• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 329
  • 18
  • 17
  • 17
  • 15
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 484
  • 484
  • 215
  • 212
  • 160
  • 138
  • 116
  • 91
  • 81
  • 75
  • 70
  • 68
  • 61
  • 60
  • 59
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
351

Anomaly Detection in Diagnostics Data with Natural Fluctuations / Anomalidetektering i diagnostikdata med naturliga variationer

Sundberg, Jesper January 2015 (has links)
In this thesis, the red hot topic anomaly detection is studied, which is a subtopic in machine learning. The company, Procera Networks, supports several broadband companies with IT-solutions and would like to detected errors in these systems automatically. This thesis investigates and devises methods and algorithms for detecting interesting events in diagnostics data. Events of interest include: short-term deviations (a deviating point), long-term deviations (a distinct trend) and other unexpected deviations. Three models are analyzed, namely Linear Predictive Coding, Sparse Linear Prediction and Wavelet Transformation. The final outcome is determined by the gap to certain thresholds. These thresholds are customized to fit the model as well as possible. / I den här rapporten kommer det glödheta området anomalidetektering studeras, vilket tillhör ämnet Machine Learning. Företaget där arbetet utfördes på heter Procera Networks och jobbar med IT-lösningar inom bredband till andra företag. Procera önskar att kunna upptäcka fel hos kunderna i dessa system automatiskt. I det här projektet kommer olika metoder för att hitta intressanta företeelser i datatraffiken att genomföras och forskas kring. De mest intressanta företeelserna är framfärallt snabba avvikelser (avvikande punkt) och färändringar äver tid (trender) men också andra oväntade mänster. Tre modeller har analyserats, nämligen Linear Predictive Coding, Sparse Linear Prediction och Wavelet Transform. Det slutgiltiga resultatet från modellerna är grundat på en speciell träskel som är skapad fär att ge ett så bra resultat som mäjligt till den undersäkta modellen..
352

Online Anomaly Detection on the Edge / Sekventiell anomalidetektering i nätverkskanten

Jirwe, Marcus January 2021 (has links)
The society of today relies a lot on the industry and the automation of factory tasks is more prevalent than ever before. However, the machines taking on these tasks require maintenance to continue operating. This maintenance is typically given periodically and can be expensive while sometimes requiring expert knowledge. Thus it would be very beneficial if one could predict when a machine needs maintenance and only employ maintenance as necessary. One method to predict when maintenance is necessary is to collect sensor data from a machine and analyse it for anomalies. Anomalies are usually an indicator of unexpected behaviour and can therefore show when a machine needs maintenance. Due to concerns like privacy and security, it is often not allowed for the data to leave the local system. Hence it is necessary to perform this kind of anomaly detection in an online manner and in an edge environment. This environment imposes limitations on hardware and computational ability. In this thesis we consider four machine learning anomaly detection methods that can learn and detect anomalies in this kind of environment. These methods are LoOP, iForestASD, KitNet and xStream. We first evaluate the four anomaly detectors on the Skoltech Anomaly Benchmark using their suggested metrics as well as the Receiver Operating Characteristic curves. We also perform further evaluation on two data sets provided by the company Gebhardt. The experimental results are promising and indicate that the considered methods perform well at the task of anomaly detection. We finally propose some avenues for future work, such as implementing a dynamically changing anomaly threshold. / Dagens samhälle är väldigt beroende av industrin och automatiseringen av fabriksuppgifter är mer förekommande än någonsin. Dock kräver maskinerna som tar sig an dessa uppgifter underhåll för att forsätta arbeta. Detta underhåll ges typiskt periodvis och kan vara dyrt och samtidigt kräva expertkunskap. Därför skulle det vara väldigt fördelaktigt om det kunde förutsägas när en maskin behövde underhåll och endast göra detta när det är nödvändigt. En metod för att förutse när underhåll krävs är att samla in sensordata från en maskin och analysera det för att hitta anomalier. Anomalier fungerar ofta som en indikator av oväntat beteende, och kan därför visa att en maskin behöver underhåll. På grund av frågor som integritet och säkerhet är det ofta inte tillåtet att datan lämnar det lokala systemet. Därför är det nödvändigt att denna typ av anomalidetektering genomförs sekventiellt allt eftersom datan samlas in, och att detta sker på nätverkskanten. Miljön som detta sker i påtvingar begränsningar på både hårdvara och beräkningsförmåga. I denna avhandling så överväger vi fyra anomalidetektorer som med användning av maskininlärning lär sig och upptäcker anomalier i denna sorts miljö. Dessa metoder är LoOP, iForestASD, KitNet och xStream. Vi analyserar först de fyra anomalidetektorerna genom Skoltech Anomaly Benchmark där vi använder deras föreslagna mått samt ”Receiver Operating Characteristic”-kurvor. Vi genomför även vidare analys på två dataset som vi har tillhandhållit av företaget Gebhardt. De experimentella resultaten är lovande och indikerar att de övervägda metoderna presterar väl när det kommer till detektering av anomalier. Slutligen föreslår vi några idéer som kan utforskas för framtida arbete, som att implementera en tröskel för anomalidetektering som anpassar sig dynamiskt.
353

