Recent Submissions

  • Pluronic F127 thermosensitive injectable smart hydrogels for controlled drug delivery system development

    Shriky, Banah; Kelly, Adrian L.; Isreb, Mohammad; Babenko, Maksims; Mahmoudi, N.; Rogers, S.; Shebanova, O.; Snow, T.; Gough, Timothy D. (2020-04-01)
    Understanding structure-property relationships is critical for the development of new drug delivery systems. This study investigates the properties of Pluronic smart hydrogel formulations for future use as injectable controlled drug carriers. The smart hydrogels promise to enhance patient compliance, decrease side effects and reduce dose and frequency. Pharmaceutically, these systems are attractive due to their unique sol-gel phase transition in the body, biocompatibility, safety and injectability as solutions before transforming into gel matrices at body temperature. We quantify the structural changes of F127 systems under controlled temperature after flow, as experienced during real bodily injection. Empirical formulae combining the coupled thermal and shear dependency are produced to aid future application of these systems. Induced structural transitions measured in-situ by small angle x-ray and neutron scattering reveal mixed oriented structures that can be exploited to tailor the drug release profile.
  • An approximation to the PTT viscoelastic model for Gas Assisted Injection Moulding simulation

    Olley, Peter (2020)
    An approximation to the Phan-Thien Tanner (PTT) constitutive model is developed with the aim of giving low-cost simulation of Gas Assisted Injection Moulding (GAIM) while incorporating important viscoelastic characteristics. It is shown that the developed model gives a response typical of full viscoelastic models in transient and steady state uniaxial and constant shear rate deformations. The model is incorporated into a 3D finite element GAIM simulation which uses the ‘pseudo-concentration’ method to predict residual polymer, and applied to published experimental results for a Boger fluid and a shear-thinning polystyrene melt. It is shown that the simulation gives a very good match to published results for the Boger fluid which show increasing Residual Wall Thickness (RWT) with increasing Deborah number. Against the shear-thinning polymer, the quality of match depends upon which of two ‘plausible’ relaxation times is chosen; qualitatively different results arise from two different means of estimating a single relaxation time. A ‘multi-mode’ approach is developed to avoid this uncertainty. It is shown that the multi-mode approach gives decreasing RWT with increasing Deborah number in agreement with the published experimental results, and avoids the issues that arise from estimating a single relaxation time for a molten polymer.
  • An ontological approach for pathology assessment and diagnosis of tunnels

    Dimitrova, V.; Mehmood, M.O.; Thakker, Dhaval; Sage-Vallier, B.; Valdes, J.; Cohn, A.G. (ELSEVIER, 2020-04)
    Tunnel maintenance requires complex decision making, which involves pathology diagnosis and risk assessment, to ensure full safety while optimising maintenance and repair costs. A Decision Support System (DSS) can play a key role in this process by supporting the decision makers in identifying pathologies based on disorders present in various tunnel portions and contextual factors affecting a tunnel. Another key aspect is to identify which spatial stretches within a tunnel contain pathologies of similar kinds within neighbouring tunnel segments. This paper presents PADTUN, a novel intelligent decision support system that assists with pathology diagnosis and assessment of tunnels with respect to their disorders and diagnosis influencing factors. It utilises semantic web technologies for knowledge capture, representation, and reasoning. The core of PADTUN is a family of ontologies which represent the main concepts and relations associated with pathology assessment, and capture the decision process concerning tunnel maintenance. Tunnel inspection data is linked to these ontologies to take advantage of inference capabilities offered by semantic technologies. In addition, an intelligent mechanism is presented which exploits abstraction and inference capabilities. Thus PADTUN provides the world’s first semantically based intelligent DSS for tunnel maintenance. PADTUN was developed by an interdisciplinary team of tunnel experts and knowledge engineers in real-world settings offered by the NeTTUN EU Project. An evaluation of the PADTUN system is performed using real-world tunnel data and diagnosis tasks. We show how the use of semantic technologies allows addressing the complex issues of tunnel pathology inferencing, aiding in, and matching transportation experts’ expectations of decision support. The methodology is applicable to any linear transport structures, offering intelligent ways to aid with complex decision processes related to diagnosis and maintenance.
  • How reproducible is the acoustical characterization of porous media?

