Towards the improvement of machine learning peak runoff forecasting by exploiting ground- and satellite-based precipitation data: A feature engineering approach

La predicción de picos de caudal en sistemas montañosos complejos presenta desafíos en hidrología debido a la falta de datos y las limitaciones de los modelos físicos. El aprendizaje automático (ML) ofrece una solución al permitir la integración de técnicas y productos satelitales de precipitación (SPPs). Sin embargo, se ha debatido sobre la efectividad del ML debido a su naturaleza de "caja negra" que dificulta la mejora del rendimiento y la reproducibilidad de los resultados. Para abordar estas preocupaciones, se han propuesto estrategias de ingeniería de características (FE) para incorporar conocimiento físico en los modelos de ML, mejorando la comprensión y precisión de las predicciones. Esta investigación doctoral tiene como objetivo mejorar la predicción de picos de caudal mediante la integración de conceptos hidrológicos a través de técnicas de FE y el uso de datos de precipitación in-situ y SPPs. Se exploran técnicas y estrategias de ML para mejorar la precisión en sistemas hidrológicos macro y mesoescala. Además, se propone una estrategia de FE para aprovechar la información de SPPs y superar la escasez de datos espaciales y temporales. La integración de técnicas avanzadas de ML y FE representa un avance en hidrología, especialmente para sistemas montañosos complejos con limitada o nula red de monitoreo. Los hallazgos de este estudio serán valiosos para tomadores de decisiones e hidrólogos, facilitando la mitigación de los impactos de los picos de caudal. Además, las metodologías desarrolladas se pueden adaptar a otros sistemas de macro y mesoescala, beneficiando a la comunidad científica en general.Peak runoff forecasting in complex mountain systems poses significant challenges in hydrology due to limitations in traditional physically-based models and data scarcity. However, the integration of machine learning (ML) techniques offers a promising solution by balancing computational efficiency and enabling the incorporation of satellite precipitation products (SPPs). However, debates have emerged regarding the effectiveness of ML in hydrology, as its black-box nature lacks explicit representation of hydrological processes, hindering performance improvement and result reproducibility. To address these concerns, recent studies emphasize the inclusion of FE strategies to incorporate physical knowledge into ML models, enabling a better understanding of the system and improved forecasting accuracy. This doctoral research aims to enhance the effectiveness of ML in peak runoff forecasting by integrating hydrological concepts through FE techniques, utilizing both ground-based and satellite-based precipitation data. For this, we explore ML techniques and strategies to enhance accuracy in complex macro- and mesoscale hydrological systems. Additionally, we propose a FE strategy for a proper utilization of SPP information which is crucial for overcoming spatial and temporal data scarcity. The integration of advanced ML techniques and FE represents a significant advancement in hydrology, particularly for complex mountain systems with limited or inexistent monitoring networks. The findings of this study will provide valuable insights for decision-makers and hydrologists, facilitating effective mitigation of the impacts of peak runoffs. Moreover, the developed methodologies can be adapted to other macro- and meso-scale systems, with necessary adjustments based on available data and system-specific characteristics, thus benefiting the broader scientific community.0000-0002-7683-37680000-0002-6206-075XDoctor (PhD) en Recursos HídricosCuenc

Intelligent feature selection using particle swarm optimization algorithm with a decision tree for DDoS attack detection