Run-time Anomaly Detection with Process Mining: Methodology and Railway System Compliance Case-Study

Vitale, Francesco January 2021 (has links)
Detecting anomalies in computer-based systems, including Cyber-Physical Systems (CPS), has attracted a large interest recently. Behavioral anomalies represent deviations from what is regarded as the nominal expected behavior of the system. Both Process science and Data science can yield satisfactory results in detecting behavioral anomalies. Within Process Mining, Conformance Checking addresses data retrieval and the connection of data to behavioral models with the aim to detect behavioral anomalies. Nowadays, computer-based systems are increasingly complex and require appropriate validation, monitoring, and maintenance techniques. Within complex computer-based systems, the European Rail Traffic Management System/European Train Control System (ERTMS/ETCS) represents the specification of a standard Railway System integrating heterogeneous hardware and software components, with the aim of providing international interoperability with trains seemingly interacting within standardized infrastructures. Compliance with the standard as well as expected behavior is essential, considering the criticality of the system in terms of performance, availability, and safety. To that aim, a Process Mining Conformance Checking process can be employed to validate the requirements through run-time model-checking techniques against design-time process models. A Process Mining Conformance Checking methodology has been developed and applied with the goal of validating the behavior exposed by an ERTMS/ETCS system during the execution of specific scenarios. The methodology has been tested and demonstrated correct classification of valid behaviors exposed by the ERTMS/ETCS system prototype. Results also showed that the Fitness metric developed in the methodology allows the detection of latent errors in the system before they can generate any failures.
354

Fault Detection in Mobile Robotics using Autoencoder and Mahalanobis Distance

Mortensen, Christian January 2021 (has links)
Intelligent fault detection systems using machine learning can be applied to learn to spot anomalies in signals sampled directly from machinery. As a result, expensive repair costs due to mechanical breakdowns and potential harm to humans due to malfunctioning equipment can be prevented. In recent years, Autoencoders have been applied for fault detection in areas such as industrial manufacturing. It has been shown that they are well suited for the purpose as such models can learn to recognize healthy signals that facilitate the detection of anomalies. The content of this thesis is an investigation into the applicability of Autoencoders for fault detection in mobile robotics by assigning anomaly scores to sampled torque signals based on the Autoencoder reconstruction errors and the Mahalanobis distance to a known distribution of healthy errors. An experiment was carried out by training a model with signals recorded from a four-wheeled mobile robot executing a pre-defined diagnostics routine to stress the motors, and datasets of healthy samples along with three different injected faults were created. The model produced overall greater anomaly scores for one of the fault cases in comparison to the healthy data. However, the two other cases did not yield any difference in anomaly scores due to the faults not impacting the pattern of the signals. Additionally, the Autoencoders ability to isolate a fault to a location was studied by examining the reconstruction errors faulty samples determine whether the errors of signals originating from the faulty component could be used for this purpose. Although we could not confirm this based on the results, fault isolation with Autoencoders could still be possible given more representative signals.
355

