Improving SIEM for critical SCADA water infrastructures using machine learning

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset

Correlates of Complete Childhood Vaccination in East African Countries.

Despite the benefits of childhood vaccinations, vaccination rates in low-income countries (LICs) vary widely. Increasing coverage of vaccines to 90% in the poorest countries over the next 10 years has been estimated to prevent 426 million cases of illness and avert nearly 6.4 million childhood deaths worldwide. Consequently, we sought to provide a comprehensive examination of contemporary vaccination patterns in East Africa and to identify common and country-specific barriers to complete childhood vaccination. Using data from the Demographic and Health Surveys (DHS) for Burundi, Ethiopia, Kenya, Rwanda, Tanzania, and Uganda, we looked at the prevalence of complete vaccination for polio, measles, Bacillus Calmette-Guérin (BCG) and DTwPHibHep (DTP) as recommended by the WHO among children ages 12 to 23 months. We conducted multivariable logistic regression within each country to estimate associations between complete vaccination status and health care access and sociodemographic variables using backwards stepwise regression. Vaccination varied significantly by country. In all countries, the majority of children received at least one dose of a WHO recommended vaccine; however, in Ethiopia, Tanzania, and Uganda less than 50% of children received a complete schedule of recommended vaccines. Being delivered in a public or private institution compared with being delivered at home was associated with increased odds of complete vaccination status. Sociodemographic covariates were not consistently associated with complete vaccination status across countries. Although no consistent set of predictors accounted for complete vaccination status, we observed differences based on region and the location of delivery. These differences point to the need to examine the historical, political, and economic context of each country in order to maximize vaccination coverage. Vaccination against these childhood diseases is a critical step towards reaching the Millennium Development Goal of reducing under-five mortality by two-thirds by 2015 and thus should be a global priority

Trust and control interrelations: New perspectives on the trust control nexus

This article is the post-print version of the published article that may be accessed at the link below. Copyright @ 2007 Sage Publications.This article introduces the special issue on New Perspectives on the Trust-Control Nexus in Organizational Relations. Trust and control are interlinked processes commonly seen as key to reach effectiveness in inter- and intraorganizational relations. The relation between trust and control is, however, a complex one, and research into this relation has given rise to various and contradictory interpretations of how trust and control relate. A well-known discussion is directed at whether trust and control are better conceived as substitutes, or as complementary mechanisms of governance. The articles in this special issue bring the discussion on the relationship between both concepts a step further by identifying common factors, distinctive mechanisms, and key implications relevant for theory building and empirical research. By studying trust and control through different perspectives and at different levels of analysis, the articles provide new theoretical insights and empirical evidence on the foundations of the trust-control interrelations

ASCORE: an up-to-date cardiovascular risk score for hypertensive patients reflecting contemporary clinical practice developed using the (ASCOT-BPLA) trial data.

A number of risk scores already exist to predict cardiovascular (CV) events. However, scores developed with data collected some time ago might not accurately predict the CV risk of contemporary hypertensive patients that benefit from more modern treatments and management. Using data from the randomised clinical trial Anglo-Scandinavian Cardiac Outcomes Trial-BPLA, with 15 955 hypertensive patients without previous CV disease receiving contemporary preventive CV management, we developed a new risk score predicting the 5-year risk of a first CV event (CV death, myocardial infarction or stroke). Cox proportional hazard models were used to develop a risk equation from baseline predictors. The final risk model (ASCORE) included age, sex, smoking, diabetes, previous blood pressure (BP) treatment, systolic BP, total cholesterol, high-density lipoprotein-cholesterol, fasting glucose and creatinine baseline variables. A simplified model (ASCORE-S) excluding laboratory variables was also derived. Both models showed very good internal validity. User-friendly integer score tables are reported for both models. Applying the latest Framingham risk score to our data significantly overpredicted the observed 5-year risk of the composite CV outcome. We conclude that risk scores derived using older databases (such as Framingham) may overestimate the CV risk of patients receiving current BP treatments; therefore, 'updated' risk scores are needed for current patients

Complexity analysis of spontaneous brain activity: effects of depression and antidepressant treatment

Magnetoencephalography (MEG) allows the real-time recording of neural activity and oscillatory activity in distributed neural networks. We applied a non-linear complexity analysis to resting-state neural activity as measured using whole-head MEG. Recordings were obtained from 20 unmedicated patients with major depressive disorder and 19 matched healthy controls. Subsequently, after 6 months of pharmacological treatment with the antidepressant mirtazapine 30 mg/day, patients received a second MEG scan. A measure of the complexity of neural signals, the Lempel–Ziv Complexity (LZC), was derived from the MEG time series. We found that depressed patients showed higher pre-treatment complexity values compared with controls, and that complexity values decreased after 6 months of effective pharmacological treatment, although this effect was statistically significant only in younger patients. The main treatment effect was to recover the tendency observed in controls of a positive correlation between age and complexity values. Importantly, the reduction of complexity with treatment correlated with the degree of clinical symptom remission. We suggest that LZC, a formal measure of neural activity complexity, is sensitive to the dynamic physiological changes observed in depression and may potentially offer an objective marker of depression and its remission after treatment

Reactive control of autonomous drones

Aerial drones, ground robots, and aquatic rovers enable mobile applications that no other technology can realize with comparable flexibility and costs. In existing platforms, the low-level control enabling a drone's autonomous movement is currently realized in a time-triggered fashion, which simplifies implementations. In contrast, we conceive a notion of reactive control that supersedes the time-triggered approach by leveraging the characteristics of existing control logic and of the hardware it runs on. Using reactive control, control decisions are taken only upon recognizing the need to, based on observed changes in the navigation sensors. As a result, the rate of execution dynamically adapts to the circumstances. Compared to time-triggered control, this allows us to: i) attain more timely control decisions, ii) improve hardware utilization, iii) lessen the need to overprovision control rates. Based on 260+ hours of real-world experiments using three aerial drones, three different control logic, and three hardware platforms, we demonstrate, for example, up to 41% improvements in control accuracy and up to 22% improvements in flight time

Machine learning based IoT Intrusion Detection System:an MQTT case study (MQTT-IoT-IDS2020 Dataset)

The Internet of Things (IoT) is one of the main research fields in the Cybersecurity domain. This is due to (a) the increased dependency on automated device, and (b) the inadequacy of general-purpose Intrusion Detection Systems (IDS) to be deployed for special purpose networks usage. Numerous lightweight protocols are being proposed for IoT devices communication usage. One of the distinguishable IoT machine-to-machine communication protocols is Message Queuing Telemetry Transport (MQTT) protocol. However, as per the authors best knowledge, there are no available IDS datasets that include MQTT benign or attack instances and thus, no IDS experimental results available. In this paper, the effectiveness of six Machine Learning (ML) techniques to detect MQTT-based attacks is evaluated. Three abstraction levels of features are assessed, namely, packet-based, unidirectional flow, and bidirectional flow features. An MQTT simulated dataset is generated and used for the training and evaluation processes. The dataset is released with an open access licence to help the research community further analyse the accompanied challenges. The experimental results demonstrated the adequacy of the proposed ML models to suit MQTT-based networks IDS requirements. Moreover, the results emphasise on the importance of using flow-based features to discriminate MQTT-based attacks from benign traffic, while packet-based features are sufficient for traditional networking attacks