The explosive development of information technology is increasingly rising cyber-attacks. Distributed denial of service (DDoS) attack is a malicious threat to the modern cyber-security world, which causes performance disruption to the network servers. It is a pernicious type of attack that can forward a large amount of traffic to damage one or all target’s resources simultaneously and prevents authenticated users from accessing network services. The paper aims to select the least number of relevant DDoS attack detection features by designing an intelligent wrapper feature selection model that utilizes a binary-particle swarm optimization algorithm with a decision tree classifier. In this paper, the Binary-particle swarm optimization algorithm is used to resolve discrete optimization problems such as feature selection and decision tree classifier as a performance evaluator to evaluate the wrapper model’s accuracy using the selected features from the network traffic flows. The model’s intelligence is indicated by selecting 19 convenient features out of 76 features of the dataset. The experiments were accomplished on a large DDoS dataset. The optimal selected features were evaluated with different machine learning algorithms by performance measurement metrics regarding the accuracy, Recall, Precision, and F1-score to detect DDoS attacks. The proposed model showed a high accuracy rate by decision tree classifier 99.52%, random forest 96.94%, and multi-layer perceptron 90.06 %. Also, the paper compares the outcome of the proposed model with previous feature selection models in terms of performance measurement metrics. This outcome will be useful for improving DDoS attack detection systems based on machine learning algorithms. It is also probably applied to other research topics such as DDoS attack detection in the cloud environment and DDoS attack mitigation systems

An intrusion detection system for packet and flow based networks using deep neural network approach

Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest data set available at online, formatted with packet based, flow based data and some additional metadata. The data set is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multi-class classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature

MP-CFM: MPTCP-Based communication functional module for next generation ERTMS

184 p. El contenido de los capítulos 4,5,6,7,8 y 9 está sujeto a confidencialidadEl Sistema Europeo de Gestión del Tráfico Ferroviario (ERTMS, por sus siglasen inglés), fue originalmente diseñado para los ferrocarriles europeos. Sinembargo, a lo largo de las dos últimas décadas, este sistema se ha convertidoen el estándar de-facto para los servicios de Alta Velocidad en la mayoría depaíses desarrollados.El sistema ERTMS se compone de tres subsistemas principales: 1) el Sistemade Control Ferroviario Europeo (ETCS, por sus siglas en inglés), que actúacomo aplicación de señalización; 2) el sistema Euroradio, que a su vez estádividido en dos subsistemas, el Módulo de Seguridad Funcional (SFM, porsus siglas en inglés), y el Módulo de Comunicación Funcional (CFM, porsus siglas en inglés); y 3) el sistema de comunicaciones subyacente, GSM-R,que transporta la información intercambiada entre el sistema embarcado enel tren (OBU, por sus siglas en inglés) y el Centro de Bloqueo por Radio(RBC, por sus siglas en inglés). El sistema de señalización ETCS soporta tresniveles dependiendo del nivel de prestaciones soportadas. En el nivel 3 seintroduce la posibilidad de trabajar con bloques móviles en lugar de bloquesfijos definidos en la vía. Esto implica que la distancia de avance entre dos trenesconsecutivos puede ser reducida a una distancia mínima en la que se garanticela seguridad