Search results for: Python vulnerabilities

Authors: Kelvin Lo

Abstract:

Nowadays, numerical modelling in geotechnical engineering is very common but sophisticated. Many advanced input settings and considerable computational efforts are required to optimize the design to reduce the construction cost. To optimize a design, it usually requires huge numerical models. If the optimization is conducted manually, there is a potentially dangerous consequence from human errors, and the time spent on the input and data extraction from output is significant. This paper presents an automation process introduced to numerical modelling (Plaxis 2D) of a trench excavation supported by a secant-pile retaining structure for a top-down tunnel project. Python code is adopted to control the process, and numerical modelling is conducted automatically in every 20m chainage along the 200m tunnel, with maximum retained height occurring in the middle chainage. Python code continuously changes the geological stratum and excavation depth under groundwater flow conditions in each 20m section. It automatically conducts trial and error to determine the required pile length and the use of props to achieve the required factor of safety and target displacement. Once the bending moment of the pile exceeds its capacity, it will increase in size. When the pile embedment reaches the default maximum length, it will turn on the prop system. Results showed that it saves time, increases efficiency, lowers design costs, and replaces human labor to minimize error.

Keywords: automation, numerical modelling, Python, retaining structures

Procedia PDF Downloads 25

Authors: Abdullah M. Algarni, Yashwant K. Malaiya

Abstract:

Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some attention recently. However, the role of interaction among the vulnerability discoverers and vulnerability acquirers has not yet been adequately addressed. Our study suggests that a major percentage of discoverers, a majority in some cases, are unaffiliated with the software developers and thus are free to disseminate the vulnerabilities they discover in any way they like. As a result, multiple vulnerability markets have emerged. In some of these markets, the exchange is regulated, but in others, there is little or no regulation. In recent vulnerability discovery literature, the vulnerability discoverers have remained anonymous individuals. Although there has been an attempt to model the level of their efforts, information regarding their identities, modes of operation, and what they are doing with the discovered vulnerabilities has not been explored. Reports of buying and selling of the vulnerabilities are now appearing in the press; however, the existence of such markets requires validation, and the natures of the markets need to be analysed. To address this need, we have attempted to collect detailed information. We have identified the most prolific vulnerability discoverers throughout the past decade and examined their motivation and methods. A large percentage of these discoverers are located in Eastern and Western Europe and in the Far East. We have contacted several of them in order to collect first-hand information regarding their techniques, motivations, and involvement in the vulnerability markets. We examine why many of the discoverers appear to retire after a highly successful vulnerability-finding career. The paper identifies the actual vulnerability markets, rather than the hypothetical ideal markets that are often examined. The emergence of worldwide government agencies as vulnerability buyers has significant implications. We discuss potential factors that can impact the risk to society and the need for detailed exploration.

Keywords: risk management, software security, vulnerability discoverers, vulnerability markets

Procedia PDF Downloads 226

Authors: Shailendra M. Pradhan, Upendra M. Pradhan

Abstract:

Disasters are perennial features of human civilization. The recurring earthquakes, floods, cyclones, among others, that result in massive loss of lives and devastation, is a grim reminder of the fact that, despite all our success stories of development, and progress in science and technology, human society is perennially at risk to disasters. The apparent threat of climate change and global warming only severe our disaster risks. Darjeeling hills, situated along Eastern Himalayan region of India, and famous for its three Ts – tea, tourism and toy-train – is also equally notorious for its disasters. The recurring landslides and earthquakes, the cyclone Aila, and the Ambootia landslides, considered as the largest landslide in Asia, are strong evidence of the vulnerability of Darjeeling hills to natural disasters. Given its geographical location along the Hindu-Kush Himalayas, the region is marked by rugged topography, geo-physically unstable structure, high-seismicity, and fragile landscape, making it prone to disasters of different kinds and magnitudes. Most of the studies on disasters in Darjeeling hills are, however, scientific and geographical in orientation that focuses on the underlying geological and physical processes to the neglect of social and political conditions. This has created a tendency among the researchers and policy-makers to endorse and promote a particular type of discourse that does not consider the social and political aspects of disasters in Darjeeling hills. Disaster, this paper argues, is a complex phenomenon, and a result of diverse factors, both physical and human. The hazards caused by the physical and geological agents, and the vulnerabilities produced and rooted in political, economic, social and cultural structures of a society, together result in disasters. In this sense, disasters are as much a result of political and economic conditions as it is of physical environment. The human aspect of disasters, therefore, compels us to address intricating social and political challenges that ultimately determine our resilience and vulnerability to disasters. Set within the above milieu, the aims of the paper are twofold: a) to provide a political and sociological account of disasters in Darjeeling hills; and, b) to identify and address the root causes of its vulnerabilities to disasters. In situating disasters in Darjeeling Hills, the paper adopts the Pressure and Release Model (PAR) that provides a theoretical insight into the study of social and political aspects of disasters, and to examine myriads of other related issues therein. The PAR model conceptualises risk as a complex combination of vulnerabilities, on the one hand, and hazards, on the other. Disasters, within the PAR framework, occur when hazards interact with vulnerabilities. The root causes of vulnerability, in turn, could be traced to social and political structures such as legal definitions of rights, gender relations, and other ideological structures and processes. In this way, the PAR model helps the present study to identify and unpack the root causes of vulnerabilities and disasters in Darjeeling hills that have largely remained neglected in dominant discourses, thereby providing a more nuanced and sociologically sensitive understanding of disasters.

