This document summarizes a research paper on using hidden Markov models to predict security threats and attacks in cloud computing systems. It discusses two approaches: 1) Integrating ongoing attack detection, automatic prevention actions, and risk measurement into an autonomic cloud intrusion detection framework using a hidden Markov prediction model. 2) Using hidden Markov models to detect sequences of anomalous behaviors in system logs that may indicate an attack plan over a period of time. The document provides background on hidden Markov models and how they can be applied to modeling threat sequences and states in a cloud system to provide early warnings of potential attacks.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
Internal security on an ids based on agentscsandit
An Intrusion Detection System (IDS) can monitor different events that may occur in a
determined network or host, and which affect any network security service (confidentiality,
integrity, availability). Because of this, an IDS must be flexible and it must detect and trace
each alert without affecting the system´s performance. On the other hand, agents ina Multi-
Agent system have inherent security problems due to their mobility; that’s why we propose some
techniques in order to provide internal security for the agents belonging to the system. The
deployed IDS works with a multiagent platform and each component inside the infrastructure is
verified using security techniques in order to provide integrity. Likewise, the agents can
specialize in order to carry out specific jobs, for example monitoring TCP, UDP traffic, etc. The
IDS can work without interfering in the system's performance. In this article we present a
hierarchical IDS deployment with internal security on a multiagent system, using a platform
named BESA with its processes, functions and results.
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
Internet attacks are continuously increasing in the last years, in terms of scale and complexity, challenging the existing defense solutions with new complications and making them almost ineffective against multi-stage attacks, in particular the intrusion detection systems which fail to identify such complex attacks. Attack graph is a modeling technique used to visualize the different steps an attacker might select to achieve his end game, based on existing vulnerabilities and weaknesses in the system. This paper studies the application of attack graphs in intrusion detection and prevention systems (IDS/IPS) in order to better identify complex attacks based on predefined models, configurations, and alerts. As a “proof of concept”, a tool is developed which interfaces with the well-known SNORT [1] intrusion detection system and matches the alerts with an attack graph generated using the NESSUS [2] vulnerability scanner (maintained up-to-date using the National Vulnerability Database (NVD) [3]) and the MULVAL [4] attack graph generation library. The tool allows to keep track with the attacker activities along the different stages of the attack graph.
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...IJNSA Journal
The prediction of attacks is essential for the prevention of potential risk. Therefore, risk forecasting contributes a lot to the optimization of the information security budget. This article focuses on the ontology and stages of a cyberattack. It introduces the main representatives of the attacking side and describes their motivation.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
Internal security on an ids based on agentscsandit
An Intrusion Detection System (IDS) can monitor different events that may occur in a
determined network or host, and which affect any network security service (confidentiality,
integrity, availability). Because of this, an IDS must be flexible and it must detect and trace
each alert without affecting the system´s performance. On the other hand, agents ina Multi-
Agent system have inherent security problems due to their mobility; that’s why we propose some
techniques in order to provide internal security for the agents belonging to the system. The
deployed IDS works with a multiagent platform and each component inside the infrastructure is
verified using security techniques in order to provide integrity. Likewise, the agents can
specialize in order to carry out specific jobs, for example monitoring TCP, UDP traffic, etc. The
IDS can work without interfering in the system's performance. In this article we present a
hierarchical IDS deployment with internal security on a multiagent system, using a platform
named BESA with its processes, functions and results.
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
Internet attacks are continuously increasing in the last years, in terms of scale and complexity, challenging the existing defense solutions with new complications and making them almost ineffective against multi-stage attacks, in particular the intrusion detection systems which fail to identify such complex attacks. Attack graph is a modeling technique used to visualize the different steps an attacker might select to achieve his end game, based on existing vulnerabilities and weaknesses in the system. This paper studies the application of attack graphs in intrusion detection and prevention systems (IDS/IPS) in order to better identify complex attacks based on predefined models, configurations, and alerts. As a “proof of concept”, a tool is developed which interfaces with the well-known SNORT [1] intrusion detection system and matches the alerts with an attack graph generated using the NESSUS [2] vulnerability scanner (maintained up-to-date using the National Vulnerability Database (NVD) [3]) and the MULVAL [4] attack graph generation library. The tool allows to keep track with the attacker activities along the different stages of the attack graph.
