Characterization of Performance Anomalies in Hadoop

Gupta, Puja Makhanlal

20 May 2015

No description available.

Computer Science

ANOMALIES IN SENSOR NETWORK DEPLOYMENTS: ANALYSIS, MODELING, AND DETECTION

Abuaitah, Giovani Rimon

20 August 2013

No description available.

Computer Engineering

Computer Science

anomaly detection

online anomaly detection

anomaly analysis

anomaly modeling

SNMiner

ABANDON

POND

sensor network deployments

wireless sensor networks

Spatio-Temporal Anomaly Detection

Das, Mahashweta

January 2009

No description available.

Computer Science

Anomaly Detection

Spatio-Temporal Mining

Anomalies of the Absorption Curve of Cosmic Rays in Lead / The Absorption of Cosmic Rays

Keech, Gerald

10 1900

This thesis contains a brief description of the apparatus, the procedure, and the results of an investigation of the absorption of cosmic rays in thin absorbers. The existence of an anomalous maximum at a thickness of 10.5 cm. of lead is reported, which is tenatively interpreted as being caused by the production of a penetrating ionizing radiation by a neutral radiation through some seemingly unknown process. / Thesis / Master of Science (MS)

anomaly

absorption curve

cosmic rays

lead

Building trustworthy machine learning systems in adversarial environments

Wang, Ning

26 May 2023

Modern AI systems, particularly with the rise of big data and deep learning in the last decade, have greatly improved our daily life and at the same time created a long list of controversies. AI systems are often subject to malicious and stealthy subversion that jeopardizes their efficacy. Many of these issues stem from the data-driven nature of machine learning. While big data and deep models significantly boost the accuracy of machine learning models, they also create opportunities for adversaries to tamper with models or extract sensitive data. Malicious data providers can compromise machine learning systems by supplying false data and intermediate computation results. Even a well-trained model can be deceived to misbehave by an adversary who provides carefully designed inputs. Furthermore, curious parties can derive sensitive information of the training data by interacting with a machine-learning model. These adversarial scenarios, known as poisoning attack, adversarial example attack, and inference attack, have demonstrated that security, privacy, and robustness have become more important than ever for AI to gain wider adoption and societal trust. To address these problems, we proposed the following solutions: (1) FLARE, which detects and mitigates stealthy poisoning attacks by leveraging latent space representations; (2) MANDA, which detects adversarial examples by utilizing evaluations from diverse sources, i.e, model-based prediction and data-based evaluation; (3) FeCo which enhances the robustness of machine learning-based network intrusion detection systems by introducing a novel representation learning method; and (4) DP-FedMeta, which preserves data privacy and improves the privacy-accuracy trade-off in machine learning systems through a novel adaptive clipping mechanism. / Doctor of Philosophy / Over the past few decades, machine learning (ML) has become increasingly popular for enhancing efficiency and effectiveness in data analytics and decision-making. Notable applications include intelligent transportation, smart healthcare, natural language generation, intrusion detection, etc. While machine learning methods are often employed for beneficial purposes, they can also be exploited for malicious intents. Well-trained language models have demonstrated generalizability deficiencies and intrinsic biases; generative ML models used for creating art have been repurposed by fraudsters to produce deepfakes; and facial recognition models trained on big data have been found to leak sensitive information about data owners. Many of these issues stem from the data-driven nature of machine learning. While big data and deep models significantly improve the accuracy of ML models, they also enable adversaries to corrupt models and infer sensitive data. This leads to various adversarial attacks, such as model poisoning during training, adversarially crafted data in testing, and data inference. It is evident that security, privacy, and robustness have become more important than ever for AI to gain wider adoption and societal trust. This research focuses on building trustworthy machine-learning systems in adversarial environments from a data perspective. It encompasses two themes: securing ML systems against security or privacy vulnerabilities (security of AI) and using ML as a tool to develop novel security solutions (AI for security). For the first theme, we studied adversarial attack detection in both the training and testing phases and proposed FLARE and MANDA to secure matching learning systems in the two phases, respectively. Additionally, we proposed a privacy-preserving learning system, dpfed, to defend against privacy inference attacks. We achieved a good trade-off between accuracy and privacy by proposing an adaptive data clipping and perturbing method. In the second theme, the research is focused on enhancing the robustness of intrusion detection systems through data representation learning.

adversarial machine learning

anomaly detection

differential privacy

Anomaly Detection for Smart Infrastructure: An Unsupervised Approach for Time Series Comparison

