12,880 research outputs found
CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection
Intrusion Detection Systems are an accepted and very
useful option to monitor, and detect malicious activities.
However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining signature and anomaly based IDSs should be examined. This paper contrasts signature and anomaly-based IDSs, and critiques some proposals about hybrid IDSs with signature and heuristic capabilities, before considering some of their contributions in order to include them as main features of a new hybrid IDS named CONDOR (COmbined Network intrusion Detection ORientate), which is designed to offer superior pattern analysis and anomaly detection by reducing false positive rates and administrator intervention
Contextual anomaly detection in crowded surveillance scenes
AbstractThis work addresses the problem of detecting human behavioural anomalies in crowded surveillance environments. We focus in particular on the problem of detecting subtle anomalies in a behaviourally heterogeneous surveillance scene. To reach this goal we implement a novel unsupervised context-aware process. We propose and evaluate a method of utilising social context and scene context to improve behaviour analysis. We find that in a crowded scene the application of Mutual Information based social context permits the ability to prevent self-justifying groups and propagate anomalies in a social network, granting a greater anomaly detection capability. Scene context uniformly improves the detection of anomalies in both datasets. The strength of our contextual features is demonstrated by the detection of subtly abnormal behaviours, which otherwise remain indistinguishable from normal behaviour
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Systematic network monitoring can be the cornerstone for
the dependable operation of safety-critical distributed
systems. In this paper, we present our vision for informed
anomaly detection through network monitoring and
resilience measurements to increase the operators'
visibility of ATM communication networks. We raise the
question of how to determine the optimal level of
automation in this safety-critical context, and we present a
novel passive network monitoring system that can reveal
network utilisation trends and traffic patterns in diverse
timescales. Using network measurements, we derive
resilience metrics and visualisations to enhance the
operators' knowledge of the network and traffic behaviour,
and allow for network planning and provisioning based on
informed what-if analysis
PCA 4 DCA: The Application Of Principal Component Analysis To The Dendritic Cell Algorithm
As one of the newest members in the field of artificial immune systems (AIS),
the Dendritic Cell Algorithm (DCA) is based on behavioural models of natural
dendritic cells (DCs). Unlike other AIS, the DCA does not rely on training
data, instead domain or expert knowledge is required to predetermine the
mapping between input signals from a particular instance to the three
categories used by the DCA. This data preprocessing phase has received the
criticism of having manually over-?tted the data to the algorithm, which is
undesirable. Therefore, in this paper we have attempted to ascertain if it is
possible to use principal component analysis (PCA) techniques to automatically
categorise input data while still generating useful and accurate classication
results. The integrated system is tested with a biometrics dataset for the
stress recognition of automobile drivers. The experimental results have shown
the application of PCA to the DCA for the purpose of automated data
preprocessing is successful.Comment: 6 pages, 4 figures, 3 tables, (UKCI 2009
Autonomous Fault Detection in Self-Healing Systems using Restricted Boltzmann Machines
Autonomously detecting and recovering from faults is one approach for
reducing the operational complexity and costs associated with managing
computing environments. We present a novel methodology for autonomously
generating investigation leads that help identify systems faults, and extends
our previous work in this area by leveraging Restricted Boltzmann Machines
(RBMs) and contrastive divergence learning to analyse changes in historical
feature data. This allows us to heuristically identify the root cause of a
fault, and demonstrate an improvement to the state of the art by showing
feature data can be predicted heuristically beyond a single instance to include
entire sequences of information.Comment: Published and presented in the 11th IEEE International Conference and
Workshops on Engineering of Autonomic and Autonomous Systems (EASe 2014
Using learned action models in execution monitoring
Planners reason with abstracted models of the behaviours they use to construct plans. When plans are turned into the instructions that drive an executive, the real behaviours interacting with the unpredictable uncertainties of the environment can lead to failure. One of the challenges for intelligent autonomy is to recognise when the actual execution of a behaviour has diverged so far from the expected behaviour that it can be considered to be a failure. In this paper we present further developments of the work described in (Fox et al. 2006), where models of behaviours were learned as Hidden Markov Models. Execution of behaviours is monitored by tracking the most likely trajectory through such a learned model, while possible failures in execution are identified as deviations from common patterns of trajectories within the learned models. We present results for our experiments with a model learned for a robot behaviour
Probabilistic Analysis of Temporal and Sequential Aspects of Activities of Daily Living for Abnormal Behaviour Detection
This paper presents a probabilistic approach for the identification of abnormal behaviour in Activities of Daily Living (ADLs) from dense sensor data collected from 30 participants. The ADLs considered are related to preparing and drinking (i) tea, and (ii) coffee. Abnormal behaviour identified in the context of these activities can be an indicator of a progressive health problem or the occurrence of a hazardous incident. The approach presented considers the temporal and sequential aspects of the actions that are part of each ADL and that vary between participants. The average and standard deviation for the duration and number of steps of each activity are calculated to define the average time and steps and a range within which a behaviour could be considered as normal for each stage and activity. The Cumulative Distribution Function (CDF) is used to obtain the probabilities of abnormal behaviours related to the early and late completion of activities and stages within an activity in terms of time and steps. Analysis shows that CDF can provide precise and reliable results regarding the presence of abnormal behaviour in stages and activities that last over a minute or consist of many steps. Finally, this approach could be used to train machine learning algorithms for abnormal behaviour detection.status: publishe
Autonomous real-time surveillance system with distributed IP cameras
An autonomous Internet Protocol (IP) camera based object tracking and behaviour identification system, capable of running in real-time on an embedded system with limited memory and processing power is presented in this paper. The main contribution of this work is the integration of processor intensive image processing algorithms on an embedded platform capable of running at real-time for monitoring the behaviour of pedestrians. The Algorithm Based Object Recognition and Tracking (ABORAT) system architecture presented here was developed on an Intel PXA270-based development board clocked at 520 MHz. The platform was connected to a commercial stationary IP-based camera in a remote monitoring station for intelligent image
processing. The system is capable of detecting moving objects and their shadows in a complex environment with varying lighting intensity and moving foliage. Objects
moving close to each other are also detected to extract their trajectories which are then fed into an unsupervised neural network for autonomous classification. The novel intelligent video system presented is also capable of performing simple analytic functions such as tracking and generating alerts when objects enter/leave regions or cross tripwires superimposed on live video by the operator
- …