Keywords: Darjeeling, disasters, PAR, vulnerabilities

Procedia PDF Downloads 249

Authors: Nadir A. Carreon, Christa Sonderer, Aakarsh Rao, Roman Lysecky

Abstract:

With the advent of complex software and increased connectivity, the security of life-critical medical devices is becoming an increasing concern, particularly with their direct impact on human safety. Security is essential, but it is impossible to develop completely secure and impenetrable systems at design time. Therefore, it is important to assess the potential impact on the security and safety of exploiting a vulnerability in such critical medical systems. The common vulnerability scoring system (CVSS) calculates the severity of exploitable vulnerabilities. However, for medical devices it does not consider the unique challenges of impacts to human health and privacy. Thus, the scoring of a medical device on which human life depends (e.g., pacemakers, insulin pumps) can score very low, while a system on which human life does not depend (e.g., hospital archiving systems) might score very high. In this paper, we propose a medical vulnerability scoring system (MVSS) that extends CVSS to address the health and privacy concerns of medical devices. We propose incorporating two new parameters, namely health impact, and sensitivity impact. Sensitivity refers to the type of information that can be stolen from the device, and health represents the impact on the safety of the patient if the vulnerability is exploited (e.g., potential harm, life-threatening). We evaluate fifteen different known vulnerabilities in medical devices and compare MVSS against two state-of-the-art medical device-oriented vulnerability scoring systems and the foundational CVSS.

Keywords: common vulnerability system, medical devices, medical device security, vulnerabilities

Procedia PDF Downloads 133

Authors: Arellano Karina, Diego Avila-Pesántez, Leticia Vaca-Cárdenas, Alberto Arellano, Carmen Mantilla

Abstract:

Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.

Keywords: Denial-of-Service SIP attacks, MS-DoS-SIP, security model, VoIP-SIP vulnerabilities

Procedia PDF Downloads 171

Authors: Lan Nguyen, Kien Le Tan, Bao Nguyen Pham Gia

Abstract:

Due to the high cost, specialized dynamic measurement devices for industrial lands are difficult for many colleges to equip for hands-on teaching. This study connects a dynamic measurement sensor and receiver utilizing an inexpensive Raspberry Pi 4 board, some 24-bit ADC circuits, a geophone vibration sensor, and embedded Python open-source programming. Gather and analyze signals for dynamic measuring, ground vibration monitoring, and structure vibration monitoring. The system may wirelessly communicate data to the computer and is set up as a communication node network, enabling real-time monitoring of background vibrations at various locations. The device can be utilized for a variety of dynamic measurement and monitoring tasks, including monitoring earthquake vibrations, ground vibrations from construction operations, traffic, and vibrations of building structures.

Keywords: sensors, FFT, signal processing, real-time data monitoring, ground propagation wave, python, raspberry Pi 4

Procedia PDF Downloads 74

Authors: Konstantinos Pikos, Dimitrios Kaimaris

Abstract:

Although designing building blocks is a procedure used by many planners around the world, there isn’t an automated tool that will help planners and designers achieve their goals with lesser effort. The difficulty of the subject lies in the repeating process of manually drawing lines, while not only it is mandatory to maintain the desirable offset but to also achieve a lesser impact to the existing building stock. In this paper, using Geographical Information Systems (GIS) and the Python programming language, an automated tool integrated into ArcGIS PRO, is being presented. Despite its simplistic enviroment and the lack of specialized building legislation due to the complex state of the field, a planner who is aware of such technical information can use the tool to draw an initial approach of the final building blocks in an area with pre-existing buildings in an attempt to organize the usually sprawling suburbs of a city or any continuously developing area. The tool uses ESRI’s ArcPy library to handle the spatial data, while interactions with the user is made throught Tkinter. The main process consists of a modification of building edgescoordinates, using NumPy library, in an effort to draw the line of best fit, so the user can get the optimal results per block’s side. Finally, after the tool runs successfully, a table of primary planning information is shown, such as the area of the building block and its coverage rate. Regardless of the primary stage of the tool’s development, it is a solid base where potential planners with programming skills could invest, so they can make the tool adapt to their individual needs. An example of the entire procedure in a test area is provided, highlighting both the strengths and weaknesses of the final results.

