Global ETD Search

291	Detekce anomálií v síťovém provozu / Network Anomaly Detection Bartoš, Václav January 2011 (has links) This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.
292	Ochrana datové sítě s využitím NetFlow dat / Network Protection Using NetFlow Data Hlavatý, Ivo January 2011 (has links) This document focuses on Cisco Netflow technology and its possible usage in monitoring networks and detecting network anomalies. Based on the analysis of attacks at the network and transport layer is designed an application for selected security threats which detects its presence. The implementation section provides a system for predicting network traffic and related detecting deviations from the baseline on the basis of statistical data. Use of NetFlow technolgy is demonstrated on examples where the results of other current security and monitoring techniques have failed or did not provide sufficiently good results.
293	Behaviorální analýza síťového provozu a detekce útoků (D)DoS / Behavioral Analysis of Network Traffic and (D)DoS Attack Detection Chapčák, David January 2017 (has links) The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
294	Data-Driven Anomaly and Precursor Detection in Metroplex Airspace Operations Raj Deshmukh (8704416) 17 April 2020 (has links) <div>The air traffic system is one of the most complex and safety-critical systems, which is expected to grow at an average rate of 0.9% a year -- from 51.8 million operational activities in 2018 to 62 million in 2039 -- within the National Airspace System. In such systems, it is important to identify degradations in system performance, especially in terms of safety and efficiency. Among the operations of various subsystems of the air traffic system, the arrival and departure operations in the terminal airspace require more attention because of its higher impact (about 75% incidents) on the entire system's safety, ranging from single aircraft incidents to multi-airport congestion incidents.</div><div><br></div><div>The first goal of this dissertation is to identify the air traffic system's degradations -- called anomalies -- in the multi-airport terminal airspace or metroplex airspace, by developing anomaly detection models that can separate anomalous flights from normal ones. Within the metroplex airspace, airport operational parameters such as runway configuration and coordination between proximal airports are a major driving factor in aircraft’s behaviors. As a substantial amount of data is continually recording such behaviors through sensing technologies and data collection capabilities, modern machine learning techniques provide powerful tools for the identification of anomalous flights in the metroplex airspace. The proposed algorithm ingests heterogeneous data, comprising the surveillance dataset, which represents an aircraft’s physical behaviors, and the airport operations dataset, which reflects operational procedures at airports. Typically, such aviation data is unlabeled, and thus the proposed algorithm is developed based on hierarchical unsupervised learning approaches for anomaly detection. This base algorithm has been extended to an anomaly monitoring algorithm that uses the developed anomaly detection models to detect anomalous flights within real-time streaming data.</div><div><br></div><div>A natural next-step after detecting anomalies is to determine the causes for these anomalies. This involves identifying the occurrence of precursors, which are triggers or conditions that precede an anomaly and have some operational correlation to the occurrence of the anomaly. A precursor detection algorithm is developed which learns the causes for the detected anomalies using supervised learning approaches. If detected, the precursor could be used to trigger actions to avoid the anomaly from ever occurring.</div><div><br></div><div>All proposed algorithms are demonstrated with real air traffic surveillance and operations datasets, comprising of departure and arrival operations at LaGuardia Airport, John F. Kennedy International Airport, and Newark Liberty International Airport, thereby detecting and predicting anomalies for all airborne operations in the terminal airspace within the New York metroplex. Critical insight regarding air traffic management is gained from visualizations and analysis of the results of these extensive tests, which show that the proposed algorithms have a potential to be used as decision-support tools that can aid pilots and air traffic controllers to mitigate anomalies from ever occurring, thus improving the safety and efficiency of metroplex airspace operations.</div> Aerospace Engineering Air Traffic Management precursor detection anomaly detection machine learning-based
295	Multimodal anomaly detection in discourse using speech and facial expressions / Détection d'anomalie dans le discours en utilisant la voix et les expressions faciales Fayet, Cédric 18 December 2018 (has links) Cette thèse traite de la détection multimodale des anomalies dans le discours en utilisant les expressions faciales et l'expressivité dans la voix. Ces deux modalités sont des vecteurs d’émotions, des intentions, et peuvent refléter l'état d'esprit d'un être humain. Dans ce travail, un corpus de discours contenant des anomalies induites ou actées a été construit. Il a permis de mettre à l'épreuve une chaîne de détection à base de classification semi-supervisée. GMM, One Class SVM et Isolation Forest sont quelques exemples de modèles utilisés. Cela a également permis d'étudier la contribution de chacune des modalités et leur apport conjoint sur l'efficacité de la détection. / This thesis is about multimodal anomaly detection in discourse using facial expressions ans speech expressivity. These two modalities are vectors of emotions, intentions, and can reflect the state of mind of a human being. In this work, a corpus on discourse containing some induced and acted anomalies has been built. This corpus has enabled testing a detection chain based on semi-supervised classification. GMM, One class SVM and Isolation forest are examples of models that have been used. It also has enabled to study the contribution of each modality and their joint contribution to the detection efficiency. Anomalie Expressions faciales Parole Apprentissage artificiel Anomaly Facial expressions Speech Machine learning
