Improving SIEM for critical SCADA water infrastructures using machine learning

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset

Investigating the missing data mechanism in quality of life outcomes: a comparison of approaches

Background: Missing data is classified as missing completely at random (MCAR), missing at random (MAR) or missing not at random (MNAR). Knowing the mechanism is useful in identifying the most appropriate analysis. The first aim was to compare different methods for identifying this missing data mechanism to determine if they gave consistent conclusions. Secondly, to investigate whether the reminder-response data can be utilised to help identify the missing data mechanism. Methods: Five clinical trial datasets that employed a reminder system at follow-up were used. Some quality of life questionnaires were initially missing, but later recovered through reminders. Four methods of determining the missing data mechanism were applied. Two response data scenarios were considered. Firstly, immediate data only; secondly, all observed responses (including reminder-response). Results: In three of five trials the hypothesis tests found evidence against the MCAR assumption. Logistic regression suggested MAR, but was able to use the reminder-collected data to highlight potential MNAR data in two trials. Conclusion: The four methods were consistent in determining the missingness mechanism. One hypothesis test was preferred as it is applicable with intermittent missingness. Some inconsistencies between the two data scenarios were found. Ignoring the reminder data could potentially give a distorted view of the missingness mechanism. Utilising reminder data allowed the possibility of MNAR to be considered.The Chief Scientist Office of the Scottish Government Health Directorate. Research Training Fellowship (CZF/1/31

SMEs' Confidentiality Concerns for Security Information Sharing

Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies' information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies' willingness to share their information. Security information sharing decreases the risk of incidents and increases users' self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-57404-8_22Comment: 10 pages, 2 figures, 14th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2020

Preoperative calculation of risk for prolonged intensive care unit stay following coronary artery bypass grafting

OBJECTIVE: Patients who have prolonged stay in intensive care unit (ICU) are associated with adverse outcomes. Such patients have cost implications and can lead to shortage of ICU beds. We aimed to develop a preoperative risk prediction tool for prolonged ICU stay following coronary artery surgery (CABG). METHODS: 5,186 patients who underwent CABG between 1st April 1997 and 31st March 2002 were analysed in a development dataset. Logistic regression was used with forward stepwise technique to identify preoperative risk factors for prolonged ICU stay; defined as patients staying longer than 3 days on ICU. Variables examined included presentation history, co-morbidities, catheter and demographic details. The use of cardiopulmonary bypass (CPB) was also recorded. The prediction tool was tested on validation dataset (1197 CABG patients between 1(st )April 2003 and 31(st )March 2004). The area under the receiver operating characteristic (ROC) curve was calculated to assess the performance of the prediction tool. RESULTS: 475(9.2%) patients had a prolonged ICU stay in the development dataset. Variables identified as risk factors for a prolonged ICU stay included renal dysfunction, unstable angina, poor ejection fraction, peripheral vascular disease, obesity, increasing age, smoking, diabetes, priority, hypercholesterolaemia, hypertension, and use of CPB. In the validation dataset, 8.1% patients had a prolonged ICU stay compared to 8.7% expected. The ROC curve for the development and validation datasets was 0.72 and 0.74 respectively. CONCLUSION: A prediction tool has been developed which is reliable and valid. The tool is being piloted at our institution to aid resource management

Severe Respiratory Syncytial Virus Bronchiolitis in Infants Is Associated with Reduced Airway Interferon Gamma and Substance P

Severe human respiratory syncytial virus (hRSV) bronchiolitis in previously well infants may be due to differences in the innate immune response to hRSV infection. Aim: to determine if factors mediating proposed mechanisms for severe bronchiolitis differ with severity of disease

Predicting ICU survival: A meta-level approach

<p>Abstract</p> <p>Background</p> <p>The performance of separate Intensive Care Unit (ICU) status scoring systems vis-à-vis prediction of outcome is not satisfactory. Computer-based predictive modeling techniques may yield good results but their performance has seldom been extensively compared to that of other mature or emerging predictive models. The objective of the present study was twofold: to propose a prototype meta-level predicting approach concerning Intensive Care Unit (ICU) survival and to evaluate the effectiveness of typical mining models in this context.</p> <p>Methods</p> <p>Data on 158 men and 46 women, were used retrospectively (75% of the patients survived). We used Glasgow Coma Scale (GCS), Acute Physiology And Chronic Health Evaluation II (APACHE II), Sequential Organ Failure Assessment (SOFA) and Injury Severity Score (ISS) values to structure a decision tree (DTM), a neural network (NNM) and a logistic regression (LRM) model and we evaluated the assessment indicators implementing Receiver Operating Characteristics (ROC) plot analysis.</p> <p>Results</p> <p>Our findings indicate that regarding the assessment of indicators' capacity there are specific discrete limits that should be taken into account. The Az score ± SE was 0.8773± 0.0376 for the DTM, 0.8061± 0.0427 for the NNM and 0.8204± 0.0376 for the LRM, suggesting that the proposed DTM achieved a near optimal Az score.</p> <p>Conclusion</p> <p>The predicting processes of ICU survival may go "one step forward", by using classic composite assessment indicators as variables.</p

