Novel non-invasive in-house fabricated wearable system with a hybrid algorithm for fetal movement recognition

Fetal movement count monitoring is one of the most commonly used methods of assessing fetal well-being. While few methods are available to monitor fetal movements, they consist of several adverse qualities such as unreliability as well as the inability to be conducted in a non-clinical setting. Therefore, this research was conducted to design a complete system that will enable pregnant mothers to monitor fetal movement at home. This system consists of a non-invasive, non-transmitting sensor unit that can be fabricated at a low cost. An accelerometer was utilized as the primary sensor and a micro-controller based circuit was implemented. Clinical testing was conducted utilizing this sensor unit. Two phases of clinical testing procedures were done and during the first phase readings from 120 mothers were taken while during the second phase readings from 15 mothers were taken. Validation was done by conducting an abdominal ultrasound scan which was utilized as the ground truth during the second phase of the clinical testing procedure. A clinical survey was also conducted in parallel with clinical testings in order to improve the sensor unit as well as to improve the final system. Four different signal processing algorithms were implemented on the data set and the performance of each was compared with each other. Out of the four algorithms three algorithms were able to obtain a true positive rate around 85%. However, the best algorithm was selected on the basis of minimizing the false positive rate. Consequently, the most feasible as well as the best performing algorithm was determined and it was utilized in the final system. This algorithm have a true positive rate of 86% and a false positive rate of 7% Furthermore, a mobile application was also developed to be used with the sensor unit by pregnant mothers. Finally, a complete end to end method to monitor fetal movement in a non-clinical setting was presented by the proposed system.

Download Full-text

PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Electronics ◽

10.3390/electronics9111894 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1894

Author(s):

Chun Guo ◽

Zihua Song ◽

Yuan Ping ◽

Guowei Shen ◽

Yuhei Cui ◽

...

Keyword(s):

False Positive ◽

Detection Method ◽

False Positive Rate ◽

True Positive Rate ◽

Remote Access ◽

Detection Methods ◽

Security Threats ◽

True Positive ◽

Trojan Detection ◽

Positive Rate

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

Download Full-text

Considerations on the region of interest in the ROC space

Statistical Methods in Medical Research ◽

10.1177/09622802211060515 ◽

2021 ◽

pp. 096228022110605

Author(s):

Luigi Lavazza ◽

Sandro Morasca

Keyword(s):

Receiver Operating Characteristic ◽

Operating Characteristic ◽

False Positive Rate ◽

Area Under The Curve ◽

Region Of Interest ◽

True Positive Rate ◽

True Positive ◽

Receiver Operating Characteristic Curves ◽

Positive Rate ◽

Receiver Operating

Receiver Operating Characteristic curves have been widely used to represent the performance of diagnostic tests. The corresponding area under the curve, widely used to evaluate their performance quantitatively, has been criticized in several respects. Several proposals have been introduced to improve area under the curve by taking into account only specific regions of the Receiver Operating Characteristic space, that is, the plane to which Receiver Operating Characteristic curves belong. For instance, a region of interest can be delimited by setting specific thresholds for the true positive rate or the false positive rate. Different ways of setting the borders of the region of interest may result in completely different, even opposing, evaluations. In this paper, we present a method to define a region of interest in a rigorous and objective way, and compute a partial area under the curve that can be used to evaluate the performance of diagnostic tests. The method was originally conceived in the Software Engineering domain to evaluate the performance of methods that estimate the defectiveness of software modules. We compare this method with previous proposals. Our method allows the definition of regions of interest by setting acceptability thresholds on any kind of performance metric, and not just false positive rate and true positive rate: for instance, the region of interest can be determined by imposing that [Formula: see text] (also known as the Matthews Correlation Coefficient) is above a given threshold. We also show how to delimit the region of interest corresponding to acceptable costs, whenever the individual cost of false positives and false negatives is known. Finally, we demonstrate the effectiveness of the method by applying it to the Wisconsin Breast Cancer Data. We provide Python and R packages supporting the presented method.

Download Full-text

The performance of delta check methods.

