Small-scale variations in mussel (Mytilus spp.) dynamics and local production

A mussel bed was sampled monthly at four intertidal levels (mid: 2.15; mid-low: 1.65; low: 1.2 and sublittoral fringe: 0.7 m from chart datum) from July 1979 to July 1980 at Pointe-Mitis in the St. Lawrence estuary. A strong spring reduction of abundance (both in density and biomass) suggested that the mussel bed was being degraded. Community perturbation was attributed to ice scour. Partial reestablishment of the mussel bed (all age classes) was observed during late spring and early summer and occurred mainly at the mid-low intertidal level. Changes in the size structure of the mussel bed with level suggest that the annual windstorm regime may be an important factor in the dynamics of the bed. Mean body mass decreased at the three lower shore levels but increased at the highest shore level. Overall, net secondary production (assessed by the increment-summation method) was negative due to the decrease in mean body mass. Annual production rates (kJ m−2 y−1) from the mid intertidal level to the sublittoral fringe were 1130, − 4072, − 4013 and − 3258, respectively, while P/B ratios (y−1) were 0.17, − 0.69, − 0.50 and − 0.45. The calculated production and the productivity (potential production) are compared and used to provide insight into the condition of the mussel bed

De nouvelles perspectives d'utilisation des logs dans un contexte de sécurité informatique

