Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry ￡ Attacks a

Evaluating the utility of the Vegetation Condition Index (VCI)for monitoring meteorological drought in TexasSteven M.Quiring *,Srinivasan GaneshDepartment of Geography,Texas A&M University,College Station,TX 77843-3147,USA1.IntroductionDrought is a complex phenomenon that is difficult to accurately quantify since its definition is spatially variant and context dependent (Quiring,2009a ).According to the American Meteoro-logical Society (2004)a meteorological drought is defined by the magnitude (with respect to normal)and duration (e.g.,weekly,monthly,seasonal,or annual time scales)of a precipitation deficit.Therefore,definitions of meteorological drought are location specific since normal precipitation is a function of the climate.Some definitions of meteorological drought focus on the length of time since the last precipitation event (e.g.,number of consecutive dry days),while others focus on the magnitude of the precipitation departure from normal.As a result,many different tools (e.g.,drought indices)have been developed for monitoring drought conditions (Quiring,2009b ).Each drought index has different data requirements and utilizes unique methods to measure drought(Heim,2002).Many of the indices that are used to measure meteorological drought,such as the Palmer Drought Severity Index (PDSI)and the Moisture Anomaly Index (Z-index)(Palmer,1965),the Standardized Precipitation Index (SPI)(McKee et al.,1993),percent normal,and deciles (Gibbs and Maher,1967),are derived using station-based measurements of temperature and precipita-tion.Although station-based indices can provide accurate point estimates of drought conditions,their accuracy and level spatial detail are a function of the density and distribution of the station network (Brown et al.,2008).Satellite-based drought indices such as the Normalized Difference Vegetation Index (NDVI)-based Vegetation Condition Index (VCI)(Kogan,1995)have proven to be a useful means for detecting drought onset and measuring the intensity,duration,and impact of drought in regions around the world (Anyamba et al.,2001;Gutman,1990;Ji and Peters,2003;Kogan,1995;Nicholson and Farrar,1994;Seiler et al.,2000;Unganai and Kogan,1998b;Wang et al.,2001).One of the main advantages of the VCI is that,because it is a satellite-based drought product,it can provide near real-time data over the globe at a relatively high spatial resolution.In addition,the VCI uses a completely independent methodology for monitoring drought,while all of the other meteorological indices rely,to some extent,on station-based meteorological data.Agricultural and Forest Meteorology 150(2010)330–339A R T I C L E I N F O Article history:Received 11April 2009Received in revised form 23November 2009Accepted 24November 2009Keywords:NDVIVegetation Condition Index DroughtPalmer Drought Severity Index Standardized Precipitation Index TexasA B S T R A C TThe relationship between the satellite-based Vegetation Condition Index (VCI)and a number of frequently used meteorological drought indices was evaluated using data from all 254Texas counties during 18growing-seasons (March to August,1982–1999).In particular,the response of the VCI was compared to that of the Palmer Drought Severity Index (PDSI),Moisture Anomaly Index (Z-index),Standard Precipitation Index (SPI),percent normal,and deciles.Overall the VCI is most strongly correlated with the 6-month SPI,9-month SPI and PDSI.This indicates that,at least over Texas,the growing-season VCI responds to prolonged moisture stress and it appears to be less sensitive to short-term precipitation deficiencies.There was also significant spatial variability in the strength of the relationship between the VCI and the meteorological drought indices.Generally,counties in northwestern and southwestern Texas had much higher correlations (R 2>0.6)than counties in eastern Texas and along the Gulf Coast (R 2<0.1).Nearly 75%of these spatial variations can be explained using a series of environmental variables.It appears that the climate region is the most important determinant of the nature of the relationship between the VCI and PDSI.Other important variables include the land use/land cover in each county,the amount of irrigation,and soil properties.These results demonstrate that care must be taken when using the VCI for monitoring drought because it is not highly correlated with station-based meteorological drought indices and it is strongly influenced by spatially varying environmental factors.ß2009Elsevier B.V.All rights reserved.*Corresponding author at:Department of Geography,Texas A&M University,MS 3147,College Station,TX 77843-3147,USA.Tel.:+19794581712;fax:+19798624487.E-mail address:squiring@ (S.M.Quiring).Contents lists available at ScienceDirectAgricultural and Forest Meteorologyj o u r n a l h o m e p a g e :w w w.e l s e v i e r.c o m /l o c a t e /a g r f o r m e tThe suitability of the NDVI and VCI for monitoring drought has been evaluated in a variety of regions around the world.Nicholson and Farrar(1994)studied the relationship between NDVI and rainfall at26weather stations in Botswana(1982–1987).They found a linear relationship between NDVI and rainfall when rainfall was below the‘saturation’threshold.Once precipitation exceeded this threshold,NDVI only increased slightly with additional rainfall(Nicholson and Farrar,1994).The magnitude of this threshold was found to vary as a function of soil type.Kogan(1997)found that the VCI was strongly correlated with agricultural production in South America,Africa,Asia,North America,and Europe,particularly during the critical periods of crop growth.For example,the relationship between the VCI and corn yield in some regions in Argentina was as high as0.92(Kogan, 1997).Unganai and Kogan(1998a)carried out a more detailed analysis of the relationship between the VCI and corn yield(e.g., agricultural drought)in southern Africa.They found that the VCI explained between46and83%of the variance in corn yields.The authors conclude that satellites can be used to detect,monitor and map agricultural droughts and that the VCI is suitable for early assessment of corn yields in Zimbabwe(Unganai and Kogan, 1998a).Gitelson et al.(1998)examined the relationship between the VCI and crop growth at six sites in Kazakhstan that spanned a range of climate zones.On average the VCI explained76%of the variations in crop density(number of plants per square meter)and the performance of the VCI was consistent across the six sites (Gitelson et al.,1998).Dabrowska-Zielinska et al.(2002)also tested the suitability of the VCI and Temperature Condition Index (TCI)for modeling crop yield models in Poland.They found that their models had a mean error of approximately4%and that the TCI was superior to the VCI for modeling crop yields in Poland (Dabrowska-Zielinska et al.,2002).Wang et al.(2001)examined the relationship between NDVI and precipitation variability in Kansas.During the summer,the correlation was strongest when precipitation was averaged over the most recent1–2months.They found that strength of the correlation between precipitation and NDVI varied by land cover type(Wang et al.,2001).Ji and Peters(2003)also examined the relationship between the NDVI and precipitation(e.g.,SPI)during the growing-season over the northern and central US Great Plains (1989–2000).They found that the3-month SPI was most strongly correlated with the NDVI due to the lag between the occurrence of precipitation and vegetation response(Ji and Peters,2003).The strength of the correlations between the NDVI and SPI varied both spatially and temporally.The strongest(weakest)correlations were found in regions with low(high)soil water holding capacities and during the middle(beginning/end)of the growing-season.The authors conclude that while NDVI is a useful variable for monitoring vegetation conditions,the nature of the relationship between the NDVI and drought conditions varies based on the seasonal timing and variations in vegetation and soil type.Wan et al.(2004)evaluated the suitability of using a MODIS-derived Vegetation Temperature Condition Index(VTCI)to monitor drought in the US Great Plains.They validated the VTCI using station-based precipitation.The highest correlations were about0.66(Wan et al.,2004).In their study,the lag between precipitation occurrence and vegetation response was approxi-mately1month,which is significantly shorter than the lag reported by Wang et al.(2001)and Ji and Peters(2003).However, Wan et al.(2004)report that the lag varies by vegetation type.Bayarjargal et al.(2006)compared satellite-derived and station-based drought indices over the desert and desert steppe regions of Mongolia and found little agreement between the drought areas identified using the two different methods.In derived drought measures that were evaluated which led the authors to question the suitability of vegetation indices,such as the VCI,for monitoring drought.They conclude that it is difficult to identify the most reliable drought index,and that station-based observations may not provide sufficient information for validation of satellite-derived drought indices(Bayarjargal et al.,2006).Singh et al.(2003)used the VCI and TCI for drought monitoring in India.The authors noted that low VCI values can occur from flooding as well as from drought and therefore conclude that using the VCI alone is not suitable for drought monitoring(Singh et al., 2003).Bhuiyan et al.(2006)compared the response of the SPI,VCI, and a ground water index in northern India.Theirfindings agree with Singh et al.(2003)because they also found that the VCI was only weakly correlated with the meteorological and hydrological drought indices.Bhuiyan et al.(2006)found that the correlation between the VCI and SPI increased during the monsoon season because vegetation health is entirely dependent on precipitation, while during the rest of the year it is partly controlled by irrigation. The authors conclude that the identification and classification of drought are strongly controlled by the monitoring method(e.g., drought index)(Bhuiyan et al.,2006).Vicente-Serrano(2007)analyzed drought impact on vegetation in a semi-arid region of the Iberian peninsula using the VCI.He demonstrated that the influence of drought on vegetation,and therefore the response of the VCI,varies depending on the month, land cover type and climate of the drought-affected region (Vicente-Serrano,2007).Brown et al.(2008)note that while satellite-based observa-tions of vegetation are useful,the causes of vegetation stress cannot always be determined.They introduced a new drought monitoring methodology that integrates station-based indices and information about land use,land cover and soils to produce a hybrid satellite-based drought index called VegDRI.Their initial evaluation of VegDRI over the central United States suggests that it compares well with drought conditions experienced at individual weather stations within the validation region(Brown et al.,2008).According to the literature,the VCI is suitable for monitoring agricultural drought(Gitelson et al.,1998;Kogan,1997;Unganai and Kogan,1998a),but it has been shown to be inappropriate for monitoring meteorological in some regions(Bayarjargal et al., 2006;Bhuiyan et al.,2006;Singh et al.,2003;Vicente-Serrano, 2007).The goal of this paper is to evaluate the suitability of the VCI for monitoring meteorological drought in Texas.The focus is on meteorological drought(e.g.,precipitation deficits)rather than agricultural drought(e.g.,soil moisture deficits or reductions in crop yield)because it is of interest to state agencies such as the Texas Water Development Board and meteorological drought indices are more commonly used by the Texas Drought Prepared-ness Council and in the state drought plan(Quiring,2009a). Although the VCI is attractive because it can provide greater spatial detail about drought conditions,previous research has demon-strated the importance of undertaking a performance evaluation to determine whether a particular index is suitable for monitoring drought conditions in a region(Quiring and Papakryiakou,2003). Ideally the VCI should be compared to drought impact data to evaluate its suitability for monitoring meteorological drought. Since these data are not readily available,this paper compares the VCI to traditional station-based meteorological drought indices in al254Texas counties.The evaluation of the VCI focuses on the period of maximum vegetation growth(March to August). Seasonal variations are not considered because previous research has demonstrated that the VCI is only appropriate for monitoring drought conditions during the growing-season(Ji and Peters,2003; Vicente-Serrano,2007;Wang et al.,2001).This study alsoS.M.Quiring,S.Ganesh/Agricultural and Forest Meteorology150(2010)330–339331of the relationship between the VCI and station-based drought indices varies over space.2.Data2.1.Vegetation Condition IndexThe National Oceanic and Atmospheric Administration(NOAA) series of Polar-orbiting Operational Environmental Satellites (POES)(known as the Advanced Tiros-N(ATN)series)carries the Advanced Very High Resolution Radiometer(AVHRR).The AVHRR is afive channel passive scanning radiometer that is sensitive to light in the visible(channel1=0.58–0.68m m),near-infrared(channel2=0.75–1.0m m),mid-infrared(channel 3A=1.58–1.64m m,channel3B=3.55–3.93m m),and thermal infrared(channel4=10.3–11.3m m,channel5=11.5–12.5m m) regions of the electromagnetic spectrum.The normalized differ-ence vegetation index(NDVI)is a measure of the‘greenness’,or vigor of vegetation.It is derived based on the known radiometric properties of plants,using visible(red)and near-infrared(NIR) radiationNDVI¼VISIBLEÀNIRVISIBLEþNIR(1)because when sunlight strikes a plant most of the red wavelengths in the visible portion of the spectrum(0.4–0.7m m)are absorbed by chlorophyll in the leaves,while the cell structure of leaves reflects the majority of NIR radiation(0.7–1.1m m)(Deering et al.,1975). Healthy plants absorb much of the red light and reflect most NIR radiation.In general,if there is more reflected radiation in the NIR wavelengths than in the visible wavelengths,the vegetation is likely to be healthy(dense).If there is very little difference between the amount of reflected radiation in the visible and infrared wavelengths,the vegetation is probably unhealthy (sparse).However,this can also result from partially or non-vegetated surfaces.NDVI values range fromÀ1to+1,with values near zero indicating no green vegetation and values near+1 indicating the highest possible density of vegetation.Areas of barren rock,sand,and snow produce NDVI values of<0.1,while shrub and grassland typically produces NDVI values of0.2–0.3,and temperate and tropical rainforests produce values in the0.6–0.8 range(Deering et al.,1975).Daily NDVI images are routinely composited over7–10days by using the maximum NDVI value during that period for each pixel (Kogan,1995).This is done to minimize the effect of cloud contamination.Although the compositing and normalization procedure used to calculate the NDVI minimizes the noise in the