Global ETD Search

201	Cyber Attacks Detection and Mitigation in SDN Environments January 2018 (has links) abstract: Cyber-systems and networks are the target of different types of cyber-threats and attacks, which are becoming more common, sophisticated, and damaging. Those attacks can vary in the way they are performed. However, there are similar strategies and tactics often used because they are time-proven to be effective. The motivations behind cyber-attacks play an important role in designating how attackers plan and proceed to achieve their goals. Generally, there are three categories of motivation are: political, economical, and socio-cultural motivations. These indicate that to defend against possible attacks in an enterprise environment, it is necessary to consider what makes such an enterprise environment a target. That said, we can understand what threats to consider and how to deploy the right defense system. In other words, detecting an attack depends on the defenders having a clear understanding of why they become targets and what possible attacks they should expect. For instance, attackers may preform Denial of Service (DoS), or even worse Distributed Denial of Service (DDoS), with intention to cause damage to targeted organizations and prevent legitimate users from accessing their services. However, in some cases, attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect data rather than causing damages. Nowadays, not only the variety of attack types and the way they are launched are important. However, advancement in technology is another factor to consider. Over the last decades, we have experienced various new technologies. Obviously, in the beginning, new technologies will have their own limitations before they stand out. There are a number of related technical areas whose understanding is still less than satisfactory, and in which long-term research is needed. On the other hand, these new technologies can boost the advancement of deploying security solutions and countermeasures when they are carefully adapted. That said, Software Defined Networking i(SDN), its related security threats and solutions, and its adaption in enterprise environments bring us new chances to enhance our security solutions. To reach the optimal level of deploying SDN technology in enterprise environments, it is important to consider re-evaluating current deployed security solutions in traditional networks before deploying them to SDN-based infrastructures. Although DDoS attacks are a bit sinister, there are other types of cyber-threats that are very harmful, sophisticated, and intelligent. Thus, current security defense solutions to detect DDoS cannot detect them. These kinds of attacks are complex, persistent, and stealthy, also referred to Advanced Persistent Threats (APTs) which often leverage the bot control and remotely access valuable information. APT uses multiple stages to break into a network. APT is a sort of unseen, continuous and long-term penetrative network and attackers can bypass the existing security detection systems. It can modify and steal the sensitive data as well as specifically cause physical damage the target system. In this dissertation, two cyber-attack motivations are considered: sabotage, where the motive is the destruction; and information theft, where attackers aim to acquire invaluable information (customer info, business information, etc). I deal with two types of attacks (DDoS attacks and APT attacks) where DDoS attacks are classified under sabotage motivation category, and the APT attacks are classified under information theft motivation category. To detect and mitigate each of these attacks, I utilize the ease of programmability in SDN and its great platform for implementation, dynamic topology changes, decentralized network management, and ease of deploying security countermeasures. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2018 Computer science Advanced Persistent Threats Anomaly Detection Cyber Attacks Machine Learning Software Defined Networking Threats Detection
202	Anomalous Chiral Plasmas in the Hydrodynamic Regime January 2019 (has links) abstract: Chiral symmetry and its anomalous and spontaneous breaking play an important role in particle physics, where it explains the origin of pion and hadron mass hierarchy among other things. Despite its microscopic origin chirality may also lead to observable effects in macroscopic physical systems -- relativistic plasmas made of chiral (spin-$\frac{1}{2}$) particles. Such plasmas are called \textit{chiral}. The effects include non-dissipative currents in external fields that could be present even in quasi-equilibrium, such as the chiral magnetic (CME) and separation (CSE) effects, as well as a number of inherently chiral collective modes called the chiral magnetic (CMW) and vortical (CVW) waves. Applications of chiral plasmas are truly interdisciplinary, ranging from hot plasma filling the early Universe, to dense matter in neutron stars, to electronic band structures in Dirac and Weyl semimetals, to quark-gluon plasma produced in heavy-ion collisions. The main focus of this dissertation is a search for traces of chiral physics in the spectrum of collective modes in chiral plasmas. I start from relativistic chiral kinetic theory and derive first- and second-order chiral hydrodynamics. Then I establish key features of an equilibrium state that describes many physical chiral systems and use it to find the full spectrum of collective modes in high-temperature and high-density cases. Finally, I consider in detail the fate of the two inherently chiral waves, namely the CMW and the CVW, and determine their detection prospects. The main results of this dissertation are the formulation of a fully covariant dissipative chiral hydrodynamics and the calculation of the spectrum of collective modes in chiral plasmas. It is found that the dissipative effects and dynamical electromagnetism play an important role in most cases. In particular, it is found that both the CMW and the CVW are heavily damped by the usual Ohmic dissipation in charged plasmas and the diffusion effects in neutral plasmas. These findings prompt a search for new physical observables in heavy-ion collisions, as well as a revision of potential applications of chiral theories in cosmology and solid-state physics. / Dissertation/Thesis / Doctoral Dissertation Physics 2019 Theoretical physics Plasma physics Nuclear physics and radiation Anomaly Chiral Collective modes Hydrodynamics Plasma Vorticity
203	Discussions on Dai-Freed Anomalies Li, Huaiyu January 2019 (has links) In both field theories of high energy physics and field theories of condensed matter theories anomalies have been imposing constraints and bringing up new theories. While the perturbational and local anomalies from triangle diagrams are well-developed, we follow and review two works leading to non-perturbational global anomalies both related with Atiyah-Patogi-Sieger (APS) index theorem. In the context of topological fieldtheories the APS index theorem imposes an η-invariant which adds a global anomalous e−iπη/2 to the path integral from each fermions on the boundary. In the case of Pin+ (4) this will require a multiple of 16 Majorana fermions for the global anomaly to cancel. On the other hand with Dai-Freed theorem, global ’t Hooft anomalies concerned to G symmetry group on 4-dimensional spin manifold which is also classifying space BG are studied. The existence of anomalies are related to the triviality of spin bordismgroup Ω Spin5(BG), where examples with SU(2), GSM and Zn are studied with Atiyah-Hirzebruch spectral sequence method and representation of Z n rings. Further there are extensions of spin groups from Pin, SpinZ4 and Spinc , where the anomaly cancellationconstraint of 16 fermions per generation from Spin Z 4 (4) is related to that of Pin + (4) in topological superconductor. A possible candidate of Z4 charge named B − L charge or X charge from several commutative breaking patterns of Spin(10) GUT is briefly discussed with Pati-Salam model and R ⊗ C ⊗ H ⊗ O. Anomaly Quantum Fields Theory Dai-Freed Theorem Topology Physical Sciences Fysik
204	Study of FPGA Implementation of Entropy Norm Computation for IP Data Streams Nagalakshmi, Subramanya 18 April 2008 (has links) Recent literature has reported the use of entropy measurements for anomaly detection purposes in IP data streams. Space efficient randomized algorithms for estimating entropy of data streams are available in the literature. However no hardware implementation of these algorithms is available. The main challenge to software implementation for IP data streams has been in storing large volumes of data, along with, the requirement of high speed at which they have to be analyzed. In this thesis, a recent randomized algorithm available in the literature is analyzed for hardware implementation. Software/hardware simulations indicate it is possible to implement a large portion of the algorithm on a low cost Xilinx Virtex-II Pro FPGA with trade-offs for real-time operation. The thesis reports on the feasibility of this algorithm's FPGA implementation and the corresponding trade-offs and limitations. IP anomaly Reconfigurable hardware Randomized algorithm Hardware design Traffic analysis American Studies Arts and Humanities