Hybrid Machine and Deep Learning-based Cyberattack Detection and Classification in Smart Grid Networks

Aribisala, Adedayo 01 May 2022 (has links)
Power grids have rapidly evolved into Smart grids and are heavily dependent on Supervisory Control and Data Acquisition (SCADA) systems for monitoring and control. However, this evolution increases the susceptibility of the remote (VMs, VPNs) and physical interfaces (sensors, PMUs LAN, WAN, sub-stations power lines, and smart meters) to sophisticated cyberattacks. The continuous supply of power is critical to power generation plants, power grids, industrial grids, and nuclear grids; the halt to global power could have a devastating effect on the economy's critical infrastructures and human life. Machine Learning and Deep Learning-based cyberattack detection modeling have yielded promising results when combined as a Hybrid with an Intrusion Detection System (IDS) or Host Intrusion Detection Systems (HIDs). This thesis proposes two cyberattack detection techniques; one that leverages Machine Learning algorithms and the other that leverages Artificial Neural networks algorithms to classify and detect the cyberattack data held in a foundational dataset crucial to network intrusion detection modeling. This thesis aimed to analyze and evaluate the performance of a Hybrid Machine Learning (ML) and a Hybrid Deep Learning (DL) during ingress packet filtering, class classification, and anomaly detection on a Smart grid network.
356

Adaptive Anomaly Detection for Large IoT Datasets with Machine Learning and Transfer Learning

Negus, Andra Stefania January 2020 (has links)
As more IoT devices enter the market it becomes increasingly important to develop reliable and adaptive ways of dealing with the data they generate. These must address data quality and reliability. Such solutions could benefit both the device producers and their customers who, as a result, could receive faster and better customer support services. Thus, this project's goal is twofold. First, it is to identify faulty data points generated by such devices. Second, it is to evaluate whether the knowledge gained from available/known sensors and appliances is transferable to other sensors on similar devices. This would make it possible to evaluate the behaviour of new appliances as soon as they are first switched on, rather than after sufficient data from them has been collected. This project uses time series data from three appliances: washing machine, washer&dryer and refrigerator. For these, two solutions are developed and tested: one for categorical and another for numerical variables. Categorical variables are analysed using the Average Value Frequency and the pure frequency of state-transition methods. Due to the limited number of possible states, the pure frequency proves to be the better solution, and the knowledge gained is transferred from the source device to the target one, with moderate success. Numerical variables are analysed using a One-class Support Vector Machine pipeline, with very promising results. Further, learning and forgetting mechanisms are developed to allow for the pipelines to adapt to changes in appliance patterns of behaviour. This includes a decay function for the numerical variables solution. Interestingly, the different weights for the source and target have little to no impact on the quality of the classification. / Nya IoT-enheter träder in på marknaden så det blir allt viktigare att utveckla tillförlitliga och anpassningsbara sätt att hantera de data de genererar. Dessa bör hantera datakvalitet och tillförlitlig- het. Sådana lösningar kan gynna båda tillverkarna av apparater och deras kunder som som ett resultat kan dra nytta av snabbare och bättre kundsupport / tjänster. Således har detta projekt två mål. Det första är att identifiera felaktiga datapunkter som genereras av sådana enheter. För det andra är det att utvärdera om kunskapen från tillgängliga / kända sensorer och apparater kan överföras till andra sensorer på liknande enheter. Detta skulle göra det möjligt att utvärdera beteendet hos nya apparater så snart de slås på första gången, snarare än efter att tillräcklig information från dem har samlats in. Detta projekt använder tidsseriedata från tre apparater: tvättmaskin, tvättmaskin och torktumlare och kylskåp. För dessa utvecklas och testas två lösningar: en för kategoriska variabler och en annan för numeriska variabler. De kategoriska variablerna analyseras med två metoder: Average Value Frequency och den rena frekvensen för tillståndsövergång. På grund av det begränsade antalet möjliga tillstånd visar sig den rena frekvensen vara den bättre lösningen, och kunskapen som erhålls överförs från källanordningen till målet, med måttlig framgång. De numeriska variablerna analyseras med hjälp av en One-class Support Vector Machine-pipeline, med mycket lovande resultat. Vidare utvecklas inlärnings- och glömningsmekanismer för att möjliggöra för rörledningarna att anpassa sig till förändringar i apparatens beteendemönster. Detta inkluderar en sönderfallningsfunktion för den numeriska variabellösningen. Intressant är att de olika vikterna för källan och målet har liten eller ingen inverkan på kvaliteten på klassificeringen.
357

