Global ETD Search

101	Proteção de sistemas elétricos considerando aspectos de segurança da rede de comunicação / Electric power system protection considering safety aspects of the communication network Costa, Nilson Santos 28 May 2007 (has links) O mundo moderno está cada dia mais conectado por todos os meios tecnológicos que existem hoje. Isto permite que mais e mais pessoas possam se comunicar, tornando a estrada da comunicação virtual obrigatória para a sobrevivência das pequenas, médias e grandes empresas públicas e privadas. O grande avanço tecnológico do século 20 foi à utilização em grande escala do PC (personal computer) comumente chamados de microcomputadores. Este avanço também chegou aos sistemas elétricos de potência, tornando as subestações digitalizadas. Estas subestações sendo digitais correm riscos de invasão cibernética interna ou mesmo externa. Embora a possibilidade de invasão cibernética externa seja pequena, ela existe. Diante dessa situação este trabalho propõe a aplicação de um sistema de segurança, aplicado em um sistema elétrico de potência. O trabalho concentra-se especificamente no estudo dos sistemas de detecção de intruso (SDI), nos seus dois modos básicos: o SDI por abuso e SDI por anomalia utilizando redes neurais artificiais. Estes conceitos serão testados em um sistema elétrico de potência simulado, com uma rede de comunicação baseada em microcomputadores e/ou equipamentos microprocessados, com relés digitais reais. Os Softwares, denominados SNORT e Carcará, foram utilizados e extensivamente testados com resultados altamente encorajadores para a função descrita. / Modern world is more connected each day by all technological means available. This allows more people to communicate, turning the virtual communication road obligatory to the survival of small, medium and large companies, whether public or private. The great technological advance of the 20th century was the large use of the PCs (personal computer), usually called microcomputers. This advance also reached the power electric systems with the digitalization of the substations. These digitalized substations, run the risk of cybernetic invasion, internal or even external. Although the possibility of external cybernetic invasion is small, it exists. In that context, the present thesis proposes the application of a security system for an electric power system. The focus will be the study of intruder detection systems (IDS), on its two basic forms: the IDS by abuse and the IDS by anomaly, using artificial neural networks. These concepts will be tested in a simulated electric power system, with a communication network based on microcomputers, with actual digital relays with the digitalization of the substations. Autômatos Carcará Carcará Electric power system Intruder detection system Microcomputadores Microcomputers Neural networks Redes neurais Sistema de detecção de intruso Sistema elétrico de potência SNORT SNORT
102	Extraction de relations spatio-temporelles à partir des données environnementales et de la santé / Spatio-temporal data mining from health and environment data Alatrista-Salas, Hugo 04 October 2013 (has links) Face à l'explosion des nouvelles technologies (mobiles, capteurs, etc.), de grandes quantités de données localisées dans l'espace et dans le temps sont désormais disponibles. Les bases de données associées peuvent être qualifiées de bases de données spatio-temporelles car chaque donnée est décrite par une information spatiale (e.g. une ville, un quartier, une rivière, etc.) et temporelle (p. ex. la date d'un événement). Cette masse de données souvent hétérogènes et complexes génère ainsi de nouveaux besoins auxquels les méthodes d'extraction de connaissances doivent pouvoir répondre (e.g. suivre des phénomènes dans le temps et l'espace). De nombreux phénomènes avec des dynamiques complexes sont ainsi associés à des données spatio-temporelles. Par exemple, la dynamique d'une maladie infectieuse peut être décrite par les interactions entre les humains et le vecteur de transmission associé ainsi que par certains mécanismes spatio-temporels qui participent à son évolution. La modification de l'un des composants de ce système peut déclencher des variations dans les interactions entre les composants et finalement, faire évoluer le comportement global