Bayesian Aggregation of Evidence for Detection and Characterization of Patterns in Multiple Noisy Observations

Tandon, Prateek

01 August 2015

Effective use of Machine Learning to support extracting maximal information from limited sensor data is one of the important research challenges in robotic sensing. This thesis develops techniques for detecting and characterizing patterns in noisy sensor data. Our Bayesian Aggregation (BA) algorithmic framework can leverage data fusion from multiple low Signal-To-Noise Ratio (SNR) sensor observations to boost the capability to detect and characterize the properties of a signal generating source or process of interest. We illustrate our research with application to the nuclear threat detection domain. Developed algorithms are applied to the problem of processing the large amounts of gamma ray spectroscopy data that can be produced in real-time by mobile radiation sensors. The thesis experimentally shows BA’s capability to boost sensor performance in detecting radiation sources of interest, even if the source is faint, partiallyoccluded, or enveloped in the noisy and variable radiation background characteristic of urban scenes. In addition, BA provides simultaneous inference of source parameters such as the source intensity or source type while detecting it. The thesis demonstrates this capability and also develops techniques to efficiently optimize these parameters over large possible setting spaces. Methods developed in this thesis are demonstrated both in simulation and in a radiation-sensing backpack that applies robotic localization techniques to enable indoor surveillance of radiation sources. The thesis further improves the BA algorithm’s capability to be robust under various detection scenarios. First, we augment BA with appropriate statistical models to improve estimation of signal components in low photon count detection, where the sensor may receive limited photon counts from either source and/or background. Second, we develop methods for online sensor reliability monitoring to create algorithms that are resilient to possible sensor faults in a data pipeline containing one or multiple sensors. Finally, we develop Retrospective BA, a variant of BA that allows reinterpretation of past sensor data in light of new information about percepts. These Retrospective capabilities include the use of Hidden Markov Models in BA to allow automatic correction of a sensor pipeline when sensor malfunction may be occur, an Anomaly- Match search strategy to efficiently optimize source hypotheses, and prototyping of a Multi-Modal Augmented PCA to more flexibly model background and nuisance source fluctuations in a dynamic environment.

Robotics

Bayesian Aggregation

Retrospective Learning

Mobile Sensors

Nuclear Threat Detection

A machine learning approach to detect insider threats in emails caused by human behaviour

Michael, Antonia

January 2020

In recent years, there has been a significant increase in insider threats within organisations and these have caused massive losses and damages. Due to the fact that email communications are a crucial part of the modern-day working environment, many insider threats exist within organisations’ email infrastructure. It is a well-known fact that employees not only dispatch ‘business-as-usual’ emails, but also emails that are completely unrelated to company business, perhaps even involving malicious activity and unethical behaviour. Such insider threat activities are mostly caused by employees who have legitimate access to their organisation’s resources, servers, and non-public data. However, these same employees abuse their privileges for personal gain or even to inflict malicious damage on the employer. The problem is that the high volume and velocity of email communication make it virtually impossible to minimise the risk of insider threat activities, by using techniques such as filtering and rule-based systems. The research presented in this dissertation suggests strategies to minimise the risk of insider threat via email systems by employing a machine-learning-based approach. This is done by studying and creating categories of malicious behaviours posed by insiders, and mapping these to phrases that would appear in email communications. Furthermore, a large email dataset is classified according to behavioural characteristics of employees. Machine learning algorithms are employed to identify commonly occurring insider threats and to group the occurrences according to insider threat classifications. / Dissertation (MSc (Computer Science))--University of Pretoria, 2020. / Computer Science / MSc (Computer Science) / Unrestricted

Big Data

Insider Threat Detection

Insider Threats

Emails

Cybersecurity

Fusion of RGB and Thermal Data for Improved Scene Understanding

Smith, Ryan Elliott

06 May 2017

Thermal cameras are used in numerous computer vision applications, such as human detection and scene understanding. However, the cost of high quality and high resolution thermal sensors is often a limiting factor. Conversely, high resolution visual spectrum cameras are readily available and generally inexpensive. Herein, we explore the creation of higher quality upsampled thermal imagery using a high resolution visual spectrum camera and Markov random fields theory. This paper also presents a discussion of the tradeoffs from this approach and the effects of upsampling, both from quantitative and qualitative perspectives. Our results demonstrate the successful application of this approach for human detection and the accurate propagation of thermal measurements within images for more general tasks like scene understanding. A tradeoff analysis of the costs related to performance as the resolution of the thermal camera decreases are also provided.

Upsampling

Threat Detection

Thermal Imaging

Markov Random Fields

AGING AND ATTENTION TO THREAT; AN ELECTROPHYSIOLOGICAL INVESTIGATION

Jardin, Elliott C.

30 November 2015

No description available.