Implementation of Anomaly Detection on a Time-series Temperature Data set

Novacic, Jelena, Tokhi, Kablai January 2019 (has links)
Aldrig har det varit lika aktuellt med hållbar teknologi som idag. Behovet av bättre miljöpåverkan inom alla områden har snabbt ökat och energikonsumtionen är ett av dem. En enkel lösning för automatisk kontroll av energikonsumtionen i smarta hem är genom mjukvara. Med dagens IoT teknologi och maskinlärningsmodeller utvecklas den mjukvarubaserade hållbara livsstilen allt mer. För att kontrollera ett hushålls energikonsumption måste plötsligt avvikande beteenden detekteras och regleras för att undvika onödig konsumption. Detta examensarbete använder en tidsserie av temperaturdata för att implementera detektering av anomalier. Fyra modeller implementerades och testades; en linjär regressionsmodell, Pandas EWM funktion, en EWMA modell och en PEWMA modell. Varje modell testades genom att använda dataset från nio olika lägenheter, från samma tidsperiod. Därefter bedömdes varje modell med avseende på Precision, Recall och F-measure, men även en ytterligare bedömning gjordes för linjär regression med R^2-score. Resultaten visar att baserat på noggrannheten hos varje modell överträffade PEWMA de övriga modellerna. EWMA modeller var något bättre än den linjära regressionsmodellen, följt av Pandas egna EWM modell. / Today's society has become more aware of its surroundings and the focus has shifted towards green technology. The need for better environmental impact in all areas is rapidly growing and energy consumption is one of them. A simple solution for automatically controlling the energy consumption of smart homes is through software. With today's IoT technology and machine learning models the movement towards software based ecoliving is growing. In order to control the energy consumption of a household, sudden abnormal behavior must be detected and adjusted to avoid unnecessary consumption. This thesis uses a time-series data set of temperature data for implementation of anomaly detection. Four models were implemented and tested; a Linear Regression model, Pandas EWM function, an exponentially weighted moving average (EWMA) model and finally a probabilistic exponentially weighted moving average (PEWMA) model. Each model was tested using data sets from nine different apartments, from the same time period. Then an evaluation of each model was conducted in terms of Precision, Recall and F-measure, as well as an additional evaluation for Linear Regression, using R^2 score. The results of this thesis show that in terms of accuracy, PEWMA outperformed the other models. The EWMA model was slightly better than the Linear Regression model, followed by the Pandas EWM model.
358