296	Aplicação em tempo real de técnicas de aprendizado de máquina no Snort IDS / Utimura, Luan Nunes January 2020 (has links) Orientador: Kelton Augusto Pontara da Costa / Resumo: À medida que a Internet cresce com o passar dos anos, é possível observar um aumento na quantidade de dados que trafegam nas redes de computadores do mundo todo. Em um contexto onde o volume de dados encontra-se em constante renovação, sob a perspectiva da área de Segurança de Redes de Computadores torna-se um grande desafio assegurar, em termos de eficácia e eficiência, os sistemas computacionais da atualidade. Dentre os principais mecanismos de segurança empregados nestes ambientes, destacam-se os Sistemas de Detecção de Intrusão em Rede. Muito embora a abordagem de detecção por assinatura seja suficiente no combate de ataques conhecidos nessas ferramentas, com a eventual descoberta de novas vulnerabilidades, faz-se necessário a utilização de abordagens de detecção por anomalia para amenizar o dano de ataques desconhecidos. No campo acadêmico, diversos trabalhos têm explorado o desenvolvimento de abordagens híbridas com o intuito de melhorar a acurácia dessas ferramentas, com o auxílio de técnicas de Aprendizado de Máquina. Nesta mesma linha de pesquisa, o presente trabalho propõe a aplicação destas técnicas para a detecção de intrusão em um ambiente tempo real mediante uma ferramenta popular e amplamente utilizada, o Snort. Os resultados obtidos mostram que em determinados cenários de ataque, a abordagem de detecção baseada em anomalia pode se sobressair em relação à abordagem de detecção baseada em assinatura, com destaque às técnicas AdaBoost, Florestas Aleatórias, Árvor... (Resumo completo, clicar acesso eletrônico abaixo) / Abstract: As the Internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context where data volume is constantly being renewed, from the perspective of the Network Security area it becomes a great challenge to ensure, in terms of effectiveness and efficiency, today’s computer systems. Among the main security mechanisms employed in these environments, stand out the Network Intrusion Detection Systems. Although the signature-based detection approach is sufficient to combat known attacks in these tools, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several works have explored the development of hybrid approaches in order to improve the accuracy of these tools, with the aid of Machine Learning techniques. In this same line of research, the present work proposes the application of these techniques for intrusion detection in a real time environment using a popular and widely used tool, the Snort. The obtained results shows that in certain attack scenarios, the anomaly-based detection approach may outperform the signature-based detection approach, with emphasis on the techniques AdaBoost, Random Forests, Decision Tree and Linear Support Vector Machine. / Mestre Sistemas de detecção de intrusão Aprendizado de máquina Detecção de anomalias Intrusion detection systems Machine learning Anomaly detection Snort
297	Strojové učení pro monitorování počítačových clusterů / Machine Learning in the Monitoring of Computer Clusters Adam, Martin January 2020 (has links) With the explosion of the number of distributed applications, a new dynamic server environment emerged grouping servers into clusters, whose utilization depends on the cur- rent demand for the application. Detecting and fixing erratic server behavior is paramount for providing maximal service stability and availability. Using standard techniques to de- tect such behavior is yielding sub-optimal results. We have collected a dataset of OS-level performance metrics from a cluster running a streaming distributed application and in- jected artificially created anomalies. We then selected a set of various machine learning algorithms and trained them for anomaly detection on said dataset. We evaluated the algorithms performance and proposed a system for generating notifications of possible erratic behavior, based on the analysis of the best performing algorithm. 1
298	Open Data for Anomaly Detection in Maritime Surveillance / Open Data for Anomaly Detection in Maritime Surveillance Abghari, Shahrooz, Kazemi, Samira January 2012 (has links) Context: Maritime Surveillance (MS) has received increased attention from a civilian perspective in recent years. Anomaly detection (AD) is one of the many techniques available for improving the safety and security in the MS domain. Maritime authorities utilize various confidential data sources for monitoring the maritime activities; however, a paradigm shift on the Internet has created new sources of data for MS. These newly identified data sources, which provide publicly accessible data, are the open data sources. Taking advantage of the open data sources in addition to the traditional sources of data in the AD process will increase the accuracy of the MS systems. Objectives: The goal is to investigate the potential open data as a complementary resource for AD in the MS domain. To achieve this goal, the first step is to identify the applicable open data sources for AD. Then, a framework for AD based on the integration of open and closed data sources is proposed. Finally, according to the proposed framework, an AD system with the ability of using open data sources is developed and the accuracy of the system and the validity of its