898 resultados para detection systems
Resumo:
[EN]Automatic detection systems do not perform as well as human observers, even on simple detection tasks. A potential solution to this problem is training vision systems on appropriate regions of interests (ROIs), in contrast to training on predefined and arbitrarily selected regions. Here we focus on detecting pedestrians in static scenes. Our aim is to answer the following question: Can automatic vision systems for pedestrian detection be improved by training them on perceptually-defined ROIs?
Resumo:
This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them. Advanced methods of increasing the performance of an IDS are explored such as specification based IDS for protecting Supervisory Control And Data Acquisition (SCADA) and Cloud networks. Also by providing a review of varied studies ranging from issues in configuration and specific problems to custom techniques and cutting edge studies a reference can be provided to others interested in learning about and developing IDS solutions. Intrusion Detection is an area of much required study to provide solutions to satisfy evolving services and networks and systems that support them. This paper aims to be a reference for IDS technologies other researchers and developers interested in the field of intrusion detection.
Resumo:
The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. We propose the incorporation of this concept into a responsive intrusion detection system, where behavioural information of the system and running processes is combined with information regarding individual system calls.
Resumo:
Network Intrusion Detection Systems (NIDS) monitor a net- work with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS’s rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.
Resumo:
Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.
Resumo:
The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. We propose the incorporation of this concept into a responsive intrusion detection system, where behavioural information of the system and running processes is combined with information regarding individual system calls.
Resumo:
Network Intrusion Detection Systems (NIDS) are computer systems which monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDSs rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to the IDS problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.
Resumo:
The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.
Resumo:
Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.
Resumo:
This paper describes the formalization and application of a methodology to evaluate the safety benefit of countermeasures in the face of uncertainty. To illustrate the methodology, 18 countermeasures for improving safety of at grade railroad crossings (AGRXs) in the Republic of Korea are considered. Akin to “stated preference” methods in travel survey research, the methodology applies random selection and laws of large numbers to derive accident modification factor (AMF) densities from expert opinions. In a full Bayesian analysis framework, the collective opinions in the form of AMF densities (data likelihood) are combined with prior knowledge (AMF density priors) for the 18 countermeasures to obtain ‘best’ estimates of AMFs (AMF posterior credible intervals). The countermeasures are then compared and recommended based on the largest safety returns with minimum risk (uncertainty). To the author's knowledge the complete methodology is new and has not previously been applied or reported in the literature. The results demonstrate that the methodology is able to discern anticipated safety benefit differences across candidate countermeasures. For the 18 at grade railroad crossings considered in this analysis, it was found that the top three performing countermeasures for reducing crashes are in-vehicle warning systems, obstacle detection systems, and constant warning time systems.
Resumo:
The Cooperative Research Centre (CRC) for Rail Innovation is conducting a tranche of industry-led research projects looking into safer rail level crossings. This paper will provide an overview of the Affordable Level Crossings project, a project that is performing research in both engineering and human factors aspects of low-cost level crossing warning devices (LCLCWDs), and is facilitating a comparative trial of these devices over a period of 12 months in several jurisdictions. Low-cost level crossing warning devices (LCLCWDs) are characterised by the use of alternative technologies for high cost components including train detection and connectivity (e.g. radar, acoustic, magnetic induction train detection systems and wireless connectivity replacing traditional track circuits and wiring). These devices often make use of solar power where mains power is not available, and aim to make substantial savings in lifecycle costs. The project involves trialling low-cost level crossing warning devices in shadow-mode, where devices are installed without the road-user interface at a number of existing level crossing sites that are already equipped with conventional active warning systems. It may be possible that the deployment of lower-cost devices can provide a significantly larger safety benefit over the network than a deployment of expensive conventional devices, as the lower cost would allow more passive level crossing sites to be upgraded with the same capital investment. The project will investigate reliability and safety integrity issues of the low-cost devices, as well as evaluate lifecycle costs and investigate human factors issues related to warning reliability. This paper will focus on the requirements and safety issues of LCLCWDs, and will provide an overview of the Rail CRC projects.
Resumo:
2,3-Dimethyl-2,3-dinitrobutane (DMNB) is an explosive taggant added to plastic explosives during manufacture making them more susceptible to vapour-phase detection systems. In this study, the formation and detection of gas-phase \[M+H](+), \[M+Li](+), \[M+NH(4)](+) and \[M+Na](+) adducts of DMNB was achieved using electrospray ionisation on a triple quadrupole mass spectrometer. The \[M+H](+) ion abundance was found to have a strong dependence on ion source temperature, decreasing markedly at source temperatures above 50 degrees C. In contrast, the \[M+Na](+) ion demonstrated increasing ion abundance at source temperatures up to 105 degrees C. The relative susceptibility of DMNB adduct ions toward dissociation was investigated by collision-induced dissociation. Probable structures of product ions and mechanisms for unimolecular dissociation have been inferred based on fragmentation patterns from tandem mass (MS/MS) spectra of source-formed ions of normal and isotopically labelled DMNB, and quantum chemical calculations. Both thermal and collisional activation studies suggest that the \[M+Na](+) adduct ions are significantly more stable toward dissociation than their protonated analogues and, as a consequence, the former provide attractive targets for detection by contemporary rapid screening methods such as desorption electrospray ionisation mass spectrometry. Copyright (C) 2009 Commonwealth of Australia. Published by John Wiley & Sons, Ltd.