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...IJNSA Journal
The prediction of attacks is essential for the prevention of potential risk. Therefore, risk forecasting contributes a lot to the optimization of the information security budget. This article focuses on the ontology and stages of a cyberattack. It introduces the main representatives of the attacking side and describes their motivation.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
Vulnerability scanners a proactive approach to assess web application securityijcsa
With the increasing concern for security in the network, many approaches are laid out that try to protect
the network from unauthorised access. New methods have been adopted in order to find the potential
discrepancies that may damage the network. Most commonly used approach is the vulnerability
assessment. By vulnerability, we mean, the potential flaws in the system that make it prone to the attack.
Assessment of these system vulnerabilities provide a means to identify and develop new strategies so as to
protect the system from the risk of being damaged. This paper focuses on the usage of various vulnerability
scanners and their related methodology to detect the various vulnerabilities available in the web
applications or the remote host across the network and tries to identify new mechanisms that can be
deployed to secure the network.
Industrial control systems may be at least, or even more, vulnerable to intrusion and malicious attack than you desktop PC. The National Cybersecurity and Communications Integration Center outlines seven basic steps you can take to harden your industrial control system against intrusion and mischief.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Comparative Study on Profile Based Location Management for Personal Communi...IJERA Editor
Location of the mobile user is registered to the two databases for call tracking and those registration processes basis much network traffic. By this speed of Call delivery reduced and location updating cost improved. In this paper, the first method a new meek location management by registering Representative VLR of group of certain VLRs regionally and broadcasting for searching a mobile user, so called rVLR-B.This The representative VLR of several VLRs and register mobile users’ location. When set up the call path between mobile users, the VLR of the caller inquiries callee’s rVLR for searching the location of callee instead of demanding to VLR of callee. And then rVLR broadcast the callee’s location to all VLR of the region simultaneously. Location registration is only performed when a mobile user visits a new rVLR network area from present area. Using the rVLR-B, the cost of maintaining location of mobile users was abridged. The second technique for reducing the costs during the location tracking and location update is proposed. Taking the regular movement pattern of the users it produces the block and the user registers with the HLR only after crossing the block instead of crossing the single cell. The block register (BR) is introduced between the block and the HLR in two level systems to preserve the blocks, thus creates three level architecture. In this architecture some signaling cost values between the MSC-BR, BRHLR and BR-BR are maintained to get the better enactment. By the rVLR-B and BR the performance of speed of call delivery improved and location updation will be diminished. Keywords: Home Location Register, Visitor Location Register, Mobile Switching Center, Base Station, Block Register, Mobile Station, r-VLR- Representative VLR
International Journal of Computational Engineering Research(IJCER) ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
Survey on Credit Card Fraud Detection Using Different Data Mining Techniquesijsrd.com
In today's world of e-commerce, credit card payment is the most popular and most important mean of payment due to fast technology. As the usage of credit card has increased the number of fraud transaction is also increasing. Credit card fraud is very serious and growing problem throughout the world. This paper represents the survey of various fraud detection techniques through which fraud can be detected. Although there are serious fraud detection technology exits based on data mining, knowledge discovery but they are not capable to detect the fraud at a time when fraudulent transaction are in progress so two techniques Neural Network and Hidden Markov Model(HMM) are capable to detect the fraudulent transaction is in progress. HMM categorizes card holder profile as low, medium, and high spending on their spending behavior. A set of probability is assigned to each cardholder for amount of transaction. The amount of incoming transaction is matched with cardholder previous transaction, if it is justified a predefined threshold value then a transaction is considered as a legitimate else it is considered as a fraud.
The idea of backpacking is just amazing but packing is quite stressful especially for a fashionista. Minimalistic packing is what I advocate for.here is a simple list every woman can use.
Fibre channel and nv me trusted meets fastPoulSmith
Technological advances in the enterprise data center involving Non-Volatile Memory Express (NVMe)-based Solid-State Storage (SSS) devices are allowing many folks to change their perception of Fibre Channel.
Připravený balíček léčitele pro jednoduchou hru postavy. Překontrolujte si, jestli máte dané zbraně. Pokud ne, klidně si upravte balíček k vašemu obrazu.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
Vulnerability scanners a proactive approach to assess web application securityijcsa
With the increasing concern for security in the network, many approaches are laid out that try to protect
the network from unauthorised access. New methods have been adopted in order to find the potential
discrepancies that may damage the network. Most commonly used approach is the vulnerability
assessment. By vulnerability, we mean, the potential flaws in the system that make it prone to the attack.