Keywords: arcPy, GIS, python, building blocks

Procedia PDF Downloads 159

Authors: Philip Symonds, Jon Taylor, Zaid Chalabi, Michael Davies

Abstract:

With the world climate projected to warm and major cities in developing countries becoming increasingly populated and polluted, governments are tasked with the problem of overheating and air quality in residential buildings. This paper presents the development of an adaptable model of these risks. Simulations are performed using the EnergyPlus building physics software. An accurate metamodel is formed by randomly sampling building input parameters and training on the outputs of EnergyPlus simulations. Metamodels are used to vastly reduce the amount of computation time required when performing optimisation and sensitivity analyses. Neural Networks (NNs) are compared to a Radial Basis Function (RBF) algorithm when forming a metamodel. These techniques were implemented using the PyBrain and scikit-learn python libraries, respectively. NNs are shown to perform around 15% better than RBFs when estimating overheating and air pollution metrics modelled by EnergyPlus.

Keywords: neural networks, radial basis functions, metamodelling, python machine learning libraries

Procedia PDF Downloads 420

Authors: Mhaned Oubounyt, Jan Baumbach

Abstract:

Differences in co-expression networks between two or multiple cells (sub)types across conditions is a pressing problem in single-cell RNA sequencing (scRNA-seq). A key challenge is to define those co-variations that differ between or among cell types and/or conditions and phenotypes to examine small regulatory networks that can explain mechanistic differences. To this end, we developed SCANet, an all-in-one Python package that uses state-of-the-art algorithms to facilitate the workflow of a combined single-cell GCN (Gene Correlation Network) and GRN (Gene Regulatory Networks) pipeline, including inference of gene co-expression modules from scRNA-seq, followed by trait and cell type associations, hub gene detection, co-regulatory networks, and drug-gene interactions. In an example case, we illustrate how SCANet can be applied to identify regulatory drivers behind a cytokine storm associated with mortality in patients with acute respiratory illness. SCANet is available as a free, open-source, and user-friendly Python package that can be easily integrated into systems biology pipelines.

Keywords: single-cell, co-expression networks, drug-gene interactions, co-regulatory networks

Procedia PDF Downloads 106

Authors: Pronob Kumar Mozumder, M. Abdur Rob Mollah

Abstract:

This research was conducted in two coastal locations of Bangladesh from February, 2013 to January, 2014.The objective of this research was to assess the potential vulnerabilities of climate change on local ecosystem and people and to identify and recommend local level adaptation strategies to climate change. Focus group discussions, participatory rural appraisal, interviewing local elderly people were conducted. Perceptions about climate change indicate that local people are experiencing impacts of climate change. According to local people, temperature, cyclone, rain, water-logging, siltation, salinity, erosion, and flash flood are increasing. Vulnerability assessment revealed that local people are variously affected by abnormal climate related disasters. This is jeopardizing their livelihoods, risking their lives, health, and their assets. This prevailing climatic situation in the area is also impacting their environmental conditions, biodiversity and natural resources, and their economic activities. The existing adaptation includes using traditional boat and mobile phone while fishing and making house on high land and lower height. Proposed adaptation for fishing boat are using more than 60 feet length with good timber, putting at least 3 longitudinal bar along upper side, using enough vertical side bars. The homestead measures include use of cross bracing of wall frame, roof tying with extra-post by ropes and plantation of timber tree against wind.

Keywords: community level vulnerabilities, climate change, Cox’s Bazar-Teknaf Coastal Area, Bangladesh

Procedia PDF Downloads 503

Authors: David Oluigbo, Erik Hemberg, Nathan Shwatal, Wenqi Ding, Yin Yuan, Susanna Mierau

Abstract:

Introduction: Calcium imaging is an established technique in neuroscience research for detecting activity in neural networks. Bursts of action potentials in neurons lead to transient increases in intracellular calcium visualized with fluorescent indicators. Manual identification of cell bodies and their contours by experts typically takes 10-20 minutes per calcium imaging recording. Our aim, therefore, was to design an automated pipeline to facilitate and optimize calcium imaging data analysis. Our pipeline aims to accelerate cell body and contour identification and production of graphical representations reflecting changes in neuronal calcium-based fluorescence. Methods: We created a Python-based pipeline that uses OpenCV (a computer vision Python package) to accurately (1) detect neuron contours, (2) extract the mean fluorescence within the contour, and (3) identify transient changes in the fluorescence due to neuronal activity. The pipeline consisted of 3 Python scripts that could both be easily accessed through a Python Jupyter notebook. In total, we tested this pipeline on ten separate calcium imaging datasets from murine dissociate cortical cultures. We next compared our automated pipeline outputs with the outputs of manually labeled data for neuronal cell location and corresponding fluorescent times series generated by an expert neuroscientist. Results: Our results show that our automated pipeline efficiently pinpoints neuronal cell body location and neuronal contours and provides a graphical representation of neural network metrics accurately reflecting changes in neuronal calcium-based fluorescence. The pipeline detected the shape, area, and location of most neuronal cell body contours by using binary thresholding and grayscale image conversion to allow computer vision to better distinguish between cells and non-cells. Its results were also comparable to manually analyzed results but with significantly reduced result acquisition times of 2-5 minutes per recording versus 10-20 minutes per recording. Based on these findings, our next step is to precisely measure the specificity and sensitivity of the automated pipeline’s cell body and contour detection to extract more robust neural network metrics and dynamics. Conclusion: Our Python-based pipeline performed automated computer vision-based analysis of calcium image recordings from neuronal cell bodies in neuronal cell cultures. Our new goal is to improve cell body and contour detection to produce more robust, accurate neural network metrics and dynamic graphs.

