Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor


 Sherman Cobb
 2 years ago
 Views:
Transcription
1 INL/CON PREPRINT Fuzzy Logc Bsed Anomly Detecton for Embedded Network Securty Cyber Sensor 2011 IEEE Symposum on Computtonl Intellgence n Cyber Securty Ondre Lnd Mlos Mnc Todd Vollmer Json Wrght Aprl 2011 Ths s preprnt of pper ntended for publcton n ournl or proceedngs. Snce chnges my be mde before publcton, ths preprnt should not be cted or reproduced wthout permsson of the uthor. Ths document ws prepred s n ccount of work sponsored by n gency of the Unted Sttes Government. Nether the Unted Sttes Government nor ny gency thereof, or ny of ther employees, mkes ny wrrnty, expressed or mpled, or ssumes ny legl lblty or responsblty for ny thrd prty s use, or the results of such use, of ny nformton, pprtus, product or process dsclosed n ths report, or represents tht ts use by such thrd prty would not nfrnge prvtely owned rghts. The vews expressed n ths pper re not necessrly those of the Unted Sttes Government or the sponsorng gency.
2 Fuzzy Logc Bsed Anomly Detecton for Embedded Network Securty Cyber Sensor Ondre Lnd, Mlos Mnc Unversty of Idho Idho Flls, ID, USA Todd Vollmer, Json Wrght Idho Ntonl Lbortory Idho Flls, ID, USA Abstrct Reslency nd securty n crtcl nfrstructure control systems n the modern world of cyber terrorsm consttute relevnt concern. Developng network securty system specfclly tlored to the requrements of such crtcl ssets s of prmry mportnce. Ths pper proposes novel lernng lgorthm for nomly bsed network securty cyber sensor together wth ts hrdwre mplementton. The presented lernng lgorthm constructs fuzzy logc rule bse modelng the norml network behvor. Indvdul fuzzy rules re extrcted drectly from the strem of ncomng pckets usng n onlne clusterng lgorthm. Ths lernng lgorthm ws specfclly developed to comply wth the constrned computtonl requrements of lowcost embedded network securty cyber sensors. The performnce of the system ws evluted on set of network dt recorded from n expermentl testbed mmckng the envronment of crtcl nfrstructure control system. Keywords Anomly Detecton; Cyber Sensor; Embedded Systems; Fuzzy Logc System; Onlne Clusterng; I. INTRODUCTION Crtcl nfrstructure control systems, typclly composed of nterconnected computerbsed sttons, exchnge crucl nformton v the computer network. These crtcl components, whch cn be found n systems such s SCADA or nucler power plnts, consttute focus of n ncresed cyber securty [1], [2]. Brekng nto such systems wth network ntruson ttcks cn hve severe effects on multple levels, such s securty, publc sfety, ndustrl or economcl. The dnger s even hgher consderng tht crtcl nfrstructures re not mmune to these threts nd tht they possbly my be more vulnerble thn common nformton technology systems [3]. Therefore, network trffc nomly detecton for crtcl nfrstructures s n obvous need [4]. Network ntruson detecton systems orgnted n 1980 s nd n the semnl work of Dennng [5], [6]. Generlly spekng, two knds of IDS cn be found; nomly detecton nd sgnture bsed detecton systems. Sgnture bsed detecton system ttempt to mtch the observed behvor gnst dtbse of known ttck sgntures. On the other hnd, n nomly bsed detecton system seeks devtons from the lerned model of norml behvor [7], [8]. The system bulds representtve model exclusvely bsed on the prevously collected norml behvor. The system s cpble Fg. 1 Schemtc dgrm of the network securty cyber sensor [20]. of detectng novel nd dynmclly chngng ntruson nstnces, ssumng tht these re substntlly dfferent from the model of norml behvor. Unfortuntely, ny norml cceptble behvor not ncluded n the trnng set wll lkely not mtch the model nd generte flse lrm. Hence, cqurng descrptve trnng dtset s of crucl mportnce. The nomly detecton pproch s dopted n the presented pper. Computtonl ntellgence technques hve been extensvely ppled to the problem of network ntruson detecton [7], [9]. Technques such s rtfcl neurl networks [10] [13], support vector mchnes [14], genetc lgorthms [15], fuzzy logc [16], [17] or unsupervsed clusterng [18][20], proved to be powerful lernng tools for modelng the network behvor. The ttrctveness of computtonl ntellgence comes from the blty to lern from multdmensonl nonlner dt [9]. The presented pper proposes lernng lgorthm for fuzzy logc bsed nomly detecton system specfclly developed for the constrned resources of embedded network securty cyber sensors [21]. A schemtc vew of the presented system s depcted n Fg. 1. Here the mplemented cyber sensor cretes secure zone round the control system. The lernng lgorthm bulds fuzzy rule bse, whch descrbes the prevously seen norml network communcton behvorl ptterns. Ths fuzzy rule bse s constructed drectly from the strem of ncomng pckets usng the onlne verson of the nerest neghbor clusterng lgorthm. Subsequently, the set of extrcted clusters s trnsformed nto ndvdul fuzzy rules. Moreover, the lgorthm cn be retrned on newly vlble norml behvor dt, whle
3 mntnng the prevously cqured knowledge. The performnce of the lgorthm ws tested on n expermentl testbed mmckng the crtcl nfrstructure control system. The rest of the pper s structured s follows. Secton II provdes bref overvew of fuzzy logc systems nd the nerest neghbor clusterng lgorthm. The consdered hrdwre pltform for the embedded network securty devce s descrbed n Secton III. Secton IV nd V expln the network behvor feture extrcton technque nd the proposed nomly detecton lgorthm, respectvely. The system s expermentlly evluted n Secton VI nd Secton VII concludes the pper. II. BACKGROUND OVERVIEW Ths secton provdes bref bckground overvew of fuzzy logc systems nd the nerest neghbor clusterng lgorthm. A. Fuzzy Logc Systems Fuzzy logc hs been orgnlly proposed by Zdeh s tool for delng wth lngustc uncertnty nd vgueness ubqutous n the mprecse menng of words [23]. A Fuzzy Logc System (FLS) s composed of four prmry prts nput fuzzfcton, fuzzy nference engne, fuzzy rule bse nd output defuzzfcton, s depcted n Fg. 2. The Mmdn FLS consdered n ths work mntns fuzzy rule bse populted wth fuzzy lngustc rules n n mplctve form. Consder rule R k tht s descrbed s follows [24], [25]: Rule R k : IF x 1 s k k A n A 1 AND AND x n s THEN y k s B k (1) Here, symbol A k nd B k denote the th nput fuzzy set nd the output fuzzy set of the k th rule, respectvely, n s the dmensonlty of the nput vector x nd y k s the ssocted output vrble. Ech element of the nput vector x s frst fuzzfed usng the respectve fuzzy membershp functon (e.g. Gussn, trngulr, trpezodl, etc.). The fuzzfcton of nput vlue x nto fuzzy set A yelds fuzzy membershp grde k ( x ). Usng the mnmum tnorm the degree of A frng of rule R k cn be clculted s: ( x) mn{ k ( x )}, 1... n R k Fg. 2 Fuzzy logc system. A After pplyng the rule frng strength v the tnorm opertor to ech rule consequent, the output fuzzy sets re ggregted usng the tconorm opertor (e.g. the mxmum (2) opertor) resultng n output fuzzy set B. For detled descrpton of the fuzzy nference process refer to [24], [25]. In order to obtn the crsp output vlue, one of the vlble defuzzfcton technques s ppled. Upon dscretzng the output domn nto N smples, for exmple the centrod defuzzfer cn be ppled: y N 1 N 1 y ( y ) B B ( y ) B. Nerest Neghbor Clusterng The Nerest Neghbor Clusterng (NNC) lgorthm s n unsupervsed clusterng technque [9]. The clusterng process s controlled by n estblshed mxmum cluster rdus prmeter. The smller the rdus the more clusters wll be generted nd vce vers. Assume n nput dtset X composed of N nput ptterns denoted s: n X x 1,..., x N, x (4) Here, n denotes the dmensonlty of the nput domn. Vector x cn be expressed s x { 1,..., n x x }. Ech cluster consttutes prototype of smlr nstnces, subect to specfc smlrty mesure. The Euclden dstnce smlrty mesure s consdered n ths work. Ech cluster P s descrbed by ts Center Of Grvty (COG) c nd ts ssocted weght w. The weght w stores the number of ptterns prevously ssgned to cluster P. Followng ths notton, cluster P cn be expressed s: P, n c, w, c w The lernng process of the NNC lgorthm begns by cretng n ntl cluster P 1 t the locton of the frst nput pttern x 1. Next, nput ptterns from dtset X re selected n sequentl mnner. The nerest prototype from the set of vlble clusters s determned for ech nstnce. For n nput pttern x, the nerest cluster P s determned usng the Euclden dstnce norm: dst n n 2 c, x mn c x... c x, 1 C Here, C denotes the number of currently cqured clusters. Usng the mxmum cluster rdus prmeter  rd, the nput pttern x s ssgned to cluster P f the followng condton holds: dstc, x rd. In ths cse, the prmeters of cluster P re updted s: (3) (5) (6)