data,some noise from sources such as changes in atmospheric composition and transparency,variations in the sun/target/sensor geometry,and satellite drift may remain(Kogan,1995).It is impossible to make physically–based corrections for all error sources,but temporalfluctuations in the weekly NDVI time series can be removed by smoothing the time series using a compound medianfilter(Kogan,1995).According to Kogan(1995),this method eliminates outliers while emphasizing the annual growth cycle and weather-related NDVIfluctuations.Comparing the NDVI time series for a number of years at the same location provides information about the relative health of the vegetation in a given year.Interannual variations in the magnitude and evolution of the NDVI for a particular location are mainly governed by meteorological variables such as precipitation,temperature,and relative humidity,however changes in land use and land cover can also cause interannual variations and trends in the NDVI(Piao et al.,2003).It can be inferred that low productivity(lack of‘greenness’or vigor)is productivity is due,in part,to favourable weather conditions.It should be noted that the interpretation of NDVI values is spatially dependent.This is because more productive ecosys-tems have different radiometric properties than less productive ones(due to differences in climate,soil,and topography) (Vicente-Serrano,2007).Ten-day NDVI composites(8km spatial resolution)for1982–1999were obtained from the Goddard Earth Sciences Distributed Active Archive Center(GES-DAAC)(). These data were used to calculate the Vegetation Condition Index (VCI).Kogan(1990,1995)developed the Vegetation Condition Index(VCI)to control for local differences in ecosystem productivity.The VCI is a pixel-wise normalization of NDVI that is useful for making relative assessments(e.g.,pixel-specific)of changes in the NDVI signal byfiltering out the contribution of local geographic resources to the spatial variability of NDVI.The VCI is computed asVCI i¼100NDVI iÀNDVI minNDVI maxÀNDVI min(2) where NDVI i is the smoothed10-day NDVI,and NDVI max and NDVI min are the absolute maximum and minimum NDVI, respectively,calculated for each pixel and10-day period using the entire NDVI record(1982–1999).Individual years can then be compared and assessed against the‘normal’conditions.The VCI smoothes out non-uniformity in the AVHRR data and it indicates how weather conditions have influenced the relative vigor of the vegetation with respect to the ecologically defined limits.After calculating the VCI for each10-day composite,the VCI values were averaged spatially(e.g.,to the county level)and temporally(e.g.,to create seasonal values)to facilitate comparison with the meteoro-logical drought indices.2.2.In situ meteorological drought indicesFive meteorological drought indices were selected for evaluating the VCI,namely the Palmer Drought Severity Index (PDSI),Moisture Anomaly Index(Z-index),Standard Precipita-tion Index(SPI),percent normal,and deciles.Each of the meteorological drought indices were initially calculated on a monthly time-step using high-resolution(4km)meteorological data before being aggregated to growing-season values(March–August)for each county.The drought indices were calculated using gridded 2.5-arcmin($4km)monthly temperature and precipitation data(1895–2005)obtained from the Oregon State University PRISM group().These data were used to calculate the mean monthly temperature and precipitation for all254Texas counties.The PDSI and Z-index are the only indices that utilize temperature data.They also require information about the available water content(AWC)of the soil and these data were obtained from the National Resources Conservation Service’s(NRCS)State Soil Geographic Database(STATSGO)which is available at:http://www.soilinfo. /.Thefive meteorological drought indices used in this study are described below.A more detailed description of these indices is available from Heim(2002)and Quiring(2009b).2.2.1.Palmer Drought Severity Index(PDSI)and Moisture Anomaly Index(Z)The PDSI and the Z-index were both developed by Palmer (1965)and have become the most widely used drought indices in the scientific literature(Alley,1984;Karl et al.,1987).These indices are calculated using a soil moisture/water balance equation that utilizes daily air temperature and precipitation,and informa-S.M.Quiring,S.Ganesh/Agricultural and Forest Meteorology150(2010)330–339 332The Z-index is a measure of how observed conditions compare to normal(or climatically appropriate)moisture conditions(Heim, 2002).Normal evapotranspiration,runoff,soil moisture loss and recharge rates are determined using at least30years of data(if available).While both the Z-index and the PDSI are derived using the same data,their monthly values can differ greatly.The Z-index only uses data from a single month and it is not affected by weather conditions in previous months.Therefore the Z-index can vary dramatically from month to month.The PDSI varies more slowly because antecedent conditions account for two-thirds of its value. Complete details on how the PDSI and Z-index are calculated are available in Palmer(1965).The PDSI was designed to measure meteorological drought,but it may be more appropriate as a measure of hydrological drought (Akinremi et al.,1996;Strommen and Motha,1987)and,according to Karl(1986),the Z-index represents meteorological or agricul-tural drought conditions.It should be noted that although both the Z-index and PDSI are strongly influenced by both precipitation and temperature anomalies(Hu and Willson,2000),the other meteorological indices used in this study are calculated using only precipitation data.2.2.2.Standardized Precipitation Index(SPI)The SPI was developed by McKee et al.(1993,1995)to provide an index that performed better than the PDSI.The SPI is based on statistical probability and was designed to be a spatially invariant indicator of drought(e.g.,SPI is supposed to be spatially and temporally comparable).The SPI is calculated by standardizing the probability of observed precipitation for any duration of interest (e.g.,weeks,months,or years).Durations of weeks or months can be used to apply the SPI for agricultural or meteorological purposes,and longer durations of years can be used to apply it for hydrological and water management purposes(Guttman, 1999).The SPI requires a long-term precipitation record because it fits a probability density function to the observed data and then transforms it using an inverse normal(Gaussian)function(Gutt-man,1999).This insures that the mean SPI value for any given location(and duration)is zero and the variance is one.Positive values of the SPI indicate greater than median precipitation,while negative values indicate less than median precipitation.The1-,2-, 3-,6-,9-,12-,and24-month SPI was calculated for each county.2.2.3.Percent normalPercent normal is a simple method for comparing observed precipitation to normal precipitation for a particular location. Observed precipitation is divided by normal(mean)precipitation and the result is expressed as a percentage.Like the SPI,percent of normal precipitation can be calculated for any time scale of interest (e.g.,day,week,month,season,year).In this study we have calculated percent normal using monthly precipitation.2.2.4.DecilesDeciles are used to give precipitation a ranking by arranging the data in order from lowest to highest and then splitting into10 equal groups(or deciles).For example,with40precipitation observations,thefirst decile would contain the four lowest precipitation totals,that is,the lowest10%.Reporting decile values of observed precipitation for drought monitoring wasfirst suggested by Gibbs and Maher(1967).Deciles can be calculated for any time scale of interest.In this study we have calculated deciles using monthly precipitation.2.3.Other dataA number of additional datasets were used in this study to and meteorological drought indices.These can be broadly classified as land use/land cover(LULC)data,climate data, irrigation data,and soil data.LULC data were obtained from the U.S.Geological Survey National Land Cover Data(NLCD)(/). Their classification system identifies nine broad categories, namely:urban,agricultural,rangeland,forest,water,wetland, barren,tundra and perennial snow/ice.These were recoded into a nominal scale,rasterized and the primary and secondary LULC was obtained for each county.Mean annual precipitation was calculated for each county using data(1895–2005)obtained from the Oregon State University PRISM group().Mean growing-sea-son(March to August)soil moisture was calculated for each county (1982–1999)using a version of the climatic water budget(CWB) model(Mather,1978;Thornthwaite,1948;Thornthwaite and Mather,1955).This model simulates soil moisture using monthly temperature and precipitation data obtained from the PRISM group.Data on estimated groundwater usage for irrigation and irrigated area were obtained from the Texas Water Development Board(TWDB)(/gam/resources/ resources.htm).These data were summarized at the county level and normalized by county area to obtain the mean percentage of the county that is irrigated.The STATSGO soil database was obtained from the Center for Environmental Informatics at Penn State University(http:// /).This database was used to extract the following soil properties for each county:permeability(in./h), water table depth(m),available water holding capacity(cm), hydrologic groups(A=sandy,free draining soil,B and C=inter-mediate soil groups,D=clayey,poorly drained soils),and soil drainage(nominal ranging from excessive to poorly drained).3.Results and discussionparison of VCI and in situ meteorological drought indicesThe VCI was compared against a selection of meteorological drought indices using only those months representing the period of maximum vegetation growth.In Texas this period typically extends from March to August.This was done because the VCI measures vegetation health and therefore it is only useful for monitoring drought conditions during the growing-season(Vice-nte-Serrano,2007).Selecting other months to represent the growing-season has a relatively minor impact on the results of the analysis(results not shown).The VCI was evaluated against each of the traditional meteorological drought indices,specifically: PDSI,Z,SPI(1-,2-,3-,6-,9-,12-,and24-month),percent normal, and deciles.The meteorological drought indices were compared to the VCI in all254Texas counties.The mean relationship(for all254counties)between the VCI and meteorological drought indices are summarized in Table1. Overall,none of the meteorological drought indices are strongly correlated with the VCI.The6-month SPI(R2=0.29)has the highest correlation,followed by the PDSI(R2=0.26),and the9-month SPI(R2=0.26).The Z-index,percent normal,and deciles model are nearly uncorrelated with the VCI.However,there is significant spatial variability in these relationships that is not apparent from only examining the mean coefficient of determina-tion for Texas.Fig.1shows that there is a great deal of spatial variability in the relationship between the VCI and the6-month SPI.Generally,there are much stronger relationships between the VCI and6-month SPI in counties in northwestern and southwestern Texas than countiesS.M.Quiring,S.Ganesh/Agricultural and Forest Meteorology150(2010)330–339333many of the counties in southeastern Texas (e.g.,Brazoria,Montgomery,and Harding)have coefficients of determination near zero,while counties in west-central and south-central Texas (e.g.,Maverick,Borden,and McMullen)have coefficients of determination that exceed 0.60.This means that in the counties with the highest coefficients of determination,the 6-month SPI explains more than 60%of the variance in the VCI.A similar spatial pattern in the variability of the coefficient of determination is also evident when looking at the relationship between the VCI and PDSI (Fig.2)and the VCI and 9-month SPI (Fig.3).In Fig.2,counties in eastern Texas have the weakest relationship between the VCI and PDSI,and counties in west-central Texas (e.g.,Upton,Reeves,Regan and Pecos)have the strongest relationship.Fig.3is nearly identical to Fig.2which is not surprising since the PDSI and 9-month SPI are strongly correlated.Once again,counties in eastern Texas have the weakest relationship between the VCI and 9-month SPI,and Upton,Regan and Pecos counties in west-central Texas have the strongest relationship.This spatial pattern was evident for all of the meteorological drought indices that were evaluated,even those that had a mean coefficient of determination near zero (e.g.,Z-index).This suggests that one or more spatially varying factors are modulating the strength of the relationship between the VCI and the meteorological drought indices.All three of the meteorological drought indices that had statistically significant relationships with the VCI (e.g.,PDSI,6-month SPI,9-month SPI)are indices that account for moisture conditions over the prior 6–9months.This suggests that the VCI (at least when evaluated using county level data)is a relatively slow responding index.This finding is supported by Piao et al.(2003)who found a 3-month lag between NDVI and weather variations in China.Their analysis was based on NDVI data aggregated at the biome and country levels (Piao et al.,2003).The lagged response of the VCI to moisture conditions likely occurs because vegetation growth is controlled by soil moisture and therefore changes in vegetation growth are buffered by soil water storage.This means that a prolonged period of below normal precipitation is required to have a major negative influence on deeply rooted vegetation.Of course shallow rooted vegetation and vegetation growing in soils with low available water holding capacities will respond more quickly to dry conditions.Given that each county contains a variety of vegetation and soil types the observed lag in vegetation response is partially a function of the spatial scale of the analysis.Given the similarity in both the strength and spatial pattern of the relationship between the VCI–PDSI,VCI–6-month SPI and VCI–9-month SPI,we have chosen to focus on the PDSI in our analysis of spatial variability.The results reported in the next section are nearly identical for the 6-month and 9-month SPI (results not shown).This is not surprising since these three indices are strongly correlated.3.2.Investigation of spatial variabilityThe significant spatial variations in the strength of the relationship between the VCI and the meteorological drought indices suggest that one or more spatially varying factors are modulating it.Previous research evaluating the VCI has demon-strated that its response to drought conditions and its relationshipTable 1Mean relationship between VCI and meteorological drought indices based on 254Texas counties.Drought index R 2Z-index 0.11PDSI0.26a 1-Month SPI 0.042-Month SPI 0.153-Month SPI 0.206-Month SPI 0.29a 9-Month SPI 0.26a 12-Month SPI 0.2024-Month SPI 0.12Percent normal 0.03Deciles0.04aR 2is statistically significant at a =0.05.S.M.Quiring,S.Ganesh /Agricultural and Forest Meteorology 150(2010)330–339334。

