431 |
Anomaly Detection and Security Deep Learning Methods Under Adversarial SituationMiguel Villarreal-Vasquez (9034049) 27 June 2020 (has links)
<p>Advances in Artificial Intelligence (AI), or more precisely on Neural Networks (NNs), and fast processing technologies (e.g. Graphic Processing Units or GPUs) in recent years have positioned NNs as one of the main machine learning algorithms used to solved a diversity of problems in both academia and the industry. While they have been proved to be effective in solving many tasks, the lack of security guarantees and understanding of their internal processing disrupts their wide adoption in general and cybersecurity-related applications. In this dissertation, we present the findings of a comprehensive study aimed to enable the absorption of state-of-the-art NN algorithms in the development of enterprise solutions. Specifically, this dissertation focuses on (1) the development of defensive mechanisms to protect NNs against adversarial attacks and (2) application of NN models for anomaly detection in enterprise networks.</p><p>In this state of affairs, this work makes the following contributions. First, we performed a thorough study of the different adversarial attacks against NNs. We concentrate on the attacks referred to as trojan attacks and introduce a novel model hardening method that removes any trojan (i.e. misbehavior) inserted to the NN models at training time. We carefully evaluate our method and establish the correct metrics to test the efficiency of defensive methods against these types of attacks: (1) accuracy with benign data, (2) attack success rate, and (3) accuracy with adversarial data. Prior work evaluates their solutions using the first two metrics only, which do not suffice to guarantee robustness against untargeted attacks. Our method is compared with the state-of-the-art. The obtained results show our method outperforms it. Second, we proposed a novel approach to detect anomalies using LSTM-based models. Our method analyzes at runtime the event sequences generated by the Endpoint Detection and Response (EDR) system of a renowned security company running and efficiently detects uncommon patterns. The new detecting method is compared with the EDR system. The results show that our method achieves a higher detection rate. Finally, we present a Moving Target Defense technique that smartly reacts upon the detection of anomalies so as to also mitigate the detected attacks. The technique efficiently replaces the entire stack of virtual nodes, making ongoing attacks in the system ineffective.</p><p> </p>
|
432 |
Community Detection of Anomaly in Large-Scale Network Dissertation - Adefolarin Bolaji .pdfAdefolarin Alaba Bolaji (10723926) 29 April 2021 (has links)
<p>The
detection of anomalies in real-world networks is applicable in different
domains; the application includes, but is not limited to, credit card fraud
detection, malware identification and classification, cancer detection from
diagnostic reports, abnormal traffic detection, identification of fake media
posts, and the like. Many ongoing and current researches are providing tools
for analyzing labeled and unlabeled data; however, the challenges of finding
anomalies and patterns in large-scale datasets still exist because of rapid
changes in the threat landscape. </p><p>In this study, I implemented a
novel and robust solution that combines data science and cybersecurity to solve
complex network security problems. I used Long Short-Term Memory (LSTM) model, Louvain
algorithm, and PageRank algorithm to identify and group anomalies in large-scale
real-world networks. The network has billions of packets. The developed model
used different visualization techniques to provide further insight into how the
anomalies in the network are related. </p><p>Mean absolute error (MAE) and root mean square error (RMSE) was used to validate the anomaly detection models, the
results obtained for both are 5.1813e-04
and 1e-03 respectively. The low loss from the training
phase confirmed the low RMSE at loss: 5.1812e-04, mean absolute error:
5.1813e-04, validation loss: 3.9858e-04, validation mean absolute error:
3.9858e-04. The result from the community detection
shows an overall modularity value of 0.914 which is proof of the existence of
very strong communities among the anomalies. The largest sub-community of the
anomalies connects 10.42% of the total nodes of the anomalies. </p><p>The broader aim and impact of this study was to provide
sophisticated, AI-assisted countermeasures to cyber-threats in large-scale
networks. To close the existing gaps created by the shortage of skilled and
experienced cybersecurity specialists and analysts in the cybersecurity field,
solutions based on out-of-the-box thinking are inevitable; this research was aimed
at yielding one of such solutions. It was built to detect specific and
collaborating threat actors in large networks and to help speed up how the
activities of anomalies in any given large-scale network can be curtailed in
time.</p><div><div><div>
</div>
</div>
</div>
<br>
|
433 |
Insurance Fraud Detection using Unsupervised Sequential Anomaly Detection / Detektion av försäkringsbedrägeri med oövervakad sekvensiell anomalitetsdetektionHansson, Anton, Cedervall, Hugo January 2022 (has links)
