Using the Pattern-of-Life in Networks to Improve the Effectiveness of Intrusion Detection Systems

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high- level information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination

Using Pattern-of-Life as Contextual Information for Anomaly-based Intrusion Detection Systems

open access articleAs the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measurable network traffic, but also on the available highlevel information related to the protected network. To this end, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate an FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect detection rate (i.e., 99.76%) and only 6.33% false positive rate, depending on the particular metric combination

The Automated analysis of object-oriented designs

This thesis concerns the use of software measures to assess the quality of object-oriented designs. It examines the ways in which design assessment can be assisted by measurement and the areas in which it can't. Other work in software measurement looks at defining and validating measures,or building prediction systems. This work is distinctive in that it examines the use of measures to help improve design quality during design time. To evaluate a design based on measurement results requires a means of relating measurement values to particular design problems or quality levels. Design heuristics were used to make this connection between measurement and quality. A survey was carried out to find suggestions for guidelines, rules and heuristics from the 00 design literature. This survey resulted in a catalogue of 288 suggestions for 00 design heuristics. The catalogue was structured around the 00 constructs to which the heuristics relate, and includes information on various heuristic attributes. This scheme is intended to allow suitable heuristics to be quickly located and correctly applied. Automation requires tool support. A tool was built which augmented the functionality available in existing sets, and taking input from multiple sources of design information (e.g., CASE tools and source code) and the described so far presents a potential method for automated design assessment provides the means of automation. An empirical study was then required to consider the efficacy of the method and evaluate the novel features of the tool. A case study was used to explore the approach taken by, and evaluate the effectiveness of, 15 subjects using measures and heuristics to assess the design of a small 00 system(IS classes). This study showed that semantic heuristics tended to highlight significant problems, but where attempts were made to automate these it often led to false problems being identified. This result, along with a previous finding that around half of quality criteria are not automatically assessable at design time, strongly suggeststhat people are still a necessary part of design assessment. The main result of the case study was that the subjects correctly identified 90% of the major design problems and were very positive about their experience of using measurement to support design assessment

Fuzzy cognitive map modelling the adoption of educational software in schools

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This thesis focuses on modelling factors in the adoption of educational software in schools based on the perceptions of key stakeholders. Findings indicate educational software adoption in UK secondary schools is unsatisfactory. Given the potential of educational software to affect the learning process; the government's emphasis on developing software content for learning purposes and the concern that scarce resources in schools are wasted on software that is inappropriately used or not used at all, there is a need to ensure the successful take-up of educational software. This study aims to provide schools the means to facilitate better management of resources and achieve greater utilisation of educational software. The study in recognising the importance of stakeholders in any technological adoption considers modelling educational software adoption in schools, based on key stakeholders' perceptions. Fuzzy cognitive maps (FCMs), considered extensions of cognitive maps used for modelling complex chains of casual relationships, are used as a modelling approach in this study. A mixed methods research approach is adopted. Participants, include students; a range of teachers; ICTCoordinators and ICT-Technicians, drawn from three UK secondary schools. The resulting FCM model offers a visual medium providing insight into the factors required in the take-up of educational software. Some factors identified include the availability and accessibility to IT facilities and equipment; the availability of educational software; software ability to satisfy learning requirements and to meet curriculum requirements. The model provides the means to identify factors which have a greater impact on educational software adoption, so scarce resources can be directed accordingly. As a holistic model it provides insight into the context of educational software adoption in schools. As a dynamic model it allows the opportunity to explore `what-if possibilities relating to policy and investment options. The model can act as a guide for planners, decision-makers and software developers

Making sense of changing coastal systems: overcoming barriers to climate change adaptation using fuzzy cognitive mapping