Assessment of these system vulnerabilities provide a means to identify and develop new strategies so as to
protect the system from the risk of being damaged. This paper focuses on the usage of various vulnerability
scanners and their related methodology to detect the various vulnerabilities available in the web
applications or the remote host across the network and tries to identify new mechanisms that can be
deployed to secure the network.
Industrial control systems may be at least, or even more, vulnerable to intrusion and malicious attack than you desktop PC. The National Cybersecurity and Communications Integration Center outlines seven basic steps you can take to harden your industrial control system against intrusion and mischief.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Comparative Study on Profile Based Location Management for Personal Communi...IJERA Editor
Location of the mobile user is registered to the two databases for call tracking and those registration processes basis much network traffic. By this speed of Call delivery reduced and location updating cost improved. In this paper, the first method a new meek location management by registering Representative VLR of group of certain VLRs regionally and broadcasting for searching a mobile user, so called rVLR-B.This The representative VLR of several VLRs and register mobile users’ location. When set up the call path between mobile users, the VLR of the caller inquiries callee’s rVLR for searching the location of callee instead of demanding to VLR of callee. And then rVLR broadcast the callee’s location to all VLR of the region simultaneously. Location registration is only performed when a mobile user visits a new rVLR network area from present area. Using the rVLR-B, the cost of maintaining location of mobile users was abridged. The second technique for reducing the costs during the location tracking and location update is proposed. Taking the regular movement pattern of the users it produces the block and the user registers with the HLR only after crossing the block instead of crossing the single cell. The block register (BR) is introduced between the block and the HLR in two level systems to preserve the blocks, thus creates three level architecture. In this architecture some signaling cost values between the MSC-BR, BRHLR and BR-BR are maintained to get the better enactment. By the rVLR-B and BR the performance of speed of call delivery improved and location updation will be diminished. Keywords: Home Location Register, Visitor Location Register, Mobile Switching Center, Base Station, Block Register, Mobile Station, r-VLR- Representative VLR
International Journal of Computational Engineering Research(IJCER) ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
Survey on Credit Card Fraud Detection Using Different Data Mining Techniquesijsrd.com
In today's world of e-commerce, credit card payment is the most popular and most important mean of payment due to fast technology. As the usage of credit card has increased the number of fraud transaction is also increasing. Credit card fraud is very serious and growing problem throughout the world. This paper represents the survey of various fraud detection techniques through which fraud can be detected. Although there are serious fraud detection technology exits based on data mining, knowledge discovery but they are not capable to detect the fraud at a time when fraudulent transaction are in progress so two techniques Neural Network and Hidden Markov Model(HMM) are capable to detect the fraudulent transaction is in progress. HMM categorizes card holder profile as low, medium, and high spending on their spending behavior. A set of probability is assigned to each cardholder for amount of transaction. The amount of incoming transaction is matched with cardholder previous transaction, if it is justified a predefined threshold value then a transaction is considered as a legitimate else it is considered as a fraud.
The idea of backpacking is just amazing but packing is quite stressful especially for a fashionista. Minimalistic packing is what I advocate for.here is a simple list every woman can use.
Fibre channel and nv me trusted meets fastPoulSmith
Technological advances in the enterprise data center involving Non-Volatile Memory Express (NVMe)-based Solid-State Storage (SSS) devices are allowing many folks to change their perception of Fibre Channel.
Připravený balíček léčitele pro jednoduchou hru postavy. Překontrolujte si, jestli máte dané zbraně. Pokud ne, klidně si upravte balíček k vašemu obrazu.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Protect mobile agent against malicious host using partial mobility mechanismijfcstjournal
A
mobile agent is a promising area in distributed systems
.
It is a new
technology for computers to
communicate. Despite the multiple benefits of the mobile agent, but there are several obstacles to i
ts
spread.
The mobile agent protection is one of these obstacles. In this paper a new mechanism has been
proposed to protect mobile. The mechanism
is
called Partial
-
Mobility Mechanism (PMM). The main idea
behind this mechanism is to allow to mobile agent
s
to visit ma
licious hosts partially by using a
O
ne
-
H
op
-
Agent (
OHA)
.
OHA
is a type of
the mobile agent that
contains only a task that will be executed in a
malicious host.
By avoiding the mobile agent to visit the malicious host,
PMM completely protect
s
the
mobile age
nt’s secrecy and integrity. PMM has been implemented using .Net framework and C#
technologies
. Some experiments have been conducted to test the feasibility and performance of the
mechanism. Full analysis of the results have been presented and discussed.