Fraud is a common crime within the insurance industry, and insurance companies want to quickly identify fraudulent claimants as they often result in higher premiums for honest customers. Due to the digital transformation where the sheer volume and complexity of available data has grown, manual fraud detection is no longer suitable. This work aims to automate the detection of fraudulent claimants and gain practical insights into fraudulent behavior using unsupervised anomaly detection, which, compared to supervised methods, allows for a more cost-efficient and practical application in the insurance industry. To obtain interpretable results and benefit from the temporal dependencies in human behavior, we propose two variations of LSTM based autoencoders to classify sequences of insurance claims. Autoencoders can provide feature importances that give insight into the models' predictions, which is essential when models are put to practice. This approach relies on the assumption that outliers in the data are fraudulent. The models were trained and evaluated on a dataset we engineered using data from a Swedish insurance company, where the few labeled frauds that existed were solely used for validation and testing. Experimental results show state-of-the-art performance, and further evaluation shows that the combination of autoencoders and LSTMs are efficient but have similar performance to the employed baselines. This thesis provides an entry point for interested practitioners to learn key aspects of anomaly detection within fraud detection by thoroughly discussing the subject at hand and the details of our work. / <p>Gjordes digitalt via Zoom. </p>
|
434 |
Cooperative security log analysis using machine learning : Analyzing different approaches to log featurization and classification / Kooperativ säkerhetslogganalys med maskininlärningMalmfors, Fredrik January 2022 (has links)
This thesis evaluates the performance of different machine learning approaches to log classification based on a dataset derived from simulating intrusive behavior towards an enterprise web application. The first experiment consists of performing attacks towards the web app in correlation with the logs to create a labeled dataset. The second experiment consists of one unsupervised model based on a variational autoencoder and four super- vised models based on both conventional feature-engineering techniques with deep neural networks and embedding-based feature techniques followed by long-short-term memory architectures and convolutional neural networks. With this dataset, the embedding-based approaches performed much better than the conventional one. The autoencoder did not perform well compared to the supervised models. To conclude, embedding-based ap- proaches show promise even on datasets with different characteristics compared to natural language.
|
435 |
Dynamic network resources optimization based on machine learning and cellular data mining / Optimisation dynamique des ressources des réseaux cellulaires basée sur des techniques d'analyse de données et des techniques d'apprentissage automatiqueHammami, Seif Eddine 20 September 2018 (has links)
Les traces réelles de réseaux cellulaires représentent une mine d’information utile pour améliorer les performances des réseaux. Des traces comme les CDRs (Call detail records) contiennent des informations horodatées sur toutes les interactions des utilisateurs avec le réseau sont exploitées dans cette thèse. Nous avons proposé des nouvelles approches dans l’étude et l’analyse des problématiques des réseaux de télécommunications, qui sont basé sur les traces réelles et des algorithmes d’apprentissage automatique. En effet, un outil global d’analyse de données, pour la classification automatique des stations de base, la prédiction de la charge de réseau et la gestion de la bande passante est proposé ainsi qu’un outil pour la détection automatique des anomalies de réseau. Ces outils ont été validés par des applications directes, et en utilisant différentes topologies de réseaux comme les réseaux WMN et les réseaux basés sur les drone-cells. Nous avons montré ainsi, qu’en utilisant des outils d’analyse de données avancés, il est possible d’optimiser dynamiquement les réseaux mobiles et améliorer la gestion de la bande passante. / Real datasets of mobile network traces contain valuable information about the network resources usage. These traces may be used to enhance and optimize the network performances. A real dataset of CDR (Call Detail Records) traces, that include spatio-temporal information about mobile users’ activities, are analyzed and exploited in this thesis. Given their large size and the fact that these are real-world datasets, information extracted from these datasets have intensively been used in our work to develop new algorithms that aim to revolutionize the infrastructure management mechanisms and optimize the usage of resource. We propose, in this thesis, a framework for network profiles classification, load prediction and dynamic network planning based on machine learning tools. We also propose a framework for network anomaly detection. These frameworks are validated using different network topologies such as wireless mesh networks (WMN) and drone-cell based networks. We show that using advanced data mining techniques, our frameworks are able to help network operators to manage and optimize dynamically their networks
|
436 |
Ensemble Classifier Design and Performance Evaluation for Intrusion Detection Using UNSW-NB15 DatasetZoghi, Zeinab 30 November 2020 (has links)
No description available.
