Global ETD Search

131	Adaptive Real-time Anomaly Detection for Safeguarding Critical Networks Ring Burbeck, Kalle January 2006 (has links) Critical networks require defence in depth incorporating many different security technologies including intrusion detection. One important intrusion detection approach is called anomaly detection where normal (good) behaviour of users of the protected system is modelled, often using machine learning or data mining techniques. During detection new data is matched against the normality model, and deviations are marked as anomalies. Since no knowledge of attacks is needed to train the normality model, anomaly detection may detect previously unknown attacks. In this thesis we present ADWICE (Anomaly Detection With fast Incremental Clustering) and evaluate it in IP networks. ADWICE has the following properties: (i) Adaptation - Rather than making use of extensive periodic retraining sessions on stored off-line data to handle changes, ADWICE is fully incremental making very flexible on-line training of the model possible without destroying what is already learnt. When subsets of the model are not useful anymore, those clusters can be forgotten. (ii) Performance - ADWICE is linear in the number of input data thereby heavily reducing training time compared to alternative clustering algorithms. Training time as well as detection time is further reduced by the use of an integrated search-index. (iii) Scalability - Rather than keeping all data in memory, only compact cluster summaries are used. The linear time complexity also improves scalability of training. We have implemented ADWICE and integrated the algorithm in a software agent. The agent is a part of the Safeguard agent architecture, developed to perform network monitoring, intrusion detection and correlation as well as recovery. We have also applied ADWICE to publicly available network data to compare our approach to related works with similar approaches. The evaluation resulted in a high detection rate at reasonable false positives rate. / <p>Report code: LiU-Tek-Lic-2006:12.</p> intrusion detection anomaly detection real-time clustering adaptation IP networks Computer Sciences Datavetenskap (datalogi)
132	Neural Network-based Anomaly Detection Models and Interpretability Methods for Multivariate Time Series Data Prasad, Deepthy, Hampapura Sripada, Swathi January 2023 (has links) Anomaly detection plays a crucial role in various domains, such as transportation, cybersecurity, and industrial monitoring, where the timely identification of unusual patterns or outliers is of utmost importance. Traditional statistical techniques have limitations in handling complex and highdimensional data, which motivates the use of deep learning approaches. The project proposes designing and implementing deep neural networks, tailored explicitly for time series multivariate data from sensors incorporated in vehicles, to effectively capture intricate temporal dependencies and interactions among variables. As this project is conducted in collaboration with Scania, Sweden, the models are trained on datasets encompassing various vehicle sensor data. Different deep learning architectures, including Long Short-Term Memory (LSTM) networks and Convolutional Neural Networks (CNNs), are explored and compared to identify the most suitable model for anomaly detection tasks for the specified time series data and CNN found to perform well for the data used in the study. Furthermore, interpretability techniques are incorporated into the developed models to enhance their transparency and provide insights into the reasons behind detected anomalies. Interpretability is crucial in real-world applications to facilitate trust, understanding, and decision-making. Both model-agnostic and model-specific interpretability methods were employed to highlight the relevant features and contribute to the interpretability of the anomaly detection models. The performance of the proposed models is evaluated using test datasets with anomaly data, and comparisons are made against existing anomaly detection methods to demonstrate their effectiveness. Evaluation metrics such as precision, recall, false positive rate, F1 score, and composite F1 score are employed to assess the anomaly detection models' detection accuracy and robustness. For evaluating the interpretability method, Kolmogorov-Smirnov Test is used on counterfactual examples. The outcomes of this research project will contribute to developing advanced anomaly detection techniques that can effectively analyse time series multivariate data collected from sensors incorporated in vehicles. Incorporating interpretability techniques will provide valuable insights into the detected anomalies, enabling better decision-making and improved trust in the deployed models. These advancements can potentially enhance anomaly detection systems across various domains, leading to more reliable and secure operations. multivariate - time series anomaly detection neural networks autoencoders interpretability counterfactuals Computer Sciences Datavetenskap (datalogi)
