Muhammad Salman Khan

First Results From a High-Resolution Small Animal SiPM PET Insert for PET/MR Imaging at 7T

We present the initial results from a small animal PET insert designed to be operated inside a 7T MRI. The insert fits within the 114 mm inner diameter of the Bruker BGA-12S gradient coil while accommodating the Bruker 35 mm volume RF coil (outer diameter 60 mm), both used in the Bruker 70/20 MRI systems. The PET insert is a ring comprising 16 detectors. Each detector has a dual-layer offset (DLO) lutetium-yttrium oxyorthsilicate (LYSO) scintillator array read out by two SensL SPMArray4B SiPM arrays. The DLO scintillator has bottom (top) layers of: 22 × 10 (21 × 9) crystals of size 1.2 × 1.2 × 6 (4) mm3 for a total of 409 crystals per block, providing an axial extent of 28.17 mm. The detector outputs are multiplexed to four signals using a custom readout board and digitized using the OpenPET data acquisition platform. The detector flood images successfully resolve over 99% of the crystals, with average energy resolution of 12.5 ± 2.0% at 511 keV. Testing of the PET system inside the MRI showed that the PET insert had no effect on MRI image homogeneity and only a small effect on echo planar images (EPI) signal to noise ratio (SNR) (-9%), with neither PET nor MRI images showing obvious artefacts. These acquisitions used the OpenPET operating in “oscilloscope mode” with USB2.0 interface, allowing a maximum total singles event rate of 280 kcps, strongly limiting the count rate capabilities of the system. The PET radial spatial resolution (as measured with a 22Na point source and FBP-3DRP reconstruction) is 1.17 mm at the centre, degrading to 1.86 mm at a 15 mm radial offset. Simultaneous phantom and mouse PET/MR imaging produced good quality images that were free of any obvious artefacts.

Multifractal Singularity Spectrum for Cognitive Cyber Defence in Internet Time Series

Growing global dependence over cyberspace has given rise to intelligent malicious threats due to increasing network complexities, inherent vulnerabilities embedded within the software and the limitations of existing cyber security systems to name a few. Malicious cyber actors exploit these vulnerabilities to carry out financial fraud, steal intellectual property and disrupt the delivery of essential online services. Unlike physical security, cyberspace is very difficult to secure due to the replacement of traditional computing platforms with sophisticated cloud computing and virtualization. These complex systems exhibit an increasing degree of complexity in tracking an attack or monitoring possible threats which is becoming intractable with the existing security firewalls and intrusion detection systems. In this paper, authors present a novel complexity detection technique using generalized multifractal singularity spectrum which is able to not only capture the growing complexity of the internet time series but also distinguishes the presence of an attack accurately.

Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification

Advanced Persistent Threats (APTs) are a new breed of internet based smart threats, which can go undetected with the existing state of-the-art internet traffic monitoring and protection systems. With the evolution of internet and cloud computing, a new generation of smart APT attacks has also evolved and signature based threat detection systems are proving to be futile and insufficient. One of the essential strategies in detecting APTs is to continuously monitor and analyze various features of a TCP/IP connection, such as the number of transferred packets, the total count of the bytes exchanged, the duration of the TCP/IP connections, and details of the number of packet flows. The current threat detection approaches make extensive use of machine learning algorithms that utilize statistical and behavioral knowledge of the traffic. However, the performance of these algorithms is far from satisfactory in terms of reducing false negatives and false positives simultaneously. Mostly, current algorithms focus on reducing false positives, only. This paper presents a fractal based anomaly classification mechanism, with the goal of reducing both false positives and false negatives, simultaneously. A comparison of the proposed fractal based method with a traditional Euclidean based machine learning algorithm (k-NN) shows that the proposed method significantly outperforms the traditional approach by reducing false positive and false negative rates, simultaneously, while improving the overall classification rates.

MR-compatibility of a high-resolution small animal PET insert operating inside a 7 T MRI.