|
437 |
Automatic Classification of Full- and Reduced-Lead Electrocardiograms Using Morphological Feature ExtractionHammer, Alexander, Scherpf, Matthieu, Ernst, Hannes, Weiß, Jonas, Schwensow, Daniel, Schmidt, Martin 26 August 2022 (has links)
Cardiovascular diseases are the global leading cause of death. Automated electrocardiogram (ECG) analysis can support clinicians to identify abnormal excitation of the heart and prevent premature cardiovascular death. An explainable classification is particularly important for support systems. Our contribution to the PhysioNet/CinC Challenge 2021 (team name: ibmtPeakyFinders) therefore pursues an approach that is based on interpretable features to be as explainable as possible. To meet the challenge goal of developing an algorithm that works for both 12-lead and reduced lead ECGs, we processed each lead separately. We focused on signal processing techniques based on template delineation that yield the template's fiducial points to take the ECG waveform morphology into account. In addition to beat intervals and amplitudes obtained from the template, various heart rate variability and QT interval variability features were extracted and supplemented by signal quality indices. Our classification approach utilized a decision tree ensemble in a one-vs-rest approach. The model parameters were determined using an extensive grid search. Our approach achieved challenge scores of 0.47, 0.47, 0.34, 0.40, and 0.41 on hidden 12-, 6-, 4-, 3-, and 2-lead test sets, respectively, which corresponds to the ranks 12, 10, 23, 18, and 16 out of 39 teams.
|
438 |
Digital Signal Characterization for Seizure Detection Using Frequency Domain AnalysisLi, Jing January 2021 (has links)
Nowadays, a significant proportion of the population in the world is affected by cerebral diseases like epilepsy. In this study, frequency domain features of electroencephalography (EEG) signals were studied and analyzed, with a view being able to detect epileptic seizures more easily. The power spectrum and spectrogram were determined by using fast fourier transform (FFT) and the scalogram was found by performing continuous wavelet transform (CWT) on the testing EEG signal. In addition, two schemes, i.e. method 1 and method 2, were implemented for detecting epileptic seizures and the applicability of the two methods to electrocardiogram (ECG) signals were tested. A third method for anomaly detection in ECG signals was tested. / En signifikant del av population påverkas idag av neurala sjukdomar som epilepsi. I denna studie studerades och analyserades egenskaper inom frekvensdomänen av elektroencefalografi (EEG), med sikte på att lättare kunna upptäcka epileptiska anfall. Effektspektrumet och spektrogramet bestämdes med hjälp av en snabb fouriertransform och skalogrammet hittades genom att genomföra en kontinuerlig wavelet transform (CWT) på testsignalen från EEGsignalen. I addition till detta skapades två system, metod 1 och metod 2, som implementerades för att upptäcka epileptiska anfall. Användbarheten av dessa två metoder inom elektrokardiogramsignaler (ECG) testades. En tredje metod för anomalidetektering i ECGsignaler testades.
|
439 |
Detecting Anomalous Behavior in Radar DataRook, Jayson Carr 01 June 2021 (has links)
No description available.
|
440 |
Anomaly detection with machine learning methods at ForsmarkSjögren, Simon January 2023 (has links)
Nuclear power plants are inherently complex systems. While the technology has been used to generate electrical power for many decades, process monitoring continuously evolves. There is always room for improvement in terms of maximizing the availability by reducing the risks of problems and errors. In this context, automated monitoring systems have become important tools – not least with the rapid progress being made in the field of data analytics thanks to ever increasing amounts of processing power. There are many different types of models that can be utilized for identifying anomalies. Some rely on physical properties and theoretical relations, while others rely more on the patterns of historical data. In this thesis, a data-driven approach using a hierarchical autoencoder framework has been developed for the purposes of anomaly detection at the Swedish nuclear power plant Forsmark. The model is first trained to recognize normal operating conditions. The trained model then creates reference values and calculates the deviations in relation to real data in order to identify any issues. This proof-of-concept has been evaluated and benchmarked against a currently used hybrid model with more physical modeling properties in order to identify benefits and drawbacks. Generally speaking, the created model has performed in line with expectations. The currently used tool is more flexible in its understanding of different plant states and is likely better at determining root causes thanks to its physical modeling properties. However, the created autoencoder framework does bring other advantages. For instance, it allows for a higher time resolution thanks to its relatively low calculation intensity. Additionally, thanks to its purely data-driven characteristics, it offers great opportunities for future reconfiguration and adaptation with different signal selections.
|
Page generated in 0.1442 seconds