Improving cyber-security of smart grid systems via anomaly detection and linguistic domain knowledge

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security

Autonomous rule creation for intrusion detection

Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system

Fuzzy logic based anomaly detection for embedded network security cyber sensor

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system

Towards resilient critical infrastructures: Application of Type-2 Fuzzy Logic in embedded network security cyber sensor

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL provides a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed

INL Control System Situational Awareness Technology Annual Report 2012

The overall goal of this project is to develop an interoperable set of tools to provide a comprehensive, consistent implementation of cyber security and overall situational awareness of control and sensor network implementations. The operation and interoperability of these tools will fill voids in current technological offerings and address issues that remain an impediment to the security of control systems. This report provides an FY 2012 update on the Sophia, Mesh Mapper, Intelligent Cyber Sensor, and Data Fusion projects with respect to the year-two tasks and annual reporting requirements of the INL Control System Situational Awareness Technology report (July 2010)

Comparative effectiveness research in chronic obstructive pulmonary disease

Chronic obstructive pulmonary disease affects millions worldwide. It is America’s third leading cause of death, and results in significant morbidity and cost. Although many therapies exist and are being developed to alleviate symptoms and decrease morbidity and mortality in chronic obstructive pulmonary disease, most have only been studied in placebo-controlled efficacy studies in highly selected populations. Comparative effectiveness and translational research in chronic obstructive pulmonary disease will require the development of infrastructures to support collaboration between researchers and the stakeholders who generate, disseminate and use new knowledge. Methodologies need to evolve to both prioritize research questions and to conduct collaborative comparative effectiveness research studies. Given the impracticality of testing every clinical intervention in comparative pragmatic trials for comparative effectiveness research in chronic obstructive pulmonary disease, we advocate expanding methodology that includes the use of observational databases with serially performed effectiveness analyses and quasi-experimental designs that include following healthcare changes longitudinally over time to assess benefit, harm, subgroups and cost

Stakeholder Priorities for Comparative Effectiveness Research in Chronic Obstructive Pulmonary Disease: A Workshop Report

Comparative effectiveness research (CER) is intended to address the expressed needs of patients, clinicians, and other stakeholders. Representatives of 54 stakeholder groups with an interest in chronic obstructive pulmonary disease (COPD) participated in workshops convened by the COPD Outcomes-based Network for Clinical Effectiveness and Research Translation (CONCERT) over a 2-year period. Year 1 focused on chronic care and care coordination. Year 2 focused on acute care and transitions in care between healthcare settings. Discussions and provisional voting were conducted via teleconferences and e-mail exchanges before the workshop. Final prioritization votes occurred after in-person discussions at the workshop. We used a modified Delphi approach to facilitate discussions and consensus building. To more easily quantify preferences and to evaluate the internal consistency of rankings, the Analytic Hierarchy Process was incorporated in Year 2. Results of preworkshop and final workshop voting often differed, suggesting that prioritization efforts relying solely on requests for topics from stakeholder groups without in-person discussion may provide different research priorities. Research priorities varied across stakeholder groups, but generally focused on studies to evaluate different approaches to healthcare delivery (e.g., spirometry for diagnosis and treatment, integrated healthcare strategies during transitions in care) rather than head-to-head comparisons of medications. This research agenda may help to inform groups intending to respond to CER funding opportunities in COPD. The methodologies used, detailed in the online supplement, may also help to inform prioritization efforts for CER in other health conditions

Catalog of Radio Galaxies with z>0.3. I:Construction of the Sample

The procedure of the construction of a sample of distant ($z>0.3$) radio galaxies using NED, SDSS, and CATS databases for further application in statistical tests is described. The sample is assumed to be cleaned from objects with quasar properties. Primary statistical analysis of the list is performed and the regression dependence of the spectral index on redshift is found.Comment: 9 pages, 6 figures, 2 table

Measuring health-related quality of life in chronic obstructive pulmonary disease: properties of the EQ-5D-5L and PROMIS-43 short form

Abstract Background The Patient Reported Outcomes Measurement Information System 43-item short form (PROMIS-43) and the five-level EQ-5D (EQ-5D-5L) are recently developed measures of health-related quality of life (HRQL) that have potentially broad application in evaluating treatments and capturing burden of respiratory-related diseases. The aims of this study were: (1) to examine their psychometric properties in patients with chronic obstructive pulmonary disease (COPD), and (2) to identify dimensions of HRQL that differ and do not differ by lung function. Methods We conducted a multi-center, cross-sectional study (“COPD Outcomes-based Network for Clinical Effectiveness & Research Translation” [CONCERT]). We analyzed patients who met spirometric criteria for COPD, and completed EQ-5D-5L and PROMIS questionnaires. Disease severity was graded based on the Global Initiative for Chronic Obstructive Lung Disease (GOLD) classification. Pulmonary function test, PROMIS-43, EQ-5D (index score and EQ-Visual Analog Scale [EQ-VAS]), six minute walk test (6MWT), and three dyspnea scales (mMRC, Borg, FACIT-Dyspnea) were administered. Validity and reliability of EQ-5D-5L and PROMIS-43 were examined, and differences in HRQL by GOLD grade were assessed. Results Data from 670 patients with COPD were analyzed (mean age 68.5 years; 58% male). More severe COPD was associated with more problems with mobility, self-care and usual activities (all p-values <0.01) according to EQ-5D-5L. Related domains on EQ-5D-5L, PROMIS and clinical measures were moderately (r = 0.30-0.49) to strongly (r ≥ 0.50) correlated. A statistically significant trend of decreasing HRQL with more severe lung functions was observed for EQ-5D-5L index scores, EQ-VAS scores, and PROMIS physical function and social roles. Conclusions Results supported the validity of EQ-5D-5L and PROMIS-43 in COPD patients, and indicate that physical function and social activities decrease with level of lung function by GOLD grade, but not pain, mental health, sleep or fatigue as reported by patients