4 Fg. 3 Photo of the TOFINO network securty cyber sensor pluggedn nto the test system. c w c x w 1, w w 1 If dstc, x rd, new cluster s creted t the locton of nput pttern x, nd ts weght s set to 1. III. EMBEDDED NETWORK SECURITY CYBER SENSOR The Tofno embedded network securty devce, depcted n Fg. 3, s mnufctured by Byres Securty Inc. [22]. Orgnlly, the devce ws developed for preemptve thret detecton, termnton nd reportng, specfclly tlored for the needs of SCADA nd ndustrl control systems. Its mor dvntges re prmrly ts lowcost nd ese of deployment n rel world systems. In the presented work, the Tofno cyber sensor ws used s n embedded development pltform for mplementton of the proposed nomly bsed detecton lernng lgorthm. The Tofno pltform conssts of n Arcom Vulcn sngle bord computer. The mn processor s n Intel IXP425 XScle processor runnng t 533MHz wth 64MB of DRAM nd 32MB of flsh memory. The Intel IXP425 XScle s bsed on n ARM V5TE nstructon set [26]. Two Ethernet ports re provded long wth two USB ports. The Ethernet ports re used n processng pcket dt nd the USB ports re used for storge of sttstcs. The opertng system s bsed on the OpenWRT dstrbuton of Lnux. One of the specfcs of ths embedded pltform s tht the Intel IXP425 XScle processor used n the Tofno pltform does not hve flotng pont unt (FPU). Insted, the flotng pont rthmetc used n the presented lgorthm s emulted. Future work wll nclude modfcton of the current mplementton to use fxed pont (nteger) rthmetc. Dependng on the mplementton, lrge performnce gn my be cheved by usng the SIMD MultplyAccumulte unt coprocessor unt vlble on the IXP425. Ths coprocessor llows 16x32 multplyccumulte opertons to complete n sngle cycle. Whle not of utmost concern n n cdemc settng, the mplementton of the proposed lgorthm on hrdwre pltform s relevnt. Sommer nd Pxson [7] rgue tht t n (7) terms of cpbltes nd lmttons t s mportnt to obtn nsght nto the performnce of n nomly detecton system from n opertonl pont of vew. The focused mplementton s here t very low level wth n envsoned deployment ust before some crtcl equpment, such s Progrmmble Logc Controller (PLC). Wth the ncresngly common usge of network bsed control systems nd the current deployment of smrt grd systems hundreds, thousnds nd possbly mllons of devces wll be nterconnected. Ths mkes the cost nd relblty of n mplemented hrdwre soluton relevnt concern. In ddton, the proposed hrdwre mplementton of the embedded network securty cyber sensor provdes performnce bselne tht mght prove useful for comprson n future work. IV. DATA ACQUISITION AND FEATURE EXTRACTION Ths secton descrbes the network dt cquston process nd revews the prevously publshed wndow bsed feture extrcton technque. A. Control System Expermentl TestBed The hrdwre expermentl testbed system tht ws used for network dt cquston represents severl spects of n opertonl control system, such s opertonl control structure, control system network nd hrdwre control of ctul physcl processes. RSVew32, Rockwell Softwre HMI product, provdes n ntegrted component bsed nterfce for montorng of the system behvor. The nterfce runs on Wndows XP lptop connected v n IPv4 network. A Mox EDS505A operted Ethernet swtch provdes network connectvty for the controller. Ths swtch s mounted on DINRl nd powered by the control system source. All network trffc to nd from the controller s trnsported v the swtch. Port mrrorng hs been enbled on the control trffc port connected to the HMI mchne. A Lnux lptop wth the tcpdump softwre pplcton ws Fg. 4 Network dt cquston setup. A PLC s connected through hub to the control PC stton usng n Ethernet network.
5 Fg. 5 Wndow bsed feture extrcton process [13]. TABLE I SELECTED WINDOWBASED FEATURES Num. of IP ddresses Num. pckets wth 0 wn. sze Avg. ntervl between pckets Num. pckets wth 0 dt length Num. of protocols Averge wndow sze Num. of flg codes Averge dt length ttched to the mrror port llowng for network trffc cpturng nd montorng. Fnlly, second Lnuxbsed lptop representng the ttckercompromsed mchne ws ttched to thrd port. All nomlous trffc ws nstntted from ths mchne. The control system tself conssts of n AllenBrdley McroLogx 1100 PLC [27]. Attched to the PLC re 6 lghted buttons, 7 lghts, 2 potentometers, 2 temperture sensors nd smll electrc fn consttutng both dgtl nd nlog nput/output ponts. All of the tems re cpble of beng controlled ndvdully from the PLC or drectly by pressng button. The expermentl s depcted n Fg. 4. B. Feture Extrcton from Pcket Strem In prevous work of the uthors, n Artfcl Neurl Network (ANN) bsed ntruson detecton system ws developed [13]. The ANN ws trned on subset of vlble network trffc fetures extrcted by wndowbsed feture extrcton technque ppled drectly to the strem of pckets. Ths feture extrcton technque s lso utlzed n the presented work. Here, the nherent tme seres nture of the pcket strem dt s descrbed by vector cpturng the sttstcl behvor of the network trffc. The ppled wndow segments the pcket strem nd montors only lmted set of consecutve pckets. As descrbed n [13], wndow of specfed length s beng shfted over the strem of network pckets. At ech poston of the wndow feture vector r s computed from ll the pckets v currently presented n the wndow. The next rrvng pcket s pushed nto the wndow, whle the lst pcket s removed from the end. The process of wndow bsed feture extrcton s llustrted n Fg. 5. Tble I summrzes the lst of extrcted wndowbsed sttstcl fetures. Ths set of fetures ws emprclly selected bsed on the nlyss of the recorded network trffc nd the motvton to most ccurtely cpture the tme seres nture of the pcket strem. For further detls nd evluton of the wndow bsed feture extrcton refer to [13]. V. ONLINE LEARNING FOR ANOMALY IDS Ths secton presents the lernng lgorthm for the fuzzy logc bsed nomly detecton for n embedded network securty cyber sensor. Frst, rule extrcton v dpted onlne NNC lgorthm s presented. Next, the fuzzy rule bsed norml behvor modelng s explned. A. Rule Extrcton v Onlne Clusterng The proposed rule extrcton lgorthm tkes nto ccount the constrned computtonl resources of the vlble embedded network securty cyber sensor. Other lernng pproches, such s the prevously publshed IDSNNM lgorthm [13], pursue offlne lernng pproch once ll trnng dt hve been cqured. However, such lernng process s typclly computtonlly unfesble for the consdered embedded devces, gven the typclly encountered network trffc densty [21]. Ths pper proposes new lowcost onlne rule extrcton technque. The presented lgorthm lerns drectly from the strem of ncomng pckets. In ths mnner, the need for storng ll pcket nformton nto memory s elmnted. The fnl norml network behvor model s composed of set of fuzzy rules. Ech rule s extrcted usng n onlne verson of the dpted NNC lgorthm. The lgorthm mntns ddtonl nformton bout the spred of dt ponts ssocted wth ech cluster throughout the clusterng process. Ech cluster P of encountered norml network behvor s descrbed by ts center of grvty c, weght w nd mtrx of boundry prmeters M. Hence: 1 n c c P { c, w, M}, c { c,..., c }, M (8) c c Here, s the ndex of prtculr cluster, c s the ttrbute vlue n the th dmenson, c nd c re the upper nd lower bounds on the encountered vlues of the th ttrbute for dt ponts ssgned to cluster P nd n denotes the dmensonlty of the nput. The lgorthm mntns set of clusters. Intlly, the lgorthm strts wth sngle cluster P 1 postoned t the frst suppled trnng dt pont x 1. Ths ntl dt pont becomes vlble once the shftng wndow frst flls wth the ncomng pckets. Upon cqurng new dt pont x from the shftng wndow buffer, the set of clusters s updted ccordng to the NNC lgorthm. Frst, the Euclden dstnce to ll 1 1 n n Fg. 6 Illustrton of the nonsymmetrc nput Gussn fuzzy set A.