133	A Neural Network Based Distributed Intrusion Detection System on Cloud Platform Li, Zhe 22 August 2013 (has links) No description available. Computer Engineering Computer Science Distributed IDS Neural network Cloud security Anomaly detection
134	Unusual-Object Detection in Color Video for Wilderness Search and Rescue Thornton, Daniel Richard 20 August 2010 (has links) (PDF) Aircraft-mounted cameras have potential to greatly increase the effectiveness of wilderness search and rescue efforts by collecting photographs or video of the search area. The more data that is collected, the more difficult it becomes to process it by visual inspection alone. This work presents a method for automatically detecting unusual objects in aerial video to assist people in locating signs of missing persons in wilderness areas. The detector presented here makes use of anomaly detection methods originally designed for hyperspectral imagery. Multiple anomaly detection methods are considered, implemented, and evaluated. These anomalies are then aggregated into spatiotemporal objects by using the video's inherent spatial and temporal redundancy. The results are therefore summarized into a list of unusual objects to enhance the search technician's video review interface. In the user study reported here, unusual objects found by the detector were overlaid on the video during review. This increased participants' ability to find relevant objects in a simulated search without significantly affecting the rate of false detection. Other effects and possible ways to improve the user interface are also discussed. wilderness search and rescue anomaly detection aerial imagery user study Computer Sciences
135	Anomaly Detection in Time Series Data Based on Holt-Winters Method / Anomalidetektering i tidsseriedata baserat på Holt-Winters metod Aboode, Adam January 2018 (has links) In today's world the amount of collected data increases every day, this is a trend which is likely to continue. At the same time the potential value of the data does also increase due to the constant development and improvement of hardware and software. However, in order to gain insights, make decisions or train accurate machine learning models we want to ensure that the data we collect is of good quality. There are many definitions of data quality, in this thesis we focus on the accuracy aspect. One method which can be used to ensure accurate data is to monitor for and alert on anomalies. In this thesis we therefore suggest a method which, based on historic values, is able to detect anomalies in time series as new values arrive. The method consists of two parts, forecasting the next value in the time series using Holt-Winters method and comparing the residual to an estimated Gaussian distribution. The suggested method is evaluated in two steps. First, we evaluate the forecast accuracy for Holt-Winters method using different input sizes. In the second step we evaluate the performance of the anomaly detector when using different methods to estimate the variance of the distribution of the residuals. The results indicate that the suggested method works well most of the time for detection of point anomalies in seasonal and trending time series data. The thesis also discusses some potential next steps which are likely to further improve the performance of this method. / I dagens värld ökar mängden insamlade data för varje dag som går, detta är en trend som sannolikt kommer att fortsätta. Samtidigt ökar även det potentiella värdet av denna data tack vare ständig utveckling och förbättring utav både hårdvara och mjukvara. För att utnyttja de stora mängder insamlade data till att skapa insikter, ta beslut eller träna noggranna maskininlärningsmodeller vill vi försäkra oss om att vår data är av god kvalité. Det finns många definitioner utav datakvalité, i denna rapport fokuserar vi på noggrannhetsaspekten. En metod som kan användas för att säkerställa att data är av god kvalité är att övervaka inkommande data och larma när anomalier påträffas. Vi föreslår därför i denna rapport en metod som, baserat på historiska data, kan detektera anomalier i tidsserier när nya värden anländer. Den föreslagna metoden består utav två delar, dels att förutsäga nästa värde i tidsserien genom Holt-Winters metod samt att jämföra residualen med en estimerad normalfördelning. Vi utvärderar den föreslagna metoden i två steg. Först utvärderas noggrannheten av de, utav Holt-Winters metod, förutsagda punkterna för olika storlekar på indata. I det andra steget utvärderas prestandan av anomalidetektorn när olika metoder för att estimera variansen av residualernas distribution används. Resultaten indikerar att den föreslagna metoden i de flesta fall fungerar bra för detektering utav punktanomalier i tidsserier med en trend- och säsongskomponent. I rapporten diskuteras även möjliga åtgärder vilka sannolikt skulle förbättra prestandan hos den föreslagna metoden. data quality anomaly detection time series data Holt-Winters method Computer Sciences Datavetenskap (datalogi)