This thesis describes the role and value of Fuzzy Cognitive Mapping (FCM) in undertaking coastal climate change adaptation at the local scale, comparing FCM against existing, scenario-based adaptation methods in overcoming known barriers to adaptation. It describes the attributes and limitations of FCM as a modelling tool, exploring what must be accounted for in considering the use of FCM in mixed stakeholder settings where individual and group knowledge must be integrated to form a view of the system under study, discussing in some detail the facilitation strengths and weaknesses inherent to the method. These issues are then described via reference to case-studies in Ireland and Scotland, drawing inferences regarding the ease with which an FCM-based approach to adaptation might be substituted for orthodox, scenario-based adaptation. This is found to not only be feasible, but preferable, provided there is sufficient facilitation capacity on hand to manage the added complexity that FCM carries over simple narrative scenario development. Adding to the value that FCM offers in adaptation contexts, the thesis also explores its value as both a diagnostic tool for establishing what additional capacity building or data may be required by adaptation decision makers, and also as a tool for gauging the extent to which resilience gains (or losses) might be measured. Although FCM cannot be claimed to provide a robust objective measure of resilience gains or losses, it can nevertheless usefully illustrate to decision makers the strengths and limitations of their own understanding of the systems which they must manage. This is perhaps where the future of FCM-based systems analysis in support of adaptation may ultimately lie

Developing a diagnostic heuristic for integrated sugarcane supply and processing systems.

Doctoral Degrees. University of KwaZulu-Natal, Pietermaritzburg.Innovation is a valuable asset that gives supply chains a competitive edge. Moreover, the adoption of innovative research recommendations in agricultural value chains and integrated sugarcane supply and processing systems (ISSPS) in particular has been relatively slow when compared with other industries such as electronics and automotive. The slow adoption is attributed to the complex, multidimensional nature of ISSPS and the perceived lack of a holistic approach when dealing with certain issues. Most of the interventions into ISSPS often view the system as characterised by tame problems hence, the widespread application of traditional operations research approaches. Integrated sugarcane supply and processing systems are, nonetheless, also characterised by wicked problems. Interventions into such contexts should therefore, embrace tame and/or wicked issues. Systemic approaches are important and have in the past identified several system-scale opportunities within ISSPS. Such interventions are multidisciplinary and employ a range of methodologies spanning across paradigms. The large number of methodologies available, however, makes choosing the right method or a combination thereof difficult. In this context, a novel overarching diagnostic heuristic for ISSPS was developed in this research. The heuristic will be used todiagnose relatively small, but pertinent ISSPS constraints and opportunities. The heuristic includes a causal model that determines and ranks linkages between the many domains that govern integrated agricultural supply and processing systems (IASPS) viz. biophysical, collaboration, culture, economics, environment, future strategy, information sharing, political forces, and structures. Furthermore, a diagnostic toolkit based on the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) was developed. The toolkit comprises a diagnostic criteria and a suite of systemic tools. The toolkit, in addition, determines thesuitability of each tool to diagnose any of the IASPS domains. Overall, the diagnostic criteria include accessibility, interactiveness, transparency, iterativeness, feedback, cause-and-effect logic, and time delays. The tools considered for the toolkit were current reality trees, fuzzy cognitive maps (FCMs), network analysis approaches, rich pictures (RP), stock and flow diagrams, cause and effect diagrams (CEDs), and causal loop diagrams (CLDs). Results from the causal model indicate that collaboration, structure and information sharing had a high direct leverage over the other domains as these were associated with a larger number of linkages. Collaboration and structure further provided dynamic leverage as these were also part of feedback loops. Political forces and the culture domain in contrast, provided lowleverage as these domains were only directly linked to collaboration. It was further revealed that each tool provides a different facet to complexity hence, the need for methodological pluralism. All the tools except RP could be applied, to a certain extent, across both appreciation and analysis criteria. Rich pictures do not have causal analysis capabilities viz. cause-and-effect logic, time delays and feedback. Stock and flow diagrams and CLDs conversely, met all criteria. All the diagnostic tools in the toolkit could be used across all the system domains except for FCMs. Fuzzy cognitive maps are explicitly subjective and their contribution lies outside the objective world. Caution should therefore be practiced when FCMs areapplied within the biophysical domain. The heuristic is only an aid to decision making. The decision to select a tool or a combination thereof remains with the user(s). Even though the heuristic was demonstrated at Mhlume sugarcane milling area, it is recommended that other areas be considered for future research. The heuristic itself should continuously be updated with criteria, tools and other domain dimensions