6 vlble clusters wth respect to the new nput feture vector x s clculted. The nerest cluster P s dentfed. If the computed nerest dstnce s greter thn the estblshed mxmum cluster rdus prmeter, new cluster s creted. Otherwse the nerest cluster P s updte smlrly s n (7): w c x c, w w 1 w 1 (9) c mx( x, c ), c mn( x, c ) 1... n (10) Hence, the modfed NNC lgorthm lso keeps trck of the lower nd upper bounds of the encountered nput vlues n ech dmenson for every cluster. If the nerest cluster s further wy thn the estblshed mxmum cluster rdus, new cluster s creted ccordng to the stndrd NNC lgorthm. B. Fuzzy Rule Bsed Behvor Modelng Once the rule extrcton phse of the lernng process s fnlzed (e.g. user decson, tme lmt, lmt on the number of pckets, etc.), the lernng lgorthm mntns fnl set of clusters tht descrbe the norml network communcton behvorl ptterns observed n the provded trnng dt. In the next phse of the lgorthm, ech cluster s converted nto fuzzy logc rule. Ech fuzzy rule descrbes the belongng of prtculr subregon of the multdmensonl nput spce to the clss of norml behvor. An ndmensonl cluster P s trnsformed nto ts ssocted fuzzy rule R s follows. Rule R s composed of n ntecedent fuzzy sets A, 1... n. Ech fuzzy set A, locted n the th dmenson of the nput spce, s modeled usng nonsymmetrcl Gussn fuzzy membershp functon wth dstnct left nd rght stndrd devtons. There re three prmeters of the membershp functon, nmely men m nd the left nd the rght stndrd devtons,, s shown n Fg. 6. The prmeter vlues re extrcted bsed on the computed cluster P n the followng mnner: m c (11) ( c c ) (12) ( c c ) (13) Here, symbol denotes the fuzzness prmeter, whch s used to dust the spred of the membershp functons. Usng the mnmum tnorm, the frng strength of fuzzy rule R s then computed s: ( x) mn{ ( x )} (14) R 1... n In ths specfc pplcton, the output of the fuzzy rule s sngleton fuzzy set ssgnng the nput pttern to the norml behvor clss. Hence, n ths specl cse the fred output of prtculr fuzzy rule s ctully ts own frng strength R (x). The fnl output decson y of the nomly detecton system s obtned by pplyng to mxmum tconorm to the output of ll vlble rules: y( x) mx ( x) (15) 1... C Here, C denotes the number of extrcted fuzzy rules. The vlue of the output y denotes the degree of belongng of nput pttern x to the clss of norml behvor. By pplyng crsp decson threshold the nput pttern cn be lbeled s ether nomlous or norml network behvor. R A () (b) (c) (d) (e) (f) Fg. 7 Prmeter control nlyss of the proposed nomly detecton lgorthm. Fgures show the number of generted clusters (), correct clssfcton rte (b), zoomedn vew of the clssfcton rte (c), flse postve rte (d), flse negtve rte (e), nd zoomedn vew of the flse negtve rte (f) for dfferent vlues of wndow sze nd mxmum cluster rdus prmeters.
7 () (b) (c) Fg. 8 Prmeter control nlyss of the proposed nomly detecton lgorthm. Fgures show the correct clssfcton rte (), the flse negtve rte (b), nd the flse postve rte (c) for dfferent vlues of wndow sze nd the senstvty threshold. VI. EXPERIMENTAL RESULTS Ths secton frst descrbes the cqured expermentl dtsets. Next, the sutble vlues of control prmeters re found by nlyzng ther mpct on the performnce of the lgorthm. Fnlly, the clssfcton performnce s evluted on the cqured testng dtsets. A. Expermentl Dtsets The Nmp [28] nd Nessus [29] softwre utltes were used to crete nomlous network trffc behvor n n ttempt to emulte the probes of cyber ttcker. Nmp s network scnnng tool commonly used to dentfy hosts, scn ports, opertng systems nd to determne pplctons tht re lstenng on open ports. It hs mny optons nd provdes useful reconnssnce nformton for determnng further courses of cton. Nessus s network scnnng tool tht provdes udtng cpbltes, vulnerblty ssessments nd proflng nformton. In ddton to generl computer relted ssessments, control system specfc vulnerbltes re vlble nd were used on the prevously descrbed expermentl testbed. The smulted ntruson ttempts nclude: ARP pngs, SYN stelth scns, port scnnng, open port dentfcton nd others. Cyber ttcks rnged from long ttcks composed of mny pckets to very short ntruson sequences. Two sets of expermentl dt hve been recorded. The recorded trnng set s composed of 6 dtset wth only norml network behvor. Overll, 60,661 pckets of norml network trffc were cqured ncludng speclzed norml behvor such s system ntlzton nd system component reconnecton. The second set s testng set composed of 11 dtsets, whch nclude smulted bnorml behvor. Overll 213,924 pckets hve been recorded. B. Prmeter Tunng The performnce of the presented nomly detecton lgorthm depends on the vlues of severl control prmeters: ) wndow sze of the wndow feture extrcton, ) mxmum cluster rdus for the onlne NNC lgorthm, ) the fuzzness prmeter of the fuzzy membershp functons, nd v) the vlue of the crsp threshold for norml/nomly trffc lbelng. The correct clssfcton, the flse negtve nd the flse postve rtes were used s performnce mesures. The correct clssfcton rte s the percentge of the overll correctly clssfed dt nstnces. The flse negtve rte s the rto of ncorrectly lbeled norml behvor nputs nd the overll number of norml behvor nstnces. The flse postve rte s the rto of ncorrectly lbel nomlous nputs nd the overll number of nomles. Fg. 7 nd Fg. 8 depct the performnce for dfferent vlues of wndow sze, mxmum cluster rdus nd the crsp decson threshold. Fg. 7() shows the number of generted clusters. Ths number monotonclly ncreses wth the decresng mxmum cluster rdus nd reches ts mxmum for wndow sze round 6. The more clusters generted, the more detled the model. However, more detled model ncreses the chnce of overfttng nd requres ddtonl computtonl tme. From Fg. 7(b)(f) t cn be seen tht the clssfcton performnce prmrly depends on the wndow sze. Smll vlues of wndow sze (e.g. 2, 4 or 6) generte ncresed number of flse negtves wth nonzero flse postve rte (~4%). From the detled vew n Fg. 7(c) nd Fg. 7(f) t s pprent tht there s slght grdent towrds smller vlues of wndow sze. Hence, vlues of wndow sze round 10 seem to yeld optml results for the gven dtsets. () (b) (c) Fg. 9 Anomly detecton performnce on dtset 1 for vlues of prmeter = 0.5 (), 1 (b), nd 2.0 (c).
