R-CAD: Rare Cyber Alert Signature Relationship Extraction Through Temporal Based Learning

The large number of streaming intrusion alerts make it challenging for security analysts to quickly identify attack patterns. This is especially difficult since critical alerts often occur too rarely for traditional pattern mining algorithms to be effective. Recognizing the attack speed as an inherent indicator of differing cyber attacks, this work aggregates alerts into attack episodes that have distinct attack speeds, and finds attack actions regularly co-occurring within the same episode. This enables a novel use of the constrained SPADE temporal pattern mining algorithm to extract consistent co-occurrences of alert signatures that are indicative of attack actions that follow each other. The proposed Rare yet Co-occurring Attack action Discovery (R-CAD) system extracts not only the co-occurring patterns but also the temporal characteristics of the co-occurrences, giving the `strong rules\u27 indicative of critical and repeated attack behaviors. Through the use of a real-world dataset, we demonstrate that R-CAD helps reduce the overwhelming volume and variety of intrusion alerts to a manageable set of co-occurring strong rules. We show specific rules that reveal how critical attack actions follow one another and in what attack speed

A Class of Stationary Electromagnetic Vacuum Fields

This is the published version, also available here: http://dx.doi.org/10.1063/1.1666066.It is shown how a new class of stationary electromagnetic vacuum fields can be generated from solutions of Laplace's equation. These fields are a stationary generalization of the static electromagnetic vacuum fields of Weyl, Majumdar, and Papapetrou, and are plausibly interpreted as exterior fields of static or steadily moving distributions of charged dust having numerically equal charge and mass densities

Towards an Efficient Detection of Pivoting Activity

Pivoting is a technique used by cyber attackers to exploit the privileges of compromised hosts in order to reach their final target. Existing research on countering this menace is only effective for pivoting activities spanning within the internal network perimeter. When applying existing methods to include external traffic, the detection algorithm produces overwhelming entries, most of which unrelated to pivoting. We address this problem by identifying the major characteristics that are specific to potentially malicious pivoting. Our analysis combines human expertise with machine learning and is based on the inspection of real network traffic generated by a large organization. The final goal is the reduction of the unacceptable amounts of false positives generated by the state of the art methods. This paper paves the way for future researches aimed at countering the critical menace of illegitimate pivoting activities

Phase transitions and the internal noise structure of nonlinear Schr\"odi nger equation solitons

We predict phase-transitions in the quantum noise characteristics of systems described by the quantum nonlinear Schr\"odinger equation, showing them to be related to the solitonic field transition at half the fundamental soliton amplitude. These phase-transitions are robust with respect to Raman noise and scattering losses. We also describe the rich internal quantum noise structure of the solitonic fields in the vicinity of the phase-transition. For optical coherent quantum solitons, this leads to the prediction that eliminating the peak side-band noise due to the electronic nonlinearity of silica fiber by spectral filtering leads to the optimal photon-number noise reduction of a fundamental soliton.Comment: 10 pages, 5 figure

Quantifying impact on safety from cyber-attacks on cyber-physical systems

We propose a novel framework for modelling attack scenarios in cyber-physical control systems: we represent a cyber-physical system as a constrained switching system, where a single model embeds the dynamics of the physical process, the attack patterns, and the attack detection schemes. We show that this is compatible with established results in the analysis of hybrid automata, and, specifically, constrained switching systems. Moreover, we use the developed models to compute the impact of cyber attacks on the safety properties of the system. In particular, we characterise system safety as an asymptotic property, by calculating the maximal safe set. The resulting new impact metrics intuitively quantify the degradation of safety under attack. We showcase our results via illustrative examples.Comment: 8 pages, 5 figures, submitted for presentation to IFAC World Congress 2023, Yokohama, JAPA

Nonlinear Transport through Quantum Dots Studied by the Time-Dependent DMRG

Recent developments on studies of transport through quantum dots obtained by applying the time-dependent density matrix renormalization group method are summarized. Some new aspects of Kondo physics which appear in nonequilibrium steady states are discussed both for the single dot case and for the serially coupled double-quantum-dot case.Comment: 8 pages, 15 figure

Isolated-photon production in polarized pp collisions

We perform a detailed study of the production of isolated prompt photons in polarized hadronic collisions, in the centre-of-mass energy range relevant to RHIC. We compare the results obtained for a traditional cone-isolation prescription, with those obtained by imposing an isolation condition that eliminates any contribution to the cross section from the fragmentation mechanism. The latter prescription will allow us to present the first fully consistent next-to-leading order calculation in polarized prompt-photon production. We will discuss the theoretical uncertainties affecting the cross section, addressing the issue of the reliability of the perturbative expansion, for both inclusive isolated-photon and photon-plus-jet observables. Finally, we will study the dependence of our predictions upon the polarized parton densities, and the implications for the measurability of the gluon density.Comment: 34 Pages, LaTeX, 13 figures as ps file

A Spitzer-IRS Detection of Crystalline Silicates in a Protostellar Envelope

We present the Spitzer Space Telescope Infrared Spectrograph spectrum of the Orion A protostar HOPS-68. The mid-infrared spectrum reveals crystalline substructure at 11.1, 16.1, 18.8, 23.6, 27.9, and 33.6 microns superimposed on the broad 9.7 and 18 micron amorphous silicate features; the substructure is well matched by the presence of the olivine end-member forsterite. Crystalline silicates are often observed as infrared emission features around the circumstellar disks of Herbig Ae/Be stars and T Tauri stars. However, this is the first unambiguous detection of crystalline silicate absorption in a cold, infalling, protostellar envelope. We estimate the crystalline mass fraction along the line-of-sight by first assuming that the crystalline silicates are located in a cold absorbing screen and secondly by utilizing radiative transfer models. The resulting crystalline mass fractions of 0.14 and 0.17, respectively, are significantly greater than the upper limit found in the interstellar medium (< 0.02-0.05). We propose that the amorphous silicates were annealed within the hot inner disk and/or envelope regions and subsequently transported outward into the envelope by entrainment in a protostellar outflowComment: Accepted to Astrophysical Journal Letters, 2011 April 19: 6 pages, 3 figures, 2 table