du système.Pour faire face à ces nouveaux enjeux, de nouveaux processus et méthodes doivent être développés afin d'exploiter au mieux l'ensemble des données disponibles. Tel est l'objectif de la fouille de données spatio-temporelles qui correspond à l'ensemble de techniques et méthodes qui permettent d'obtenir des connaissances utiles à partir de gros volumes de données spatio-temporelles. Cette thèse s'inscrit dans le cadre général de la fouille de données spatio-temporelles et l'extraction de motifs séquentiels. Plus précisément, deux méthodes génériques d'extraction de motifs sont proposées. La première permet d'extraire des motifs séquentiels incluant des caractéristiques spatiales. Dans la deuxième, nous proposons un nouveau type de motifs appelé "motifs spatio-séquentiels". Ce type de motifs permet d'étudier l'évolution d'un ensemble d'événements décrivant une zone et son entourage proche. Ces deux approches ont été testées sur deux jeux de données associées à des phénomènes spatio-temporels : la pollution des rivières en France et le suivi épidémiologique de la dengue en Nouvelle Calédonie. Par ailleurs, deux mesures de qualité ainsi qu'un prototype de visualisation de motifs sont été également proposés pour accompagner les experts dans la sélection des motifs d'intérêts. / Thanks to the new technologies (smartphones, sensors, etc.), large amounts of spatiotemporal data are now available. The associated database can be called spatiotemporal databases because each row is described by a spatial information (e.g. a city, a neighborhood, a river, etc.) and temporal information (e.g. the date of an event). This huge data is often complex and heterogeneous and generates new needs in knowledge extraction methods to deal with these constraints (e.g. follow phenomena in time and space).Many phenomena with complex dynamics are thus associated with spatiotemporal data. For instance, the dynamics of an infectious disease can be described as the interactions between humans and the transmission vector as well as some spatiotemporal mechanisms involved in its development. The modification of one of these components can trigger changes in the interactions between the components and finally develop the overall system behavior.To deal with these new challenges, new processes and methods must be developed to manage all available data. In this context, the spatiotemporal data mining is define as a set of techniques and methods used to obtain useful information from large volumes of spatiotemporal data. This thesis follows the general framework of spatiotemporal data mining and sequential pattern mining. More specifically, two generic methods of pattern mining are proposed. The first one allows us to extract sequential patterns including spatial characteristics of data. In the second one, we propose a new type of patterns called spatio-sequential patterns. This kind of patterns is used to study the evolution of a set of events describing an area and its near environment.Both approaches were tested on real datasets associated to two spatiotemporal phenomena: the pollution of rivers in France and the epidemiological monitoring of dengue in New Caledonia. In addition, two measures of quality and a patterns visualization prototype are also available to assist the experts in the selection of interesting patters. Fouille de données spatio-temporelles Information Géographique Recherche de corrélations Exploration de données Système de détection épidémiologique Spatio-temporal data mining Geographic information Research of correlations Data exploration Epidemiology detection system
103	A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDN Silva, Eduardo Germano da January 2007 (has links) Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices. Redes : Computadores Seguranca : Redes : Computadores Supervisory control and data acquisition Software-defined networking Smart grids Network-based intrusion detection system One-class classification