8 () (b) (c) Fg. 10 Anomly detecton performnce of the proposed lgorthm on segments of pckets from dtsets 2 (), 3 (b), nd 4 (c). Thn lne represents system decson, thck lne denotes the known nomlous behvor. Fg. 8 nvestgtes the nfluence of the crsp decson threshold nd the wndow sze. Hgh rtes of both flse postves nd negtves cn be gn seen for smller vlues of wndow sze nd for smller vlues of decson threshold. The fgures demonstrte tht wth wndow sze of pproxmtely 20 pckets, the lgorthm s lest senstve to the vlue of the crsp decson threshold. Ths s lkely to be where the best seprton between norml nd nomly behvor s obtned. The nfluence of the fuzzness prmeter of the membershp functon s brefly demonstrted n Fg. 9. Here, the response of the lgorthm ppled to dtset 1 (thn lne s lgorthm output, thck lne mrks known ntrusons) s plotted. It cn be observed tht smller vlues of the fuzzness prmeter produce nrrower membershp functons, whch tend to reect more nstnces of more unusul norml behvor. However, lrger vlues of the fuzzness prmeters would eventully led to ncresed flse postve rte s nomly nstnces would become less dstnct from the norml behvor. In summry, the followng prmeters hve been selected s the optml vlues for the cqured expermentl dt: wndow sze = 20, mxmum cluster rdus = 0.01, the fuzzness prmeter = 2.0, nd crsp threshold = 0.9. TABLE II CLASSIFICATION PERFORMANCE OF THE FUZZY LOGIC BASED ANOMALY DETECTION ALGORITHM ON DIFFERENT DATASETS Dtsets Number of Pckets Clssfcton Rte Flse Negtves Flse Postves Processng Tme per Pcket Dt 1 35, % 1.485% % ms Dt 2 29, % % % ms Dt 3 34, % % % ms Dt 4 13, % % % ms Dt 5 10, % % % ms Dt 6 5, % % % ms Dt 7 7, % % % ms Dt 8 23, % % % ms Dt 9 24, % % % ms Dt 10 15, % % % ms Dt 11 15, % % % ms Sum / Averge 213, % % % ms
9 C. Clssfcton Performnce Evluton The fuzzy logc bsed nomly detecton lgorthms ws ppled to the 11 cqured testng dtsets. The lgorthm ws trned on the 6 trnng dtsets composed of 60,661 norml behvor pckets. The trnng took s resultng n potentlly mxmum processng speed of over 5,000 pckets per second. Altogether 71 fuzzy rules were extrcted. The clssfcton performnce s summrzed n Tble II. Here, the clssfcton rte, the flse negtve nd the flse postve rtes re depcted for ech dtset nd the verge vlues re clculted. It cn be observed tht the lgorthm mntned 0% flse postve rte nd 0.9% verge flse negtve rte. Hence, no ntruson ttempts were mssed, whle mntnng low flse negtve rte. Fg. 10 vsully demonstrtes the clssfcton of dtsets 2, 3 nd 4. The thn lne denotes the predcton of the nomly detecton system nd the thck lne bove the system response mrks the known occurrence of the nomlous behvor. It cn be seen tht the proposed nomly detecton system responded well to both long nd short ntruson ttempts. VII. CONCLUSION Ths pper presented novel fuzzy logc bsed nomly detecton lgorthm for embedded network securty cyber sensors. The nomly detecton lgorthm ws specfclly desgned to llow for both fst lernng nd fst clssfcton on the constrned computtonl resources of the embedded devce. The lgorthm extrcts fuzzy rules usng n dpted verson of the onlne nerest neghbor clusterng lgorthm drectly to the strem of pckets. The proposed lgorthm ws tested on n expermentl testbed mmckng the envronment of crtcl nfrstructure control system wth emulted probes of cyber ttcker. The control prmeters of the presented lgorthm were tuned v performnce nlyss. The fnl performnce evluton ws performed on set of 11 test dtsets wth over 200,000 pckets wth wde rnge of nomlous network behvor. The expermentl nlyss yelded 99.36% correct clssfcton rte wth 0.0% flse postve rte nd 0.9% flse negtve rtes. The prmry drecton for future work ncludes ncorportng type2 fuzzy logc nto the lgorthm desgn, fusng the nomlydetecton bsed system wth ntruson sgntures to mprove the clssfcton performnce nd deployng the lgorthm n rel opertonl settngs. REFERENCES [1] D. Yng, A. Usynn, J. W. Hnes, AnomlyBsed Intruson Detecton for SCADA Systems, n Proc. of 5 th Intl. Topcl Meetng on Nucler Plnt Instrumentton, Control nd Humn Mchne Interfce Technologes (NPIC&HMIT 05), Albuquerque, NM, Nov 1216, [2] H. S. Km, J. M. Lee, T. Prk, W. H. Kwon, Desgn of networks for dstrbuted dgtl control systems n nucler power plnts, Intl. Topcl Meetng on Nucler Plnt Instrumentton, Controls, nd Humn Mchne Interfce Technologes (NPIC&HMIT 2000), Wshngton, DC, November [3] Dn A. She, Crtcl Infrstructure: Control Systems nd the Terrorst Thret, Report for Congress RL31534, Februry, [4] C. G. Reger, D. I. Gertmn, M. A. McQueen, Reslent Control Systems: Next Generton Desgn Reserch, n Proc. 2 nd IEEE Conf. on Humn System Interctons, Ctn, Itly, pp , My [5] J. P. Anderson, Computer securty thret montorng nd survellnce, Techncl report, Jmes P. Anderson Co, [6] D. E. Dennng, An Intruson Detecton Model, n IEEE Trns. on Softwre Engneerng,vol. SE13, pp , Februry [7] R. Sommer, V. Pxson, Outsde the Closed World: On Usng Mchne Lernng For Network Intruson Detecton, n Proc. of IEEE Symp. on Securty nd Prvcy, Oklnd, Clforn, pp , [8] V. Chndol, A. Bneree, V. Kumr, Anomly Detecton: A Survey, Techncl Report, Unversty of Mnnesot, [9] I. H. Wtten, E. Frnk, Dt Mnng: Prctcl Mchne Lernng Tools nd Technques, Morgn Kufmnn Publshers, [10] Z. Zhng, J. L, C. Mnkopulos, J. Jorgenson, J. Ucles, HIDE: Herrchcl Network Intruson Detecton System Usng Sttstcl Preprocessng nd Neurl Network Clssfcton, n Proc. IEEE Workshop on Informton Assurnce nd Securty, [11] J. Ryn, M. Lln, R. Mkkulnen, Intruson Detecton wth Neurl Networks, n Advnces n Neurl Informton Processng Systems 10, Cmbrdge, MA, MIT Press, [12] H. Debr, B Dorzz, An Applcton of Recurrent Network to n Intruson Detecton System, n Proc. of the Interntonl Jont Conference on Neurl Networks, pp [13] O. Lnd, T. Vollmer, M. Mnc, Neurl Network Bsed Intruson Detecton System for Crtcl Infrstructures, n Proc. Int. Jont INNS IEEE Conf. on Neurl Networks, Atlnt, Georg, June 1419, [14] W. Hu, Y. Lo, V. R. Vemur, Robust Anomly Detecton Usng Support Vector Mchnes, n Proc. Interntonl Conference on Mchne Lernng, [15] G. Sten, B. Chen, A. S. Wu, K. A. Hu, Decson Tree Clssfer For Network Intruson Detecton Wth GAbsed Feture Selecton, n Proc. of the 43 rd ACM Southest Conference, Kennesw, GA, Mrch [16] F. Gonzlez, D. Dsgupt, J. Gomez, M. Kngnt, An Evolutonry Approch to Generte Fuzzy Anomly Sgntures, n Proc. the IEEE Informton Assurnce Workshop, June [17] J. Gomez, D. Dsgupt, F. Gonzlez, Detectng Cyber Attcks wth Fuzzy Dt Mnng Technques, n Proc. of the Workshop on Dt Mnng for Counter Terrorsm nd Securty, 3 rd SIAM Conference on Dt Mnng, Sn Frncsco, CA, My, [18] S. Zhong, T. Khoshgoftr, N. Sely, Clusterngbsed network ntruson detecton, n Intl. Journl of Relblty, Qulty nd Sfety, Vol. 14, No. 2, 2007, pp [19] Q. Wng, V. Mehlookonomou, A Clusterng Agorthm for Intruson Detecton, n SPIE Conference on Dt Mnng, Intruson Detecton, Informton Assurnce, nd Dt Networks Securty, Orlndo, Flord, USA, [20] L. Portnoy, E. Eskn, S. Solfo, Intruson detecton wth unlbeled dt usng clusterng, n Proc. Of ACM CSS Workshop on Dt Mnng Appled Securty, Phldelph, PA, November 58, [21] R. Sommer, V. Pxson, N. Wever, An rchtecture for explotng multcore processor to prllelze network ntruson preventon, Concurrency Computton: Prctce nd Experence, 21: , [22] Tofno webpge [URL], Avlble: from October [23] L. A. Zdeh, Fuzzy Sets, n Informton nd Control, vol. 8, pp , [24] J. M. Mendel, Uncertn RuleBsed Fuzzy Logc Systems: Introducton nd New Drectons, Upper Sddle Rver, NJ: Prentce Hll PTR, [25] G. J. Klr, B. Yun, Fuzzy Sets nd Fuzzy Logc Theory nd Applctons, Prentce Hll, New York, [26] Intel Corporton, Dtsheet Intel IXP42X Product Lne of Network Processors nd IXC1100 Control Plne Processor, June [27] Alln Brdley PLC 5 Controller webpge, Avlble: from October [28] Nmp webpge [URL], Avlble: from October [29] Nessus webpge [URL], Avlble: from October 2010.