INTERNAL SECURITY ON AN IDS BASED ON AGENTScscpconf
An Intrusion Detection System (IDS) can monitor different events that may occur in a determined network or host, and which affect any network security service (confidentiality,
integrity, availability). Because of this, an IDS must be flexible and it must detect and trace each alert without affecting the system´s performance. On the other hand, agents ina MultiAgent system have inherent security problems due to their mobility; that’s why we propose some techniques in order to provide internal security for the agents belonging to the system. The deployed IDS works with a multiagent platform and each component inside the infrastructure is verified using security techniques in order to provide integrity. Likewise, the agents can
specialize in order to carry out specific jobs, for example monitoring TCP, UDP traffic, etc. The IDS can work without interfering in the system's performance. In this article we present a hierarchical IDS deployment with inter nal security on a multiagent system, using a platform named BESA with its processes, functions and results.
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...IJNSA Journal
This paper is a survey of the work, done for making an IDS fault tolerant.Architecture of IDS that uses mobile Agent provides higher scalability. Mobile Agent uses Platform for detecting Intrusions using filter Agent, co-relater agent, Interpreter agent and rule database. When server (IDS Monitor) goes down, other hosts based on priority takes Ownership. This architecture uses decentralized collection and analysis for identifying Intrusion. Rule sets are fed based on user-behaviour or applicationbehaviour.This paper suggests that intrusion detection system (IDS) must be fault tolerant; otherwise, the intruder may first subvert the IDS then attack the target system at will.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
INTERNAL SECURITY ON AN IDS BASED ON AGENTSIJNSA Journal
An Intrusion Detection System (IDS) can monitor different events that may occur in a determined network or host, and which affect any network security service (confidentiality, integrity, availability). Because of this, an IDS must be flexible and it must detect and trace each alert without affecting the system´s performance. On the other hand, agents ina Multi-Agent system have inherent security problems due to their mobility; that’s why we propose some techniques in order to provide internal security for the agents belonging to the system. The deployed IDS works with a multiagent platform and each component inside the infrastructure is verified using security techniques in order to provide integrity. Likewise, the agents can specialize in order to carry out specific jobs, for example monitoring TCP, UDP traffic, etc. The IDS can work without interfering in the system's performance. In this article we present a hierarchical IDS deployment with internal security on a multiagent system, using a platform named BESA with its processes, functions and results.
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
INTRODUCTION
Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a
network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense
teams a chance to quickly and effectively detect, counter, and expel an adversary. This paper presents seven strategies that can be implemented today to counter common exploitable
weaknesses in “as-built” control systems.
Seven recommendations for bolstering industrial control system cyber securityCTi Controltech
Recommendations from ICS-CERT, the Industrial Control System Cyber Emergency Response Team, a division of Department of Homeland Security. Seven basic steps to follow that will substantially boost cyber security and generate awareness of the threat potential
This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems. Length is 6 pages.
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems for industrial processes and operations.
Defending Industrial Control Systems From CyberattackCTi Controltech
Industrial control systems of all types and vintages likely are exposed to some level of unauthorized intrusion. Individuals and organizations with nefarious intent will try to gain access to information or control elements, stealing data or causing a range of inappropriate operations.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
Similar to A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques (20)
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Immunizing Image Classifiers Against Localized Adversary Attacks
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
1. Mrs. Manisha Bharati Int. Journal of Engineering Research and Applications www.ijera.com
ISSN: 2248-9622, Vol. 6, Issue 1, (Part - 3) January 2016, pp.167-172
www.ijera.com 167|P a g e
A Survey on Hidden Markov Model (HMM) Based Intention
Prediction Techniques
Mrs. Manisha Bharati*, Dr. Santosh Lomte**
*(Department of Computer Science, Dr. BAM U, India)
** (Department of Computer Science, Dr. BAMU, India)
ABSTRACT
The extensive use of virtualization in implementing cloud infrastructure brings unrivaled security concerns for
cloud tenants or customers and introduces an additional layer that itself must be completely configured and
secured. Intruders can exploit the large amount of cloud resources for their attacks.