    Pompoli, F.; Bonfiglio, P.; Horoshenkov, K.V.; Khan, Amir; Jaouen, L.; Bécot, F-X.; Sgard, F.; Asdrubali, F.; D'Alessandro, F.; Hübelt, J.; et al. (2017-02)
    There is a considerable number of research publications on the characterization of porous media that is carried out in accordance with ISO 10534-2 (International Standards Organization, Geneva, Switzerland, 2001) and/or ISO 9053 (International Standards Organization, Geneva, Switzerland, 1991). According to the Web of Science(TM) (last accessed 22 September 2016) there were 339 publications in the Journal of the Acoustical Society of America alone which deal with the acoustics of porous media. However, the reproducibility of these characterization procedures is not well understood. This paper deals with the reproducibility of some standard characterization procedures for acoustic porous materials. The paper is an extension of the work published by Horoshenkov, Khan, Bécot, Jaouen, Sgard, Renault, Amirouche, Pompoli, Prodi, Bonfiglio, Pispola, Asdrubali, Hübelt, Atalla, Amédin, Lauriks, and Boeckx [J. Acoust. Soc. Am. 122(1), 345-353 (2007)]. In this paper, independent laboratory measurements were performed on the same material specimens so that the naturally occurring inhomogeneity in materials was controlled. It also presented the reproducibility data for the characteristic impedance, complex wavenumber, and for some related pore structure properties. This work can be helpful to better understand the tolerances of these material characterization procedures so improvements can be developed to reduce experimental errors and improve the reproducibility between laboratories.
  • Predicting the location of weld line in microinjection-molded polyethylene via molecular orientation distribution

    Liao, T.; Zhao, X.; Yang, X.; Whiteside, Benjamin R.; Coates, Philip D.; Jiang, Z.; Men, Y. (2019-01)
    The microstructure and molecular orientation distribution over both the length and the thickness of microinjection‐molded linear low‐density polyethylene with a weld line were characterized as a function of processing parameters using small‐angle X‐ray scattering and wide‐angle X‐ray diffraction techniques. The weld line was introduced via recombination of two separated melt streams with an angle of 180° to each other in injection molding. The lamellar structure was found to be related to the mold temperature strongly but the injection velocity and the melt temperature slightly. Furthermore, the distributions of molecular orientation at different molding conditions and different positions in the cross section of molded samples were derived from Hermans equation. The degree of orientation of polymeric chains and the thickness of oriented layers decrease considerably with an increase of both mold temperature and melt temperature, which could be explained by the stress relaxation of sheared chains and the reduced melt viscosity, respectively. The level of molecular orientation was found to be lowest in the weld line when varying injection velocity, mold temperature, and melt temperature, thus providing an effective means to identify the position of weld line induced by flow obstacles during injection‐molding process.
  • Organic synthesis by Twin Screw Extrusion (TSE): Continuous, scalable and solvent-free

    Crawford, Deborah E.; Miskimmin, C.K.G.; Albadarin, A.B.; Walker, G.; James, S.L. (2017-01)
    Mechanochemistry provides a method to reduce or eliminate the use of solvents by carrying out reactions through the grinding of neat reagents. Until recently a significant drawback of this form of synthesis has been the limited ability to scale up. However, it has been shown that twin screw extrusion (TSE) may overcome this problem as demonstrated in the continuous synthesis of co-crystals, Metal Organic Frameworks (MOFs) and Deep Eutectic Solvents (DES), in multi kg h−1 quantities. TSE has provided a means to carry out mechanochemical synthesis in a continuous, large scale and efficient fashion, which is adaptable to a manufacturing process. Herein, we highlight the potential of this technique for organic synthesis by reporting four condensation reactions, the Knoevenagel condensation, imine formation, aldol reaction and the Michael addition, to produce analytically pure products, most of which did not require any post synthetic purification or isolation. Each reaction was carried out in the absence of solvents and the water byproduct was conveniently removed as water vapour during the extrusion process due to the elevated temperatures used. Furthermore, the Knoevenagel condensation has been studied in detail to gain insight into the mechanism by which these mechanochemical reactions proceed. The results point to effective wetting of one reactant by another as being critical for these reactions to occur under these reaction conditions.
  • Feedback Kinetics in Mechanochemistry: The Importance of Cohesive States.