A full-ring PET insert consisting of 16 PET detector modules was designed and constructed to fit within the 114 mm diameter gradient bore of a Bruker 7 T MRI. The individual detector modules contain two silicon photomultiplier (SiPM) arrays, dual-layer offset LYSO crystal arrays, and high-definition multimedia interface (HDMI) cables for both signal and power transmission. Several different RF shielding configurations were assessed prior to construction of a fully assembled PET insert using a combination of carbon fibre and copper foil for RF shielding. MR-compatibility measurements included field mapping of the static magnetic field (B 0) and the time-varying excitation field (B 1) as well as acquisitions with multiple pulse sequences: spin echo (SE), rapid imaging with refocused echoes (RARE), fast low angle shot (FLASH) gradient echo, and echo planar imaging (EPI). B 0 field maps revealed a small degradation in the mean homogeneity (+0.1 ppm) when the PET insert was installed and operating. No significant change was observed in the B 1 field maps or the image homogeneity of various MR images, with a 9% decrease in the signal-to-noise ratio (SNR) observed only in EPI images acquired with the PET insert installed and operating. PET detector flood histograms, photopeak amplitudes, and energy resolutions were unchanged in individual PET detector modules when acquired during MRI operation. There was a small baseline shift on the PET detector signals due to the switching amplifiers used to power MRI gradient pulses. This baseline shift was observable when measured with an oscilloscope and varied as a function of the gradient duty cycle, but had no noticeable effect on the performance of the PET detector modules. Compact front-end electronics and effective RF shielding led to minimal cross-interference between the PET and MRI systems. Both PET detector and MRI performance was excellent, whether operating as a standalone system or a hybrid PET/MRI.

Performance of a PET Insert for High-Resolution Small-Animal PET/MRI at 7 Tesla

We characterize a compact MR-compatible PET insert for simultaneous preclinical PET/MRI. Although specifically designed with the strict size constraint to fit inside the 114-mm inner diameter of the BGA-12S gradient coil used in the BioSpec 70/20 and 94/20 series of small-animal MRI systems, the insert can easily be installed in any appropriate MRI scanner or used as a stand-alone PET system. Methods: The insert consists of a ring of 16 detector-blocks each made from depth-of-interaction–capable dual-layer-offset arrays of cerium-doped lutetium-yttrium oxyorthosilicate crystals read out by silicon photomultiplier arrays. Scintillator crystal arrays are made from 22 × 10 and 21 × 9 crystals in the bottom and top layers, respectively, with respective layer thicknesses of 6 and 4 mm, arranged with a 1.27-mm pitch, resulting in a useable field of view 28 mm long and about 55 mm wide. Results: Spatial resolution ranged from 1.17 to 1.86 mm full width at half maximum in the radial direction from a radial offset of 0–15 mm. With a 300- to 800-keV energy window, peak sensitivity was 2.2% and noise-equivalent count rate from a mouse-sized phantom at 3.7 MBq was 11.1 kcps and peaked at 20.8 kcps at 14.5 MBq. Phantom imaging showed that features as small as 0.7 mm could be resolved. 18F-FDG PET/MR images of mouse and rat brains showed no signs of intermodality interference and could excellently resolve substructures within the brain. Conclusion: Because of excellent spatial resolvability and lack of intermodality interference, this PET insert will serve as a useful tool for preclinical PET/MR.

Fractal based adaptive boosting algorithm for cognitive detection of computer malware

Host Based Intrusion Detection Systems (HIDS) are gaining traction in discovering malicious software inside a host operating system. In this paper, the authors have developed a new cognitive host based anomaly detection system based on supervised AdaBoost machine learning algorithm. Particularly, information fractal dimension based approach is incorporated in the original AdaBoost machine learning algorithm to assign higher weight to the classifier that estimates wrong hypothesis. An agent based host sensor is developed that continuously gathers and extracts network profile of all the host processes and the modules spawned by each process of a Microsoft Windows 7 operating system. The main contributions of this paper are that a malware testing sandbox is developed using Microsoft native APIs and an information fractal (cognitive) based AdaBoost algorithm is designed and developed. Our results on empirical data set shows that the malware detection performance of the proposed algorithm outperforms original AdaBoost algorithm in detecting positives including the reduction of false negatives.