Clinical Chemistry ◽

10.1093/clinchem/25.12.2034 ◽

1979 ◽

Vol 25 (12) ◽

pp. 2034-2037 ◽

Cited By ~ 21

Author(s):

L B Sheiner ◽

L A Wheeler ◽

J K Moore

Keyword(s):

False Positive ◽

False Positive Rate ◽

True Positive Rate ◽

True Positive ◽

Discriminant Functions ◽

Linear Discriminant ◽

Operating Rate ◽

Positive Rate ◽

The Relationship

Abstract The percentage of mislabeled specimens detected (true-positive rate) and the percentage of correctly labeled specimens misidentified (false-positive rate) were computed for three previously proposed delta check methods and two linear discriminant functions. The true-positive rate was computed from a set of pairs of specimens, each having one member replaced by a member from another pair chosen at random. The relationship between true-positive and false-positive rates was similar among the delta check methods tested, indicating equal performance for all of them over the range of false-positive rate of interest. At a practical false-positive operating rate of about 5%, delta check methods detect only about 50% of mislabeled specimens; even if the actual mislabeling rate is moderate (e.g., 1%), only abot 10% of specimens flagged a by a delta check will actually have been mislabeled.

Download Full-text

Physical Tampering Detection Using Single COTS Wi-Fi Endpoint

Sensors ◽

10.3390/s21165665 ◽

2021 ◽

Vol 21 (16) ◽

pp. 5665

Author(s):

Poh Yuen Chan ◽

Alexander I-Chi Lai ◽

Pei-Yuan Wu ◽

Ruey-Beei Wu

Keyword(s):

False Positive Rate ◽

True Positive Rate ◽

Relative Orientation ◽

True Positive ◽

Channel State ◽

Detection Mechanism ◽

Tampering Detection ◽

State Information ◽

Positive Rate ◽

Commercial Off The Shelf

This paper proposes a practical physical tampering detection mechanism using inexpensive commercial off-the-shelf (COTS) Wi-Fi endpoint devices with a deep neural network (DNN) on channel state information (CSI) in the Wi-Fi signals. Attributed to the DNN that identifies physical tampering events due to the multi-subcarrier characteristics in CSI, our methodology takes effect using only one COTS Wi-Fi endpoint with a single embedded antenna to detect changes in the relative orientation between the Wi-Fi infrastructure and the endpoint, in contrast to previous sophisticated, proprietary approaches. Preliminary results show that our detectors manage to achieve a 95.89% true positive rate (TPR) with no worse than a 4.12% false positive rate (FPR) in detecting physical tampering events.

Download Full-text

Actor Critic Deep Reinforcement Learning for Neural Malware Control

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v34i01.5449 ◽

2020 ◽

Vol 34 (01) ◽

pp. 1005-1012

Author(s):

Yu Wang ◽

Jack Stokes ◽

Mady Marinescu

Keyword(s):

Operating System ◽

Reinforcement Learning ◽

False Positive ◽

Partial Information ◽

False Positive Rate ◽

True Positive Rate ◽

True Positive ◽

New Model ◽

Positive Rate ◽

Execution Speed

In addition to using signatures, antimalware products also detect malicious attacks by evaluating unknown files in an emulated environment, i.e. sandbox, prior to execution on a computer's native operating system. During emulation, a file cannot be scanned indefinitely, and antimalware engines often set the number of instructions to be executed based on a set of heuristics. These heuristics only make the decision of when to halt emulation using partial information leading to the execution of the file for either too many or too few instructions. Also this method is vulnerable if the attackers learn this set of heuristics. Recent research uses a deep reinforcement learning (DRL) model employing a Deep Q-Network (DQN) to learn when to halt the emulation of a file. In this paper, we propose a new DRL-based system which instead employs a modified actor critic (AC) framework for the emulation halting task. This AC model dynamically predicts the best time to halt the file's execution based on a sequence of system API calls. Compared to the earlier models, the new model is capable of handling adversarial attacks by simulating their behaviors using the critic model. The new AC model demonstrates much better performance than both the DQN model and antimalware engine's heuristics. In terms of execution speed (evaluated by the halting decision), the new model halts the execution of unknown files by up to 2.5% earlier than the DQN model and 93.6% earlier than the heuristics. For the task of detecting malicious files, the proposed AC model increases the true positive rate by 9.9% from 69.5% to 76.4% at a false positive rate of 1% compared to the DQN model, and by 83.4% from 41.2% to 76.4% at a false positive rate of 1% compared to a recently proposed LSTM model.

