898 resultados para detection systems
Resumo:
The Intrusion Detection System (IDS) is a common means of protecting networked systems from attack or malicious misuse. The deployment of an IDS can take many different forms dependent on protocols, usage and cost. This is particularly true of Wireless Intrusion Detection Systems (WIDS) which have many detection challenges associated with data transmission through an open, shared medium, facilitated by fundamental changes at the Physical and MAC layers. WIDS need to be considered in more detail at these lower layers than their wired counterparts as they face unique challenges. The remainder of this chapter will investigate three of these challenges where WiFi deviates significantly from that of wired counterparts:
• Attacks Specific to WiFi Networks: Outlining the additional threats which WIDS must account for: Denial of Service, Encryption Bypass and AP Masquerading attacks.
• The Effect of Deployment Architecture on WIDS Performance: Demonstrating that the deployment environment of a network protected by a WIDS can influence the prioritisation of attacks.
• The Importance of Live Data in WiFi Research: Investigating the different choices for research data sources with an emphasis on encouraging live network data collection for future WiFi research.
Resumo:
A new niche of densely populated, unprotected networks is becoming more prevalent in public areas such as Shopping Malls, defined here as independent open-access networks, which have attributes that make attack detection more challenging than in typical enterprise networks. To address these challenges, new detection systems which do not rely on knowledge of internal device state are investigated here. This paper shows that this lack of state information requires an additional metric (The exchange timeout window) for detection of WLAN Denial of Service Probe Flood attacks. Variability in this metric has a significant influence on the ability of a detection system to reliably detect the presence of attacks. A parameter selection method is proposed which is shown to provide reliability and repeatability in attack detection in WLANs. Results obtained from ongoing live trials are presented that demonstrate the importance of accurately estimating probe request and probe response timeouts in future Independent Intrusion Detection Systems.
Resumo:
In this paper we present a component based person detection system that is capable of detecting frontal, rear and near side views of people, and partially occluded persons in cluttered scenes. The framework that is described here for people is easily applied to other objects as well. The motivation for developing a component based approach is two fold: first, to enhance the performance of person detection systems on frontal and rear views of people and second, to develop a framework that directly addresses the problem of detecting people who are partially occluded or whose body parts blend in with the background. The data classification is handled by several support vector machine classifiers arranged in two layers. This architecture is known as Adaptive Combination of Classifiers (ACC). The system performs very well and is capable of detecting people even when all components of a person are not found. The performance of the system is significantly better than a full body person detector designed along similar lines. This suggests that the improved performance is due to the components based approach and the ACC data classification structure.
Resumo:
Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP)
Resumo:
Internal and external computer network attacks or security threats occur according to standards and follow a set of subsequent steps, allowing to establish profiles or patterns. This well-known behavior is the basis of signature analysis intrusion detection systems. This work presents a new attack signature model to be applied on network-based intrusion detection systems engines. The AISF (ACME! Intrusion Signature Format) model is built upon XML technology and works on intrusion signatures handling and analysis, from storage to manipulation. Using this new model, the process of storing and analyzing information about intrusion signatures for further use by an IDS become a less difficult and standardized process.
Resumo:
Intrusion detection systems that make use of artificial intelligence techniques in order to improve effectiveness have been actively pursued in the last decade. Neural networks and Support Vector Machines have been also extensively applied to this task. However, their complexity to learn new attacks has become very expensive, making them inviable for a real time retraining. In this research, we introduce a new pattern classifier named Optimum-Path Forest (OPF) to this task, which has demonstrated to be similar to the state-of-the-art pattern recognition techniques, but extremely more efficient for training patterns. Experiments on public datasets showed that OPF classifier may be a suitable tool to detect intrusions on computer networks, as well as allow the algorithm to learn new attacks faster than the other techniques. © 2011 IEEE.
Resumo:
Recently, considerable research work have been conducted towards finding fast and accurate pattern classifiers for training Intrusion Detection Systems (IDSs). This paper proposes using the so called Fuzzy ARTMAT classifier to detect intrusions in computer network. Our investigation shows, through simulations, how efficient such a classifier can be when used as the learning mechanism of a typical IDS. The promising evaluation results in terms of both detection accuracy and training duration indicate that the Fuzzy ARTMAP is indeed viable for this sort of application.