Psychology

Physiology

Attention

Perception

Threat detection, ERP

Event-related Potentials

Implementing Bayesian Networks for online threat detection

Pappaterra, Mauro José

January 2018

Cybersecurity threats have surged in the past decades. Experts agree that conventional security measures will soon not be enough to stop the propagation of more sophisticated and harmful cyberattacks. Recently, there has been a growing interest in mastering the complexity of cybersecurity by adopting methods borrowed from Artificial Intelligence (AI) in order to support automation. Moreover, entire security frameworks, such as DETECT (Decision Triggering Event Composer and Tracker), are designed aimed to the automatic and early detection of threats against systems, by using model analysis and recognising sequences of events and other tropes, inherent to attack patterns. In this project, I concentrate on cybersecurity threat assessment by the translation of Attack Trees (AT) into probabilistic detection models based on Bayesian Networks (BN). I also show how these models can be integrated and dynamically updated as a detection engine in the existing DETECT framework for automated threat detection, hence enabling both offline and online threat assessment. Integration in DETECT is important to allow real-time model execution and evaluation for quantitative threat assessment. Finally, I apply my methodology to some real-world case studies, evaluate models with sample data, perform data sensitivity analyses, then present and discuss the results.

Cybersecurity

Bayesian Networks

Threat Detection

Attack Trees

DETECT

Risk Evaluation

Threat Assessment

CPS

Computer Systems

Datorsystem

A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.

Sécurité dans le cloud : framework de détection de menaces internes basé sur l'analyse d'anomalies / Security in the Cloud : an anomaly-based detection framework for the insider threats

Carvallo, Pamela

17 December 2018

Le Cloud Computing (CC) ouvre de nouvelles possibilités pour des services plus flexibles et efficaces pour les clients de services en nuage (CSC). Cependant, la migration vers le cloud suscite aussi une série de problèmes, notamment le fait que, ce qui autrefois était un domaine privé pour les CSC, est désormais géré par un tiers, et donc soumis à ses politiques de sécurité. Par conséquent, la disponibilité, la confidentialité et l'intégrité des CSC doivent être assurées. Malgré l'existence de mécanismes de protection, tels que le cryptage, la surveillance de ces propriétés devient nécessaire. De plus, de nouvelles menaces apparaissent chaque jour, ce qui exige de nouvelles techniques de détection plus efficaces.Les travaux présentés dans ce document vont au-delà du simple l’état de l'art, en traitant la menace interne malveillante, une des menaces les moins étudiées du CC. Ceci s'explique principalement par les obstacles organisationnels et juridiques de l'industrie, et donc au manque de jeux de données appropriés pour la détecter. Nous abordons cette question en présentant deux contributions principales.Premièrement, nous proposons la dérivation d’une méthodologie extensible pour modéliser le comportement d’un utilisateur dans une entreprise. Cette abstraction d'un employé inclut des facteurs intra-psychologiques ainsi que des informations contextuelles, et s'inspire d'une approche basée sur les rôles. Les comportements suivent une procédure probabiliste, où les motivations malveillantes devraient se produire selon une probabilité donnée dans la durée.La contribution principale de ce travail consiste à concevoir et à mettre en œuvre un cadre de détection basé sur les anomalies pour la menace susmentionnée. Cette implémentation s’enrichit en comparant deux points différents de capture de données : une vue basée sur le profil du réseau local de la entreprise, et une point de vue du cloud qui analyse les données des services avec lesquels les clients interagissent. Cela permet au processus d'apprentissage des anomalies de bénéficier de deux perspectives: (1) l'étude du trafic réel et du trafic simulé en ce qui concerne l'interaction du service de cloud computing, de manière de caractériser les anomalies; et (2) l'analyse du service cloud afin d'ajouter des statistiques prenant en compte la caractérisation globale du comportement.La conception de ce cadre a permis de détecter de manière empirique un ensemble plus large d’anomalies de l’interaction d'une entreprise donnée avec le cloud. Cela est possible en raison de la nature reproductible et extensible du modèle. En outre, le modèle de détection proposé profite d'une technique d'apprentissage automatique en mode cluster, en suivant un algorithme adaptatif non supervisé capable de caractériser les comportements en évolution des utilisateurs envers les actifs du cloud. La solution s'attaque efficacement à la détection des anomalies en affichant des niveaux élevés de performances de clustering, tout en conservant un FPR (Low Positive Rate) faible, garantissant ainsi les performances de détection pour les scénarios de menace lorsque celle-ci provient de la entreprise elle-même / Cloud Computing (CC) opens new possibilities for more flexible and efficient services for Cloud Service Clients (CSCs). However, one of the main issues while migrating to the cloud is that what once was a private domain for CSCs, now is handled by a third-party, hence subject to their security policies. Therefore, CSCs' confidentiality, integrity, and availability (CIA) should be ensured. In spite of the existence of protection mechanisms, such as encryption, the monitoring of the CIA properties becomes necessary. Additionally, new threats emerge every day, requiring more efficient detection techniques. The work presented in this document goes beyond the state of the art by treating the malicious insider threat, one of the least studied threats in CC. This is mainly due to the organizational and legal barriers from the industry, and therefore the lack of appropriate datasets for detecting it. We tackle this matter by addressing two challenges.First, the derivation of an extensible methodology for modeling the behavior of a user in a company. This abstraction of an employee includes intra psychological factors, contextual information and is based on a role-based approach. The behaviors follow a probabilistic procedure, where the malevolent motivations are considered to occur with a given probability in time.The main contribution, a design and implementation of an anomaly-based detection framework for the aforementioned threat. This implementation enriches itself by comparing two different observation points: a profile-based view from the local network of the company, and a cloud-end view that analyses data from the services with whom the clients interact. This allows the learning process of anomalies to benefit from two perspectives: (1) the study of both real and simulated traffic with respect to the cloud service's interaction, in favor of the characterization of anomalies; and (2) the analysis of the cloud service in order to aggregate data statistics that support the overall behavior characterization.The design of this framework empirically shows to detect a broader set of anomalies of the company's interaction with the cloud. This is possible due to the replicable and extensible nature of the mentioned insider model. Also, the proposed detection model takes advantage of the autonomic nature of a clustering machine learning technique, following an unsupervised, adaptive algorithm capable of characterizing the evolving behaviors of the users towards cloud assets. The solution efficiently tackles the detection of anomalies by showing high levels of clustering performance, while keeping a low False Positive Rate (FPR), ensuring the detection performance for threat scenarios where the threat comes from inside the enterprise