del servicio, aumentando por tanto la capacidad del corredorferroviario. Esta distancia de seguridad viene determinada por la combinaciónde la distancia de frenado del tren y el retraso de las comunicaciones deseñalización. Por lo tanto, se puede afirmar que existe una relación directaentre los retrasos y la confiabilidad de las transmisiones de las aplicaciones deseñalización y la capacidad operacional de un corredor ferroviario. Así pues,el estudio y mejora de los sistemas de comunicaciones utilizados en ERTMSjuegan un papel clave en la evolución del sistema ERTMS. Asimismo, unaoperatividad segura en ERTMS, desde el punto de vista de las comunicacionesimplicadas en la misma, viene determinada por la confiabilidad de lascomunicaciones, la disponibilidad de sus canales de comunicación, el retrasode las comunicaciones y la seguridad de sus mensajes.Unido este hecho, la industria ferroviaria ha venido trabajando en ladigitalización y la transición al protocolo IP de la mayor parte de los sistemasde señalización. Alineado con esta tendencia, el consorcio industrial UNISIGha publicado recientemente un nuevo modelo de comunicaciones para ERTMSque incluye la posibilidad, no solo de operar con el sistema tradicional,basado en tecnología de conmutación de circuitos, sino también con un nuevosistema basado en IP. Esta tesis está alineada con el contexto de migraciónactual y pretende contribuir a mejorar la disponibilidad, confiabilidad yseguridad de las comunicaciones, tomando como eje fundamental los tiemposde transmisión de los mensajes, con el horizonte puesto en la definición deuna próxima generación de ERTMS, definida en esta tesis como NGERTMS.En este contexto, se han detectado tres retos principales para reforzar laresiliencia de la arquitectura de comunicaciones del NGERTMS: 1) mejorarla supervivencia de las comunicaciones ante disrupciones; 2) superar laslimitaciones actuales de ERTMS para enviar mensajes de alta prioridad sobretecnología de conmutación de paquetes, dotando a estos mensajes de un mayorgrado de resiliencia y menor latencia respecto a los mensajes ordinarios; y3) el aumento de la seguridad de las comunicaciones y el incremento de ladisponibilidad sin que esto conlleve un incremento en la latencia.Considerando los desafíos previamente descritos, en esta tesis se proponeuna arquitectura de comunicaciones basada en el protocolo MPTCP, llamadaMP-CFM, que permite superar dichos desafíos, a la par que mantener laretrocompatibilidad con el sistema de comunicaciones basado en conmutaciónde paquetes recientemente propuesto por UNISIG. Hasta el momento, esta esla primera vez que se propone una arquitectura de comunicaciones completacapaz de abordar los desafíos mencionados anteriormente. Esta arquitecturaimplementa cuatro tipos de clase de servicio, los cuales son utilizados porlos paquetes ordinarios y de alta prioridad para dos escenarios distintos; unescenario en el que ambos extremos, el sistema embarcado o OBU y el RBC,disponen de múltiples interfaces de red; y otro escenario transicional en el cualel RBC sí tiene múltiples interfaces de red pero el OBU solo dispone de unaúnica interfaz. La arquitectura de comunicaciones propuesta para el entornoferroviario ha sido validada mediante un entorno de simulación desarrolladopara tal efecto. Es más, dichas simulaciones demuestran que la arquitecturapropuesta, ante disrupciones de canal, supera con creces en términos derobustez el sistema diseñado por UNISIG. Como conclusión, se puede afirmarque en esta tesis se demuestra que una arquitectura de comunicaciones basadade MPTCP cumple con los exigentes requisitos establecidos para el NGERTMSy por tanto dicha propuesta supone un avance en la evolución del sistema deseñalización ferroviario europeo