104	WiFi Extension for Drought Early-Warning Detection System Components Pukhanov, Alexander January 2015 (has links) Excessive droughts on the African continent have caused the Swedish Meteorological and Hydrological Institute to launch a program of gathering data in hopes of producing models for rainfalls and droughts. A sensor capable of gathering such data has already been chosen, however there remains the problem of conveniently retrieving data from each of the sensors spread over a large area of land. To accomplish this goal, a small, cheap and efficient wireless capable module would need to be used. A possible candidate is the new WiFi-module from Espress if designated ESP8266. It is an extremely cheap and versatile wireless SoC that is able to perform the task of a wireless communications adapter for the sensor unit. The point of this thesis is to investigate the suitability of IEEE 802.11 for the task, and produce a piece of firmware for the ESP8266. The firmware shall enable it to be attached to a sensor and operate as a wireless mesh node in a self-organizing WLAN sensor network, enabling data retrieval via WiFi multi-hop deliveries. ESP8266 Drought Early-Warning Detection System Wireless Mesh Network Wireless Sensor Network Wifi SoC EM50 Annan elektroteknik och elektronik
105	Molecularly imprinted polymer sensor systems for environmental estrogenic endocrine disrupting chemicals Ntshongontshi, Nomaphelo January 2018 (has links) Philosophiae Doctor - PhD (Chemistry) / There is growing concern on endocrine disrupting compounds (EDCs). The presence of drugs in water supplies was first realized in Germany in the early 1990s when environmental scientists discovered clofibric acid. Clofibric acid has the ability to lower cholesterol in ground water below a water treatment plant. Endocrine disrupting compounds can be defined as those chemicals with the ability to alter daily functioning of the endocrine system in living organisms. There are numerous molecules that are regarded or referred to as EDCs such as but not limited to organochlorinated pesticides, industrial chemicals, plastics and plasticizers, fuels, estrogens and many other chemicals that are found in the environment or are in widespread use. 17?- estradiol is the principal estrogen found in mammals during reproductive years. Estriol is produced in large quantities during pregnancy. 17?-estradiol is the strongest, estriol the weakest. Estriol is water soluble, estrone and estradiol are not. Although estrogen is produced in women they are also at risk of over exposure to estrogen. Pesticides are extensively used today in agricultural settings to prevent and control pests. Various pesticides, including banned organochlorines (OCs) and modern non-persistent pesticides, have shown the ability to disrupt thyroid activity, disturbing the homeostasis of the thyroid system. Because these EDCs have adverse effects on health of both human and wildlife, it is imperative to develop viable costeffective analytical methods for the detection of these EDCs in complicated samples and at very low concentrations. Very high selectivity towards particular compounds is a very important property for the suitability of a detection method. This is because these compounds mostly coexist in complex matrices which makes the detection of a specific compound very challenging. It is paramount to develop highly sensitive and selective methods for the detection of these estrogens and phosphoric acid-based pesticides at trace levels. / 2021-08-31
106	Συλλογή δεδομένων από πρότυπο σύστημα PET Τριπολίτης, Χριστόφορος 19 January 2010 (has links) Στην εποχή της Μοριακής Ιατρικής, η ιατρική πληροφορία θα πρέπει να σχετίζεται με την λειτουργία των ιστών και των κυττάρων σε μοριακό επίπεδο. Η ιατρική διάγνωση καθώς και ο σχεδιασμός και η αποτελεσματικότητα της θεραπείας απαιτούν λεπτομερή πληροφόρηση σε θέματα που αφορούν τον μεταβολισμό, τους υποδοχείς, αλλά και την γονιδιακή έκφραση των ιστών. Η Τομογραφία Εκπομπής Ποζιτρονίων (ΡΕΤ), μέθοδος της Πυρηνικής Ιατρικής είναι ο κυριότερος επί του παρόντος εκπρόσωπος της Μοριακής Απεικόνισης, διαγιγνώσκει δηλαδή απεικονιστικά παθήσεις σε μοριακό επίπεδο με την βοήθεια ραδιοφαρμάκων. Τα τελευταία χρόνια υπάρχει όλο και μεγαλύτερο ενδιαφέρον για την ανάπτυξη συστημάτων Τομογραφίας Εκπομπής Ποζιτρονίων που αφορούν την απεικόνιση μικρών ζώων (animal PET). Τα συστήματα αυτά είναι σχεδιασμένα ώστε να κάνουν απεικόνιση ανατομικών δομών μικρότερων από αυτές του ανθρώπου. Τα οφέλη πολλά, τόσο στην αξιολόγηση νέων ραδιοφαρμάκων, όσο και στην βελτίωση των κλινικών PET μέσα από την μελέτη και την ανάπτυξη τέτοιων