871 resultados para Data detection
Resumo:
Network intrusion detection sensors are usually built around low level models of network traffic. This means that their output is of a similarly low level and as a consequence, is difficult to analyze. Intrusion alert correlation is the task of automating some of this analysis by grouping related alerts together. Attack graphs provide an intuitive model for such analysis. Unfortunately alert flooding attacks can still cause a loss of service on sensors, and when performing attack graph correlation, there can be a large number of extraneous alerts included in the output graph. This obscures the fine structure of genuine attacks and makes them more difficult for human operators to discern. This paper explores modified correlation algorithms which attempt to minimize the impact of this attack.
Resumo:
We consider an LTE network where a secondary user acts as a relay, transmitting data to the primary user using a decode-and-forward mechanism, transparent to the base-station (eNodeB). Clearly, the relay can decode symbols more reliably if the employed precoder matrix indicators (PMIs) are known. However, for closed loop spatial multiplexing (CLSM) transmit mode, this information is not always embedded in the downlink signal, leading to a need for effective methods to determine the PMI. In this thesis, we consider 2x2 MIMO and 4x4 MIMO downlink channels corresponding to CLSM and formulate two techniques to estimate the PMI at the relay using a hypothesis testing framework. We evaluate their performance via simulations for various ITU channel models over a range of SNR and for different channel quality indicators (CQIs). We compare them to the case when the true PMI is known at the relay and show that the performance of the proposed schemes are within 2 dB at 10% block error rate (BLER) in almost all scenarios. Furthermore, the techniques add minimal computational overhead over existent receiver structure. Finally, we also identify scenarios when using the proposed precoder detection algorithms in conjunction with the cooperative decode-and-forward relaying mechanism benefits the PUE and improves the BLER performance for the PUE. Therefore, we conclude from this that the proposed algorithms as well as the cooperative relaying mechanism at the CMR can be gainfully employed in a variety of real-life scenarios in LTE networks.
Resumo:
The wide use of antibiotics in aquaculture has led to the emergence of resistant microbial species. It should be avoided/minimized by controlling the amount of drug employed in fish farming. For this purpose, the present work proposes test-strip papers aiming at the detection/semi-quantitative determination of organic drugs by visual comparison of color changes, in a similar analytical procedure to that of pH monitoring by universal pH paper. This is done by establishing suitable chemical changes upon cellulose, attributing the paper the ability to react with the organic drug and to produce a color change. Quantitative data is also enabled by taking a picture and applying a suitable mathematical treatment to the color coordinates given by the HSL system used by windows. As proof of concept, this approach was applied to oxytetracycline (OXY), one of the antibiotics frequently used in aquaculture. A bottom-up modification of paper was established, starting by the reaction of the glucose moieties on the paper with 3-triethoxysilylpropylamine (APTES). The so-formed amine layer allowed binding to a metal ion by coordination chemistry, while the metal ion reacted after with the drug to produce a colored compound. The most suitable metals to carry out such modification were selected by bulk studies, and the several stages of the paper modification were optimized to produce an intense color change against the concentration of the drug. The paper strips were applied to the analysis of spiked environmental water, allowing a quantitative determination for OXY concentrations as low as 30 ng/mL. In general, this work provided a simple, method to screen and discriminate tetracycline drugs, in aquaculture, being a promising tool for local, quick and cheap monitoring of drugs.
Resumo:
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing. Keywords: anomaly detection, intrusion detection, Snort, Snort rules
Resumo:
The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify variable length unknown motifs which repeat within time series data. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper we test the flexibility of the motif tracking algorithm by applying it to the search for patterns in two industrial data sets. The algorithm is able to identify a population of motifs successfully in both cases, and the value of these motifs is discussed.
