Using response action with Intelligent Intrusion detection and prevention System against web application malware

Findings: After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system.

Cyber attacks against supply chain management systems: A short note

Supply chain management (SCM) is increasingly dependent on electronic systems. At the same time, the vulnerability of these systems to attack from malicious individuals or groups is growing. This paper examines some of the forms such attacks can take, and their relevance to the supply function. Provides examples of attacks. Concludes that companies should consider the security aspects of electronic commerce before developing their systems. © MCB University Press.

Assessing user bias in affect detection within context-based spoken dialog systems

This paper presents an empirical evidence of user bias within a laboratory-oriented evaluation of a Spoken Dialog System. Specifically, we addressed user bias in their satisfaction judgements. We question the reliability of this data for modeling user emotion, focusing on contentment and frustration in a spoken dialog system. This bias is detected through machine learning experiments that were conducted on two datasets, users and annotators, which were then compared in order to assess the reliability of these datasets. The target used was the satisfaction rating and the predictors were conversational/dialog features. Our results indicated that standard classifiers were significantly more successful in discriminating frustration and contentment and the intensities of these emotions (reflected by user satisfaction ratings) from annotator data than from user data. Indirectly, the results showed that conversational features are reliable predictors of the two abovementioned emotions.

Los espacios mineros abandonados. El caso de la Comunidad de Madrid

La Comunidad de Madrid ha tenido un pasado minero importante que ha dejado su vestigio en el territorio. Actualmente la explotación de minerales no metálicos y de rocas industriales y ornamentales continúa, pero no así la de la minería metálica que en el pasado fue abundante. Hoy en día todas estas minas están abandonadas, dando lugar a zonas degradadas con un elevado riesgo para la seguridad de las personas y de los animales terrestres que habitan por sus inmediaciones, y necesitan ser intervenidas atendiendo, además, a su integración o recuperación ecológica y paisajística en el territorio. El principal propósito de esta tesis es conocer la situación actual que presentan las minas abandonadas de metales y proponer unos modelos de actuación para la rehabilitación e integración de los espacios mineros abandonados de la Comunidad de Madrid, cuya ventaja también estriba en su posible extrapolación a otras aéreas de gestión con una problemática similar. Partiendo de una selección de cincuenta y siete minas de interior metálicas abandonadas, se ha hecho un diagnostico en función de su seguridad (riesgo), interés cultural, arqueológico e histórico y por su afección a espacios protegidos, resultando que en todas, excepto en tres de ellas, es preciso llevar a cabo medidas protectoras y de restauración e integración en el medio ambiente. El conjunto de minas catalogadas de alto riesgo para la seguridad son veintitrés, y sobre ellas se ha realizado un Análisis Clúster, en el que además de los criterios de gestión formulados: seguridad, protección del patrimonio minero-industrial e integración ecológico-paisajística, se han incorporado otros modificadores como distancia a poblaciones, caminos, pistas y vías pecuarias, y accesibilidad. Con los resultados de este análisis se obtienen una clasificación por grupos de las minas en relación con las características intrínsecas de las explotaciones preseleccionadas y la tipología de problemas que presentan, y a partir de ella se plantean soluciones viables que se concretan en la redacción de una serie de anteproyectos tipo. Una de las principales aportaciones es que se trata de un modelo de inventariocaracterización- actuación extrapolable a otros entornos similares con problemáticas parecidas. Las propuestas de actuación que figuran en los anteproyectos tipo se proponen como medidas aplicables en situaciones similares. La tesis además también incorpora una base de datos georreferenciada que permite la localización de las explotaciones mineras abandonadas, el acceso rápido a sus características y a la propuesta de restauración correspondiente. ABSTRACT The Community of Madrid had an important mining past that left its traces in the territory. Currently the explotation of non-metallic minerals and industrial and ornamental rocks continues, but not so much with the metal deposits that were abundant in the past. Today these mines are abandoned, resulting in degraded areas with a high risk to the safety of nearby people and animals that inhabit its vicinity, and they need to be intervened, by tending to their environment integration or ecological and landscape recovery. The main objective of this thesis is to know the current situation of abandoned metal mines and propose an action model for the rehabilitation and integration of abandoned mining areas of the Community of Madrid, whose advantage also is its possible extrapolation to other management areas with similar problems. From a selection of fifty-seven abandoned metal mines, a diagnosis has been made, based on safety (risk), cultural, archaeological and historical interests and how it can be related to protected areas, resulting that all but three of them need measures of protection, restoration and integration to the environment. The set of mines that are classified as a high security risk are twenty-three, and it has been made on them an Cluster Analysis, as in addition to the management formulated criteria, such as safety, protection of mining and industrial heritage and eco-landscape integration, it has been incorporated other modifying variables, such as distance to populations, roads, tracks and livestock paths, and accessibility. With the results of this analysis, a classification of similar groups of mines in relation with the intrinsic characteristics of the preselected mines and typology problems, and from it a set of viable solutions will be specified, being then drafted on a series of proposals. One of the main contributions of this research is that it consists of an inventorycharacterization- action model, which can be extrapolated to other similar environments with similar problems. The action measures that are contained in the proposals are defined as applicable to similar situations. The thesis also incorporates a geo-referenced database that allows finding the location of abandoned mines, thus giving quick access to its features and its corresponding restoration proposal.

