Real-time detection of wave profile changes

Tavakkol, Behnam

January 1900

Master of Science / Department of Industrial and Manufacturing Systems Engineering / Shing I. Chang / This research studies a few methodologies for real-time detection of wave profile changes. In regular profile monitoring, change detection takes place at the end of time period when a complete profile is available. In real-time change detection of profiles, a potential profile change takes place between the beginning and the end of the time period. The decision involves the identification whether a process is in control or out of control before the entire profile is generated. In this regard, five proposed methodologies were developed and tested in this thesis. Earthquake waves, manufacturing processes, and heart beat rate are a few examples of profiles with different natures that the proposed methodologies can be applied to. Water temperature profiles generated during a curing process are considered as an example in this study. Successful implementation of the proposed work on these profiles would cause saving great amounts of time and money. Five methods are studied for monitoring the water control process of a curing process. The first four proposed methodologies are based on an univariate approach where the statistic used for process monitoring is the enclosed area between the profiles and their fitted cutting lines. A multivariate approach is also proposed. A simulation study is also conducted when the best method is chosen based on it performance and simplicity of operations. Various types of acceptable and unacceptable profiles are simulated for the best proposed method identified in the preliminary study. The best method has a satisfactory performance in detecting the changes in the unacceptable profiles. In addition, the false alarm rate in identifying acceptable profiles as bad profiles is lower than 10%.

Profile Monitor Multivariate

Real-time detection

Industrial Engineering (0546)

Design and Development of a Hydrophone Array for an Autonomous Underwater Vehicle Capable of Real-Time Detection and Tracking of Surface Vessels

Chaphalkar, Aakash Santosh

14 February 2024

Passive acoustic systems composed of hydrophone array have been shown useful for underwater acoustic source detection and tracking. The work presented here demonstrates use of a passive acoustic system for an Autonomous Underwater Vehicle (AUV) composed of a 2D hydrophone array along with a post processing algorithm for real time detection and tracking of surface vessels. Important design decisions for development of the hydrophone array are taken based on different factors such as the frequency range of broadband surface vessel noise, review of literature, financial as well as structural constraints of the AUV. The post-processing algorithm, developed using a phased array principle called acoustic beamforming, outputs real-time heading angles of the target surface vessels. Initial measurements conducted at Claytor Lake with the developed passive acoustic system to locate a white noise acoustic source showed better performance with functional beamforming technique among others. Various hydrophone array configurations are tested during these measurements to determine the optimal hydrophone placement. Furthermore, field tests are conducted at Norfolk Bay area to assess the performance of the developed system to real time detect and track surface vessels of different sizes in mission relevant environment. Cross-spectral matrix subtraction approach to subtract AUV's self noise is investigated to improve signal range and thus the detection range of these different surface vessels. This approach showed improvement in detection range of up to 350%. Another set of measurements again at Claytor Lake demonstrates real time detection and tracking of a small boat using an AUV integrated with the developed passive acoustic system operating at different propeller conditions. Results showed that low signal to noise ratio at higher AUV propeller rpm makes the detection and tracking difficult limiting the operating AUV propeller rpm up to 1500. This work also explores custom build hydrophones based on piezoelectric material of different shapes and sized to replace the expensive industry purchased hydrophones to lower the cost of developed system. / Master of Science / In field of underwater acoustic, hydrophone arrays have gained popularity for the detection and tracking of sound sources by just listening to them. This study presents design, development and testing of such hydrophone array attached to an AUV for real time detection and tracking of surface vessels. Multiple hydrophones in an array collect the underwater noise radiated by the target surface vessel which are essentially the unsteady pressure fluctuations. The phase difference between signals acquired by different hydrophones is then used to predict the direction of arrival of a sound wave from the target ship. Such a phased array principle called acoustic beamforming is used to develop a post processing algorithm which takes hydrophone array signals as input and outputs the heading angle of the target ship. This work first demonstrates capability of the developed hydrophone array and the algorithm to detect a white noise acoustic source (speaker) placed inside water at Claytor Lake. These measurements investigated performance of different acoustic beamforming techniques as well as different hydrophone array configurations. Furthermore, measurements conducted with actual surface vessel at Norfolk Bay area proved capability of the developed hydrophone array and the algorithm to detect and track ships in real time. The performance of the hydrophone array is characterized in terms of detection range and was observed to improve by 350% when the AUV's self noise is removed from the acquired hydrophone signals. Combined single unit of AUV and developed hydrophone array system also demonstrated real time detection and tracking of a small boat at Claytor Lake for different AUV operating conditions. Moreover, custom build hydrophones manufactured using piezoelectric material are found to be a feasible replacement for the expensive industry purchased hydrophones in order to reduce cost of the array.