A Hadoop Job Scheduling Model Based on Uncategorized Slot
Journl of Communctons Vol. 10, No. 10, October 2015 A Hdoop Job Schedulng Model Bsed on Unctegored Slot To Xue nd Tngtng L Deprtment of Computer Scence, X n Polytechnc Unversty, X n 710048, Chn Eml: xt73@163.com;
More informationWiMAX DBA Algorithm Using a 2Tier MaxMin Fair Sharing Policy
WMAX DBA Algorthm Usng 2Ter MxMn Fr Shrng Polcy PeChen Tseng 1, JYn Ts 2, nd WenShyng Hwng 2,* 1 Deprtment of Informton Engneerng nd Informtcs, Tzu Ch College of Technology, Hulen, Twn pechen@tccn.edu.tw
More informationFuzzy Clustering for TV Program Classification
Fuzzy Clusterng for TV rogrm Clssfcton Yu Zhwen Northwestern olytechncl Unversty X n,.r.chn, 7007 yuzhwen77@yhoo.com.cn Gu Jnhu Northwestern olytechncl Unversty X n,.r.chn, 7007 guh@nwpu.edu.cn Zhou Xngshe
More informationIncorporating Negative Values in AHP Using Rule Based Scoring Methodology for Ranking of Sustainable Chemical Process Design Options
20 th Europen ymposum on Computer Aded Process Engneerng ECAPE20. Perucc nd G. Buzz Ferrrs (Edtors) 2010 Elsever B.V. All rghts reserved. Incorportng Negtve Vlues n AHP Usng Rule Bsed corng Methodology
More informationALABAMA ASSOCIATION of EMERGENCY MANAGERS
LBM SSOCTON of EMERGENCY MNGERS ON O PCE C BELLO MER E T R O CD NCY M N G L R PROFESSONL CERTFCTON PROGRM .. E. M. CERTFCTON PROGRM 2014 RULES ND REGULTONS 1. THERE WLL BE FOUR LEVELS OF CERTFCTON. BSC,
More informationORIGIN DESTINATION DISAGGREGATION USING FRATAR BIPROPORTIONAL LEAST SQUARES ESTIMATION FOR TRUCK FORECASTING
ORIGIN DESTINATION DISAGGREGATION USING FRATAR BIPROPORTIONAL LEAST SQUARES ESTIMATION FOR TRUCK FORECASTING Unversty of Wsconsn Mlwukee Pper No. 091 Ntonl Center for Freght & Infrstructure Reserch &
More informationOptimal Pricing Scheme for Information Services
Optml rcng Scheme for Informton Servces Shny Wu Opertons nd Informton Mngement The Whrton School Unversty of ennsylvn Eml: shnwu@whrton.upenn.edu eyu (Shron) Chen Grdute School of Industrl Admnstrton
More informationIrregular Repeat Accumulate Codes 1
Irregulr epet Accumulte Codes 1 Hu Jn, Amod Khndekr, nd obert McElece Deprtment of Electrcl Engneerng, Clforn Insttute of Technology Psden, CA 9115 USA Eml: {hu, mod, rjm}@systems.cltech.edu Abstrct:
More informationResearch on performance evaluation in logistics service supply chain based unascertained measure
Suo Junun, L Yncng, Dong Humn Reserch on performnce evluton n logstcs servce suppl chn bsed unscertned mesure Abstrct Junun Suo *, Yncng L, Humn Dong Hebe Unverst of Engneerng, Hndn056038, Chn Receved
More informationWHAT HAPPENS WHEN YOU MIX COMPLEX NUMBERS WITH PRIME NUMBERS?
WHAT HAPPES WHE YOU MIX COMPLEX UMBERS WITH PRIME UMBERS? There s n ol syng, you n t pples n ornges. Mthemtns hte n t; they love to throw pples n ornges nto foo proessor n see wht hppens. Sometmes they
More informationMULTICRITERIA DECISION AIDING IN PROJECT MANAGEMENT OUTRANKING APPROACH AND VERBAL DECISION ANALYSIS
Dorot Górec Deprtment of Econometrcs nd Sttstcs Ncolus Coperncus Unversty n Toruń MULTICRITERIA DECISION AIDING IN PROJECT MANAGEMENT OUTRANKING APPROACH AND VERBAL DECISION ANALYSIS Introducton A proect
More informationVector Geometry for Computer Graphics
Vector Geometry for Computer Grphcs Bo Getz Jnury, 7 Contents Prt I: Bsc Defntons Coordnte Systems... Ponts nd Vectors Mtrces nd Determnnts.. 4 Prt II: Opertons Vector ddton nd sclr multplcton... 5 The
More informationNewtonRaphson Method of Solving a Nonlinear Equation Autar Kaw
NewtonRphson Method o Solvng Nonlner Equton Autr Kw Ater redng ths chpter, you should be ble to:. derve the NewtonRphson method ormul,. develop the lgorthm o the NewtonRphson method,. use the NewtonRphson
More informationThe CAT model: Predicting air temperature in city streets on the basis of measured reference data
The CAT model: Predctng r temperture n cty streets on the bss of mesured reference dt Evytr Erell 1 nd Terry Wllmson 2 1 The J. Blusten Insttute For Desert Reserch, BenGuron Unversty of the Negev, Sde
More informationRolf Baur, Raimund Herz & Ingo Kropp
COMPUTER AIDED REHABILITATION OF SEWER AND STORM WATER NETWORKS RESEARCH AND TECHNOLOGICAL DEVELOPMENT PROJECT OF EUROPEAN COMMUNITY Lehrstuhl Stdtbuwesen Technsche Unverstät Dresden (TUD) Nürnberger Str.
More informationBasics of Counting. A note on combinations. Recap. 22C:19, Chapter 6.5, 6.7 Hantao Zhang
Bscs of Countng 22C:9, Chpter 6.5, 6.7 Hnto Zhng A note on comntons An lterntve (nd more common) wy to denote n rcomnton: n n C ( n, r) r I ll use C(n,r) whenever possle, s t s eser to wrte n PowerPont
More informationThe Development of Web Log Mining Based on ImproveKMeans Clustering Analysis
The Development of Web Log Mnng Based on ImproveKMeans Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.
More informationJoint Opaque booking systems for online travel agencies
Jont Opque bookng systems for onlne trvel gences Mlgorzt OGOOWSKA nd Domnque TORRE Mrch 2010 Abstrct Ths pper nlyzes the propertes of the dvnced Opque bookng systems used by the onlne trvel gences n conjuncton
More informationVRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT09105, Phone: (3705) 2127472, Fax: (3705) 276 1380, Email: info@teltonika.
VRT012 User s gude V0.1 Thank you for purchasng our product. We hope ths userfrendly devce wll be helpful n realsng your deas and brngng comfort to your lfe. Please take few mnutes to read ths manual
More informationAVR32723: Sensor Field Oriented Control for Brushless DC motors with AT32UC3B0256. 32bit Microcontrollers. Application Note. Features.
AVR7: Sensor Feld Orented Control for Brushless DC motors wth ATUCB056 Fetures Stndlone Spce Vector Modulton lbrry for AVR UC mcrocontroller. Prk nd Clrke mthemtcl trnsformton lbrry for AVR UC mcrocontroller.