205	DATA COLLECTION FRAMEWORK AND MACHINE LEARNING ALGORITHMS FOR THE ANALYSIS OF CYBER SECURITY ATTACKS Unknown Date (has links) The integrity of network communications is constantly being challenged by more sophisticated intrusion techniques. Attackers are shifting to stealthier and more complex forms of attacks in an attempt to bypass known mitigation strategies. Also, many detection methods for popular network attacks have been developed using outdated or non-representative attack data. To effectively develop modern detection methodologies, there exists a need to acquire data that can fully encompass the behaviors of persistent and emerging threats. When collecting modern day network traffic for intrusion detection, substantial amounts of traffic can be collected, much of which consists of relatively few attack instances as compared to normal traffic. This skewed distribution between normal and attack data can lead to high levels of class imbalance. Machine learning techniques can be used to aid in attack detection, but large levels of imbalance between normal (majority) and attack (minority) instances can lead to inaccurate detection results. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2019. / FAU Electronic Theses and Dissertations Collection Machine learning Algorithms Anomaly detection (Computer security) Big data
206	THE IMPACT OF THE MEDIEVAL CLIMATIC ANOMALY ON THE ARCHAEOLOGY AT EDWARDS AIR FORCE BASE Porter-Rodriguez, Jessica Amanda 01 June 2017 (has links) A series of severe and prolonged droughts occurred throughout the Northern Hemisphere between approximately 1150 BP to 600 BP. This phenomenon is referred to as the Medieval Climatic Anomaly and has been shown to have differentially impacted various regions of the world. Previous studies have suggested causal links between the Medieval Climatic Anomaly and observed culture change. The goal of this study was to examine the Antelope Valley region of the Mojave Desert for evidence of impacts on human populations related to the Medieval Climatic Anomaly. To achieve this goal, a sample selection of archaeological sites was chosen from lands within Edwards Air Force Base. These sites represented occupations which occurred immediately before, during, and after the Medieval Climatic Anomaly. Site assemblages were analyzed and compared by cultural period, with cross-comparisons made of artefactual and ecofactual constituents. Site densities and areal extents were also examined and compared. These analyses showed the emergence of trends concurrent with the introduction of the Medieval Climatic Anomaly. The data supports the hypothesis that humans who populated the Antelope Valley region of the Mojave Desert during this period may have engaged in population aggregation, with a tethered nomadism subsistence strategy. The data also shows evidence that upon the amelioration of the environment after the Medieval Climatic Anomaly, site characteristics within the region saw a significant shift. While the evidence generated by this study does suggest a link between climatic change experienced during the Medieval Climatic Anomaly and change observed within the archaeology of the Antelope Valley, it does not suggest climate as a sole, or even primary, causal factor. Rather, the intent of this study was to identify one possible variable responsible for observed change that occurred in the region. With this in mind, the Medieval Climatic Anomaly was found to have been significant enough to have either directly or indirectly impacted the prehistoric occupants of the study region. Medieval Climatic Anomaly Mojave Desert Antelope Valley population aggregation human behavioral ecology Archaeological Anthropology
207	Molecular genetics of optic nerve disease using patients with cavitary optic disc anomaly Hazlewood, Ralph Jeremiah, II 01 January 2015 (has links) Glaucoma is the second leading cause of irreversible blindness in the United States and is the leading cause of blindness in African Americans. Cupping or excavation of the optic nerve, which sends the visual signal from the photoreceptors in the eye to the brain, is a chief feature of glaucoma. A similar excavated appearance of the optic nerve is also the primary clinical sign of other congenital malformations of the eye including optic nerve head coloboma, optic pit, and morning glory disc anomaly collectively termed cavitary optic disc anomaly (CODA). Clinical similarities between CODA and glaucoma have suggested that these conditions may have overlapping pathophysiology. Although risk factors are known, such as the elevated intraocular pressure (IOP) observed in some glaucoma subjects, the biological pathways and molecular events that lead to excavation of the optic disc in glaucoma and in CODA are incompletely understood, which has hindered efforts to improve diagnosis and treatment of these diseases. Consequently, there is a critical need to clarify the biological mechanisms that lead to excavation of the optic nerve, which will lead to improvements in our understanding of these important disease processes. Because of their similar clinical phenotypes and the limited therapy geared at lowering IOP in glaucoma