This paper discusses two approaches In the first three features namely ongoing attacks, autonomic prevention
actions, and risk measure are Integrated to our Autonomic Cloud Intrusion Detection Framework (ACIDF) as
most of the current security technologies do not provide the essential security features for cloud systems such as
early warnings about future ongoing attacks, autonomic prevention actions, and risk measure. The early
warnings are signaled through a new finite State Hidden Markov prediction model that captures the interaction
between the attackers and cloud assets. The risk assessment model measures the potential impact of a threat on
assets given its occurrence probability. The estimated risk of each security alert is updated dynamically as the
alert is correlated to prior ones. This enables the adaptive risk metric to evaluate the cloud’s overall security
state. The prediction system raises early warnings about potential attacks to the autonomic component,
controller. Thus, the controller can take proactive corrective actions before the attacks pose a serious security
risk to the system.
In another Attack Sequence Detection (ASD) approach as Tasks from different users may be performed on the
same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other
hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in
cloud with multiple virtual machines executing such malicious action. In addition, hacker may perform a
sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit
machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be
stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify
it.
Keywords - Hidden Markov model (HMM), user action Recognition, smart home systems, intention prediction,
sequence learning, attack plan.
I. INTRODUCTION
Prediction techniques are essential tools to reach
an effective decision on countering an attack. There
are two main models that can be used for the
prediction target namely, (1) Finite-context models,
that are applied using Markov Models, MM, and
Variable Order Markov Model, VMM. These models
assign a probability to a symbol based on the context
in which it appears and, (2) Finite-state models.
These models are applied using Hidden Markov
Models, HMM, which are composed of an observable
part called “events,” and a hidden part called “states.”
A state stores information about the past since it
reflects changes in the system from the start to the
present moment. A transition indicates a state change
and is described by a condition that needs to be
fulfilled in order to enable the transition. Events are
observed with different probability distribution
depending on the state of the system. These models
provide flexible structure that can model complex
sources of sequential data. However dealing with
HMM typically requires considerable understanding
and insight look into the problem domain in order to
restrict possible model architectures. A bad
prediction model may result in: (1) reducing
network/host performance, (2) wrongly disconnect
users from the network/host, (3) high costs for
administrators’ reestablishing services, and (4) a DoS
attack for the network, which will eventually have to
be disabled.
Attacker may combine multiple security
vulnerabilities into an intelligent attack. For such a
target attack, he often adopts persistent attack
approach consisting of a sequence of attack behaviors
continuously until the target is compromised.
For example, hacker may first attempt to
compromise an easy target in a cloud. A
compromised machine, either by malicious insider or
service hijacking, may abuse cloud computing or
RESEARCH ARTICLE OPEN ACCESS
2. Mrs. Manisha Bharati Int. Journal of Engineering Research and Applications www.ijera.com
ISSN: 2248-9622, Vol. 6, Issue 1, (Part - 3) January 2016, pp.167-172
www.ijera.com 168|P a g e
attack one or more machines in the cloud, causing
more serious damage than in a network environment
where machines are distributed and independent.
Intrusion detection system (IDS) and firewall,
monitoring network activities at gateway level, are
considered as efficient attack prevention
mechanisms. The traffic in/out gateway violating pre-
defined rules will be alerted or blocked, but not for
that inside the perimeter. Hence, suspicious events
inside a cloud might not be alerted by IDS or firewall
and a sequence of planned attacks might be
successful even IDS and firewall is deployed at the
gateway level. Therefore, intrusion detection in cloud
should examine both inbound and outbound traffic.
In a cloud environment, many audit logs are
recorded, such as web traffic or system log, and many
alert logs are also reported by IDS or firewall. A vast
amount of logs requires human and computing
resources to filter out false alarms and to identify real
attacks. Some attack attempts recorded in a log might
not be successful as the target machine does not
possess the vulnerability exploited by the attack, like
an Apache server is attack-free from IIS
vulnerabilities. Therefore, alert or warning from a log
might not be able to plot the whole picture. However,
multiple logs could indicate if a previous attack is
successful as a compromised target may leave some
attack trace in different logs. Multiple logs in cloud
should be examined and analyzed to identify
successful attacks.
II. BACKGROUND AND
LITERATURE REVIEW
The potential impact of intrusions in cloud
systems steadily increases because of the huge
amount of cloud resources that an intruder may
control and use to implement further attacks.
Furthermore, the deficiencies of the current intrusion
detection technology hinder its adoption in clouds.
Most of these technologies suffer of single point
of failure and none of these solutions use an
autonomic response, risk metric, or prediction
features. In this section, we highlight these features in
details.