Anomaly Detection via Optimal SymbolicObservation of Physical Processes∗Humberto E.Garcia and Tae-Sic YooSensor,Control,and Decision Systems GroupIdaho National LaboratoryIdaho Falls,ID83415-6180{humberto.garcia}@AbstractThe paper introduces a symbolic,discrete-event approach for online anomaly detection.The approach uses automata representations of the underlying physicalprocess to make anomaly occurrence determination.Automata may represent adiscrete-event formulation of the operation of the monitored system during bothnormal and abnormal conditions.Automata may also be constructed from gener-ated symbol sequences associated with parametric variations of equipment.Thiscollection of automata represents the symbolic behavior of the underlying physicalprocess and can be used as a pattern for anomaly detection.Within the possible be-havior,there is a special sub-behavior whose occurrence is required to detect.Thespecial behavior may be specified by the occurrence of special events representingdeviations of anomalous behaviors from the nominal behavior.These intermit-tent or non-persistent events or anomalies may occur repeatedly.An observationmask is then defined,characterizing the actual observation configuration availablefor collecting symbolic process data.The analysis task is to determine whetherthis observation configuration is capable of detecting the specified anomalies.Theassessment is accomplished by evaluating several observability notions,such asdetectability and diagnosability.To this end,polynomial-time,computationally-efficient verification algorithms have been developed.The synthesis of optimalobservation masks can also be conducted to suggest an appropriate observationconfiguration guaranteeing the detection of anomalies and to construct associatedmonitoring agents for performing the specified on-line condition monitoring task.The proposed discrete-event approach and supporting techniques for anomaly de-tection via optimal symbolic observation of physical processes are briefly presentedand illustrated with examples.1IntroductionCondition monitoring and anomaly detection are essential for the prevention of cascading failures but also for the assurance of acceptable operations dynamics and the improve-ment of process reliability,availability,performance,and cost.Anomaly detection is also a key element for strengthening nuclear non-proliferation objectives and for deploying∗This work was supported by the U.S.Department of Energy contract DE-AC07-05ID14517advanced proliferation detection measures such as nuclear operations accountability[2]. An anomaly can be defined as a deviation from a system nominal behavior.Three types of anomalies are considered here.First,anomalies may be associated with parametric or non-parametric changes evolving in system components.Lubricant viscosity changes, bearing damages,and structural fatigues are examples in this category.Second,anoma-lies may be associated with violations executed during operations that are opposite to demanded operability specifications.For example,a specification may be to avoid start-ing a given pump when its associated down-stream valve is closed.If a command is sent to start the pump when its valve is closed,this condition needs to be monitored and reported(and possibly aborted).Third,anomalies may be associated with the occur-rence of special events or behaviors.One relevantfield is failure analysis,in which special events are identified as faults.Other examples of special behaviors include(permanent) failures,execution of critical events,reaching unstable states,or more generally meeting formal specifications defining anomalies or special behaviors.To detect anomalies(including the three types mentioned above),it is needed not only a set of sensors(i.e.,a sensor configuration)to retrieve process data but also an observer to integrate and analyze the collected process information.Thus,optimizing sensor configurations and rigorously synthesizing their corresponding observers are important design goals in on-line condition monitoring.One relevantfield is failure analysis,in which special events are identified as faults.Recently,significant attention has been given to anomaly detection and fault analysis;see for example[1-10]and their references.The definition of diagnosability based on failure-event specifications wasfirst introduced in [8].Variations to the initial definition in[8]have been proposed recently.Failure states are introduced in[10]and the notion of diagnosability is accordingly redefined.The issue of diagnosing repeatedly and the associated notion of[1,∞]-diagnosability arefirst introduced in[5],along with a polynomial algorithm for checking it.To improve the complexity of previously-reported algorithms,which severely restricts their applicability, methods and an associated tool have been developed that utilizes the approach introduced in[9]for checking[1,∞]-diagnosability with the reduced complexity.Recently,techniques in symbolic time series analysis[7]have been proposed to reformulate the problem of anomaly detection from a time series setup to a discrete event framework,upon which the above developed algorithms can be utilized.This transformation allows to deal with complex processes and information systems in a more efficient manner by abstracting monitored systems/signals into simpler and rigorous mathematical representations.This paper builds upon the above efforts to introduce a rigorous methodology for opti-mizing sensor configurations and synthesizing associated observers meeting given system property requirements regarding on-line condition monitoring.Applications include su-pervisory observation and event/anomaly detection.2Problem StatementIn anomaly detection applications,the objective is to detect abnormal conditions occur-ring within the monitored system by analyzing observable process data.To this end, models are often constructed to characterize normal and abnormal behaviors.A model may represent the possible and unacceptable operational dynamics of a monitored pro-cess.Finite state machine(FSM)representations of system components(e.g.,tanks, valves,and pumps)can be formulated and composed to describe relevant operations of the integrated system(e.g.,a nuclear fuel reprocessing installation).For example,opera-tions models may define the expected changes on the state of a tank based on the states of associated valves and pumps.Operation models may also represent entityflow descrip-tions defined for a given routing network regarding possible and special item transfers (e.g.,violations or critical movements).Models may also be generated from symbolic string generations characterizing variations on representative parameters associated with process signals.In this case,time series data from a signal may be symbolized into discrete symbolic strings.This symbolization may be accomplished using wavelet trans-form,for example.In particular,coefficients of the wavelet transform of the time-domain signal are utilized for symbol generation instead of directly using the time series data[7]. Variations in the monitored signal is thus detected as variations of its associated wavelet coefficients.From the symbol sequences,a FSM model can then be constructed.Meth-ods have been proposed for encoding the underlying process dynamics from observed time series data and for constructing FSM models from symbolic sequences.Within the scope of this paper,the mentioned models are formulated as discrete event systems (DES)in order to describe their dynamics at a higher level of abstraction,reduce compu-tational complexity,and benefit from a developed mathematical framework suitable for computing optimal sensor configurations and synthesizing their corresponding observers.In either symbolic time series analysis or event/specification violation detection,the objective is to detect whether a special event or an operability specification violation has occurred by recording and analyzing observable events.System behavior is often divided into two mutually exclusive components,namely,the special behavior of interest(needed to be detected)and the ordinary behavior(which does not need to be reported).To accomplish the task of online anomaly detection,two design elements must be addressed. Thefirst element is the identification of the observational information required by an ob-server to determine whether a special event or an operability specification violation has occurred.The second element is the construction of the associated observer algorithm that automatically integrates and analyzes collected data to assess system condition.To improve information management and cost,the design goal is to construct a monitoring observer with a detection capability that relies on not only current measurements but also on recorded knowledge built from past observations.It is then important to rig-orously assess whether the monitored DES is intrinsically observable for a given sensor configuration and special behavior of interest.Otherwise,the task is to identify opti-mized observation configurations that meet given observability property requirements. The related cost functional may be based on different design criteria,such as costs and implementation difficulties of considered sensor technologies.3Proposed Anomaly Detection ApproachA methodology and associated tool have been developed to identify optimal sensor con-figurations and associated observers for detecting anomalies.The developed framework requiresfirst formal descriptions of the given monitored DES,(observability)property requirements,and observational constraints as shown in Fig. 1.Property requirements may include meeting detectability(e.g.,[8])or/and supervisory observability(e.g.,[6]) objectives,for example.Given these descriptions,optimized observational configura-tions and associated algorithms for data integration and analysis can be systematically computed that meet the specified property requirements.To formalize the monitored process,a DES model G must be constructed defining how system states change due to event occurrences.Other design elements are requested by the developed framework ac-Figure1:Flow chart of developed sensor optimization frameworkcording to the optimization task at hand.For example,in the case of designing observers for determining whether given operability specifications are being met during operations, one element must be specified,namely,the set of operability specifications S that should be preserved at all times(the intrinsic observability property P here is supervisory ob-servability).Similarly,in the case of designing sensor configurations for event detection applications,two elements must be specified,namely,the set of anomalies or special events S requiring detection and the intrinsic observability property P(i.e.,detectability or diagnosability)regarding S.To formalize observational constraints,a cost functional C should be included indicating the costs associated with observation devices.Given G, S,P,and C,the design task is to compute an observational configuration or observation mask M that guarantees P of S with respect to G,while optimizing C.This mask M defines an underlying observational configuration required to assure the observability of anomalies or the detection of operability violations.After a suitable observation mask M has been computed,the implementation task is to construct an observer O that will guarantee P of S by observing G via the observation mask M.The use of the proposed methodology in computing optimized sensor configurations for anomaly detection can be summarized as follows.For verification,the developed technology assesses whether a given observation configuration assures the observability of special behaviors within possible system behaviors(Fig.2.(a)).For design,the methodology identifies,for each event,which attributes need to be observed and suggests an optimal observation con-figuration meeting the specified on-line condition monitoring requirements(Fig.2.(b)).(a)Verification(b)DesignFigure2:Use of developed framework for event detection applications4Observability in Anomaly Detection4.1PreliminaryDenote by G the FSM model of the monitored system considered,with G={X,Σ,δ,x0}, where X is afinite set of states,Σis afinite set of event labels,δ:X×Σ→X is a partial transition function,and x0∈X is the initial state of the system.The symbol denotes the silent event or the empty trace.This model G accounts for both the ordinary(non-special)and special behavior of the monitored system,for example.To model observational limitations,an observation mask function M:Σ→∆∪{ }is introduced,where∆is the set of observed symbols.4.2DefinitionsLet S denote the set of either operability specifications,which should be met,or special events,which should be detected.In the case of event detection,special events can occur repeatedly,so they need to be detected repeatedly.It is assumed that events in S are not fully-observable because otherwise they could be detected/diagnosed trivially.Under supervisory observability,the interest is in signaling the occurrence of viola-tions to operability specifications.Under detectability,the interest is in signaling the occurrence of special events,but without explicitly indicating which event exactly has occurred.Diagnosability is a refined case of detectability,where the interest often is in exact event identification.The developed mathematical framework can be used to evalu-ate different system properties.To illustrate,let’s assume we are interested in the event detectability property termed[1,∞]-diagnosability(defined next)of a given monitored system.The proposed methodology then utilizes the polynomial algorithm described in [9]for checking this notion.Other notions can also be checked,including the observability of a given system regarding operability specifications,for example.Definition1(Uniformly bounded delay)[1,∞]-Diagnosability[5,9]A symbolic string(or language L)generated by a monitored system G is said to be uni-formly[1,∞]-diagnosable with respect to a mask function M and a special-event partitionΠs on S if the following holds:(∃n d∈N)(∀i∈Πs)(∀s∈L)(∀t∈L/s)[|t|≥n d⇒D∞] where N is the set of non-negative integers and the condition D∞is given by:D∞:(∀w∈M−1M(st)∩L)[N iw ≥N is].The above definition assumes the following necessary notation.For allΣsi∈Πs and atrace s∈L,let N is denote the number of events in s that belongs to the special eventtypeΣsi(or i for simplicity).The post-language L/s is the set of possible suffixes of a trace s;i.e.,L/s:={t∈(Σ)∗:st∈L}.4.3Optimal Sensor ConfigurationsThe problem of selection of an optimal mask function is studied in[4].Assuming a mask-monotonicity property,it introduces two algorithms for computing an optimal mask func-tion.However,these algorithms assume that a sensor set supporting the mask function can be always found,which may not be true in practice.Given the above considerations, the developed framework utilizes instead the algorithm introduced in[1].This algorithm searches the sensor set space rather than the mask function space.The computed sen-sor set induces a mask function naturally.Thus,it does not suffer from the issue of realization of the mask function.4.4Implementing Symbolic ObservationThe design task leads into a twofold objective:i)to compute objective-driven sensor con-figurations that optimize given information costs,and ii)to construct formal observers that guarantee the detectability of special events,specification violations,or anomalies, in general.The key design issue is then the management of sensor deployments.After computing an acceptable M that guarantees the desired property requirement(e.g.,su-pervisory observability,detectability,or diagnosability)using the optimization algorithm of Fig.1,an associated observer O is constructed.In event detection applications,for example,the observer algorithm will integrate and analyze observed event information (or measurements)and report the occurrences of special events.In supervisory control applications,the observer estimates system state and determines whether events executed by the monitored system violate given operability specifications.To implement the observer,either an offline or an online design approach may be used for its construction.Under an offline design approach,the deterministic automa-ton representation of the observer is a priori constructed,task that may be of a high computational complexity.To overcome computational complexity,an online approach may be used instead,as proposed in[5].Further improving[5]regarding computational complexity,the developed framework utilizes an improved version of the algorithm re-ported in[9].The proposed mathematical construction of observers can thus guarantee the fulfilment of given observability requirements regarding the detection of anomalies. 5Illustrative ApplicationsTo illustrate the notion of anomaly detection via optimal symbolic observation of physical processes,an application in specification violation detection and another in event detec-tion are briefly introduced next.Due to page limitation,no application of the proposed approach to symbolic time series analysis is discussed.5.1Specification Violation DetectionConsider the monitored system illustrated in Fig.3.This system consists of a pump, a tank,two valves,and interconnecting pipes.The monitored system may represent a portion of a nuclear fuel reprocessing facility,for example.The basic operation of this system is as follows.With Valve1open and Valve2close,the pump starts and operates in order tofill the tank by pumping afluid from an up-stream reservoir(not shown). When the tank is full,the pump should stop,Valve1should close,and Valve2should open until the tank is emptied;the cycle then repeats.Assume that there is the need to monitor the system and detect the possible violation of three operability specifications. In particular,Spec.1delineates that the pump should not start when Valve1is closed; Spec.2delineates that Valve1should not be closed when the pump is running;and Spec.3delineates the basic system operation described earlier.The synthesis task is to compute an optimized sensor configuration and associated observer to conduct this anomaly detection.To this end,DES models of each component(i.e.,pump,tank,valve 1,valve2)and their interactions are constructed.FSMs of the concerned specifications are also formulated.The developed framework then automatically determines minimal sets of events(and associated observers)that need to be observed to achieve the desired on-line condition monitoring task.For example,using the proposed methodology,it was determined that Valve2does not need to be observed(hence no sensor for Valve 2is needed)in order for the monitoring system to make a determination on whether a specification violation has occurred.Figure3:Monitored system under specification violation detection5.2Event/Anomaly DetectionConsider the monitored system illustrated in Fig.4(a).This system consists of one input port,I1,four internal stations,S i,i=1,2,3,and4,and two output ports,O1and O2.This system may represent a nuclear reprocessing facility or a nuclear power plant site,for example.Two authorized routes,(1)or(2),are identified in Fig.4(a).Under route(1),an item should enter the monitored system through the input port I1,move sequentially to locations S1and S3,and move either to location S2or S4;if it goes to S2, then an item may either exit through the output port O2or continue to location S4;if at location S4,it should exit through the output port O1.Under route(2),an item shouldenter the monitored system through the input port I1,move sequentially to locations S1, S2,and S3;it may then exit through the output port O2or continue to location S4,from which it should exit through the output port O2.Besides the normal(non-special)item(a)Monitored System(b)Ad-hoc Sensor Placement SolutionFigure4:Monitored system and ad-hoc sensor placement solution movements shown,assume that the two item transfer anomalies labeled with an S(for special)in Fig.4(a)(i.e.,1S and2S)are also possible.The design objective is to identify observation configurations(i.e.,set of sensors and locations)M that provide sufficient tracking information to an observer O for detecting the occurrence of any anomaly defined in S.For comparison,Fig.4(b)illustrates a sensor configuration that would allow an observer to immediately detect any anomaly after its occurrence.Three sensor types are shown for retrieving item movement data.“Circle,”“square,”and“triangular”sensors provide current item locations,previous item locations,and item types,respectively.This configuration may result from conducting an ad hoc design,without a rigorous analysis of the anomaly detection problem at hand.It is desired to determine whether there are other(objective-driven)sensor configurations with reduced information requirement and optimal information management.To this end,the possible-behavior model G of the system illustrated in Fig.4(a)is constructed.The monitoring goal P regarding the set of special events S is also specified.Finally,an information cost C criterion is formulated.The developed framework is then invoked to compute an observation mask M that optimizes C and meets P.Figs.5illustrate optimized sensor configurations and the reduction in the observational requirement M that may be obtained when selecting detectability rather than diagnosability of S as the observability goal P.The imposed cost objective C is to reduce information requirements and preferably exclude sensors that communicate item previous locations(i.e.,avoid using square sensors).Figs.6 show the effect of sensor reliability on required sensor configurations for meeting a given detection confidence requirement.In particular,Figs.6suggest that as the reliability of circle sensors(implemented as motion sensors,for example)decreases,more sensors may be required to meet the specified observability requirements.While the monitored system used in this example corresponds to an itemflow process,the DES model G used could have also been a high level representation of any other physical process.Numerous simulations were conducted with different M and corresponding O for given P and C,under both event and specification violation detection applications.Asguaranteed by the mathematical setting of the developed framework,the observer was always capable to meet the given observability requirements.(a)Diagnosability(b)DetectabilityFigure5:Optimized Sensor Placements:Case of reliable sensors(a)Sensor reliability≥60%(b)40%≤Sensor reliability≤60%Figure6:Optimized Sensor Placements:Case of unreliable sensors6ConclusionAn approach to anomaly detection via optimal symbolic observation of physical pro-cesses was presented.Symbolic,discrete-event reformulation of the problem of anomaly detection is suggested to deal with system complexities and utilize a rigorous framework where optimal sensor configurations and associated observers for on-line condition mon-itoring can be synthesized.The proposed methodology can thus be used to answer the question of how to optimally instrument a given monitored system.This design and im-plementation approach opens the possibility for information management optimization to reduce costs,decrease intrusiveness,and enhance automation,for example.Further-more,it provides rich analysis capability(enabling optimization,sensitivity,what-if,andvulnerability analysis),guarantees mathematical consistency and intended monitoring performance,yields a systematic method to deal with system complexity,and enables portability of condition monitoring.Briefly mentioned here,future research involves the extension of the proposed approach into the symbolic time series analysis paradigm. References[1]H.E.Garcia and T.Yoo,“Model-based detection of routing events in discreteflownetworks,”Automatica,41:583-594,2005.[2]H.E.Garcia and T.Yoo,“Option:a software package to design and implementoptimized safeguards sensor configurations,”In Proc.45th INMM Annual Meeting, Orlando,FL,Jul18-22,2004.[3]H.E.Garcia and T.Yoo,“A methodology for detecting routing events in discreteflownetworks,”In Proc.2004American Control Conf.,2004.[4]S.Jiang,R.Kumar,and H.E.Garcia,“Optimal sensor selection for discrete eventsystems with partial observation,”IEEE Trans.Autom.Control,48(3):369-381,2003.[5]S.Jiang,R.Kumar,and H.E.Garcia,“Diagnosis of repeated/intermittent failures indiscrete event systems,”IEEE Trans.Robotics and Automation,19(2):310-323,2003.[6]F.Lin and W.M.Wonham,“On observability of discrete-event systems,”InformationSciences,44(3):173-198,1988.[7]A.Ray,“Symbolic dynamic analysis of complex systems for anomaly detection,”Signal Processing,84:1115-1130,2004.[8]M.Sampath,R.Sengupta,K.Sinnamohideen,fortune,and D.Teneketzis,“Di-agnosability of discrete event systems,”IEEE Trans.Autom.Control,40(9):1555-1575,1995.[9]T.Yoo and H.E.Garcia,“Event diagnosis of discrete event systems with uniformlyand nonuniformly bounded diagnosis delays,”In Proc.2004American Control Conf., 2004.[10]S.H.Zad,“Fault diagnosis in discrete event and hybrid systems,”Ph.D.thesis,University of Toronto,1999.。

