186 research outputs found
Towards a Layered Architectural View for Security Analysis in SCADA Systems
Supervisory Control and Data Acquisition (SCADA) systems support and control
the operation of many critical infrastructures that our society depend on, such
as power grids. Since SCADA systems become a target for cyber attacks and the
potential impact of a successful attack could lead to disastrous consequences
in the physical world, ensuring the security of these systems is of vital
importance. A fundamental prerequisite to securing a SCADA system is a clear
understanding and a consistent view of its architecture. However, because of
the complexity and scale of SCADA systems, this is challenging to acquire. In
this paper, we propose a layered architectural view for SCADA systems, which
aims at building a common ground among stakeholders and supporting the
implementation of security analysis. In order to manage the complexity and
scale, we define four interrelated architectural layers, and uses the concept
of viewpoints to focus on a subset of the system. We indicate the applicability
of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure
Improving memorability in fisheye views
Interactive fisheye views use distortion to show both local detail and global context in the same display space. Although fisheyes allow the presentation and inspection of large data sets, the distortion effects can cause problems for users. One such problem is lack of memorability – the ability to find and go back to objects and features in the data. This thesis examines the possibility of improving the memorability of fisheye views by adding historical information to the visualization. The historical information is added visually through visit wear, an extension of the concepts of edit wear and read wear. This will answer the question “Where have I been?” through visual instead of cognitive processing by overlaying new visual information on the data to indicate a user’s recent interaction history. This thesis describes general principles of visibility in a space that is distorted by a fisheye lens and defines some parameters of the design space of visit wear. Finally, a test system that applied the principles was evaluated, and showed that adding visit wear to a fisheye system improved the memorability of the information space
Introducing a New Alert Data Set for Multi-Step Attack Analysis
Intrusion detection systems (IDS) reinforce cyber defense by autonomously
monitoring various data sources for traces of attacks. However, IDSs are also
infamous for frequently raising false positives and alerts that are difficult
to interpret without context. This results in high workloads on security
operators who need to manually verify all reported alerts, often leading to
fatigue and incorrect decisions. To generate more meaningful alerts and
alleviate these issues, the research domain focused on multi-step attack
analysis proposes approaches for filtering, clustering, and correlating IDS
alerts, as well as generation of attack graphs. Unfortunately, existing data
sets are outdated, unreliable, narrowly focused, or only suitable for IDS
evaluation. Since hardly any suitable benchmark data sets are publicly
available, researchers often resort to private data sets that prevent
reproducibility of evaluations. We therefore generate a new alert data set that
we publish alongside this paper. The data set contains alerts from three
distinct IDSs monitoring eight executions of a multi-step attack as well as
simulations of normal user behavior. To illustrate the potential of our data
set, we experiment with alert prioritization as well as two open-source tools
for meta-alert generation and attack graph extraction
A Critical Review of Common Log Data Sets Used for Evaluation of Sequence-based Anomaly Detection Techniques
Log data store event execution patterns that correspond to underlying
workflows of systems or applications. While most logs are informative, log data
also include artifacts that indicate failures or incidents. Accordingly, log
data are often used to evaluate anomaly detection techniques that aim to
automatically disclose unexpected or otherwise relevant system behavior
patterns. Recently, detection approaches leveraging deep learning have
increasingly focused on anomalies that manifest as changes of sequential
patterns within otherwise normal event traces. Several publicly available data
sets, such as HDFS, BGL, Thunderbird, OpenStack, and Hadoop, have since become
standards for evaluating these anomaly detection techniques, however, the
appropriateness of these data sets has not been closely investigated in the
past. In this paper we therefore analyze six publicly available log data sets
with focus on the manifestations of anomalies and simple techniques for their
detection. Our findings suggest that most anomalies are not directly related to
sequential manifestations and that advanced detection techniques are not
required to achieve high detection rates on these data sets
Combining semantic web technologies with evolving fuzzy classifier eClass for EHR-based phenotyping : a feasibility study
