Your search keyword '"Andrew Crampton"' showing total 12 results

1. Password policy characteristics and keystroke biometric authentication

Author

Na Liu, Simon Parkinson, Andrew Crampton, Qing Xu, Kyle Dakin, Saad Khan, and Weizhi Xie

Subjects

Password policy, Biometrics, Computer science, Electronic computers. Computer science, Signal Processing, Computer Vision and Pattern Recognition, QA75.5-76.95, Keystroke logging, Computer security, computer.software_genre, computer, Software, Authentication (law)

Abstract

Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a known phrase. Many studies exist in keystroke biometrics, but there is an absence of literature aiming to understand the relationship between characteristics of password policies and the potential of keystroke biometrics. Furthermore, benchmark datasets used in keystroke biometric research do not enable useful insights into the relationship between their capability and password policy. Herein, substitutions of uppercase, numeric, special characters, and their combination of passwords derived from English words are considered. Timings for 42 participants for the same 40 passwords are acquired. A matching system using the Manhattan distance measure with seven different feature sets is implemented, culminating in an Equal Error Rate of between 6% and 11% and accuracy values between 89% and 94%, demonstrating comparable accuracy to other threshold‐based systems. Further analysis suggests that the best feature sets are those containing all timings and trigraph press to press. Evidence also suggests that phrases containing fewer characters have greater accuracy, except for those with special character substitutions.

Published

2021

2. Robust data expansion for optimised modelling using adaptive neuro-fuzzy inference systems

Author

Andrew Crampton, Jennifer Carter, Samer Mohammed Jaber Mubarak, and Simon Parkinson

Subjects

Adaptive neuro fuzzy inference system, Network complexity, Artificial neural network, Neuro-fuzzy, Computer science, General Engineering, Robust statistics, Inference, computer.software_genre, Fuzzy logic, Computer Science Applications, Artificial Intelligence, Radial basis function, Data mining, computer

Abstract

This work focuses on the problem of constructing accurate prediction models using an adaptive neuro-fuzzy inference system (ANFIS) from data that are scarce and poorly scaled. Many real-world problems have limited data to work with and yet require models with high prediction accuracy. Due to the fuzzy nature of many data sets, it is appropriate to construct prediction models using fuzzy inference systems (FIS), rather than traditional artificial neural network (ANN) models. However, the scarcity of the data raises serious concerns when attempting to construct models of this type. In this paper, we address the problem of constructing accurate prediction models using ANFIS in circumstances where capturing large amounts of data is difficult. We propose a new approach, using robust data expansion methods to enhance the data carefully. This approach provides the learning algorithm with enough representative data to allow all of the parameters (premise and consequent) to be optimised. We compare and contrast the effectiveness in reducing prediction error for three specific expansion models using radial basis function (RBF) kernels. When expanding data, for which the underlying smoothness properties are not known, there is often a danger of over-smoothing. This is usually noticeable at turning points and can occur when fitting the data using polynomials or cubic splines for example. To avoid over-smoothing, we introduce a modified multiquadric approach that allows smooth, near-interpolation while maintaining the desirable shape-preserving properties of the data. The proposed method is explained through two case studies — the first to predict gasoline consumption for the oil/fuel industry in Iraq and the second for predicting natural gas consumption in Iran. This is the first study that uses adjustable, shape-preserving re-sampling methods for optimising ANFIS models in low data environments.

Published

2022

3. Information Extraction for Additive Manufacturing Using News Data

Author

Neha Sehgal and Andrew Crampton

Subjects

Information extraction, Open data, Matching (statistics), Information retrieval, Web mining, Named-entity recognition, Machine translation, Computer science, Question answering, Key (cryptography), computer.software_genre, computer

Abstract

Recognizing named entities like Person, Organization, Locations and Date are very useful for web mining. Named Entity Recognition (NER) is an emerging research area which aims to address problems such as Machine Translation, Question Answering Systems and Semantic Web Search. The study focuses on proposing a methodology based on the integration of an NER system and Text Analytics to provide information necessary for business in Additive Manufacturing. The study proposes a foundation of utilizing the Stanford NER system for tagging news data related to the keywords “Additive Manufacturing”. The objective is to first derive the organization names from news data. This information is useful to define the digital footprints of an organization in the Additive Manufacturing sector. The existence of an organization derived using the NER approach is validated by matching their names with companies listed on the Companies House portal. The organization names will be matched using a Fuzzy-based text matching algorithm. Further information on company profile, officers and key financial data is extracted to provide information about companies interested and working within the Additive Manufacturing sector. This data gives an insight into which companies have digital footprints in the Additive Manufacturing sector within the UK.