Fuzzy cognitive map modelling the adoption of educational software in schools

This thesis focuses on modelling factors in the adoption of educational software in schools based on the perceptions of key stakeholders. Findings indicate educational software adoption in UK secondary schools is unsatisfactory. Given the potential of educational software to affect the learning process; the government's emphasis on developing software content for learning purposes and the concern that scarce resources in schools are wasted on software that is inappropriately used or not used at all, there is a need to ensure the successful take-up of educational software. This study aims to provide schools the means to facilitate better management of resources and achieve greater utilisation of educational software. The study in recognising the importance of stakeholders in any technological adoption considers modelling educational software adoption in schools, based on key stakeholders' perceptions. Fuzzy cognitive maps (FCMs), considered extensions of cognitive maps used for modelling complex chains of casual relationships, are used as a modelling approach in this study. A mixed methods research approach is adopted. Participants, include students; a range of teachers; ICTCoordinators and ICT-Technicians, drawn from three UK secondary schools. The resulting FCM model offers a visual medium providing insight into the factors required in the take-up of educational software. Some factors identified include the availability and accessibility to IT facilities and equipment; the availability of educational software; software ability to satisfy learning requirements and to meet curriculum requirements. The model provides the means to identify factors which have a greater impact on educational software adoption, so scarce resources can be directed accordingly. As a holistic model it provides insight into the context of educational software adoption in schools. As a dynamic model it allows the opportunity to explore `what-if possibilities relating to policy and investment options. The model can act as a guide for planners, decision-makers and software developers.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Intelligent performance assessment in a virtual electronic laboratory

Laboratory work, in the undergraduate engineering course, is aimed at enhancing students’ understanding of taught concepts and integrating theory and practice. This demands that laboratory work is synchronised with lectures in order to maximise its derivable learning outcomes, measurable through assessment. The typical high costs of raditional engineering laboratory, which often militates against its increased use and the synchronisation of laboratory and lectures, have, in addition to other factors, catalysed the increased adoption of virtual laboratories as a complement to the traditional engineering laboratory. In extreme cases, virtual laboratories could serve as alternative means of providing, albeit simulated, meaningful practical experiences. A Virtual Electronic Laboratory (VEL), which can be used to undertake a range of undergraduate electronic engineering curriculum-based laboratory activities, in a realistic manner, has been implemented as part of the work presented in this thesis. The VEL incorporates a Bayesian Network (BN)-based model for the performance assessment of students’ laboratory work in the VEL. Detailed descriptions of the VEL and the assessment model are given. The evaluation of the entire system is in two phases: evaluation of the VEL as a tool for facilitating students’ deeper understanding of fundamental engineering concepts taught in lectures; and evaluation of the assessment model within the context of the VEL environment. The VEL is evaluated at two different engineering faculties, in two separate universities. Results from the evaluation of the VEL show the effectiveness of the VEL to enhance students’ learning, in the light of appropriate learning scenarios, and provide evidence and support for the use of virtual laboratories in the engineering educational context. Performance data, extracted from students’ behaviour logs (captured and recorded during the evaluation of the VEL) are used to evaluate the assessment model. Results of the evaluation demonstrate the effectiveness of the model as an assessment tool, and the practicability of the performance assessment of students’ laboratory work from their observed behaviour in a virtual learning environment.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Efficient Decision Support Systems

This series is directed to diverse managerial professionals who are leading the transformation of individual domains by using expert information and domain knowledge to drive decision support systems (DSSs). The series offers a broad range of subjects addressed in specific areas such as health care, business management, banking, agriculture, environmental improvement, natural resource and spatial management, aviation administration, and hybrid applications of information technology aimed to interdisciplinary issues. This book series is composed of three volumes: Volume 1 consists of general concepts and methodology of DSSs; Volume 2 consists of applications of DSSs in the biomedical domain; Volume 3 consists of hybrid applications of DSSs in multidisciplinary domains. The book is shaped upon decision support strategies in the new infrastructure that assists the readers in full use of the creative technology to manipulate input data and to transform information into useful decisions for decision makers

New Fundamental Technologies in Data Mining

The progress of data mining technology and large public popularity establish a need for a comprehensive text on the subject. The series of books entitled by "Data Mining" address the need by presenting in-depth description of novel mining algorithms and many useful applications. In addition to understanding each section deeply, the two books present useful hints and strategies to solving problems in the following chapters. The contributing authors have highlighted many future research directions that will foster multi-disciplinary collaborations and hence will lead to significant development in the field of data mining