Unsupervised anomaly detection for aircraft health monitoring system

Dani, Mohamed Cherif 10 March 2017 (has links)
La limite des connaissances techniques ou fondamentale, est une réalité dont l’industrie fait face. Le besoin de mettre à jour cette connaissance acquise est essentiel pour une compétitivité économique, mais aussi pour une meilleure maniabilité des systèmes et machines. Aujourd’hui grâce à ces systèmes et machine, l’expansion de données en quantité, en fréquence de génération est un véritable phénomène. À présent par exemple, les avions Airbus génèrent des centaines de mégas de données par jour, et intègrent des centaines voire des milliers de capteurs dans les nouvelles générations d’avions. Ces données générées par ces capteurs, sont exploitées au sol ou pendant le vol, pour surveiller l’état et la santé de l’avion, et pour détecter des pannes, des incidents ou des changements. En théorie, ces pannes, ces incidents ou ces changements sont connus sous le terme d’anomalie. Une anomalie connue comme un comportement qui ne correspond pas au comportement normal des données. Certains la définissent comme une déviation d’un modèle normal, d’autres la définissent comme un changement. Quelques soit la définition, le besoin de détecter cette anomalie est important pour le bon fonctionnement de l'avion. Actuellement, la détection des anomalies à bord des avions est assuré par plusieurs équipements de surveillance aéronautiques, l’un de ces équipements est le « Aircraft condition monitoring System –ACMS », enregistre les données générées par les capteurs en continu, il surveille aussi l’avion en temps réel grâce à des triggers et des seuils programmés par des Airlines ou autres mais à partir d’une connaissance a priori du système. Cependant, plusieurs contraintes limitent le bon fonctionnement de cet équipement, on peut citer par exemple, la limitation des connaissances humaines un problème classique que nous rencontrons dans plusieurs domaines. Cela veut dire qu’un trigger ne détecte que les anomalies et les incidents dont il est désigné, et si une nouvelle condition surgit suite à une maintenance, changement de pièce, etc. Le trigger est incapable s’adapter à cette nouvelle condition, et il va labéliser toute cette nouvelle condition comme étant une anomalie. D’autres problèmes et contraintes seront cités progressivement dans les chapitres qui suivent. L’objectif principal de notre travail est de détecter les anomalies et les changements dans les données de capteurs, afin d’améliorer le system de surveillance de santé d’avion connu sous le nom Aircraft Health Monitoring(AHM). Ce travail est basé principalement sur une analyse à deux étapes, Une analyse unie varie dans un contexte non supervisé, qui nous permettra de se focaliser sur le comportement de chaque capteur indépendamment, et de détecter les différentes anomalies et changements pour chaque capteur. Puis une analyse multi-variée qui nous permettra de filtrer certaines anomalies détectées (fausses alarmes) dans la première analyse et de détecter des groupes de comportement suspects. La méthode est testée sur des données réelles et synthétiques, où les résultats, l’identification et la validation des anomalies sont discutées dans cette thèse. / The limitation of the knowledge, technical, fundamental is a daily challenge for industries. The need to updates these knowledge are important for a competitive industry and also for an efficient reliability and maintainability of the systems. Actually, thanks to these machines and systems, the expansion of the data on quantity and frequency of generation is a real phenomenon. Within Airbus for example, and thanks to thousands of sensors, the aircrafts generate hundreds of megabytes of data per flight. These data are today exploited on the ground to improve safety and health monitoring system as a failure, incident and change detection. In theory, these changes, incident and failure are known as anomalies. An anomaly is known as deviation form a normal behavior of the data. Others define it as a behavior that do not conform the normal behavior. Whatever the definition, the anomaly detection process is very important for good functioning of the aircraft. Currently, the anomaly detection process is provided by several health monitoring equipments, one of these equipment is the Aircraft Health Monitoring System (ACMS), it records continuously the date of each sensor, and also monitor these sensors to detect anomalies and incident using triggers and predefined condition (exeedance approach). These predefined conditions are programmed by airlines and system designed according to a prior knowledge (physical, mechanical, etc.). However, several constraints limit the ACMS anomaly detection potential. We can mention, for example, the limitation the expert knowledge which is a classic problem in many domains, since the triggers are designed only to the targeted anomalies. Otherwise, the triggers do not cover all the system conditions. In other words, if a new behavior appears (new condition) in the sensor, after a maintenance action, parts changing, etc. the predefined conditions won't detect any thing and may be in many cases generated false alarms. Another constraint is that the triggers (predefined conditions) are static, they are unable to adapt their proprieties to each new condition. Another limitation is discussed gradually in the future chapters. The principle of objective of this thesis is to detect anomalies and changes in the ACMS data. In order to improve the health monitoring function of the ACMS. The work is based principally on two stages, the univariate anomaly detection stage, where we use the unsupervised learning to process the univariate sensors, since we don’t have any a prior knowledge of the system, and no documentation or labeled classes are available. The univariate analysis focuses on each sensor independently. The second stage of the analysis is the multivariate anomaly detection, which is based on density clustering, where the objective is to filter the anomalies detected in the first stage (false alarms) and to detect suspected behaviours (group of anomalies). The anomalies detected in both univariate and multivariate can be potential triggers or can be used to update the existing triggers. Otherwise, we propose also a generic concept of anomaly detection based on univariate and multivariate anomaly detection. And finally a new concept of validation anomalies within airbus.
359