Keywords: calcium imaging, computer vision, neural activity, neural networks

Procedia PDF Downloads 60

Authors: Malaw Ndiaye, Karim Konate

Abstract:

Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Since there are recent studies on smart contract security, none of them systematically study the strengths and weaknesses of smart contract security. Some have focused on an analysis of program-related vulnerabilities by providing a taxonomy of vulnerabilities. Other studies are responsible for listing the series of attacks linked to smart contracts. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts.

Keywords: blockchain, Bitcoin, smart contract, criminal smart contract, security

Procedia PDF Downloads 139

Authors: Wenqing Fan, Yixuan Cheng, Wei Huang

Abstract:

The diversity and complexity of modern IT systems make it almost impossible for internal teams to find vulnerabilities in all software before the software is officially released. The emergence of threat intelligence and vulnerability reporting policy has greatly reduced the burden on software vendors and organizations to find vulnerabilities. However, to prove the existence of the reported vulnerability, it is necessary but difficult for security incident response team to build a deliberated vulnerable environment from the vulnerability report with limited and incomplete information. This paper presents a structured, standardized, machine-oriented vulnerability intelligence format, that can be used to automate the orchestration of Deliberated Vulnerable Environment (DVE). This paper highlights the important role of software configuration and proof of vulnerable specifications in vulnerability intelligence, and proposes a triad model, which is called DIR (Dependency Configuration, Installation Configuration, Runtime Configuration), to define software configuration. Finally, this paper has also implemented a prototype system to demonstrate that the orchestration of DVE can be automated with the intelligence.

Keywords: DIR triad model, DVE, vulnerability intelligence, vulnerability recurrence

Procedia PDF Downloads 99

Authors: Bambang Novianto, Rizal Aditya Herdianto, Raphael Bianco Huwae, Afifah, Alfonso Brolin Sihite, Rudi Lumanto

Abstract:

The mobile banking application is a type of mobile application that is growing rapidly. This is caused by the ease of service and time savings in making transactions. On the other hand, this certainly provides a challenge in security issues. The use of mobile banking can not be separated from cyberattacks that may occur which can result the theft of sensitive information or financial loss. The financial loss and the theft of sensitive information is the most avoided thing because besides harming the user, it can also cause a loss of customer trust in a bank. Cyberattacks that are often carried out against mobile applications are phishing, hacking, theft, misuse of data, etc. Cyberattack can occur when a vulnerability is successfully exploited. OWASP mobile Top 10 has recorded as many as 10 vulnerabilities that are most commonly found in mobile applications. In the others, android permissions also have the potential to cause vulnerabilities. Therefore, an overview of the profile of the mobile banking application becomes an urgency that needs to be known. So that it is expected to be a consideration of the parties involved for improving security. In this study, an experiment has been conducted to capture the profile of the mobile banking applications in Indonesia based on android permission and OWASP mobile top 10 2016. The results show that there are six basic vulnerabilities based on OWASP Mobile Top 10 that are most commonly found in mobile banking applications in Indonesia, i.e. M1:Improper Platform Usage, M2:Insecure Data Storage, M3:Insecure Communication, M5:Insufficient Cryptography, M7:Client Code Quality, and M9:Reverse Engineering. The most permitted android permissions are the internet, status network access, and telephone read status.

Keywords: mobile banking application, OWASP mobile top 10 2016, android permission, sensitive information, financial loss

Procedia PDF Downloads 116

Authors: Umut Tac, Leyla Tavacioglu, Pelin Bolat

Abstract:

Human factor has been one of the elements that cause vulnerabilities which can be resulted with accidents in maritime transportation. When the roots of human factor based accidents are analyzed, gaps in performing cognitive abilities (reaction time, attention, memory…) are faced as the main reasons for the vulnerabilities in complex environment of maritime systems. Thus cognitive processes in maritime systems have arisen important subject that should be investigated comprehensively. At this point, neurocognitive tests such as reaction time analysis tests have been used as coherent tools that enable us to make valid assessments for cognitive status. In this respect, the aim of this study is to evaluate the reaction time (response time or latency) of seafarers due to their occupational experience and age. For this study, reaction time for different maneuverers has been taken while the participants were performing a sea voyage through a simulator which was run up with a certain scenario. After collecting the data for reaction time, a statistical analyze has been done to understand the relation between occupational experience and cognitive abilities.

