Identification of the Use of Unauthorized Apps in the O2O Service by Combining Online Events and Offline Conditions

A model for detecting unauthorized Apps use events by combined analysis of situation information in an offline service and user behavior in an online environment is proposed. The detection and response to abnormal behavior in the O2O service environment can be focused on providers, whose decisions change dynamically based on the offline market status and conditions. However, the method for identifying the user’s tools and detecting the usage pattern of the service user were developed in the existing online service environment. Thus, in order to identify abnormal behavior in the O2O service environment, we conducted an experiment to identify the abnormal behavior of providers of smart mobility services, a representative O2O service. In the experiment, the range of normal behavior of a taxi drivers was identified, which was prepared on the basis of the test result directly executed by an expert. The optimal features were selected in order to effectively detect abnormal behavior from the event data relating to the service call acceptance behavior. In addition, by processing the collected data based on the selected features by using various machine-learning classification algorithms, we derived a detection and prediction model that is 98.28% accurate with a prediction result of more than 74% based on the F1 score. Based on these results, we expect to be able to respond to abnormal behavior that may occur in various types of O2O services.

Download Full-text

GPS-Spoofing Attack Detection Technology for UAVs Based on Kullback–Leibler Divergence

Drones ◽

10.3390/drones6010008 ◽

2021 ◽

Vol 6 (1) ◽

pp. 8

Author(s):

Elena Basan ◽

Alexandr Basan ◽

Alexey Nekrasov ◽

Colin Fidge ◽

Nikita Sushkin ◽

...

Keyword(s):

Cyber Security ◽

Detection System ◽

Attack Detection ◽

Abnormal Behavior ◽

Mathematical Methods ◽

Training Time ◽

Detection Technology ◽

Normal Behavior ◽

Leibler Divergence ◽

Aerial Vehicle

Here, we developed a method for detecting cyber security attacks aimed at spoofing the Global Positioning System (GPS) signal of an Unmanned Aerial Vehicle (UAV). Most methods for detecting UAV anomalies indicative of an attack use machine learning or other such methods that compare normal behavior with abnormal behavior. Such approaches require large amounts of data and significant “training” time to prepare and implement the system. Instead, we consider a new approach based on other mathematical methods for detecting UAV anomalies without the need to first collect a large amount of data and describe normal behavior patterns. Doing so can simplify the process of creating an anomaly detection system, which can further facilitate easier implementation of intrusion detection systems in UAVs. This article presents issues related to ensuring the information security of UAVs. Development of the GPS spoofing detection method for UAVs is then described, based on a preliminary study that made it possible to form a mathematical apparatus for solving the problem. We then explain the necessary analysis of parameters and methods of data normalization, and the analysis of the Kullback—Leibler divergence measure needed to detect anomalies in UAV systems.

Download Full-text

Automatic Engine Modeling for Failure Detection

10.1115/imece2001/dsc-24542 ◽

2001 ◽

Author(s):

A. Schrempf ◽

L. del Re ◽

W. Groißböck ◽

E. Lughofer ◽

E. P. Klement ◽

...

Keyword(s):

Fault Detection ◽

Failure Detection ◽

Abnormal Behavior ◽

Automatic Modeling ◽

Plant Operation ◽

Fast Detection ◽

Engine Modeling ◽

Normal Behavior ◽

Large Production ◽

Abnormal Plant

Abstract Fast detection of abnormal plant operation is critical for many applications. Fault detection requires some kind of comparison between actual and “normal” behavior, which implies the use of models. Exact modeling of engine systems is probably impossible and even middle-complexity models are very time-consuming. In some few cases, as for on board diagnostics, the very limited amount of cases to be treated and the usually large production volumes allow to develop models suitable to detect an abnormal behavior, but, in general, however, this approach cannot be followed. As fast detection of abnormal plant operation is often critical, alternative low-effort approaches are required. This paper presents a procedure suitable for engine fault detection based on parallel automatic modeling. It is shown that this approach yields a flexible and reliable tool for automatic modeling for this goal, while keeping the effort for the operator rather low.