RÉSUMÉ L'explosion des connexions des systèmes industriels liées au cyberespace a engendré une augmentation conséquente des attaques informatiques. Afin de garantir la sécurité des systèmes industriels il est devenu vital de développer de nouveaux outils de surveillance. La mise en place de tels dispositifs peut cependant avoir des conséquences sur l'outil de production, causant des ralentissements ou s'avérant handicapant pour le fonctionnement. Dans un tel contexte, mettre au point des méthodes non intrusives qui assurent leur sûreté est un enjeu majeur pour la sécurité des systèmes industriels. Les logs sont des ensembles séquentiels de messages produits par un programme dont le rôle est de conserver un historique de l'exécution. Leur génération et leur consultation n'interfèrent pas avec le programme dont ils sont issus, si ce n'est en consommant des ressources du système d'exploitation hôte. Ce caractère les rend particulièrement précieux afin de respecter la contrainte de non-intrusion sur les systèmes industriels que doivent respecter les outils de surveillance. La détection d'anomalies au travers des logs est un problème qui a déjà été couvert dans la littérature, en utilisant une grande variété de modèles. Si l'on considère qu'une attaque est une utilisation anormale du système laissant des traces différentes dans les fichiers de logs, la transposition de ces méthodes constitue une première approche intéressante du problème ainsi qu'un excellent point de départ pour apporter une solution. En suivant cette démarche, nous proposons deux modèles permettant de détecter des attaques en exploitant des données présentes dans les logs : un automate fini et un réseau de neurones. Ces deux modèles reçoivent des données différentes, extraites des logs. Précisons que le système étudié est un serveur Web, générant donc des logs Web et que les attaques qu'il subit sont parmi les plus répandues. L'automate travaille sur les requêtes traitées par le serveur et cherche à reconstituer le parcours du client sur le site Web. L'hypothèse est que si l'automate a été construit en reprenant toutes les utilisations normales possibles du site Web, une trace non reconnue par l'automate ne correspondra donc pas à un comportement normal du client et sera donc labellisée comme résultant d'une attaque. Ses paramètres d'entrée ont été adaptés à deux attaques particulières bien que les tests aient été effectués sur quatre attaques différentes. Le réseau de neurones choisi est un perceptron multicouches dont les paramètres d'entrée sont des vecteurs résumant des traces d'exécution. Le rôle du réseau de neurones sera, étant donné le résumé d'une trace, de déterminer si celle-ci correspond à un comportement normal ou à une attaque et, dans le cas d'une attaque, de préciser laquelle. Le réseau de neurones a également été pensé pour détecter les deux mêmes attaques que l'automate mais ses paramètres d'entrée ont été adaptés pour pouvoir répondre à un cas plus général. Concernant les résultats des expériences destinées à valider les capacités des deux modèles, l'automate a parfaitement répondu aux attentes. Il s'est avéré capable de détecter avec certitude deux des types d'attaques pour lesquelles il a été pensé, mais n'a pas été en mesure d'identifier les deux autres de nature trop différentes. Les traces correspondant à des comportements normaux ont été également correctement reconnues par l'automate. Le réseau de neurones a eu, quant à lui, des résultats plus frustrants, avec un pourcentage de réussite aux environs de 30%. Une version simplifiée du modèle a permis d'augmenter ce pourcentage à plus ou moins 60%. Le réseau de neurones a eu de moins bons résultats pour différentes raisons. Notamment, avec du recul, on peut considérer que le modèle lui-même n'était pas adapté au problème, en particulier ces paramètres qui ne permettaient pas de croiser les logs du serveur Web avec d'autres (comme ceux générés par le système d'exploitation) afin d'en extraire de nouveaux comportements. La raison principale reste cependant que le modèle devait détecter des attaques trop différentes. Contrairement à l'automate qui était dédié au déni de service et à l'attaque par force brute, le perceptron a cherché, dès sa conception, à détecter les quatre attaques. C'est pourquoi il a perdu en efficacité sur les deux attaques principales. Pour autant, le travail de recherche reste positif. L'objectif de ce projet était avant tout d'étudier des techniques de détection d'intrusion et de montrer le potentiel de l'utilisation de logs autour desquels construire des modèles de surveillance de systèmes industriels. Ce but a été atteint et la perspective de mettre au point de tels dispositifs peut être envisagée.----------ABSTRACT A sizable increase in the number of computer attacks was due to the outburst of connections between industrial systems and the cyberspace. In order to ensure the security of those systems, it became vital to develop new monitoring solutions. Yet, setting up those mechanisms may have consequences on the production tool, leading to falloffs or crippling its normal functioning. In this context, developing non-intrusive methods that ensure reliability in a major concern in the security of industrial systems. Logs are sequential sets of messages produced by a program whose role is to keep track of a historic of execution. Their generation and their reading do not interfere with the program that creates them, besides consuming resources of the host operating system. This feature makes them very valuable when trying to respect the non-intrusion constraint that monitoring tools must abide by when dealing with industrial systems. Anomaly detection through logs is a problem that was studied in the literature, using several models. If one considers an attack as an abnormal use of a system, writing different traces in the log files, the translation of these methods establish an interesting first approach of the problem as well as an excellent starting point to bring a solution. Following this process, we propose two models allowing to detect attacks by using data contained in logs: a finite state automaton and a neural network. There two models receive different data extracted from logs. Let us point out that the system studied is a web server, generating web logs and that the attacks it underwent are amongst the most spread ones. The automaton works on request handled by the server and seeks to rebuild the journey of the client on the website. The hypothesis is this: if the automaton was built using all the possible paths a normal client can follow, a non-recognized trace would not correspond to a normal behavior and thus will be labeled as the result of an attack. The neural network chosen is a multilayer perceptron which input parameters are vectors summarizing execution traces. The role of the network will be, given the summary of a trace, to determine if it corresponds to a normal behavior or an attack, and in the case of an attack, which one. Regarding the results of the experiences whose objective was to validate the capacities of the two models, the automaton addressed our needs. It proved itself able to detect two types of attacks with certainty, but was incapable of identify two others. Traces corresponding to a normal behavior have also been recognized by the automaton. The neural network, as for it, had much more frustrating results, with a success rate of about 30%. A simplified version of the model was able to increase this rate to about 60%. The neural network may have had lower results for various reasons. With more hindsight, the model itself was not the most suited for the problem. Parameters may not have been convenient for the model, et would not allow any cross analysis with others (such as logs generated by the host operating system) in order to extract new behaviors either. Though, the main reason is that the model had to detect attacks that were too much different. Contrary to the automaton that was dedicated to the denial of service and the bruteforce attack, the perceptron tried, according to its design, to detect the four attacks. This is why it lost its efficiency on the two mains attacks. Nevertheless, the overall work remains positive. The objective of this project was to study intrusion detection methods and to demonstrate the potential of the use of logs in building models to monitor industrial systems. This goal was reached and the perspective to develop such tools can be considered

