NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 335
  • 18
  • 17
  • 17
  • 15
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 494
  • 494
  • 219
  • 218
  • 163
  • 139
  • 116
  • 91
  • 81
  • 75
  • 71
  • 70
  • 63
  • 62
  • 62
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 81 to 90 of 494 (0.062 seconds)
81

Detecting Anomalies in Dynamic Attributed Graphs: An Unsupervised Learning Approach

Hamilton, Austin 01 December 2024 (has links) (PDF)
Dynamic attributed graphs, which evolve over time and hold node-specific attributes, are essential in fields like social network analysis, where anomalous node detection is a growing area. Vehicular social networks (VSNs), a subset of these graphs, are ad hoc networks in which vehicles exchange data with one another and with infrastructure. In this dynamic context, identifying anomalous nodes is challenging but crucial for maintaining trust within the network. This work presents an unsupervised deep learning approach for anomalous node detection in VSNs. This model achieved an accuracy of 71% while detecting synthetic anomalies in a simulated network based on real-world data. This approach demonstrates the potential of unsupervised methods for reliable anomaly detection in scenarios where traditional classification proves difficult or impractical.
Deep Learning
Anomaly Detection
Dynamic Attributed Graph
Artificial Intelligence and Robotics
82

The Cauchy-Net Mixture Model for Clustering with Anomalous Data

Slifko, Matthew D. 11 September 2019 (has links)
We live in the data explosion era. The unprecedented amount of data offers a potential wealth of knowledge but also brings about concerns regarding ethical collection and usage. Mistakes stemming from anomalous data have the potential for severe, real-world consequences, such as when building prediction models for housing prices. To combat anomalies, we develop the Cauchy-Net Mixture Model (CNMM). The CNMM is a flexible Bayesian nonparametric tool that employs a mixture between a Dirichlet Process Mixture Model (DPMM) and a Cauchy distributed component, which we call the Cauchy-Net (CN). Each portion of the model offers benefits, as the DPMM eliminates the limitation of requiring a fixed number of a components and the CN captures observations that do not belong to the well-defined components by leveraging its heavy tails. Through isolating the anomalous observations in a single component, we simultaneously identify the observations in the net as warranting further inspection and prevent them from interfering with the formation of the remaining components. The result is a framework that allows for simultaneously clustering observations and making predictions in the face of the anomalous data. We demonstrate the usefulness of the CNMM in a variety of experimental situations and apply the model for predicting housing prices in Fairfax County, Virginia. / Doctor of Philosophy / We live in the data explosion era. The unprecedented amount of data offers a potential wealth of knowledge but also brings about concerns regarding ethical collection and usage. Mistakes stemming from anomalous data have the potential for severe, real-world consequences, such as when building prediction models for housing prices. To combat anomalies, we develop the Cauchy-Net Mixture Model (CNMM). The CNMM is a flexible tool for identifying and isolating the anomalies, while simultaneously discovering cluster structure and making predictions among the nonanomalous observations. The result is a framework that allows for simultaneously clustering and predicting in the face of the anomalous data. We demonstrate the usefulness of the CNMM in a variety of experimental situations and apply the model for predicting housing prices in Fairfax County, Virginia.
Bayesian Nonparametrics
Dirichlet Process Mixture Model
Clustering
Anomaly Detection
83

Characterization of Laminated Magnetoelectric Vector Magnetometers to Assess Feasibility for Multi-Axis Gradiometer Configurations

Berry, David 29 December 2010 (has links)
Wide arrays of applications exist for sensing systems capable of magnetic field detection. A broad range of sensors are already used in this capacity, but future sensors need to increase sensitivity while remaining economical. A promising sensor system to meet these requirements is that of magnetoelectric (ME) laminates. ME sensors produce an electric field when a magnetic field is applied. While this ME effect exists to a limited degree in single phase materials, it is more easily achieved by laminating a magnetostrictive material, which deforms when exposed to a magnetic field, to a piezoelectric material. The transfer of strain from the magnetostrictive material to the piezoelectric material results in an electric field proportional to the induced magnetic field. Other fabrication techniques may impart the directionality needed to classify the ME sensor as a vector magnetometer. ME laminate sensors are more affordable to fabricate than competing vector magnetometers and with recent increases in sensitivity, have potential for use in arrays and gradiometer configurations. However, little is known about their total field detection, the effects of multiple sensors in close proximity and the signal processing needed for target localization. The goal for this project is to closely examine the single axis ME sensor response in different orientations with a moving magnetic dipole to assess the field detection capabilities. Multiple sensors were tested together to determine if the response characteristics are altered by the DC magnetic bias of ME sensors in close proximity. And finally, the ME sensor characteristics were compared to alternate vector magnetometers. / Master of Science
localization
magnetic anomaly detection
magnetoelectric laminates
vector magnetometer
84

