Développement des méthodes génériques d'analyses multi-variées pour la surveillance de la qualité du produit / Development of multivariate analysis methods for the product quality prediction

Melhem, Mariam

20 November 2017

L’industrie microélectronique est un domaine compétitif, confronté de manière permanente à plusieurs défis. Pour évaluer les étapes de fabrication, des tests de qualité sont appliqués. Ces tests étant discontinus, une défaillance des équipements peut causer une dégradation de la qualité du produit. Des alarmes peuvent être déclenchées pour indiquer des problèmes. D’autre part, on dispose d’une grande quantité de données des équipements obtenues à partir de capteurs. Une gestion des alarmes, une interpolation de mesures de qualité et une réduction de données équipements sont nécessaires. Il s’agit dans notre travail à développer des méthodes génériques d’analyse multi-variée permettant d’agréger toutes les informations disponibles sur les équipements pour prédire la qualité de produit en prenant en compte la qualité des différentes étapes de fabrication. En se basant sur le principe de reconnaissance de formes, nous avons proposé une approche pour prédire le nombre de produits restant à produire avant les pertes de performance liée aux spécifications clients en fonction des indices de santé des équipement. Notre approche permet aussi d'isoler les équipements responsables de dégradation. En plus, une méthodologie à base de régression régularisée est développée pour prédire la qualité du produit tout en prenant en compte les relations de corrélations et de dépendance existantes dans le processus. Un modèle pour la gestion des alarmes est construit où des indices de criticité et de similarité sont proposés. Les données alarmes sont ensuite utilisées pour prédire le rejet de produits. Une application sur des données industrielles provenant de STMicroelectronics est fournie. / The microelectronics industry is a highly competitive field, constantly confronted with several challenges. To evaluate the manufacturing steps, quality tests are applied during and at the end of production. As these tests are discontinuous, a defect or failure of the equipment can cause a deterioration in the product quality and a loss in the manufacturing Yield. Alarms are setting off to indicate problems, but periodic alarms can be triggered resulting in alarm flows. On the other hand, a large quantity of data of the equipment obtained from sensors is available. Alarm management, interpolation of quality measurements and reduction of correlated equipment data are required. We aim in our work to develop generic methods of multi-variate analysis allowing to aggregate all the available information (equipment health indicators, alarms) to predict the product quality taking into account the quality of the various manufacturing steps. Based on the pattern recognition principle, data of the degradation trajectory are compared with health indices for failing equipment. The objective is to predict the remaining number of products before loss of the performance related to customer specifications, and the isolation of equipment responsible for degradation. In addition, regression- ased methods are used to predict the product quality while taking into account the existing correlation and the dependency relationships in the process. A model for the alarm management is constructed where criticality and similarity indices are proposed. Then, alarm data are used to predict the product scrap. An application to industrial data from STMicroelectronics is provided.

Analyse statistique multi-Variée

Régression régularisée

Analyse de similarité

Gestion d’alarmes

Indices de santé

Prédiction de la qualité du produit

Amélioration du rendement

Industrie micro-Électronique.

Data-Based diagnosis and prognosis

Multivariate statistical analysis

Regularized regression

Similarity analysis

Alarm management

Health index

Product quality prediction

Yield improvement

Microelectronic industry.

Studying the effectiveness of dynamic analysis for fingerprinting Android malware behavior / En studie av effektivitet hos dynamisk analys för kartläggning av beteenden hos Android malware

Regard, Viktor

January 2019

Android is the second most targeted operating system for malware authors and to counter the development of Android malware, more knowledge about their behavior is needed. There are mainly two approaches to analyze Android malware, namely static and dynamic analysis. Recently in 2017, a study and well labeled dataset, named AMD (Android Malware Dataset), consisting of over 24,000 malware samples was released. It is divided into 135 varieties based on similar malicious behavior, retrieved through static analysis of the file classes.dex in the APK of each malware, whereas the labeled features were determined by manual inspection of three samples in each variety. However, static analysis is known to be weak against obfuscation techniques, such as repackaging or dynamic loading, which can be exploited to avoid the analysis. In this study the second approach is utilized and all malware in the dataset are analyzed at run-time in order to monitor their dynamic behavior. However, analyzing malware at run-time has known weaknesses as well, as it can be avoided through, for instance, anti-emulator techniques. Therefore, the study aimed to explore the available sandbox environments for dynamic analysis, study the effectiveness of fingerprinting Android malware using one of the tools and investigate whether static features from AMD and the dynamic analysis correlate. For instance, by an attempt to classify the samples based on similar dynamic features and calculating the Pearson Correlation Coefficient (r) for all combinations of features from AMD and the dynamic analysis. The comparison of tools for dynamic analysis, showed a need of development, as most popular tools has been released for a long time and the common factor is a lack of continuous maintenance. As a result, the choice of sandbox environment for this study ended up as Droidbox, because of aspects like ease of use/install and easily adaptable for large scale analysis. Based on the dynamic features extracted with Droidbox, it could be shown that Android malware are more similar to the varieties which they belong to. The best metric for classifying samples to varieties, out of four investigated metrics, turned out to be Cosine Similarity, which received an accuracy of 83.6% for the entire dataset. The high accuracy indicated a correlation between the dynamic features and static features which the varieties are based on. Furthermore, the Pearson Correlation Coefficient confirmed that the manually extracted features, used to describe the varieties, and the dynamic features are correlated to some extent, which could be partially confirmed by a manual inspection in the end of the study.

Android malware

dynamic analysis

droidbox

cuckoodroid

droidscope

mobsf

malware behavior

correlation

pearson correlation

cosine similarity

euclidean distance

chebyshev distance

mahalanobis distance

similarity analysis

static features

dynamic features

tf-idf

AMD

Android malware dataset

malware dataset

UpDroid

EC2

Computer and Information Sciences

Data- och informationsvetenskap