Sewer systems management : illicit intrusion identification and optimal sensor placement / Management des réseaux d’assainissement : identification des pollutions ponctuelles et optimisation du placement de capteurs

Banik, Bijit Kumar

17 December 2015

La gestion incorrecte des eaux usées peut entraîner des dommages importants sur les stations de traitement et sur le récepteur final (écosystème aquatique). Dans le passé, la gestion des eaux usées n'a pas retenu beaucoup d'attention de la part des différentes parties prenantes. Toutefois, récemment, le changement de modèle de gestion des eaux usées et des eaux pluviales, a évolué du simple contrôle sanitaire et des inondations, à une protection globale de l'environnement. Un aspect très important, dans la politique de gestion des systèmes d'assainissement, est de détecter et d'éliminer une intrusion illicite, qui peut être intentionnelle. Ce travail thèse de doctorat est constitué de deux parties principales. Dans la première partie les problèmes relatifs à l'identification d'une intrusion illicite dans un système d'assainissement ont été abordés, proposant une méthodologie d'identification de la source (IS). Dans la deuxième partie, différentes méthodologies innovantes ont été proposées pour trouver l'emplacement optimal d'un nombre limité de capteurs dans le système d'assainissement. Dans cette thèse, le ISest résolu grâce à un modèle de simulation-optimisation, combinant l'outil de simulation Storm Water Management Model (SWMM) avec un code d'optimisation basé sur un algorithme génétique (Galib). Ceci nécessite des mesures en ligne de certains capteurs placés sur le réseau. Le SWMM ne possède pas l'outil de programmation. Afin d'intégrer le simulateur SWMM à la méthodologie de IS automatisé proposée, un outil ad-hoc a été développé. Une procédure de présélection, basée sur le concept de la matrice de la pollution et compte tenu de la topologie des égouts, a été mis en œuvre pour réduire l'effort de calcul. La méthodologie IS a été testée sur deux réseaux différents. L'un est un réseau connu dans la littérature, extrait du manuel de SWMM, tandis que l'autre réseau est un sous-bassin versant du réseau d'assainissement de Massa Lubrense, village situé près de Naples, en Italie. Les résultats montrent que les procédures de présélection réduisent considérablement l'effort de calcul, avec un rôle crucial pour les grands systèmes. En enquêtant sur la performance de la méthodologie IS, sa sensibilité par rapport aux paramètres de l'algorithme génétique a été vérifiée. En outre, l'influence de l'incertitude des flux entrés et des erreurs de mesure sur les résultats ont été approfondi. Un autre problème fondamental, associé à la surveillance de la qualité de l'eau des égouts, est le placement optimal d'un nombre limité de capteurs pour la détection précoce d'une source illicite. Dans la thèse l'emplacement du capteur est exprimé avec un problème d'optimisation mono ou multi-objectif. Le SWMM est utilisé pour extraire les données de qualité de l'eau. Différentes formulations ont été proposées et testées. Tout d'abord, la Théorie de l'Information (TI) basée sur la méthodologie d'optimisation multi-objectif est présentée. La TI considère deux objectifs : l'entropie conjointe, le contenu de l'information dans un ensemble de capteurs, qui est maintenu aussi haut que possible ; la corrélation totale, une mesure de la redondance, qui est maintenue aussi faible que possible. Dans la seconde approche multi-objectifs le temps de détection doit être minimisé et la fiabilité qui doit être maximisée. Les deux cas, les problèmes multi-objectifs sont résolues en utilisant l'algorithme Non-Dominating Sorting Genetic Algorithm-II (NSGA-II). Comme troisième alternative, un outil d'optimisation mono-objectif (Greedy) a été testé. Les objectifs précédemment considérées sont utilisés avec différentes combinaisons. Le réseau d'assainissement de Massa Lubrense a été utilisé pour tester les performances des différentes procédures proposées. Une comparaison normalisée entre toutes les approches montre que l'approche basée sur Greedy pourrait être une alternative pratique pour l'optimisation des emplacements de capteurs dans les systèmes d'assainissement / Improper wastewater management could result in significant damage to the treatment plants and the final recipient aquatic ecosystem. In the past, wastewater management did not get much attention from different stakeholders. However, recently a paradigm shift of wastewater and storm water management is evolving from a simple sanitary and flood control, respectively, to a whole environmental protection function. A very important aspect of the sewer systems management policy is to detect and eliminate an illicit intrusion. This PhD research is consisting of two main pillars. In the first pillar, the issues regarding the identification of an illicit intrusion in a sewer system have been addressed, proposing a source identification (SI) methodology. In the second pillar, different innovative methodologies have been proposed to find the optimal placement of a limited number of sensors in the sewer system. In the thesis, the SI is solved through a simulation-optimization model, combining the hydraulic and quality simulation tool Storm Water Management Model (SWMM) with a genetic algorithm code (GALib) as an optimizer. It requires online measurements from some sensors placed on the network. The SWMM does not have the programmer's toolkit. To integrate the SWMM simulator with the proposed automated SI methodology, an ad-hoc toolkit has been developed. A pre-screening procedure, based on the pollution matrix concept and considering the topology of sewers, has been implemented to reduce the computational effort. The SI methodology has been tested on two different networks. One is a literature network taken from the SWMM example manual while the other is one sub-catchment of the real sewer network of Massa Lubrense, a town located near Naples, Italy. The results show that the pre-screening procedure reduces the computational effort significantly, and it has a crucial role in large systems. In investigating the performances of the SI methodology, its sensitivity respect to the genetic algorithm parameters has been verified. Moreover, the influence of the uncertainty of the inflows values and the measurement errors on the results have been investigated. Another core problem associated with the water quality monitoring of sewers is represented by the optimal placement of a limited number of sensors for the early detection of an illicit source. In the thesis, the sensor location is expressed as a single or multi-objective optimization problem and the SWMM is used to extract the water quality data. Different formulations have been proposed and tested. First, an Information Theory (IT) based multi-objective optimization methodology is presented. The IT approach considers two objectives: the Joint entropy, the information content of a set of sensors, which is kept as high as possible; the Total correlation, a measure of redundancy, which is kept as low as possible. In the second multi-objective approach Detection time, to be minimized, and Reliability, to be maximized, are considered. In both cases, the multi-objective problems are solved using the Non-Dominating Sorting Genetic Algorithm-II (NSGA-II). As a third alternative, a single objective Greedy based optimization tool has been tested. The previously considered objectives are also used with different combinations. The Massa Lubrense sewer network is used to test the performances of various proposed procedures. A normalized comparison among all approaches shows that the Greedy based approach could be a handy alternative for optimizing the sensor locations in sewer systems