Download Full-text

On the Detection of Exploitation of Vulnerabilities Leading to the Execution of a Malicious Code

Modeling and Analysis of Information Systems ◽

10.18255/1818-1015-2020-2-138-151 ◽

2020 ◽

Vol 27 (2) ◽

pp. 138-151

Author(s):

Yury V. Kosolapov

Keyword(s):

Symbolic Execution ◽

Malicious Code ◽

Abnormal Behavior ◽

Software Protection ◽

Intrusion Prevention ◽

Function Calls ◽

Normal Behavior ◽

Subsequent Elimination ◽

Intrusion Prevention Systems ◽

Library Function

Software protection from exploitation of possible unknown vulnerabilities can be performed both by searching (for example, using symbolic execution) and subsequent elimination of the vulnerabilities and by using detection and / or intrusion prevention systems. In the latter case, this problem is usually solved by forming a profile of a normal behavior and deviation from normal behavior over a predetermined threshold is regarded as an anomaly or an attack. In this paper, the task is to protect a given software P from exploiting unknown vulnerabilities. For this aim a method is proposed for constructing a profile of the normal execution of the program P, in which, in addition to a set of legal chains of system and library functions, it is proposed to take into account the distances between adjacent function calls. At the same time, a profile is formed for each program. It is assumed that taking into account the distances between function calls will reveal shell code execution using system and / or library function calls. An algorithm and a system for detecting abnormal code execution are proposed. The work carried out experiments in the case when P is the FireFox browser. During the experiments the possibility of applying the developed algorithm to identify abnormal behavior when launching publicly available exploits was investigated.

Download Full-text

Detection of Anomalies in the Traffic of IoT Devices

Proceedings of Telecommunication Universities ◽

10.31854/1813-324x-2021-7-4-128-137 ◽

2021 ◽

Vol 7 (4) ◽

pp. 128-137

Author(s):

I. Murenin

Keyword(s):

Time Series ◽

Feature Extraction ◽

Anomaly Detection ◽

Statistical Methods ◽

Abnormal Behavior ◽

Event Logs ◽

Normal Behavior ◽

Key Characteristics ◽

Iot Devices ◽

Building Technique

The article proposes an approach to finding anomalies in the traffic of IoT devices based on time series analysis and assessing normal and abnormal behavior using statistical methods. The main goal of the proposed approach is to combine statistical methods for detecting anomalies using unlabeled data and plotting key characteristics of device profiles. Within this approach the following techniques for traffic analysis has been developed and implemented: a technique for a feature extraction, a normal behavior boundary building technique and an anomaly detection technique. To evaluate the proposed approach, we used a technique for generating event logs from devices with the generation of anomalous markup. The experiments shown that the GESD-test gives the best results for anomaly detection in IoT traffic.

Download Full-text

Detecting PUE Attack by Measuring Aberrational Node Behavior in CWSN

Journal of Interconnection Networks ◽

10.1142/s0219265918500044 ◽

2018 ◽

Vol 18 (01) ◽

pp. 1850004

Author(s):

PINAKI SANKAR CHATTERJEE ◽

MONIDEEPA ROY

Keyword(s):

Denial Of Service ◽

Primary User ◽

Sensor Nodes ◽

Abnormal Behavior ◽

Dos Attack ◽

Secondary Users ◽

Primary User Emulation ◽

Normal Behavior ◽

Behavior Profile ◽

Cognitive Wireless Sensor Network

Primary User Emulation (PUE) attack is a type of Denial of Service (DoS) attack in Cognitive Wireless Sensor Network (CWSN), where malicious secondary users (SU) try to emulate primary users (PU) to maximize their own spectrum usage or obstruct other SU from accessing the spectrum. In this paper, we have designed an application to monitor the SU’s behavior with respect to the CWSN normal behavior profile towards it’s one hop neighbor. Abnormal behavior towards PUE attack of any SU helps us to identify PUE attackers in the network. Our application does not require extensive computational capabilities and memory and therefore suitable for resource constraint cognitive sensor nodes.

Download Full-text

Computer-Cognition Interfaces: Sensing and influencing mental processes with computer interaction

10.31237/osf.io/hg378 ◽

2019 ◽

Author(s):

Aske Mottelson

Keyword(s):