Resumo:
Introduction Radiographer abnormality detection systems that highlight abnormalities on trauma radiographs (‘red dot’ system) have been operating for more than 30 years. Recently, a number of pitfalls have been identified. These limitations initiated the evolution of a radiographer commenting system, whereby a radiographer provides a brief description of abnormalities identified in emergency healthcare settings. This study investigated radiographers' participation in abnormality detection systems, their perceptions of benefits, barriers and enablers to radiographer commenting, and perceptions of potential radiographer image interpretation services for emergency settings. Methods A cross-sectional survey was implemented. Participants included radiographers from four metropolitan hospitals in Queensland, Australia. Conventional descriptive statistics, histograms and thematic analysis were undertaken. Results Seventy-three surveys were completed and included in the analysis (68% response rate); 30 (41%) of respondents reported participating in abnormality detection in 20% or less of examinations, and 26(36%) reported participating in 80% or more of examinations. Five overarching perceived benefits of radiographer commenting were identified: assisting multidisciplinary teams, patient care, radiographer ability, professional benefits and quality of imaging. Frequently reported perceived barriers included ‘difficulty accessing image interpretation education’, ‘lack of time’ and ‘low confidence in interpreting radiographs’. Perceived enablers included ‘access to image interpretation education’ and ‘support from radiologist colleagues’. Conclusions A range of factors are likely to contribute to the successful implementation of radiographer commenting in addition to abnormality detection in emergency settings. Effective image interpretation education amenable to completion by radiographers would likely prove valuable in preparing radiographers for participation in abnormality detection and commenting systems in emergency settings.
Resumo:
Insulated Rail Joints (IRJs) are safety critical component of the automatic block signalling and broken rail detection systems. IRJs exhibit several failure modes due to complex interaction between the railhead ends and the wheel tread near the gap. These localised zones could not be monitored using automatic sensing devices and hence are resorted to visual inspection only, which is error prone and expensive. In Australia alone currently there are 50,000 IRJs across 80,000 km of rail track. The significance of the problem around the world could thus be realised as there exists one IRJ for each 1.6 km track length. IRJs exhibit extremely low and variable service life; further the track substructure underneath IRJs degrade faster. Thus presence of the IRJs incur significant costs to track maintenance. IRJ failures have also contributed to some train derailments and various traffic disruptions in rail lines. This paper reports a systematic research carried out over seven years on the mechanical behaviour of IRJs for practically relevant outcomes. The research has scientifically established that stiffening the track bed for reduction in impact force is an ill-conceived concept and the most effective method is to reduce the gap size. Further it is established that hardening the railhead ends through laser coating (or other) cannot adequately address the metal flow problem in the long run; modification of the railhead profile is the only appropriate technique to completely eliminate the problem. Part of these outcomes has been adopted by the rail infrastructure owners in Australia.
Resumo:
This project was designed to provide the structural softwood processing industry with the basis for improved green and dry grading to allow maximise MGP grade yields, consistent product performance and reduced processing costs. To achieve this, advanced statistical techniques were used in conjunction with state-of-the-art property measurement systems. Specifically, the project aimed to make two significant steps forward for the Australian structural softwood industry: • assessment of technologies, both existing and novel, that may lead to selection of a consistent, reliable and accurate device for the log yard and green mill. The purpose is to more accurately identify and reject material that will not make a minimum grade of MGP10 downstream; • improved correlation of grading MOE and MOR parameters in the dry mill using new analytical methods and a combination of devices. The three populations tested were stiffness-limited radiata pine, strength-limited radiata pine and Caribbean pine. Resonance tests were conducted on logs prior to sawmilling, and on boards. Raw data from existing in-line systems were captured for the green and dry boards. The dataset was analysed using classical and advanced statistical tools to provide correlations between data sets and to develop efficient strength and stiffness prediction equations. Stiffness and strength prediction algorithms were developed from raw and combined parameters. Parameters were analysed for comparison of prediction capabilities using in-line parameters, off-line parameters and a combination of in-line and off-line parameters. The results show that acoustic resonance techniques have potential for log assessment, to sort for low stiffness and/or low strength, depending on the resource. From the log measurements, a strong correlation was found between the average static MOE of the dried boards within a log and the predicted value. These results have application in segregating logs into structural and non-structural uses. Some commercial technologies are already available for this application such as Hitman LG640. For green boards it was found that in-line and laboratory acoustic devices can provide a good prediction of dry static MOE and moderate prediction for MOR.There is high potential for segregating boards at this stage of processing. Grading after the log breakdown can improve significantly the effectiveness of the mill. Subsequently, reductions in non-structural volumes can be achieved. Depending on the resource it can be expected that a 5 to 8 % reduction in non structural boards won’t be dried with an associated saving of $70 to 85/m3. For dry boards, vibration and a standard Metriguard CLT/HCLT provided a similar level of prediction on stiffness limited resource. However, Metriguard provides a better strength prediction in strength limited resources (due to this equipment’s ability to measure local characteristics). The combination of grading equipment specifically for stiffness related predictors (Metriguard or vibration) with defect detection systems (optical or X-ray scanner) provides a higher level of prediction, especially for MOR. Several commercial technologies are already available for acoustic grading on board such those from Microtec, Luxscan, Falcon engineering or Dynalyse AB for example. Differing combinations of equipment, and their strategic location within the processing chain, can dramatically improve the efficiency of the mill, the level of which will vary depending of the resource. For example, an initial acoustic sorting on green boards combined with an optical scanner associated with an acoustic system for grading dry board can result in a large reduction of the proportion of low value low non-structural produced. The application of classical MLR on several predictors proved to be effective, in particular for MOR predictions. However, the usage of a modern statistics approach(chemometrics tools) such as PLS proved to be more efficient for improving the level of prediction. Compared to existing technologies, the results of the project indicate a good improvement potential for grading in the green mill, ahead of kiln drying and subsequent cost-adding processes. The next stage is the development and refinement of systems for this purpose.