Gestion

Swmm5

Optimisation

Intrusion illicite

Placement de capteur

Sewer

Swmm5

Optimization

Illicit intrusion

Sensor placement

Návrh zabezpečení průmyslového řídícího systému / Industrial control system security design

Strnad, Matěj

January 2019

The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.

Securing Connected and Automated Surveillance Systems Against Network Intrusions and Adversarial Attacks

Siddiqui, Abdul Jabbar

30 June 2021

In the recent years, connected surveillance systems have been witnessing an unprecedented evolution owing to the advancements in internet of things and deep learning technologies. However, vulnerabilities to various kinds of attacks both at the cyber network-level and at the physical worldlevel are also rising. This poses danger not only to the devices but also to human life and property. The goal of this thesis is to enhance the security of an internet of things, focusing on connected video-based surveillance systems, by proposing multiple novel solutions to address security issues at the cyber network-level and to defend such systems at the physical world-level. In order to enhance security at the cyber network-level, this thesis designs and develops solutions to detect network intrusions in an internet of things such as surveillance cameras. The first solution is a novel method for network flow features transformation, named TempoCode. It introduces a temporal codebook-based encoding of flow features based on capturing the key patterns of benign traffic in a learnt temporal codebook. The second solution takes an unsupervised learning-based approach and proposes four methods to build efficient and adaptive ensembles of neural networks-based autoencoders for intrusion detection in internet of things such as surveillance cameras. To address the physical world-level attacks, this thesis studies, for the first time to the best of our knowledge, adversarial patches-based attacks against a convolutional neural network (CNN)- based surveillance system designed for vehicle make and model recognition (VMMR). The connected video-based surveillance systems that are based on deep learning models such as CNNs are highly vulnerable to adversarial machine learning-based attacks that could trick and fool the surveillance systems. In addition, this thesis proposes and evaluates a lightweight defense solution called SIHFR to mitigate the impact of such adversarial-patches on CNN-based VMMR systems, leveraging the symmetry in vehicles’ face images. The experimental evaluations on recent realistic intrusion detection datasets prove the effectiveness of the developed solutions, in comparison to state-of-the-art, in detecting intrusions of various types and for different devices. Moreover, using a real-world surveillance dataset, we demonstrate the effectiveness of the SIHFR defense method which does not require re-training of the target VMMR model and adds only a minimal overhead. The solutions designed and developed in this thesis shall pave the way forward for future studies to develop efficient intrusion detection systems and adversarial attacks mitigation methods for connected surveillance systems such as VMMR.

Network intrusion detection

Unsupervised intrusion detection

Automated surveillance

Adversarial machine learning

Building Secure Systems using Mobile Agents

Shibli, Muhammad Awais

January 2006

The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management.

