Statistická analýza anomálií v senzorových datech / Statistical Analysis of Anomalies in Sensor Data

Gregorová, Kateřina

January 2019

This thesis deals with the failure mode detection of aircraft engines. The main approach to the detection is searching for anomalies in the sensor data. In order to get a comprehensive idea of the system and the particular sensors, the description of the whole system, namely the aircraft engine HTF7000 as well as the description of the sensors, are dealt with at the beginning of the thesis. A proposal of the anomaly detection algorithm based on three different detection methods is discussed in the second chapter. The above-mentioned methods are SVM (Support Vector Machine), K-means a ARIMA (Autoregressive Integrated Moving Average). The implementation of the algorithm including graphical user interface proposal are elaborated on in the next part of the thesis. Finally, statistical analysis of the results,the comparison of efficiency particular models and the discussion of outputs of the proposed algorithm can be found at the end of the thesis.

Vhodná strategie pro detekci bezpečnostních incidentů v průmyslových sítích / Appropriate strategy for security incident detection in industrial networks

Kuchař, Karel

January 2020

This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.

Využití strojového učení pro detekci anomálií na základě analýzy systémových logů / System Log Analysis for Anomaly Detection Using Machine Learning

Šiklóši, Miroslav

January 2020

Táto diplomová práca sa venuje problematike využitia strojového učenia na detekciu anomálií na základe analýzy systémových logov. Navrhnuté modely sú založené na algoritmoch strojového učenia s učiteľom, bez učiteľa a na hlbokom učení. Funkčnosť a správanie týchto algoritmov sú objasnené ako teoreticky, tak aj prakticky. Okrem toho boli využité metódy a postupy na predspracovanie dát predtým, než boli vložené do modelov strojového učenia. Navrhnuté modely sú na konci porovnané s využitím viacerých metrík a otestované na syslogoch, ktoré modely predtým nevideli. Najpresnejší výkon podali modely Klasifikátor rozhodovacích stromov, Jednotriedny podporný vektorový stroj a model Hierarchické zoskupovanie, ktoré správne označili 93,95%, 85,66% a 85,3% anomálií v uvedenom poradí.

Detekce útoku SlowDrop / SlowDrop attack detection

Náčin, Peter

January 2021

The diploma thesis is focused on the detection of a slow DoS attack named SlowDrop. The attack tries to imitate a legitimate person with a slow internet connection and does not show a new strong signature, so the attack is difficult to detect. The diploma thesis is based on the work of Ing. Mazanek in which the SlowDrop attack script was created. At the theoretical level, the issue of DoS attacks is described in general, but also in particular. Furthermore, the work develops methods for solving the problem of SlowDrop attack detection. The methods are then defined in detail and tested in a simulation environment. The practical part describes data analysis, signature detection, anomaly detection using neural networks and a detection script. In all practical parts, the used technologies and solution procedures are described in detail. The specific implementation of the solution and the achieved results are also presented. Finally, the individual results are evaluated, compared individually, but also among themselves. The obtained results show that the attack is detectable using a neural network and by created detection script.

Computation and Application of Persistent Homology on Streaming Data

Moitra, Anindya

January 2020

No description available.

Computer Science

Persistent Homology

Data Stream

Topological Data Analysis

Network Anomaly Detection

Viral Evolution

Computational Genomics

Event Sequence Identification and Deep Learning Classification for Anomaly Detection and Predication on High-Performance Computing Systems

Li, Zongze

12 1900

High-performance computing (HPC) systems continue growing in both scale and complexity. These large-scale, heterogeneous systems generate tens of millions of log messages every day. Effective log analysis for understanding system behaviors and identifying system anomalies and failures is highly challenging. Existing log analysis approaches use line-by-line message processing. They are not effective for discovering subtle behavior patterns and their transitions, and thus may overlook some critical anomalies. In this dissertation research, I propose a system log event block detection (SLEBD) method which can extract the log messages that belong to a component or system event into an event block (EB) accurately and automatically. At the event level, we can discover new event patterns, the evolution of system behavior, and the interaction among different system components. To find critical event sequences, existing sequence mining methods are mostly based on the a priori algorithm which is compute-intensive and runs for a long time. I develop a novel, topology-aware sequence mining (TSM) algorithm which is efficient to generate sequence patterns from the extracted event block lists. I also train a long short-term memory (LSTM) model to cluster sequences before specific events. With the generated sequence pattern and trained LSTM model, we can predict whether an event is going to occur normally or not. To accelerate such predictions, I propose a design flow by which we can convert recurrent neural network (RNN) designs into register-transfer level (RTL) implementations which are deployed on FPGAs. Due to its high parallelism and low power, FPGA achieves a greater speedup and better energy efficiency compared to CPU and GPU according to our experimental results.

HPC

System log

Anomaly Detection

Sequence Mining

Deep Learning

RNN

FPGA

Anomaly Detection in District Heating using a Clustering based approach

Nguyen, Minh-Tung, Baduni, Metjan

January 2021

The global demand for energy has increased in recent years. In Northern Europe and North America, centralized production and distribution of heat energy is commonly regarded as District Heating (DH). Efficient delivery of heat in the DH system is crucial not only for the building dwellers but even for companies that supply such energy. DH efficiency has to overcome several challenges as a result of faults that negatively impact its performance. Data collected from substations can be analyzed to identify potential faults and reduce the associated economic costs. The aim of this study is to use unsupervised machine learning in order to identify potential clusters of buildings in a time series dataset collected from buildings in a medium size Swedish town. We propose to find the anomalies in two ways; firstly, by identifying possible clusters of buildings and finding buildings which do not belong to a cluster, that can constitute potential anomalies. Secondly, by studying how the cluster membership transitions can help us to identify abnormal behavior over different time windows. A data mining experiment has been conducted by analyzing the energy profiles of 90 buildings in a period of 8 weeks for 2017 using the DBSCAN algorithm. Results suggest that winter period is more appropriate for the formation of possible clusters compared to summer period due to less noise encountered in winter. Clustering for every week can tell us more about the anomalies. Last, the periodic transitions between the clusters and the ranking of the clusters based on scaled distance can help us improve the anomaly detection by signalizing us for further inspection.

Anomaly Detection

Data Mining

Unsupervised Machine Learning

Clustering

DBSCAN

Time Series

Information Systems

Sběr dat a detekce anomálií přes mobilní zařízení / Mobile Based Data Acquisition and Anomaly Detection

Ondrášek, Michael

January 2015

The work deals with the implementation of the specific architecture to detect anomalies in the classroom or in commercial use. The system consists of three parts: Measurement module, mobile applications and server part. Transmission between the measuring module of the server and the evaluation is carried out simultaneously with the visuals on the mobile device. All system components are implemented with the minimum cost and maximum expandability. All the necessary computing power is concentrated in the server part because of usability with multiple simultaneously operating mobile clients. Emphasis is placed on the solution architecture and the possibility of using the system as a whole, or selected portions separately. Finally, experiments are designed for the presentation of selected methods for anomaly detection.

Detekce anomálií v síťovém provozu / Network Anomaly Detection

Bartoš, Václav

January 2011

This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.

Behaviorální analýza síťového provozu a detekce útoků (D)DoS / Behavioral Analysis of Network Traffic and (D)DoS Attack Detection

Chapčák, David

January 2017

The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.