Program Anomaly Detection Against Data-Oriented Attacks

Cheng, Long 29 August 2018 (has links)
Memory-corruption vulnerability is one of the most common attack vectors used to compromise computer systems. Such vulnerabilities could lead to serious security problems and would remain an unsolved problem for a long time. Existing memory corruption attacks can be broadly classified into two categories: i) control-flow attacks and ii) data-oriented attacks. Though data-oriented attacks are known for a long time, the threats have not been adequately addressed due to the fact that most previous defense mechanisms focus on preventing control-flow exploits. As launching a control-flow attack becomes increasingly difficult due to many deployed defenses against control-flow hijacking, data-oriented attacks are considered an appealing attack technique for system compromise, including the emerging embedded control systems. To counter data-oriented attacks, mitigation techniques such as memory safety enforcement and data randomization can be applied in different stages over the course of an attack. However, attacks are still possible because currently deployed defenses can be bypassed. This dissertation explores the possibility of defeating data-oriented attacks through external monitoring using program anomaly detection techniques. I start with a systematization of current knowledge about exploitation techniques of data-oriented attacks and the applicable defense mechanisms. Then, I address three research problems in program anomaly detection against data-oriented attacks. First, I address the problem of securing control programs in Cyber-Physical Systems (CPS) against data-oriented attacks. I describe a new security methodology that leverages the event-driven nature in characterizing CPS control program behaviors. By enforcing runtime cyber-physical execution semantics, our method detects data-oriented exploits when physical events are inconsistent with the runtime program behaviors. Second, I present a statistical program behavior modeling framework for frequency anomaly detection, where frequency anomaly is the direct consequence of many non-control-data attacks. Specifically, I describe two statistical program behavior models, sFSA and sCFT, at different granularities. Our method combines the local and long-range models to improve the robustness against data-oriented attacks and significantly increase the difficulties that an attack bypasses the anomaly detection system. Third, I focus on defending against data-oriented programming (DOP) attacks using Intel Processor Trace (PT). DOP is a recently proposed advanced technique to construct expressive non-control data exploits. I first demystify the DOP exploitation technique and show its complexity and rich expressiveness. Then, I design and implement the DeDOP anomaly detection system, and demonstrate its detection capability against the real-world ProFTPd DOP attack. / Ph. D. / Memory-corruption vulnerability is one of the most common attack vectors used to compromise computer systems. Such vulnerabilities could lead to serious security problems and would remain an unsolved problem for a long time. This is because low-level memory-unsafe languages (e.g., C/C++) are still in use today for interoperability and speed performance purposes, and remain common sources of security vulnerabilities. Existing memory corruption attacks can be broadly classified into two categories: i) control-flow attacks that corrupt control data (e.g., return address or code pointer) in the memory space to divert the program’s control-flow; and ii) data-oriented attacks that target at manipulating non-control data to alter a program’s benign behaviors without violating its control-flow integrity. Though data-oriented attacks are known for a long time, the threats have not been adequately addressed due to the fact that most previous defense mechanisms focus on preventing control-flow exploits. As launching a control-flow attack becomes increasingly difficult due to many deployed defenses against control-flow hijacking, data-oriented attacks are considered an appealing attack technique for system compromise, including the emerging embedded control systems. To counter data-oriented attacks, mitigation techniques such as memory safety enforcement and data randomization can be applied in different stages over the course of an attack. However, attacks are still possible because currently deployed defenses can be bypassed. This dissertation explores the possibility of defeating data-oriented attacks through external monitoring using program anomaly detection techniques. I start with a systematization of current knowledge about exploitation techniques of data-oriented attacks and the applicable defense mechanisms. Then, I address three research problems in program anomaly detection against data-oriented attacks. First, I address the problem of securing control programs in Cyber-Physical Systems (CPS) against data-oriented attacks. The key idea is to detect subtle data-oriented exploits in CPS when physical events are inconsistent with the runtime program behaviors. Second, I present a statistical program behavior modeling framework for frequency anomaly detection, where frequency anomaly is often consequences of many non-control-data attacks. Our method combines the local and long-range models to improve the robustness against data-oriented attacks and significantly increase the difficulties that an attack bypasses the anomaly detection system. Third, I focus on defending against data-oriented programming (DOP) attacks using Intel Processor Trace (PT). I design and implement the DEDOP anomaly detection system, and demonstrate its detection capability against the real-world DOP attack.
Program Anomaly Detection
Data-Oriented Attacks
Cyber-Physical Systems
85