results are evaluated. Methods: In order to measure the system accuracy, an experiment is performed by means of a two stage random sampling on the vessel traffic data and the number of true/false positive and negative alarms in the system is verified. To evaluate the validity of the system results, the system is used for a period of time by the subject matter experts from the Swedish Coastguard. The experts check the detected anomalies against the available data at the Coastguard in order to obtain the number of true and false alarms. Results: The experimental outcomes indicate that the accuracy of the system is 99%. In addition, the Coastguard validation results show that among the evaluated anomalies, 64.47% are true alarms, 26.32% are false and 9.21% belong to the vessels that remain unchecked due to the lack of corresponding data in the Coastguard data sources. Conclusions: This thesis concludes that using open data as a complementary resource for detecting anomalous behavior in the MS domain is not only feasible but also will improve the efficiency of the surveillance systems by increasing the accuracy and covering some unseen aspects of maritime activities. / This thesis investigated the potential open data as a complementary resource for Anomaly Detection (AD) in the Maritime Surveillance (MS) domain. A framework for AD was proposed based on the usage of open data sources along with other traditional sources of data. According to the proposed AD framework and the algorithms for implementing the expert rules, the Open Data Anomaly Detection System (ODADS) was developed. To evaluate the accuracy of the system, an experiment on the vessel traffic data was conducted and an accuracy of 99% was obtained for the system. There was a false negative case in the system results that decreased the accuracy. It was due to incorrect AIS data in a special situation that was not possible to be handled by the detection rules in the scope of this thesis. The validity of the results was investigated by the subject matter experts from the Swedish Coastguard. The validation results showed that the majority of the ODADS evaluated anomalies were true alarms. Moreover, a potential information gap in the closed data sources was observed during the validation process. Despite the high number of true alarms, the number of false alarms was also considerable that was mainly because of the inaccurate open data. This thesis provided insights into the open data as a complement to the common data sources in the MS domain and is concluded that using open data will improve the efficiency of the surveillance systems by increasing the accuracy and covering some unseen aspects of maritime activities. open data anomaly detection maritime security maritime domain awareness Computer Sciences Datavetenskap (datalogi)
299	Large scale congurable text matching for detection of log changes and anomalies Larsson, Daniel January 2019 (has links) Manually analysing logfiles is a very time consuming and error-prone effort. By developing a system to automatically analysing the logfiles it is possible to both increase the speed and accuracy of the analysis. This thesis presents a method for automatic anomaly detection in logfiles using statistical analysis and threshold based classification. The presented method uses five different threshold based approaches to identify anomalous entries within a logfile. Each of the five approaches was successful in identifying and reporting perceived anomalies within 805 logfiles provided by Sandvine, it was however not possible to do a formal evaluation of the results due to a lack of a ground truth. Anomaly Detection logging syslog bootlog threshold based classification Computer Sciences Datavetenskap (datalogi)
300	Adaptive detection of anomalies in the Saab Gripen fuel tanks using machine learning Tysk, Carl, Sundell, Jonathan January 2020 (has links) Gripen E, a fighter jet developed by Saab, has to fulfill a number of specifications and is therefore tested thoroughly. This project is about detecting anomalies in such tests and thereby improving the automation of the test data evaluation. The methodology during this project was to model the expected deviation between the measured signals and the corresponding signals from a fuel system model using machine learning methods. This methodology was applied to the mass in one of the fuel tanks. The challenge lies in the fact that the expected deviation is unknown and dependent on the operating conditions of the fuel system in the aircraft. Furthermore, two different machine learning approaches to estimate a prediction interval, within which the residual was expected to be, were tested. These were quantile regression and a variance estimation based method. The machine learning models used in this project were LSTM, Ridge Regression, Random Forest Regressor and Gradient Boosting Regressor. One of the problems encountered was imbalanced data, since different operating modes were not equally represented. Also, whether the time dependency of the signals had to be taken into account was investigated. Moreover, choosing which input signals to use for the machine learning methods had a large impact on the result. The concept appears to work well. Known anomalies were detected, and with a low degree of false alarms. The variance estimation based approach seems superior to quantile regression. For data containing anomalies, the target signal drifted away significantly outside the boundaries of the prediction interval. Such test flights were flagged for anomaly. Furthermore, the concept was also successfully verified for another fuel tank, with only minor and obvious adaptations, such as replacing the target signal with the new one. Machine Learning Anomaly detection Prediction intervals Signal processing Engineering and Technology Teknik och teknologier

Search results