Mobile Agents

Intrusion Detection

Intrusion Response

Security Management

Computer and Information Sciences

Data- och informationsvetenskap

Network Intrusion Detection: Monitoring, Simulation And Visualization

Zhou, Mian

01 January 2005

This dissertation presents our work on network intrusion detection and intrusion sim- ulation. The work in intrusion detection consists of two different network anomaly-based approaches. The work in intrusion simulation introduces a model using explicit traffic gen- eration for the packet level traffic simulation. The process of anomaly detection is to first build profiles for the normal network activity and then mark any events or activities that deviate from the normal profiles as suspicious. Based on the different schemes of creating the normal activity profiles, we introduce two approaches for intrusion detection. The first one is a frequency-based approach which creates a normal frequency profile based on the periodical patterns existed in the time-series formed by the traffic. It aims at those attacks that are conducted by running pre-written scripts, which automate the process of attempting connections to various ports or sending packets with fabricated payloads, etc. The second approach builds the normal profile based on variations of connection-based behavior of each single computer. The deviations resulted from each individual computer are carried out by a weight assignment scheme and further used to build a weighted link graph representing the overall traffic abnormalities. The functionality of this system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. It provides a finer control over the internal network by focusing on connection-based behavior of each single computer. For network intrusion simulation, we explore an alternative method for network traffic simulation using explicit traffic generation. In particular, we build a model to replay the standard DARPA traffic data or the traffic data captured from a real environment. The replayed traffic data is mixed with the attacks, such as DOS and Probe attack, which can create apparent abnormal traffic flow patterns. With the explicit traffic generation, every packet that has ever been sent by the victim and attacker is formed in the simulation model and travels around strictly following the criteria of time and path that extracted from the real scenario. Thus, the model provides a promising aid in the study of intrusion detection techniques.

Network intrusion detection

intrusion simulation

anomaly

frequency

behavior-based

Computer Sciences

Engineering

Explainable Intrusion Detection Systems using white box techniques

Ables, Jesse

08 December 2023

Artificial Intelligence (AI) has found increasing application in various domains, revolutionizing problem-solving and data analysis. However, in decision-sensitive areas like Intrusion Detection Systems (IDS), trust and reliability are vital, posing challenges for traditional black box AI systems. These black box IDS, while accurate, lack transparency, making it difficult to understand the reasons behind their decisions. This dissertation explores the concept of eXplainable Intrusion Detection Systems (X-IDS), addressing the issue of trust in X-IDS. It explores the limitations of common black box IDS and the complexities of explainability methods, leading to the fundamental question of trusting explanations generated by black box explainer modules. To address these challenges, this dissertation presents the concept of white box explanations, which are innately explainable. While white box algorithms are typically simpler and more interpretable, they often sacrifice accuracy. However, this work utilized white box Competitive Learning (CL), which can achieve competitive accuracy in comparison to black box IDS. We introduce Rule Extraction (RE) as another white box technique that can be applied to explain black box IDS. It involves training decision trees on the inputs, weights, and outputs of black box models, resulting in human-readable rulesets that serve as global model explanations. These white box techniques offer the benefits of accuracy and trustworthiness, which are challenging to achieve simultaneously. This work aims to address gaps in the existing literature, including the need for highly accurate white box IDS, a methodology for understanding explanations, small testing datasets, and comparisons between white box and black box models. To achieve these goals, the study employs CL and eclectic RE algorithms. CL models offer innate explainability and high accuracy in IDS applications, while eclectic RE enhances trustworthiness. The contributions of this dissertation include a novel X-IDS architecture featuring Self-Organizing Map (SOM) models that adhere to DARPA’s guidelines for explainable systems, an extended X-IDS architecture incorporating three CL-based algorithms, and a hybrid X-IDS architecture combining a Deep Neural Network (DNN) predictor with a white box eclectic RE explainer. These architectures create more explainable, trustworthy, and accurate X-IDS systems, paving the way for enhanced AI solutions in decision-sensitive domains.

Intrusion Detection

Artificial Intelligence

Explainable Artificial Intelligence

Explainabile Intrusion Detection Systems

Competitive Learning

Rule Extraction

Immune Based Event-Incident Model for Intrusion Detection Systems: A Nature Inspired Approach to Secure Computing

Vasudevan, Swetha

26 June 2007

No description available.

