DCLAD: DISTRIBUTED CLUSTER BASED LOCALIZATION ANOMALY DETECTION IN WIRELESS SENSOR NETWORKS USING SINGLE MOBILE BEACON

PALADUGU, KARTHIKA

January 2007

No description available.

Localization Anomaly Detection

Wireless Sensor Networks

Single Mobile Beacon

Two new approaches in anomaly detection with field data from bridges both in construction and service stages

Zhang, Fan

12 October 2015

No description available.

Engineering

Structural health monitoring

anomaly detection

bridge in construction

Probabilistic Model for Detecting Network Traffic Anomalies

Yellapragada, Ramani

30 June 2004

No description available.

Computer Science

Network Security

Intrusion Detection

Anomaly Detection

Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps

Sawant, Ankush

21 April 2005

No description available.

Network Security

Intrusion Detection

Self-Organizing Maps

Anomaly Detection

Extensions of Weighted Multidimensional Scaling with Statistics for Data Visualization and Process Monitoring

Kodali, Lata

04 September 2020

This dissertation is the compilation of two major innovations that rely on a common technique known as multidimensional scaling (MDS). MDS is a dimension-reduction method that takes high-dimensional data and creates low-dimensional versions. Project 1: Visualizations are useful when learning from high-dimensional data. However, visualizations, just as any data summary, can be misleading when they do not incorporate measures of uncertainty; e.g., uncertainty from the data or the dimension reduction algorithm used to create the visual display. We incorporate uncertainty into visualizations created by a weighted version of MDS called WMDS. Uncertainty exists in these visualizations on the variable weights, the coordinates of the display, and the fit of WMDS. We quantify these uncertainties using Bayesian models in a method we call Informative Probabilistic WMDS (IP-WMDS). Visually, we display estimated uncertainty in the form of color and ellipses, and practically, these uncertainties reflect trust in WMDS. Our results show that these displays of uncertainty highlight different aspects of the visualization, which can help inform analysts. Project 2: Analysis of network data has emerged as an active research area in statistics. Much of the focus of ongoing research has been on static networks that represent a single snapshot or aggregated historical data unchanging over time. However, most networks result from temporally-evolving systems that exhibit intrinsic dynamic behavior. Monitoring such temporally-varying networks to detect anomalous changes has applications in both social and physical sciences. In this work, we simulate data from models that rely on MDS, and we perform an evaluation study of the use of summary statistics for anomaly detection by incorporating principles from statistical process monitoring. In contrast to most previous studies, we deliberately incorporate temporal auto-correlation in our study. Other considerations in our comprehensive assessment include types and duration of anomaly, model type, and sparsity in temporally-evolving networks. We conclude that the use of summary statistics can be valuable tools for network monitoring and often perform better than more involved techniques. / Doctor of Philosophy / In this work, two main ideas in data visualization and anomaly detection in dynamic networks are further explored. For both ideas, a connecting theme is extensions of a method called Multidimensional Scaling (MDS). MDS is a dimension-reduction method that takes high-dimensional data (all $p$ dimensions) and creates a low-dimensional projection of the data. That is, relationships in a dataset with presumably a large number of dimensions or variables can be summarized into a lower number of, e.g., two, dimensions. For a given data, an analyst could use a scatterplot to observe the relationship between 2 variables initially. Then, by coloring points, changing the size of the points, or using different shapes for the points, perhaps another 3 to 4 more variables (in total around 7 variables) may be shown in the scatterplot. An advantage of MDS (or any dimension-reduction technique) is that relationships among the data can be viewed easily in a scatterplot regardless of the number of variables in the data. The interpretation of any MDS plot is that observations that are close together are relatively more similar than observations that are farther apart, i.e., proximity in the scatterplot indicates relative similarity. In the first project, we use a weighted version of MDS called Weighted Multidimensional Scaling (WMDS) where weights, which indicate a sense of importance, are placed on the variables of the data. The problem with any WMDS plot is that inaccuracies of the method are not included in the plot. For example, is an observation that appears to be an outlier, really an outlier? An analyst cannot confirm this without further context. Thus, we created a model to calculate, visualize, and interpret such inaccuracy or uncertainty in WMDS plots. Such modeling efforts help analysts facilitate exploratory data analysis. In the second project, the theme of MDS is extended to an application with dynamic networks. Dynamic networks are multiple snapshots of pairwise interactions (represented as edges) among a set of nodes (observations). Over time, changes may appear in some of the snapshots. We aim to detect such changes using a process monitoring approach on dynamic networks. Statistical monitoring approaches determine thresholds for in-control or expected behavior that are calculated from data with no signal. Then, the in-control thresholds are used to monitor newly collected data. We applied this approach on dynamic network data, and we utilized a detailed simulation study to better understand the performance of such monitoring. For the simulation study, data are generated from dynamic network models that use MDS. We found that monitoring summary statistics of the network were quite effective on data generated from these models. Thus, simple tools may be used as a first step to anomaly detection in dynamic networks.