Published

2019

4. Classifying Ransomware Using Machine Learning Algorithms

Author

Samuel Egunjobi, Simon Parkinson, and Andrew Crampton

Subjects

050101 languages & linguistics, business.industry, Computer science, 05 social sciences, Confusion matrix, 02 engineering and technology, Machine learning, computer.software_genre, Random forest, Support vector machine, Naive Bayes classifier, Test set, 0202 electrical engineering, electronic engineering, information engineering, Ransomware, Malware, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Sensitivity (control systems), Artificial intelligence, business, Algorithm, computer

Abstract

Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naive Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden’s index to determine sensitivity and specificity.

Published

2019

5. A Multi-layered Cloud Protection Framework

Author

Simon Parkinson, Andrew Crampton, and Saad Khan

Subjects

021110 strategic, defence & security studies, Service (systems architecture), Authentication, Multitenancy, Cloud computing security, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Virtualization, computer.software_genre, Computer security, 0202 electrical engineering, electronic engineering, information engineering, Unavailability, business, computer

Abstract

Cloud computing has many commercial advantages; however, companies tend to avoid trusting cloud service providers (CSPs) with their sensitive data because of the associated risks. Cloud infrastructures can be vulnerable due to a single flaw in any node with networking, computing, storage and authentication services capabilities, which can result in the exposure of vulnerabilities with severe consequences. This paper reviews various recent articles and determines the most prominent security challenges. The paper also includes the critical analysis of existing solutions to determine their limitations. Using these identified limitations, a multi-layered security framework is proposed that can be integrated within cloud components to resolve data, virtualization, access control, insiders and service unavailability challenges. A theoretical evaluation of the framework is also conducted to explore its benefits.

Published

2017

6. Identification of irregularities and allocation suggestion of relative file system permissions

Author

Simon Parkinson and Andrew Crampton

Subjects

File system, Structure (mathematical logic), Decision support system, Database, Computer Networks and Communications, business.industry, Computer science, Access control, 02 engineering and technology, Directory, computer.software_genre, Computer security, QA76, Identification (information), Self-certifying File System, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, File system permissions, Safety, Risk, Reliability and Quality, business, computer, Software

Abstract

It is well established that file system permissions in large, multi-user environments can be audited to identify vulnerabilities with respect to what is regarded as standard practice. For example, identifying that a user has an elevated level of access to a system directory which is unnecessary and introduces a vulnerability. Similarly, the allocation of new file system permissions can be assigned following the same standard practices. On the contrary, and less well established, is the identification of potential vulnerabilities as well as the implementation of new permissions with respect to a system's current access control implementation. Such tasks are heavily reliant on expert interpretation. For example, the assigned relationship between users and groups, directories and their parents, and the allocation of permissions on file system resources all need to be carefully considered.\ud \ud This paper presents the novel use of statistical analysis to establish independence and homogeneity in allocated file system permissions. This independence can be interpreted as potential anomalies in a system's implementation of access control. The paper then presents the use of instance-based learning to suggest the allocation of new permissions conforming to a system's current implementation structure. Following this, both of the presented techniques are then included in a tool for interacting with Microsoft's New Technology File System (NTFS) permissions. This involves experimental analysis on six different NTFS directory structures within different organisations. The effectiveness of the developed technique is then established through analysing the true positive and true negative values. The presented results demonstrate the potential of the proposed techniques for overcoming complexities with real-world file system administration

Published

2016

7. Automatic planning for machine tool calibration: A case study

Author

Andrew P. Longstaff, Simon Parkinson, Simon Fletcher, Peter Gregory, and Andrew Crampton

Subjects

business.product_category, Calibration (statistics), Computer science, business.industry, Emphasis (telecommunications), General Engineering, Plan (drawing), Planning Domain Definition Language, Machine learning, computer.software_genre, Industrial engineering, QA76, Computer Science Applications, Machine tool, TA, Work (electrical), Artificial Intelligence, Instrumentation (computer programming), Artificial intelligence, Duration (project management), business, computer

Abstract

Machine tool owners require knowledge of their machine’s capabilities, and the emphasis increases with\ud areas of high accuracy manufacturing. An aspect of a machine’s capability is its geometric accuracy. International\ud Standards and best-practice guides are available to aid understanding of the required measurements\ud and to advise on how to perform them. However, there is an absence of any intelligent method\ud capable of optimising the duration of a calibration plan, minimising machine down-time. In this work,\ud artificial intelligence in the form of automated planning is applied to the problem of machine tool\ud pseudo-static geometric error calibration. No prior knowledge of Artificial Intelligence (AI) planning is\ud required throughout this paper. The authors have written this paper for calibration engineers to see\ud the benefits that automated planning can provide. Two models are proposed; the first produces a sequential\ud calibration plan capable of finding the optimal calibration plan. The second model has the additional\ud possibility of planning for concurrent measurements, adding the possibility of further reducing machine\ud down-time. Both models take input regarding a machine’s configuration and available instrumentation.\ud The efficacy of both models is evaluated by performing a case study of a five-axis gantry machine,\ud whereby calibration plans are produced and compared against both an academic and industrial expert.\ud From this, the effectiveness of this novel method for producing optimal calibration plan is evaluated,\ud stimulating potential for future work.