Context-Sensitive Explanation一、简介Context-sensitive（上下文敏感）是一个在多个领域中广泛使用的术语，特别是在语言学、计算机科学、心理学等领域。

上下文敏感意味着某个词、短语或操作的意义或行为依赖于其所在的上下文环境。

在不同的上下文中，同一个词或短语可能有不同的含义或解释。

同样，在编程中，上下文敏感的操作可能会根据其所处的上下文环境有不同的行为。

二、语言学中的上下文敏感在语言学中，上下文敏感指的是单词或短语的意义依赖于它们所在的句子或段落。

例如，单词“run”在句子“He runs a marathon.”中表示“跑步”的意思，而在句子“The program did not run as expected.”中则表示“运行”的意思。

这种根据上下文变化的意义使得语言更加灵活和多样。

三、计算机科学中的上下文敏感在计算机科学中，上下文敏感通常与编程语言和编译器设计相关。

在编程中，上下文敏感的操作或语句意味着它们的行为会根据其所在的代码上下文（如变量类型、作用域、函数调用等）而有所不同。

例如，在某些编程语言中，变量类型的推断可能是上下文敏感的，这意味着变量的类型会根据其在代码中的使用方式来确定。

四、心理学中的上下文敏感在心理学中，上下文敏感通常与认知过程相关。

人们在理解和解释信息时，会根据所处的环境、情境或背景来调整和解释信息。

这种上下文敏感性有助于人们更好地适应不同的环境和情境，从而做出更准确的判断和决策。

五、总结上下文敏感是一个重要的概念，它强调了信息或操作的意义和行为与其所处的环境或上下文之间的紧密关系。

在不同的领域中，上下文敏感都发挥着重要的作用，使得语言更加灵活多样，编程更加智能高效，以及人们的认知过程更加准确和适应性强。

stable diffusion controlnet 进阶技巧——组合用法Stable Diffusion Controlnet (SDC) is a powerful tool for managing networks and controlling information diffusion dynamics. It enables network administrators to monitor and control information spread, ensuring stable and efficient diffusion processes. In this article, we will discuss some advanced techniques and combination methods to unleash the full potential of SDC.1. In-network monitoring:An efficient way to maximize the benefits of SDC is by combining it with in-network monitoring techniques. By deploying monitoring sensors within the network, administrators can collect real-time data on network conditions, such as traffic load, latency, and packet loss. This information can be used by SDC to make proactive decisions on information diffusion, ensuring stable and reliable dissemination.2. Dynamic control parameters:SDC allows administrators to set control parameters to manage the diffusion process effectively. However, relying solely on static parameters may not be efficient in dynamic network environments. By using dynamic control parameters, such as adjusting diffusion speed based on network load or adjusting the dissemination range based on network density, administrators can optimize the diffusion process in real-time, leading to better performance and stability.3. Fusion of multiple controlnets:Combining multiple SDC instances operating within the same network can significantly enhance control capabilities. Byleveraging the collective intelligence of multiple controlnets, administrators can develop advanced diffusion strategies and maximize the reach and impact of information dissemination. This technique is particularly useful in large-scale networks with diverse information sources.4. Integration with machine learning:Integrating SDC with machine learning algorithms can enable intelligent and adaptive diffusion control. By training machine learning models on historical diffusion data, administrators can predict the optimal control actions for maximizing diffusion effectiveness. This integration enables SDC to learn from past experiences and adapt to changing network conditions, resulting in more efficient and stable information dissemination.5. Context-aware diffusion control:By considering contextual information, such as user preferences, network topology, and content relevance, administrators can tailor the diffusion control strategies to meet specific requirements. For example, in a social media platform, SDC can prioritize the dissemination of relevant content to users who have shown interest in similar topics. This context-aware approach increases user engagement and improves the overall diffusion efficiency.6. Security-enhancing techniques:SDC can be combined with various security-enhancing techniques to protect information dissemination from malicious attacks. Techniques such as authentication, encryption, and anomaly detection can be integrated with SDC to ensure that only authorized individuals can access and spread information. Thiscombination provides a robust and secure diffusion environment, protecting sensitive information from unauthorized access or tampering.In conclusion, by utilizing advanced techniques and combination methods, administrators can unlock the full potential of Stable Diffusion Controlnet. In-network monitoring, dynamic control parameters, fusion of multiple controlnets, integration with machine learning, context-aware diffusion control, and security-enhancing techniques can significantly enhance the stability, efficiency, and security of information diffusion processes. When properly implemented, SDC can revolutionize the way networks manage and control information dissemination dynamics.。

