Oceans Deep: Lesson B (Shark Attack)

Teacher resources for Lesson B in the Discover Oceanography 'Scheme of Work' for use in schools.

Progetto di servizi multimediali in sistemi di Crowd Sensing

Nell’ambito delle Smart City si rivela di fondamentale importanza ottenere quante più informazioni possibili dalla popolazione locale. In questo scenario sono di utilizzo strategico sistemi di CrowdSensing e soprattutto di Mobile CrowdSensing per raccogliere informazioni dalla popolazione autoctona. Su queste basi nasce e si sviluppa il sistema ParticipAct dell’Università di Bologna. A differenza dei tradizionali sistemi di Mobile CrowdSensing, ParticipAct attua il modello del così detto “Mobile CrowdSensing Partecipativo”, che vede l’utente non solo come fonte di dati passivi, ma come fonte di informazioni di qualsiasi genere, da questionari a fotografie. Questa Tesi di laurea vuole mettere in evidenza come l’integrazione di dati multimediali, in particolare i Video, possono essere sfruttati come risorsa per Smart City grazie alla loro particolare natura composta. Viene poi analizzata la particolare architettura del sistema ParticipAct e come è stato possibile implementare la richiesta di Task contenenti azioni di tipo Video in un sistema basato su interazione Client - Server.

Un approccio analitico innovativo per lo studio della frazione volatile di oli vergini da olive: Flash-Gascromatography E-Nose

Lo scopo di questo lavoro di tesi è stato quello di studiare l’efficacia e l’applicabilità dello strumento HERACLES II Flash Gas Chromatography Electronic Nose mediante l’analisi di un set molto ampio di campioni di oli d’oliva vergini reperiti presso un concorso nazionale. Nello specifico, mediante elaborazioni di statistica multivariata dei dati, è stata valutata sia la capacità discriminante del metodo per campioni caratterizzati da un diverso profilo sensoriale, sia la correlazione esistente tra l’intensità delle sensazioni percepite per via sensoriale ed i dati ottenuti mediante l’analisi strumentale. La valutazione delle caratteristiche sensoriali dei campioni è stata realizzata in occasione dello stesso concorso da parte di un gruppo di giudici esperti e secondo le modalità stabilite dai regolamenti comunitari. Ogni campione è stato valutato da almeno 8 assaggiatori che hanno determinato l’intensità di caratteristiche olfattive (eventuali difetti, fruttato e note secondarie positive) e gustative (amaro e piccante). La determinazione dei composti volatili, invece, è stata condotta mediante lo strumento HERACLES II Electronic Nose (AlphaMOS), dotato di due colonne cromatografiche caratterizzate da diversa polarità (MXT-5 con fase stazionaria apolare e MXT-WAX con fase stazionaria polare), ciascuna collegata ad un rivelatore di tipo FID. L’elaborazione multivariata dei dati è stata realizzata mediante il software in dotazione con lo strumento.

Adaptive Crowd Algorithms for Open-Ended Problems

Thesis (Ph.D.)--University of Washington, 2016-06

Attack simulation based software protection assessment method

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.

Analysis of Automotive Cybersecurity - Attack surfaces and users’ privacy concerns

Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.

Vector Graphics: From PostScript and Flash to SVG

The XML-based specification for Scalable Vector Graphics (SVG), sponsored by the World Wide Web consortium, allows for compact and descriptive vector graphics for the Web. SVG s domain of discourse is that of graphic primitives whose optional attributes express line thickness, fill patterns, text size and so on. These primitives have very different properties from those of traditional document components (e.g. sections, paragraphs etc.) that XML is normally called upon to express. This paper describes a set of three tools for creating SVG, either from first principles or via the conversion of existing formats. The ab initio generation of SVG is effected from a server-side CGI script, using a PERL library of drawing functions; later sections highlight the problems of converting Adobe PostScript and Macromedia s Shockwave format (SWF) into SVG.

Applied web traffic analysis for numerical encoding of SQL Injection attack features.

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.

Early analysis of fault-attack effects for cryptographic hardware

International audience

Patterns of Play in the Fast attack of F. C. Barcelona, Manchester United and F. C. Internazionale Milano: a Mixed Method Approach

This study aimed to detect and analyse regular patterns of play in fast attack of football teams, through the combination of the sequential analysis technique and semi-structured interviews to experienced first League Portuguese coaches. The sample included 36 games (12 games of the respective national leagues per team) of the F.C. Barcelona, Inter Milan, and Manchester United teams that were coded with the observational instrument tool developed by Sarmento et al. (2010) and the data analysed through sequential analysis with the software SDIS-GSEQ 5.0. Based on the detected patterns, semi-structured interviews were carried out to 8 expert high-performance football coaches and data were analysed through the content analysis technique using the software NVivo 10. The detected patterns of play revealed specific characteristics of the teams under study. The combination of the results of sequential analysis with the qualitative interviews to the professional coaches proved to be very fruitful in this game the analysis of scope, allowing reconcile scientific knowledge with practical interpretation of coaches who develop their tasks in the field.

Analysis and Visualisation of Crowd-sourced Tourism Data

C3S2E '16 Proceedings of the Ninth International C* Conference on Computer Science & Software Engineering

Cyber security in home and small office local area networks - Attack vectors and vulnerabilities

This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not many papers present full scale attack examples towards LAN. First this thesis categorizes different security threads and later in the paper methods to launch the attacks are shown by example. Offensive security and penetration testing is used as research methods in this thesis. As a result of this thesis an attack is conducted using vulnerabilities in WLAN, ARP protocol, browser as well as methods of social engineering. In the end reverse shell access is gained to the target machine. Ready-made tools are used in the attack and their inner workings are described. Prevention methods are presented towards the attacks in the end of the thesis.