Représentations pour la détection d’anomalies : Application aux données vibratoires des moteurs d’avions / Representations for anomaly detection : Application to aircraft engines’ vibration data

Abdel Sayed, Mina 03 July 2018 (has links)
Les mesures de vibrations sont l’une des données les plus pertinentes pour détecter des anomalies sur les moteurs. Les vibrations sont acquises sur banc d’essai en phase d’accélération et de décélération pour assurer la fiabilité du moteur à la sortie de la chaine de production. Ces données temporelles sont converties en spectrogrammes pour permettre aux experts d’effectuer une analyse visuelle de ces données et de détecter les différentes signatures atypiques. Les sources vibratoires correspondent à des raies sur les spectrogrammes. Dans cette thèse, nous avons mis en place un outil d’aide à la décision automatique pour analyser les spectrogrammes et détecter tout type de signatures atypiques, ces signatures ne proviennent pas nécessairement d’un endommagement du moteur. En premier lieu, nous avons construit une base de données numérique de spectrogrammes annotés. Il est important de noter que les signatures inusuelles sont variables en forme, intensité et position et se trouvent dans un faible nombre de données. Par conséquent, pour détecter ces signatures, nous caractérisons les comportements normaux des spectrogrammes, de manière analogue aux méthodes de détection de nouveautés, en représentant les patchs des spectrogrammes sur des dictionnaires comme les curvelets et la Non-negative matrix factorization (NMF), ainsi qu’en estimant la distribution de chaque point du spectrogramme à partir de données normales dépendamment ou non de leur voisinage. La détection des points atypiques est réalisée par comparaison des données tests au modèle de normalité estimé sur des données d’apprentissage normales. La détection des points atypiques permet la détection des signatures inusuelles composées par ces points. / Vibration measurements are one of the most relevant data for detecting anomalies in engines. Vibrations are recorded on a test bench during acceleration and deceleration phases to ensure the reliability of every flight engine at the end of the production line. These temporal signals are converted into spectrograms for experts to perform visual analysis of these data and detect any unusual signature. Vibratory signatures correspond to lines on the spectrograms. In this thesis, we have developed a decision support system to automatically analyze these spectrograms and detect any type of unusual signatures, these signatures are not necessarily originated from a damage in the engine. Firstly, we have built a numerical spectrograms database with annotated zones, it is important to note that data containing these unusual signatures are sparse and that these signatures are quite variable in shape, intensity and position. Consequently, to detect them, like in the novelty detection process, we characterize the normal behavior of the spectrograms by representing patches of the spectrograms in dictionaries such as the curvelets and the Non-negative matrix factorization (NMF) and by estimating the distribution of every points of the spectrograms with normal data depending or not of the neighborhood. The detection of the unusual points is performed by comparing test data to the model of normality estimated on learning normal data. The detection of the unusual points allows the detection of the unusual signatures composed by these points.
360

Risk assessment and intrusion detection for airbone networks / Analyse de risque et détection d'intrusions pour les réseaux avioniques