Resumo:
Artificial immune systems have previously been applied to the problem of intrusion detection. The aim of this research is to develop an intrusion detection system based on the function of Dendritic Cells (DCs). DCs are antigen presenting cells and key to the activation of the human immune system, behaviour which has been abstracted to form the Dendritic Cell Algorithm (DCA). In algorithmic terms, individual DCs perform multi-sensor data fusion, asynchronously correlating the fused data signals with a secondary data stream. Aggregate output of a population of cells is analysed and forms the basis of an anomaly detection system. In this paper the DCA is applied to the detection of outgoing port scans using TCP SYN packets. Results show that detection can be achieved with the DCA, yet some false positives can be encountered when simultaneously scanning and using other network services. Suggestions are made for using adaptive signals to alleviate this uncovered problem.
Resumo:
In this paper, we implement an anomaly detection system using the Dempster-Shafer method. Using two standard benchmark problems we show that by combining multiple signals it is possible to achieve better results than by using a single signal. We further show that by applying this approach to a real-world email dataset the algorithm works for email worm detection. Dempster-Shafer can be a promising method for anomaly detection problems with multiple features (data sources), and two or more classes.
Resumo:
Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human immune system. DCs perform the vital role of combining signals from the host tissue and correlate these signals with proteins known as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.
Resumo:
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing. Keywords: anomaly detection, intrusion detection, Snort, Snort rules
Resumo:
Automatic analysis of human behaviour in large collections of videos is gaining interest, even more so with the advent of file sharing sites such as YouTube. However, challenges still exist owing to several factors such as inter- and intra-class variations, cluttered backgrounds, occlusion, camera motion, scale, view and illumination changes. This research focuses on modelling human behaviour for action recognition in videos. The developed techniques are validated on large scale benchmark datasets and applied on real-world scenarios such as soccer videos. Three major contributions are made. The first contribution is in the area of proper choice of a feature representation for videos. This involved a study of state-of-the-art techniques for action recognition, feature extraction processing and dimensional reduction techniques so as to yield the best performance with optimal computational requirements. Secondly, temporal modelling of human behaviour is performed. This involved frequency analysis and temporal integration of local information in the video frames to yield a temporal feature vector. Current practices mostly average the frame information over an entire video and neglect the temporal order. Lastly, the proposed framework is applied and further adapted to real-world scenario such as soccer videos. A dataset consisting of video sequences depicting events of players falling is created from actual match data to this end and used to experimentally evaluate the proposed framework.
Resumo:
We present new radial velocity measurements of eight stars that were secured with the spectrograph SOPHIE at the 193 cm telescope of the Haute-Provence Observatory. The measurements allow detecting and characterizing new giant extrasolar planets. The host stars are dwarfs of spectral types between F5 and K0 and magnitudes of between 6.7 and 9.6; the planets have minimum masses Mp sin i of between 0.4 to 3.8 MJup and orbitalperiods of several days to several months. The data allow only single planets to be discovered around the first six stars (HD 143105, HIP 109600, HD 35759, HIP 109384, HD 220842, and HD 12484), but one of them shows the signature of an additional substellar companion in the system. The seventh star, HIP 65407, allows the discovery of two giant planets that orbit just outside the 12:5 resonance in weak mutual interaction. The last star, HD 141399, was already known to host a four-planet system; our additional data and analyses allow new constraints to be set on it. We present Keplerian orbits of all systems, together with dynamical analyses of the two multi-planet systems. HD 143105 is one of the brightest stars known to host a hot Jupiter, which could allow numerous follow-up studies to be conducted even though this is not a transiting system. The giant planets HIP 109600b, HIP 109384b, and HD 141399c are located in the habitable zone of their host star.