136	Session-based Intrusion Detection System To Map Anomalous Network Traffic Caulkins, Bruce 01 January 2005 (has links) Computer crime is a large problem (CSI, 2004; Kabay, 2001a; Kabay, 2001b). Security managers have a variety of tools at their disposal -- firewalls, Intrusion Detection Systems (IDSs), encryption, authentication, and other hardware and software solutions to combat computer crime. Many IDS variants exist which allow security managers and engineers to identify attack network packets primarily through the use of signature detection; i.e., the IDS recognizes attack packets due to their well-known "fingerprints" or signatures as those packets cross the network's gateway threshold. On the other hand, anomaly-based ID systems determine what is normal traffic within a network and reports abnormal traffic behavior. This paper will describe a methodology towards developing a more-robust Intrusion Detection System through the use of data-mining techniques and anomaly detection. These data-mining techniques will dynamically model what a normal network should look like and reduce the false positive and false negative alarm rates in the process. We will use classification-tree techniques to accurately predict probable attack sessions. Overall, our goal is to model network traffic into network sessions and identify those network sessions that have a high-probability of being an attack and can be labeled as a "suspect session." Subsequently, we will use these techniques inclusive of signature detection methods, as they will be used in concert with known signatures and patterns in order to present a better model for detection and protection of networks and systems. Data Mining Intrusion Detection Systems Anomaly Detection Network Modeling Categorical Data Analysis
137	Log Frequency Analysis for Anomaly Detection in Cloud Environments Bendapudi, Prathyusha January 2024 (has links) Background: Log analysis has been proven to be highly beneficial in monitoring system behaviour, detecting errors and anomalies, and predicting future trends in systems and applications. However, with continuous evolution of these systems and applications, the amount of log data generated on a timely basis is increasing rapidly. Hence, the amount of manual effort invested in log analysis for error detection and root cause analysis is also increasing. While there is continuous research to reduce manual effort, This Thesis introduced a new approach based on the temporal patternsof logs in a particular system environment, to the current scenario of automated log analysis which can help in reducing manual effort to a great extent. Objectives: The main objective of this research is to identify temporal patterns in logs using clustering algorithms, extract the outlier logs which do not adhere to any time pattern, and further analyse them to check if these outlier logs are helpful in error detection and identifying the root cause of the said errors. Methods: Design Science Research was implemented to fulfil the objectives of the thesis, as the thesis required generation of intermediary results and an iterative and responsive approach. The initial part of the thesis consisted of building an artifact which aided in identifying temporal patterns in the logs of different log types using DBSCAN clustering algorithm. After identification of patterns and extraction of outlier logs, Interviews were conducted which employed manual analysis of the outlier logs by system experts, who then provided insights on the logs and validated the log frequency analysis. Results: The results obtained after running the clustering algorithm on logs of different log types show clusters which represent temporal patterns in most of the files. There are log files which do not have any time patterns, which indicate that not all log types have logs which adhere to a fixed time pattern. The interviews conducted with system experts on the outlier logs yield promising results, indicating that the log frequency analysis is indeed helpful in reducing manual effort involved in log analysis for error detection and root cause analysis. Conclusions: The results of the Thesis show that most of the logs in the given cloud environment adhere to time frequency patterns, and analysing these patterns and their outliers will lead to easier error detection and root cause analysis in the given cloud environment. Log Analysis Log Frequency Patterns anomaly detection machine learning cloud environments Software Engineering Programvaruteknik
138	Enhancement of an Ad Reviewal Process through Interpretable Anomaly Detecting Machine Learning Models / Förbättring av en annonsgranskingsprocess genom tolkbara och avvikelsedetekterande maskinsinlärningsmodeller Dahlgren, Eric January 2022 (has links) Technological advancements made in recent decades in the fields of artificial intelligence (AI) and machine learning (ML) has lead to further automation of tasks previously performed by humans. Manually reviewing and assessing content uploaded to social media and marketplace platforms is one of said tasks that is both tedious and expensive to perform, and could possibly be automated through ML based systems. When introducing ML model predictions to a human decision making process, interpretability and explainability of models has been proven to be important factors