Gandra, Harshitha

25 January 2022

Time series anomaly detection can prove to be a very useful tool to inspect and maintain the health and quality of an infrastructure system. While tackling such a problem, the main concern lies in the imbalanced nature of the dataset. In order to mitigate this problem, this thesis proposes two unsupervised anomaly detection frameworks. The first one is an architecture which leverages the concept of matrix profile which essentially refers to a data structure containing the euclidean scores of the subsequences of two time series that is obtained through a similarity join.It is an architecture comprising of a data fusion technique coupled with using matrix profile analysis under the constraints of varied sampling rate for different time series. To this end, we have proposed a framework, through which a time series that is being evaluated for anomalies is quantitatively compared with a benchmark (anomaly-free) time series using the proposed asynchronous time series comparison that was inspired by matrix profile approach for anomaly detection on time series . In order to evaluate the efficacy of this framework, it was tested on a case study comprising of a Class I Rail road dataset. The data collection system integrated into this railway system collects data through different data acquisition channels which represent different transducers. This framework was applied to all the channels and the best performing channels were identified. The average Recall and Precision achieved on the single channel evaluation through this framework was 93.5% and 55% respectively with an error threshold of 0.04 miles or 211 feet. A limitation that was noticed in this framework was that there were some false positive predictions. In order to overcome this problem, a second framework has been proposed which incorporates the idea of extracting signature patterns in a time series also known as motifs which can be leveraged to identify anomalous patterns. This second framework proposed is a motif based framework which operates under the same constraints of a varied sampling rate. Here, a feature extraction method and a clustering method was used in the training process of a One Class Support Vector Machine (OCSVM) coupled with a Kernel Density Estimation (KDE) technique. The average Recall and Precision achieved on the same case study through this frame work was 74% and 57%. In comparison to the first, the second framework does not perform as well. There will be future efforts focused on improving this classification-based anomaly detection method / Master of Science / Time series anomaly detection refers to the identification of any outliers or deviations present in a time series data. This technique could prove to be useful to mitigate any unplanned events by facilitating early maintenance. The first method proposed involves comparing an anomaly-free dataset with the time series of interest. The difference between these two time series are noted and the point with the highest difference will be considered to be an anomaly. The performance of this model was evaluated on a Rail road dataset and the cumuluative average Recall (how useful the predictions are) and average Precison (how accurate the predictions are) 93.5% and 55% respectively with an acceptable error range of 0.04 miles or 211 feet. The second method proposed involves extracting all segments in the anomaly-free dataset and grouping them according to their similarity. Here, a OCSVM is used to train these individual groups. OCSVM is a machine learning algorithm which learns to classify a data as either anomalous or normal. It is then coupled with the KDE which creates a distribution across all the anomalies and identifies the anomaly as one with a high distribution of predictions.The performance of this model was evaluated on a Rail road dataset and the cumulative average Recall and cumulative average Precision 74% and 57% respectively with an acceptable error range of 0.04 miles or 211 feet.

Anomaly Detection

Asynchronous

Unsupervised

Matrix Profile

OCSVM

Discovery of Triggering Relations and Its Applications in Network Security and Android Malware Detection

Zhang, Hao

30 November 2015

An increasing variety of malware, including spyware, worms, and bots, threatens data confidentiality and system integrity on computing devices ranging from backend servers to mobile devices. To address these threats, exacerbated by dynamic network traffic patterns and growing volumes, network security has been undergoing major changes to improve accuracy and scalability in the security analysis techniques. This dissertation addresses the problem of detecting the network anomalies on a single device by inferring the traffic dependence to ensure the root-triggers. In particular, we propose a dependence model for illustrating the network traffic causality. This model depicts the triggering relation of network requests, and thus can be used to reason about the occurrences of network events and pinpoint stealthy malware activities. The triggering relationships can be inferred by means of both rule-based and learning-based approaches. The rule-based approach originates from several heuristic algorithms based on the domain knowledge. The learning-based approach discovers the triggering relationship using a pairwise comparison operation that converts the requests into event pairs with comparable attributes. Machine learning classifiers predict the triggering relationship and further reason about the legitimacy of requests by enforcing their root-triggers. We apply our dependence model on the network traffic from a single host and a mobile device. Evaluated with real-world malware samples and synthetic attacks, our findings confirm that the traffic dependence model provides a significant source of semantic and contextual information that detects zero-day malicious applications. This dissertation also studies the usability of visualizing the traffic causality for domain experts. We design and develop a tool with a visual locality property. It supports different levels of visual based querying and reasoning required for the sensemaking process on complex network data. The significance of this dissertation research is in that it provides deep insights on the dependency of network requests, and leverages structural and semantic information, allowing us to reason about network behaviors and detect stealthy anomalies. / Ph. D.