Widely adopted mechanisms to implement a
fault tolerant system [6] includes (1) replication of
software agents, (2) redundant processing
components, (3) integrity checks for self-healing, (4)
reconfigurable hardware and restructuring
architectures, and (5) fault detection using Heartbeat
messages. The proposed framework adopts 2, 3 and 5
as the most effective mechanisms to achieve the self-
resilience and the fault tolerance capabilities.
Alerts correlation and risk assessment processes
play a critical role in both the detection and
prediction phases. The detection component produces
a large number of alerts that disturbs the intrusion
response component and this can increase the impact
on the network and results in a DoS.
There are two different approaches for alerts
correlation namely: (1) the alert filtering approach
that selects just true alerts from the raw ones that are
generated by detection components and it causes
false negatives in prediction but prevents the
application of high impact reactions to the network
by the response component, (2) the alert severity
modulation that modulates the quality of alerts and
generates prediction alarms for the most interesting
steps of multi-step attacks and consequently it
improves the prediction accuracy.
A planned attack normally is performed in a long
term time frame with persistent and stealthy attacks
to avoid violation of IDS rules, such as two password
guessing constantly in a long duration which triggers
no alert and will not be discovered by IDS. To
determine if a machine is under attack, the proposed
approach extracts and analyzes the logs related to the
observing machine to identify whether an attack
sequence exists. This study adopts hidden Markov
Model (HMM) to model the sequence of anomaly
behaviors. As mentioned above that different attack
strategies may leave traces in different logs. An
attack plan often lasts for a long duration, so the
detection should infer and correlate various logs in a
period of time. A successful attack consists of at least
three stages: (1) reconnaissance: gathering
information from a target machine, such as scan or
password guess; (2) intrusion: intruding/exploiting
the target with the vulnerability found; (3) attacking:
using the compromised machine to attack others.
The model consists of three states corresponding
to the three stages described above, and the
observations from the analyzed logs are shown in the
second layer, where each observation requires the
correlations of logs with extracted features listed in
the lowest layer. Each machine initially is at state
Reconnaissance, as each is under the threat of being
scanned or discovered. A machine whose state
transited from the initial state to the next state,
Intrusion, indicates that an intrusion happened after
the target has been scanned or attempted login. The
logs related to the target are analyzed and the
observed events will be obtained to apply the
proposed HMM to see if the state has been transited.
Attack sequence will then be identified as described
above.
III. ACIDF PREDICTION AND EARLY-
WARNINGS
The basic idea underlying the prediction model is
that most intrusions consist of many stages and each
early stage prepares for the later one. ACIDF
integrates heterogeneous IDSs to generate more
accurate and synthetic alerts. The output of the IDSs
usually includes a large number of alerts as stream
3. Mrs. Manisha Bharati Int. Journal of Engineering Research and Applications www.ijera.com
ISSN: 2248-9622, Vol. 6, Issue 1, (Part - 3) January 2016, pp.167-172
www.ijera.com 169|P a g e
data which usually unordered and changes frequently.
Using traditional techniques with such data is a big
challenge. The HMM algorithm is one of the best
ways to tackle this weakness. HMM works well
dealing with streaming inputs. It is fast and can be
used to predict future sequences [8, 9]. We adapt the
HMM to provide the predictability and early-warning
feature to ACIDF. In this model, the sequence of
events that match attacks signature rules in the
correlation tree represents a series of state transitions
with a certain probability where each event is not
directly visible but output dependent on the event is
visible, the output in this case is the attack phase or
state. To build this model, we consider four main
issues, (A) formally defining the model using some
notation of, (B) the implementation of the model, (C)
the training of the model, and (D) the evaluation of
the model.