Extensions to Radio Frequency Fingerprinting

Andrews, Seth Dixon 05 December 2019 (has links)
Radio frequency fingerprinting, a type of physical layer identification, allows identifying wireless transmitters based on their unique hardware. Every wireless transmitter has slight manufacturing variations and differences due to the layout of components. These are manifested as differences in the signal emitted by the device. A variety of techniques have been proposed for identifying transmitters, at the physical layer, based on these differences. This has been successfully demonstrated on a large variety of transmitters and other devices. However, some situations still pose challenges: Some types of fingerprinting feature are very dependent on the modulated signal, especially features based on the frequency content of a signal. This means that changes in transmitter configuration such as bandwidth or modulation will prevent wireless fingerprinting. Such changes may occur frequently with cognitive radios, and in dynamic spectrum access networks. A method is proposed to transform features to be invariant with respect to changes in transmitter configuration. With the transformed features it is possible to re-identify devices with a high degree of certainty. Next, improving performance with limited data by identifying devices using observations crowdsourced from multiple receivers is examined. Combinations of three types of observations are defined. These are combinations of fingerprinter output, features extracted from multiple signals, and raw observations of multiple signals. Performance is demonstrated, although the best method is dependent on the feature set. Other considerations are considered, including processing power and the amount of data needed. Finally, drift in fingerprinting features caused by changes in temperature is examined. Drift results from gradual changes in the physical layer behavior of transmitters, and can have a substantial negative impact on fingerprinting. Even small changes in temperature are found to cause drift, with the oscillator as the primary source of this drift (and other variation) in the fingerprints used. Various methods are tested to compensate for these changes. It is shown that frequency based features not dependent on the carrier are unaffected by drift, but are not able to distinguish between devices. Several models are examined which can improve performance when drift is present. / Doctor of Philosophy / Radio frequency fingerprinting allows uniquely identifying a transmitter based on characteristics of the signal it emits. In this dissertation several extensions to current fingerprinting techniques are given. Together, these allow identification of transmitters which have changed the signal sent, identifying using different measurement types, and compensating for variation in a transmitter's behavior due to changes in temperature.
Device Fingerprinting
Physical layer identification
transfer learning
anomaly detection
86

Robust Bayesian Anomaly Detection Methods for Large Scale Sensor Systems

Merkes, Sierra Nicole 12 September 2022 (has links)
Sensor systems, such as modern wind tunnels, require continual monitoring to validate their quality, as corrupted data will increase both experimental downtime and budget and lead to inconclusive scientific and engineering results. One approach to validate sensor quality is monitoring individual sensor measurements' distribution. Although, in general settings, we do not know how to correct measurements should be distributed for each sensor system. Instead of monitoring sensors individually, our approach relies on monitoring the co-variation of the entire network of sensor measurements, both within and across sensor systems. That is, by monitoring how sensors behave, relative to each other, we can detect anomalies expeditiously. Previous monitoring methodologies, such as those based on Principal Component Analysis, can be heavily influenced by extremely outlying sensor anomalies. We propose two Bayesian mixture model approaches that utilize heavy-tailed Cauchy assumptions. First, we propose a Robust Bayesian Regression, which utilizes a scale-mixture model to induce a Cauchy regression. Second, we extend elements of the Robust Bayesian Regression methodology using additive mixture models that decompose the anomalous and non-anomalous sensor readings into two parametric compartments. Specifically, we use a non-local, heavy-tailed Cauchy component for isolating the anomalous sensor readings, which we refer to as the Modified Cauchy Net. / Doctor of Philosophy / Sensor systems, such as modern wind tunnels, require continual monitoring to validate their quality, as corrupted data will increase both experimental downtime and budget and lead to inconclusive scientific and engineering results. One approach to validate sensor quality is monitoring individual sensor measurements' distribution. Although, in general settings, we do not know how to correct measurements should be distributed for each sensor system. Instead of monitoring sensors individually, our approach relies on monitoring the co-variation of the entire network of sensor measurements, both within and across sensor systems. That is, by monitoring how sensors behave, relative to each other, we can detect anomalies expeditiously. We proposed two Bayesian monitoring approaches called the Robust Bayesian Regression and Modified Cauchy Net, which provide flexible, tunable models for detecting anomalous sensors with the historical data containing anomalous observations.
Anomaly Detection
Bayesian
Mixture Models
Process Control
Wind Tunne
87

Anomaly detection with extreme value and uncertainty considerations

Dudgeon, Shelby Hart 13 December 2024 (has links) (PDF)
This dissertation examines a method for detecting clusters in financial loan amount data. After a literature review of scan statistics, order statistics, and extreme value theory, this study introduces a method that uses a scan statistic approach for anomaly detection, along with a tuning parameter that can help with any model uncertainty that may appear. Once these methods are applied on the lower tail on the financial data and clusters are detected, the methods are then extended and modified to get a better handle on the upper tail of the data. The upper tail is first fit by using a peaks-over-threshold approach. The data in the upper tail is then transformed to the generalized Pareto CDF transform, and the scan-based method is applied to the transformed data to identify anomalous loan amounts in the upper tail. These methods were put to a case study and used on two different banks that participated in the Paycheck Protection Program, a program that was previously linked with misreporting and fraud.
88