patients, our central hypothesis is that genes involved in Mendelian forms of CODA would also be involved in a subset of glaucoma cases and may provide insight into glaucomatous optic neuropathy. The purpose of my research project has been to identify and functionally characterize the gene that causes congenital autosomal dominant CODA in a multiplex family with 17 affected members. The gene that causes CODA was previously mapped to chromosome 12q14 and following screening of candidate genes within the region that did not yield any plausible coding sequence mutations, a triplication of a 6KB segment of DNA upstream of the matrix metalloproteinase 19 (MMP19) gene was subsequently identified using comparative genomic hybridization arrays and qPCR. This copy number variation (CNV) was present in all affected family members but absent in unaffected family members, a panel of 78 normal control subjects, and the Database of Genomic Variants. In a case-control study of singleton CODA subjects, CNVs were also detected; we detected the same 6KB triplication in 1 of 24 subjects screened. This subject was part of another 3-generation autosomal dominant CODA pedigree where affected members each have the same CNV identified in the larger CODA pedigree. A separate case-control study with 172 glaucoma cases (primary open angle glaucoma = 84, normal tension glaucoma = 88) was evaluated for MMP19 CNVs, however none were detected. Although our cohort of CODA patients is small limiting our ability to accurately determine the proportion of CODA caused by MMP19 mutations, our data indicates that the MMP19 CNV is not an isolated case and additional CODA subjects may have MMP19 defects. Because of the location of the CNV, we evaluated its effect on downstream gene expression with luciferase reporter gene assays. These assays revealed that the 6KB sequence spanned by the CNV in CODA subjects functioned as a transcriptional enhancer; in particular, a 773bp segment had a strong positive influence (8-fold higher) on downstream gene expression. MMP19, a largely understudied gene, was further characterized by expression studies in the optic nerve and retina. Using frozen sections from normal donor eyes, we demonstrated that MMP19 is predominantly localized to the optic nerve head in the lamina cribrosa region with moderate labeling in the postlaminar region, and weak labeling in the prelaminar region and retina. We also evaluated MMP19 expression in relation to the cell types that populate the optic nerve such as astrocytes and retinal ganglion cells. The pattern of expression is consistent with MMP19 being a secreted protein accumulating in the extracellular spaces and basement membranes of the optic nerve. Our studies have identified the first gene associated with CODA and future research is focused on recapitulating CODA phenotypes in animal models and assessing the mechanism of MMP19 involvement during development. publicabstract cavitary optic disc anomaly CODA Copy number variation gene expression Glaucoma optic nerve Genetics
208	Regression and boosting methods to inform precisionized treatment rules using data from crossover studies Barnes, Janel Kay 15 December 2017 (has links) The usual convention for assigning a treatment to an individual is a "one-size fits all" rule that is based on broad spectrum trends. Heterogeneity within and between subjects and improvements in scientific research convey the need for more effective treatment assignment strategies. Precisionized treatment (PT) offers an alternative to the traditional treatment assignment approach by making treatment decisions based on one or more covariates pertaining to an individual. We investigate two methods to inform PT rules: the Maximum Likelihood Estimation (MLE) method and the Boosting method. We apply these methods in the context of a crossover study design with a continuous outcome variable, one continuous covariate, and two intervention options. We explore the methods via extensive simulation studies and apply them to a data set from a study of safety warnings in passenger vehicles. We evaluate the performance of the estimated PT rules based on the improvement in mean response (RMD), the percent of correct treatment assignments (PCC), and the accuracy of estimating the location of the crossing point (MSE((x_c )). We also define a new metric that we call the percent of anomalies (PA). We characterize the potential benefit of using PT by relating it to the strength of interaction, the location of the crossing point, and the within-person intraclass correlation (ICC). We also explore the effects of sample size and overall variance along with the methods’ robustness to violations of model assumptions. We investigate the performance of the Boosting method under the standard weight and two alternative weighting schemes. Our investigation