On Application Layer DDoS Attack Detection in High-Speed Encrypted Networks

Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks against a computer network. We focus on detection of the attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets. Since network traffic decryption can violate ethical norms and regulations on privacy, the detection method proposed analyzes network traffic without decryption. The method involves construction of a model of normal user behavior by analyzing conversations between a server and clients. The algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available. Once the model has been built, it can be applied to detect various types of application-layer denial-of- service attacks. The proposed technique is evaluated with realistic end user network traffic generated in our virtual network environment. Evaluation results show that these attacks can be properly detected, while the number of false alarms remains very low

Role of spatial anisotropy in design storm generation: Experiment and interpretation

Rainfall accumulation depths over a given area are strongly dependent on the shape of the storm together with its direction of advection. A method to produce design storms exhibiting anisotropic spatial scaling is presented by combining a state-of-the-art stochastic rainfall generator STEPS with the linear generalized scale invariance (GSI) notation. The enhanced model is used to create ensembles of design storms based on an extreme storm with a distinct rainband shape observed in Melbourne, Australia. Design storms are generated both with and without accounting for anisotropy. Effect of anisotropy on precipitation characteristics is studied using the entire region covered by the radar (radar scale) and at a significantly smaller catchment scale. A rainfall-runoff model is applied to route the rainfall through the catchment into streamflow. Accounting for anisotropy allows for a more realistic description of precipitation features at the radar scale. At the catchment scale, anisotropy increases the probability of high rainfall accumulations, which translates into greater flood volumes. No discernible difference was observed in streamflow characteristics after controlling for the accumulation over the catchment. This could be explained by a lower importance of anisotropy relative to other factors affecting streamflow generation, and by the difficulties in creating representative rainfall temporal properties at the catchment scale when the radar scale is used for model calibration. The proposed method provides a tool to create ensembles of design storms when the anisotropic shape of the fields is of importance.Peer reviewe

Automated urban rainfall-runoff model generation with detailed land cover and flow routing

Constructing hydrological models for large urban areas is time consuming and laborious due to the requirements for high-resolution data and fine model detail. An open-source algorithm using adaptive subcatchments is proposed to automate Storm Water Management Model (SWMM) construction. The algorithm merges areas with homogeneous land cover and a common outlet into larger subcatchments, while retaining small-scale details where land cover or topography is more heterogeneous. The method was tested on an 85-ha urban catchment in Helsinki, Finland. A model with adaptive subcatchments reproduced the observed discharge at the catchment outlet with high model-performance indices emphasizing the strength of the proposed method. Computation times of the adaptive model were substantially lower than those of a corresponding model with uniformly sized high-resolution subcatchments. Given that high-resolution land cover and topography data are available, the proposed algorithm provides an advanced method for implementing SWMM models automatically even for large urban catchments without a substantial manual workload. Simultaneously, the high-resolution land cover details of the catchments can be maintained where they matter the most. (c) 2019 American Society of Civil Engineers.Peer reviewe

Applicability of open rainfall data to event-scale urban rainfall-runoff modelling

Rainfall-runoff simulations in urban environments require meteorological input data with high temporal and spatial resolutions. The availability of precipitation data is constantly increasing due to the shift towards more open data sharing. However, the applicability of such data for urban runoff assessments is often unknown. Here, the feasibility of Finnish Meteorological Institute's open rain gauge and open weather radar data as input sources was studied by conducting Storm Water Management Model simulations at a very small (33.5 ha) urban catchment in Helsinki, Finland. In addition to the open data sources, data were also available from two research gauges, one of them located on-site, and from a research radar. The results confirmed the importance of local precipitation measurements for urban rainfall-runoff simulations, implying the suitability of open gauge data to be largely dictated by the gauge's distance from the catchment. Performance of open radar data with 5 min and 1 km' resolution was acceptable in terms of runoff reproduction, albeit peak flows were constantly and flow volumes often underestimated. Gauge adjustment and advection interpolation were found to improve the quality of the radar data, and at least gauge adjustment should be performed when open radar data are used. Finally, utilizing dual-polarization capabilities of radars has a potential to improve rainfall estimates for high intensity storms although more research is still needed. (C) 2017 Elsevier B.V. All rights reserved.Peer reviewe

A simple and effective method for quantifying spatial anisotropy of time series of precipitation fields