Cloud computing

Securité

Detection de menaces

Menace internet

Cloud computing

Security

Threat detection

Insider threat

Exploring Open Source Intelligence for cyber threat Prediction

Adewopo, Victor A.

05 October 2021

No description available.

Information Technology

LSTM

Machine Learning

Deep Learning

Threat Detection

Online Social Media

On the Usage of Artificial Neural Networks for Cyber-Physical Threat Detection in DETECT / Om användningen av artificiella neuronnät för detektering av cyber-fysikaliska hot i DETECT

Anjel, Elise, Bäckström, Samuel

January 2021

This thesis explores how a detection engine using Artificial Neural Networks (ANNs) could be implemented within the DETECT framework. The framework is used for security purposes in Cyber-physical systems. These are critical systems often vital to important infrastructure so discovering new ways of how to defend against threats is of huge importance. However, there are many difficult challenges that needs to be addressed before employing an ANN as a threat detection mechanism. Most notable what kind of ANN to use, training data and issues such as over-fitting. These challenges were addressed in the model that was created for this paper. The model was based on the current literature and previous research. To make informed decisions about the model a literature review was carried out to gather as much information as possible. A key insight from the review was the use of recurrent neural networks for threat detection.

cyber physical system

neural network

security

threat detection

Computer Sciences

Datavetenskap (datalogi)

Detecting Threats from Constituent Parts: A Fuzzy Signal Detection Theory Analysis of Individual Differences

Van De Car, Ida

01 January 2015

Signal detection theory (SDT) provides a theoretical framework for describing performance on decision making tasks, and fuzzy signal detection theory (FSDT) extends this description to include tasks in which there are levels of uncertainty regarding the categorization of stimulus events. Specifically, FSDT can be used to quantify the degree to which an event is 'signal-like', i.e., the degree to which a stimulus event can be characterized by both signal and non-signal properties. For instance, an improvised explosive device (IED) poses little threat when missing key elements of its assembly (a stimulus of low, but not zero, signal strength) whereas the threat is greater when all elements necessary to ignite the device are present (a stimulus of high signal strength). This research develops a link between key individual cognitive (i.e., spatial orientation and visualization) and personality (i.e., extroversion, conscientiousness, and neuroticism) differences among observers to performance on a fuzzy signal detection task, in which the items to be detected (IEDs) are presented in various states of assembly. That is, this research relates individual difference measures to task performance, uses FSDT in target detection, and provides application of the theory to vigilance tasks. In two experiments, participants viewed pictures of IEDs, not all of which are assembled or include key components, and categorize them using a fuzzy rating scale (no threat, low threat potential, moderate threat potential, or definite threat). In both experiments, there were significant interactions between the stimulus threat level category and the variability of images within each category. The results of the first experiment indicated that spatial and mechanical ability were stronger predictors of performance when the signal was ambiguous than when individuals viewed stimuli in which the signal was fully absent or fully present (and, thus, less ambiguous). The second study showed that the length of time a stimulus is viewed is greatest when the signal strength is low and there is ambiguity regarding the threat level of the stimulus. In addition, response times were substantially longer in study 2 than in study 1, although patterns of performance accuracy, as measured by the sensitivity index d', were similar across the two experiments. Together, the experiments indicate that individuals take longer to evaluate a potential threat as less critical, than to identify either an absence of threat or a high degree of threat and that spatial and mechanical ability assist decision making when the threat level is unclear. These results can be used to increase the efficiency of employees working in threat-detection positions, such as luggage screeners, provides an exemplar of use of FSDT, and contributes to the understanding of human decision making.

Fuzzy signal detection theory

individual differences

spatial ability

visualization

extraversion

neuroticism

conscientiousness

threat detection

Psychology