Data Mining for Network Intrusion Detection : A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks

Data mining can be defined as the extraction of implicit, previously un-known, and potentially useful information from data. Numerous re-searchers have been developing security technology and exploring new methods to detect cyber-attacks with the DARPA 1998 dataset for Intrusion Detection and the modified versions of this dataset KDDCup99 and NSL-KDD, but until now no one have examined the performance of the Top 10 data mining algorithms selected by experts in data mining. The compared classification learning algorithms in this thesis are: C4.5, CART, k-NN and Naïve Bayes. The performance of these algorithms are compared with accuracy, error rate and average cost on modified versions of NSL-KDD train and test dataset where the instances are classified into normal and four cyber-attack categories: DoS, Probing, R2L and U2R. Additionally the most important features to detect cyber-attacks in all categories and in each category are evaluated with Weka’s Attribute Evaluator and ranked according to Information Gain. The results show that the classification algorithm with best performance on the dataset is the k-NN algorithm. The most important features to detect cyber-attacks are basic features such as the number of seconds of a network connection, the protocol used for the connection, the network service used, normal or error status of the connection and the number of data bytes sent. The most important features to detect DoS, Probing and R2L attacks are basic features and the least important features are content features. Unlike U2R attacks, where the content features are the most important features to detect attacks.

Why Cyber Security is Hard

Abstract There has been a great deal of interest in the area of cyber security in recent years. But what is cyber security exactly? And should society really care about it? We look at some of the challenges of being an academic working in the area of cyber security and explain why cyber security is, to put it rather simply, hard! Speaker Biography Keith Martin Prof. Keith Martin is Professor of Information Security at Royal Holloway, University of London. He received his BSc (Hons) in Mathematics from the University of Glasgow in 1988 and a PhD from Royal Holloway in 1991. Between 1992 and 1996 he held a Research Fellowship at the University of Adelaide, investigating mathematical modelling of cryptographic key distribution problems. In 1996 he joined the COSIC research group of the Katholieke Universiteit Leuven in Belgium, working on security for third generation mobile communications. Keith rejoined Royal Holloway in January 2000, became a Professor in Information Security in 2007 and was Director of the Information Security Group between 2010 and 2015. Keith's research interests range across cyber security, but with a focus on cryptographic applications. He is the author of 'Everyday Cryptography' published by Oxford University Press.

Cyber Enigmas? Passive Detection and Pedagogical Agents: Can Students Spot the fake?

This paper presents a study that was undertaken to examine human interaction with a pedagogical agent and the passive and active detection of such agents within a synchronous, online environment. A pedagogical agent is a software application which can provide a human like interaction using a natural language interface. These may be familiar from the smartphone interfaces such as ‘Siri’ or ‘Cortana’, or the virtual online assistants found on some websites, such as ‘Anna’ on the Ikea website. Pedagogical agents are characters on the computer screen with embodied life-like behaviours such as speech, emotions, locomotion, gestures, and movements of the head, the eye, or other parts of the body. The passive detection test is where participants are not primed to the potential presence of a pedagogical agent within the online environment. The active detection test is where participants are primed to the potential presence of a pedagogical agent. The purpose of the study was to examine how people passively detected pedagogical agents that were presenting themselves as humans in an online environment. In order to locate the pedagogical agent in a realistic higher education online environment, problem-based learning online was used. Problem-based learning online provides a focus for discussions and participation, without creating too much artificiality. The findings indicated that the ways in which students positioned the agent tended to influence the interaction between them. One of the key findings was that since the agent was focussed mainly on the pedagogical task this may have hampered interaction with the students, however some of its non-task dialogue did improve students' perceptions of the autonomous agents’ ability to interact with them. It is suggested that future studies explore the differences between the relationships and interactions of learner and pedagogical agent within authentic situations, in order to understand if students' interactions are different between real and virtual mentors in an online setting.

Passivity Framework for Modeling, Composing and Mitigating Cyber Attacks

Thesis (Ph.D.)--University of Washington, 2016-08

U-Pb SHRIMP zircon dating of high-grade rocks from the Upper Allochthonous Terrane of Bragança and Morais Massifs (NE Portugal); geodynamic consequences