In parallel to nation-wide efforts for setting up shared electronic health records (EHRs) across healthcare settings, several large-scale national and international projects are developing, validating, and deploying electronic EHR oriented phenotype algorithms that aim at large-scale use of EHRs data for genomic studies. A current bottleneck in using EHRs data for obtaining computable phenotypes is to transform the raw EHR data into clinically relevant features. The research study presented here proposes a novel combination of Semantic Web technologies with the on-line evolving fuzzy classifier eClass to
obtain and validate EHR-driven computable phenotypes derived from 1956 clinical statements from EHRs. The evaluation performed with clinicians demonstrates the feasibility and practical acceptability of the approach proposed
The Cycle of Trust in Mixed Service-Oriented Systems
Many collaboration platforms are realized as service-oriented systems enabling flexible compositions of services and support of interactions. Interactions between entities in such systems do not only span software services, but also human actors. A mixed service-oriented system is therefore composed of human and software services. In open environments, interactions between people and services are highly dynamic and often influenced by the role and reputation of collaboration partners. In this paper we present an architecture for the management of trust in such mixed systems environments. In contrast to traditional solutions that typically focus on the matching of actors’ skills and competencies with collaboration requirements only, we propose a trust-based ’feedback loop’ enabling the inference and consideration of trust relationships based on observed interactions. This cycle, spanning interaction monitoring, trust analysis, trust-enabled collaboration planning, and trust-supported execution of activities and tasks, permits dynamic and trust-aware collaborations in service-oriented environments
Triton photodisintegration with realistic potentials
The photodisintegration of H is treated by means of coupled integral
equations using separable versions of the Paris and the Bonn potentials in
their kernel. The differential cross section for the inverse reaction is
obtained via detailed balance. For the latter process good agreement with the
data is found when including final-state interaction, meson exchange currents,
higher partial waves in the potential, and electric quadrupole contributions in
the electromagnetic interaction.Comment: 5 pages LaTeX and 5 postscript figures included, uses epsfig.sty and
espcrc1.sty. Talk given at the XVth International Conference on Few-Body
Problems in Physics (22-26 July, 1997, Groningen, The Netherlands). To be
published in the conference proceedings in Nucl. Phys.
Photodisintegration of three- and four- nucleon systems
Three- and four-nucleon photodisintegration processes are quite efficiently
treated by means of effective two-body integral equations in momentum space. We
recall some aspects of their derivation, present previous and most recent
results obtained within this framework, and discuss general features, trends
and effects observed in these investigations: At low energies final-state
interaction plays an important role. Even more pronounced is the effect of
meson exchange currents. A considerable potential dependence shows up in the
low-energy peak region. The different peak heights are found to be closely
correlated with the corresponding binding energies. Above the peak region only
the difference between potentials with or without p-wave contributions remains
relevant. In the differential cross sections the electric quadrupole
contributions have to be taken into account. The remarkable agreement between
theory and experiment in - radiative capture is achieved only when
incorporating this contribution, together with most of the above-mentioned
effects. In the final part of this report we briefly review also methods
developed, and results achieved in three- and four- nucleon
electrodisintegration. We, in particular, compare them with a recent access to
this problem, based on the construction of nucleon-nucleus potentials via
Marchenko inversion theory.Comment: 20 pages LaTeX and 22 postscript figures included, uses epsfig.sty
and espcrc1.sty. Invited talk at the XVth International Conference on
Few-Body Problems in Physics (22-26 July, 1997, Groningen, The Netherlands).
To be published in the conference proceedings in Nucl. Phys.
Photonuclear Reactions of Three-Nucleon Systems
We discuss the available data for the differential and the total cross
section for the photodisintegration of He and H and the corresponding
inverse reactions below MeV by comparing with our calculations
using realistic interactions. The theoretical results agree within the
errorbars with the data for the total cross sections. Excellent agreement is
achieved for the angular distribution in case of He, whereas for H a
discrepancy between theory and experiment is found.Comment: 11 pages (twocolumn), 12 postscript figures included, uses psfig,
RevTe
- …