Positive Affect ◽

User Behavior ◽

Human Mind ◽

Interactive Systems ◽

Body Ownership ◽

Interaction Data ◽

Mental Processes ◽

Mobile Interaction ◽

Machine Learning Classification ◽

Affect And Cognition

The variety of information about users hidden in the details of interaction data is increasingly being utilized for recognizing complex mental processes. Digital systems can correspondingly influence mental processes of users, paving the way for new interactive systems that interface with the human mind. This thesis presents advances to such interfaces: through four papers I show how human affect and cognition can be sensed and influenced computationally.Paper 1 presents two studies that together show that affect influences mobile interaction, which allows for binary discrimination between neutral and positive affect using sensor led machine learning classification. Paper 2 builds upon the methods presented in Paper 1 and extends the classification domain to dishonesty, also using mobile interaction data. The paper shows across three studies how dishonesty and honesty vary in interactional details, and how this difference can be utilized for estimating the veracity of user behavior based on features that are engineered by mobile interaction data.Paper 3 presents a feasibility study of conducting virtual reality studies outside a laboratory, to increase heterogeneity and power. The paper shows through two studies how a range of VR tasks can be conducted without the use of an immediate experimenter, with participants carrying out experiments themselves. In Paper 4 I apply this methodology, and conduct a VR study with more than 200 participants to study how manipulations to avatars can influence affect responses. The paper presents evidence supporting the link between affect and avatars, and additionally discusses the interplay between positive affect and body ownership.

Download Full-text

Skrining Perilaku Remaja Di Lembaga Pembinaan Khusus Anak (LPKA) Kelas II Bandung

Jurnal Keperawatan Komprehensif ◽

10.33755/jkk.v4i1.96 ◽

2018 ◽

Vol 4 (1) ◽

pp. 32

Author(s):

Eska Madya Agustine ◽

Titin Sutini ◽

Ai Mardhiyah

Keyword(s):

Frequency Analysis ◽

Behavioral Problems ◽

Research Method ◽

Sampling Technique ◽

Class Ii ◽

Abnormal Behavior ◽

Detention Center ◽

Normal Behavior ◽

Coaching Activities ◽

Distribution Frequency

AbstrakRemaja yang menjalani kehidupan di Lembaga Pembinaan Khusus Anak (LPKA) akan berbeda dengan kehidupan teman-teman seusianya, mereka tidak merasakan kebebasan seperti kehidupan di luar LPKA, dengan kondisi seperti ini akan terjadi beberapa masalah perilaku pada remaja tersebut. Tujuan penelitian ini untuk mengetahui gambaran perilaku remaja di Lembaga Pembinaan Khusus Anak (LPKA) Kelas II Bandung. Metode penelitian yang digunakan yaitu deskriptif kuantitatif dengan teknik total sampling. Responden dalam penelitian ini sebanyak 56 orang dengan menggunakan analisis distribusi frekuensi. Instrumen yang digunakan menggunakan Strenght and Difficulties Questionnaire (SDQ), sebanyak 25 item pernyataan. Nilai validitas 0,012 dan nilai reliabilitas 0,773. Hasil penelitian ini menunjukkan 38 responden (67,9%) memiliki perilaku normal, 10 responden (17,9%) memiliki perilaku borderline dan 8 responden (14,2%) memiliki perilaku abnormal. Perilaku abnormal ini ditunjukkan dengan gejala sebagian besar responden mengalami kecemasan, kekhawatiran dan kegelisahan. Sebagian kecil responden berada pada kategori perilaku abnormal dan borderline. Oleh karena itu, perlu diperhatikan kembali aspek perilaku remaja di LPKA melalui kegiatan-kegiatan pembinaan agar tidak terdapatnya masalah perilaku dalam remaja tersebut. AbstractThe adolescents who live in the Youth Detention Center (Indonesia: LPKA) will have a different living from their peers, they do not feel the freedom like living outside of LPKA, with this condition there will be some behavioral problems in these adolescents. The purpose of this study was determining the description of adolescents’ behavior in the LPKA Class II Bandung. The research method was using descriptive quantitative by total sampling technique. Respondents in this study were 56 people using distribution frequency analysis. Instruments was adopting Strength and Difficulties Questionnaire (SDQ), as many as 25 items statement. The validity value was 0.012 and the reliability value was 0.773. The results of this study showed 38 respondents (67.9%) had normal behavior, 10 respondents (17.9%) had borderline behavior, and 8 respondents (14.2%) had abnormal behavior. This abnormal behavior was indicated by symptoms of the most respondents who experienced anxiety, worry, and restlessness. A small percentage of respondents were in the category of abnormal and borderline behavior. Therefore, it is necessary to re-take a concern about the adolescents’ behavior aspects in LPKA through coaching activities so that there will be no behavioral problems in those adolescents.