Acoustics

Beamforming

Hydrophone Array

Real-time Detection and Tracking

Analyse et détection de logiciels de rançon / Analysis and detection of the ransomware

Palisse, Aurélien

04 March 2019

La thèse s'intéresse aux logiciels de rançon, présente une plateforme d'analyse automatique et propose des contre-mesures. Nos contre-mesures sont conçues pour être temps réel et déployées sur une machine, c'est-à-dire ''End-Hosts''. En 2013 les logiciels de rançon font de nouveau parler d'eux, pour finalement devenir une des menaces les plus sérieuses à partir de 2015. Un état de l'art détaillé des contre-mesures existantes est fourni. On peut ainsi situer les contributions de cette thèse par rapport à la littérature. Nous présentons également une plateforme d'analyse automatique de logiciels malveillants composée de machines nues. L'objectif est de ne pas altérer le comportement des échantillons analysés. Une première contre-mesure basée sur l'utilisation d'une librairie cryptographique par les logiciels de rançon est proposée. Celle-ci peut être facilement contournée. Nous proposons donc une seconde contre-mesure générique et agnostique. Cette fois, des indicateurs de compromission sont utilisés pour analyser le comportement des processus sur le système de fichiers. Nous détaillons comment de manière empirique nous avons paramétré cette contre-mesure pour la rendre~: utilisable et efficace. Un des challenges de cette thèse étant de faire concilier performance, taux de détection et un faible taux de faux positifs. Enfin, les résultats d'une expérience utilisateur sont présentés. Cette expérience analyse le comportement des utilisateurs face à une menace. En dernière partie, nous proposons des améliorations à nos contributions mais aussi des pistes à explorer. / This phD thesis takes a look at ransomware, presents an autonomous malware analysis platform and proposes countermeasures against these types of attacks. Our countermeasures are real-time and are deployed on a machine (i.e., end-hosts). In 2013, the ransomware become a hot subject of discussion again, before becoming one of the biggest cyberthreats beginning of 2015. A detailed state of the art for existing countermeasures is included in this thesis. This state of the art will help evaluate the contribution of this thesis in regards to the existing current publications. We will also present an autonomous malware analysis platform composed of bare-metal machines. Our aim is to avoid altering the behaviour of analysed samples. A first countermeasure based on the use of a cryptographic library is proposed, however it can easily be bypassed. It is why we propose a second generic and agnostic countermeasure. This time, compromission indicators are used to analyse the behaviour of process on the file system. We explain how we configured this countermeasure in an empiric way to make it useable and effective. One of the challenge of this thesis is to collate performance, detection rate and a small amount of false positive. To finish, results from a user experience are presented. This experience analyses the user's behaviour when faced with a threat. In the final part, I propose ways to enhance our contributions but also other avenues that could be explored.

Logiciels malveillants

Détection temps réel

Outils statistiques

Malware

Real-Time detection

Statistics

Statistical analysis and algorithms for online change detection in real-time psychophysiological data

