AI-enabled modeling and monitoring of data-rich advanced manufacturing systems

The infrastructure of cyber-physical systems (CPS) is based on a meta-concept of cybermanufacturing systems (CMS) that synchronizes the Industrial Internet of Things (IIoTs), Cloud Computing, Industrial Control Systems (ICSs), and Big Data analytics in manufacturing operations. Artificial Intelligence (AI) can be incorporated to make intelligent decisions in the day-to-day operations of CMS. Cyberattack spaces in AI-based cybermanufacturing operations pose significant challenges, including unauthorized modification of systems, loss of historical data, destructive malware, software malfunctioning, etc. However, a cybersecurity framework can be implemented to prevent unauthorized access, theft, damage, or other harmful attacks on electronic equipment, networks, and sensitive data. The five main cybersecurity framework steps are divided into procedures and countermeasure efforts, including identifying, protecting, detecting, responding, and recovering. Given the major challenges in AI-enabled cybermanufacturing systems, three research objectives are proposed in this dissertation by incorporating cybersecurity frameworks. The first research aims to detect the in-situ additive manufacturing (AM) process authentication problem using high-volume video streaming data. A side-channel monitoring approach based on an in-situ optical imaging system is established, and a tensor-based layer-wise texture descriptor is constructed to describe the observed printing path. Subsequently, multilinear principal component analysis (MPCA) is leveraged to reduce the dimension of the tensor-based texture descriptor, and low-dimensional features can be extracted for detecting attack-induced alterations. The second research work seeks to address the high-volume data stream problems in multi-channel sensor fusion for diverse bearing fault diagnosis. This second approach proposes a new multi-channel sensor fusion method by integrating acoustics and vibration signals with different sampling rates and limited training data. The frequency-domain tensor is decomposed by MPCA, resulting in low-dimensional process features for diverse bearing fault diagnosis by incorporating a Neural Network classifier. By linking the second proposed method, the third research endeavor is aligned to recovery systems of multi-channel sensing signals when a substantial amount of missing data exists due to sensor malfunction or transmission issues. This study has leveraged a fully Bayesian CANDECOMP/PARAFAC (FBCP) factorization method that enables to capture of multi-linear interaction (channels × signals) among latent factors of sensor signals and imputes missing entries based on observed signals

Knowledge acquisition for autonomic network management in emerging self-organizing architectures

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Ingeniería del Software e Inteligencia Artificial, leída el 19/12/2018Los escenarios de red emergentes estan caracterizados por el acceso intensivo a una amplia gama de servicios y aplicaciones que han incrementado las exigencias de las redes de comunicacion. Los modelos de gestion de red tradicionales se han caracterizado a su vez por una alta dependencia del factor humano para llevar a cabo tareas de configuracion y mantenimiento de la red. Esta situacion se ha hecho menos sostenible en las redes moviles no solo por los costes operacionales y de inversion de capital asociados, sino tambien por la complejidad que estas han adquirido ante la inmersion exponencial de dispositivos moviles. Tales aspectos han motivado el surgimiento de la quinta generacion de redes moviles, caracterizadas por indicadores de desempeño ambiciosos que deben cumplirse para satisfacer los niveles de servicio acordados...Emerging network scenarios are characterized by intensive access to a wide range of services and applications that have increased the demands of communication networks. The traditional network management models have been characterized by a high dependence on the human factor to carry out network configuration and maintenance tasks. This situation has become less sustainable in mobile networks not only due to the associated operational (COPEX) and capital investment costs (CAPEX), but also due to the complexity they have acquired when facing the exponential immersion of mobile devices. These aspects have led to the emergence of the fifth generation of mobile networks, characterized by ambitious performance indicators that must be fulfilled to meet the agreed service levels...Fac. de InformáticaTRUEunpu