Keywords: cognitive abilities, human factor, neurocognitive test battery, reaction time

Procedia PDF Downloads 277

Authors: Md Kamrul Hassan

Abstract:

Adaptation interventions are the common response to manage the vulnerabilities of climate change. The nature of adaptation intervention depends on the degree of vulnerability and the capacity of a society. The coping interventions can take the form of hard adaptation – utilising technologies and capital goods like dykes, embankments, seawalls, and/or soft adaptation – engaging knowledge and information sharing, capacity building, policy and strategy development, and innovation. Hard adaptation is quite capital intensive but provides immediate relief from climate change vulnerabilities. This type of adaptation is not real development, as the investment for the adaptation cannot improve the performance – just maintain the status quo of a social or ecological system, and often lead to maladaptation in the long-term. Maladaptation creates a two-way loss for a society – interventions bring further vulnerability on top of the existing vulnerability and investment for getting rid of the consequence of interventions. Hard adaptation is popular to the vulnerable groups, but it focuses so much on the immediate solution and often ignores the environmental issues and future risks of climate change. On the other hand, soft adaptation is education oriented where vulnerable groups learn how to live with climate change impacts. Soft adaptation interventions build the capacity of vulnerable groups through training, innovation, and support, which might enhance the resilience of a system. In consideration of long-term sustainability, soft adaptation can contribute more to resilience than hard adaptation. Taking a developing society as the study context, this study aims to investigate and understand the effectiveness of the adaptation interventions of the coastal community of Sundarbans mangrove forest in Bangladesh. Applying semi-structured interviews with a range of Sundarbans stakeholders including community residents, tourism demand-supply side stakeholders, and conservation and management agencies (e.g., Government, NGOs and international agencies) and document analysis, this paper reports several key insights regarding climate change adaptation. Firstly, while adaptation interventions may offer a short-term to medium-term solution to climate change vulnerabilities, interventions need to be revised for long-term sustainability. Secondly, soft adaptation offers advantages in terms of resilience in a rapidly changing environment, as it is flexible and dynamic. Thirdly, there is a challenge to communicate to educate vulnerable groups to understand more about the future effects of hard adaptation interventions (and the potential for maladaptation). Fourthly, hard adaptation can be used if the interventions do not degrade the environmental balance and if the investment of interventions does not exceed the economic benefit of the interventions. Overall, the goal of an adaptation intervention should be to enhance the resilience of a social or ecological system so that the system can with stand present vulnerabilities and future risks. In order to be sustainable, adaptation interventions should be designed in such way that those can address vulnerabilities and risks of climate change in a long-term timeframe.

Keywords: adaptation, climate change, maladaptation, resilience, Sundarbans, sustainability, vulnerability

Procedia PDF Downloads 167

Authors: Chen Wang, Chun Liang

Abstract:

Microsatellite instability (MSI) is characterized by high degree of polymorphism in microsatellite (MS) length due to a deficiency in mismatch repair (MMR) system. MSI is associated with several tumor types and its status can be considered as an important indicator for tumor prognostic. Conventional clinical diagnosis of MSI examines PCR products of a panel of MS markers using electrophoresis (MSI-PCR) which is laborious, time consuming, and less reliable. MSIpred, a python 2 package for automatic classification of MSI was released by this study. It computes important somatic mutation features from files in mutation annotation format (MAF) generated from paired tumor-normal exome sequencing data, subsequently using these to predict tumor MSI status with a support vector machine (SVM) classifier trained by MAF files of 1074 tumors belonging to four types. Evaluation of MSIpred on an independent 358-tumor test set achieved overall accuracy of over 98% and area under receiver operating characteristic (ROC) curve of 0.967. These results indicated that MSIpred is a robust pan-cancer MSI classification tool and can serve as a complementary diagnostic to MSI-PCR in MSI diagnosis.

Keywords: microsatellite instability, pan-cancer classification, somatic mutation, support vector machine

Procedia PDF Downloads 146

Authors: Jaimin Patel

Abstract:

Cloud computing is one of the most sharp and important movement in various computing technologies. It provides flexibility to users, cost effectiveness, location independence, easy maintenance, enables multitenancy, drastic performance improvements, and increased productivity. On the other hand, there are also major issues like security. Being a common server, security for a cloud is a major issue; it is important to provide security to protect user’s private data, and it is especially important in e-commerce and social networks. In this paper, encryption algorithms such as Advanced Encryption Standard algorithms, their vulnerabilities, risk of attacks, optimal time and complexity management and comparison with other algorithms based on software implementation is proposed. Encryption techniques to improve the performance of AES algorithms and to reduce risk management are given. Secure Hash Algorithms, their vulnerabilities, software implementations, risk of attacks and comparison with other hashing algorithms as well as the advantages and disadvantages between hashing techniques and encryption are given.