Cannon, Jordan

01 December 2009

Modern systems produce a great amount of information and cues from which human operators must take action. On one hand, these complex systems can place a high demand on an operator's cognitive load, potentially overwhelming them and causing poor performance. On the other hand, some systems utilize extensive automation to accommodate their complexity; this can cause an operator to become complacent and inattentive, which again leads to deteriorated performance (Wilson, Russell, 2003a; Wilson, Russell, 2003b). An ideal human-machine interface would be one that optimizes the functional state of the operator, preventing overload while not permitting complacency, thus resulting in improved system performance. An operator's functional state (OFS) is the momentary ability of an operator to meet task demands with their cognitive resources. A high OFS indicates that an operator is vigilant and aware, with ample cognitive resources to achieve satisfactory performance. A low OFS, however, indicates a non-optimal cognitive load, either too much or too little, resulting in sub-par system performance (Wilson, Russell, 1999). With the ability to measure and detect changes in OFS in real-time, a closed-loop system between the operator and machine could optimize OFS through the dynamic allocation of tasks. For instance, if the system detects the operator is in cognitive overload, it can automate certain tasks allowing them to better focus on salient information. Conversely, if the system detects under-vigilance, it can allocate tasks back to the manual control of the operator. In essence, this system operates to "dynamically match task demands to [an] operator's momentary cognitive state", thereby achieving optimal OFS (Wilson, Russell, 2007). This concept is termed adaptive aiding and has been the subject of much research, with recent emphasis on accurately assessing OFS in real-time. OFS is commonly measured indirectly, like using overt performance metrics on tasks; if performance is declining, a low OFS is assumed. Another indirect measure is the subjective estimate of mental workload, where an operator narrates his/her perceived functional state while performing tasks (Wilson, Russell, 2007). Unfortunately, indirect measures of OFS are often infeasible in operational settings; performance metrics are difficult to construct for highly-automated complex systems, and subjective workload estimates are often inaccurate and intrusive (Wilson, Russell, 2007; Prinzel et al., 2000; Smith et al., 2001). OFS can be more directly measured via psychophysiological signals such as electroencephalogram (EEG) and electrooculography (EOG). Current research has demonstrated these signals' ability to respond to changing cognitive load and to measure OFS (Wilson, Fisher, 1991; Wilson, Fisher, 1995; Gevins et al., 1997; Gevins et al., 1998; Byrne, Parasuraman, 1996). Moreover, psychophysiological signals are continuously available and can be obtained in a non-intrusive manner, pre-requisite for their use in operational environments. The objective of this study is to advance schemes which detect change in OFS by monitoring psychophysiological signals in real-time. Reviews on similar methods can be found in, e.g., Wilson and Russell (2003a) and Wilson and Russell (2007). Many of these methods employ pattern recognition to classify mental workload into one of several discrete categories. For instance, given an experiment with easy, medium and hard tasks, and assuming the tasks induce varying degrees of mental workload on a subject, these methods classify which task is being performed for each epoch of psychophysiological data. The most common classifiers are artificial neural networks (ANN) and multivariate statistical techniques such as stepwise discriminant analysis (SWDA). ANNs have proved especially effective at classifying OFS as they account for the non-linear and higher order relationships often present in EEG/EOG data; they routinely achieve classification accuracy greater than 80%. However, the discrete output of these classification schemes is not conducive to real-time change detection. They accurately classify OFS, but they do not indicate when OFS has changed; the change points remain ambiguous and left to subjective interpretation. Thus, the present study introduces several online algorithms which objectively determine change in OFS via real-time psychophysiological signals. The following chapters describe the dataset evaluated, discuss the statistical properties of psychophysiological signals, and detail various algorithms which utilize these signals to detect real-time changes in OFS. The results of the algorithms are presented along with a discussion. Finally, the study is concluded with a comparison of each method and recommendations for future application.

Adaptive Aiding

Cognitive Load

EEG

Index

Operator Functional State

Real Time Detection

Industrial Engineering

Development of a Real-Time Detection Strategy for Material Accountancy and Process Monitoring During Nuclear Fuel Reprocessing Using the Urex+3A Method

Goddard, Braden

2009 December 1900

Reprocessing nuclear fuel is becoming more viable in the United States due to the anticipated increase in construction of nuclear power plants, the growing stockpile of existing used nuclear fuel, and a public desire to reduce the amount of this fuel. However, a new reprocessing facility in non-weapon states must be safeguarded and new reprocessing facilities in weapon states will likely have safeguards due to political and material accountancy reasons. These facilities will have state of the art controls and monitoring methods to safeguard special nuclear materials, as well as to provide real-time monitoring. The focus of this project is to enable the development of a safeguards strategy that uses well established photon measurement methods to characterize samples from the UREX+3a reprocessing method using a variety of detector types and measurement times. It was determined that the errors from quantitative measurements were too large for traditional safeguards methods; however, a safeguards strategy based on qualitative gamma ray and neutron measurements is proposed. The gamma ray detection equipment used in the safeguard strategy could also be used to improve the real-time process monitoring in a yet-to-be built facility. A facility that had real-time gamma detection equipment could improve product quality control and provide additional benefits, such as waste volume reduction. In addition to the spectral analyses, it was determined by Monte Carlo N Particle (MCNP) simulations that there is no noticeable self shielding for internal pipe diameters less than 2 inches, indicating that no self shielding correction factors are needed. Further, it was determined that HPGe N-type detectors would be suitable for a neutron radiation environment. Finally, the gamma ray spectra for the measured samples were simulated using MCNP and then the model was extended to predict the responses from an actual reprocessing scenario from UREX+3a applied to fuel that had a decay time of three years. The 3-year decayed fuel was more representative of commercially reprocessed fuel than the acquired UREX+3a samples. This research found that the safeguards approach proposed in this paper would be best suited as an addition to existing safeguard strategies. Real-time gamma ray detection for process monitoring would be beneficial to a reprocessing facility and could be done with commercially available detectors.