More informationResistive Network Analysis. The Node Voltage Method  1
esste Network Anlyss he nlyss of n electrcl network conssts of determnng ech of the unknown rnch currents nd node oltges. A numer of methods for network nlyss he een deeloped, sed on Ohm s Lw nd Krchoff
More informationLuby s Alg. for Maximal Independent Sets using Pairwise Independence
Lecture Notes for Randomzed Algorthms Luby s Alg. for Maxmal Independent Sets usng Parwse Independence Last Updated by Erc Vgoda on February, 006 8. Maxmal Independent Sets For a graph G = (V, E), an ndependent
More informationModels and Software for Urban and Regional Transportation Planning : The Contributions of the Center for Research on Transportation
Models nd Softwre for Urbn nd Regonl Plnnng : The Contrbutons of the Center for Reserch on Mchel Florn Aprl 2008 CIRRELT200811 Models nd Softwre for Urbn Regonl Plnnng: The Contrbutons of the Center
More informationCanon NTSC Help Desk Documentation
Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent
More informationLesson 28 Psychrometric Processes
1 Lesson 28 Psychrometrc Processes Verson 1 ME, IIT Khrgpur 1 2 The specfc objectves of ths lecture re to: 1. Introducton to psychrometrc processes nd ther representton (Secton 28.1) 2. Importnt psychrometrc
More informationLecture 2: Single Layer Perceptrons Kevin Swingler
Lecture 2: Sngle Layer Perceptrons Kevn Sngler kms@cs.str.ac.uk Recap: McCullochPtts Neuron Ths vastly smplfed model of real neurons s also knon as a Threshold Logc Unt: W 2 A Y 3 n W n. A set of synapses
More informationConstruction Rules for Morningstar Canada Target Dividend Index SM
Constructon Rules for Mornngstar Canada Target Dvdend Index SM Mornngstar Methodology Paper October 2014 Verson 1.2 2014 Mornngstar, Inc. All rghts reserved. The nformaton n ths document s the property
More informationTHE deployment of IEEE 802.11 wireless networks
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, XXX 2008 1 Passve Onlne Detecton of 802.11 Traffc Usng Sequental Hypothess Testng wth TCP ACKPars We We, Member, IEEE, Kyoungwon Suh, Member, IEEE,
More informationEngineertoEngineer Note
EngineertoEngineer Note EE265 Technicl notes on using Anlog Devices DSPs, processors nd development tools Contct our technicl support t dsp.support@nlog.com nd t dsptools.support@nlog.com Or visit our
More informationYOU FINALLY FINISHED YOUR FILM. NOW WHAT? Distributor...? Sales agent...? GOT IT: SELF DISTRIBUTION
YOU FINALLY FINISHED YOUR FILM. NOW WHAT? Dstrbutor...? Sles gent...? GOT IT: SELF DISTRIBUTION THE ADVANTAGES OF SELF DISTRIBUTION: A gurnteed openng n NY / LA prme theter nd you keep 100% of the boxoffce.
More informationbenefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).
REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or
More informationForecasting the Direction and Strength of Stock Market Movement
Forecastng the Drecton and Strength of Stock Market Movement Jngwe Chen Mng Chen Nan Ye cjngwe@stanford.edu mchen5@stanford.edu nanye@stanford.edu Abstract  Stock market s one of the most complcated systems
More informationBoolean Algebra. ECE 152A Winter 2012
Boolen Algebr ECE 52A Wnter 22 Redng Assgnent Brown nd Vrnesc 2 Introducton to Logc Crcuts 2.5 Boolen Algebr 2.5. The Venn Dgr 2.5.2 Notton nd Ternology 2.5.3 Precedence of Opertons 2.6 Synthess Usng AND,
More informationVehicle Navigation System Integration with GPS/INS/GSM
Chun Hu Journl of Scence nd Enneern, ol.,no., pp.3(3) ehcle Nvton System Interton wth GPS/INS/GSM JumMn Ln ChenWen Hun, nd FonLon Ts Insttute of Aeronutcs nd Astronutcs ChunHw Unversty HsnChu 3,
More informationMultiMarket Trading and Liquidity: Theory and Evidence
MultMrket Trdng nd Lqudty: Theory nd Evdence Shmuel Bruch, G. Andrew Kroly, b* Mchel L. Lemmon Eccles School of Busness, Unversty of Uth, Slt Lke Cty, UT 84, USA b Fsher College of Busness, Oho Stte Unversty,
More informationAn Alternative Way to Measure Private Equity Performance
An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate
More informationCalculation of Sampling Weights
Perre Foy Statstcs Canada 4 Calculaton of Samplng Weghts 4.1 OVERVIEW The basc sample desgn used n TIMSS Populatons 1 and 2 was a twostage stratfed cluster desgn. 1 The frst stage conssted of a sample
More informationVision Mouse. Saurabh Sarkar a* University of Cincinnati, Cincinnati, USA ABSTRACT 1. INTRODUCTION
Vson Mouse Saurabh Sarkar a* a Unversty of Cncnnat, Cncnnat, USA ABSTRACT The report dscusses a vson based approach towards trackng of eyes and fngers. The report descrbes the process of locatng the possble
More informationThe OC Curve of Attribute Acceptance Plans
The OC Curve of Attrbute Acceptance Plans The Operatng Characterstc (OC) curve descrbes the probablty of acceptng a lot as a functon of the lot s qualty. Fgure 1 shows a typcal OC Curve. 10 8 6 4 1 3 4
More informationImplementation of Deutsch's Algorithm Using Mathcad
Implementaton of Deutsch's Algorthm Usng Mathcad Frank Roux The followng s a Mathcad mplementaton of Davd Deutsch's quantum computer prototype as presented on pages  n "Machnes, Logc and Quantum Physcs"
More information1.1 The University may award Higher Doctorate degrees as specified from timetotime in UPR AS11 1.
HIGHER DOCTORATE DEGREES SUMMARY OF PRINCIPAL CHANGES General changes None Secton 3.2 Refer to text (Amendments to verson 03.0, UPR AS02 are shown n talcs.) 1 INTRODUCTION 1.1 The Unversty may award Hgher
More informationGetting Started. with Penfriend XP. 1 Installing 2 Trying it out! 3 Word Prediction. Reviewing Lexicons 5 Preferences 6 Finding More Help 7
Gettng Started wth Penfrend XP Installng Tryng t out! Word Predcton Other Features Revewng Lexcons 5 Preferences 6 Fndng More Help 7 Installng 5 6 7 Before you can use Penfrend XP on your computer the
More informationUse Geometry Expressions to create a more complex locus of points. Find evidence for equivalence using Geometry Expressions.