DiMo:Distributed Node Monitoring in WirelessSensor NetworksAndreas Meier†,Mehul Motani∗,Hu Siquan∗,and Simon Künzli‡†Computer Engineering and Networks Lab,ETH Zurich,Switzerland∗Electrical&Computer Engineering,National University of Singapore,Singapore‡Siemens Building T echnologies,Zug,SwitzerlandABSTRACTSafety-critical wireless sensor networks,such as a distributed fire-or burglar-alarm system,require that all sensor nodes are up and functional.If an event is triggered on a node, this information must be forwarded immediately to the sink, without setting up a route on demand or having tofind an alternate route in case of a node or link failure.Therefore, failures of nodes must be known at all times and in case of a detected failure,an immediate notification must be sent to the network operator.There is usually a bounded time limit,e.g.,five minutes,for the system to report network or node failure.This paper presents DiMo,a distributed and scalable solution for monitoring the nodes and the topology, along with a redundant topology for increased robustness. Compared to existing solutions,which traditionally assume a continuous data-flow from all nodes in the network,DiMo observes the nodes and the topology locally.DiMo only reports to the sink if a node is potentially failed,which greatly reduces the message overhead and energy consump-tion.DiMo timely reports failed nodes and minimizes the false-positive rate and energy consumption compared with other prominent solutions for node monitoring.Categories and Subject DescriptorsC.2.2[Network Protocols]:Wireless Sensor NetworkGeneral TermsAlgorithms,Design,Reliability,PerformanceKeywordsLow power,Node monitoring,Topology monitoring,WSN 1.INTRODUCTIONDriven by recent advances in low power platforms and protocols,wireless sensor networks are being deployed to-day to monitor the environment from wildlife habitats[1] Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on thefirst page.To copy otherwise,to republish,to post on servers or to redistribute to lists,requires prior specific permission and/or a fee.MSWiM’08,October27–31,2008,Vancouver,BC,Canada.Copyright2008ACM978-1-60558-235-1/08/10...$5.00.to mission-criticalfire-alarm systems[5].There are,how-ever,still some obstacles in the way for mass application of wireless sensor networks.One of the key challenges is the management of the wireless sensor network itself.With-out a practical management system,WSN maintenance will be very difficult for network administrators.Furthermore, without a solid management plan,WSNs are not likely to be accepted by industrial users.One of the key points in the management of a WSN is the health status monitoring of the network itself.Node failures should be captured by the system and reported to adminis-trators within a given delay constraint.Due to the resource constraints of WSN nodes,traditional network management protocols such as SNMP adopted by TCP/IP networks are not suitable for sensor networks.In this paper,we con-sider a light-weight network management approach tailored specifically for WSNs and their unique constraints. Currently,WSN deployments can be categorized by their application scenario:data-gathering applications and event-detection applications.For data-gathering systems,health status monitoring is quite straight forward.Monitoring in-formation can be forwarded to the sink by specific health status packets or embedded in the regular data packets.Ad-ministrators can usually diagnose the network with a helper program.NUCLEUS[6]is one of the network management systems for data-gathering application of WSN.Since event-detection deployments do not have regular traffic to send to the sink,the solutions for data-gathering deployments are not suitable.In this case,health status monitoring can be quite challenging and has not been discussed explicitly in the literature.In an event-detection WSN,there is no periodic data trans-fer,i.e.,nodes maintain radio silence until there is an event to report.While this is energy efficient,it does mean that there is no possibility for the sink to decide whether the net-work is still up and running(and waiting for an event to be detected)or if some nodes in the network have failed and are therefore silent.Furthermore,for certain military ap-plications or safety-critical systems,the specifications may include a hard time constraint for accomplishing the node health status monitoring task.In an event-detection WSN,the system maintains a net-work topology that allows for forwarding of data to a sink in the case of an event.Even though there is no regular data transfer in the network,the network should always be ready to forward a message to the sink immediately when-ever necessary.It is this urgency of data forwarding that makes it undesirable to set up a routing table and neighborlist after the event has been detected.The lack of regular data transfer in the network also leads to difficulty in de-tecting bad quality links,making it challenging to establish and maintain a stable robust network topology.While we have mentioned event-detection WSNs in gen-eral,we accentuate that the distributed node monitoring problem we are considering is inspired by a real-world ap-plication:a distributed indoor wireless alarm system which includes a sensor for detection of a specific alarm such as fire(as studied in[5]).To illustrate the reporting require-ments of such a system,we point out that regulatory speci-fications require afire to be reported to the control station within10seconds and a node failure to be reported within 5minutes[9].This highlights the importance of the node-monitoring problem.In this paper,we present a solution for distributed node monitoring called DiMo,which consists of two functions: (i)Network topology maintenance,introduced in Section2, and(ii)Node health status monitoring,introduced in Sec-tion3.We compare DiMo to existing state-of-the-art node monitoring solutions and evaluate DiMo via simulations in Section4.1.1Design GoalsDiMo is developed based on the following design goals:•In safety critical event monitoring systems,the statusof the nodes needs to be monitored continuously,allow-ing the detection and reporting of a failed node withina certain failure detection time T D,e.g.,T D=5min.•If a node is reported failed,a costly on-site inspectionis required.This makes it of paramount interest todecrease the false-positive rate,i.e.,wrongly assuminga node to have failed.•In the case of an event,the latency in forwarding theinformation to the sink is crucial,leaving no time toset up a route on demand.We require the system tomaintain a topology at all times.In order to be robustagainst possible link failures,the topology needs toprovide redundancy.•To increase efficiency and minimize energy consump-tion,the two tasks of topology maintenance(in par-ticular monitoring of the links)and node monitoringshould be combined.•Maximizing lifetime of the network does not necessar-ily translate to minimizing the average energy con-sumption in the network,but rather minimizing theenergy consumption of the node with the maximal loadin the network.In particular,the monitoring shouldnot significantly increase the load towards the sink.•We assume that the event detection WSN has no reg-ular data traffic,with possibly no messages for days,weeks or even months.Hence we do not attempt to op-timize routing or load balancing for regular data.Wealso note that approaches like estimating links’perfor-mance based on the ongoing dataflow are not possibleand do not take them into account.•Wireless communications in sensor networks(especially indoor deployments)is known for its erratic behav-ior[2,8],likely due to multi-path fading.We assumesuch an environment with unreliable and unpredictablecommunication links,and argue that message lossesmust be taken into account.1.2Related WorkNithya et al.discuss Sympathy in[3],a tool for detect-ing and debugging failures in pre-and post-deployment sen-sor networks,especially designed for data gathering appli-cations.The nodes send periodic heartbeats to the sink that combines this information with passively gathered data to detect failures.For the failure detection,the sink re-quires receiving at least one heartbeat from the node every so called sweep interval,i.e.,its lacking indicates a node fail-ure.Direct-Heartbeat performs poorly in practice without adaptation to wireless packet losses.To meet a desired false positive rate,the rate of heartbeats has to be increased also increasing the communication cost.NUCLEUS[6]follows a very similar approach to Sympathy,providing a manage-ment system to monitor the heath status of data-gathering applications.Rost et al.propose with Memento a failure detection sys-tem that also requires nodes to periodically send heartbeats to the so called observer node.Those heartbeats are not directly forwarded to the sink node,but are aggregated in form of a bitmask(i.e.,bitwise OR operation).The ob-server node is sweeping its bitmask every sweep interval and will forward the bitmask with the node missing during the next sweep interval if the node fails sending a heartbeat in between.Hence the information of the missing node is disseminated every sweep interval by one hop,eventually arriving at the sink.Memento is not making use of ac-knowledgements and proactively sends multiple heartbeats every sweep interval,whereas this number is estimated based on the link’s estimated worst-case performance and the tar-geted false positive rate.Hence Memento and Sympathy do both send several messages every sweep interval,most of them being redundant.In[5],Strasser et al.propose a ring based(hop count)gos-siping scheme that provides a latency bound for detecting failed nodes.The approach is based on a bitmask aggre-gation,beingfilled ring by ring based on a tight schedule requiring a global clock.Due to the tight schedule,retrans-missions are limited and contention/collisions likely,increas-ing the number of false positives.The approach is similar to Memento[4],i.e.,it does not scale,but provides latency bounds and uses the benefits of acknowledgements on the link layer.2.TOPOLOGY MAINTENANCEForwarding a detected event without any delay requires maintaining a redundant topology that is robust against link failures.The characteristics of such a redundant topology are discussed subsequently.The topology is based on so called relay nodes,a neighbor that can provide one or more routes towards the sink with a smaller cost metric than the node itself has.Loops are inherently ruled out if packets are always forwarded to relay nodes.For instance,in a simple tree topology,the parent is the relay node and the cost metric is the hop count.In order to provide redundancy,every node is connected with at least two relay nodes,and is called redundantly con-nected.Two neighboring nodes can be redundantly con-nected by being each others relay,although having the same cost metric,only if they are both connected to the sink. This exception allows the nodes neighboring the sink to be redundantly connected and avoids having a link to the sinkas a single point of failure.In a(redundantly)connected network,all deployed nodes are(redundantly)connected.A node’s level L represents the minimal hop count to the sink according to the level of its relay nodes;i.e.,the relay with the least hop count plus one.The level is infinity if the node is not connected.The maximal hop count H to the sink represents the longest path to the sink,i.e.,if at every hop the relay node with the highest maximal hop count is chosen.If the node is redundantly connected,the node’s H is the maximum hop count in the set of its relays plus one, if not,the maximal hop count is infinity.If and only if all nodes in the network have afinite maximal hop count,the network is redundantly connected.The topology management function aims to maintain a redundantly connected network whenever possible.This might not be possible for sparsely connected networks,where some nodes might only have one neighbor and therefore can-not be redundantly connected by definition.Sometimes it would be possible tofind alternative paths with a higher cost metric,which in turn would largely increase the overhead for topology maintenance(e.g.,for avoiding loops).For the cost metric,the tuple(L,H)is used.A node A has the smaller cost metric than node B ifL A<L B∨(L A=L B∧H A<H B).