A comparative analysis of multi-level computer-assisted decision making systems for traumatic injuries

<p>Abstract</p> <p>Background</p> <p>This paper focuses on the creation of a predictive computer-assisted decision making system for traumatic injury using machine learning algorithms. Trauma experts must make several difficult decisions based on a large number of patient attributes, usually in a short period of time. The aim is to compare the existing machine learning methods available for medical informatics, and develop reliable, rule-based computer-assisted decision-making systems that provide recommendations for the course of treatment for new patients, based on previously seen cases in trauma databases. Datasets of traumatic brain injury (TBI) patients are used to train and test the decision making algorithm. The work is also applicable to patients with traumatic pelvic injuries.</p> <p>Methods</p> <p>Decision-making rules are created by processing patterns discovered in the datasets, using machine learning techniques. More specifically, CART and C4.5 are used, as they provide grammatical expressions of knowledge extracted by applying logical operations to the available features. The resulting rule sets are tested against other machine learning methods, including AdaBoost and SVM. The rule creation algorithm is applied to multiple datasets, both with and without prior filtering to discover significant variables. This filtering is performed via logistic regression prior to the rule discovery process.</p> <p>Results</p> <p>For survival prediction using all variables, CART outperformed the other machine learning methods. When using only significant variables, neural networks performed best. A reliable rule-base was generated using combined C4.5/CART. The average predictive rule performance was 82% when using all variables, and approximately 84% when using significant variables only. The average performance of the combined C4.5 and CART system using significant variables was 89.7% in predicting the exact outcome (home or rehabilitation), and 93.1% in predicting the ICU length of stay for airlifted TBI patients.</p> <p>Conclusion</p> <p>This study creates an efficient computer-aided rule-based system that can be employed in decision making in TBI cases. The rule-bases apply methods that combine CART and C4.5 with logistic regression to improve rule performance and quality. For final outcome prediction for TBI cases, the resulting rule-bases outperform systems that utilize all available variables.</p

Bus accident severity and passenger injury: evidence from Denmark

Purpose Bus safety is a concern not only in developing countries, but also in the U.S. and Europe. In Denmark, disentangling risk factors that are positively or negatively related to bus accident severity and injury occurrence to bus passengers can contribute to promote safety as an essential principle of sustainable transit and advance the vision “every accident is one too many”. Methods Bus accident data were retrieved from the national accident database for the period 2002–2011. A generalized ordered logit model allows analyzing bus accident severity and a logistic regression enables examining occurrence of injury to bus passengers. Results Bus accident severity is positively related to (i) the involvement of vulnerable road users, (ii) high speed limits, (iii) night hours, (iv) elderly drivers of the third party involved, and (v) bus drivers and other drivers crossing in yellow or red light. Occurrence of injury to bus passengers is positively related to (i) the involvement of heavy vehicles, (ii) crossing intersections in yellow or red light, (iii) open areas, (iv) high speed limits, and (v) slippery road surface. Conclusions The findings of the current study provide a comprehensive picture of the bus safety situation in Denmark and suggest the necessity of further research into bus drivers’ attitudes and perceptions of risks and road users’ perceptions of bus operations. Moreover, these findings suggest the need for further training into bus drivers’ hazard recognition skills and infrastructural solutions to forgive possible driving errors

A comparison between the APACHE II and Charlson Index Score for predicting hospital mortality in critically ill patients

<p>Abstract</p> <p>Background</p> <p>Risk adjustment and mortality prediction in studies of critical care are usually performed using acuity of illness scores, such as Acute Physiology and Chronic Health Evaluation II (APACHE II), which emphasize physiological derangement. Common risk adjustment systems used in administrative datasets, like the Charlson index, are entirely based on the presence of co-morbid illnesses. The purpose of this study was to compare the discriminative ability of the Charlson index to the APACHE II in predicting hospital mortality in adult multisystem ICU patients.</p> <p>Methods</p> <p>This was a population-based cohort design. The study sample consisted of adult (>17 years of age) residents of the Calgary Health Region admitted to a multisystem ICU between April 2002 and March 2004. Clinical data were collected prospectively and linked to hospital outcome data. Multiple regression analyses were used to compare the performance of APACHE II and the Charlson index.</p> <p>Results</p> <p>The Charlson index was a poor predictor of mortality (C = 0.626). There was minimal difference between a baseline model containing age, sex and acute physiology score (C = 0.74) and models containing either chronic health points (C = 0.76) or Charlson index variations (C = 0.75, 0.76, 0.77). No important improvement in prediction occurred when the Charlson index was added to the full APACHE II model (C = 0.808 to C = 0.813).</p> <p>Conclusion</p> <p>The Charlson index does not perform as well as the APACHE II in predicting hospital mortality in ICU patients. However, when acuity of illness scores are unavailable or are not recorded in a standard way, the Charlson index might be considered as an alternative method of risk adjustment and therefore facilitate comparisons between intensive care units.</p