Portfolio size, non-trading frequency and portfolio return autocorrelation

In this paper we re-examine the relationship between non-trading frequency and portfolio return autocorrelation. We show that in portfolios where security specific effects have not been completely diversified, portfolio autocorrelation will not increase monotonically with increasing non-trading, as indicated in Lo and MacKinlay (1990). We show that at high levels of non-trading, portfolio autocorrelation will become a decreasing function of non-trading probability and may take negative values. We find that heterogeneity among the means, variances and betas of the component securities in a portfolio can act to increase the induced autocorrelation, particularly in portfolios containing fewer stocks. Security specific effects remain even when the number of securities in the portfolio is far in excess of that considered necessary to diversify security risk. © 2014 Elsevier B.V.

Ensuring efficiency and robustness in MANET

This paper introduces a joint load balancing and hotspot mitigation protocol for mobile ad-hoc network (MANET) termed by us as 'load_energy balance + hotspot mitigation protocol (LEB+HM)'. We argue that although ad-hoc wireless networks have limited network resources - bandwidth and power, prone to frequent link/node failures and have high security risk; existing ad hoc routing protocols do not put emphasis on maintaining robust link/node, efficient use of network resources and on maintaining the security of the network. Typical route selection metrics used by existing ad hoc routing protocols are shortest hop, shortest delay, and loop avoidance. These routing philosophy have the tendency to cause traffic concentration on certain regions or nodes, leading to heavy contention, congestion and resource exhaustion which in turn may result in increased end-to-end delay, packet loss and faster battery power depletion, degrading the overall performance of the network. Also in most existing on-demand ad hoc routing protocols intermediate nodes are allowed to send route reply RREP to source in response to a route request RREQ. In such situation a malicious node can send a false optimal route to the source so that data packets sent will be directed to or through it, and tamper with them as wish. It is therefore desirable to adopt routing schemes which can dynamically disperse traffic load, able to detect and remove any possible bottlenecks and provide some form of security to the network. In this paper we propose a combine adaptive load_energy balancing and hotspot mitigation scheme that aims at evenly distributing network traffic load and energy, mitigate against any possible occurrence of hotspot and provide some form of security to the network. This combine approach is expected to yield high reliability, availability and robustness, that best suits any dynamic and scalable ad hoc network environment. Dynamic source routing (DSR) was use as our underlying protocol for the implementation of our algorithm. Simulation comparison of our protocol to that of original DSR shows that our protocol has reduced node/link failure, even distribution of battery energy, and better network service efficiency.

Análise de risco para computação em nuvem

Têm-se notado nos últimos anos um crescimento na adoção de tecnologias de computação em nuvem, com uma adesão inicial por parte de particulares e pequenas empresas, e mais recentemente por grandes organizações. Esta tecnologia tem servido de base ao aparecimento de um conjunto de novas tendências, como a Internet das Coisas ligando os nossos equipamentos pessoais e wearables às redes sociais, processos de big data que permitem tipificar comportamentos de clientes ou ainda facilitar a vida ao cidadão com serviços de atendimento integrados. No entanto, tal como em todas as novas tendências disruptivas, que trazem consigo um conjunto de oportunidades, trazem também um conjunto de novos riscos que são necessários de serem equacionados. Embora este caminho praticamente se torne inevitável para uma grande parte de empresas e entidades governamentais, a sua adoção como funcionamento deve ser alvo de uma permanente avaliação e monitorização entre as vantagens e riscos associados. Para tal, é fundamental que as organizações se dotem de uma eficiente gestão do risco, de modo que possam tipificar os riscos (identificar, analisar e quantificar) e orientar-se de uma forma segura e metódica para este novo paradigma. Caso não o façam, os riscos ficam evidenciados, desde uma possível perda de competitividade face às suas congéneres, falta de confiança dos clientes, dos parceiros de negócio e podendo culminar numa total inatividade do negócio. Com esta tese de mestrado desenvolve-se uma análise genérica de risco tendo como base a Norma ISO 31000:2009 e a elaboração de uma proposta de registo de risco, que possa servir de auxiliar em processos de tomada de decisão na contratação e manutenção de serviços de Computação em Nuvem por responsáveis de organizações privadas ou estatais.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Risk adjustment for hospital use using social security data: cross sectional small area analysis

Objectives: To identify demographic and socioeconomic determinants of need for acute hospital treatment at small area level. To establish whether there is a relation between poverty and use of inpatient services. To devise a risk adjustment formula for distributing public funds for hospital services using, as far as possible, variables that can be updated between censuses. Design: Cross sectional analysis. Spatial interactive modelling was used to quantify the proximity of the population to health service facilities. Two stage weighted least squares regression was used to model use against supply of hospital and community services and a wide range of potential needs drivers including health, socioeconomic census variables, uptake of income support and family credit, and religious denomination. Setting: Northern Ireland. Main outcome measure: Intensity of use of inpatient services. Results: After endogeneity of supply and use was taken into account, a statistical model was produced that predicted use based on five variables: income support, family credit, elderly people living alone, all ages standardised mortality ratio, and low birth weight. The main effect of the formula produced is to move resources from urban to rural areas. Conclusions: This work has produced a population risk adjustment formula for acute hospital treatment in which four of the five variables can be updated annually rather than relying on census derived data. Inclusion of the social security data makes a substantial difference to the model and to the results produced by the formula.