"Last-Mile" preparation for a potential disaster

Extreme natural events, like e.g. tsunamis or earthquakes, regularly lead to catastrophes with dramatic consequences. In recent years natural disasters caused hundreds of thousands of deaths, destruction of infrastructure, disruption of economic activity and loss of billions of dollars worth of property and thus revealed considerable deficits hindering their effective management: Needs for stakeholders, decision-makers as well as for persons concerned include systematic risk identification and evaluation, a way to assess countermeasures, awareness raising and decision support systems to be employed before, during and after crisis situations. The overall goal of this study focuses on interdisciplinary integration of various scientific disciplines to contribute to a tsunami early warning information system. In comparison to most studies our focus is on high-end geometric and thematic analysis to meet the requirements of small-scale, heterogeneous and complex coastal urban systems. Data, methods and results from engineering, remote sensing and social sciences are interlinked and provide comprehensive information for disaster risk assessment, management and reduction. In detail, we combine inundation modeling, urban morphology analysis, population assessment, socio-economic analysis of the population and evacuation modeling. The interdisciplinary results eventually lead to recommendations for mitigation strategies in the fields of spatial planning or coping capacity

Learning-based Analysis on the Exploitability of Security Vulnerabilities

The purpose of this thesis is to develop a tool that uses machine learning techniques to make predictions about whether or not a given vulnerability will be exploited. Such a tool could help organizations such as electric utilities to prioritize their security patching operations. Three different models, based on a deep neural network, a random forest, and a support vector machine respectively, are designed and implemented. Training data for these models is compiled from a variety of sources, including the National Vulnerability Database published by NIST and the Exploit Database published by Offensive Security. Extensive experiments are conducted, including testing the accuracy of each model, dynamically training the models on a rolling window of training data, and filtering the training data by various features. Of the chosen models, the deep neural network and the support vector machine show the highest accuracy (approximately 94% and 93%, respectively), and could be developed by future researchers into an effective tool for vulnerability analysis

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior. Such attacks have been known to have serious effects on production systems, take down entire websites, or lead to bypasses of Web Application Firewalls. Unfortunately, existing detection mechanisms for algorithmic complexity vulnerabilities are domain-specific and often require significant manual effort. In this paper, we design, implement, and evaluate SlowFuzz, a domain-independent framework for automatically finding algorithmic complexity vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided evolutionary search techniques to automatically find inputs that maximize computational resource utilization for a given application.Comment: ACM CCS '17, October 30-November 3, 2017, Dallas, TX, US

Seismic Performance of Anchored Brick Veneer

A study was conducted on the out-of-plane seismic performance of anchored brick veneer with wood-frame backup wall systems, to evaluate prescriptive design requirements and current construction practices. Prescriptive requirements for the design and construction of anchored brick veneer are currently provided by the Masonry Standards Joint Committee (MSJC) Building Code, the International Residential Code (IRC) for Oneand Two-Family Dwellings, and the Brick Industry Association (BIA) Technical Notes. Laboratory tests were conducted on brick-tie-wood subassemblies, comprising two bricks with a corrugated sheet metal tie either nail- or screw-attached to a wood stud, permitting an evaluation of the stiffness, strength, and failure modes for a local portion of a veneer wall system, rather than just of a single tie by itself. Then, full-scale brick veneer wall specimens (two one-story solid walls, as well as a one-and-a-half story wall with a window opening and a gable region) were tested under static and dynamic out-of-plane loading on a shake table. The shake table tests captured the performance of brick veneer wall systems, including interaction and load-sharing between the brick veneer, corrugated sheet metal ties, and wood-frame backup. Finally, all of these test results were used to develop finite element models of brick veneer wall systems, including nonlinear inelastic properties for the tie connections. The experimental and analytical studies showed that the out-of-plane seismic performance of residential anchored brick veneer walls is generally governed by: tensile stiffness and strength properties of the tie connections, as controlled by tie installation details; overall grid spacing of the tie connections, especially for tie installation along the edges and in the upper regions of walls; and, overall wall geometric variations. Damage limit states for single-story residential brick veneer wall systems were established from the experimental and analytical studies as a function of tensile failure of key tie connections, and the seismic fragility of this form of construction was then evaluated. Based on the overall findings, it is recommended that codes incorporate specific requirements for tie connection installation along all brick veneer wall edges, as well as for tie connection installation at reduced spacings in the upper regions of wall panels and near stiffer regions of the backup. Residential anchored brick veneer construction should as a minimum be built in accordance with the current prescriptive code requirements and recommendations, throughout low to moderate seismicity regions of the central and eastern U.S., whereas non-compliant methods of construction commonly substituted in practice are generally not acceptable.published or submitted for publicatio