Published

2012

8. GraphBAD: A general technique for anomaly detection in security information and event management

Author

Shirin Sohrabi, Mauro Vallati, Andrew Crampton, and Simon Parkinson

Subjects

Computer Networks and Communications, Computer science, 02 engineering and technology, Audit, Computer security, computer.software_genre, Security information and event management, Computer Science Applications, Theoretical Computer Science, Computational Theory and Mathematics, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), Domain knowledge, 020201 artificial intelligence & image processing, Anomaly detection, computer, Software

Abstract

The reliance on expert knowledge—required for analysing security logs and performing security audits—has created an unhealthy balance, where many computer users are not able to correctly audit their security configurations and react to potential security threats. The decreasing cost of IT and the increasing use of technology in domestic life are exacerbating this problem, where small companies and home IT users are not able to afford the price of experts for auditing their system configuration. In this paper, we present GraphBAD, a graph-based analysis tool that is able to analyse security configurations in order to identify anomalies that could lead to potential security risks. GraphBAD, which does not require any prior domain knowledge, generates graph-based models from security configuration data and, by analysing such models, is able to propose mitigation plans that can help computer users in increasing the security of their systems. A large experimental analysis, conducted on both publicly available (the well-known KDD dataset) and synthetically generated testing sets (file system permissions), demonstrates the ability of GraphBAD in correctly identifying security configuration anomalies and suggesting appropriate mitigation plans.

Published

2018

9. ASCoL: A Tool for Improving Automatic Planning Domain Model Acquisition

Author

Diane E. Kitchin, Mauro Vallati, Rabia Jilani, and Andrew Crampton

Subjects

business.industry, Computer science, Domain model, computer.software_genre, Business domain, Feature-oriented domain analysis, Domain (software engineering), Intelligent agent, Problem domain, Domain engineering, Domain analysis, Artificial intelligence, business, computer

Abstract

Intelligent agents solving problems in the real world require domain models containing widespread knowledge of the world.

Published

2015

10. Underestimation vs Overestimation in SAT-based Planning

Author

Mauro Vallati, Andrew Crampton, Lukáš Chrpa, Baldoni, Matteo, Baroglio, Cristina, Boella, Guido, and Micalizio, Roberto

Subjects

QA75, Mathematical optimization, Exploit, Computer science, Plan (drawing), Planner, Satisfiability, QA76, Satplan, Decision system, Fixed length, Conjunctive normal form, Algorithm, computer, computer.programming_language

Abstract

Planning as satisfiability is one of the main approaches to finding parallel optimal solution plans for classical planning problems. Existing high performance SAT-based planners are able to exploit either forward or backward search\ud strategy; starting from an underestimation or overestimation of the optimal plan length, they keep increasing or decreasing the estimated plan length and, for each fixed length, they either find a solution or prove the nsatisfiability of the corresponding SAT instance.\ud In this paper we will discuss advantages and disadvantages of the underestimating and overestimating techniques, and we will propose an effective online decision system for selecting the most appropriate technique for solving a given planning problem. Finally, we will experimentally show that the exploitation of such a decision system improves the performance of the well known SAT-based planner SatPlan.

Published

2013

11. A Novel Software Tool for Analysing NT® File System Permissions

Author

Simon Parkinson and Andrew Crampton

Subjects

QA75, FOS: Computer and information sciences, File system, General Computer Science, Database, business.industry, Computer science, Computer file, Access control, computer.software_genre, Unix file types, QA76, Task (project management), Software Engineering (cs.SE), Computer Science - Software Engineering, Software, Operating system, File system permissions, business, Transactional NTFS, computer

Abstract

Administrating and monitoring New Technology File System (NTFS) permissions can be a cumbersome and convoluted task. In today’s data rich world there has never been a more important time to ensure that data is secured against unwanted access. This paper identifies the essential and fundamental requirements of access control, highlighting the main causes of their misconfiguration within the NTFS. In response, a number of features are identified and an efficient, informative and intuitive software-based solution is proposed for examining file system permissions. In the first year that the software has been made freely available it has been downloaded and installed by over four thousand users1.

Published

2013

12. Associating Families of Curves Using Feature Extraction and Cluster Analysis

Author

Chris J. Talbot, Jane L. Terry, and Andrew Crampton

Subjects

business.industry, Feature vector, Feature matrix, Feature extraction, Cluster (physics), Pattern recognition, Artificial intelligence, Data mining, business, computer.software_genre, computer, Mathematics

Published

2006