Science Hackathons for Cyberphysical System Security Research: Putting CPS testbed platforms to good use

A challenge is to develop cyber-physical system scenarios that reflect the diversity and complexity of real-life cyber-physical systems in the research questions that they address. Time-bounded collaborative events, such as hackathons, jams and sprints, are increasingly used as a means of bringing groups of individuals together, in order to explore challenges and develop solutions. This paper describes our experiences, using a science hackathon to bring individual researchers together, in order to develop a common use-case implemented on a shared CPS testbed platform that embodies the diversity in their own security research questions. A qualitative study of the event was conducted, in order to evaluate the success of the process, with a view to improving future similar events

Diagnostic de défaillance et de malveillance dans les systèmes de contrôle industriels

The convergence of information and industrial systems triggered a paradigm shift in the management of malicious and accidental events.Safety and security must now interact and it changes the perimeters and the issues of diagnosis. After defining this new perimeter, this thesis provides an analysis of existing models that provide necessary informations for diagnosis. It then proposes PROS²E, a new event model upon which safety and security diagnosis can be performed in industrial systems. It was specificaly designed to exploit experience already present in the fields of safety and security management. PROS²E is then improved to represent more complex incidents and provide more accurate information. Several examples illustrate the diagnosis capacities of the model.La convergence des systèmes d’informations et des systèmes industriels entraine un changement de paradigme dans la gestion des incidents accidentels et malveillants. Sûreté de fonctionnement et sécurité doivent désormais interagir, ce qui change le périmètre et les problématiques du diagnostic. Après avoir défini ce nouveau périmètre du diagnostic, cette thèse fournit une analyse des modèles existants permettant de fournir des informations nécessaires au diagnostic. Elle propose ensuite PROS²E, un nouveau modèle d’évènements sur lequel s’appuyer pour diagnostiquer des incidents dans des systèmes industriels. Il a été spécifiquement conçu pour réutiliser l’expertise déjà présente dans les différents métiers de la sûreté de fonctionnement et de la sécurité. PROS²E est ensuite amélioré pour représenter des incidents plus complexes et fournir des informations avec plus de précision. Plusieurs exemples illustrent les possibilités de diagnostic du modèle

Global patterns of macroinvertebrate production in marine benthic habitats

Using data published in 15 major marine ecology journals (from 1970 to 1999), we examined global patterns of marine benthic macroinvertebrate production and its distribution among feeding guilds and taxonomic groups and physical variables such as substratum type, water depth and temperature. Our database contains 547 production datasets, from 147 studies including 207 taxa, assessed by classical methods (cohort and size-based methods), from 170 sites (77°50'S to 69°35'N; 0 to 930 m depth). In general, higher values of production to biomass (P/B) ratios were observed in the Northern Hemisphere than in the Southern Hemisphere. High values of P/B ratios were observed in mid-latitudinal zones while low values of P/B ratios were observed in high (80 to 60°S) and low latitudinal zones (40°S to 20°N). Highest production was observed on hard substrata, for filter feeders and for mollusc (e.g. bivalves) species. Highest P/B ratios were observed on algae (or high organic substrata), omnivores and predators, and arthropods (e.g. amphipods). Regression models explained a significant percentage of the amount of variance of benthic production (92%) and P/B ratios (50 to 86%). Production and P/B ratios were negatively related to water depth and positively related to water temperature, but these abiotic variables did not greatly improve the predictability of production by biotic variables (e.g. life span, mean body mass). Biotic variables were more important than environmental variables in explaining observed variations in production and P/B ratios. For the latter, life span explained most (45 to 83%) of the variation of the models