    Hutchings, B.P.; Crawford, Deborah E.; Gao, L.; Hu, P.; James, S.L. (2017-11-27)
    Although mechanochemical synthesis is becoming more widely applied and even commercialised, greater basic understanding is needed if the field is to progress on less of a trial‐and‐error basis. We report that a mechanochemical reaction in a ball mill exhibits unusual sigmoidal feedback kinetics that differ dramatically from the simple first‐order kinetics for the same reaction in solution. An induction period is followed by a rapid increase in reaction rate before the rate decreases again as the reaction goes to completion. The origin of these unusual kinetics is found to be a feedback cycle involving both chemical and mechanical factors. During the reaction the physical form of the reaction mixture changes from a powder to a cohesive rubber‐like state, and this results in the observed reaction rate increase. The study reveals that non‐obvious and dynamic rheological changes in the reaction mixture must be appreciated to understand how mechanochemical reactions progress.
  • Recent developments of reconfigurable antennas for 4G and 5G wireless communications: A survey

    Ojaroudi Parchin, Naser; Basherlou, H.J.; Al-Yasir, Yasir; Abd-Alhameed, Raed A.; Abdulkhaleq, A.M.; Noras, James M. (Avid Science, 2019-12)
    Reconfigurable antennas play important roles in smart and adaptive systems and are the subject of many research studies. They offer several advantages such as multifunctional capabilities, minimized volume requirements, low front-end processing efforts with no need for a filtering element, good isolation, and sufficient out-ofband rejection; these make them well suited for use in wireless applications such as fourth generation (4G) and fifth generation (5G) mobile terminals. With the use of active materials such as microelectromechanical systems (MEMS), varactor or p-i-n (PIN) diodes, an antenna’s characteristics can be changed through altering the current flow on the antenna structure. If an antenna is to be reconfigurable into many different states, it needs to have an adequate number of active elements. However, a large number of high-quality active elements increases cost, and necessitates complex biasing networks and control circuitry. We review some recently proposed reconfigurable antenna designs suitable for use in wireless communications such as cognitiveratio (CR), multiple-input multiple-output (MIMO), ultra-wideband (UWB), and 4G/5G mobile terminals. Several examples of antennas with different reconfigurability functions are analyzed and their performances are compared. Characteristics and fundamental properties of reconfigurable antennas with single and multiple reconfigurability modes are investigated.
  • Modelling the Mechanical and Strain Recovery Behaviour of Partially Crystalline PLA

    Sweeney, John; Spencer, Paul E.; Karthik, N.; Coates, Philip D. (MDPI, 2019-08-13)
    This is a study of the modelling and prediction of strain recovery in a polylactide. Strain recovery near the glass transition temperature is the underlying mechanism for the shape memory in an amorphous polymer. The investigation is aimed at modelling such shape memory behaviour. A PLA-based copolymer is subjected to stress-strain, stress relaxation and strain recovery experiments at large strain at 60 °C just below its glass transition temperature. The material is 13% crystalline. Using published data on the mechanical properties of the crystals, finite element modelling was used to determine the effect of the crystal phase on the overall mechanical behaviour of the material, which was found to be significant. The finite element models were also used to relate the stress-strain results to the yield stress of the amorphous phase. This yield stress was found to possess strain rate dependence consistent with an Eyring process. Stress relaxation experiments were also interpreted in terms of the Eyring process, and a two-process Eyring-based model was defined that was capable of modelling strain recovery behaviour. This was essentially a model of the amorphous phase. It was shown to be capable of useful predictions of strain recovery.
  • Observation and analysis on free surface air entrainment and single bubble movement in supercritical open channel flow