On the subspace learning for network attack detection

Tese (doutorado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2019.O custo com todos os tipos de ciberataques tem crescido nas organizações. A casa branca do goveno norte americano estima que atividades cibernéticas maliciosas custaram em 2016 um valor entre US$57 bilhões e US$109 bilhões para a economia norte americana. Recentemente, é possível observar um crescimento no número de ataques de negação de serviço, botnets, invasões e ransomware. A Accenture argumenta que 89% dos entrevistados em uma pesquisa acreditam que tecnologias como inteligência artificial, aprendizagem de máquina e análise baseada em comportamentos, são essenciais para a segurança das organizações. É possível adotar abordagens semisupervisionada e não-supervisionadas para implementar análises baseadas em comportamentos, que podem ser aplicadas na detecção de anomalias em tráfego de rede, sem a ncessidade de dados de ataques para treinamento. Esquemas de processamento de sinais têm sido aplicados na detecção de tráfegos maliciosos em redes de computadores, através de abordagens não-supervisionadas que mostram ganhos na detecção de ataques de rede e na detecção e anomalias. A detecção de anomalias pode ser desafiadora em cenários de dados desbalanceados, que são casos com raras ocorrências de anomalias em comparação com o número de eventos normais. O desbalanceamento entre classes pode comprometer o desempenho de algoritmos traficionais de classificação, através de um viés para a classe predominante, motivando o desenvolvimento de algoritmos para detecção de anomalias em dados desbalanceados. Alguns algoritmos amplamente utilizados na detecção de anomalias assumem que observações legítimas seguem uma distribuição Gaussiana. Entretanto, esta suposição pode não ser observada na análise de tráfego de rede, que tem suas variáveis usualmente caracterizadas por distribuições assimétricas ou de cauda pesada. Desta forma, algoritmos de detecção de anomalias têm atraído pesquisas para se tornarem mais discriminativos em distribuições assimétricas, como também para se tornarem mais robustos à corrupção e capazes de lidar com problemas causados pelo desbalanceamento de dados. Como uma primeira contribuição, foi proposta a Autosimilaridade (Eigensimilarity em inglês), que é uma abordagem baseada em conceitos de processamento de sinais com o objetivo de detectar tráfego malicioso em redes de computadores. Foi avaliada a acurácia e o desempenho da abordagem proposta através de cenários simulados e dos dados do DARPA 1998. Os experimentos mostram que Autosimilaridade detecta os ataques synflood, fraggle e varredura de portas com precisão, com detalhes e de uma forma automática e cega, i.e. em uma abordagem não-supervisionada. Considerando que a assimetria de distribuições de dados podem melhorar a detecção de anomalias em dados desbalanceados e assimétricos, como no caso de tráfego de rede, foi proposta a Análise Robusta de Componentes Principais baseada em Momentos (ARCP-m), que é uma abordagem baseada em distâncias entre observações contaminadas e momentos calculados a partir subespaços robustos aprendidos através da Análise Robusta de Componentes Principais (ARCP), com o objetivo de detectar anomalias em dados assimétricos e em tráfego de rede. Foi avaliada a acurácia do ARCP-m para detecção de anomalias em dados simulados, com distribuições assimétricas e de cauda pesada, como também para os dados do CTU-13. Os experimentos comparam nossa proposta com algoritmos amplamente utilizados para detecção de anomalias e mostra que a distância entre estimativas robustas e observações contaminadas pode melhorar a detecção de anomalias em dados assimétricos e a detecção de ataques de rede. Adicionalmente, foi proposta uma arquitetura e abordagem para avaliar uma prova de conceito da Autosimilaridade para a detecção de comportamentos maliciosos em aplicações móveis corporativas. Neste sentido, foram propostos cenários, variáveis e abordagem para a análise de ameaças, como também foi avaliado o tempo de processamento necessário para a execução do Autosimilaridade em dispositivos móveis.The cost of all types of cyberattacks is increasing for global organizations. The Whitehouse of the U.S. government estimates that malicious cyber activity cost the U.S. economy between US$57 billion and US$109 billion in 2016. Recently, it is possible to observe an increasing in numbers of Denial of Service (DoS), botnets, malicious insider and ransomware attacks. Accenture consulting argues that 89% of survey respondents believe breakthrough technologies, like artificial intelligence, machine learning and user behavior analytics, are essential for securing their organizations. To face adversarial models, novel network attacks and counter measures of attackers to avoid detection, it is possible to adopt unsupervised or semi-supervised approaches for network anomaly detection, by means of behavioral analysis, where known anomalies are not necessaries for training models. Signal processing schemes have been applied to detect malicious traffic in computer networks through unsupervised approaches, showing advances in network traffic analysis, in network attack detection, and in network intrusion detection systems. Anomalies can be hard to identify and separate from normal data due to the rare occurrences of anomalies in comparison to normal events. The imbalanced data can compromise the performance of most standard learning algorithms, creating bias or unfair weight to learn from the majority class and reducing detection capacity of anomalies that are characterized by the minority class. Therefore, anomaly detection algorithms have to be highly discriminating, robust to corruption and able to deal with the imbalanced data problem. Some widely adopted algorithms for anomaly detection assume a Gaussian distributed data for legitimate observations, however this assumption may not be observed in network traffic, which is usually characterized by skewed and heavy-tailed distributions. As a first important contribution, we propose the Eigensimilarity, which is an approach based on signal processing concepts applied to detection of malicious traffic in computer networks. We evaluate the accuracy and performance of the proposed framework applied to a simulated scenario and to the DARPA 1998 data set. The performed experiments show that synflood, fraggle and port scan attacks can be detected accurately by Eigensimilarity and with great detail, in an automatic and blind fashion, i.e. in an unsupervised approach. Considering that the skewness improves anomaly detection in imbalanced and skewed data, such as network traffic, we propose the Moment-based Robust Principal Component Analysis (mRPCA) for network attack detection. The m-RPCA is a framework based on distances between contaminated observations and moments computed from a robust subspace learned by Robust Principal Component Analysis (RPCA), in order to detect anomalies from skewed data and network traffic. We evaluate the accuracy of the m-RPCA for anomaly detection on simulated data sets, with skewed and heavy-tailed distributions, and for the CTU-13 data set. The Experimental evaluation compares our proposal to widely adopted algorithms for anomaly detection and shows that the distance between robust estimates and contaminated observations can improve the anomaly detection on skewed data and the network attack detection. Moreover, we propose an architecture and approach to evaluate a proof of concept of Eigensimilarity for malicious behavior detection on mobile applications, in order to detect possible threats in offline corporate mobile client. We propose scenarios, features and approaches for threat analysis by means of Eigensimilarity, and evaluate the processing time required for Eigensimilarity execution in mobile devices