3.1. THE FORMAL DEFINITION OF THE
MODEL
Assume that the cloud system can be modeled by
N different states, i.e., S = { s1, . . . ,sN } representing
different security conditions. The security state of the
cloud system changes over time and the sequence of
states occurred in the cloud system is denoted as X =
x1, . . . ,xt, where xt ∈ S. The cloud system is
monitored by K host-based and network based IDS
sensors. A sensor k generates observation messages
from the observation symbol set = {1, . . . , M},
where M is the number of messages for sensor k. The
sequence of observed messages is denoted as O = o1,
. . . , ot , where ot ∈ V is the observation message
received at time t. The HMM consists of a state
transition probability matrix P, an observation
probability matrix Q, and an initial state distribution
vector π and is denoted by a tuple (P, Q, π). The state
transition probability matrix P describes the
probabilities of transitions between the states of the
model. Each entry, pij, describes the probability that
the model will transfer to state sj at time t + 1 given
that it is in state si at time t, i.e., pij = p(xt +1 = sj| xt
= si), 1 ≤ i, j ≤ N. The observation probability matrix
Q describes the probabilities of receiving different
observations given that the system is in a certain
state. Each entry, qn(m), represents the probability of
receiving the observation symbol m from sensor k at
time t, given that the system is in state sn at time t,
i.e., qn(m)= P(t = m| xt = sn), 1 ≤ n ≤ N, 1 ≤ k ≤ K, 1
≤ m ≤ M.
3.2. THE PREDICTION MODEL
IMPLEMENTATION
The basic idea underlying our proposed
prediction model is to employ a HMM to track the
evolution of the attack in the system. That way, while
an attack is in progress, the state changes and we can
trigger appropriate responses based on a predefined
confidence level threshold, which would result in a
lower false positive rate. The prediction component
has all the detailed information about the malicious
activity such as severity, confidence level, and the
cost of asset targeted. The following sections
describe the prediction components in details and
give a practical example for the model.
3.2.1. THE PREDICTION COMPONENTS
1) States: the system is assumed to be in one of the
following 4 states: Hale (H): indicates that system is
working well and there is no malicious activity or any
attempt to break into the system, Investigate (I):
indicates that malicious activities are attempted
against the system, Attack (A): indicates that
intrusion has been started and is now progressing,
and Penetrate (P): indicates that intrusion
successfully compromised the system. The graph
shown in Fig. 1 defines the relationship among these
states.
Fig. 1. The relation between the proposed HMM
states
2) Observations: O = o1, . . . , oK , are alerts from
the detection sensors. Observations cause the system
model to move among states. We consider the
severity of these alerts as observation and each alert
have four priorities reflects the state of the system:
Low, Medium, High, and Very high or (L, M, H, V).
The alert severity function is described later inthis
section.
3) State Transition Probability Matrix (P): the
state transition probability matrix describes the
probability of moving among states. The following
steps describe how to build the HMM states and to
calculate the transition possibilities.
a) Construct a signature sequence vector to contain
the sequences of signatures that define each attack.
b) List all possible combinations of the signatures
that may be shared by more than one attack in the
signature sequence vector. At the same time let every
possible instance represents a state in HMM, then
refine these states to construct a minimal state set,c)
Calculate the transition possibility between states
using the Forward-Back Propagation] training
algorithm to find, given an output sequence or a set
of such sequences, the best set of state transition and
output probabilities. The idea is to derive the
maximum likelihood estimate of the HMM
parameters given the set of output sequences.
4. Mrs. Manisha Bharati Int. Journal of Engineering Research and Applications www.ijera.com
ISSN: 2248-9622, Vol. 6, Issue 1, (Part - 3) January 2016, pp.167-172
www.ijera.com 170|P a g e
4) Observation Transition Probability Matrix (Q):
the observation transition probability matrix
describes the probability of moving among
observations.
5) Initial State Distribution Vector (π): it describes
the probability of states when our framework starts.
6) Alert Observation Probability Matrix (Å):
describes the probability of having a specific alert in
a specific state.
This matrix helps in computing the alert severity
function as we will explain later. Å is built based on
the training data in the attack dataset.
7) Assets Cost Matrix (C): Each of the states of the
system is associated with a cost vector, indicating the
potential consequences of the state in question. E.g.,
A cost vector of the database server in the cloud
system for the four defined states (H, I, A, P) can be
defined as C(DBServer) = {0, 3, 7, 25}. A group of
these vectors constructs the final C Matrix.
8) The Output or emission probability Matrix (Y):
It represents how likely the output result is for each
sequence of attack states. It is an empty matrix that
collects the final output probabilities.
9) Alert Severity Function: It describes the severity
of each alert at specific state s. We model this
severity function based on Eq.1 as shown in Eq.2 and
3. The computed severity is mapped to one of the
four priorities (L, M, H, V) to reflect the state of the
system as we will explain later in the prediction
algorithm.