The spatial shape of a precipitation event has an important role in determining the catchment's hydrological response to a storm. To be able to generate stochastic design storms with a realistic spatial structure, the anisotropy of the storm has to be quantified. In this paper, a method is proposed to estimate the anisotropy of precipitation fields, using the concept of linear Generalized Scale Invariance (GSI). The proposed method is based on identifying the values of GSI parameters that best describe isolines of constant power on the two-dimensional power spectrum of the fields. The method is evaluated using two sets of simulated fields with known anisotropy and a measured precipitation event with an unknown anisotropy from Brisbane, Australia. It is capable of accurately estimating the anisotropy parameters of simulated nonzero fields, whereas introducing the rain-no rain intermittency alters the power spectra of the fields and slightly reduces the accuracy of the parameter estimates. The parameters estimated for the measured event correspond well with the visual observations on the spatial structure of the fields. The method requires minimum amount of decision making and user interaction, making it suitable for analyzing anisotropy of storm events consisting of long time series of fields with a changing spatial structure.Peer reviewe

RAP5-linjan valssihiomon riskikartoituksen ja työohjeiden laadinta

Opinnäytetyön tavoite oli parantaa Tornion tehtaiden RAP5-linjan valssihiomon turvallisuutta. Lisäksi työn tarkoitus on edistää työnantajan työsuojelulainsäädännön asettamien vastuiden ja velvollisuuksien toteuttamista. Työn tehtävänä oli laajentaa ja päivittää valssihiomon olemassa olevaa riskikartoitusta vastaamaan tämän päivän työtehtäviä. Valssihiomoon kuuluvaan laakerihuoltoon ei oltu entuudestaan tehty riskikartoitusta. Riskikartoituksen pohjalta suunniteltiin työohjeet valssihiomon käyttöhenkilöstölle kriittisimpiin työtehtäviin. Lopuksi työohjeille piti kehittää selkeä työohjeformaatti, jota voitaisiin hyödyntää myöhemmin RAP5-linjalla tulevissa työohjeissa. Valssihiomon jokaiseen työtehtävään suoritettiin riskikartoitus. Riskikartoituksen riskit eroteltiin ja annettiin kullekin riskille oma suuruus, seuraus ja toimenpide. Valmistunut riskikartoitus käytiin läpi yhdessä työnjohdon ja valssihiomon henkilöstön kanssa. Riskikartoituksen tulosten pohjalta päätettiin työtehtävät, jotka tuli ohjeistaa. Työohjeiden tarkoitus on toimia uusien työntekijöiden perehdytysvaiheessa opiskelumateriaalina ja vakinaisten työntekijöiden toimintamallina. Riskikartoitus ja työohjeet laadittiin Notesin turvallisuusjärjestelmään. Työohjeet järjestettiin alueittain omaan ryhmään niin, että ohjeiden selaaminen on helpompaa. Tietolähteinä työssä käytettiin operaattoreilta ja työnjohdolta saatuja henkilöhaastatteluja, tehtaan sisäisiä tietojärjestelmiä, Internetiä ja kirjallisuutta.The goal of the thesis was to improve the operational safety of the roll grinding shop of the RAP5 line in Tornio Works. An additional target was to advance the actualisation of the duties and responsibilities set by the occupational safety law. The purpose was to expand and update the existing risk assessment to correspond with current tasks. The bearing maintenance work had no previous risk assessment at all. Working instructions, based on the new risk assessment, was created for the most critical tasks done by the roll grinding shop maintenance personnel. A clear work instruction template had to be developed for later use in the RAP5 line. A risk assessment was performed on every task in the roll grinding shop. The risks were listed and each risk was assigned with an indicator for the magnitude, cause, and the procedure following the event. The final risk assessment was analysed together with the unit supervisors and roll grinding shop personnel. A list of tasks that require work instructions was created according to the risk assessment results. The work instructions will be used to familiarise new employees with their tasks and as an operational model for current employees. Both the risk assessment and the work instructions were added to the Notes Occupational Safety System. The instructions were divided into location-based groups, so that browsing them will be easier. The sources of information for the thesis were personal interviews with the operators and supervisors, the internal information systems of the works, the internet, and literature

Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system

Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same time it offers many possible attack vectors that can be abused for cyber vandalism, cyber crime, cyber espionage or cyber terrorism. Those threats produce requirements for cyber security situational awareness and intrusion detection capability. This dissertation concentrates on research and development of anomaly-based network intrusion detection system as a sensor for a situational awareness system. In this dissertation, several models of intrusion detection systems are developed using clustering-based data-mining algorithms for creating a model of normal user behaviour and finding similarities and dissimilarities compared to that model. That information can be used as a sensor feed in a situational awareness system in cyber security. A model of cyber security situational awareness system with multisensor fusion capability is presented in this thesis. Also a model for exchanging the information of cyber security situational awareness is generated. The constructed intrusion detection system schemes are tested with different scenarios even in online mode with real user data