Uncertainty

Bayesian

Multidimensional Scaling

Visualizations

Anomaly Detection

Dynamic Networks

ANOMALY DETECTION AND EXPLAINABLE AI FOR ENHANCED SECURITY IN AUTONOMOUS VEHICLE NETWORKS

Sazid Nazat (20383050)

09 December 2024

<p dir="ltr">The rapid advancement of autonomous vehicles (AVs) introduces complex cybersecurity challenges within Vehicular Ad-hoc Networks (VANETs). Despite the adoption of Artificial Intelligence (AI) for anomaly detection, a critical gap remains in both the explainability of AI models and the robustness of VANET frameworks against cyber intrusions, which limits trust, transparency, and resilience. This thesis addresses these gaps by proposing a multi-faceted, end-to-end explainable AI (XAI) framework alongside innovative security mechanisms to safeguard AV networks from potential attackers. In the initial chapter, we present an XAI framework that applies novel feature selection methods based on Shapley Additive Explanations (SHAP) to improve transparency in anomaly detection for AVs. The framework integrates global and local XAI approaches, offering interpretability across six black-box models and demonstrating superior performance over state-of-the-art feature selection techniques. The framework’s efficacy is validated through application to two AV datasets, showcasing improvements in both efficiency and generalizability. The second chapter builds upon this by systematically evaluating the effectiveness of XAI methods—namely SHAP and Local Interpretable Model-agnostic Explanations (LIME)— across multiple metrics. Through a rigorous benchmarking process on two autonomous driving datasets, this chapter highlights the strengths and limitations of each XAI technique, offering a foundational framework for transparency in AV cybersecurity and encouraging further research through publicly available resources. In the third chapter, we explore a security framework for platoon-based AV networks, addressing the need for secure and efficient highway usage. This framework introduces a two-phase anomaly detection system, incorporating an authenticity scoring mechanism and an LSTM-based roadside unit (RSU) for network-wide monitoring. Enhanced by group-based signatures and dynamic channel-switching, this approach defends against man-in-the-middle (MITM) and denial-of-service (DoS) attacks, demonstrating resilience through extensive simulation results. The final chapter examines the security of decentralized, Directed Acyclic Graph (DAG) based AV networks, which, while promising for scalability, are susceptible to unique cyber threats. We propose and evaluate four targeted attack scenarios alongside corresponding defense strategies across five DAG structures. This analysis reveals the resilience of different DAG configurations under attack, advancing the understanding of structural cybersecurity for decentralized AV networks. In summary, this thesis develops comprehensive frameworks and methodologies to enhance the security and interpretability of AV networks, bridging critical gaps in XAI and cybersecurity for anomaly detection and intrusion defense in AV environments.</p>

Intelligent mobility

Anomaly detection (Computer security)

explainable ai models

Detecting Anomalies in Dynamic Attributed Graphs: An Unsupervised Learning Approach

Hamilton, Austin

01 December 2024

Dynamic attributed graphs, which evolve over time and hold node-specific attributes, are essential in fields like social network analysis, where anomalous node detection is a growing area. Vehicular social networks (VSNs), a subset of these graphs, are ad hoc networks in which vehicles exchange data with one another and with infrastructure. In this dynamic context, identifying anomalous nodes is challenging but crucial for maintaining trust within the network. This work presents an unsupervised deep learning approach for anomalous node detection in VSNs. This model achieved an accuracy of 71% while detecting synthetic anomalies in a simulated network based on real-world data. This approach demonstrates the potential of unsupervised methods for reliable anomaly detection in scenarios where traditional classification proves difficult or impractical.

