EWMA Based Threshold Algorithm for Intrusion Detection

Intrusion detection is used to monitor and capture intrusions into computer and network systems which attempt to compromise their security. Many intrusions manifest in dramatic changes in the intensity of events occuring in computer networks. Because of the ability of exponentially weighted moving average control charts to monitor the rate of occurrences of events based on their intensity, this technique is appropriate for implementation in threshold based algorithms

Multivariate Ewma Models and Monitoring Health Surveillance during a Pandemic

We examine a common problem is biological analytics and surveillance in health care. These methods can improve greatly the process of monitoring health data to assess changes in the likelihood of Pandemics and disease incidence in a world where medical knowledge is still largely in an embryonic period. Based on an illustration, we suggest that multivariate exponential moving-average (MEWMA) control charts are suitable in many cases where detection and inspection of several or more variables over a lengthy period of testing provide for the best analysis of data leading to pre-­diagnostic and diagnostic therapy. Though these methods came from the control of quality and continuous improvement in lean manufacturing and service operations, these methods are useful if not a vital application in the analysis of health care and therapeutic data. The indications from this study corroborate earlier findings by others that MEWMA methods fit the diagnostic activity under study. Unfortunately Pandemic Analysis is using oversimplified techniques in analyzing data secure by diagnostic tests which can easily be improved especially in the use modern day analytics based on quality control methods used in other disciplines

The Multivariate EWMA Model and Health Care Monitoring

We introduce the construction of MEWMA (Multivariate exponentially weighted movingaverage) process control in the field of bio surveillance. Such introduction will both improve the reliability of data collected in bio surveillance, better interpretation of the results,improvement in the quality of results and standardization of results when more than two variables are involved. We propose sensitivity ratios as a measure of the effects of the mean shift and dispersion shift in processes under study. Using these sensitivity measures, we designed the optimal exponential weighting factor, which is consistent to results reported in control chart applications. Although ARL (average run length) is the usual measure for control chart performance in multivariate process control, it is by no means the only criterion, however, at the moment it is most widely used criterion for decision making. We suggest addition study of other criteria. For example Medial Run Length, Days to Completion, Direction of Eorrors and others

EWMA Algorithm in Network Practice

Intrusion detection is used to monitor and capture intrusions into computer and network systems which attempt to compromise their security. Many intrusions manifest in changes in the intensity of events occuring in computer networks. Because of the ability of exponentially weighted moving average (EWMA) control charts to monitor the rate of occurrences of events based on their intensity, this technique is appropriate for implementation in control limits based algorithms. The paper also gives a review of a possible optimization method. The validation check of results will be performed on authentic network samples

Air Data Sensor Fault Detection with an Augmented Floating Limiter

Although very uncommon, the sequential failures of all aircraft Pitot tubes, with the consequent loss of signals for all the dynamic parameters from the Air Data System, have been found to be the cause of a number of catastrophic accidents in aviation history. This paper proposes a robust data-driven method to detect faulty measurements of aircraft airspeed, angle of attack, and angle of sideslip. This approach first consists in the appropriate selection of suitable sets of model regressors to be used as inputs of neural network-based estimators to be used online for failure detection. The setup of the proposed fault detection method is based on the statistical analysis of the residual signals in fault-free conditions, which, in turn, allows the tuning of a pair of floating limiter detectors that act as time-varying fault detection thresholds with the objective of reducing both the false alarm rate and the detection delay. The proposed approach has been validated using real flight data by injecting artificial ramp and hard failures on the above sensors. The results confirm the capabilities of the proposed scheme showing accurate detection with a desirable low level of false alarm when compared with an equivalent scheme with conventional “a priori set” fixed detection thresholds. The achieved performance improvement consists mainly in a substantial reduction of the detection time while keeping desirable low false alarm rates

RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks

The IP-based Ubiquitous Sensor Network (IP-USN) is an effort to build the “Internet of things”. By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System) called RIDES (Robust Intrusion DEtection System) for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control) technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components