UREX

real-time detection

NRT

MCNP

ORIGEN

reprocessing

spent fuel

safeguards

process monitoring

LaBr

NaI

A Modified Genetic Algorithm and Switch-Based Neural Network Model Applied to Misuse-Based Intrusion Detection

Stewart, IAN

17 March 2009

As our reliance on the Internet continues to grow, the need for secure, reliable networks also increases. Using a modified genetic algorithm and a switch-based neural network model, this thesis outlines the creation of a powerful intrusion detection system (IDS) capable of detecting network attacks. The new genetic algorithm is tested against traditional and other modified genetic algorithms using common benchmark functions, and is found to produce better results in less time, and with less human interaction. The IDS is tested using the standard benchmark data collection for intrusion detection: the DARPA 98 KDD99 set. Results are found to be comparable to those achieved using ant colony optimization, and superior to those obtained with support vector machines and other genetic algorithms. / Thesis (Master, Computing) -- Queen's University, 2009-03-03 13:28:23.787

Network security

Intrusion Detection Systems (IDS)

Data mining

Machine learning

Real time detection

Genetic algorithm

Neural networks

Enhanced Prediction of Network Attacks Using Incomplete Data

Arthur, Jacob D.

01 January 2017

For years, intrusion detection has been considered a key component of many organizations’ network defense capabilities. Although a number of approaches to intrusion detection have been tried, few have been capable of providing security personnel responsible for the protection of a network with sufficient information to make adjustments and respond to attacks in real-time. Because intrusion detection systems rarely have complete information, false negatives and false positives are extremely common, and thus valuable resources are wasted responding to irrelevant events. In order to provide better actionable information for security personnel, a mechanism for quantifying the confidence level in predictions is needed. This work presents an approach which seeks to combine a primary prediction model with a novel secondary confidence level model which provides a measurement of the confidence in a given attack prediction being made. The ability to accurately identify an attack and quantify the confidence level in the prediction could serve as the basis for a new generation of intrusion detection devices, devices that provide earlier and better alerts for administrators and allow more proactive response to events as they are occurring.

artificial intelligence

continuous layered confusion matrix

intrusion confidence level

intrusion detection

network attacks

real time detection

Computer Sciences

防丟器的剖面追蹤研究 / Profile Monitoring on the RSSI of Babyfinder

徐伊萱

Unknown Date

本論文針對防丟器的剖面進行追蹤分析。防丟器包含發射器及接收器，發射器會發射訊號，接收器會記錄RSSI (Receive Signal Strength Index)與發射點數，其中RSSI表示訊號的強度。在工程理論上，RSSI與距離具有函數關係；然而環境中的干擾及事件發生都會影響此函數關係，特別是事件發生會嚴重地改變此函數關係，因此論文主要目的在於區別事件是否發生。 　　所謂的剖面指的是變數之間的函數關係，而論文中的剖面追蹤是利用管制圖的概念，用管制圖來監控剖面的參數估計值。如果管制圖上的點子出界，則表示事件發生而導致失控。 　　本論文以腳踏車是否被偷為例，嘗試一些實驗後找出顯著影響的因子設計實驗，包含17種腳踏車未被偷之情境與18種腳踏車被偷情境；欲利用未被偷的實驗建立試驗管制圖，而以被偷之情境來追蹤，用以驗證管制圖之有效性。 　　論文中主要透過分析防丟器產生的RSSI與距離的剖面、距離與發射點數的剖面來探討事件是否發生。另外剖面追蹤其實是種事後追蹤的方法，為了能即時追蹤，本論文亦採用預測區間的方式，來追蹤事件是否發生。 　　本論文建議監控距離與發射點數的剖面，因該方法的表現最好，另外建議增加防丟器上能紀錄距離的功能，此方法會更加合適。 　　本論文提出的即時追蹤方式並沒有特別好，因此一個比較好的即時追蹤方法是未來值得研究的方向。 / The device of Babyfinder is designed to detect if an event occurs. The Babyfinder includes transceiver and receiver. The signal strength, Received Signal Strength Indicator (RSSI), generates once there are distances between transceiver and receiver. In wireless communication theory, the relationship between RSSI and distance should be expressed by the model that RSSI = a + b ln (distance) Nevertheless, some circumstance noises and user noises (or common causes), and/or events (special causes) may affect the variation of RSSI. Since the occurrence of events may change the functional relationship of RSSI and distance, to distinguish if the functional relationship is changed by the occurred events is the subject of this study. This study designs some events and noises experiments based on the real noise factors and special events. Two monitoring schemes are proposed to distinguish the occurred events and noise circumstance. One is the profile monitoring scheme, the other is the real time monitoring scheme. The two proposed approaches of profile monitoring scheme are considered to monitor the profile of RSSI and distance and that of distance and the number of transmitting points, respectively. The profile monitoring approach for distance and the number of transmitting points shows better performance. However, the profile monitoring is an after-event tracing approach. It cannot detect the occurred events in time. A better approach of real-time monitoring approach is worth to be proposed in the future study.