Gil Casals, Silvia 21 July 2014 (has links)
L'aéronautique connaît de nos jours une confluence d'événements: la connectivité bord-sol et au seinmême de l’avion ne cesse d'augmenter afin, entre autres, de faciliter le contrôle du trafic aérien et lamaintenabilité des flottes d’avions, offrir de nouveaux services pour les passagers tout en réduisant lescoûts. Les fonctions avioniques se voient donc reliées à ce qu’on appelle le Monde Ouvert, c’est-à-direle réseau non critique de l’avion ainsi qu’aux services de contrôle aérien au sol. Ces récentesévolutions pourraient constituer une porte ouverte pour les cyber-attaques dont la complexité necesse de croître également. Cependant, même si les standards de sécurité aéronautique sont encoreen cours d'écriture, les autorités de certification aéronautiques demandent déjà aux avionneursd'identifier les risques et assurer que l'avion pourra opérer de façon sûre même en cas d'attaque.Pour répondre à cette problématique industrielle, cette thèse propose une méthode simple d'analysede risque semi-quantitative pour identifier les menaces, les biens à protéger, les vulnérabilités etclasser les différents niveaux de risque selon leur impact sur la sûreté de vol et de la potentiellevraisemblance de l’attaque en utilisant une série de tables de critères d’évaluation ajustables. Ensuite,afin d'assurer que l'avion opère de façon sûre et en sécurité tout au long de son cycle de vie, notredeuxième contribution consiste en une fonction générique et autonome d'audit du réseau pour ladétection d'intrusions basée sur des techniques de Machine Learning. Différentes options sontproposées afin de constituer les briques de cette fonction d’audit, notamment : deux façons demodéliser le trafic au travers d’attributs descriptifs de ses caractéristiques, deux techniques deMachine Learning pour la détection d’anomalies : l’une supervisée basée sur l’algorithme One ClassSupport Vector Machine et qui donc requiert une phase d’apprentissage, et l’autre, non superviséebasée sur le clustering de sous-espace. Puisque le problème récurrent pour les techniques dedétection d’anomalies est la présence de fausses alertes, nous prônons l’utilisation du Local OutlierFactor (un indicateur de densité) afin d’établir un seuil pour distinguer les anomalies réelles desfausses alertes. / Aeronautics is actually facing a confluence of events: connectivity of aircraft is graduallyincreasing in order to ease the air traffic management and aircraft fleet maintainability, andto offer new services to passengers while reducing costs. The core avionics functions are thuslinked to what we call the Open World, i.e. the non-critical network of an aircraft as well asthe air traffic services on the ground. Such recent evolutions could be an open door to cyberattacksas their complexity keeps growing. However, even if security standards are still underconstruction, aeronautical certification authorities already require that aircraft manufacturersidentify risks and ensure aircraft will remain in a safe and secure state even under threatconditions.To answer this industrial problematic, this thesis first proposes a simple semi-quantitative riskassessment framework to identify threats, assets and vulnerabilities, and then rank risk levelsaccording to threat scenario safety impact on the aircraft and their potential likelihood byusing adjustable attribute tables. Then, in order to ensure the aircraft performs securely andsafely all along its life-cycle, our second contribution consists in a generic and autonomousnetwork monitoring function for intrusion detection based on Machine Learning algorithms.Different building block options to compose this monitoring function are proposed such as:two ways of modeling the network traffic through characteristic attributes, two MachineLearning techniques for anomaly detection: a supervised one based on the One Class SupportVector Machine algorithm requiring a prior training phase and an unsupervised one based onsub-space clustering. Since a very common issue in anomaly detection techniques is thepresence of false alarms, we prone the use of the Local Outlier Factor (a density indicator) toset a threshold in order to distinguish real anomalies from false positives.This thesis summarizes the work performed under the CIFRE (Convention Industrielle deFormation par la Recherche) fellowship between THALES Avionics and the CNRS-LAAS atToulouse, France.

Page generated in 0.1304 seconds