Keywords: Cloud computing, encryption algorithm, secure hashing algorithm, brute force attack, birthday attack, plaintext attack, man in middle attack

Procedia PDF Downloads 253

Authors: María José Núñez-Ruiz, Luis Álvarez-González, Cristian Olivares-Rodriguez, Benjamin Lazo-Letelier

Abstract:

This paper begins with some concept of formative assessment and the relationship with learning objective: contents objectives, processes objectives, and metacognitive objectives. Two methodologies are describes Evidence-Based teaching and Question Drive Instruction. To do formative assessments in larges classes a Classroom Response System (CRS) is needed. But most of CRS use only Multiple Choice Questions (MCQ), True/False question, or text entry; however, this is insufficient to formative assessment. To do that a new CRS, call FAMA was developed. FAMA support six types of questions: Choice, Order, Inline choice, Text entry, Associated, and Slider. An experiment participated in 149 students from four engineering careers. For results, Kendall's Range Correlation Analysis and descriptive analysis was done. In conclusion, there is a strong relation between contents question, process questions (ask in formative assessment without a score) and metacognitive questions, asked in summative assessment. As future work, the lecturer can do personalized teaching, because knows the behavior of all students in each formative assessment

Keywords: Python language, formative assessment, classroom response systems, evidence-Based teaching, question drive instruction

Procedia PDF Downloads 105

Authors: Jean Rosemond Dora, Karol Nemoga

Abstract:

In this work, we tackle a frequent problem that frequently occurs in the cybersecurity field which is the exploitation of websites by XSS attacks, which are nowadays considered a complicated attack. These types of attacks aim to execute malicious scripts in a web browser of the client by including code in a legitimate web page. A serious matter is when a website accepts the “user-input” option. Attackers can exploit the web application (if vulnerable), and then steal sensitive data (session cookies, passwords, credit cards, etc.) from the server and/or from the client. However, the difficulty of the exploitation varies from website to website. Our focus is on the usage of ontology in cybersecurity against XSS attacks, on the importance of the ontology, and its core meaning for cybersecurity. We explain how a vulnerable website can be exploited, and how different JavaScript payloads can be used to detect vulnerabilities. We also enumerate some tools to use for an efficient analysis. We present detailed reasoning on what can be done to improve the security of a website in order to resist attacks, and we provide supportive examples. Then, we apply an ontology model against XSS attacks to strengthen the protection of a web application. However, we note that the existence of ontology does not improve the security itself, but it has to be properly used and should require a maximum of security layers to be taken into account.

Keywords: cybersecurity, web application vulnerabilities, cyber threats, ontology model

Procedia PDF Downloads 141

Authors: Mohamed Z. M. Duwahir, Shian Gao

Abstract:

The main objective of this project was to introduce and test a new scheme for parameterization of subsonic aerofoil, using a function called Shape Function. Python programming was used to create a user interactive environment for geometry generation of aerofoil using NACA and Shape Function methodologies. Two aerofoils, NACA 0012 and NACA 1412, were generated using this function. Testing the accuracy of the Shape Function scheme was done by Linear Square Fitting using Python and CFD modelling the aerofoil in Fluent. NACA 0012 (symmetrical aerofoil) was better approximated using Shape Function than NACA 1412 (cambered aerofoil). The second part of the project involved comparing two turbulent models, k-ε and Spalart-Allmaras (SA), in Fluent by modelling the aerofoils NACA 0012 and NACA 1412 in conditions of Reynolds number of 3 × 106. It was shown that SA modelling is better for aerodynamic purpose. The experimental coefficient of lift (Cl) and coefficient of drag (Cd) were compared with empirical wind tunnel data for a range of angle of attack (AOA). As a further step, this project involved drawing and meshing 3D wings in Gambit. The 3D wing flow was solved and compared with 2D aerofoil section experimental results and wind tunnel data.

Keywords: CFD simulation, shape function, turbulent modelling, aerofoil

Procedia PDF Downloads 334

Authors: Salahaeddine Sbai

Abstract:

Air quality analysis using machine learning models is a method employed to assess and predict air pollution levels. This approach leverages the capabilities of machine learning algorithms to analyze vast amounts of air quality data and extract valuable insights. By training these models on historical air quality data, they can learn patterns and relationships between various factors such as weather conditions, pollutant emissions, and geographical features. The trained models can then be used to predict air quality levels in real-time or forecast future pollution levels. This application of machine learning in air quality analysis enables policymakers, environmental agencies, and the general public to make informed decisions regarding health, environmental impact, and mitigation strategies. By understanding the factors influencing air quality, interventions can be implemented to reduce pollution levels, mitigate health risks, and enhance overall air quality management. Climate change is having significant impacts on Morocco, affecting various aspects of the country's environment, economy, and society. In this study, we use some machine learning models under python environment to predict and analysis air quality change over North of Morocco to evaluate the climate change impact on agriculture.

Keywords: air quality, machine learning models, pollution, pollutant emissions

Procedia PDF Downloads 59

Authors: Leonardo A. Ambrosio, Carlos. H. Silva Santos, Ivan E. L. Rodrigues, Ayumi K. de Campos, Leandro A. Machado

Abstract:

In this work, we propose an algorithm developed under Python language for the modeling of ordinary scalar Bessel beams and their discrete superpositions and subsequent calculation of optical forces exerted over dielectric spherical particles. The mathematical formalism, based on the generalized Lorenz-Mie theory, is implemented in Python for its large number of free mathematical (as SciPy and NumPy), data visualization (Matplotlib and PyJamas) and multiprocessing libraries. We also propose an approach, provided by a synchronized Software as Service (SaaS) in cloud computing, to develop a user interface embedded on a mobile application, thus providing users with the necessary means to easily introduce desired unknowns and parameters and see the graphical outcomes of the simulations right at their mobile devices. Initially proposed as a free Android-based application, such an App enables data post-processing in cloud-based architectures and visualization of results, figures and numerical tables.

