19,959 research outputs found
Intelligent network-based early warning systems
Abstract. In this paper we present an approach for an agent-based early warning system (A-EWS) for critical infrastructures. In our approach we combine existing security infrastructures, e.g. firewalls or intrusion detection systems, with new detection approaches to create a global view and to determine the current threat state
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
Threshold Verification Technique for Network Intrusion Detection System
Internet has played a vital role in this modern world, the possibilities and
opportunities offered are limitless. Despite all the hype, Internet services
are liable to intrusion attack that could tamper the confidentiality and
integrity of important information. An attack started with gathering the
information of the attack target, this gathering of information activity can be
done as either fast or slow attack. The defensive measure network administrator
can take to overcome this liability is by introducing Intrusion Detection
Systems (IDSs) in their network. IDS have the capabilities to analyze the
network traffic and recognize incoming and on-going intrusion. Unfortunately
the combination of both modules in real time network traffic slowed down the
detection process. In real time network, early detection of fast attack can
prevent any further attack and reduce the unauthorized access on the targeted
machine. The suitable set of feature selection and the correct threshold value,
add an extra advantage for IDS to detect anomalies in the network. Therefore
this paper discusses a new technique for selecting static threshold value from
a minimum standard features in detecting fast attack from the victim
perspective. In order to increase the confidence of the threshold value the
result is verified using Statistical Process Control (SPC). The implementation
of this approach shows that the threshold selected is suitable for identifying
the fast attack in real time.Comment: 8 Pages, International Journal of Computer Science and Information
Securit
A performance study of anomaly detection using entropy method
An experiment to study the entropy method for an anomaly detection system has
been performed. The study has been conducted using real data generated from the
distributed sensor networks at the Intel Berkeley Research Laboratory. The
experimental results were compared with the elliptical method and has been
analyzed in two dimensional data sets acquired from temperature and humidity
sensors across 52 micro controllers. Using the binary classification to
determine the upper and lower boundaries for each series of sensors, it has
been shown that the entropy method are able to detect more number of out
ranging sensor nodes than the elliptical methods. It can be argued that the
better result was mainly due to the lack of elliptical approach which is
requiring certain correlation between two sensor series, while in the entropy
approach each sensor series is treated independently. This is very important in
the current case where both sensor series are not correlated each other.Comment: Proceeding of the International Conference on Computer, Control,
Informatics and its Applications (2017) pp. 137-14
The detection and tracking of mine-water pollution from abandoned mines using electrical tomography
Increasing emphasis is being placed on the environmental and societal impact of mining, particularly in the EU, where the environmental impacts of abandoned mine sites (spoil heaps and tailings) are now subject to the legally binding Water Framework and Mine Waste Directives.
Traditional sampling to monitor the impact of mining on surface waters and groundwater is laborious, expensive and often unrepresentative. In particular, sparse and infrequent borehole sampling may fail to capture the dynamic behaviour associated with important events such as flash flooding, mine-water break-out, and subsurface acid mine drainage. Current monitoring practice is therefore failing to provide the information needed to assess the socio-economic and environmental impact of mining on vulnerable eco-systems, or to give adequate early warning to allow preventative maintenance or containment. BGS has developed a tomographic imaging system known as ALERT ( Automated time-Lapse Electrical Resistivity Tomography) which allows the near real-time measurement of geoelectric properties "on demand", thereby giving early warning of potential threats to vulnerable water systems. Permanent in-situ geoelectric measurements are used to provide surrogate indicators of hydrochemical and hydrogeological properties. The ALERT survey concept uses electrode arrays, permanently buried in shallow trenches at the surface but these arrays could equally be deployed in mine entries or shafts or underground workings. This sensor network is then interrogated from the office by wireless telemetry (e.g: GSM, low-power radio, internet, and satellite) to provide volumetric images of the subsurface at regular intervals. Once installed, no manual intervention is required; data is transmitted automatically according to a pre-programmed schedule and for specific survey parameters, both of which may be varied remotely as conditions change (i.e: an adaptive sampling approach). The entire process from data capture to visualisation on the web-portal is seamless, with no manual intervention.
Examples are given where ALERT has been installed and used to remotely monitor (i) seawater intrusion in a coastal aquifer (ii) domestic landfills and contaminated land and (iii) vulnerable earth embankments. The full potential of the ALERT concept for monitoring mine-waste has yet to be demonstrated. However we have used manual electrical tomography surveys to characterise mine-waste pollution at an abandoned metalliferous mine in the Central Wales orefield in the UK. Hydrogeochemical sampling confirms that electrical tomography can provide a reliable surrogate for the mapping and long-term monitoring of mine-water pollution
- …