Resumo:
Serosurveillance is a powerful tool fundamental to understanding infectious disease dynamics. The presence of virus neutralising antibody (VNAb) in sera is considered the best evidence of infection, or indeed vaccination, and the gold standard serological assay for their detection is the virus neutralisation test (VNT). However, VNTs are labour intensive, costly and time consuming. In addition, VNTs for the detection of antibodies to highly pathogenic viruses require the use of high containment facilities, restricting the application of these assays to the few laboratories with adequate facilities. As a result, robust serological data on such viruses are limited. In this thesis I develop novel VNTs for the detection of VNAb to two important, highly pathogenic, zoonotic viruses; rabies and Rift Valley fever virus (RVFV). The pseudotype-based neutralisation test developed in this study allows for the detection of rabies VNAb without the requirement for high containment facilities. This assay was utilised to investigate the presence of rabies VNAb in animals from a variety of ecological settings. In this thesis I present evidence of natural rabies infection in both domestic dogs and lions from rabies endemic settings. The assay was further used to investigate the kinetics of VNAb response to rabies vaccination in a cohort of free-roaming dogs. The RVFV neutralisation assay developed herein utilises a recombinant luciferase expressing RVFV, which allows for rapid, high-throughput serosurveillance of this important neglected pathogen. In this thesis I present evidence of RVFV infection in a variety of domestic and wildlife species from Northern Tanzania, in addition to the detection of low-level transmission of RVFV during interepidemic periods. Additionally, the investigation of a longitudinal cohort of domestic livestock also provided evidence of rapid waning of RVF VNAb following natural infection. Collectively, the serological data presented in this thesis are consistent with existing data in the literature generated using the gold standard VNTs. Increasing the availability of serological assays will allow the generation of robust serological data, which are imperative to enhancing our understanding of the complex, multi-host ecology of these two viruses.
Resumo:
Breast cancer is one of the most prevalent forms of cancer in women. Despite all recent advances in early diagnosis and therapy, mortality data is not decreasing. This is an outcome of the inexistence of validated serum biomarkers allowing an early prognosis, out coming from the limited understanding of the natural history of the disease. In this context, miRNAs have been attracting a special interest throughout the scientific community as promising biomarkers in the early diagnosis of cancer. In breast cancer, several miRNAs and their levels of expression are significantly different between normal tissue and tissue with neoplasia, as well as between different molecular subtypes of breast cancer, also associated with prognosis. Thus, this these presents a meta-analysis that allows identifying a reliable miRNA biomarker for the early detection of breast cancer. In this, miRNA-155 was identified as the best one and an electrochemical biosensor was developed for its detection in serum samples. The biosensor was assembled by following three button-up stages: (1) the complementary miRNA sequence thiol terminated (anti-miRNA-155) was immobilized on a commercial gold screen-printed electrode (Au-SPE), followed by (2) blocking non-specific binding with mercaptosuccinic acid and by (3) miRNA hybridization. The biosensor was able to detect miRNA concentrations lying in the 10-18 mol/L (aM) range, displaying a linear response from 10 aM to 1nM. The device showed a limit of detection of 5.7 aM in human serum samples and good selectivity against other biomolecules in serum, such as cancer antigen CA-15.3 and bovine serum albumin (BSA). Overall, this simple and sensitive strategy is a promising approach for the quantitative and/or simultaneous analysis of multiple miRNA in physiological fluids, aiming at further biomedical research devoted to biomarker monitoring and point-of-care diagnosis.
Resumo:
In this study, the Schwarz Information Criterion (SIC) is applied in order to detect change-points in the time series of surface water quality variables. The application of change-point analysis allowed detecting change-points in both the mean and the variance in series under study. Time variations in environmental data are complex and they can hinder the identification of the so-called change-points when traditional models are applied to this type of problems. The assumptions of normality and uncorrelation are not present in some time series, and so, a simulation study is carried out in order to evaluate the methodology’s performance when applied to non-normal data and/or with time correlation.
Resumo:
Ethernet connections, which are widely used in many computer networks, can suffer from electromagnetic interference. Typically, a degradation of the data transmission rate can be perceived as electromagnetic disturbances lead to corruption of data frames on the network media. In this paper a software-based measuring method is presented, which allows a direct assessment of the effects on the link layer. The results can directly be linked to the physical interaction without the influence of software related effects on higher protocol layers. This gives a simple tool for a quantitative analysis of the disturbance of an Ethernet connection based on time domain data. An example is shown, how the data can be used for further investigation of mechanisms and detection of intentional electromagnetic attacks. © 2015 Author(s).