Download Full-text

Vehicle Image Classifier for Bridge Displacement Correlation

Proceedings of the Institute for System Programming of RAS ◽

10.15514/ispras-2021-33(2)-8 ◽

2021 ◽

Vol 33 (2) ◽

pp. 137-148

Author(s):

Wendy Flores-Fuentes

Keyword(s):

Structural Damage ◽

Vision System ◽

Abnormal Behavior ◽

Scanning System ◽

Optical Scanning ◽

Structural Health ◽

Normal Behavior ◽

Bridge Damage ◽

Advanced Computing ◽

Optical Scanning System

Advanced computing brings opportunities for innovation in a broad gamma of applications. Traditional practices based on visual and manual methods tend to be replaced by cyber-physical systems to automate processes. The present work introduces an example of this, a machine vision system research based on deep learning to classify bridge load, to give support to an optical scanning system for structural health monitoring tasks. The optical scanning system monitors the health of structures, such as buildings, warehouses, water dams, etc. by the measurement of their coordinates to identify if a coordinate displacement befalls that could indicate an anomaly in the structure that can be related to structural damage. The use of this optical scanning system to monitor the structural health of bridges is a little more complicated due to the vehicle's transit over the bridge that causes a vehicle-bridge interaction which manifests as a bridge oscillation. Under this scheme, the bridge oscillation corresponds to their coordinate’s displacement due to the vehicle-bridge interaction, but not necessarily due to bridge damage. So, a bridge load classifier is required to correlate the bridge coordinates measurements behavior with the bridge oscillation due to vehicle-bridge interaction to discriminate the normal behavior of the structure to abnormal behavior or identify tendencies that could indicate bridge deformation or discover if the bridge behavior due to loads is changing through the time.

Download Full-text

Trust evaluation model of cloud user based on behavior data

International Journal of Distributed Sensor Networks ◽

10.1177/1550147718776924 ◽

2018 ◽

Vol 14 (5) ◽

pp. 155014771877692 ◽

Cited By ~ 6

Author(s):

Zhenguo Chen ◽

Liqin Tian ◽

Chuang Lin

Keyword(s):

User Behavior ◽

User Authentication ◽

Evaluation Model ◽

Weighted Average ◽

Threshold Value ◽

Abnormal Behavior ◽

Trust Evaluation ◽

Cloud Platform ◽

Cloud Users ◽

Cloud User

In the process of using the cloud platform, how to ensure the safety of users is a matter we must concern. The user authentication can provide a certain degree of security, but when the user information was leaked, this method will not be effective. Therefore, this article proposes a trust evaluation model based on user behavior data. In this model, the user’s historical behavior will be used to construct a set of trusted behavior of the cloud users. On this basis, the direct trust of the user’s behavior can be obtained. Then, the recommendation trust can be calculated by the interaction between the users and other cloud users. Given the current historical trust, the comprehensive trust can be obtained using the weighted average method. Among them, the initial value of historical trust is set to a constant and then updated by the comprehensive trust. In order to control the user’s abnormal behavior more effectively, the suspicious threshold value and the abnormal threshold value were defined, which are used to punish the historical trust. Through the simulation of the virtual digital library cloud platform, the method can effectively evaluate the cloud users.

Download Full-text

Uncovering Abnormal Behavior Patterns from Mobility Trajectories

Sensors ◽

10.3390/s21103520 ◽

2021 ◽

Vol 21 (10) ◽

pp. 3520

Author(s):

Hao Wu ◽

Xuehua Tang ◽

Zhongyuan Wang ◽

Nanxi Wang

Keyword(s):

Feature Matching ◽

Short Term Memory ◽

Abnormal Behavior ◽

Behavior Patterns ◽

Trajectory Data ◽

Normal Behavior ◽

Spatio Temporal ◽

Temporal And Spatial Characteristics ◽

And Control ◽

Abnormal Behaviors

Using personal trajectory information to grasp the spatiotemporal laws of dangerous activities to curb the occurrence of criminal acts is a new opportunity and method for security prevention and control. This paper proposes a novel method to discover abnormal behaviors and judge abnormal behavior patterns using mobility trajectory data. Abnormal behavior trajectory refers to the behavior trajectory whose temporal and spatial characteristics are different from normal behavior, and it is an important clue to discover dangerous behavior. Abnormal patterns are the behavior patterns summarized based on the regular characteristics of criminals’ activities, including wandering, scouting, random walk, and trailing. This paper examines the abnormal behavior patterns based on mobility trajectories. A Long Short-Term Memory Network (LSTM)-based method is used to extract personal trajectory features, and the K-means clustering method is applied to extract abnormal trajectories from the trajectory dataset. Based on the characteristics of different abnormal behaviors, the spatio-temporal feature matching method is used to identify the abnormal patterns based on the filtered abnormal trajectories. Experimental results showed that the trajectory-based abnormal behavior discovery method can realize a rapid discovery of abnormal trajectories and effective judgment of abnormal behavior patterns.

Download Full-text