    Wei, W.; Xu, W.; Deng, J.; Guo, Yakun (2020)
    There has been little study on the microscopic bubble entrainment and diffusion process on the high-speed self-aerated flows although the problem under investigation is theoretically important and has important engineering application. This study presents an experimental investigation on visual processes of free surface air entrainment and single bubble diffusion in supercritical open channel flows. The typical surface deformation, single air bubble rising and penetration are recorded using a high-speed camera system. Results show that for a single bubble formation process, surface entrapment development and bubble entrainment through a deformation evolution underneath the free surface are the two main features. The shape variation of local surface deformation with time follows an identical power law for different bubble size generations. The entrained bubble size depends on both size scale and shape of entrapped free surface. As the single bubble moves downstream, its longitudinal velocity is approximately the same as that of water flow surrounded it, while its vertical velocity for rising and penetration increases with the increase of the water flow velocity. An empirical-linear relationship for the bubble rising and penetration velocity with water flow velocity is obtained. This study demonstrates that the microscopic bubble movement can improve the self-aeration prediction in the open channel flow and advance the knowledge of our understanding of the macroscopic and microscopic air–water properties in hydraulic engineering.
  • Investigation of array layout of tidal stream turbines on energy extraction efficiency

    Zhang, C.; Zhang, J.; Tong, L.; Guo, Yakun; Zhang, P. (2020)
    A two-dimensional model based on OpenTidalFarm is applied to simulate tidal stream flow around turbines. The model is governed by shallow water equations and is able to optimize the layout of the deployed turbine array in terms of maximizing the energy outputs. Three turbine array layouts including two structured layouts (regular and staggered) and one unstructured layout (optimized) are simulated to investigate the effect of turbine layouts on energy extraction. The present study shows that more energy could be extracted when lateral spacing decreases and longitudinal spacing increases within the same domain, namely the effective turbine layout is to deploy more turbines in the first row to extract energy from undisturbed tidal stream, while larger longitudinal spacing will make it possible for tidal stream to recover more before reaching the next turbines row. Taking the tidal stream turbines array around Zhoushan Islands as a case study, results show that the optimized layout can extract 106.8% energy of that extracted by the regular and staggered layout for a full tide in the same marine area. Additionally, the turbine array has a great influence on tidal stream velocities immediately behind the array and has little effect on far-field wake flow.
  • Graded possibilistic clustering of non-stationary data streams

    Abdullatif, Amr R.A.; Masulli, F.; Rovetta, S.; Cabri, A. (Springer, Cham, 2017-02)
    Multidimensional data streams are a major paradigm in data science. This work focuses on possibilistic clustering algorithms as means to perform clustering of multidimensional streaming data. The proposed approach exploits fuzzy outlier analysis to provide good learning and tracking abilities in both concept shift and concept drift.
  • Layered ensemble model for short-term traffic flow forecasting with outlier detection

    Abdullatif, Amr R.A.; Rovetta, S.; Masulli, F. (2016-11)
    Real time traffic flow forecasting is a necessary requirement for traffic management in order to be able to evaluate the effects of different available strategies or policies. This paper focuses on short-term traffic flow forecasting by taking into consideration both spatial (road links) and temporal (lag or past traffic flow values) information. We propose a Layered Ensemble Model (LEM) which combines Artificial Neural Networks and Graded Possibilistic Clustering obtaining an accurate forecast of the traffic flow rates with outlier detection. Experimentation has been carried out on two different data sets. The former was obtained from real UK motorway and the later was obtained from simulated traffic flow on a street network in Genoa (Italy). The proposed LEM model for short-term traffic forecasting provides promising results and given the ability for outlier detection, accuracy, robustness of the proposed approach, it can be fruitful integrated in traffic flow management systems.
  • Security threats to critical infrastructure: the human factor

