A Methodology for Evaluating the Robustness of Anomaly Detectors to Adversarial Attacks in Industrial Scenarios

Anomaly Detection systems based on Machine and Deep learning are the most promising solutions to detect cyberattacks in the industry. However, these techniques are vulnerable to adversarial attacks that downgrade prediction performance. Several techniques have been proposed to measure the robustness of Anomaly Detection in the literature. However, they do not consider that, although a small perturbation in an anomalous sample belonging to an attack, i.e., Denial of Service, could cause it to be misclassified as normal while retaining its ability to damage, an excessive perturbation might also transform it into a truly normal sample, with no real impact on the industrial system. This paper presents a methodology to calculate the robustness of Anomaly Detection models in industrial scenarios. The methodology comprises four steps and uses a set of additional models called support models to determine if an adversarial sample remains anomalous. We carried out the validation using the Tennessee Eastman process, a simulated testbed of a chemical process. In such a scenario, we applied the methodology to both a Long-Short Term Memory (LSTM) neural network and 1-dimensional Convolutional Neural Network (1D-CNN) focused on detecting anomalies produced by different cyberattacks. The experiments showed that 1D-CNN is significantly more robust than LSTM for our testbed. Specifically, a perturbation of 60% (empirical robustness of 0.6) of the original sample is needed to generate adversarial samples for LSTM, whereas in 1D-CNN the perturbation required increases up to 111% (empirical robustness of 1.11)

Clonal chromosomal mosaicism and loss of chromosome Y in elderly men increase vulnerability for SARS-CoV-2

The pandemic caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2, COVID-19) had an estimated overall case fatality ratio of 1.38% (pre-vaccination), being 53% higher in males and increasing exponentially with age. Among 9578 individuals diagnosed with COVID-19 in the SCOURGE study, we found 133 cases (1.42%) with detectable clonal mosaicism for chromosome alterations (mCA) and 226 males (5.08%) with acquired loss of chromosome Y (LOY). Individuals with clonal mosaic events (mCA and/or LOY) showed a 54% increase in the risk of COVID-19 lethality. LOY is associated with transcriptomic biomarkers of immune dysfunction, pro-coagulation activity and cardiovascular risk. Interferon-induced genes involved in the initial immune response to SARS-CoV-2 are also down-regulated in LOY. Thus, mCA and LOY underlie at least part of the sex-biased severity and mortality of COVID-19 in aging patients. Given its potential therapeutic and prognostic relevance, evaluation of clonal mosaicism should be implemented as biomarker of COVID-19 severity in elderly people. Among 9578 individuals diagnosed with COVID-19 in the SCOURGE study, individuals with clonal mosaic events (clonal mosaicism for chromosome alterations and/or loss of chromosome Y) showed an increased risk of COVID-19 lethality

Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments

Medical Cyber-Physical Systems (MCPS) hold the promise of reducing human errors and optimizing healthcare by delivering new ways to monitor, diagnose and treat patients through integrated clinical environments (ICE). Despite the benefits provided by MCPS, many of the ICE medical devices have not been designed to satisfy cybersecurity requirements and, consequently, are vulnerable to recent attacks. Nowadays, ransomware attacks account for 85% of all malware in healthcare, and more than 70% of attacks confirmed data disclosure. With the goal of improving this situation, the main contribution of this paper is an automatic, intelligent and real-time system to detect, classify, and mitigate ransomware in ICE. The proposed solution is fully integrated with the ICE++ architecture, our previous work, and makes use of Machine Learning (ML) techniques to detect and classify the spreading phase of ransomware attacks affecting ICE. Additionally, Network Function Virtualization (NFV) and Software Defined Networking (SDN)paradigms are considered to mitigate the ransomware spreading by isolating and replacing infected devices. Different experiments returned a precision/recall of 92.32%/99.97% in anomaly detection, an accuracy of 99.99% in ransomware classification, and promising detection and mitigation times. Finally, different labelled ransomware datasets in ICE have been created and made publicly available

Pneumonia treated in the internal medicine department: Focus on healthcare-associated pneumonia

Patients with pneumonia treated in the internal medicine department (IMD) are often at risk of healthcare-associated pneumonia (HCAP). The importance of HCAP is controversial. We invited physicians from 72 IMDs to report on all patients with pneumonia hospitalized in their department during 2weeks (one each in January and June 2010) to compare HCAP with community-acquired pneumonia (CAP) and hospital-acquired pneumonia (HAP). We analysed 1002 episodes of pneumonia: 58.9% were CAP, 30.6% were HCAP and 10.4% were HAP. A comparison between CAP, HCAP and HAP showed that HCAP patients were older (77, 83 and 80.5years; p<0.001), had poorer functional status (Barthel 100, 30 and 65; p<0.001) and had more risk factors for aspiration pneumonia (18, 50 and 34%; p<0.001). The frequency of testing to establish an aetiological diagnosis was lower among HCAP patients (87, 72 and 79; p<0.001), as was adherence to the therapeutic recommendations of guidelines (70, 23 and 56%; p<0.001). In-hospital mortality increased progressively between CAP, HCAP and HAP (8, 19 and 27%; p<0.001). Streptococcus pneumoniae was the main pathogen in CAP and HCAP. Pseudomonas aeruginosa and methicillin-resistant Staphylococcus aureus (MRSA) caused 17 and 12.3% of HCAP. In patients with a confirmed aetiological diagnosis, the independent risk factors for pneumonia due do difficult-to-treat microorganisms (Enterobacteriaceae, P. aeruginosa or MRSA) were HCAP, chronic obstructive pulmonary diseases and higher Port Severity Index. Our data confirm the importance of maintaining high awareness of HCAP among patients treated in IMDs, because of the different aetiologies, therapy requirements and prognosis of this population. © 2011 The Authors. Clinical Microbiology and Infection © 2011 European Society of Clinical Microbiology and Infectious Diseases