indicated the largest potential benefit of implementing a PT approach was when the crossover point was near the median, the strength of interaction was large, and the ICC was high. When a PT rule is used to assign treatments instead of a one-size fits all rule, an approximate 10-30% improvement in mean outcome can be gained. The MLE and Boosting method performed comparably across most of the simulation scenarios, yet in our data example, it appeared there may be an empirical benefit of the Boosting method over the MLE method. Under a distribution misspecification, the difference in performance between the methods was minor; however, when the functional form of the model was misspecified, we began to see improvement of the Boosting method over the MLE method. In the simulation conditions we considered, the weighting scheme used in the Boosting method did not markedly impact performance. Using data to develop PT rules can lead to an improvement in outcome over the standard approach of assigning treatments. We found that in a variety of scenarios, there was little added benefit to utilizing the more complex iterative Boosting procedure compared to the relatively straightforward MLE method when developing the PT rules. The results from our investigations could be used to optimize treatment recommendations for participants in future studies. Anomaly Rate Boosting Classification Rate Clinical Trials Crossover study Precisionized Treatment Biostatistics
209	Improving Service Level of Free-Floating Bike Sharing Systems Pal, Aritra 13 November 2017 (has links) Bike Sharing is a sustainable mode of urban mobility, not only for regular commuters but also for casual users and tourists. Free-floating bike sharing (FFBS) is an innovative bike sharing model, which saves on start-up cost, prevents bike theft, and offers significant opportunities for smart management by tracking bikes in real-time with built-in GPS. Efficient management of a FFBS requires: 1) analyzing its mobility patterns and spatio-temporal imbalance of supply and demand of bikes, 2) developing strategies to mitigate such imbalances, and 3) understanding the causes of a bike getting damaged and developing strategies to minimize them. All of these operational management problems are successfully addressed in this dissertation, using tools from Operations Research, Statistical and Machine Learning and using Share-A-Bull Bike FFBS and Divvy station-based bike sharing system as case studies. Bike Sharing Last Mile Mobility Patterns Rebalancing Anomaly Detection Operational Research Statistics and Probability Urban Studies and Planning
210	Adaptive Real-time Anomaly Detection for Safeguarding Critical Networks Ring Burbeck, Kalle January 2006 (has links) <p>Critical networks require defence in depth incorporating many different security technologies including intrusion detection. One important intrusion detection approach is called anomaly detection where normal (good) behaviour of users of the protected system is modelled, often using machine learning or data mining techniques. During detection new data is matched against the normality model, and deviations are marked as anomalies. Since no knowledge of attacks is needed to train the normality model, anomaly detection may detect previously unknown attacks.</p><p>In this thesis we present ADWICE (Anomaly Detection With fast Incremental Clustering) and evaluate it in IP networks. ADWICE has the following properties:</p><p>(i) Adaptation - Rather than making use of extensive periodic retraining sessions on stored off-line data to handle changes, ADWICE is fully incremental making very flexible on-line training of the model possible without destroying what is already learnt. When subsets of the model are not useful anymore, those clusters can be forgotten.</p><p>(ii) Performance - ADWICE is linear in the number of input data thereby heavily reducing training time compared to alternative clustering algorithms. Training time as well as detection time is further reduced by the use of an integrated search-index.</p><p>(iii) Scalability - Rather than keeping all data in memory, only compact cluster summaries are used. The linear time complexity also improves scalability of training.</p><p>We have implemented ADWICE and integrated the algorithm in a software agent. The agent is a part of the Safeguard agent architecture, developed to perform network monitoring, intrusion detection and correlation as well as recovery. We have also applied ADWICE to publicly available network data to compare our approach to related works with similar approaches. The evaluation resulted in a high detection rate at reasonable false positives rate.</p> / Report code: LiU-Tek-Lic-2006:12. intrusion detection anomaly detection real-time clustering adaptation IP networks Computer science Datalogi

Search results