Resumo:
Das in dieser Arbeit vorgestellte Experiment zur Messung des magnetischen Moments des Protons basiert auf der Messung des Verhältnisses von Zyklotronfrequenz und Larmorfrequenz eines einzelnen, in einer kryogenen Doppel-Penning Falle gespeicherten Protons. In dieser Arbeit konnten erstmalig zwei der drei Bewegungsfrequenzen des Protons gleichzeitig im thermischen Gleichgewicht mit entsprechenden hochsensitiven Nachweissystemen nicht-destruktiv detektiert werden, wodurch die Messzeit zur Bestimmung der Zyklotronfrequenz halbiert werden konnte. Ferner wurden im Rahmen dieser Arbeit erstmalig einzelne Spin-Übergänge eines einzelnen Protons detektiert, wodurch die Bestimmung der Larmorfrequenz ermöglicht wird. Mithilfe des kontinuierlichen Stern-Gerlach Effekts wird durch eine sogenannte magnetische Flasche das magnetische Moment an die axiale Bewegungsmode des Protons gekoppelt. Eine Änderung des Spinzustands verursacht folglich einen Frequenzsprung der axialen Bewegungsfrequenz, welche nicht-destruktiv gemessen werden kann. Erschwert wird die Detektion des Spinzustands dadurch, dass die axiale Frequenz nicht nur vom Spinmoment, sondern auch vom Bahnmoment abhängt. Die große experimentelle Herausforderung besteht also in der Verhinderung von Energieschwankungen in den radialen Bewegungsmoden, um die Detektierbarkeit von Spin-Übergängen zu gewährleisten. Durch systematische Studien zur Stabilität der axialen Frequenz sowie einer kompletten Überarbeitung des experimentellen Aufbaus, konnte dieses Ziel erreicht werden. Erstmalig kann der Spinzustand eines einzelnen Protons mit hoher Zuverlässigkeit bestimmt werden. Somit stellt diese Arbeit einen entscheidenden Schritt auf dem Weg zu einer hochpräzisen Messung des magnetischen Moments des Protons dar.
Resumo:
The presented work proposes a new approach for anomaly detection. This approach is based on changes in a population of evolving agents under stress. If conditions are appropriate, changes in the population (modeled by the bioindicators) are representative of the alterations to the environment. This approach, based on an ecological view, improves functionally traditional approaches to the detection of anomalies. To verify this assertion, experiments based on Network Intrussion Detection Systems are presented. The results are compared with the behaviour of other bioinspired approaches and machine learning techniques.
Resumo:
The employment of nonlinear analysis techniques for automatic voice pathology detection systems has gained popularity due to the ability of such techniques for dealing with the underlying nonlinear phenomena. On this respect, characterization using nonlinear analysis typically employs the classical Correlation Dimension and the largest Lyapunov Exponent, as well as some regularity quantifiers computing the system predictability. Mostly, regularity features highly depend on a correct choosing of some parameters. One of those, the delay time �, is usually fixed to be 1. Nonetheless, it has been stated that a unity � can not avoid linear correlation of the time series and hence, may not correctly capture system nonlinearities. Therefore, present work studies the influence of the � parameter on the estimation of regularity features. Three � estimations are considered: the baseline value 1; a � based on the Average Automutual Information criterion; and � chosen from the embedding window. Testing results obtained for pathological voice suggest that an improved accuracy might be obtained by using a � value different from 1, as it accounts for the underlying nonlinearities of the voice signal.
Resumo:
The aim of automatic pathological voice detection systems is to serve as tools, to medical specialists, for a more objective, less invasive and improved diagnosis of diseases. In this respect, the gold standard for those system include the usage of a optimized representation of the spectral envelope, either based on cepstral coefficients from the mel-scaled Fourier spectral envelope (Mel-Frequency Cepstral Coefficients) or from an all-pole estimation (Linear Prediction Coding Cepstral Coefficients) forcharacterization, and Gaussian Mixture Models for posterior classification. However, the study of recently proposed GMM-based classifiers as well as Nuisance mitigation techniques, such as those employed in speaker recognition, has not been widely considered inpathology detection labours. The present work aims at testing whether or not the employment of such speaker recognition tools might contribute to improve system performance in pathology detection systems, specifically in the automatic detection of Obstructive Sleep Apnea. The testing procedure employs an Obstructive Sleep Apnea database, in conjunction with GMM-based classifiers looking for a better performance. The results show that an improved performance might be obtained by using such approach.