Bragança and Morais Massifs are part of the mega-klippen ensemble of NW Iberia, comprising a tectonic pile of four allochthonous units stacked above the Central-Iberian Zone autochthon. On top of this pile, the Upper Allochthonous Terrane (UAT) includes different high-grade metamorphic series whose age and geodynamic meaning are controversial. Mafic granulites provided U–Pb zircon ages at 399±7 Ma, dating the Variscan emplacement of UAT. In contrast,U–Pb zircon ages of ky- and hb-eclogites, felsic/intermediate HP/HT-granulites and orthogneisses (ca. 500–480 Ma) are identical to those of gabbros (488 ± 10 Ma) and Grt-pyroxenites (495 ± 8 Ma) belonging to a mafic/ultramafic igneous suite that records upper mantle melting and mafic magma crustal underplating at these times. Gabbros intrude the high-grade units of UAT and did not underwent the HP metamorphic event experienced by eclogites and granulites. These features and the zircon dates resemblance among different lithologies, suggest that extensive age resetting of older events may have been correlative with the igneous suite emplacement/crystallisation. Accordingly, reconciliation of structural, petrological and geochronological evidence implies that the development and early deformation of UAT high-grade rocks should be ascribed to an orogenic cycle prior to ≈500 Ma. Undisputable dating of this cycle is impossible, but the sporadic vestiges of Cadomian ages cannot be disregarded. The ca. 500–480 Ma time-window harmonises well with the Lower Palaeozoic continental rifting that trace the VariscanWilson Cycle onset and the Rheic Ocean opening. Subsequent preservation of the high heat-flowregime, possibly related to the Palaeotethys back-arc basin development (ca. 450–420 Ma), would explain the 461 ± 10 Ma age yielded by some zircon domains in felsic granulites, conceivably reflecting zircon dissolution/ recrystallisation till Ordovician times, long before the Variscan paroxysm (ca. 400–390 Ma). This geodynamic scenario suggests also that UAT should have been part of Armorica before its emplacement on top of Iberia after Palaeotethys closure.

Design, modelling, simulation and integration of cyber physical systems: methods and applications

The main drivers for the development and evolution of Cyber Physical Systems (CPS) are the reduction of development costs and time along with the enhancement of the designed products. The aim of this survey paper is to provide an overview of different types of system and the associated transition process from mechatronics to CPS and cloud-based (IoT) systems. It will further consider the requirement that methodologies for CPS-design should be part of a multi-disciplinary development process within which designers should focus not only on the separate physical and computational components, but also on their integration and interaction. Challenges related to CPS-design are therefore considered in the paper from the perspectives of the physical processes, computation and integration respectively. Illustrative case studies are selected from different system levels starting with the description of the overlaying concept of Cyber Physical Production Systems (CPPSs). The analysis and evaluation of the specific properties of a sub-system using a condition monitoring system, important for the maintenance purposes, is then given for a wind turbine.

Plan de marketing para Vip Dating Perú

El Plan de Marketing propuesto tiene como objetivo establecer la forma de expansión y comunicación de la empresa Vip Dating Perú en el territorio peruano. Para ello, se realizó una investigación de mercado que ayudó a concretar cuáles son las preferencias y el conocimiento que existe de nuestro público objetivo. Asimismo, esta investigación revela que Vip Dating Perú tiene potencial de crecimiento y la marca goza de muy buena aceptación. En lo que se refiere a la estrategia de crecimiento, se determinó expandir las operaciones a las principales ciudades del Perú, Arequipa y Trujillo, realizando un número determinado de eventos por año en cada una de ellas. Por tal motivo, en mayo del 2015 se inició la campaña de promoción y publicidad en Arequipa. Hubo una gran acogida por parte de los medios de comunicación puesto que el servicio es bastante novedoso para la ciudad. Finalmente, el diagnóstico situacional revela más oportunidades y fortalezas que amenazas y debilidades, lo que genera un entorno favorable para el desarrollo del negocio. Esto se verá plasmado en la formulación estratégica de marketing que guiará el logro de los objetivos propuestos.

A cyber exercise post assessment framework: In Malaysia perspectives

Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependencies among critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participated in the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors.

Dating of sediments in the Biscay bay: Implication for pollution chronology

Important historical informations on the temporal changes of anthropogenic pollution in marine environment can be assessed using sediment analysis. Dating is a crucial prerequisite to reconstruct pollution events, to calculate fluxes, and thus to allow comparison between different sites. This work presents estimates of accumulation rates of sediments in the Bay of Biscay. Fives cores were collected during RIKEAU 2002 cruise on board o/v Thalia in order to study temporal changes in PAH and organohalogens compounds content of sediment. We compare chronostratigraphic estimates on cores derived from the natural radionuclide 210Pb in excess with estimates from the known times of introduction of the artificial radionuclide 137Cs to the environment. 210Pb, 226Ra and 137Cs were measured directly by non-destructive gamma spectrometry using a well type γ-detector. Total 210Pb and 226Ra activities vary from 30 to 150 mBq g-1, and 20 to 36 mBq g-1 respectively; 137Cs presents lower levels (< 5 mBq g-1). Profiles of 210Pb in three cores present a well mixed layer, from 2-3 to 10 cm, in the uppermost sediments, followed by an exponential decrease of activities, suitable for the determination of sedimentation rates. Under constant flux and sedimentation rate assumptions, vertical accretion rates derived from 210Pb present a large range from nearly 0.1 cm yr-1 up to almost 0.3 cm yr-1. Differences are mainly due to relative position of studied cores regarding the muddy patch. Although the moderate level of 137Cs limits the accuracy of this dating method, profiles of 137Cs with depth strengthen mean rates derived from 210Pb data. The implication of this dating on pollutant inputs in sediments of the Bay of Biscay is briefly discussed.