Performance Evaluation and Validation of Intelligent Security Mechanism in Software Defined Network

Network attacks are discovered using intrusion detection systems (IDS), one of the most crucial security solutions. Machine learning techniques-based intrusion detection approaches have been rapidly created as a result of the widespread use of standard machine learning algorithms in the security field. Unfortunately, as technology has advanced and there have been faults in the machine learning-based intrusion detection system, the system has consistently failed to fulfill the standards for cyber security. Generative adversarial networks (GANs) have drawn a lot of interest recently and have been utilized widely in anomaly detection due to their enormous capacity for learning difficult high-dimensional real time data distribution. Traditional machine learning algorithms for intrusion detection have a number of drawbacks that deep learning techniques can significantly mitigate. With the help of a real time dataset, this work suggests employing GANs and its variants to detect network intrusions in SDN. The feasibility and comparison results are also presented. For different kinds of datasets, the BiGAN outcomes outperform the GAN

IoT-HASS: A Framework For Protecting Smart Home Environment

While many solutions have been proposed for smart home security, the problem that no single solution fully protects the smart home environment still exists. In this research we propose a security framework to protect the smart home environment. The proposed framework includes three engines that complement each other to protect the smart home IoT devices. The first engine is an IDS/IPS module that monitors all traffic in the home network and then detects, alerts users, and/or blocks packets using anomaly-based detection. The second engine works as a device management module that scans and verifies IoT devices in the home network, allowing the user to flag any suspect device. The third engine works as a privacy monitoring module that monitors and detects information transmitted in plaintext and alerts the user if such information is detected. We call the proposed system IoT-Home Advanced Security System or IoT-HASS for short. IoT-HASS was developed using Python 3 and can be implemented in two modes of operation. The in-line mode allows the IoT-HASS to be installed in-line with the traffic inside a Raspberry Pi or a Router. In the in-line mode IoT-HASS acts as an IPS that can detect and block threats as well as alert the user. The second mode is the passive mode where IoT-HASS in not installed in-line with the traffic and can act as an IDS that passively monitors the traffic, detecting threats and alerting the user, but not blocking the attack. IoT-HASS was evaluated via four testing scenarios. It demonstrated superior performance in all testing scenarios in detecting attacks such as DDoS attacks, Brute Force Attacks, and Cross Site Scripting (XSS) Attacks. In each of the four test scenarios, we also tested the device management functionality, which we found to successfully scan and display IoT devices for the homeowner. The extensive evaluating and testing of IoT-HASS showed that IoT-HASS can successfully run in a small device such as a Raspberry Pi, and thus, it will most likely run in an embedded device as an IoT device. Our future research will concentrate on strengthening the current features of IoT-HASS to include additional functionalities

Automotive Cognitive Access: Towards customized vehicular communication system

The evolution of Software Defined Networking (SDN) and Virtualization of mobile Network Functions (NFV) have enabled the new ways of managing mobile access systems and are seen as a major technological foundation of the Fifth Generation (5G) of mobile networks. With the appearance of 5G specifications, the mobile system architecture has the transition from a network of entities to a network of functions. This paradigm shift led to new possibilities and challenges. Existing mobile communication systems rely on closed and inflexible hardware-based architectures both at the access and core network. It implies significant challenges in implementing new techniques to maximize the network capacity, scalability and increasing performance for diverse data services. This work focuses preliminary on the architectural evolutions needed to solve challenges perceived for the next generation of mobile networks. I consider Software defined plus Virtualization featured Mobile Network (S+ MN) architecture as a baseline reference model, aiming at the further improvements to support the access requirements for diverse user groups. I consider an important class of things, vehicles, which needs efficient mobile internet access at both the system and application levels. I identify and describe key requirements of emerging vehicular communications and assess existing standards to determine their limitations. To provide optimized wireless communications for the specific user group, the 5G systems come up with network slicing as a potential solution to create customized networks. Network slicing has the capability to facilitates dynamic and efficient allocation of network resources and support diverse service scenarios and services. A network slice can be broadly defined as an end-to-end logically isolated network that includes end devices as well as access and core network functions. To this effect, I describe the enhanced behaviour of S+ MN architecture for the collection of network resources and details the potential functional grouping provided by S+ MN architecture that paves the way to support automotive slicing. The proposed enhancements support seamless connection mobility addressing the automotive access use case highly mobile environment. I follow the distribution of gateway functions to solve the problem of unnecessary long routes and delays. Exploiting the open SDN capabilities, the proposed S+ NC is able to parallelize the execution of certain control plane messages thus enabling the signalling optimisation. Furthermore, it enables the (Re)selection of efficient data plane paths with implied upper-layer service continuity mechanisms that remove the chains of IP address preservation for session continuity during IP anchor relocation. An implementation setup validates the proposed evolutions, including its core functionalities implemented using the ns-3 network simulator. The proposed slicing scheme has been evaluated through a number of scenarios such as numbers of signalling messages processed by control entities for an intersystem handover procedure relative to current mobile network architecture. I also perform the performance improvement analysis based on simulation results. Furthermore, I experimentally prove the feasibility of using Multipath TCP for connection mobility in intersystem handover scenario. The experiments run over the Linux Kernel implementation of Multipath TCP developed over the last years. I extend the Multipath TCP path management to delegates the management of the data paths according to the application needs. The implementation results have shown that the proposed S+ MN slicing architecture and enhancements achieve benefits in multiple areas, for example improving the mobility control and management, maintaining QoS, smooth handover, session continuity and efficient slice management and orchestration

QoE-Centric Control and Management of Multimedia Services in Software Defined and Virtualized Networks