剖面追蹤

實驗設計

管制圖

即時追蹤

Profile Monitoring

Design of Experiments

Control Chart

Real-Time Detection

A cloud-based intelligent and energy efficient malware detection framework : a framework for cloud-based, energy efficient, and reliable malware detection in real-time based on training SVM, decision tree, and boosting using specified heuristics anomalies of portable executable files

Mirza, Qublai K. A.

January 2017

The continuity in the financial and other related losses due to cyber-attacks prove the substantial growth of malware and their lethal proliferation techniques. Every successful malware attack highlights the weaknesses in the defence mechanisms responsible for securing the targeted computer or a network. The recent cyber-attacks reveal the presence of sophistication and intelligence in malware behaviour having the ability to conceal their code and operate within the system autonomously. The conventional detection mechanisms not only possess the scarcity in malware detection capabilities, they consume a large amount of resources while scanning for malicious entities in the system. Many recent reports have highlighted this issue along with the challenges faced by the alternate solutions and studies conducted in the same area. There is an unprecedented need of a resilient and autonomous solution that takes proactive approach against modern malware with stealth behaviour. This thesis proposes a multi-aspect solution comprising of an intelligent malware detection framework and an energy efficient hosting model. The malware detection framework is a combination of conventional and novel malware detection techniques. The proposed framework incorporates comprehensive feature heuristics of files generated by a bespoke static feature extraction tool. These comprehensive heuristics are used to train the machine learning algorithms; Support Vector Machine, Decision Tree, and Boosting to differentiate between clean and malicious files. Both these techniques; feature heuristics and machine learning are combined to form a two-factor detection mechanism. This thesis also presents a cloud-based energy efficient and scalable hosting model, which combines multiple infrastructure components of Amazon Web Services to host the malware detection framework. This hosting model presents a client-server architecture, where client is a lightweight service running on the host machine and server is based on the cloud. The proposed framework and the hosting model were evaluated individually and combined by specifically designed experiments using separate repositories of clean and malicious files. The experiments were designed to evaluate the malware detection capabilities and energy efficiency while operating within a system. The proposed malware detection framework and the hosting model showed significant improvement in malware detection while consuming quite low CPU resources during the operation.

A Cloud-Based Intelligent and Energy Efficient Malware Detection Framework. A Framework for Cloud-Based, Energy Efficient, and Reliable Malware Detection in Real-Time Based on Training SVM, Decision Tree, and Boosting using Specified Heuristics Anomalies of Portable Executable Files

Mirza, Qublai K.A.

January 2017

The continuity in the financial and other related losses due to cyber-attacks prove the substantial growth of malware and their lethal proliferation techniques. Every successful malware attack highlights the weaknesses in the defence mechanisms responsible for securing the targeted computer or a network. The recent cyber-attacks reveal the presence of sophistication and intelligence in malware behaviour having the ability to conceal their code and operate within the system autonomously. The conventional detection mechanisms not only possess the scarcity in malware detection capabilities, they consume a large amount of resources while scanning for malicious entities in the system. Many recent reports have highlighted this issue along with the challenges faced by the alternate solutions and studies conducted in the same area. There is an unprecedented need of a resilient and autonomous solution that takes proactive approach against modern malware with stealth behaviour. This thesis proposes a multi-aspect solution comprising of an intelligent malware detection framework and an energy efficient hosting model. The malware detection framework is a combination of conventional and novel malware detection techniques. The proposed framework incorporates comprehensive feature heuristics of files generated by a bespoke static feature extraction tool. These comprehensive heuristics are used to train the machine learning algorithms; Support Vector Machine, Decision Tree, and Boosting to differentiate between clean and malicious files. Both these techniques; feature heuristics and machine learning are combined to form a two-factor detection mechanism. This thesis also presents a cloud-based energy efficient and scalable hosting model, which combines multiple infrastructure components of Amazon Web Services to host the malware detection framework. This hosting model presents a client-server architecture, where client is a lightweight service running on the host machine and server is based on the cloud. The proposed framework and the hosting model were evaluated individually and combined by specifically designed experiments using separate repositories of clean and malicious files. The experiments were designed to evaluate the malware detection capabilities and energy efficiency while operating within a system. The proposed malware detection framework and the hosting model showed significant improvement in malware detection while consuming quite low CPU resources during the operation.

Malware detection

File heuristics

Support vector machine (SVM)

Decision tree

Boosting

Cloud computing

Energy efficiency

Real-time detection

Automated static analysis

Portable executable (PE)