Computer Science

Intrusion Detection Systems

Immune System

Immune Detectors

Intrusion Detection Squad

Multi-Agent System

RSU-Based Intrusion Detection and Autonomous Intersection Response Systems

Yurkovich, Peter Joseph

10 March 2022

Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such, it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) located on Roadside Units (RSU) was developed to detect misbehavior nodes. This model maintains a 98%-100% accuracy while reducing system overhead by removing the need for edge or cloud computing. A resilient Intrusion Response System (IRS) for a autonomous intersection was developed to protect again sybil attacks. The IRS utilizes adaptive switching between several intersection types to reduce delay by up to 78% compared to intersections without these defenses. / Master of Science / Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) was created to detect vehicles misbehaving or conducting cyberattacks. The IDS is installed on off-road computers, called Roadside Units (RSU) which prevents the need for a separate server to be created to hold the IDS. The IDS is able to identify misbehavior and attacks at a 98% to 100% accuracy. An autonomous intersection is an intersection where all directions for driving through the intersection are transmitted through wireless communication. A Intrusion Response System (IRS) was developed for an autonomous intersection, to defend against vehicles making multiple reservation requests to pass through the intersection. The IRS reduces vehicle delay through the intersection by 78% compared to an intersection without defenses.

Vehicle ad hoc Network

Intrusion Detection System

Autonomous Intersection

Intrusion Response System

A Low-Complexity Intrusion Detection Algorithm For Surveillance Using PIR Sensors In A Wireless Sensor Network

Sajana, Abu R

05 1900

A Wireless Sensor Network (WSN) is a dense network of autonomous devices (or motes) with sensors that cooperatively monitor some physical or environmental conditions. These devices are resource constrained -limited memory, power and computational resources. Thus, any algorithm developed for WSN should be deigned such that the algorithm consumes the resources as minimal as possible. The problem addressed in this thesis is developing a low-complexity algorithm for intrusion detection in the presence of clutter arising from moving vegetation, using Passive Infra-Red (PIR) sensors. The algorithm is based on a combination of Haar Transform (HT) and Support-Vector-Machine (SVM) based training. The spectral signature of the waveforms is used to separate between the intruder and clutter waveforms. The spectral signature is computed using HT and this is fed to SVM which returns an optimal hyperplane that separates the intruder and clutter signatures. This hyperplane obtained by offline training is used online in the mote for surveillance. The algorithm is field-tested in the Indian Institute of Science campus. Based on experimental observations about the PIR sensor and the lens system, an analytical model for the waveform generated by an intruder moving along a straight line with uniform velocity in the vicinity of the sensor is developed. Analysis on how this model can be exploited to track the intruder path by optimally positioning multiple sensor nodes is provided. Algorithm for tracking the intruder path using features of the waveform from three sensors mounted on a single mote is also developed.

Wireless Sensor Networks

Algorithms

Intrusion Detection

Passive Infra-Red Sensors

PIR Sensors

Wireless Networks

Sensors

Intrusion Detection Algorithm

Intrusion Signature

Clutter Signature

WSN

Communication Engineering

Model-Based Autonomic Security Management of Networked Distributed Systems

Chen, Qian

13 December 2014

This research focuses on the development and validation of an autonomic security management (ASM) framework to proactively protect distributed systems (DSs) from a wide range of cyber assaults with little or no human intervention. Multi-dimensional cyber attack taxonomy was developed to characterize cyber attack methods and tactics against both a Web application (Web-app) and an industrial control system (ICS) by accounting for their impacts on a set of system, network, and security features. Based on this taxonomy, a normal region of system performance is constructed, refined, and used to predict and identify abnormal system behavior with the help of forecasting modules and intrusion detection systems (IDS). Protection mechanisms are evaluated and implemented by a multi-criteria analysis controller (MAC) for their efficiency in eliminating and/or mitigating attacks, maintaining normal services, and minimizing operational costs and impacts. Causes and impacts of unknown attacks are first investigated by an ASM framework learning module. Attack signatures are then captured to update IDS detection algorithms and MAC protection mechanisms in near real-time. The ASM approach was validated within Web-app and ICS testbeds demonstrating the effectiveness of the self-protection capability. Experiments were conducted using realworld cyber attack tools and profiles. Experimental results show that DS security behavior is predicted, detected, and eliminated thus validating our original hypothesis concerning the self-protection core capability. One important benefit from the self-protection feature is the cost-effective elimination of malicious requests before they impede, intrude or compromise victim systems. The ASM framework can also be used as a decision support system. This feature is important especially when unknown attack signatures are ambiguous or when responses selected automatically are not efficient or are too risky to mitigate attacks. In this scenario, man-in-the-loop decisions are necessary to provide manual countermeasures and recovery operations. The ASM framework is resilient because its main modules are installed on a master controller virtual machine (MC-VM). This MC-VM is simple to use and configure for various platforms. The MC-VM is protected; thus, even if the internal network is compromised, the MC-VM can still maintain “normal” self-protection services thereby defending the host system from cyber attack on-thely.

Intrusion Mitigation and Response System

Self-Protection

Autonomic Computing

Intrusion Detection/Protection System

Network Forensics

Cyber Attack Taxonomy

Cyber Security

Intrusion Estimation

Security Model-based Validation