Keywords: Bessel Beams and Frozen Waves, Generalized Lorenz-Mie Theory, Numerical Methods, optical forces

Procedia PDF Downloads 355

Authors: Durga Toshniwal, Lokesh Agrawal

Abstract:

As the web continues to play an increasing role in information exchange, and conducting daily activities, computer users have become the target of miscreants which infects hosts with malware or adware for financial gains. Unfortunately, even a single visit to compromised web site enables the attacker to detect vulnerabilities in the user’s applications and force the downloading of multitude of malware binaries. We provide an approach to effectively scan the so-called drive-by downloads on the Internet. Drive-by downloads are result of URLs that attempt to exploit their visitors and cause malware to be installed and run automatically. To scan the web for malicious pages, the first step is to use a crawler to collect URLs that live on the Internet, and then to apply fast prefiltering techniques to reduce the amount of pages that are needed to be examined by precise, but slower, analysis tools (such as honey clients or antivirus programs). Although the technique is effective, it requires a substantial amount of resources. A main reason is that the crawler encounters many pages on the web that are legitimate and needs to be filtered. In this paper, to characterize the nature of this rising threat, we present implementation of a web crawler on Python, an approach to search the web more efficiently for pages that are likely to be malicious, filtering benign pages and passing remaining pages to antivirus program for detection of malwares. Our approaches starts from an initial seed of known, malicious web pages. Using these seeds, our system generates search engines queries to identify other malicious pages that are similar to the ones in the initial seed. By doing so, it leverages the crawling infrastructure of search engines to retrieve URLs that are much more likely to be malicious than a random page on the web. The results shows that this guided approach is able to identify malicious web pages more efficiently when compared to random crawling-based approaches.

Keywords: web crawler, malwares, seeds, drive-by-downloads, security

Procedia PDF Downloads 211

Authors: Regina Chua

Abstract:

To reduce the costs of re-fielding a large survey, a Random Forest classifier was applied to measure the accuracy of classifying individuals into their assigned segments with the fewest possible questions. Given a long survey, one needed to determine the most predictive ten or fewer questions that would accurately assign new individuals to custom segments. Furthermore, the solution needed to be quick in its classification and usable in non-Python environments. In this paper, a supervised Random Forest classifier was modeled on a dataset with 7,000 individuals, 60 questions, and 254 features. The Random Forest consisted of an iterative collection of individual decision trees that result in a predicted segment with robust precision and recall scores compared to a single tree. A random 70-30 stratified sampling for training the algorithm was used, and accuracy trade-offs at different depths for each segment were identified. Ultimately, the Random Forest classifier performed at 87% accuracy at a depth of 10 with 20 instead of 254 features and 10 instead of 60 questions. With an acceptable accuracy in prioritizing feature selection, new tools were developed for non-Python environments: a worksheet with a formulaic version of the algorithm and an embedded function to predict the segment of an individual in real-time. Random Forest was determined to be an optimal classification model by its feature selection, performance, processing speed, and flexible application in other environments.

Keywords: machine learning, supervised learning, data science, random forest, classification, prediction, predictive modeling

Procedia PDF Downloads 72

Authors: Otto Kakhidze, Hoda Alkhzaimi, Adam Ramey, Nasir Memon

Abstract:

This paper provides an alternative, cyber security based a conceptual framework for the ethics of automated warfare. The large body of work produced on fully or partially autonomous warfare systems tends to overlook malicious security factors as in the possibility of technical attacks on these systems when it comes to the moral and legal decision-making. The argument provides a risk-oriented justification to why technical malicious risks cannot be dismissed in legal, ethical and policy considerations when warfare models are being implemented and deployed. The assumptions of the paper are supported by providing a broader model that contains the perspective of technological vulnerabilities through the lenses of the Game Theory, Just War Theory as well as standard and non-standard defense ethics. The paper argues that a conventional risk-benefit analysis without considering ethical factors is insufficient for making legal and policy decisions on automated warfare. This approach will provide the substructure for security and defense experts as well as legal scholars, ethicists and decision theorists to work towards common justificatory grounds that will accommodate the technical security concerns that have been overlooked in the current legal and policy models.