Download Full-text

Detecting Malware Based on DNS Graph Mining

International Journal of Distributed Sensor Networks ◽

10.1155/2015/102687 ◽

2015 ◽

Vol 2015 ◽

pp. 1-12 ◽

Cited By ~ 8

Author(s):

Futai Zou ◽

Siyu Zhang ◽

Weixiong Rao ◽

Ping Yi

Keyword(s):

Real World ◽

False Positive ◽

Graph Mining ◽

Belief Propagation ◽

False Positive Rate ◽

Malware Detection ◽

True Positive Rate ◽

True Positive ◽

Detection Approach ◽

Positive Rate

Malware remains a major threat to nowadays Internet. In this paper, we propose a DNS graph mining-based malware detection approach. A DNS graph is composed of DNS nodes, which represent server IPs, client IPs, and queried domain names in the process of DNS resolution. After the graph construction, we next transform the problem of malware detection to the graph mining task of inferring graph nodes’ reputation scores using the belief propagation algorithm. The nodes with lower reputation scores are inferred as those infected by malwares with higher probability. For demonstration, we evaluate the proposed malware detection approach with real-world dataset. Our real-world dataset is collected from campus DNS servers for three months and we built a DNS graph consisting of 19,340,820 vertices and 24,277,564 edges. On the graph, we achieve a true positive rate 80.63% with a false positive rate 0.023%. With a false positive of 1.20%, the true positive rate was improved to 95.66%. We detected 88,592 hosts infected by malware or C&C servers, accounting for the percentage of 5.47% among all hosts. Meanwhile, 117,971 domains are considered to be related to malicious activities, accounting for 1.5% among all domains. The results indicate that our method is efficient and effective in detecting malwares.

Download Full-text

Optimizing Android Malware Detection Via Ensemble Learning

International Journal of Interactive Mobile Technologies (iJIM) ◽

10.3991/ijim.v14i09.11548 ◽

2020 ◽

Vol 14 (09) ◽

pp. 61

Author(s):

Abikoye Oluwakemi Christianah ◽

Benjamin Aruwa Gyunka ◽

Akande Noah Oluwatobi

Keyword(s):

Random Forest ◽

False Positive ◽

False Positive Rate ◽

True Positive Rate ◽

Ensemble Model ◽

True Positive ◽

Android Malware ◽

Detection Model ◽

Android Malware Detection ◽

Positive Rate

<p>Android operating system has become very popular, with the highest market share, amongst all other mobile operating systems due to its open source nature and users friendliness. This has brought about an uncontrolled rise in malicious applications targeting the Android platform. Emerging trends of Android malware are employing highly sophisticated detection and analysis avoidance techniques such that the traditional signature-based detection methods have become less potent in their ability to detect new and unknown malware. Alternative approaches, such as the Machine learning techniques have taken the lead for timely zero-day anomaly detections. The study aimed at developing an optimized Android malware detection model using ensemble learning technique. Random Forest, Support Vector Machine, and k-Nearest Neighbours were used to develop three distinct base models and their predictive results were further combined using Majority Vote combination function to produce an ensemble model. Reverse engineering procedure was employed to extract static features from large repository of malware samples and benign applications. WEKA 3.8.2 data mining suite was used to perform all the learning experiments. The results showed that Random Forest had a true positive rate of 97.9%, a false positive rate of 1.9% and was able to correctly classify instances with 98%, making it a strong base model. The ensemble model had a true positive rate of 98.1%, false positive rate of 1.8% and was able to correctly classify instances with 98.16%. The finding shows that, although the base learners had good detection results, the ensemble learner produced a better optimized detection model compared with the performances of those of the base learners.</p>

