Stochastic user behaviour modelling and network simulation for resource management in cooperation with mobile telecommunications and broadcast networks

The latest generations of telecommunications networks have been designed to deliver higher data rates than widely used second generation telecommunications networks, providing flexible communication capabilities that can deliver high quality video images. However, these new generations of telecommunications networks are interference limited, impairing their performance in cases of heavy traffic and high usage. This limits the services offered by a telecommunications network operator to those that the operator is confident their network can meet the demand for. One way to lift this constraint would be for the mobile telecommunications network operator to obtain the cooperation of a broadcast network operator so that during periods when the demand for the service is too high for the telecommunications network to meet, the service can be transferred to the broadcast network. In the United Kingdom the most recent telecommunications networks on the market are third generation UMTS networks while the terrestrial digital broadcast networks are DVB-T networks. This paper proposes a way for UMTS network operators to forecast the traffic associated with high demand services intended to be deployed on the UMTS network and when demand requires to transfer it to a cooperating DVB-T network. The paper aims to justify to UMTS network operators the use of a DVB-T network as a support for a UMTS network by clearly showing how using a DVB-T network to support it can increase the revenue generated by their network

Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

APHRODITE: an Anomaly-based Architecture for False Positive Reduction

We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimall

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%

User behaviour modelling for resource management in a hybrid UMTS/DVB-T network

Third generation mobile networks such as UMTS are designed to enhance the deployment of multimedia services providing high data rates and new flexible communication capabilities. However, these systems are interference limited and as such their performance is lowered in the case of a large number of users generating heavy traffic. A solution to this problem is to interconnect the UMTS network to a Digital Video Broadcasting-Terrestrial (DVB-T) network, so that the lack of capacity of UMTS during busy periods can be offset by the high bit rate available on the broadcast network. In order to justify this choice a prediction of the number of subscribers requesting the new multimedia applications designed for this scenario is needed. This paper focuses on the user behaviour modelling for multimedia services in a hybrid UMTS/DVB-T platform. The aim of the paper is to provide operators with a forecast of the demand for new multimedia services showing how they can be subject to a very high number of subscriptions, which UMTS would hardly be able to handle

Towards cross-lingual alerting for bursty epidemic events

Background: Online news reports are increasingly becoming a source for event based early warning systems that detect natural disasters. Harnessing the massive volume of information available from multilingual newswire presents as many challenges as opportunities due to the patterns of reporting complex spatiotemporal events. Results: In this article we study the problem of utilising correlated event reports across languages. We track the evolution of 16 disease outbreaks using 5 temporal aberration detection algorithms on text-mined events classified according to disease and outbreak country. Using ProMED reports as a silver standard, comparative analysis of news data for 13 languages over a 129 day trial period showed improved sensitivity, F1 and timeliness across most models using cross-lingual events. We report a detailed case study analysis for Cholera in Angola 2010 which highlights the challenges faced in correlating news events with the silver standard. Conclusions: The results show that automated health surveillance using multilingual text mining has the potential to turn low value news into high value alerts if informed choices are used to govern the selection of models and data sources. An implementation of the C2 alerting algorithm using multilingual news is available at the BioCaster portal http://born.nii.ac.jp/?page=globalroundup

The Agile Alert System For Gamma-Ray Transients

In recent years, a new generation of space missions offered great opportunities of discovery in high-energy astrophysics. In this article we focus on the scientific operations of the Gamma-Ray Imaging Detector (GRID) onboard the AGILE space mission. The AGILE-GRID, sensitive in the energy range of 30 MeV-30 GeV, has detected many gamma-ray transients of galactic and extragalactic origins. This work presents the AGILE innovative approach to fast gamma-ray transient detection, which is a challenging task and a crucial part of the AGILE scientific program. The goals are to describe: (1) the AGILE Gamma-Ray Alert System, (2) a new algorithm for blind search identification of transients within a short processing time, (3) the AGILE procedure for gamma-ray transient alert management, and (4) the likelihood of ratio tests that are necessary to evaluate the post-trial statistical significance of the results. Special algorithms and an optimized sequence of tasks are necessary to reach our goal. Data are automatically analyzed at every orbital downlink by an alert pipeline operating on different timescales. As proper flux thresholds are exceeded, alerts are automatically generated and sent as SMS messages to cellular telephones, e-mails, and push notifications of an application for smartphones and tablets. These alerts are crosschecked with the results of two pipelines, and a manual analysis is performed. Being a small scientific-class mission, AGILE is characterized by optimization of both scientific analysis and ground-segment resources. The system is capable of generating alerts within two to three hours of a data downlink, an unprecedented reaction time in gamma-ray astrophysics.Comment: 34 pages, 9 figures, 5 table