𝐴𝑅𝑠= (𝐴𝐶𝑠 * AP * 𝐷𝑅𝑠)/ 𝑁𝐹𝑠 (2)= (𝐴𝐶𝑠 *
(CSeverity * NOccurance / AFrequency) * 𝐷𝑅𝑠) /
𝑁𝐹𝑠 (3) Where,
𝐴𝑅𝑠: Alert Risk at a specific state s,
𝐴𝐶𝑠: Asset Cost at a specific state s. AC is
computed using the C vector and it represents the
potential consequences of the state s on the asset
in question
AP: Alert Priority. It is computed based on
CSeverity, NOccurance, and AFrequency as
shown in Eq.3,
CSeverity: Current alert severity defined by the
firing IDS.
NOccurance: Number of occurrences of current
alert in a specified correlation time slot defined
in the correlation process,
AFrequency: Acceptable frequency of this alert
per day based on the training data computed
from the attack dataset.
𝐷𝑅𝑠: Detection Reliability at a specific state s. It
is computed according to the alert position
corresponding to s in Matrix Å.
𝑁𝐹𝑠: A fixed Normalization Factor that is
computed according to the maximum values
appeared during training phase for 𝐴𝐶𝑠, AP,
𝐷𝑅𝑠, and Maximum Alert Risk (MR) where 𝐴𝑅𝑠
belongs to the range (0-𝑀𝑅𝑠). All these values
are computed
for each state independently. Thus, 𝑁𝐹𝑠=
(Max(𝐴𝐶𝑠)* Max(AP)* Max(𝐷𝑅𝑠)) / 𝑀𝑅𝑠.
10) HMM Prediction Algorithm
The Pseudo Code for the prediction algorithm
and the alert risk modulation approach is shown in
Algorithm 1.
Algorithm1: HMM Prediction and Alert Risk
Modulation
The algorithm starts by computing the alert risk
and then mapping this risk to one of the 4 defined
risk levels.
1.Algorithm HMM_Prediction & Alert_ Risk_
Modulation
2. Inputs: Alert, Accept Alert Freq, P, Q, π, Å, C,
Cur_ Obs, Obs_prob,
s, Asset, n, Threshold, L, M, H, V.
3. Begin
4. 𝐴𝐶 𝑠= Compute Asset Cost (Asset ,s, C)
5. A Frequency = Choose Acceptable Alert (Alert,
Accept Alert Freq)
6. 𝐷𝑅𝑠=Compute Detection Reliability (Alert, s, Å)
7. 𝑁𝐹𝑠=(Max( 𝐴𝐶 𝑠)* Max(AR)* Max( 𝐷𝑅𝑠)) /
𝑀𝑅𝑠.
8. 𝐴𝑅𝑠= (𝐴𝐶 𝑠 * (CSeverity * NOccurance /
AFrequency) * 𝐷𝑅𝑠) / 𝑁𝐹𝑠
9. IF (𝐴𝑅𝑠 ≤L) Then // Alert Risk Level is low (L=
0.25)
10. Obs_prob =1
11. Else IF ( 𝐴𝑅𝑠 ≤M) Then // Alert Risk Level is
Medium (M=0.50)
12. Obs_prob =2
13. Else IF ( 𝐴𝑅𝑠 ≤ H) Then // Alert Risk Level is
High (H=0.75)
14. Obs_prob =3
15. Else // Alert Risk Level is Very High (V>0.75)
16. Obs_prob =4
17. End If
18. sum_tmp =0
19. sum_final=0
20. IF (Cur_Obs=1) Then // Initial Observation
21. For (i=1 to n)
22. Tmp[Cur_Obs, i] = π[i] * Q[i, Obs_prob]
23. sum_tmp = sum_tmp + Tmp[Cur_Obs, i]
24. End For
25. For (i=1 to n)
26. Final[Cur_Obs, i] = Tmp[Cur_Obs, i] / sum_tmp
27. End For
28. Else // Other Prediction Observations
29. For (i=1 to n)
30. For (k=1 to n)
6. Mrs. Manisha Bharati Int. Journal of Engineering Research and Applications www.ijera.com
ISSN: 2248-9622, Vol. 6, Issue 1, (Part - 3) January 2016, pp.167-172
www.ijera.com 172|P a g e
[11] wordiQ.com, “Hidden Markov model –
Definition,”
http://www.wordiq.com/definition/Hidden_
Markov_model
[12] B. Bauer and K.-F. Kraiss, “Towards an
Automatic Sign Language Recognition
System Using Subunits,” Proc. Gesture
Workshop, pp. 64-75, 2001.