Download Full-text

Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation

Sensors ◽

10.3390/s19184045 ◽

2019 ◽

Vol 19 (18) ◽

pp. 4045 ◽

Cited By ~ 1

Author(s):

Xiang Cheng ◽

Jiale Zhang ◽

Bing Chen

Keyword(s):

Data Transmission ◽

False Positive Rate ◽

Correlation Method ◽

True Positive Rate ◽

True Positive ◽

Advanced Persistent Threat ◽

Transmission Cost ◽

Large Numbers ◽

High True Positive Rate ◽

Positive Rate

With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT system, where an edge computing architecture was used to achieve cyber situation comprehension without too much data transmission cost. Specifically, we firstly present a cyber situation ontology for modeling the concepts and properties to formalize APT attack activities in the IoT systems. Then, we introduce a cyber situation instance similarity measurement method based on the SimRank mechanism for APT alerts and logs Correlation. Combining with instance similarity, we further propose an APT alert instances correlation method to reconstruct APT attack scenarios and an APT log instances correlation method to detect log instance communities. Through the coalescence of these methods, APTALCM can accomplish the cyber situation comprehension effectively by recognizing the APT attack intentions in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, i.e., Alert Instance Correlation Module (AICM) and Log Instance Correlation Module (LICM) in our APTALCM, can achieve both high true-positive rate and low false-positive rate.

Download Full-text

Two-way partial AUC and its properties

Statistical Methods in Medical Research ◽

10.1177/0962280217718866 ◽

2017 ◽

Vol 28 (1) ◽

pp. 184-195 ◽

Cited By ~ 2

Author(s):

Hanfang Yang ◽

Kun Lu ◽

Xiang Lyu ◽

Feifang Hu

Keyword(s):

Roc Curve ◽

False Positive ◽

False Positive Rate ◽

R Package ◽

True Positive Rate ◽

Performance Measure ◽

True Positive ◽

Cancer Data ◽

Partial Area ◽

Positive Rate

Simultaneous control on true positive rate and false positive rate is of significant importance in the performance evaluation of diagnostic tests. Most of the established literature utilizes partial area under receiver operating characteristic (ROC) curve with restrictions only on false positive rate (FPR), called FPR pAUC, as a performance measure. However, its indirect control on true positive rate (TPR) is conceptually and practically misleading. In this paper, a novel and intuitive performance measure, named as two-way pAUC, is proposed, which directly quantifies partial area under ROC curve with explicit restrictions on both TPR and FPR. To estimate two-way pAUC, we devise a nonparametric estimator. Based on the estimator, a bootstrap-assisted testing method for two-way pAUC comparison is established. Moreover, to evaluate possible covariate effects on two-way pAUC, a regression analysis framework is constructed. Asymptotic normalities of the methods are provided. Advantages of the proposed methods are illustrated by simulation and Wisconsin Breast Cancer Data. We encode the methods as a publicly available R package tpAUC.

Download Full-text

Visual Feature Based Image Forgery Detection

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.6.20436 ◽

2018 ◽

Vol 7 (4.6) ◽

pp. 86

Author(s):

D. Vaishnavi ◽

D. Mahalakshmi ◽

Venkata Siva Rao Alapati

Keyword(s):

False Positive Rate ◽

True Positive Rate ◽

True Positive ◽

Visual Feature ◽

Forgery Detection ◽

Digital Form ◽

Essential Information ◽

Positive Rate ◽

Speed Up ◽

Feature Based

In present days, the images are building up in digital form and which may hold essential information. Such images can be voluntarily forged or manipulated using the image processing tools to abuse it. It is very complicated to notice the forgery by naked eyes. In particular, the copy move forgery is enormously demanding one to expose. Hence, this paper put forwards a method to determine the copy move forgery by extracting the visual feature called speed up robust features (SURF). In the direction to quantitatively analyze the performance, the metrics namely false positive rate and true positive rate are estimated and also comparative study is carried out by previous existing methods.

Download Full-text