Multimedia services consumption has increased tremendously since the deployment of 4G/LTE networks. Mobile video services (e.g., YouTube and Mobile TV) on smart devices are expected to continue to grow with the emergence and evolution of future networks such as 5G. The end user’s demand for services with better quality from service providers has triggered a trend towards Quality of Experience (QoE) - centric network management through efficient utilization of network resources. However, existing network technologies are either unable to adapt to diverse changing network conditions or limited in available resources. This has posed challenges to service providers for provisioning of QoE-centric multimedia services. New networking solutions such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) can provide better solutions in terms of QoE control and management of multimedia services in emerging and future networks. The features of SDN, such as adaptability, programmability and cost-effectiveness make it suitable for bandwidth-intensive multimedia applications such as live video streaming, 3D/HD video and video gaming. However, the delivery of multimedia services over SDN/NFV networks to achieve optimized QoE, and the overall QoE-centric network resource management remain an open question especially in the advent development of future softwarized networks. The work in this thesis intends to investigate, design and develop novel approaches for QoE-centric control and management of multimedia services (with a focus on video streaming services) over software defined and virtualized networks. First, a video quality management scheme based on the traffic intensity under Dynamic Adaptive Video Streaming over HTTP (DASH) using SDN is developed. The proposed scheme can mitigate virtual port queue congestion which may cause buffering or stalling events during video streaming, thus, reducing the video quality. A QoE-driven resource allocation mechanism is designed and developed for improving the end user’s QoE for video streaming services. The aim of this approach is to find the best combination of network node functions that can provide an optimized QoE level to end-users through network node cooperation. Furthermore, a novel QoE-centric management scheme is proposed and developed, which utilizes Multipath TCP (MPTCP) and Segment Routing (SR) to enhance QoE for video streaming services over SDN/NFV-based networks. The goal of this strategy is to enable service providers to route network traffic through multiple disjointed bandwidth-satisfying paths and meet specific service QoE guarantees to the end-users. Extensive experiments demonstrated that the proposed schemes in this work improve the video quality significantly compared with the state-of-the- art approaches. The thesis further proposes the path protections and link failure-free MPTCP/SR-based architecture that increases survivability, resilience, availability and robustness of future networks. The proposed path protection and dynamic link recovery scheme achieves a minimum time to recover from a failed link and avoids link congestion in softwarized networks

Modelling users in networks with path choice: four studies in telecommunications and transit

Networks of interacting users arise in many important modelling applications. Commuters interact with each other and form traffic jams during peak-time. Network protocols are users in a communication network that control sending rate and server choice. When protocols send with too high rates, network links get overloaded resulting in lost data and high delays. Although these two example users seem very different, they are similar on a conceptual modelling level. Accurate user models are essential to study complex interactions in networks. The behaviour of a user with access to different paths in a network can be modelled as an optimisation problem. Users who choose paths with the highest utility are common in many different application areas, for example road traffic, Internet protocol modelling, and general societal networks, i.e. networks of humans in everyday life. Optimisation-based user models are also attractive from the perspective of a modeller since they often allow the derivation of insights about the behaviour of the entire system by only describing a user model. The aim of this thesis is to show, in four practical studies from telecommunications and transit networks, where optimisation-based models have limitations when modelling users with path choice. We study users who have access to a limited number of paths in large scale data centers and investigate how many paths per user are realistically needed in order to get high throughput in the network. In multimedia streaming, we study a protocol that streams data on multiple paths and path properties matter. We also investigate complex energy models for data interfaces on mobile phones and evaluate how to switch interfaces to save energy. Finally, we analyse a long-term data set from 20,000 transit commuters and give insights on how they change their travel behaviour in response to incentives and targeted offers. We use tools from optimisation, simulation, and statistics to evaluate the four studies and point out problems we faced when modelling and implementing the system. The findings of this thesis indicate where user models need to be extended in order to be of practical use. The results can serve as a guide towards better user models for future modelling applications