Network Security

Stealthy Malware

Anomaly Detection

Threat Detection in Program Execution and Data Movement: Theory and Practice

Shu, Xiaokui

25 June 2016

Program attacks are one of the oldest and fundamental cyber threats. They compromise the confidentiality of data, the integrity of program logic, and the availability of services. This threat becomes even severer when followed by other malicious activities such as data exfiltration. The integration of primitive attacks constructs comprehensive attack vectors and forms advanced persistent threats. Along with the rapid development of defense mechanisms, program attacks and data leak threats survive and evolve. Stealthy program attacks can hide in long execution paths to avoid being detected. Sensitive data transformations weaken existing leak detection mechanisms. New adversaries, e.g., semi-honest service provider, emerge and form threats. This thesis presents theoretical analysis and practical detection mechanisms against stealthy program attacks and data leaks. The thesis presents a unified framework for understanding different branches of program anomaly detection and sheds light on possible future program anomaly detection directions. The thesis investigates modern stealthy program attacks hidden in long program executions and develops a program anomaly detection approach with data mining techniques to reveal the attacks. The thesis advances network-based data leak detection mechanisms by relaxing strong requirements in existing methods. The thesis presents practical solutions to outsource data leak detection procedures to semi-honest third parties and identify noisy or transformed data leaks in network traffic. / Ph. D.

Cybersecurity

Program Anomaly Detection

Data Leak Detection

Predicting Failures and Estimating Duration of Remaining Service Life from Satellite Telemetry

Losik, Len, Wahl, Sheila, Owen, Lewis

10 1900

International Telemetering Conference Proceedings / October 28-31, 1996 / Town and Country Hotel and Convention Center, San Diego, California / This paper addresses research completed for predicting hardware failures and estimating remaining service life for satellite components using a Failure Prediction Process (FPP). It is a joint paper, presenting initial research completed at the University of California, Berkeley, Center for Extreme Ultraviolet (EUV) Astrophysics using telemetry from the EUV EXPLORER (EUVE) satellite and statistical computation analysis completed by Lockheed Martin. This work was used in identifying suspect "failure precursors." Lockheed Martin completed an exploration into the application of statistical pattern recognition methods to identify FPP events observed visually by the human expert. Both visual and statistical methods were successful in detecting suspect failure precursors. An estimate for remaining service life for each unit was made from the time the suspect failure precursor was identified. It was compared with the actual time the equipment remained operable. The long-term objective of this research is to develop a resident software module which can provide information on FPP events automatically, economically, and with high reliability for long-term management of spacecraft, aircraft, and ground equipment. Based on the detection of a Failure Prediction Process event, an estimate of remaining service life for the unit can be calculated and used as a basis to manage the failure.

Telemetry

Analysis

Anomaly Resolution

Failure Prediction

Anomaly Prediction

Statistical Pattern Recognition

Análise da seca/estiagem no norte do estado de Minas Gerais a partir de dados MODIS / Analysis of drought in the north of Minas Gerais State from MODIS data