Deep Learning

Anomaly Detection

Dynamic Attributed Graph

Artificial Intelligence and Robotics

The Cauchy-Net Mixture Model for Clustering with Anomalous Data

Slifko, Matthew D.

11 September 2019

We live in the data explosion era. The unprecedented amount of data offers a potential wealth of knowledge but also brings about concerns regarding ethical collection and usage. Mistakes stemming from anomalous data have the potential for severe, real-world consequences, such as when building prediction models for housing prices. To combat anomalies, we develop the Cauchy-Net Mixture Model (CNMM). The CNMM is a flexible Bayesian nonparametric tool that employs a mixture between a Dirichlet Process Mixture Model (DPMM) and a Cauchy distributed component, which we call the Cauchy-Net (CN). Each portion of the model offers benefits, as the DPMM eliminates the limitation of requiring a fixed number of a components and the CN captures observations that do not belong to the well-defined components by leveraging its heavy tails. Through isolating the anomalous observations in a single component, we simultaneously identify the observations in the net as warranting further inspection and prevent them from interfering with the formation of the remaining components. The result is a framework that allows for simultaneously clustering observations and making predictions in the face of the anomalous data. We demonstrate the usefulness of the CNMM in a variety of experimental situations and apply the model for predicting housing prices in Fairfax County, Virginia. / Doctor of Philosophy / We live in the data explosion era. The unprecedented amount of data offers a potential wealth of knowledge but also brings about concerns regarding ethical collection and usage. Mistakes stemming from anomalous data have the potential for severe, real-world consequences, such as when building prediction models for housing prices. To combat anomalies, we develop the Cauchy-Net Mixture Model (CNMM). The CNMM is a flexible tool for identifying and isolating the anomalies, while simultaneously discovering cluster structure and making predictions among the nonanomalous observations. The result is a framework that allows for simultaneously clustering and predicting in the face of the anomalous data. We demonstrate the usefulness of the CNMM in a variety of experimental situations and apply the model for predicting housing prices in Fairfax County, Virginia.

Bayesian Nonparametrics

Dirichlet Process Mixture Model

Clustering

Anomaly Detection

Characterization of Laminated Magnetoelectric Vector Magnetometers to Assess Feasibility for Multi-Axis Gradiometer Configurations

Berry, David

29 December 2010

Wide arrays of applications exist for sensing systems capable of magnetic field detection. A broad range of sensors are already used in this capacity, but future sensors need to increase sensitivity while remaining economical. A promising sensor system to meet these requirements is that of magnetoelectric (ME) laminates. ME sensors produce an electric field when a magnetic field is applied. While this ME effect exists to a limited degree in single phase materials, it is more easily achieved by laminating a magnetostrictive material, which deforms when exposed to a magnetic field, to a piezoelectric material. The transfer of strain from the magnetostrictive material to the piezoelectric material results in an electric field proportional to the induced magnetic field. Other fabrication techniques may impart the directionality needed to classify the ME sensor as a vector magnetometer. ME laminate sensors are more affordable to fabricate than competing vector magnetometers and with recent increases in sensitivity, have potential for use in arrays and gradiometer configurations. However, little is known about their total field detection, the effects of multiple sensors in close proximity and the signal processing needed for target localization. The goal for this project is to closely examine the single axis ME sensor response in different orientations with a moving magnetic dipole to assess the field detection capabilities. Multiple sensors were tested together to determine if the response characteristics are altered by the DC magnetic bias of ME sensors in close proximity. And finally, the ME sensor characteristics were compared to alternate vector magnetometers. / Master of Science