Lerning Objectives Loci nd Conics Lesson 3: The Ellipse Level: Preclculus Time required: 120 minutes In this lesson, students will generlize their knowledge of the circle to the ellipse. The prmetric nd
More informationHosted Voice Self Service Installation Guide
Hosted Voce Self Servce Installaton Gude Contact us at 18773551501 learnmore@elnk.com www.earthlnk.com 2015 EarthLnk. Trademarks are property of ther respectve owners. All rghts reserved. 107107629
More informationEN3: Introduction to Engineering. Teach Yourself Vectors. 1. Definition. Problems
EN3: Introducton to Engneerng Tech Yourself Vectors Dvson of Engneerng Brown Unversty. Defnton vector s mthemtcl obect tht hs mgntude nd drecton, nd stsfes the lws of vector ddton. Vectors re used to represent
More informationSmall Business Cloud Services
Smll Business Cloud Services Summry. We re thick in the midst of historic sechnge in computing. Like the emergence of personl computers, grphicl user interfces, nd mobile devices, the cloud is lredy profoundly
More informationOnLine Fault Detection in Wind Turbine Transmission System using Adaptive Filter and Robust Statistical Features
OnLne Fault Detecton n Wnd Turbne Transmsson System usng Adaptve Flter and Robust Statstcal Features Ruoyu L Remote Dagnostcs Center SKF USA Inc. 3443 N. Sam Houston Pkwy., Houston TX 77086 Emal: ruoyu.l@skf.com
More informationSmall Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd business. Introducing technology
More informationMethodology for Determining Egovernment Success Factors with Foresight Approach
Interntonl Reserch Journl of Appled nd Bsc Scences 2013 Avlble onlne t www.rbs.com ISSN 2251838X / Vol 4 (9): 26522662 Scence Eplorer Publctons Methodology for Determnng Egovernment Success Fctors wth
More informationPlotting and Graphing
Plotting nd Grphing Much of the dt nd informtion used by engineers is presented in the form of grphs. The vlues to be plotted cn come from theoreticl or empiricl (observed) reltionships, or from mesured
More informationCISCO SPA500G SERIES REFERENCE GUIDE
CISCO SPA500G SERIES REFERENCE GUIDE Part of the Csco Small Busness Pro Seres, the SIP based Csco SPA504G 4Lne IP phone wth 2port swtch has been tested to ensure comprehensve nteroperablty wth equpment
More informationIT05 Telephone and Mobile Phone Usage Policy
IT05 Telephone nd Moble Phone Usge Polcy Introducton 1 Ths polcy sets out the generl rules for the use of Southmpton Solent Unersty s telephones nd moble phones. These serces re coordnted nd mnged by Informton
More informationTesting Robotic Manipulators: Improvement and Experience
Issue, Volume, Testng Robotc Mnpultors: Improvement n Experence Y. Mh, N. Sepehr, H. Ghorb n A. Mh Abstrct In toy s worl of flexble utomton, users shoul be ble to rely on the performnce of robots. The
More informationOn the System Dynamics of the Logistic Risk of Marketing Channels
1194 JOURNAL OF SOFTWARE, VOL. 8, NO. 5, MAY 2013 On the System Dynmcs of the Logstc Rsk of Mrketng Chnnels Yng M School of Mngement, Wuhn Unversty of Technology, Wuhn, Chn Eml: myng331@163.com Fe Feng
More informationTaskOrientated Biofeedback System for the Rehabilitation of the Upper Limb
TkOrentted Bofeedbck Sytem for the Rehbltton of the Upper Lmb S. Koudou, N. G. Tgrk, C. Smth nd D. G. Cldwell Abtrct Stroke form one of the ledng cue of dblty n mot ndutrlzed countre. Robot medted tkorentted
More informationHelicopter Theme and Variations
Helicopter Theme nd Vritions Or, Some Experimentl Designs Employing Pper Helicopters Some possible explntory vribles re: Who drops the helicopter The length of the rotor bldes The height from which the
More informationTesting CABIDS through Mutations: on the Identification of Network Scans
Testng CABIDS through Mutatons: on the Identfcaton of Network Scans Emlo Corchado, Álvaro Herrero, José Manuel Sáz Department of Cvl Engneerng, Unversty of Burgos, Span {escorchado, ahcoso, msaz}@ubu.es
More informationTuition Fee Loan application notes
Tuton Fee Loan applcaton notes for new parttme EU students 2012/13 About these notes These notes should be read along wth your Tuton Fee Loan applcaton form. The notes are splt nto three parts: Part 1
More information1 Example 1: Axisaligned rectangles
COS 511: Theoretcal Machne Learnng Lecturer: Rob Schapre Lecture # 6 Scrbe: Aaron Schld February 21, 2013 Last class, we dscussed an analogue for Occam s Razor for nfnte hypothess spaces that, n conjuncton
More informationLoyalty Program and Customer Retention of Bank Credit Cards an Logistic Regression Analysis based on Questionnaires
oylty Progrm nd Customer Retenton of Bnk Credt Crds n ogstc Regresson nlyss sed on Questonnres ZHU Qn IN Runyo College of Economcs Zhejng Gongshng Unversty P.R.Chn 310014 strct To Chnese credt crd ssuers
More informationRecurrence. 1 Definitions and main statements
Recurrence 1 Defntons and man statements Let X n, n = 0, 1, 2,... be a MC wth the state space S = (1, 2,...), transton probabltes p j = P {X n+1 = j X n = }, and the transton matrx P = (p j ),j S def.
More informationAn InterestOriented Network Evolution Mechanism for Online Communities
An InterestOrented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne
More informationA DATA MINING APPLICATION IN A STUDENT DATABASE
JOURNAL OF AERONAUTICS AND SPACE TECHNOLOGIES JULY 005 VOLUME NUMBER (5357) A DATA MINING APPLICATION IN A STUDENT DATABASE Şenol Zafer ERDOĞAN Maltepe Ünversty Faculty of Engneerng BüyükbakkalköyIstanbul
More informationDriver Attitudes and Choices: Speed Limits, Seat Belt Use, and DrinkingandDriving
Drver Atttudes nd Choces: Speed Lmts, Set Belt Use, nd DrnkngndDrvng YoungJun Kweon Assocte Reserch Scentst Vrgn Trnsportton Reserch Councl Young Jun.Kweon@VDOT.Vrgn.gov Vrgn Trnsportton Reserch Councl
More informationA DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATIONBASED OPTIMIZATION. Michael E. Kuhl Radhamés A. TolentinoPeña
Proceedngs of the 2008 Wnter Smulaton Conference S. J. Mason, R. R. Hll, L. Mönch, O. Rose, T. Jefferson, J. W. Fowler eds. A DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATIONBASED OPTIMIZATION
More informationInterIng 2007. INTERDISCIPLINARITY IN ENGINEERING SCIENTIFIC INTERNATIONAL CONFERENCE, TG. MUREŞ ROMÂNIA, 1516 November 2007.
InterIng 2007 INTERDISCIPLINARITY IN ENGINEERING SCIENTIFIC INTERNATIONAL CONFERENCE, TG. MUREŞ ROMÂNIA, 1516 November 2007. UNCERTAINTY REGION SIMULATION FOR A SERIAL ROBOT STRUCTURE MARIUS SEBASTIAN
More informationOperating Network Load Balancing with the Media Independent Information Service for Vehicular Based Systems
CHI MA et l: OPERATING NETWORK LOAD BALANCING WITH THE MEDIA INDEPENDENT... Opertng Network Lod Blncng wth the Med Independent Inforton Servce for Vehculr Bsed Systes Ch M, End Fllon, Yunsong Qo, Brn Lee
More informationRESEARCH ON DUALSHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo.
ICSV4 Carns Australa 9 July, 007 RESEARCH ON DUALSHAKER SINE VIBRATION CONTROL Yaoq FENG, Hanpng QIU Dynamc Test Laboratory, BISEE Chna Academy of Space Technology (CAST) yaoq.feng@yahoo.com Abstract
More informationSmall Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd business. Introducing technology
More informationWhat is Candidate Sampling
What s Canddate Samplng Say we have a multclass or mult label problem where each tranng example ( x, T ) conssts of a context x a small (mult)set of target classes T out of a large unverse L of possble
More informationPerformance Analysis of Energy Consumption of Smartphone Running Mobile Hotspot Application
Internatonal Journal of mart Grd and lean Energy Performance Analyss of Energy onsumpton of martphone Runnng Moble Hotspot Applcaton Yun on hung a chool of Electronc Engneerng, oongsl Unversty, 511 angdodong,
More informationBUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK. 0688, dskim@ssu.ac.kr
Proceedngs of the 41st Internatonal Conference on Computers & Industral Engneerng BUSINESS PROCESS PERFORMANCE MANAGEMENT USING BAYESIAN BELIEF NETWORK Yeongbn Mn 1, Yongwoo Shn 2, Km Jeehong 1, Dongsoo
More informationWe assume your students are learning about selfregulation (how to change how alert they feel) through the Alert Program with its three stages:
Welcome to ALERT BINGO, a funflled and educatonal way to learn the fve ways to change engnes levels (Put somethng n your Mouth, Move, Touch, Look, and Lsten) as descrbed n the How Does Your Engne Run?