Moreira, Adriana Aparecida

January 2016

A seca que assola o norte de Minas Gerais é um desencadeante de severos impactos socioambientais. Mudanças na distribuição das precipitações, ou mesmo a redução no volume de chuvas é fator suficiente para a desorganização da atividade econômica regional. Neste contexto, este trabalho analisou a distribuição espaço-temporal da seca/estiagem no norte de Minas Gerais, entre 2003 a 2014. A metodologia consistiu na elaboração de série temporal de anomalia padronizada de NDWI utilizando imagens de reflectância MOD13Q1/MODIS. Para a realização das análises utilizou-se como base: os decretos de anormalidade por motivo de seca/estiagem, dados de perdas e danos, de precipitação e de variação de água da subsuperfície das soluções GRACE. Foram realizadas correlações entre NDWI e precipitação e entre anomalia padronizada de NDWI e anomalia de precipitação, considerando dados sem e com 30 dias de defasagem. Foi aplicado teste de médias, teste t de Student, para a anomalia padronizada de NDWI e a anomalia de precipitação, em um intervalo de confiança de 95%. Os resultados demonstraram que a anomalia padronizada de NDWI identificou de forma satisfatória três períodos de seca/estiagem na região. Estes corroboram com os dados de decretos de emergência e calamidade pública, sendo observado um maior número de decretos, principalmente, nestes períodos. Dois períodos identificados como de seca/estiagem foram noticiados como de estiagem severa no norte de Minas Gerais. Esse fato corrobora os dados de anomalia padronizada de NDWI com a situação ocorrida na região. O quantitativo de áreas afetadas por seca também evidencia o mesmo período de maiores números de ocorrências de seca/estiagem e deficiência na distribuição da precipitação. No entanto, o emprego de anomalia padronizada de NDWI na identificação seca/estiagem, por si só, pode não ser suficiente para essa identificação, uma vez que, o fenômeno pode ocorrer e causar danos e prejuízos, em meio a uma paisagem verde, como constatado para 2010. As análises estatísticas mostraram que existem correlações com graus de intensidade melhores entre o NDWI e a precipitação com uma defasagem de 30 dias. Fato também observado para os dados de anomalia padronizada de NDWI e anomalia de precipitação, todavia, foram observadas correlações de fraca a moderada. O teste de médias apresentou diferenças entre as médias apenas para o ano de 2014. Apesar de em todos os outros períodos as médias não serem estatisticamente diferentes entre si, foram verificados baixos valores de p-value, com excessão do período entre 2008 e 2011, onde são verificados p-value entre 0,4 a 0,9. Ainda que os testes estatísticos não apresentaram uma ótima significância, a variação temporal dos dados de anomalia padronizada de NDWI e de anomalia de precipitação evidencia uma relação similar entre esses dados. Por fim, a comparação com dados das soluções GRACE, identificou os mesmos períodos verificados com a anomalia padronizada de NDWI, sendo então, observado que estes dados corroboram entre si na identificação de seca/estiagem no norte de Minas Gerais. / The drought that affects the north of Minas Gerais State causes severe socio-environment impacts. Changes on the precipitation distribution or even the reduction of the raining amount is enough reason for regional disorganization. In this context, this work analyzed the drought spatial-temporal distribution in the north of Minas Gerais State, between 2003 and 2014. The methodology consisted on the elaboration of time series of standardized anomaly NDWI using images of reflectance MOD13Q1/MODIS. For the analysis it was used the following basis: the abnormality decrees caused by drought, damage and losses data, precipitation and the water subsurface range on GRACE solution. Correlations were conducted between NDWI and precipitation, as well as between standardized anomaly NDWI and precipitation anomaly, considering data with and without 30 days of gap. It was applied average test, the Student t-test, for the standardized anomaly NDWI and precipitation anomaly, with a confidence range of 95%. Results demonstrated that standardized anomaly NDWI satisfactorily identified three seasons of drought in this region. It corroborates with emergency decrees and public calamity data, in what it was observed a higher number of decrees, especially in these periods. Two seasons identified as drought were reported as severe drought in the north of Minas Gerais State. This fact validates the standardized anomaly NDWI data with the situation occurred in the region. The quantity of affected areas drought, also evidences the same period of larger numbers of occurrences drought and disability in the distribution of precipitation. However, the use of standardized anomaly NDWI by itself on the identification of drought may not be enough evidence for this association, since the phenomenon can occur and cause damages and losses among a green landscape, as seen in 2010. Statistical analysis demonstrated that there are correlations with better intensity degrees between the NDWI and the precipitation with a gap of 30 days. This fact was also observed for the standardized anomaly NDWI and precipitation anomaly data, however, mild to moderate correlations were observed. Student t-test demonstrated differences between the averages only for the year of 2014. Despite for all other periods averages were not statistically different, they were observed p-value low values, with the exception of the period between 2008 and 2011, which are verified p-value between 0.4 and 0.9. Although statistical tests did not demonstrated a great significance, the temporal variation of standardized anomaly NDWI data and precipitation anomaly evidenciate a similar relationship between these data. Lastly, the comparison with data from GRACE solutions, identified the same periods verified with the standardized anomaly NDWI, being then observed that these data corroborates between them in the identification of draught in the north of Minas Gerais State.

Sensoriamento remoto

Impacto socioambiental

Estiagem

Precipitação pluvial

Minas Gerais

Drought index

Standardized anomaly NDWI

Precipitation anomaly