localization

magnetic anomaly detection

magnetoelectric laminates

vector magnetometer

Program Anomaly Detection Against Data-Oriented Attacks

Cheng, Long

29 August 2018

Memory-corruption vulnerability is one of the most common attack vectors used to compromise computer systems. Such vulnerabilities could lead to serious security problems and would remain an unsolved problem for a long time. Existing memory corruption attacks can be broadly classified into two categories: i) control-flow attacks and ii) data-oriented attacks. Though data-oriented attacks are known for a long time, the threats have not been adequately addressed due to the fact that most previous defense mechanisms focus on preventing control-flow exploits. As launching a control-flow attack becomes increasingly difficult due to many deployed defenses against control-flow hijacking, data-oriented attacks are considered an appealing attack technique for system compromise, including the emerging embedded control systems. To counter data-oriented attacks, mitigation techniques such as memory safety enforcement and data randomization can be applied in different stages over the course of an attack. However, attacks are still possible because currently deployed defenses can be bypassed. This dissertation explores the possibility of defeating data-oriented attacks through external monitoring using program anomaly detection techniques. I start with a systematization of current knowledge about exploitation techniques of data-oriented attacks and the applicable defense mechanisms. Then, I address three research problems in program anomaly detection against data-oriented attacks. First, I address the problem of securing control programs in Cyber-Physical Systems (CPS) against data-oriented attacks. I describe a new security methodology that leverages the event-driven nature in characterizing CPS control program behaviors. By enforcing runtime cyber-physical execution semantics, our method detects data-oriented exploits when physical events are inconsistent with the runtime program behaviors. Second, I present a statistical program behavior modeling framework for frequency anomaly detection, where frequency anomaly is the direct consequence of many non-control-data attacks. Specifically, I describe two statistical program behavior models, sFSA and sCFT, at different granularities. Our method combines the local and long-range models to improve the robustness against data-oriented attacks and significantly increase the difficulties that an attack bypasses the anomaly detection system. Third, I focus on defending against data-oriented programming (DOP) attacks using Intel Processor Trace (PT). DOP is a recently proposed advanced technique to construct expressive non-control data exploits. I first demystify the DOP exploitation technique and show its complexity and rich expressiveness. Then, I design and implement the DeDOP anomaly detection system, and demonstrate its detection capability against the real-world ProFTPd DOP attack. / Ph. D. / Memory-corruption vulnerability is one of the most common attack vectors used to compromise computer systems. Such vulnerabilities could lead to serious security problems and would remain an unsolved problem for a long time. This is because low-level memory-unsafe languages (e.g., C/C++) are still in use today for interoperability and speed performance purposes, and remain common sources of security vulnerabilities. Existing memory corruption attacks can be broadly classified into two categories: i) control-flow attacks that corrupt control data (e.g., return address or code pointer) in the memory space to divert the program’s control-flow; and ii) data-oriented attacks that target at manipulating non-control data to alter a program’s benign behaviors without violating its control-flow integrity. Though data-oriented attacks are known for a long time, the threats have not been adequately addressed due to the fact that most previous defense mechanisms focus on preventing control-flow exploits. As launching a control-flow attack becomes increasingly difficult due to many deployed defenses against control-flow hijacking, data-oriented attacks are considered an appealing attack technique for system compromise, including the emerging embedded control systems. To counter data-oriented attacks, mitigation techniques such as memory safety enforcement and data randomization can be applied in different stages over the course of an attack. However, attacks are still possible because currently deployed defenses can be bypassed. This dissertation explores the possibility of defeating data-oriented attacks through external monitoring using program anomaly detection techniques. I start with a systematization of current knowledge about exploitation techniques of data-oriented attacks and the applicable defense mechanisms. Then, I address three research problems in program anomaly detection against data-oriented attacks. First, I address the problem of securing control programs in Cyber-Physical Systems (CPS) against data-oriented attacks. The key idea is to detect subtle data-oriented exploits in CPS when physical events are inconsistent with the runtime program behaviors. Second, I present a statistical program behavior modeling framework for frequency anomaly detection, where frequency anomaly is often consequences of many non-control-data attacks. Our method combines the local and long-range models to improve the robustness against data-oriented attacks and significantly increase the difficulties that an attack bypasses the anomaly detection system. Third, I focus on defending against data-oriented programming (DOP) attacks using Intel Processor Trace (PT). I design and implement the DEDOP anomaly detection system, and demonstrate its detection capability against the real-world DOP attack.

Program Anomaly Detection

Data-Oriented Attacks

Cyber-Physical Systems