Steve Woodhead

Electrostatic modelling and measurement of airborne particles concentration

Granular airborne particles generally carry very small amounts of electric charge as a consequence of charging by the triboelectric effect. The presence of such particles induces charge of opposite polarity on a stationary conducting electrode. The amount of charge carried by the particles and the trajectories of the particles have significant random components and the signals produced are of very low level. The signal processing is further complicated by the random variation in the concentration of particles, i.e., the solid/gas ratio. This paper compares the results obtained from the electrostatic modelling of such sensors with those obtained from experiments.

The electrostatic charging trends and signal frequency analysis of a particulate material during pneumatic conveying

The charging of particulate materials due to contact with the inside surface of a pipeline wall (triboelectrification) during pneumatic conveying is common in bulk solids handling equipment. Electrostatic discharge from particulate materials in a transport line can lead to fire and explosion hazards. Conversely, the phenomenon of electrostatic charge can be utilized to measure particle flow. At present there is only a very limited amount of experimental data available to describe the triboelectric charging properties of particulate materials under known flow conditions. This paper reports work undertaken to investigate the electrostatic charging properties of olivine sand. A purpose-built rig has been developed to observe such charging tendencies for a range of suspension densities, conveying velocities and test materials. Tests involved the indirect observation and recording of charge on the particles at specific locations within the test pipeline.

Solid phase velocity measurements utilising electrostatic sensors and cross correlation signal processing

Gas-solids two phase systems are widely employed within process plant in the form of pneumatic conveyors, dust extraction systems and solid fuel injection systems. The measurement of solids phase velocity therefore has wide potential application in flow monitoring and, in conjunction with density measurement instrumentation, solids mass flow rate measurement. Historically, a number of authors have detailed possible measurement techniques, and some have published limited test results. It is, however, apparent that none of these technologies have found wide application in industry. Solids phase velocity measurements were undertaken using real time cross correlation of signals from two electrostatic sensors spaced axially along a pipeline conveying pulverised coal (PF). Details of the measurement equipment, the pilot scale test rig and the test results are presented.

Laser Doppler velocimetry measurements of particle velocity profiles in gas-solid two-phase flows

The measurement of particle velocities in two-phase gas-solid systems has a wide application in flow monitoring in process plant, where two-phase gas-solids systems are frequently employed in the form of pneumatic conveyors and solid fuel injection systems. Such measurements have proved to be difficult to make reliably in industrial environments. This paper details particle velocity measurements made in a two phase gas-solid now utilising a laser Doppler velocimetry system. Tests were carried out using both wheat flour and pulverised coal as the solids phase, with air being used as the gaseous phase throughout. A pipeline of circular section, having a diameter of 53 mm was used for the test work, with air velocities ranging from 25 to 45 m/s and suspension densities ranging from 0.001 kg to 1 kg of solids per cubic meter of air. Details of both the test equipment used, and the results of the measurements are presented.

A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing

The cyber epidemiological analysis of computer worms has emerged a key area of research in the field of cyber security. In order to understand the epidemiology of computer worms; a network daemon is required to empirically observe their infection and propagation behavior. The same facility can also be employed in testing candidate worm countermeasures. In this paper, we present the architecture and design of Pseudo-Worm Daemon; termed (PWD), which is designed to perform true random scanning and hit-list worm like functionality. The PWD is implemented as a proof-of-concept in C programming language. The PWD is platform independent and can be deployed on any host in an enterprise network. The novelty of this worm daemon includes; its UDP based propagation, a user-configurable random scanning pool, ability to contain a user defined hit-list, authentication before infecting susceptible hosts and efficient logging of time of infection. Furthermore, this paper presents experimentation and analysis of a Pseudo-Witty worm by employing the PWD with real Witty worm outbreak attributes. The results obtained by Pseudo-Witty worm outbreak are quite comparable to real Witty worm outbreak; which are further quantified by using the Susceptible Infected (SI) model.

Containment of Fast Scanning Computer Network Worms

This paper presents a mechanism for detecting and containing fast scanning computer network worms. The countermeasure mechanism, termed NEDAC, uses a behavioural detection technique that observes the absence of DNS resolution in newly initiated outgoing connections. Upon detection of abnormal behaviour by a host, based on the absence of DNS resolution, the detection system then invokes a data link containment system to block traffic from the host. The concept has been demonstrated using a developed prototype and tested in a virtualised network environment. An empirical analysis of network worm propagation has been conducted based on the characteristics of reported contemporary vulnerabilities to test the capabilities of the countermeasure mechanism. The results show that the developed mechanism is sensitive in detecting and blocking fast scanning worm infection at an early stage.

A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing

Computer network worms are one of the most significant malware threats and have gained wide attention due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. In order to detect and defend against network worms, a safe and convenient environment is required to closely observe their infection and propagation behaviour. The same facility can also be employed in testing candidate worm countermeasures. This paper presents the design, implementation and commissioning of a novel virtualized malware testing environment, based on virtualization technologies provided by VMware and open source software. The novelty of this environment is its scalability of running virtualised hosts, high fidelity, confinement, realistic traffic generation, and efficient log file creation. This paper also presents the results of an experiment involving the launch of a Slammer-like worm on the testbed to show its propagation behaviour.

A large-scale zero-day worm simulator for cyber-epidemiological analysis

The cost of a single zero-day network worm outbreak has been estimated at US

An efficient authenticated-encryption with associated-data block cipher mode for wireless sensor networks

2.6 billion. Additionally zero-day worm outbreaks have been observed to spread at a significant pace across the global Internet, with an observed infection proportion of more than 90 percent of vulnerable hosts within 10 minutes. The threat posed by such fast-spreading malware is therefore significant, particularly given the fact that network operator / administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections. An accepted tool that is used in researching the threat presented by zero-day worms is the use of simulation systems. However when considering zero-day worm outbreaks on the Internet there are persistent issues of scale and fidelity. The Internet Worm Simulator (IWS) reported in this paper is designed to address these issues by presenting a novel simulation method that, on a single workstation, can simulate an entire IPv4 address space on a node-by-node basis. Being able to simulate such a large-scale network enables the further analysis of characteristics identified from worm analysis. As IWS does not rely on mathematical approximation, the epidemiological attributes identified from real-world data can be tested for zero-day worm outbreaks on the Internet. Experimentation indicates that IWS is able to accurately simulate and corroborate with reported characteristics of two previous zero-day worm outbreaks. It is intended that, in future, IWS may be used to aid both in the analysis of previous worm outbreaks and the testing of hypothetical zero-day worm outbreak scenarios.

On Efficient Data Integrity and Data Origin Authentication for Wireless Sensor Networks Utilising Block Cipher Design Techniques

This paper begins by presenting an analysis of the current generic schemes utilising block cipher design techniques for the provision of authenticated encryption with associated data (AEAD) security services in communication protocols. Such protocols are commonly applied in wireless sensor networks. The conclusions of this analysis are used in the design of a resourceful AEAD construct, which we term Simultaneous Combined Mode Algorithm (SCMA). Using software simulation we show that our construct can achieve improvements in processing energy requirement, processing latency and data throughput when benchmarked against the analysed schemes.