Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

The convective storm initiation project

Copyright @ 2007 AMSThe Convective Storm Initiation Project (CSIP) is an international project to understand precisely where, when, and how convective clouds form and develop into showers in the mainly maritime environment of southern England. A major aim of CSIP is to compare the results of the very high resolution Met Office weather forecasting model with detailed observations of the early stages of convective clouds and to use the newly gained understanding to improve the predictions of the model. A large array of ground-based instruments plus two instrumented aircraft, from the U.K. National Centre for Atmospheric Science (NCAS) and the German Institute for Meteorology and Climate Research (IMK), Karlsruhe, were deployed in southern England, over an area centered on the meteorological radars at Chilbolton, during the summers of 2004 and 2005. In addition to a variety of ground-based remote-sensing instruments, numerous rawin-sondes were released at one- to two-hourly intervals from six closely spaced sites. The Met Office weather radar network and Meteosat satellite imagery were used to provide context for the observations made by the instruments deployed during CSIP. This article presents an overview of the CSIP field campaign and examples from CSIP of the types of convective initiation phenomena that are typical in the United Kingdom. It shows the way in which certain kinds of observational data are able to reveal these phenomena and gives an explanation of how the analyses of data from the field campaign will be used in the development of an improved very high resolution NWP model for operational use.This work is funded by the National Environment Research Council following an initial award from the HEFCE Joint Infrastructure Fund

An evaluation of CNN and ANN in prediction weather forecasting: A review

Artificial intelligence through deep neural networks is now widely used in a variety of applications that have profoundly altered human livelihoods in a variety of ways.  People's daily lives have become much more convenient. Image recognition, smart recommendations, self-driving vehicles, voice translation, and a slew of other neural network innovations have had a lot of success in their respective fields. The authors present the ANN applied in weather forecasting. The prediction technique relies solely upon learning previous input values from intervals in order to forecast future values. And also, Convolutional Neural Networks (CNNs) are a form of deep learning technique that can help classify, recognize, and predict trends in climate change and environmental data. However, due to the inherent difficulties of such results, which are often independently identified, non-stationary, and unstable CNN algorithms should be built and tested with each dataset and system separately. On the other hand, to eradicate error and provides us with data that is virtually identical to the real value we need Artificial Neural Networks (ANN) algorithms or benefit from it. The presented CNN model's forecasting efficiency was compared to some state-of-the-art ANN algorithms. The analysis shows that weather prediction applications become more efficient when using ANN algorithms because it is really easy to put into practice

Long-term monitoring of geodynamic surface deformation using SAR interferometry

Thesis (Ph.D.) University of Alaska Fairbanks, 2014Synthetic Aperture Radar Interferometry (InSAR) is a powerful tool to measure surface deformation and is well suited for surveying active volcanoes using historical and existing satellites. However, the value and applicability of InSAR for geodynamic monitoring problems is limited by the influence of temporal decorrelation and electromagnetic path delay variations in the atmosphere, both of which reduce the sensitivity and accuracy of the technique. The aim of this PhD thesis research is: how to optimize the quantity and quality of deformation signals extracted from InSAR stacks that contain only a low number of images in order to facilitate volcano monitoring and the study of their geophysical signatures. In particular, the focus is on methods of mitigating atmospheric artifacts in interferograms by combining time-series InSAR techniques and external atmospheric delay maps derived by Numerical Weather Prediction (NWP) models. In the first chapter of the thesis, the potential of the NWP Weather Research & Forecasting (WRF) model for InSAR data correction has been studied extensively. Forecasted atmospheric delays derived from operational High Resolution Rapid Refresh for the Alaska region (HRRRAK) products have been compared to radiosonding measurements in the first chapter. The result suggests that the HRRR-AK operational products are a good data source for correcting atmospheric delays in spaceborne geodetic radar observations, if the geophysical signal to be observed is larger than 20 mm. In the second chapter, an advanced method for integrating NWP products into the time series InSAR workflow is developed. The efficiency of the algorithm is tested via simulated data experiments, which demonstrate the method outperforms other more conventional methods. In Chapter 3, a geophysical case study is performed by applying the developed algorithm to the active volcanoes of Unimak Island Alaska (Westdahl, Fisher and Shishaldin) for long term volcano deformation monitoring. The volcano source location at Westdahl is determined to be approx. 7 km below sea level and approx. 3.5 km north of the Westdahl peak. This study demonstrates that Fisher caldera has had continuous subsidence over more than 10 years and there is no evident deformation signal around Shishaldin peak.Chapter 1. Performance of the High Resolution Atmospheric Model HRRR-AK for Correcting Geodetic Observations from Spaceborne Radars -- Chapter 2. Robust atmospheric filtering of InSAR data based on numerical weather prediction models -- Chapter 3. Subtle motion long term monitoring of Unimak Island from 2003 to 2010 by advanced time series SAR interferometry -- Chapter 4. Conclusion and future work