(1) During the operation of the network,DiMo continuously monitors the links(as described in Section3),which allows the detection of degrading links and allows triggering topol-ogy adaptation.Due to DiMo’s redundant structure,the node is still connected to the network,during this neighbor search,and hence in the case of an event,can forward the message without delay.3.MONITORING ALGORITHMThis section describes the main contribution of this paper, a distributed algorithm for topology,link and node monitor-ing.From the underlying MAC protocol,it is required that an acknowledged message transfer is supported.3.1AlgorithmA monitoring algorithm is required to detect failed nodes within a given failure detection time T D(e.g.,T D=5min).A node failure can occur for example due to hardware fail-ures,software errors or because a node runs out of energy. Furthermore,an operational node that gets disconnected from the network is also considered as failed.The monitoring is done by so called observer nodes that monitor whether the target node has checked in by sending a heartbeat within a certain monitoring time.If not,the ob-server sends a node missing message to the sink.The target node is monitored by one observer at any time.If there are multiple observer nodes available,they alternate amongst themselves.For instance,if there are three observers,each one observes the target node every third monitoring time. The observer node should not only check for the liveliness of the nodes,but also for the links that are being used for sending data packets to the sink in case of a detected event. These two tasks are combined by selecting the relay nodes as observers,greatly reducing the network load and maximiz-ing the network lifetime.In order to ensure that all nodes are up and running,every node is observed at all times. The specified failure detection time T D is an upper bound for the monitoring interval T M,i.e.,the interval within which the node has to send a heartbeat.Since failure detec-tion time is measured at the sink,the detection of a missing node at the relay needs to be forwarded,resulting in an ad-ditional maximal delay T L.Furthermore,the heartbeat can be delayed as well,either by message collisions or link fail-ures.Hence the node should send the heartbeat before the relay’s monitoring timer expires and leave room for retries and clock drift within the time window T R.So the monitor-ing interval has to be set toT M≤T D−T L−T R(2) and the node has to ensure that it is being monitored every T M by one of its observers.The schedule of reporting to an observer is only defined for the next monitoring time for each observer.Whenever the node checks in,the next monitoring time is announced with the same message.So for every heartbeat sent,the old monitoring timer at the observer can be cancelled and a new timer can be set according the new time.Whenever,a node is newly observed or not being observed by a particular observer,this is indicated to the sink.Hence the sink is always aware of which nodes are being observed in the network,and therefore always knows which nodes are up and running.This registration scheme at the sink is an optional feature of DiMo and depends on the user’s requirements.3.2Packet LossWireless communication always has to account for possi-ble message losses.Sudden changes in the link quality are always possible and even total link failures in the order of a few seconds are not uncommon[2].So the time T R for send-ing retries should be sufficiently long to cover such blanks. Though unlikely,it is possible that even after a duration of T R,the heartbeat could not have been successfully for-warded to the observer and thus was not acknowledged,in spite of multiple retries.The node has to assume that it will be reported miss-ing at the sink,despite the fact it is still up and running. Should the node be redundantly connected,a recovery mes-sage is sent to the sink via another relay announcing be-ing still alive.The sink receiving a recovery message and a node-missing message concerning the same node can neglect these messages as they cancel each other out.This recov-ery scheme is optional,but minimizes the false positives by orders of magnitudes as shown in Section4.3.3Topology ChangesIn the case of a new relay being announced from the topol-ogy management,a heartbeat is sent to the new relay,mark-ing it as an observer node.On the other hand,if a depre-cated relay is announced,this relay might still be acting as an observer,and the node has to check in as scheduled.How-ever,no new monitor time is announced with the heartbeat, which will release the deprecated relay of being an observer.3.4Queuing PolicyA monitoring buffer exclusively used for monitoring mes-sages is introduced,having the messages queued according to a priority level,in particular node-missing messagesfirst. Since the MAC protocol and routing engine usually have a queuing buffer also,it must be ensured that only one single monitoring message is being handled by the lower layers atthe time.Only if an ACK is received,the monitoring mes-sage can be removed from the queue(if a NACK is received, the message remains).DiMo only prioritizes between the different types of monitoring messages and does not require prioritized access to data traffic.4.EV ALUATIONIn literature,there are very few existing solutions for mon-itoring the health of the wireless sensor network deployment itself.DiMo is thefirst sensor network monitoring solution specifically designed for event detection applications.How-ever,the two prominent solutions of Sympathy[3]and Me-mento[4]for monitoring general WSNs can also be tailored for event gathering applications.We compare the three ap-proaches by looking at the rate at which they generate false positives,i.e.,wrongly inferring that a live node has failed. False positives tell us something about the monitoring pro-tocol since they normally result from packet losses during monitoring.It is crucial to prevent false positives since for every node that is reported missing,a costly on-site inspec-tion is required.DiMo uses the relay nodes for observation.Hence a pos-sible event message and the regular heartbeats both use the same path,except that the latter is a one hop message only. The false positive probability thus determines the reliability of forwarding an event.We point out that there are other performance metrics which might be of interest for evaluation.In addition to false positives,we have looked at latency,message overhead, and energy consumption.We present the evaluation of false positives below.4.1Analysis of False PositivesIn the following analysis,we assume r heartbeats in one sweep for Memento,whereas DiMo and Sympathy allow sending up to r−1retransmissions in the case of unac-knowledged messages.To compare the performance of the false positive rate,we assume the same sweep interval for three protocols which means that Memento’s and Sympa-thy’s sweep interval is equal to DiMo’s monitoring interval. In the analysis we assume all three protocols having the same packet-loss probability p l for each hop.For Sympathy,a false positive for a node occurs when the heartbeat from the node does not arrive at the sink in a sweep interval,assuming r−1retries on every hop.So a node will generate false positive with a possibility(1−(1−p r l)d)n,where d is the hop count to the sink and n the numbers of heartbeats per sweep.In Memento,the bitmask representing all nodes assumes them failed by default after the bitmap is reset at the beginning of each sweep interval. If a node doesn’t report to its parent successfully,i.e.,if all the r heartbeats are lost in a sweep interval,a false positive will occur with a probability of p l r.In DiMo the node is reported missing if it fails to check in at the observer having a probability of p l r.In this case,a recovery message is triggered.Consider the case that the recovery message is not kept in the monitoring queue like the node-missing messages, but dropped after r attempts,the false positive rate results in p l r(1−(1−p l r)d).Table1illustrates the false positive rates for the three protocols ranging the packet reception rate(PRR)between 80%and95%.For this example the observed node is in afive-hop distance(d=5)from the sink and a commonPRR80%85%90%95% Sympathy(n=1) 3.93e-2 1.68e-2 4.99e-3 6.25e-4 Sympathy(n=2) 1.55e-3 2.81e-4 2.50e-5 3.91e-7 Memento8.00e-3 3.38e-3 1.00e-3 1.25e-4 DiMo 3.15e-4 5.66e-5 4.99e-67.81e-8Table1:False positive rates for a node with hop count5and3transmissions under different packet success rates.number of r=3attempts for forwarding a message is as-sumed.Sympathy clearly suffers from a high packet loss, but its performance can be increased greatly sending two heartbeats every sweep interval(n=2).This however dou-bles the message load in the network,which is especially substantial as the messages are not aggregated,resulting in a largely increased load and energy consumption for nodes next to the paring DiMo with Memento,we ob-serve the paramount impact of the redundant relay on the false positive rate.DiMo offers a mechanism here that is not supported in Sympathy or Memento as it allows sending up to r−1retries for the observer and redundant relay.Due to this redundancy,the message can also be forwarded in the case of a total blackout of one link,a feature both Memento and Sympathy are lacking.4.2SimulationFor evaluation purposes we have implemented DiMo in Castalia1.3,a state of the art WSN simulator based on the OMNet++platform.Castalia allows evaluating DiMo with a realistic wireless channel(based on the empiricalfindings of Zuniga et al.[8])and radio model but also captures effects like the nodes’clock drift.Packet collisions are calculated based on the signal to interference ratio(SIR)and the radio model features transition times between the radio’s states (e.g.,sending after a carrier sense will be delayed).Speck-MAC[7],a packet based version of B-MAC,with acknowl-edgements and a low-power listening interval of100ms is used on the link layer.The characteristics of the Chipcon CC2420are used to model the radio.The simulations are performed for a network containing80 nodes,arranged in a grid with a small Gaussian distributed displacement,representing an event detection system where nodes are usually not randomly deployed but rather evenly spread over the observed area.500different topologies were analyzed.The topology management results in a redun-dantly connected network with up to5levels L and a max-imum hop count H of6to8.A false positive is triggered if the node fails to check in, which is primarily due to packet errors and losses on the wireless channel.In order to understand false positives,we set the available link’s packet reception rate(PRR)to0.8, allowing us to see the effects of the retransmission scheme. Furthermore,thisfixed PRR also allows a comparison with the results of the previous section’s analysis and is shown in Figure1(a).The plot shows on the one hand side the monitoring based on a tree structure that is comparable to the performance of Memento,i.e.,without DiMo’s possibil-ity of sending a recovery message using an alternate relay. On the other hand side,the plot shows the false positive rate of DiMo.The plot clearly shows the advantage of DiMo’s redundancy,yet allowing sending twice as many heartbeats than the tree approach.This might not seem necessarily fair atfirst;however,in a real deployment it is always possible(a)Varying number of retries;PRR =0.8.(b)Varying link quality.Figure 1:False positives:DiMo achieves the targeted false positive rate of 1e-7,also representing the reliability for successfully forwarding an event.that a link fails completely,allowing DiMo to still forward the heartbeat.The simulation and the analysis show a slight offset in the performance,which is explained by a simulation artifact of the SpeckMAC implementation that occurs when the receiver’s wake-up time coincides with the start time of a packet.This rare case allows receiving not only one but two packets out of the stream,which artificially increases the link quality by about three percent.The nodes are observed every T M =4min,resulting in being monitored 1.3e5times a year.A false positive rate of 1e-6would result in having a particular node being wrongly reported failed every 7.7years.Therefore,for a 77-node net-work,a false positive rate of 1e-7would result in one false alarm a year,being the targeted false-positive threshold for the monitoring system.DiMo achieves this rate by setting the numbers of retries for both the heartbeat and the recov-ery message to four.Hence the guard time T R for sending the retries need to be set sufficiently long to accommodate up to ten messages and back-offtimes.The impact of the link quality on DiMo’s performance is shown in Figure 1(b).The tree topology shows a similar performance than DiMo,if the same number of messages is sent.However,it does not show the benefit in the case of a sudden link failure,allowing DiMo to recover immedi-ately.Additionally,the surprising fact that false positives are not going to zero for perfect link quality is explained by collisions.This is also the reason why DiMo’s curve for two retries flattens for higher link qualities.Hence,leaving room for retries is as important as choosing good quality links.5.CONCLUSIONIn this paper,we presented DiMo,a distributed algorithm for node and topology monitoring,especially designed for use with event-triggered wireless sensor networks.As a de-tailed comparative study with two other well-known moni-toring algorithm shows,DiMo is the only one to reach the design target of having a maximum error reporting delay of 5minutes while keeping the false positive rate and the energy consumption competitive.The proposed algorithm can easily be implemented and also be enhanced with a topology management mechanism to provide a robust mechanism for WSNs.This enables its use in the area of safety-critical wireless sensor networks.AcknowledgmentThe work presented in this paper was supported by CTI grant number 8222.1and the National Competence Center in Research on Mobile Information and Communication Sys-tems (NCCR-MICS),a center supported by the Swiss Na-tional Science Foundation under grant number 5005-67322.This work was also supported in part by phase II of the Embedded and Hybrid System program (EHS-II)funded by the Agency for Science,Technology and Research (A*STAR)under grant 052-118-0054(NUS WBS:R-263-000-376-305).The authors thank Matthias Woehrle for revising a draft version of this paper.6.REFERENCES[1] A.Mainwaring et al.Wireless sensor networks for habitatmonitoring.In 1st ACM Int’l Workshop on Wireless Sensor Networks and Application (WSNA 2002),2002.[2] A.Meier,T.Rein,et al.Coping with unreliable channels:Efficient link estimation for low-power wireless sensor networks.In Proc.5th Int’l worked Sensing Systems (INSS 2008),2008.[3]N.Ramanathan,K.Chang,et al.Sympathy for the sensornetwork debugger.In Proc.3rd ACM Conf.Embedded Networked Sensor Systems (SenSys 2005),2005.[4]S.Rost and H.Balakrishnan.Memento:A health monitoringsystem for wireless sensor networks.In Proc.3rd IEEE Communications Society Conf.Sensor,Mesh and Ad Hoc Communications and Networks (IEEE SECON 2006),2006.[5]M.Strasser,A.Meier,et al.Dwarf:Delay-aware robustforwarding for energy-constrained wireless sensor networks.In Proceedings of the 3rd IEEE Int’l Conference onDistributed Computing in Sensor Systems (DCOSS 2007),2007.[6]G.Tolle and D.Culler.Design of an application-cooperativemanagement system for wireless sensor networks.In Proc.2nd European Workshop on Sensor Networks (EWSN 2005),2005.[7]K.-J.Wong et al.Speckmac:low-power decentralised MACprotocols for low data rate transmissions in specknets.In Proc.2nd Int’l workshop on Multi-hop ad hoc networks:from theory to reality (REALMAN ’06),2006.[8]M.Zuniga and B.Krishnamachari.Analyzing thetransitional region in low power wireless links.In IEEE SECON 2004,2004.[9]Fire detection and fire alarm systems –Part 25:Componentsusing radio links.European Norm (EN)54-25:2008-06,2008.。