More informationEQUATIONS OF LINES AND PLANES
EQUATIONS OF LINES AND PLANES MATH 195, SECTION 59 (VIPUL NAIK) Corresponding mteril in the ook: Section 12.5. Wht students should definitely get: Prmetric eqution of line given in pointdirection nd twopoint
More informationTHREEDIMENSIONAL ELASTIC AND ELASTOPLASTIC FRICTIONAL CONTACT ANALYSIS OF TURBOMACHINERY BLADE ATTACHMENTS
JOURNAL OF THEORETICAL AND APPLIED MECHANICS 3,39,2001 THREEDIMENSIONAL ELASTIC AND ELASTOPLASTIC FRICTIONAL CONTACT ANALYSIS OF TURBOMACHINERY BLADE ATTACHMENTS Grzegorz Zbońsk Wesłw Ostchowcz Insttute
More informationInterleaved Power Factor Correction (IPFC)
Interleaved Power Factor Correcton (IPFC) 2009 Mcrochp Technology Incorporated. All Rghts Reserved. Interleaved Power Factor Correcton Slde 1 Welcome to the Interleaved Power Factor Correcton Reference
More information7.5. Present Value of an Annuity. Investigate
7.5 Present Value of an Annuty Owen and Anna are approachng retrement and are puttng ther fnances n order. They have worked hard and nvested ther earnngs so that they now have a large amount of money on
More informationFactoring Polynomials
Fctoring Polynomils Some definitions (not necessrily ll for secondry school mthemtics): A polynomil is the sum of one or more terms, in which ech term consists of product of constnt nd one or more vribles
More informationAN OPERATIONAL APPROACH FOR GROUND HANDLING MANAGEMENT AT AIRPORTS WITH IMPERFECT INFORMATION
1 N OPERTIONL PPROCH FOR GROUN HNLING MNGEMENT T IRPORTS WITH IMPERFECT INFORMTION Slm Ftour Trbels (ENC) ftour_trbelsslm@hotml.com crlos lberto Nunes Cosenz (COPPE) cosenz@pep.ufrj.br Lus Gustvo Zely
More informationFault tolerance in cloud technologies presented as a service
Internatonal Scentfc Conference Computer Scence 2015 Pavel Dzhunev, PhD student Fault tolerance n cloud technologes presented as a servce INTRODUCTION Improvements n technques for vrtualzaton and performance
More informationA Hierarchical Anomaly Network Intrusion Detection System using Neural Network Classification
IDC IDC A Herarchcal Anomaly Network Intruson Detecton System usng Neural Network Classfcaton ZHENG ZHANG, JUN LI, C. N. MANIKOPOULOS, JAY JORGENSON and JOSE UCLES ECE Department, New Jersey Inst. of Tech.,
More information"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *
Iranan Journal of Scence & Technology, Transacton B, Engneerng, ol. 30, No. B6, 789794 rnted n The Islamc Republc of Iran, 006 Shraz Unversty "Research Note" ALICATION OF CHARGE SIMULATION METHOD TO ELECTRIC
More informationLecture 3 Gaussian Probability Distribution
Lecture 3 Gussin Probbility Distribution Introduction l Gussin probbility distribution is perhps the most used distribution in ll of science. u lso clled bell shped curve or norml distribution l Unlike
More informationProject Networks With MixedTime Constraints
Project Networs Wth MxedTme Constrants L Caccetta and B Wattananon Western Australan Centre of Excellence n Industral Optmsaton (WACEIO) Curtn Unversty of Technology GPO Box U1987 Perth Western Australa
More informationSchema Clustering and Retrieval for Multidomain PayAsYouGo Data Integration Systems
Schem Clusterng nd Retrevl for Multdomn PyAsYouGo Dt Integrton Systems Htem A. Mhmoud Unversty of Wterloo Wterloo, ON, Cnd hmhmoud@cs.uwterloo.c Ashrf Aoulng Unversty of Wterloo Wterloo, ON, Cnd shrf@cs.uwterloo.c
More informationExtending Probabilistic Dynamic Epistemic Logic
Extendng Probablstc Dynamc Epstemc Logc Joshua Sack May 29, 2008 Probablty Space Defnton A probablty space s a tuple (S, A, µ), where 1 S s a set called the sample space. 2 A P(S) s a σalgebra: a set
More informationDEFINING %COMPLETE IN MICROSOFT PROJECT
CelersSystems DEFINING %COMPLETE IN MICROSOFT PROJECT PREPARED BY James E Aksel, PMP, PMISP, MVP For Addtonal Informaton about Earned Value Management Systems and reportng, please contact: CelersSystems,
More informationClearPeaks Customer Care Guide. Business as Usual (BaU) Services Peace of mind for your BI Investment
ClerPeks Customer Cre Guide Business s Usul (BU) Services Pece of mind for your BI Investment ClerPeks Customer Cre Business s Usul Services Tble of Contents 1. Overview...3 Benefits of Choosing ClerPeks
More informationData Mining for extraction of fuzzy IFTHEN rules using Mamdani and TakagiSugenoKang FIS
Engneeng Lettes, 5:, EL_5 3 Dt Mnng fo extcton of fuzzy IFTHEN ules usng Mmdn nd TkgSugenoKng FIS Jun E. Moeno, Osc Cstllo, Jun R. Csto, Lus G. Mtínez, Ptc Meln Abstct Ths ppe pesents clusteng technques
More informationEngineertoEngineer Note
EngineertoEngineer Note EE280 Technicl notes on using Anlog Devices DSPs, processors nd development tools Visit our Web resources http://www.nlog.com/eenotes nd http://www.nlog.com/processors or emil
More informationReasoning to Solve Equations and Inequalities
Lesson4 Resoning to Solve Equtions nd Inequlities In erlier work in this unit, you modeled situtions with severl vriles nd equtions. For exmple, suppose you were given usiness plns for concert showing
More informationEnterprise Risk Management Software Buyer s Guide
Enterprise Risk Mngement Softwre Buyer s Guide 1. Wht is Enterprise Risk Mngement? 2. Gols of n ERM Progrm 3. Why Implement ERM 4. Steps to Implementing Successful ERM Progrm 5. Key Performnce Indictors
More informationExperiment 6: Friction
Experiment 6: Friction In previous lbs we studied Newton s lws in n idel setting, tht is, one where friction nd ir resistnce were ignored. However, from our everydy experience with motion, we know tht
More informationMultisensor Data Fusion for Cyber Security Situation Awareness
Avalable onlne at www.scencedrect.com Proceda Envronmental Scences 0 (20 ) 029 034 20 3rd Internatonal Conference on Envronmental 3rd Internatonal Conference on Envronmental Scence and Informaton Applcaton
More informationCommunication Networks II Contents
8 / 1  Communcaton Networs II (Görg)  www.comnets.unbremen.de Communcaton Networs II Contents 1 Fundamentals of probablty theory 2 Traffc n communcaton networs 3 Stochastc & Marovan Processes (SP
More informationMATH 150 HOMEWORK 4 SOLUTIONS
MATH 150 HOMEWORK 4 SOLUTIONS Section 1.8 Show tht the product of two of the numbers 65 1000 8 2001 + 3 177, 79 1212 9 2399 + 2 2001, nd 24 4493 5 8192 + 7 1777 is nonnegtive. Is your proof constructive
More informationLinesource based Xray Tomography
nesorce bsed Xry Tomogrphy Deep Bhrhd Hengyong Y 4 Hong 3 Robert Plemmons 5 Ge Wng 4. Bomedcl mgng Dvson VTWFU School o Bomedcl Engneerng & Scence We Forest Unversty WnstonSlem C 757. Bomedcl Engneerng
More informationLet us recall some facts you have learnt in previous grades under the topic Area.
6 Are By studying this lesson you will be ble to find the res of sectors of circles, solve problems relted to the res of compound plne figures contining sectors of circles. Ares of plne figures Let us
More informationNumber of Levels Cumulative Annual operating Income per year construction costs costs ($) ($) ($) 1 600,000 35,000 100,000 2 2,200,000 60,000 350,000
Problem Set 5 Solutons 1 MIT s consderng buldng a new car park near Kendall Square. o unversty funds are avalable (overhead rates are under pressure and the new faclty would have to pay for tself from
More informationCan Auto Liability Insurance Purchases Signal Risk Attitude?
Internatonal Journal of Busness and Economcs, 2011, Vol. 10, No. 2, 159164 Can Auto Lablty Insurance Purchases Sgnal Rsk Atttude? ChuShu L Department of Internatonal Busness, Asa Unversty, Tawan ShengChang
More information