Maidonkeräilykuljetusten suunnittelu : Arla Ingman Oy ab

Kuljetuskustannukset ovat merkittävä osa teollisuuden kustannusrakennetta. Kehittämällä kuljetusjärjestelmää voidaan saavuttaa merkittäviä parannuksia yrityksen kannattavuuteen. Säästöpaineita kuljetuskustannuksille on aiheuttanut jatkuva kuljetuskustannusten nousu. Tässä projektissa on keskitytty kehittämään Arla Ingman Oy Ab:n maidonkeräilykuljetuksia Etelä­‐Suomen alueella. Alueella toimii 383 maidontuottajaa, joilta kerätään vuodessa noin 84 miljoonaa litraa maitoa. Osa maidosta on luomumaitoa. Kerättävä määrä on noin kolmannes yrityksen kaikesta jalostettavasta maidosta. Optimointi suoritetaan hyödyntäen ArcLogistics –optimointiohjelmaa. Työn tavoite on säästöjen maksimointi. Tavoitteeseen pyritään optimoimalla keräilyreitit. Ensisijainen säästökohde on ajettavat kilometrit. Työhön käytetyt työtunnit vähenevät kilometrisäästöjen ohessa. Työssä suunnitellaan keräilyreitit, ajojärjestys sekä keräilyaikataulu. Maidonkeräilykuljetuksia suunniteltaessa on otettava huomioon lainsäädännölliset asiat sekä alan erityispiirteet. Työn päävaiheet olivat lähtötietojen hankinta, tiedon muokkaus, reittioptimointi sekä reittiaikataulutus. Lähtötiedot saatiin toimeksiantajalta. Lähtötiedot muutettiin optimointiohjelman tukemaan muotoon. Reittioptimointi suoritettiin käyttäen optimointiohjelmaa vaiheittain aloittaen karkeasta reittisuunnittelusta päättäen yksityiskohtaiseen reittisuunnitteluun. Optimointiohjelma suunnitteli myös reittien aikataulun. Reittien ajojärjestys suunniteltiin manuaalisesti. Työllä saavutettiin noin 10-­15 prosentin säästöt alueesta riippuen. Suurimmat säästöt saavutettiin Arla Ingman Oy Ab Söderkullan meijerillä. Työllä saavutettiin siis merkittävää säästöä toimeksiantajan keräilykuljetuksissa. Muutokset otetaan yrityksessä käyttöön. Koska työ on tapauskohtainen, ei työtä voida hyödyntää yleisellä tasolla.Transport costs are major part of the total costs of industrial facility. Viability of corporation can be improved significantly by developing transport systems. Constantly increasing transport costs have set pressures for lowering the costs of transport. This project is focused to develop pick up transports of Arla Ingman Oy Ab in the area of Southern Finland. There is 383 milk producers working on the area. Produced amount of milk is 84 billion liters annually. It’s about one third of all milk Arla Ingman Oy Ab processes. Part of the milk is organic. Routes have been optimized by using routing software ArcLogistics. The target is to maximize the savings. Used method was optimizing the routes. The primary target is to achieve savings in driven kilometers. Savings in working hours will be affected by the savings in driven kilometers. Routes, dispatching and scheduling are built in this project. Legislative and characteristic issues of the branch must be considered in the planning of pick up transports of milk. The main steps of the project were getting the output data, converting data, building routes and scheduling.Output data were given by the client. Output data was converted to format supported by routing software. Routing were started with rough routing and ended with detailed routing. Scheduling was also made by routing software. Dispatching was made manually. The achievements were 10­‐15 percent saving depending on the area. The biggest saving were made in the area of Arla Ingman Oy Ab Söderkulla. The savings in pick up transports are significant. The changes will be implemented by the client. There is no general benefits of this project because it’s very specific and made for the client

Architecture for the Cyber Security Situational Awareness System

Abstract. Networked software systems have a remarkable and critical role in the modern society. There are critical software systems in every business area. At the same time, the amount of cyber-attacks against those critical networked software systems has increased in large measures. Because of that, the cyber security situational awareness of the own assets plays an important role in the business continuity. It should be known what is the current status of the cyber security infrastructure and own assets and what it will be in the near future. For achieving such cyber security situational awareness there is need for the Cyber Security Situational Awareness System. This study presents the novel architecture of the Cyber Security Situational Awareness System. The study also presents the use case of threat mitigation process for such Cyber Security Situational Awareness System