Field evidence for an association between growth and protein polymorphism in the acorn barnacle Semibalanus balanoides

Organisms living in highly heterogeneous environments are useful for examining the effects of associations between phenotypes and ecologically relevant genes in the field. Here, we tested the null hypothesis of no association between the variation in 2 fitness-related traits (growth and fecundity) and polymorphism at 2 enzymatic loci, MPI* and GPI*, known to be subject to strong spatial selection. We also tested if such an association was related to the intensity of genotype selection observed for both allozymes at sampling locations in 2 barnacle cohorts. For both cohorts, individuals with the GPI*286/286 genotype were larger in size than individuals with the GPI*100/100 genotype, particularly in sites and microhabitats south of the Miramichi Estuary, Gulf of St. Lawrence, Canada. This coincided with a reduced GPI*100/100 frequency in this region. In contrast, the growth-MPI* genotype association showed no clear pattern. Overall, our results indicate that the phenotype-genotype assoc

Endoscopic Observations Of Invertebrate Larval Substratum Exploration And Settlement

In the marine environment, competent larvae of sessile invertebrates are influenced by water flow and a variety of biological, chemical and physical cues. Most research has focused on how these biotic and abiotic factors influence where individual larvae ultimately settle. Much less is known about post-contact exploration prior to metamorphosis. This is, in part, due to limitations associated with directly observing small larvae (100 to 500 μm) in flowing seawater. A study was conducted in Beaufort, North Carolina, USA to understand how larvae of the barnacle Balanus amphitrite and the bryozoan Bugula neritina respond to a variety of flow rates (0, 1.3, 6.1 and 8.3 cm s-1) and surface types (clean, biofilmed, 1 and 2 wk fouled). Larval behavior was studied by means of endoscopy in a running-seawater chamber. Larval movements were observed at 30 frames s-1 for individuals that remained in contact with surfaces from \u3c1.0 s to 44.5 min. Both flow rate and surface type significantly influenced the behavior of the species examined, although larvae of B. amphitrite and B. neritina often responded very differently to the same treatment conditions. Larvae of B. amphitrite explored more surface area (fractal dimensions) in moving water than in still water, but flow did not influence the direction of travel. Mean exploration rate of B. amphitrite did not vary among treatments and ranged from 0.16 to 0.21 mm s-1. More cyprid larvae explored surfaces with macrofouling and spent significantly longer times on these surfaces than on clean ones. In still water, larvae of B. neritina repeatedly contacted, explored and swam away from the test surfaces. In contrast, in flow, larvae of B. neritina never swam away from any surface after contact was made. Individuals of B. neritina crawled directly upstream on clean and biofilmed surfaces at all flow rates unless individuals encountered filamentous structures (biofilmed surfaces only). When this happened, larvae of B. neritina frequently remained attached to filaments as the filaments moved with the flow. These larvae were then either dislodged or immediately resumed crawling upstream upon contact with the plate surface. A limited number of larvae of both species settled during our observations (15% B. amphitrite, 18% B. neritina). Settlement of B. amphitrite was not correlated with flow rate or surface type; larvae of B. neritina settled only on 2 wk fouled surfaces

Genetic evidence for kin aggregation in the intertidal acorn barnacle (Semibalanus balanoides)

It is generally assumed that larvae of benthic species are thoroughly mixed in the plankton and distributed randomly at settlement. Yet, it has also been hypothesized that a combination of larval gregarious behaviour coupled with particular oceanographic conditions may prevent larvae from mixing completely, and result in nonrandom spatial distributions following settlement. Using microsatellite markers, the main objective of this study was to investigate the occurrence of statistical connections between relatedness and settlement in the intertidal acorn barnacle from the Gulf of St Lawrence, Canada. A second objective was to test the hypothesis that patches of kin-related individuals came from a common parental site. Our results indicated that a significant number of barnacles within a given sample were more closely related than expected by chance despite the enormous potential for admixture during the planktonic phase. Thus, eight out of 37 samples analysed had relatedness values sig