πρότυπων συστημάτων. Το αντικείμενο της διπλωματικής εργασίας αφορά την μελέτη σε βάθος και κατανόηση της λειτουργίας ενός πρότυπου συστήματος PET (Positron Emission Tomography). Σε πειραματικό επίπεδο θα γίνει εκμάθηση και λήψη δεδομένων μέσω των ηλεκτρονικών μονάδων NIM. Τα χαρακτηριστικά του συστήματος που χρησιμοποιείται στην παρούσα εργασία είναι μια μικρή PET κάμερα, που αποτελείται από δυο κεφαλές βασισμένες σε χωρικά ευαίσθητο φωτοπολλαπλασιαστή H8500 και διακριτοποιημένο κρύσταλλο LSO κυψελίδων 2x2mm2, πεδίου διαστάσεων 5x5cm2. Κάθε κεφαλή περιλαμβάνει ένα φωτοπολλαπλασιαστή, ένα κρύσταλλο και ηλεκτρονικά τα οποία είναι υπεύθυνα για την προ-ενίσχυση. Το σύστημα συλλογής δεδομένων θα γίνει μέσω των ηλεκτρονικών NIM (Nuclear Instrumentation Module) και θα συγκριθεί με εκείνο του small animal PET. Σκοπός μας είναι να χρησιμοποιήσουμε τις κατάλληλες μονάδες (ενισχυτές, διευκρινιστές, μονάδες σύμπτωσης και gate and delay generators), ώστε να καταγραφεί το είδος των μεταφερομένων σημάτων σε όλες τις επιμέρους μονάδες. Στη συνέχεια και ύστερα από επεξεργασία των δεδομένων στον υπολογιστή θα πραγματοποιηθεί απεικόνιση ομοιωμάτων ή μικρών ζώων. Η σύγκριση καθώς και η κατανόηση της λειτουργίας του τρόπου με τον οποίο γίνεται η σύμπτωση και η συλλογή των δεδομένων θα μας βοηθήσει μελλοντικά στην ανάπτυξη ενός νέου συστήματος PET με βέλτιστα επιθυμητά χαρακτηριστικά. / In this work dual head PET camera, suitable for high resolution small animal studies has been developed. The system has a field of view of 5x5cm and is based on 2 H8500 position sensitive photomultiplier tubes (PSPMTs), coupled to two LSO crystals with 2.5x2.5mm pixel size. Then an FPGA based data acquisition system and proper data reconstruction system collect events, sort coincidences and produce images. We develop a system that is responsible for the coincidence detection based on NIM electronics. Systems evaluation has been carried out using FDG. Point sources have been used for systems calibration. Capillaries with 1.1mm inner diameter were imaged. Κάμερα PET μικρών ζώων NIM ηλεκτρονικά Τεχνική σύμπτωσης Παράθυρο σύμπτωσης Μοριακή απεικόνιση 616.075 75 Small PET Resolving time Coincidence detection system Coincidence window Molecular imaging
107	Improvement of pedestrian safety : response of detection systems to real accident scenarios / L'amélioration de la sécurité du piéton : validation de système actif de sécurité par la reconstruction d'accidents réels Hamdane, Hédi 05 December 2016 (has links) Le contexte général de cette recherche concerne la sécurité active des piétons. De nombreux systèmes embarqués dans les véhicules sont actuellement développés afin de détecter un piéton sur la chaussée et d’éviter une collision soit par une manœuvre de freinage d’urgence soit par une manœuvre de déport. La plupart de ces systèmes d’aide à la conduite sont basés sur des systèmes de détection (caméras, radars, etc). Ils analysent la scène en temps réel, puis effectuent un traitement d’images dans le but d’identifier un potentiel danger. Or il apparaît difficile de déterminer la pertinence de ces systèmes en termes de sécurité routière. L’'objectif général de ce travail est ainsi d’estimer cette pertinence en confrontant les systèmes à de multiples configurations d’accidents réels. La méthodologie consiste à tester les systèmes de détection des piétons dans les configurations d’accidents reconstruits en les associant à la cinématique des véhicules. Le test de performance de ces systèmes a été alors réalisé en vérifiant leurs compatibilités au regard de la chronologie des accidents; i.e. vérifier la possibilité d’'évitement des accidents. À partir de ces reconstructions d’accidents réels, une analyse a été réalisée afin de dégager les enjeux au niveau spatio-temporelle qui influencent la sécurité primaire du piéton. / The scope of this research concerns pedestrian active safety. Several primary safety systems have been developed for vehicles in order to detect a pedestrian and to avoid an impact. These systems analyse the forward path of the vehicle through the processing of images from sensors. If a pedestrian is identified on the vehicle trajectory, these systems employ emergency braking and some systems may potentially employ emergency steering. Methods for assessing the effectiveness of these