    Ghafir, Ibrahim; Saleem, J.; Hammoudeh, M.; Faour, H.; Prenosil, V.; Jaf, S.; Jabbar, S.; Baker, T. (2018-10)
    In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.
  • Remote access capability embedded in linked data using bi-directional transformation: issues and simulation

    Malik, K.R.; Farhan, M.; Habib, M.A.; Khalid, S.; Ahmad, M.; Ghafir, Ibrahim (2018-04)
    Many datasets are available in the form of conventional databases, or simplified comma separated values. The machines do not adequately handle these types of unstructured data. There are compatibility issues as well, which are not addressed well to manage the transformation. The literature describes several rigid techniques that do the transformation from unstructured or conventional data sources to Resource Description Framework (RDF) with data loss and limited customization. These techniques do not present any remote way that helps to avoid compatibility issues among these data forms simultaneous utilization. In this article, a new approach has been introduced that allows data mapping. This mapping can be used to understand their differences at the level of data representations. The mapping is done using Extensible Markup Language (XML) based data structures as intermediate data presenter. This approach also allows bi-directional data transformation from conventional data format and RDF without data loss and with improved remote availability of data. This is a solution to the issue concerning update when dealing with any change in the remote environment for the data. Thus, traditional systems can easily be transformed into Semantic Web-based system. The same is true when transforming data back to conventional data format, i.e. Database (DB). This bidirectional transformation results in no data loss, which creates compatibility between both traditional and semantic form of data. It will allow applying inference and reasoning on conventional systems. The census un-employment dataset is used which is being collected from US different states. Remote bi-directional transformation is mapped on the dataset and developed linkage using relationships between data elements. This approach will help to handle both types of data formats to co-exist at the same time, which will create opportunities for data compatibility, statistical powers and inference on linked data found in remote areas.
  • A new Linux based TCP congestion control mechanism for long distance high bandwidth sustainable smart cities

    Mudassar, A.; Asri, N.M.; Usman, A.; Amjad, K.; Ghafir, Ibrahim; Arioua, M. (2018-02)
    People, systems, and things in the cities generate large amount of data which is considered to be the most scalable asset of any smart city. Linux users are rapidly increased in last few years, and many large multinational organizations are deploying long distance high bandwidth (LDHB) cloud networks for centralizing the data from various smart cities on a central location. TCP is responsible for reliable communication of data in these cloud networks. For reliability communication among various smart cities, a number of TCP congestion control mechanisms have been developed in the past. TCP Compound, TCP Fusion, and TCP CUBIC are the default TCP congestion control mechanisms for Microsoft Windows, Sun Solaris, and Linux operating systems respectively. The response function of TCP CUBIC is higher than the response function of Standard TCP, which is a trademark congestion control mechanism. As a result, TCP CUBIC does not behave friendly with Standard TCP in LDHB cloud networks. The Congestion Window (cwnd) reduction and growth of TCP CUBIC is very aggressive, which causes high packet loss rate and unfair share of available link bandwidth among competing flows from various smart cities. The aim of this research is to design a new TCP congestion control mechanism for Linux operating system to achieve maximum performance in LDHB cloud networks being used by smart cities. In this paper, congestion control module for slow start (CCM-SS) is designed by increasing the lower boundary limit of cwnd size in slow start phase of communication. Congestion control module for loss event (CCM-LE) is designed by increasing the cwnd reduction rate at each packet loss event and finally Advance Response Function for TCP CUBIC (ARFC) is proposed to design a new congestion control mechanism for Linux operating system. NS-2 is used to compare the performance of TCP CUBIC* with TCP CUBIC in short distance high bandwidth (SDHB) and long distance high bandwidth (LDHB) cloud networks. Results show that TCP CUBIC* has outperformed in LDHB networks, at least by a factor of 18% as compared to TCP CUBIC.
  • BotDet: a system for real time Botnet command and control traffic detection