Implementation of Machine Learning algorithms on PLCnext Technology platform

Van Dessel, Michel, Jacobs, Marc 25 February 2025 (has links)
In a master’s degree project, the end goal was to build an experiment setup to demonstrate the capabilities of the PLCnext controller introduced by Phoenix Contact in 2018. Various options for the setup design were considered, leading to a setup where the controller performs anomaly detection using machine learning models. A test setup in which anomalies can be introduced has been built. The test stand is a mechanical assembly composed of a crankshaft and sliding block. The crank shaft is driven by a 24V DC motor, and the sliding block is mechanically loaded by an adjustable hydraulic damper. The following anomalies can be introduced in this machine: deviation in the voltage level for the drive motor, increased level of friction in the damper, clearance in the sliding block out of design limits. In operation the slider-crankshaft mechanism causes a time-periodic variation of the motor current. The parameters of this waveform can be analysed for a setup operating in either nominal or abnormal conditions. The anomalies listed above affect the motor torque. Since the torque of a DC motor is directly proportional to its current, each anomaly can be detected from current measurement. All data from the current sensor is stored in working memory of the controller. This measured data is labelled to be transformed into a database. The data obtained when the setup operates without producing errors is labelled as normal data. The data obtained with an anomaly introduced in the system is labelled as anomaly data. A machine learning model can then be trained to label future unknown data as normal data or anomaly data.
89

Improving internet security via large-scale passive and active dns monitoring

Antonakakis, Emmanouil Konstantinos 04 June 2012 (has links)
The Domain Name System (DNS) is a critical component of the Internet. DNS provides the ability to map human-readable and memorable domain names to machine-level IP addresses and other records. These mappings lie at the heart of the Internet's success and are essential for the majority of core Internet applications and protocols. The critical nature of DNS means that it is often the target of abuse. Cyber-criminals rely heavily upon the reliability and scalability of the DNS protocol to serve as an agile platform for their illicit operations. For example, modern malware and Internet fraud techniques rely upon DNS to locate their remote command-and-control (C&C) servers through which new commands from the attacker are issued, serve as exfiltration points for information stolen from the victims' computers, and to manage subsequent updates to their malicious toolset. The research described in this thesis scientifically addresses problems in the area of DNS-based detection of illicit operations. In detail, this research studies new methods to quantify and track dynamically changing reputations for DNS based on passive network measurements. The research also investigates methods for the creation of early warning systems for DNS. These early warning systems enables the research community to identify emerging threats (e.g., new botnets and malware infections) across the DNS hierarchy in a timelier manner.
Anomaly detection
DNS monitoring
Internet security
Internet Management
Anomaly detection (Computer security)
Computer security
Malware (Computer software)
90

Detecting Non-Natural Objects in a Natural Environment using Generative Adversarial Networks with Stereo Data

Gehlin, Nils, Antonsson, Martin January 2020 (has links)
This thesis investigates the use of Generative Adversarial Networks (GANs) for detecting images containing non-natural objects in natural environments and if the introduction of stereo data can improve the performance. The state-of-the-art GAN-based anomaly detection method presented by A. Berget al. in [5] (BergGAN) was the base of this thesis. By modifiying BergGAN to not only accept three channel input, but also four and six channel input, it was possible to investigate the effect of introducing stereo data in the method. The input to the four channel network was an RGB image and its corresponding disparity map, and the input to the six channel network was a stereo pair consistingof two RGB images. The three datasets used in the thesis were constructed froma dataset of aerial video sequences provided by SAAB Dynamics, where the scene was mostly wooded areas. The datasets were divided into training and validation data, where the latter was used for the performance evaluation of the respective network. The evaluation method suggested in [5] was used in the thesis, where each sample was scored on the likelihood of it containing anomalies, Receiver Operating Characteristics (ROC) analysis was then applied and the area under the ROC-curve was calculated. The results showed that BergGAN was successfully able to detect images containing non-natural objects in natural environments using the dataset provided by SAAB Dynamics. The adaption of BergGAN to also accept four and six input channels increased the performance of the method, showing that there is information in stereo data that is relevant for GAN-based anomaly detection. There was however no substantial performance difference between the network trained with two RGB images versus the one trained with an RGB image and its corresponding disparity map.
deep learning
anomaly detection
GAN
BergGAN
pGAN
stereo
non-natural objects
natural environment
multi-modal anomaly detection
Signal Processing
Signalbehandling

Page generated in 0.1322 seconds