systems have been developed. But, it appears difficult to determine the relevance of these systems in terms of pedestrian protection. The general objective of this research was to test the response of these systems in many accident configurations.The methodology consisted of coupling the vehicle dynamic behaviour with a primary safety system in order to confront these systems to real accident configurations. The relevance of these systems is studied by verifying the feasibility of deploying an autonomous emergency manoeuvre during the timeline of the accident and according to the vehicle dynamic capabilities: i.e. verifying the possibilities in terms of crash avoidance. From these accident reconstructions and simulation, factors relevant to the primary safety of pedestrians were deduced. Piéton Sécurité primaire Reconstruction d'accidents Système de détection Manoeuvre d'urgence autonome Pedestrian Primary safety Accident reconstruction Detection system Autonomous emergency manoeuvre 796
108	Etude des cavités optiques de filtrage de sortie du détecteur d'ondes gravitationnelles Advanced Virgo / Study of the output optical cavity from the Advanced Virgo gravitational wave detector Ducrot, Marine 29 September 2016 (has links) Un siècle après leur prédiction par Albert Einstein, le 14 septembre 2015 des ondes gravitationnelles provenant de la coalescence de deux trous noirs ont été observées, ouvrant ainsi le champ à une toute nouvelle astronomie et une nouvelle manière d'étudier la gravitation. La faible amplitude des ondes gravitationnelles nécessite des détecteurs spécifiques et très sensibles. Advanced Virgo est un interféromètre kilométrique de deuxième génération dédié à la détection des ondes gravitationnelles. Un des éléments nécessaires pour atteindre la sensibilité requise est le système optique de filtrage appelé l’Output Mode Cleaner ou OMC, placé en sortie de l'interféromètre, et composé de deux cavités optiques. Ce manuscrit présente l'étude et la caractérisation de ce système optique de filtrage. Ce travail a permis de sélectionner les deux cavités actuellement installées dans le détecteur Advanced Virgo. Les performances de filtrage et l’impact de l’OMC sur la sensibilité du détecteur sont également décrits. / About 100 years after their prediction by Albert Einstein gravitational waves produced by the coalescence of two black holes were observed on the 14th of September 2015, opening the field of gravitational wave astronomy and a new way to study gravitation. The small amplitude of gravitational waves requires specific and very sensitive detectors. Advanced Virgo is a second generation kilometric interferometer dedicated to the detection of gravitational waves. A necessary element to reach the required sensitivity is the filtering optical system named the Output Mode Cleaner or OMC, placed at the output of the interferometer, and composed of two optical cavities. This thesis shows the study and characterization of this optical system. This work informed the selection of the two optical cavities actually installed in the Advanced Virgo detector. The filtering performances and impact of the OMC on the detector sensitivity are also described. Avanced Virgo Système de détection Ondes gravitationnelles Cavité optique Astrophysique instrumentale Advanced Virgo Detection system Gravitational waves Optical cavity Instrumental astrophysics 530
109	A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDN Silva, Eduardo Germano da January 2007 (has links) Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices. Redes : Computadores Seguranca : Redes : Computadores Supervisory control and data acquisition Software-defined networking Smart grids Network-based intrusion detection system One-class classification