for humans to trust in individual sample predictions. This thesis project aims to explore the performance of interpretable ML models used together with humans in an ad review process for a rental marketplace platform. Utilizing the XGBoost framework and SHAP for interpretable ML, a system was built with the ability to score an individual ad and explain the prediction with human readable sentences based on feature importance. The model reached an ROC AUC score of 0.90 and an Average Precision score of 0.64 on a held out test set. An end user survey was conducted which indicated some trust in the model and an appreciation for the local prediction explanations, but low general impact and helpfulness. While most related work focus on model performance, this thesis contributes with a smaller model usability study which can provide grounds for utilizing interpretable ML software in any manual decision making process. Interpretable Machine Learning Explainable AI Anomaly Detection Other Computer and Information Science Annan data- och informationsvetenskap
139	Anomaly Detection in Snus Manufacturing : A machine learning approach for quality assurance / Avvikelseidentifiering inom snustillverkning : En maskininlärningsttillämpning för kvalitetskontroll Duberg, Melker January 2023 (has links) The art of anomaly detection is a relevant topic for most producing companies since it allows for real-time quality assurance in production. However, previous research is lacking on the applicability of anomaly detection methods on non-synthetic image datasets. Using a dataset provided by Swedish Match consisting of 943 images of snus cans without lids, we offer an extension to a recent anomaly detection benchmark study by assessing how 29 anomaly detection algorithms perform on our non-synthetic dataset. The results showed that fully supervised methods performed the best, and that labelled data significantly improved model performance. Although the achieved results were not satisfactory in terms of AUCROC and AUCPR, there were clear indications that performance can be improved by increasing the amount of training data. The best-performing model was Logistic Regression. / Avvikelsedetektering är ett relevant ämne för de flesta aktörerna inom tillverkningsindustrin eftersom det möjliggör kvalitetssäkring i realtid i produktionskedjor. I tidigare forskning har det saknats studier gjorda med verklighetstrogna, icke-syntetiska dataset. Med hjälp av ett dataset tillhandahållet av Swedish Match bestående av 943 bilder på öppna snusdosor tillför vi en vetenskaplig påbyggnad till en nyligen publicerad jämförelsestudie inom avvikelsedetektering. Detta genom att träna och utvärdera 29 avvikelsedetekteringsmodeller på vårt icke-syntetiska dataset. Resultaten visade att fully supervised-modellerna presterade bäst, och att klassificerad träningsdata ökar prestandan. Trots att modellerna generellt uppnådde låg AUCPR och AUCROC finns det tydliga indikationer på att detta är uppnåbart genom att utöka träningsdatamängden. Den bäst presterande modellen var Logistic Regression. Anomaly Detection Machine Learning Anomaly Detection Machine Learning Computer and Information Sciences Data- och informationsvetenskap
140	Unsupervised Online Anomaly Detection in Multivariate Time-Series / Oövervakad online-avvikelsedetektering i flerdimensionella tidsserier Segerholm, Ludvig January 2023 (has links) This research aims to identify a method for unsupervised online anomaly detection in multivariate time series in dynamic systems in general and on the case study of Devwards IoT-system in particular. A requirement of the solution is its explainability, online learning and low computational expense. A comprehensive literature review was conducted, leading to the experimentation and analysis of various anomaly detection approaches. Of the methods evaluated, a singular recurrent neural network autoencoder emerged as the most promising, emphasizing a simple model structure that encourages stable performance with consistent outputs, regardless of the average output. While other approaches such as Hierarchical Temporal Memory models and an ensemble strategy of adaptive model pooling yielded suboptimal results. A modified version of the Residual Explainer method for enhancing explainability in autoencoders for online scenarios showed promising outcomes. The use of Mahalanobis distance for anomaly detection was explored. Feature extraction and it's implications in the context of the proposed approach is explored. Conclusively, a single, streamlined recurrent neural network appears to be the superior approach for this application, though further investigation into online learning methods is warranted. The research contributes results into the field of unsupervised online anomaly detection in multivariate time series and contributes to the Residual Explainer method for online autoencoders. Additionally, it offers data on the ineffectiveness of the Mahalanobis distance in an online anomaly detection environment. unsupervised online anomaly detection explainable ai machine learning mahalanobis distance Computer Sciences Datavetenskap (datalogi)

Search results