I. J. Computer Network and Information Security, 2017, 12, 36-44Published Online December 2017 in MECS (/)DOI: 10.5815/ijcnis.2017.12.05Monitoring of Military Base Station using Flooding and ACO Technique: An EfficientApproachAbdus SamadUniversity Women’s Polytechnic, F/O Eng g. & Tech., AMU, Aligarh, IndiaE-mail: asamad.uwp@amu.ac.inMohammed ShuaibDept. of Computer Science, Jazan University, Jazan, KSAE-mail: talkshuaib@Mohd Rizwan BegR B Group of Institutions (RBGI), Agra, IndiaE-mail: rizwanbeg@Received: 22 January 2016; Accepted: 12 September 2017; Published: 08 December 2017Abstract—Rapid development of Wireless sensor network led to applications ranging from industry to military fields. These sensors are deployed in the military base station such as battlefield surveillances. The important issues like security & DoS attacks play crucial role for wireless sensor network. Due to the limitations of resources, traditional security scheme cannot be employed efficiently. Therefore, designing a framework that can operate securely using smart intelligence technique is the best option. In this paper, an efficient way of detecting an intrusion using Flooding and Ant colony is proposed. The flooding technique enables the master agents to track the activity of intruder tampering the part of the network. The ACO identifies the path followed by the nodes and also the intruder, who wants to jam the whole wireless sensor network. The architecture strategically enables the Bait agents to detect the intruders threatening the network. The proposed framework is designed for the military station. It helps the base station to detect the intrusion and decide whether the activity is normal or terrestrial and send the signal to the nearest missile station situated near the intrusion location and destroy it in minimum time. The process of detecting the intrusion earlier not only helps to learn future attacks, but also a defense counter measures. Index Terms—Bait agent, Master agent, Intrusion detection, Flooding Ant Colony, Intrusion detection, DoS attack.I.I NTRODUCTIONProtection and security of the network is the main goal of the researchers and several researches in this direction have been reported in the literature. The various approaches include the potential of Artificial Intelligence, incorporating the biological system such as ACO and detection and defense from the DoS attacks [1], [2], [3]. The security of ground base station is one of the major area where different system of systems (SoS) architectures are applied; a set of independent heterogeneous networked systems cooperate for a common goal [4]. These SoS architectures consists of minimum a Base Station, a set of launchers and at least one sensor with a base station monitoring Unit. These units integrate all Command, Control, Computing, Communications and Intelligence [3], [5].The wireless sensor network (WSN) consists of a number of spatially distributed nodes that consist of sensors, processing elements and low power radio channels that provide wireless communication with each other as well as with the base station. The base station has larger power with high data rate as compared to sensor nodes. However, sensor node perform specific task for which they are designed at a particular location. The base station on the other hand plays the greater role and performs operation such as information gathering, node activation and networks. They also provide interface with other sensor networks. The advantages of WSNs technologies are remarkable that provide in an expansive way to install a network and greatly contributed worldwide in WSNs applications [6]. The military application such as battlefield is an important example where WSNs are widely used.Generally, thousands of sensor node connectivity work to sense various physical and environment characteristics. These sensors are arranged in the form of various clusters. Each cluster has a root node with a set of sensor. The cluster communicates well each other through route nodeor with a specialized node also known as a base station. WSNs is scattered in region where its installation is made to collect data through its sensor nodes. The most modern WSNs are bidirectional in nature to make communication both ways. They could be used to collect data from sensors transmit it to base station as well as transfer information from base station to sensors.The resent growth in the security systems demands a secure, reliable and cost effective wireless sensor network to detect intrusion in the Base station. In this paper a new model of security and monitoring system is purposed which utilizes the concept of bait system in a dynamic way. Baits including ideal agents and a master agent are deployed which captures all the activities or data within the real application.The rest of the paper is organized into eight sections. Section I is introduction. In section II, we describe the related work in detail. In section III, different types of attacks are discussed. Section IV describes some existing approaches. The proposed system is discussed in section V and VI. Section VII describes architecture of intrusion detection system and section VII concludes the paper.II.L ITRATURE R EVIEWThe development of sensor technology has become an important tool for modern military applications. The important issue while using this technology is how to install these sensors in the remote environment. There are different approaches to deploy these sensor networks in the battlefield depending upon the knowledge of the environment. If sufficient knowledge is available then sensors can be deployed in strategic manner where part of sensor can be used as bait for intruders. On the other hand in the absence of suitable information these sensors can be employed randomly [3], [7], [8].There are many intrusion detection frameworks to solve the problem of intrusion. To prevent the intrusion detection, Muraleedharan [3] proposed an Ant Colony Optimization based intrusion detection system. It is simulated and showed that the cognitive model has a performance of 90% and above during all run, whereas, dynamic and static model has 75% and 60 % performance respectively. The lifetime in cognitive model is reduced by 20%, whereas its reduction in static and dynamic is 10% and 20% respectively.Another approach is based on SWARM architecture for ground based air defense system in which the author purposed several distributed algorithm focused exclusively in the optimization of launcher SWARM performances. Those were based in non- cooperative competition in term of probability of intercepting or killing a threat. However, the missile launching mechanism is made in a static way [2], [5], [7]. Similarly, in [3] the authors purposed several cooperation and distributed algorithms for SWARM architecture applied to ground based air defense, however, it doesn’t handle the threats when they are out of range. The wireless sensor network (WSN) composed of numerous sensors and can adapt to extreme environment and have characteristics of small, low cost wireless communication sensors. These (WSN) also be deployed in adversary area, so the nature of communicating channels of (WSN) between sensor nodes makes node communication vulnerable to a variety of attacks. Due to constraints in its resources, WSN’s are especially sensitive to Denial-of-Services Attacks (DoS) [9]. A DoS attack is intent to prevent the normal use of network functions and communications [5], [10].A plethora of many DDoS defense scheme is reported in literature. In [11] the author distributed types of DDoS attacks and their remedial actions. A number of approaches such as Bloom Filter, Trace Back method, Independent Component Analysis and TCP flow analysis have been discussed. The various tools and software’s accustomed to handle DoS attacks in sensor networks are also discussed. The Connection Score scheme is another technique to overcome DDoS attacks that generally occurred at the application layer of TCP modified [12]. The connection is scored when attack occurs based on the available history and statistics analysis. These connections re-use resources which take lower scores and considered as adversary or malicious attacks.The real-time PSD converter based on FGPA to prevent shrew DDoS attacks which are low rate TCP targeted attacks [13]. The system uses component-reusable auto-correlation (AC) algorithm and adapted 2N-point real-valued Discrete Fourier Transform (DFT) algorithm.The researcher analyze various methods to prevent DDoS attacks based on traffic anomaly parameters, botnet flux identifications, neural networks, entropy variations, application layer DDoS defense and device level defense. Some traditional methods for instance trace back and packet filtering techniques are also discussed [14]. The intrusion prevention system handles DDoS detection and also analysis the role of network management systems to detect DDoS attacks with minimum losses [15]. The numerous information metrics that describe properties of network traffic data to the detection of low-rate and high-rate DDoS attacks are described [16]. All these matrices contain Shannon entropy, generalized entropy, Renyi’s entropy, Hartley entropy and Kullback leibler divergence. By the use of these techniques such as MIT Lincoln Laboratory, CAIDA and TUIDS DDoS datasets can check the effectiveness of each metric.In [17] the researcher also discussed the Game-theoretic defense framework that explains communication among an attacker and a defender during a one-shot, non-cooperative, zero-sum game DDoS attack. The new method has proposed to detect DDoS attacks at application layer that considers detection of AL-DDoS attack in high traffic [18]. This method includes a Real-time Frequency Vector (RFV) and attacks can be recognized by investigating the entropy of application layer-DDoS attacks and flash crowds.In order to obtain a secure, reliable and cost effective correct network to detect instruction a new security model is proposed. The proposed system initializes theconcept of bait system in a dynamic way to monitor the overall security measures.III.T YPES OF A TTACKBroadly attacks are classified into two categories based on methodology used known as active and passive attacks. When the attackers identify the security holes in the network and utilize those gaps to launch massive attacks they are termed as active attacks. In these attacks the attackers generally modify the packets, inject new packets or replicate information to gain advantage of security lapse. In passive attacks, the intruder always tries to extract crucial information of communication protocols and follow those information like normal sensors. In this way a large information come around the intruders through which secret or useful information could be extracted [19]. It is very different to identify the passive attackers in short span of time; however, active attacks are much stronger as compared to passive attacks.The influence of such attacks appears in different ways which are listed in Table 1.Table 1. Denial of Service Attacks by Protocol LayersA. Physical LayerThere are two types of attacks generally encountered at physical layer. These are:a)Jamming:Jamming is a kind of attack whichinterferes with the radio frequencies thatnetwork’s nodes are employing. Since, WSNs useradio based medium so there are more vulnerableto jamming. Jamming can interrupt minimal partof the network or it could be strong sufficient tointerrupt the entire network [20]. An intruder mayaffect the entire network when the jammingsources are randomly distributed in the entirenetwork.Jamming attacks in WSNs: Jamming attackscan be classified as constant, depictive, random orreactive [21]. In constant jamming attack, packetsare targeted and made correct during transmissionbetween WSN nodes. However, these attacks arenot significant, if attackers do not have compatibleenergy as targeted node. A deceptive jammer mixinformation in such a way that it look likelegitimate traffic. On the other hand a reactionjammer only transmits a jam signal. Defensestrategies such as frequency hopping and codespreading are required to protect the network. Toidentify the jamming attacks the jammed regionare to be identified one safe region. The routingprotocol must automatically route around jammedregion. Another strategy for defending againstjamming is to have nodes collaboratively identifythe jammed region. Node tampering is anotherphysical layer attacks that causes destruction ofnetwork.b)Tampering: This is another physical layer attack inwhich an intruder can remove expensive data byhaving physical access to a node. The node mayalso be altered or converted into malicious nodeand could be used as controlling node. Defensestrategy involves tamper-proofing the node’sphysical package. There are different approachesfor identifying Jamming attacks in WSNs. Nodedeployed in secured area could be saved up tosome extent; however, redundant nodes can beaffected by this threat and then route traffic aroundit.B. Link LayerThe collision and Interrogation are two types of attacks generally reported in link layer. When packets collide with each other, alteration in information at source and destination node appears. Therefore, differences in the checksum are obtained. Thus packet will be treated as invalid and discarded. An adversary may continually transmit messages in an attempt to generate large collisions in entire network. This requires retransmission of packets affected by the collision such as ACK or NACK control messages. With help of error correcting codes collisions can be avoided [5]. An attacker can consume a node’s resources by frequently transmitting RTS requests to obtain CTS responses from a under attack node [5]. Anti replay protection and strong link-layer authentication are some defense strategies against such type of attacks [23].Another link-layer threat to WSNs is the denial-of-sleep attack, which prevents the radio from going into sleep mode [24]. An attacker might choose to execute a denial-of-sleep attack over a simple jamming-based DoS attack on a WSN to limit the attack’s duration.C. Network Layera)Replayed Routing Information:In this case, anattacker may modify the routing information inorder to disturb traffic in the network [25]. Thistype of disruption attracts traffic from particularnode, may increase or decrease the routes orgenerates bogus/wrong messages.b)Black hole:A black hole is a specific attack inwhich a node drops all messages it receives as ifthe node doesn’t exist at all. An attacker mayperform another form of attack by selectivelyforwarding only certain messages and simplydropping others which is denoted by grey holes[26].c)Sinkhole: In a sinkhole attack, an attacker makes acompromised node look more attractive to nearbynodes by forging routing information [5].d)Sybil:In this attack, a single node presents avariety of identities to all other nodes in the WSN.It may deceive other nodes, and hence routes madebetween valid nodes may possibly be between avalid node and compromised node.D. Transport LayerA very common form attack appeared at transport layer is to send a large number of common packets aimed at a single destination [27]. The most common packets used are: TCP, ICMP, and UDP. The huge traffic deluge caused by these packets leads the network to no longer be able to distinguish between legitimate and malicious traffic. Basically all available resources such as bandwidth are used up and nothing is left for legitimate use causing the users to be denied the service of the network.De-synchronization is another type of attack detected at transport layer [26]. For example, repeatedly spoof messages to an end host causing that host to request the retransmission of missed frames. An attacker may degrade or even prevent the ability of the end hosts to successfully exchange data to instead waste energy which could otherwise be utilized by legitimate nodes in the network.E. Application LayerThis type of attack is known as Overwhelm attack. It results in consumption of whole bandwidth and energy. Its effect can be reduced using Rate-limiting and efficient data aggregation algorithms. [28].Path-based DoS attack is also belongs to application layer. It involves transferring bogus or replayed packets into the network at external or farthest nodes. Hence prevents valid nodes to transfer data to the base station. Anti replay protection and packet authentication can prevents these attacks [26]. This attack consumes network bandwidth and drains node energy. However, it affects only when particular sensor readings triggers communication and not applicable when sensor readings are sent at fixed intervals.F. Denial of service (DoS) ATTACKSIn the previous section, a variety of possible attacks to sensor network is discussed. Since sensor nodes are deployed over a large geographical area therefore they are more vulnerable to any of these attacks [6].Denial of service attacks also known as DoS attacks is the most common attacks to wireless sensor network security. These attacks use wireless communication links to starve the network legitimate traffic [29]. The DoS attacks do not attempt to destroy the complete system, however, the pressure of these attacks directly affect the functioning of the network users. Sometimes users are deprived of those services which are meant to be available with them. Often DoS attacks badly affect the network capacity to perform its expected functions [5, 30]. In a WSN, DoS attacks can be classified into following forms [31, 32]:∙Utilization of resource: Since all communication between nodes is done using wireless / radio, they may be easily be targeted.∙Flooding or Devastation of data: It is a technique to send a large number of packets to a single destination.Making overdose of fake message breaks off the wireless communication channels which result noise or collision. In this way the available resource could not be left for legitimate use. These attacks are also known as path-based DoS attacks.∙Physical damage: The DoS attack can exhaust the limited energy and block the communication bandwidth. They can affect the functionality of transceiver by targeting Mac protocols. These attacks can be controlled by carefully running sensor described target.IV.E XISTING A PPROACHA. Swarm ArchitectureSwarm intelligence is defined as a study of behavior of biological species such as colonies of ants. In this approach the dynamic behavior of biological spaces is addressed and initialized to make the system intelligent [33] [34]. They are compatible with WSN routing and considered most powerful paradigms of computational intelligence. Various efficient routing techniques can be addressed by the help of SI and WSN.B. Ant Colony OptimizationIt is a met heuristic approach to find out the best path in construction graph. Highly dynamic behavior of ant is utilized to deploy the system. The basic idea of the ant colony optimization (ACO) is searching the food by using the shortest path without directly. Indirect communication between real ants could be made with the help of pheromone. Ants are classified in two categories: In ACO approach ants find out the good quality of food in a good quantity and stored it to their nest. When ants return to their nest they use trail of chemical pheromone, which also guides other ants to reach that particular place where the food source is stored [35]. The working of ACO is shown with the help of flow chart given in Fig. 1.Fig.1. Flow Chart of ACOV.T HE P ROPOSED S YSTEMIn the topology of bait system, a network or bait can be attack in several ways of DoS i.e. Denial of service attacks. The security branch at any ideal agent could affect the whole performance of the application. In the purposed topology the sensors that are idle during routing are termed as “Bait” nodes i.e. upon detecting any intrusion the ideal agent triggers these nodes to have virtual communication with the attacked node and transfer the required information to the main master agent. This virtual communication is dedicated to learn the intrusion.A. Architecture of Bait TopologyFig. 2 shows that there are three baits and each comprises of many single bait connected with master bait. The main function of master bait is to update the command and control center of any intrusion. The dotted line shows the connection from command and control center to the master in connected bait network. The Command and control center will perform the following functions:1)Optimal assignment of engagements to specificmissile launchers: optimization is understood in terms of probability minimization of a threat successfully attacking the protected area.2)Commands the best missile launchers to engage thethreat. 3)Requests kill assessment to the missile launcher4)There is an antenna which will transfer the signalsfrom command and control center to the designated missile station for the attack on the intruderFig.2. Architecture of Bait TopologyB. Base Station Monitoring using Bait Agents and the Missile StationsBase station is initialized secretly by deploying the group of baits in random manner using UAVs. Fig. 3 shows that the baits B1, B2 etc. are deployed securing inside the base station. These baits have master bait which performs the following functions:a)Communication with all the bait in its vicinityb)Update the C & CC (command and control centre) Each master node in the bait network communicates with all other bait using flooding technique. It is the simplest routing algorithm, which is primarily used when there is no existing knowledge about the network’s topology. In the most basic form of flooding, every incoming packet is forwarded to every receiver’s neighbor, except the one from which the packet was received. Each node constantly updates its table and sending this information in the form of table to the master node. In this way the master node can get information which node is attacked or stop working. If any node stops working or got tampered the master update this information to the CC & C for necessary action and reshuffle the baits to the new position to recover the distance covered by the attacked node. The Baits in the base station are connected together using Ant colony optimization to recover the Jamming attack by the enemy. If any of the whole bait got jammed the upcoming bait network using ACO can detect this and transmit this information to the CC & C for the necessary actionIn a military base station, baits including ideal agents and a master agent are deployed which captures all the activities or data within the real application. The whole performance of bait is measured by quality of data collected and it’s processing. Baits main function is to detect an intrusion. The route of sending the information to command and control center needs to be shortest and fastest so that there is no transmission problem at the timeof sending information. Command and control center receive the information of all the activities from each bait master agent. The information is processed in command and control Centre and a decision is made whether the activity is normal or terrestrial. This decision is very crucial because a wrong decision can lead to destruction of several lives. If the activity is rejected i.e. the activity is normal no further action is being taken. But if the activity is accepted as a terrestrial activity then all the missile station are alerted by command and control center. On deleting the activity as a terrestrial activity, command centre issues a command to all missile station. The command includes the co-ordinate of the place of activity. All the missile stations get the command and the nearest missile station becomes active and forwards the command to the launcher. On receiving on order from missile station, launcher immediate launches the missile to the given co-ordinates. In this way to place of instruction is destroyed. This is how a base station is secured by a bait system.VI.C OMPONENT OF P ROPOSED S YSTEMIdeal agent/Bait agent: It is the smallest unit of bait system and deployed in monitored area to capture the information from environment to the master ideal agent. In bait, there are many ideal agents who work together and keep rotating in a circular motion to monitor some area and collect sensitive data.Master agent: In single bait, there is one master ideal agent whose work is to watch the communication link, monitoring the behavior of ideal agent, receives their response and report it to the command and control center. Command and control center: The bait system has one command and control center which receives the information from master agent. Here, the information is analyzed whether the activity is normal or terrestrial.Fig.3. Base Station Monitoring using Bait Agents and the MissileStationsCommand Centre sends the information to missile station if the activity is found to be unsatisfactory. Moreover, command and control center can control the ideal agent in bait to deal witch some special event as gamming attacks.Missile station: It receives the command from command and control center. The co-ordinates of destination for launching the missile are given by control center. If the missile station is nearest to the destination it will activate and launch the missile.Bait Network: In bait network there are many ideal agents which are connected to a single master agent. Bait agent rotate in a circular manner to detect any activity in their area. Every bait agent has its particular area and reports all the activities to its master agent.Missile station: There are many missile station developed at military base station are directly connected to control center, missile stations receives the command from control center in which co ordinations of place are given. The missile stationVII.A RCHITECTURE OF I NTRUSION D ETECTIONSYSTEM The main aim of this architecture is to overcome the different DoS attacks in physical layer likea)Tampering–where only the monitoring node(Bait) got jammed or got affected.b)Jamming- where a group of bait node with themaster node got jammed or got affected.In a base station many types of bait are deployed in random manner using UAVs. A bait network comprises of many Bait agent and from those agent, one agent acts as a master agent. The Bait agent in a Bait network rotates in a circular motion and monitors their respective area in order to collect sensitive data. If any intrusion is found by any bait agent update master agent using flooding and master agent forwards the information to command and control center. Which is near to the place becomes active and issues an order to the launch missile.A. TamperingIn Tampering, an intruder may enter in the area of a particular agent and try to capture the information. If any Bait “X” has been attacked by the enemy in any of the bait network then it will get disconnected from the bait network. Since every other nodes maintains a global table of other nodes connection in that bait network, and this table is updated and flooded to all other nodes in the network at regular interval by PING and ACK signals. The Bait “X” will not reply ACK to other nodes, so every node will update the table that “X” bait is not reachable when the local master will also not get the ACK from Bait “X”, s o it will check the table of other nodes table for the connectivity of bait “X”. If in those table it was shown that Bait “X” is not reachable then it will automatically inform the master node and master node will automatically updates this information to CC & C for necessary action. An example of such system is shown in Fig. 4.。