Resumo:
Different types of ontologies and knowledge or metaknowledge connected to them are considered and analyzed aiming at realization in contemporary information security systems (ISS) and especially the case of intrusion detection systems (IDS) or intrusion prevention systems (IPS). Human-centered methods INCONSISTENCY, FUNNEL, CALEIDOSCOPE and CROSSWORD are algorithmic or data-driven methods based on ontologies. All of them interact on a competitive principle ‘survival of the fittest’. They are controlled by a Synthetic MetaMethod SMM. It is shown that the data analysis frequently needs an act of creation especially if it is applied to knowledge-poor environments. It is shown that human-centered methods are very suitable for resolutions in case, and often they are based on the usage of dynamic ontologies
Resumo:
The growing need for fast sampling of explosives in high throughput areas has increased the demand for improved technology for the trace detection of illicit compounds. Detection of the volatiles associated with the presence of the illicit compounds offer a different approach for sensitive trace detection of these compounds without increasing the false positive alarm rate. This study evaluated the performance of non-contact sampling and detection systems using statistical analysis through the construction of Receiver Operating Characteristic (ROC) curves in real-world scenarios for the detection of volatiles in the headspace of smokeless powder, used as the model system for generalizing explosives detection. A novel sorbent coated disk coined planar solid phase microextraction (PSPME) was previously used for rapid, non-contact sampling of the headspace containers. The limits of detection for the PSPME coupled to IMS detection was determined to be 0.5-24 ng for vapor sampling of volatile chemical compounds associated with illicit compounds and demonstrated an extraction efficiency of three times greater than other commercially available substrates, retaining >50% of the analyte after 30 minutes sampling of an analyte spike in comparison to a non-detect for the unmodified filters. Both static and dynamic PSPME sampling was used coupled with two ion mobility spectrometer (IMS) detection systems in which 10-500 mg quantities of smokeless powders were detected within 5-10 minutes of static sampling and 1 minute of dynamic sampling time in 1-45 L closed systems, resulting in faster sampling and analysis times in comparison to conventional solid phase microextraction-gas chromatography-mass spectrometry (SPME-GC-MS) analysis. Similar real-world scenarios were sampled in low and high clutter environments with zero false positive rates. Excellent PSPME-IMS detection of the volatile analytes were visualized from the ROC curves, resulting with areas under the curves (AUC) of 0.85-1.0 and 0.81-1.0 for portable and bench-top IMS systems, respectively. Construction of ROC curves were also developed for SPME-GC-MS resulting with AUC of 0.95-1.0, comparable with PSPME-IMS detection. The PSPME-IMS technique provides less false positive results for non-contact vapor sampling, cutting the cost and providing an effective sampling and detection needed in high-throughput scenarios, resulting in similar performance in comparison to well-established techniques with the added advantage of fast detection in the field.
Resumo:
The sudden hydrocarbon influx from the formation into the wellbore poses a serious risk to the safety of the well. This sudden influx is termed a kick, which, if not controlled, may lead to a blowout. Therefore, early detection of the kick is crucial to minimize the possibility of a blowout occurrence. There is a high probability of delay in kick detection, apart from other issues when using a kick detection system that is exclusively based on surface monitoring. Down-hole monitoring techniques have a potential to detect a kick at its early stage. Down-hole monitoring could be particularly beneficial when the influx occurs as a result of a lost circulation scenario. In a lost circulation scenario, when the down-hole pressure becomes lower than the formation pore pressure, the formation fluid may starts to enter the wellbore. The lost volume of the drilling fluid is compensated by the formation fluid flowing into the well bore, making it difficult to identify the kick based on pit (mud tank) volume observations at the surface. This experimental study investigates the occurrence of a kick based on relative changes in the mass flow rate, pressure, density, and the conductivity of the fluid in the down-hole. Moreover, the parameters that are most sensitive to formation fluid are identified and a methodology to detect a kick without false alarms is reported. Pressure transmitter, the Coriolis flow and density meter, and the conductivity sensor are employed to observe the deteriorating well conditions in the down-hole. These observations are used to assess the occurrence of a kick and associated blowout risk. Monitoring of multiple down-hole parameters has a potential to improve the accuracy of interpretation related to kick occurrence, reduces the number of false alarms, and provides a broad picture of down-hole conditions. The down-hole monitoring techniques have a potential to reduce the kick detection period. A down-hole assembly of the laboratory scale drilling rig model and kick injection setup were designed, measuring instruments were acquired, a frame was fabricated, and the experimental set-up was assembled and tested. This set-up has the necessary features to evaluate kick events while implementing down-hole monitoring techniques. Various kick events are simulated on the drilling rig model. During the first set of experiments compressed air (which represents the formation fluid) is injected with constant pressure margin. In the second set of experiments the compressed air is injected with another pressure margin. The experiments are repeated with another pump (flow) rate as well. This thesis consists of three main parts. The first part gives the general introduction, motivation, outline of the thesis, and a brief description of influx: its causes, various leading and lagging indicators, and description of the several kick detection systems that are in practice in the industry. The second part describes the design and construction of the laboratory scale down-hole assembly of the drilling rig and kick injection setup, which is used to implement the proposed methodology for early kick detection. The third part discusses the experimental work, describes the methodology for early kick detection, and presents experimental results that show how different influx events affect the mass flow rate, pressure, conductivity, and density of the fluid in the down-hole, and the discussion of the results. The last chapter contains summary of the study and future research.
Resumo:
To maintain the pace of development set by Moore's law, production processes in semiconductor manufacturing are becoming more and more complex. The development of efficient and interpretable anomaly detection systems is fundamental to keeping production costs low. As the dimension of process monitoring data can become extremely high anomaly detection systems are impacted by the curse of dimensionality, hence dimensionality reduction plays an important role. Classical dimensionality reduction approaches, such as Principal Component Analysis, generally involve transformations that seek to maximize the explained variance. In datasets with several clusters of correlated variables the contributions of isolated variables to explained variance may be insignificant, with the result that they may not be included in the reduced data representation. It is then not possible to detect an anomaly if it is only reflected in such isolated variables. In this paper we present a new dimensionality reduction technique that takes account of such isolated variables and demonstrate how it can be used to build an interpretable and robust anomaly detection system for Optical Emission Spectroscopy data.