110	Real-time detection of Advanced Persistent Threats using Information Flow Tracking and Hidden Markov Models / Détection temps réel de menaces persistantes avancées par suivi de flux d'information et modèles de Markov cachés Brogi, Guillaume 04 April 2018 (has links) Dans cette thèse, nous présentons les risques posés par les Menaces Persistentes Avancées (APTs) et proposons une approche en deux temps pour distinguer les attaques qui en font partie. Ce travail fait partie d'Akheros, un Système de Détection d'Intrusion (IDS) autonome développé par trois doctorants. L'idée est d'utiliser l'apprentissage machine pour détecté des évènements inattendus et vérifier s'ils posent un risque de sécurité. La dernière étape, et le sujet de cette thèse, est de mettre en évidence les APT. Les campagnes d'APT sont particulièrement dangereuses car les attaquants sont compétents et ont un but précis ainsi que du temps et de l'argent. Nous partons des résultats des parties précédentes d'Akheros: une liste d'évènements traduisible en flux d'information et qui indique quand des attaques sont détectées. Nous faisons ressortir les liens entre attaques en utilisant le Suivi de Flux d'Information: nous ajoutons une nouvelle teinte pour chaque attaque. Lors de la propagation, si une teinte se trouve en amont d'un flux qui fait partie d'une attaque, alors les deux attaques sont liés. Certaines attaques se trouvent liées par erreur car les évènements que nous utilisons ne sont pas assez précis, d'où l'approche en deux temps. Dans le cas où certaines attaques ne sont pas détectées, la teinte de cette attaque n'est pas créée, cependant, les autres teintes sont propagées normalement, et l'attaque précédent l'attaque non détectée sera liée à l'attaque lui faisant suite. Le deuxième temps de l'approche est de retirer les liens erronés. Nous utilisons un Modèle de Markov Caché pour représenter les APTs et retirons les campagnes qui ne suivent pas le modèle. Ceci fonctionne car les APTs, quoique toutes différentes, passent par les mêmes phases. Ces phases sont les états cachés du modèle. Les observations sont les types d'attaques effectuées pendant ces phases. De plus, les actions futures des attaquants dépendent des résultats de l'action en cours, ce qui satisfait l'hypothèse de Markov. Le score utilisé pour classer les campagnes potentielles de la plus proche d'une APT à la plus éloigné est basé sur un algorithme de Viterbi modifié pour prendre en compte les attaques non détectées potentielles. / In this thesis, we present the risks posed by Advanced Persitent Threats (APTs) and propose a two-step approach for recognising when detected attacks are part of one. This is part of the Akheros solution, a fully autonomous Intrusion Detection System (IDS) being developed in collaboration by three PhD students. The idea is to use machine learning to detect unexpected events and check if they present a security risk. The last part, and the subject of this thesis, is the highlighting of APT. APTs campaigns are particularly dangerous because they are performed by skilled attackers with a precise goal and time and money on their side.We start with the results from the previous part of the Akheros IDS: a list of events, which can be translated to flows of information, with an indication for events found to be attacks. We find links between attacks using Information Flow Tracking. To do so, we create a new taint for each detected attack and propagate it. Whenever a taint is on the input of an event that is part of another attack, then the two attacks are linked. However, the links are only potential because the events used are not precise enough, which leads to erroneously propagated taints. In the case of an undetected attack, no taint is created for that attack, but the other taints are still propagated as normal so that previous attack is still linked to the next attack, only skipping the undetected one. The second step of the approach is to filter out the erroneous links. To do so, we use a Hidden Markov Model to represent APTs and remove potential attack campaign that do not fit the model. This is possible because, while each APT is different, they all go through the same phases, which form the hidden states of our model. The visible observations are the kind of attacks performed during these phases. In addition, the results in one phase dictate what the attackers do next, which fits the Markov hypothesis. The score used to rank potential attack campaign from most likely an APT to least likely so is based on a customised Viterbi algorithm in order to take into account potentially undetected attacks. Apprentissage machine Système de détection d'intrusion Menace persistente avancée Suivi de flux d'information Machine learning Intrusion detection system Advanced persistent threat Information Flow Tracking 005.8

Search results