16,685 research outputs found
A log mining approach for process monitoring in SCADA
SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow
Pattern recognition in narrative: Tracking emotional expression in context
Using geometric data analysis, our objective is the analysis of narrative, with narrative of emotion being the focus in this work. The following two principles for analysis of emotion inform our work. Firstly, emotion is revealed not as a quality in its own right but rather through interaction. We study the 2-way relationship of Ilsa and Rick in the movie Casablanca, and the 3-way relationship of Emma, Charles and Rodolphe in the novel {\em Madame Bovary}. Secondly, emotion, that is expression of states of mind of subjects, is formed and evolves within the narrative that expresses external events and (personal, social, physical) context. In addition to the analysis methodology with key aspects that are innovative, the input data used is crucial. We use, firstly, dialogue, and secondly, broad and general description that incorporates dialogue. In a follow-on study, we apply our unsupervised narrative mapping to data streams with very low emotional expression. We map the narrative of Twitter streams. Thus we demonstrate map analysis of general narratives
Sound and Complete Runtime Security Monitor for Application Software
Conventional approaches for ensuring the security of application software at
run-time, through monitoring, either produce (high rates of) false alarms (e.g.
intrusion detection systems) or limit application performance (e.g. run-time
verification). We present a runtime security monitor that detects both known
and unknown cyber attacks by checking that the run-time behavior of the
application is consistent with the expected behavior modeled in application
specification. This is crucial because, even if the implementation is
consistent with its specification, the application may still be vulnerable due
to flaws in the supporting infrastructure (e.g. the language runtime system,
libraries and operating system). This runtime security monitor is sound and
complete, eliminating false alarms, as well as efficient, so that it does not
limit runtime application performance and so that it supports real-time
systems. The security monitor takes as input the application specification and
the application implementation, which may be expressed in different languages.
The specification language of the application software is formalized based on
monadic second order logic and event calculus interpreted over algebraic data
structures. This language allows us to express behavior of an application at
any desired (and practical) level of abstraction as well as with high degree of
modularity. The security monitor detects every attack by systematically
comparing the application execution and specification behaviors at runtime,
even though they operate at two different levels of abstraction. We define the
denotational semantics of the specification language and prove that the monitor
is sound and complete. Furthermore, the monitor is efficient because of the
modular application specification at appropriate level(s) of abstraction
Normalized Web Distance and Word Similarity
There is a great deal of work in cognitive psychology, linguistics, and
computer science, about using word (or phrase) frequencies in context in text
corpora to develop measures for word similarity or word association, going back
to at least the 1960s. The goal of this chapter is to introduce the
normalizedis a general way to tap the amorphous low-grade knowledge available
for free on the Internet, typed in by local users aiming at personal
gratification of diverse objectives, and yet globally achieving what is
effectively the largest semantic electronic database in the world. Moreover,
this database is available for all by using any search engine that can return
aggregate page-count estimates for a large range of search-queries. In the
paper introducing the NWD it was called `normalized Google distance (NGD),' but
since Google doesn't allow computer searches anymore, we opt for the more
neutral and descriptive NWD. web distance (NWD) method to determine similarity
between words and phrases. ItComment: Latex, 20 pages, 7 figures, to appear in: Handbook of Natural
Language Processing, Second Edition, Nitin Indurkhya and Fred J. Damerau
Eds., CRC Press, Taylor and Francis Group, Boca Raton, FL, 2010, ISBN
978-142008592
- ā¦