    Ghafir, Ibrahim; Prenosil, V.; Hammoudeh, M.; Baker, T.; Jabbar, S.; Khalid, S.; Jaf, S. (2018-06)
    Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed system: 1) we have developed four detection modules to detect different possible techniques used in botnet C&C communications and 2) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6%, respectively. Furthermore, it proves BotDet capability of real time detection.
  • A basic probability assignment methodology for unsupervised wireless intrusion detection

    Ghafir, Ibrahim; Kyriakopoulos, K.G.; Aparicio-Navarro, F.J.; Lambotharan, S.; Assadhan, B.; Binsalleeh, A.H. (2018-07-11)
    The broadcast nature of wireless local area networks has made them prone to several types of wireless injection attacks, such as Man-in-the-Middle (MitM) at the physical layer, deauthentication, and rogue access point attacks. The implementation of novel intrusion detection systems (IDSs) is fundamental to provide stronger protection against these wireless injection attacks. Since most attacks manifest themselves through different metrics, current IDSs should leverage a cross-layer approach to help toward improving the detection accuracy. The data fusion technique based on the Dempster–Shafer (D-S) theory has been proven to be an efficient technique to implement the cross-layer metric approach. However, the dynamic generation of the basic probability assignment (BPA) values used by D-S is still an open research problem. In this paper, we propose a novel unsupervised methodology to dynamically generate the BPA values, based on both the Gaussian and exponential probability density functions, the categorical probability mass function, and the local reachability density. Then, D-S is used to fuse the BPA values to classify whether the Wi-Fi frame is normal (i.e., non-malicious) or malicious. The proposed methodology provides 100% true positive rate (TPR) and 4.23% false positive rate (FPR) for the MitM attack and 100% TPR and 2.44% FPR for the deauthentication attack, which confirm the efficiency of the dynamic BPA generation methodology.
  • Detection of advanced persistent threat using machine-learning correlation analysis

    Ghafir, Ibrahim; Hammoudeh, M.; Prenosil, V.; Han, L.; Hegarty, R.; Rabie, K.; Aparicio-Navarro, F.J. (2018-12)
    As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.
  • Hidden Markov models and alert correlations for the prediction of advanced persistent threats

    Ghafir, Ibrahim; Kyriakopoulos, K.G.; Lambotharan, S.; Aparicio-Navarro, F.J.; Assadhan, B.; Binsalleeh, H.; Diab, D.M. (2019-07)
    Cyber security has become a matter of a global interest, and several attacks target industrial companies and governmental organizations. The advanced persistent threats (APTs) have emerged as a new and complex version of multi-stage attacks (MSAs), targeting selected companies and organizations. Current APT detection systems focus on raising the detection alerts rather than predicting APTs. Forecasting the APT stages not only reveals the APT life cycle in its early stages but also helps to understand the attacker's strategies and aims. This paper proposes a novel intrusion detection system for APT detection and prediction. This system undergoes two main phases; the first one achieves the attack scenario reconstruction. This phase has a correlation framework to link the elementary alerts that belong to the same APT campaign. The correlation is based on matching the attributes of the elementary alerts that are generated over a configurable time window. The second phase of the proposed system is the attack decoding. This phase utilizes the hidden Markov model (HMM) to determine the most likely sequence of APT stages for a given sequence of correlated alerts. Moreover, a prediction algorithm is developed to predict the next step of the APT campaign after computing the probability of each APT stage to be the next step of the attacker. The proposed approach estimates the sequence of APT stages with a prediction accuracy of at least 91.80%. In addition, it predicts the next step of the APT campaign with an accuracy of 66.50%, 92.70%, and 100% based on two, three, and four correlated alerts, respectively.

View more