C2Cl2F4 四氟⼆氯⼄烷C2Cl3F3 三氟三氯⼄烷C2Cl4F2 四氯⼆氟⼄烷C2Cl6 六氯⼄烷C2ClF5 五氟氯⼄烷C2H3Cl3 C2H3Cl3 三氯⼄烷C2H4F2 C2H4F2 (1,1-⼆氟⼄烷C2H4O2 C2H4O2 甲酸甲酯C2H5Br C2H5Br ⼄基溴C2H5Cl C2H5Cl ⼄基氯C2HCl5 C2HCl5 五氯⼄烷C4F8 C4F8 ⼋氟环丁烷C4H4O C4H4O 呋喃C5H10 C5H10 戊烯Cadmium pollution 镉污染Cairo Guidelines and Principles 关于危险废物的环境⽆害管理开罗准则和原则calibrated fluxes 校准流量; 校准通量calibration 校准Campaign for the Conservation of the Water's Edge 保护河海边缘运动Canadian Environmental Protection Act 加拿⼤环境保护法canopy 林冠; 树冠canopy density 林冠郁闭度canopy manipulation 林冠修整; 林冠控制can-type precipitation gauge 罐式⾬量计cap (on production, consumption) ⽣产或消费限额; 限度carbide 碳化; 碳化物; 碳化钙carbon canister 活性碳罐carbon cycle 碳循环carbon dioxide (CO2) ⼆氧化碳carbon dioxide ice 固态⼆氧化碳carbon disulphide ⼆硫化碳carbon families 碳族化合物carbon hexachloride 六氯⼄烷carbon material 碳材料carbon monoxide (CO) ⼀氧化碳carbon oxygen sulphide (COS) 氧硫化碳; 碳酰硫carbon oxysulphide 氧硫化碳carbon tetrachloride (CCl4) 四氯化碳carbon tetrafluoride 四氟化碳carbonic acid (H2CO3) 碳酸carbonic acid gas 碳酸⽓; ⼆氧化碳carbonic oxide ⼀氧化碳carbonyl sulphide 氧硫化碳; 碳酰硫carrying capacity 容纳量; 装载量; 负荷量; 负担能⼒CAS 化学⽂摘社; ⼤⽓科学委员会cascade impactor 阶式碰撞采样器cascade shower 级联簇射catalysis 催化作⽤catalyst 催化剂catalyst-equipped passenger car 装有催化净化废⽓系统的⼩客车catalytic chain 催化循环catalytic converter 催化转化器catalytic cycle 催化循环catalytic exhaust system 排⽓催化系统catalytic ozone destruction cycle 臭氧的催化分解循环catchment 汇⽔; 集⽔cation exchange capacity 阳离⼦交换能⼒cation exchanger 阳离⼦交换剂; 阳离⼦交换器CBrF3 三氟溴甲烷CCCO ⽓候变化与海洋委员会CCl2F2 ⼆氟⼆氯甲烷CCl2FCCl2F 对称四氯⼆氟⼄烷CCl3CHCl2 五氯⼄烷CCl3F 三氯氟甲烷CCl4 四氯化碳，四氯甲烷CClF2CClF2 对称四氟⼆氯⼄烷CClF2CF3 五氟氯⼄烷CClF3 三氟氯甲烷ceiling value 值; 额cell line 细胞株; 细胞系cell methode 分格法cellular plastic 泡沫塑料CERESIS 南美地震学区域中⼼certification requirements 获得许可的必要条件资格CF2ClCCl2H CF2ClCCl2H (1,1,2-三氯-2,2-⼆氟⼄烷CF3CF3 CF3CF3 六氟⼄烷CF4 CF4 四氟甲烷，四氟化碳CFC 氯氟碳化合物; 含氯氟烃CFC 10 CFC 10 四氯化碳，四氯甲烷CFC 11 CFC 11 三氯氟甲烷CFC 110 CFC 110 六氯⼄烷CFC 112 CFC 112 四氯⼆氟⼄烷CFC 113 CFC 113 三氟三氯⼄烷CFC 114 CFC 114 四氟⼆氯⼄烷CFC 115 CFC 115 五氟氯⼄烷CFC 116 CFC 116 六氟⼄烷CFC 12 CFC 12 ⼆氟⼆氯甲烷CFC 120 CFC 120 五氯⼄烷CFC 122 CFC 122 三氯⼆氟⼄烷CFC 13 CFC 13 三氟氯甲烷CFC 13B1 CFC 13B1 三氟溴甲烷CFC 14 CFC 14 四氟甲烷CFC 140a CFC 140a (1,1,1-三氯⼄烷CFC 142b CFC 142b (1,1-⼆氟-1-氯⼄烷CFC 152a CFC 152a (1,1-⼆氟⼄烷CFC 160 CFC 160 ⼄基氯CFC 160B CFC 160B ⼄基溴CFC 20 CFC 20 三溴甲烷CFC 21 CFC 21 ⼆氯氟甲烷CFC 22 CFC 22 ⼆氟氯甲烷CFC 23 CFC 23 三氟甲烷CFC 32 CFC 32 ⼆氟甲烷CFC 40 CFC 40 甲基氯CFC 40 B CFC 40 B 甲基溴CFC 500 CFC 500 (500制冷剂CFC 502 CFC 502 (502制冷剂CFC 503 CFC 503 (503制冷剂CFC 504 CFC 504 (504制冷剂CFC 611 CFC 611 甲酸甲酯CFC C318 CFC C318 ⼋氟环丁烷CFC refrigerant 氯氟碳化合物制冷剂CFC refrigeration fluid 氯氟碳化合物制冷液CFC release rate 氯氟碳化合物的排放速度CFM 氟氯甲烷CH2=CHCl CH2=CHCl 氯⼄烯CH2Cl2 CH2Cl2 ⼆氯甲烷CH2ClCH2Cl CH2ClCH2Cl 对称⼆氯⼄烷CH2F2 CH2F2 ⼆氟甲烷CH3Br CH3Br 甲基溴CH3CCl3 CH3CCl3 (1,1,1-三氯⼄烷CH3CClF2 CH3CClF2 (1,1-⼆氟-1-氯⼄烷CH3CH(Cl)CH2Cl CH3CH(Cl)CH2Cl (1,2-⼆氯丙烷CH3CH2Br CH3CH2Br ⼄基溴CH3CH2CHCl2 CH3CH2CHCl2 (1,1-⼆氯丙烷CH3CHCl2 CH3CHCl2 (1,1-⼆氯⼄烷CH3CHF2 CH3CHF2 (1,1-⼆氟⼄烷CH3Cl CH3Cl 甲基氯CH4 CH4 甲烷change in consumer attitudes 消费者态度的变化change in weather pattern 天⽓模式的变化; 天⽓型的变化changes of acitity 酸度的变化changing atmosphere 变化中的⼤⽓; ⼤⽓变化changing composition (of the atmosphere) ⼤⽓成分的变化charge 费charges on water pollution ⽔污染费Charter on Ground Water Management 地下⽔管理章程CHBr3 CHBr3 三溴甲烷CHCl=CCl2 CHCl=Cl2 三氯⼄烯CHCl2CCl3 CHCl2CCl3 五氯⼄烷CHCl2CH2Cl CHCl2CH2Cl (1,1,2-三氯⼄烷CHCl2F CHCl2F ⼆氯氟甲烷CHCl3 CHCl3 三氯甲烷CHClF2 CHClF2 ⼆氟氯甲烷Chemical Abstracts Service (CAS) 化学⽂摘社chemical barrier 化学屏蔽chemical burn 化学性灼伤chemical change 化学变化chemical cleaning of coal 煤的化学净化chemical conversion 化学转化Chemical Co-ordinating Centre 化学问题协调中⼼chemical dump 化学废料chemical emergency 化学紧急事故chemical intermediate 化学中间产品; 化学半成品chemical name 化学名chemical oxygen demand (COD) 化学需氧量chemical poisoning 化学品中毒chemical reactivity 化学反应性chemical residence time 化学品停留时间; 化学品存在时间chemical safety 化学安全chemical specialities 化学的各种专业chemical substitute 化学代⽤品; 化学替代物质chemical theory 化学理论chemical trace constituent 化学痕量成分chemical transformation 化学变化chemical transmitter 化学传递介质chemically inert 不起化学作⽤的; 化学惰性的chemically reactive substance 化学活性物质chemically-fixed energy 化学能; 化学固定能chemistry of atmosphere ⼤⽓化学chemo... 化学...chemoautotroph 化学⾃养⽣物chemosphere 光化层CHF3 CHF3 三氟甲烷chlorethyl ⼄基氯chlorhydrogenation 氯氢化作⽤chloride 氯化; 氯化物chloride prescrubber 氯化物预洗净⽓剂chlorinated 氯化的chlorinated alkane 氯化烷烃chlorinated hydrocarbon 氯化碳氢化合物chlorinated hydrocarbon refrigerant 氯化碳氢化合物制冷剂chlorinated paraffin 氯化⽯蜡; 氯化烷烃chlorination 氯化作⽤; 在⽔中加氯chlorine catalysis 氯的催化作⽤chlorine chemistry 氯化学chlorine dioxide (ClO2) ⼆氧化氯chlorine monoxide (Cl2O) 氧化氯chlorine nitrate (ClONO2) 硝酸氯chlorine oxide radical 氧化氯游离基chlorine oxides (ClOx) 氯的氧化物chlorine peroxide 过氧化氯chlorine radicals 氯游离基chlorine reservoir 氯的吸收库chlorine sink 氯的吸收汇chlorine system 氯的化学系统; 氯的化学循环chlorine theory 氯理论chlorine(-containing) substance 含氯物质chlorine-bearing compound 含氯物质chlorine-bearing reservoir 氯的吸收库chlorinolysis 氯解chloroalkane 氯化烷烃chlorocarbon 氯化碳氢化合物chlorocarbon refrigerant 氯化碳氢化合物制冷剂chlorodifluoromethane (CHClF2) ⼆氟氯甲烷chloroethane 氯⼄烷chloroethylene ⼆氯化⼄烯chlorofluorocarbon (CFC) 氯氟碳化合物; 含氯氟烃chlorofluorocarbon refrigerant 氯氟碳化合物制冷剂chlorofluoroethane 氟氯⼄烷chlorofluoromethane (CFM) 氟氯甲烷chloroform (CHCl3) 氯仿; 三氯甲烷chlorohydrocarbon 氯化碳氢化合物chloromethane 氯甲烷chloropentafluoroethane (C2ClF5) 五氟氯⼄烷chlorophenols 氯酚chlorotrifluoromethane (CClF3) 三氟氯甲烷C-horizon 母质层; C层chromatophore cell ⾊素细胞CIDIE 国际发展机构环境委员会circle of latitude 纬度圈circulating fluidized bed combustor 循环流化床燃烧室circulation pattern of the atmosphere ⼤⽓环流模式circumpolar vortex 环极涡旋; 绕极涡旋CITES 濒危野⽣动植物物种国际贸易公约Cl Cl 氯; 氯原⼦Cl2 Cl2 氯分⼦Cl2C=CCl2 Cl2C=CCl2 四氯⼄烯Cl2O Cl2O 氧化氯Cl3CCCl3 Cl3CCCl3 六氯⼄烷classified facility 按可能引起污染的程度被定级设施clean air 清洁空⽓; 新鲜空⽓Clean Air Act 空⽓清洁法clean atmosphere 天然⼤⽓; 洁净⼤⽓clean rain ⼲净的⾬; 没有被污染的⾬clean technologies 不引起污染的技术; ⼲净的技术clean use of coal 煤的⼲净⽤法cleaner technologies 清洁技术; 净化技术cleaning solvent 洗涤液; 洗涤溶剂cleanup activities 清洁活动; 净化活动clear sky 晴空clearing-house mechanism [UNEP] 资料交换所机制体制CLICOM CLICOM 不译CLICOM facility [WMO] CLICOM设施climagram ⽓候图CLIMAT broadcast CLIMAT⼴播CLIMAT reporting station [WWW] CLIMAT报告站CLIMAT TEMP reporting system [WWW] CLIMAT TEMP报告系统climate alert ⽓候警报climate applications ⽓候应⽤Climate Applications Referral System ⽓候应⽤检索系统climate change ⽓候变化Climate Change Detection Project ⽓候变化检测计划Climate Computing (CLICOM) CLICOM (不译)climate control ⽓候控制climate data centre ⽓候资料中⼼climate data management ⽓候资料管理climate diagnostic ⽓候分析climate forcing ⽓候作⽤⼒climate indicator ⽓候指⽰物climate information ⽓候资料climate model ⽓候模型climate modelling 建⽴⽓候模型climate monitoring ⽓候监测climate observing station ⽓候观测站climate process ⽓候过程climate record ⽓候记录climate science ⽓候科学climate sensitivity ⽓候敏感性climate system monitoring (CSM) ⽓候系统监测climate trend ⽓候趋势climate variation ⽓候变化climate warming ⽓候变暖; ⽓温升⾼climate watch ⽓候监视climate-sensitive activity 影响⽓候的活动; 对⽓候敏感的活动climatic anomaly ⽓候异常; ⽓候距平climatic atlas ⽓候图集climatic change ⽓候变化climatic control ⽓候控制climatic cycles ⽓候循环; ⽓候周期climatic data ⽓候资料climatic divide ⽓候分界climatic effects ⽓候效应climatic element ⽓候要素climatic event ⽓候现象; ⽓候事件climatic facilities ⽓候治疗设施climatic factors ⽓候因⼦climatic forecast ⽓候预报; ⽓候展望climatic hazard 不测风云的危险性; ⽓候异常的危险性climatic model ⽓候模型climatic optimum ⽓候适宜期climatic record ⽓候记录climatic region ⽓候区climatic scourge ⽓候灾害climatic shift ⽓候改变climatic stress ⽓候限制; ⽓候压⼒climatic upheaval ⽓候激烈变化climatic variability ⽓候的可变性如需转载，请注明来⾃：FanE『翻译中国』http;//climatic variation ⽓候变化climatic zone ⽓候带climatography ⽓候志climatological chart ⽓候图climatological forecast 以⽓候学⽅法预报climatological station ⽓候站climatologist ⽓候学家climatology ⽓候学ClNO2 ClNO2 硝酰氯ClO2 ClO2 过氧化氯ClONO2 ClONO2 硝酸氯closed forest 密⽣林; 郁闭林closed-cup test 闭杯法试验closed-loop control (of fuel metering) 燃料计量的闭回路控制cloud albedo 云的反照率cloud amount 云量cloud climatology 云⽓候学cloud cover 云量cloud droplets 云滴cloud field 云区cloud physics 云物理学cloud process 成云过程; 云形成过程cloud system 云系cloudiness 云量cloud-radiation feedback 云和辐射相互作⽤; 云-辐射反馈作⽤cloud-top height 云顶⾼度cloud-top temperature 云顶温度cloudy 多云ClOx ClOx 氯的氧化物CMM 海洋⽓象学委会CO2 equivalent ⼆氧化碳当量CO2-induced changes (of climate) ⼆氧化碳引起的⽓候变化coal beneficiation 选煤coal cleaning plant 选煤⼚coal washing 洗煤COARE 海洋⼤⽓耦合响应实验Coast Earth Station 海岸地⾯站coastal area 沿海区; 海岸区coastal climate 沿海⽓候coastal development 滨海地区的发展coastal evolution 海岸的演变coastal fog 岸边的雾; 岸雾coastal ocean 海洋边缘; 近岸海洋coastal protected area 沿海保护区coastal sea 海洋边缘; 近岸海洋coastal shelf 沿海⼤陆架coastal waters ⽔体边缘; 近岸⽔体COD 化学需氧量COH 雾系数cold start emissions 冷起动时排出的废⽓collection of household refuse 家庭垃圾的收集colonizing species 群居物种column content of ozone ⼤⽓⽓柱中的臭氧含量column of ozone ⼤⽓⽓柱中的臭氧column of the atmosphere ⼤⽓⽓柱combating climate change 防备⽓候变化combustion emissions 燃烧废⽓combustion plant 燃烧设施; 燃烧车间combustion source ⽕源; ⽕箱; 燃烧室combustor 燃烧室; 燃烧器commercial applications 商业应⽤commercial lead time 商品从开始设计到投⼊市场所需的时间commercially available substitute 可在市场上买到的代⽤品Commission for Aeronautical Meteorology 航空⽓象学委员会Commission for Agricultural Meteorology 农业⽓象学委员会Commission for Atmospheric Sciences ⼤⽓科学委员会Commission for Basic Systems (CBS) 基本系统委员会Commission for Climatology (CCl) ⽓候学委员会Commission for Marine Meteorology 海洋⽓象学委员会Commission for Special Applications ofMeteorology.. ⽓象学和⽓候学特殊应⽤委员会Commission Initiative in the Field ofthe Environ.. 欧洲共同体委员会环境领域计划Committee for Climate Changes and the Ocean ⽓候变化和海洋委员会Committee of International Development 国际发展机构环境委员会Committee of International Development 国际发展机构环境委员会Committee of the Whole 全体委员会common name 通⽤名称compacted soil 紧实⼟Compendium on Low- and Non-waste Technologies 低废和⽆废技术概要completely halogenated 全氯化的compliance 遵守compliance delay 延期遵守; 延期执⾏component 成分; 组分composition of CFCs 氯氟碳化合物的成分compound organic matter 复合有机物compressed natural gas 压缩天然⽓compression ratio 压缩⽐compressive resistance 抗压强度; 压应⼒; 抗压⼒compulsory measures 强制性措施concentration basin 浓缩池; 选矿槽concentration factor 浓缩系数; 富集系数concentration level 浓缩⽔平; 富集⽔平condensate 冷凝; 冷凝液Conference of Experts on Climate and Mankind ⽓候和⼈类问题专家会议Conference on Climate Change and Greenhouse Gas ⽓候变化和致温室效应⽓体问题会议Conference on Environment and Development 环境与发展会议 (环发会议) conservation 保护; 保养; 养护; 维护conservation area 保护区conservation of biological diversity 维护⽣物的多样性conservation of cilmate 保护⽓候conservation of genetical diversity 维护遗传的多样性conservation of landscape 保护风景; 保护景观conservation of nature 保护⾃然; ⾃然保护conservation policy 保护政策conservationist 提倡保护⾃然资源的⼈consignment (of waste) 废物的托运consumption area (of ozone depleting substances) 消耗臭氧物质的消费领域contactant (photo)sensitizer 致光敏物质containment (of controlled substances) 控制物质的限制使⽤containment (of solid wastes) 固态废物的限制地区contaminant 污染物contaminated 被污染的content 含量contigency plan 应急计划continental ice sheet ⼤陆冰原continuous flow bioassay 连续流动活体检定; 连续流动⽣物测定continuous sampling 连续采样control 管制; 控制; 管理; 防治; 对照control of residues of pesticides 残留农药的控制control period 控制期间; 管制期间controlled 受控制的; 受管制的; 受节制的controlled dumping 有控制地倾弃controlled landfilling 有控制地⽤垃圾填地controlled oxidation 受控氧化作⽤controlled substance 控制物质; 管制物质controlled tipping 有控制地倾弃Convention for the Prevention of Marine 防⽌陆源物质污染海洋公约Convention for the Protection of the 保护世界⽂化和⾃然遗产公约Convention for the Protection of the Ozone Layer 保护臭氧层公约Convention on Early Notification of a Nuclear Accident 核事故及早通报公约Convention on Fluorochlorohydrocarbons 关于含氯氟烃的(维也纳)公约Convention on International Trade in Endangered S 濒危野⽣动植物物种国际贸易公约Convention on Long-range Transboundary Air Pollution 长程越界空⽓污染公约Convention Trust Fund 公约信托基⾦conventional gasoline engin 传统汽油发动机conventional tip (uncompacted) 传统倾弃办法不压实conversion time 转换时间conversion to alternative fuels 转换到代⽤燃料coolant 冷却剂; 冷却液; 致冷液cooling of the atmosphere 冷却⼤⽓co-operating agency 合作机构Co-ordinating Committee on the Ozone Layer 臭氧层问题协调委员会core 岩⼼; 冰⼼core sampler 岩⼼取样器; 冰⼼取样器core-drilling 取⼼钻进; 取⼼钻井corer 岩⼼取样器; 冰⼼取样器Coriolis force 科⾥奥利⼒corona of the terrestrial atmosphere 地球⼤⽓上层地冕COS COS 氧硫化碳; 碳酰硫cosmic radiation 宇宙辐射cosmic-ray shower 宇宙线簇射cost impact 成本影响; 成本冲击cost-benefit analysis 成本效益分析cost-effective 成本效率⾼的; 效率⾼成本低的cost-effectiveness 成本效率cost-effectiveness analysis 成本效率分析cost-offsetting advantage 抵补成本的优势cost-optimal 最合算的; 最经济的counter-claim 反诉; 反要求Coupled Ocean-Atmosphere Response Experiment 海洋⼤⽓耦合响应实验cradle to grave management 由始⾄终的管理crime against the environment 对环境的犯罪; 破坏环境罪critical load 临界负荷critical loads approach 临界负荷法critical pH 临界pH值; 临界酸碱度crop damage ⾕物损害crop failure ⾕物歉收crop monitoring 作物监测crop pest 作物病⾍害crop plant 农作物; 作物crop tree 主伐⽊; 主林⽊croplands 耕地cropping system 耕作制度cross-section 截⾯; 横截⾯cryofluorane 四氟⼆氯⼄烷。