow, which led to the accumulation of mafic minerals along the upper contact of the topaz granite. Cooling and contraction of the topaz granite formed fractures parallel to the roof contact and residual pegmatite magmas were injected along the fractures and formed the pegmatite layers. The zoned structure of the Kymi stock is the result of intrusion of highly evolved residual melt from deeper parts of the magma chamber along the fractured contact between the porphyritic granite crystal mush and country rock. The equigranular topaz granite and marginal pegmatite (stockscheider) crystallized from this evolved melt. Phase relations of the Kymi equigranular topaz granite have been investigated utilizing crystallization experiments at 100 to 500 MPa as a function of water activity and F content. Fluorite and topaz can crystallize as liquidus phases in F-rich peraluminous systems, but the F content of the melt should exceed 2.5 - 3.0 wt % to facilitate crystallization of topaz. In peraluminous F-bearing melts containing more than 1 wt % F, topaz and muscovite are expected to be the first F-bearing phases to crystallize at high pressure, whereas fluorite and topaz should crystallize first at low pressure. Overall, the saturation of fluorite and topaz follows the reaction: CaAl2Si2O8 (plagioclase) + 2[AlF3]melt = CaF2 (fluorite) + 2Al2SiO4F2 (topaz). The obtained partition coefficient for F between biotite and glass D(F)Bt/glass is 1.89 to 0.80 (average 1.29) and can be used as an empirical fluormeter to determine the F content of coexisting melts. In order to study the magmatic evolution of the Kymi stock, crystallized melt inclusions in quartz and topaz grains in the porphyritic and the equigranular topaz granites and the marginal pegmatite were rehomogenized and analyzed. The homogenization conditions for the melt inclusions from the granites were 700 °C, 300 MPa, and 24 h, and for melt inclusions from the pegmatite, 700 °C, 100 MPa, and 24/96 h. The majority of the melt inclusions is chemically similar to the bulk rocks (excluding H2O content), but a few melt inclusions in the equigranular granite show clearly higher F and low K2O contents (on average 11.6 wt % F, 0.65 wt % K2O). The melt inclusion compositions indicate coexistence of two melt fractions, a prevailing peraluminous and a very volatile-rich, possibly peralkaline. Combined petrological, experimental and melt inclusion studies of the Kymi equigranular topaz granite indicate that plagioclase was the liquidus phase at nearly water-saturated (fluid-saturated) conditions and that the F content of the melt was at least 2 wt %. The early crystallization of biotite and the presence of muscovite in crystallization experiments at 200 MPa contrasts with the late-stage crystallization of biotite and the absence of muscovite in the equigranular granite, indicating that crystallization pressure may have been lower than 200 MPa for the granite.
Resumo:
Functional Imagery Training (FIT) is a new theory-based, manualized intervention that trains positive goal imagery. Multisensory episodic imagery of proximal personal goals is elicited and practised, to sustain motivation and compete with less functional cravings. This study tested the impact of a single session of FIT plus a booster phone call on snacking. In a stepped-wedge design, 45 participants who wanted to lose weight or reduce snacking were randomly assigned to receive a session of FIT immediately or after a 2-week delay. High-sugar and high-fat snacks were recorded using timeline follow back for the previous 3 days, at baseline, 2 and 4 weeks. At 2 weeks, snacking was lower in the immediate group than in the delayed group, and the reduction after FIT was replicated in the delayed group between 2 and 4 weeks. Frequencies of motivational thoughts about snack reduction rose following FIT for both groups, and this change correlated with reductions in snacking and weight loss. By showing that FIT can support change in eating behaviours, these findings show its potential as a motivational intervention for weight management.
Resumo:
The need for paying with mobile devices has urged the development of payment systems for mobile electronic commerce. In this paper we have considered two important abuses in electronic payments systems for detection. The fraud, which is an intentional deception accomplished to secure an unfair gain, and an intrusion which are any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Most of the available fraud and intrusion detection systems for e-payments are specific to the systems where they have been incorporated. This paper proposes a generic model called as Activity-Event-Symptoms(AES) model for detecting fraud and intrusion attacks which appears during payment process in the mobile commerce environment. The AES model is designed to identify the symptoms of fraud and intrusions by observing various events/transactions occurs during mobile commerce activity. The symptoms identification is followed by computing the suspicion factors for event attributes, and the certainty factor for a fraud and intrusion is generated using these suspicion factors. We have tested the proposed system by conducting various case studies, on the in-house established mobile commerce environment over wired and wire-less networks test bed.
Resumo:
We consider the problem of quickest detection of an intrusion using a sensor network, keeping only a minimal number of sensors active. By using a minimal number of sensor devices, we ensure that the energy expenditure for sensing, computation and communication is minimized (and the lifetime of the network is maximized). We model the intrusion detection (or change detection) problem as a Markov decision process (MDP). Based on the theory of MDP, we develop the following closed loop sleep/wake scheduling algorithms: (1) optimal control of Mk+1, the number of sensors in the wake state in time slot k + 1, (2) optimal control of qk+1, the probability of a sensor in the wake state in time slot k + 1, and an open loop sleep/wake scheduling algorithm which (3) computes q, the optimal probability of a sensor in the wake state (which does not vary with time), based on the sensor observations obtained until time slot k. Our results show that an optimum closed loop control on Mk+1 significantly decreases the cost compared to keeping any number of sensors active all the time. Also, among the three algorithms described, we observe that the total cost is minimum for the optimum control on Mk+1 and is maximum for the optimum open loop control on q.
Resumo:
The MIT Lincoln Laboratory IDS evaluation methodology is a practical solution in terms of evaluating the performance of Intrusion Detection Systems, which has contributed tremendously to the research progress in that field. The DARPA IDS evaluation dataset has been criticized and considered by many as a very outdated dataset, unable to accommodate the latest trend in attacks. Then naturally the question arises as to whether the detection systems have improved beyond detecting these old level of attacks. If not, is it worth thinking of this dataset as obsolete? The paper presented here tries to provide supporting facts for the use of the DARPA IDS evaluation dataset. The two commonly used signature-based IDSs, Snort and Cisco IDS, and two anomaly detectors, the PHAD and the ALAD, are made use of for this evaluation purpose and the results support the usefulness of DARPA dataset for IDS evaluation.
Resumo:
The motivation behind the fusion of Intrusion Detection Systems was the realization that with the increasing traffic and increasing complexity of attacks, none of the present day stand-alone Intrusion Detection Systems can meet the high demand for a very high detection rate and an extremely low false positive rate. Multi-sensor fusion can be used to meet these requirements by a refinement of the combined response of different Intrusion Detection Systems. In this paper, we show the design technique of sensor fusion to best utilize the useful response from multiple sensors by an appropriate adjustment of the fusion threshold. The threshold is generally chosen according to the past experiences or by an expert system. In this paper, we show that the choice of the threshold bounds according to the Chebyshev inequality principle performs better. This approach also helps to solve the problem of scalability and has the advantage of failsafe capability. This paper theoretically models the fusion of Intrusion Detection Systems for the purpose of proving the improvement in performance, supplemented with the empirical evaluation. The combination of complementary sensors is shown to detect more attacks than the individual components. Since the individual sensors chosen detect sufficiently different attacks, their result can be merged for improved performance. The combination is done in different ways like (i) taking all the alarms from each system and avoiding duplications, (ii) taking alarms from each system by fixing threshold bounds, and (iii) rule-based fusion with a priori knowledge of the individual sensor performance. A number of evaluation metrics are used, and the results indicate that there is an overall enhancement in the performance of the combined detector using sensor fusion incorporating the threshold bounds and significantly better performance using simple rule-based fusion.