Keywords: automated warfare, ethics of automation, inherent hijacking, security vulnerabilities, risk, uncertainty

Procedia PDF Downloads 337

Authors: Ammar Maziz, Prateek Gupta, Thiago Vasconcellos Birro, Benoit Gely

Abstract:

Hydrogen as a sustainable fuel has the highest energy density per mass as compared to conventional non-renewable sources. As the world looks to move towards sustainability, especially in the sectors of aviation and automotive, it becomes important to address the issue of storage of hydrogen as compressed gas in high-pressure tanks. To improve the design for the efficient storage and transportation of Hydrogen, this paper presents the design and stress analysis of Dome Composite Overwrapped Pressure Vessels (COPVs) using the geodesic trajectory approach. The geodesic trajectory approach is used to optimize the dome design, resulting in a lightweight and efficient structure. Python scripting is employed to implement the mathematical modeling of the COPV, and after validating the model by comparison to the published paper, stress analysis is conducted using Abaqus commercial code. The results demonstrate the effectiveness of the geodesic trajectory approach in achieving a lightweight and structurally sound dome design, as well as the accuracy and reliability of the stress analysis using Abaqus commercial code. This study provides insights into the design and analysis of COPVs for aerospace applications, with the potential for further optimization and application in other industries.

Keywords: composite overwrapped pressure vessels, carbon fiber, geodesic trajectory approach, dome design, stress analysis, plugin python

Procedia PDF Downloads 61

Authors: Ahmad R. Zamani, Luigi Sanguigno, Angelo R. Maligno

Abstract:

A 3D woven composite, designed for automotive applications, is studied using Abaqus Finite Element (FE) software suite. Python scripts were developed to build FE models of the woven composite in Complete Abaqus Environment (CAE). They can read TexGen or WiseTex files and automatically generate consistent meshes of the fabric and the matrix. A user menu is provided to help define parameters for the FE models, such as type and size of the elements in fabric and matrix as well as the type of matrix-fabric interaction. Node-to-node constraints were imposed to guarantee periodicity of the deformed shapes at the boundaries of the representative volume element of the composite. Tensile loads in three axes and biaxial loads in x-y directions have been applied at different Fibre Volume Fractions (FVFs). A simple damage model was implemented via an Abaqus user material (UMAT) subroutine. Existing tools for homogenization were also used, including voxel mesh generation from TexGen as well as Abaqus Micromechanics plugin. Linear relations between homogenised elastic properties and the FVFs are given. The FE models of composite exhibited balanced behaviour with respect to warp and weft directions in terms of both stiffness and strength.

Keywords: 3D woven composite (3DWC), meso-scale finite element model, homogenisation of elastic material properties, Abaqus Python scripting

Procedia PDF Downloads 114

Authors: Mohamed Rasslan, Doaa Abdelrahman, Mahmoud M. Nasreldin, Ghada Farouk, Heba K. Aslan

Abstract:

Blockchain is a distributed database that endorses transparency while bitcoin is a decentralized cryptocurrency (electronic cash) that endorses anonymity and is powered by blockchain technology. Smart contracts are programs that are stored on a blockchain. Smart contracts are executed when predetermined conditions are fulfilled. Smart contracts automate the agreement execution in order to make sure that all participants immediate-synchronism of the outcome-certainty, without any intermediary's involvement or time loss. Currently, the Bitcoin market worth billions of dollars. Bitcoin could be transferred from one purchaser to another without the need for an intermediary bank. Network nodes through cryptography verify bitcoin transactions, which are registered in a public-book called “blockchain”. Bitcoin could be replaced by other coins, merchandise, and services. Rapid growing of the bitcoin market-value, encourages its counterparts to make use of its weaknesses and exploit vulnerabilities for profit. Moreover, it motivates scientists to define known vulnerabilities, offer countermeasures, and predict future threats. In his paper, we study blockchain technology and bitcoin from the attacker’s point of view. Furthermore, mitigations for the attacks are suggested, and contemporary security solutions are discussed. Finally, research methods that achieve strict security and privacy protocol are elaborated.

Keywords: Cryptocurrencies, Blockchain, Bitcoin, Smart Contracts, Peer-to-Peer Network, Security Issues, Privacy Techniques

Procedia PDF Downloads 54

Authors: Ayse Tarhan, Mustafa Ilkan, Mohammad Karimzadeh

Abstract:

Science was considered as part of philosophy in ancient Greece. By the nineteenth century, it was understood that philosophy was very inclusive and that social and human sciences such as literature, history, and psychology should be separated and perceived as an autonomous branch of science. The computer was also first seen as a tool of mathematical science. Over time, computer science has grown by encompassing every area in which technology exists, and its growth compelled the division of computer science into different disciplines, just as philosophy had been divided into different branches of science. Now there is almost no branch of science in which computers are not used. One of the newer autonomous disciplines of computer science is digital humanities, and one of the areas of digital humanities is literature. The material of literature is words, and thanks to the software tools created using computer programming languages, data that a literature researcher would need months to complete, can be achieved quickly and objectively. In this article, three different tools that literary researchers can use in their work will be introduced. These studies were created with the computer programming languages Python and R and brought to the world of literature. The purpose of introducing the aforementioned studies is to set an example for the development of special tools or programs on Ottoman language and literature in the future and to support such initiatives. The first example to be introduced is the Stylometry tool developed with the R language. The other is The Metrical Tool, which is used to measure data in poems and was developed with Python. The latest literature analysis tool in this article is Voyant Tools, which is a multifunctional and easy-to-use tool.

Keywords: DH, literature, information technologies, stylometry, the metrical tool, voyant tools

Procedia PDF Downloads 126