Enhanced Prediction of Network Attacks Using Incomplete Data

For years, intrusion detection has been considered a key component of many organizations’ network defense capabilities. Although a number of approaches to intrusion detection have been tried, few have been capable of providing security personnel responsible for the protection of a network with sufficient information to make adjustments and respond to attacks in real-time. Because intrusion detection systems rarely have complete information, false negatives and false positives are extremely common, and thus valuable resources are wasted responding to irrelevant events. In order to provide better actionable information for security personnel, a mechanism for quantifying the confidence level in predictions is needed. This work presents an approach which seeks to combine a primary prediction model with a novel secondary confidence level model which provides a measurement of the confidence in a given attack prediction being made. The ability to accurately identify an attack and quantify the confidence level in the prediction could serve as the basis for a new generation of intrusion detection devices, devices that provide earlier and better alerts for administrators and allow more proactive response to events as they are occurring

Chemical transport model ozone simulations for spring 2001 over the western Pacific:comparisons with TRACE-P lidar, ozonesondes, and Total Ozone Mapping Spectrometer columns

Two closely related chemical transport models (CTMs) employing the same high-resolution meteorological data (similar to180 km x similar to180 km x similar to600 m) from the European Centre for Medium-Range Weather Forecasts are used to simulate the ozone total column and tropospheric distribution over the western Pacific region that was explored by the NASA Transport and Chemical Evolution over the Pacific (TRACE-P) measurement campaign in February-April 2001. We make extensive comparisons with ozone measurements from the lidar instrument on the NASA DC-8, with ozonesondes taken during the period around the Pacific Rim, and with TOMS total column ozone. These demonstrate that within the uncertainties of the meteorological data and the constraints of model resolution, the two CTMs (FRSGC/UCI and Oslo CTM2) can simulate the observed tropospheric ozone and do particularly well when realistic stratospheric ozone photochemistry is included. The greatest differences between the models and observations occur in the polluted boundary layer, where problems related to the simplified chemical mechanism and inadequate horizontal resolution are likely to have caused the net overestimation of about 10 ppb mole fraction. In the upper troposphere, the large variability driven by stratospheric intrusions makes agreement very sensitive to the timing of meteorological features

Interaction of convective organisation with monsoon precipitation, atmosphere, surface and sea: the 2016 INCOMPASS field campaign in India

The INCOMPASS field campaign combines airborne and ground measurements of the 2016 Indian monsoon, towards the ultimate goal of better predicting monsoon rainfall. The monsoon supplies the majority of water in South Asia, but forecasting from days to the season ahead is limited by large, rapidly developing errors in model parametrizations. The lack of detailed observations prevents thorough understanding of the monsoon circulation and its interaction with the land surface: a process governed by boundary-layer and convective-cloud dynamics. INCOMPASS used the UK Facility for Airborne Atmospheric Measurements (FAAM) BAe-146 aircraft for the first project of this scale in India, to accrue almost 100 hours of observations in June and July 2016. Flights from Lucknow in the northern plains sampled the dramatic contrast in surface and boundary layer structures between dry desert air in the west and the humid environment over the northern Bay of Bengal. These flights were repeated in pre-monsoon and monsoon conditions. Flights from a second base at Bengaluru in southern India measured atmospheric contrasts from the Arabian Sea, over the Western Ghats mountains, to the rain shadow of southeast India and the south Bay of Bengal. Flight planning was aided by forecasts from bespoke 4km convection-permitting limited-area models at the Met Office and India's NCMRWF. On the ground, INCOMPASS installed eddy-covariance flux towers on a range of surface types, to provide detailed measurements of surface fluxes and their modulation by diurnal and seasonal cycles. These data will be used to better quantify the impacts of the atmosphere on the land surface, and vice versa. INCOMPASS also installed ground instrumentation supersites at Kanpur and Bhubaneswar. Here we motivate and describe the INCOMPASS field campaign. We use examples from two flights to illustrate contrasts in atmospheric structure, in particular the retreating mid-level dry intrusion during the monsoon onset