A cognitive multifractal approach to characterize complexity of non-stationary and malicious DNS data traffic using adaptive sliding window

This paper presents a cognitive feature extraction model based on scaling and multifractal dimension trajectory to analyze internet traffic time series. DNS (Domain Naming System) traffic time series is considered that contains tagged DNS Denial of Service attacks. The first step of the analysis involves transforming the DNS time series into a multifractal variance dimension trajectory keeping statistical stationarity of data intact. Then features of the trajectory are extracted to remove high variability noise. The extracted set of features indicates the presence of an attack when the denoised trajectory shows increasing variance fractal dimension. This technique is superior in finding changing patterns of a data series due to the presence of noise and denial of service attack because it is not dependent on integer dimensions and mono-scale measurement of variations in data series. Moreover, this technique provides adaptive and locally stationary windows in a highly non stationary data series.

A chaotic measure for cognitive machine classification of distributed denial of service attacks

Todays evolving cyber security threats demand new, modern, and cognitive computing approaches to network security systems. In the early years of the Internet, a simple packet inspection firewall was adequate to stop the then-contemporary attacks, such as Denial of Service (DoS), ports scans, and phishing. Since then, DoS has evolved to include Distributed Denial of Service (DDoS) attacks, especially against the Domain Name Service (DNS). DNS based DDoS amplification attacks cannot be stopped easily by traditional signature based detection mechanisms because the attack packets contain authentic data, and signature based detection systems look for specific attack-byte patterns. This paper proposes a chaos based complexity measure and a cognitive machine classification algorithm to detect DNS DDoS amplification attacks. In particular, this paper computes the Lyapunov exponent to measure the complexity of a flow of packets, and classifies the traffic as either normal or anomalous, based on the magnitude of the computed exponent. Preliminary results show the proposed chaotic measure achieved a detection (classification) accuracy of about 66%, which is greater than that reported in the literature. This approach is capable of not only detecting offline threats, but has the potential of being applied over live traffic flows using DNS filters.

A Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks

Todays evolving cyber security threats demand new, modern, and cognitive computing approaches to network security systems. In the early years of the Internet, a simple packet inspection firewall was adequate to stop the then-contemporary attacks, such as Denial of Service DoS, ports scans, and phishing. Since then, DoS has evolved to include Distributed Denial of Service DDoS attacks, especially against the Domain Name Service DNS. DNS based DDoS amplification attacks cannot be stopped easily by traditional signature based detection mechanisms because the attack packets contain authentic data, and signature based detection systems look for specific attack-byte patterns. This paper proposes a chaos based complexity measure and a cognitive machine classification algorithm to detect DNS DDoS amplification attacks. In particular, this paper computes the Lyapunov exponent to measure the complexity of a flow of packets, and classifies the traffic as either normal or anomalous, based on the magnitude of the computed exponent. Preliminary results show the proposed chaotic measure achieved a detection classification accuracy of about 98%, which is greater than that of an Artificial Neural Network. Also, contrary to available supervised machine learning mechanisms, this technique does not require any offline training. This approach is capable of not only detecting offline threats, but has the potential of being applied over live traffic flows using DNS filters.

Multiscale Hebbian neural network for cyber threat detection

The recent blaze in cyber espionage has posed unprecedented challenges to the cutting edge network intrusion detection systems in terms of accurate and precise classification of dynamically evolving threats. Along with the traditional signature based detection, the supervised and unsupervised machine learning algorithms are also being deployed to detect advance anomalies. However, due to the class overlap between the threat and legitimate data over feature space, satisfactory detection results cannot be obtained. This necessitates the introduction of cognition in the domain of cyber-security. In this paper, a wavelet based multiscale Hebbian learning approach in neural networks is introduced to address the challenge of class overlap. Contrary to inherently linear single scale Hebbian learning, the proposed methodology is able to distinguish non-linear and overlapping classification boundaries sufficiently well. A comparison of presented techniques with fundamental gradient descent based neural network shows promising results. Experimental results on simulated and real-world UNSW-NB15 dataset have been presented to support the claim.