Development of traceability solution for furniture components

Mestrado de dupla diplomação com a UTFPR - Universidade Tecnológica Federal do ParanáIn the contemporary context, characterized by intensified global competition and the constant evolution of the globalization landscape, it becomes imperative for industries, including Small and Medium Enterprises (SMEs), to undertake efforts to enhance their operational processes, often through digital technological adaptation. The present study falls within the scope of the project named “Wood Work 4.0,” which aims to infuse innovation into the wood furniture manufacturing industry through process optimization and the adoption of digital technologies. This project received funding from the European Union Development Fund, in collaboration with the North 2020 Regional Program, and was carried out at the Carpintaria Mofreita company, located in Macedo de Cavaleiros, Portugal. In this regard, this study introduces a software architecture that supports the traceability of projects in the wood furniture industry and simultaneously employs a system to identify and manage material leftovers, aiming for more efficient waste management. For the development of this software architecture, an approach that integrates the Fiware platform, specialized in systems for the Internet of Things (IoT), with an Application Programming Interface (API) specifically created to manage information about users, projects, and associated media files, was adopted. The material leftovers identification system employs image processing techniques to extract geometric characteristics of the materials. Additionally, these data are integrated into the company’s database. In this way, it was possible to develop an architecture that allows not only the capturing of project information but also its effective management. In the case of material leftovers identification, the system was able to establish, with a satisfactory degree of accuracy, the dimensions of the materials, enabling the insertion of these data into the company’s database for resource management and optimization.No contexto contemporâneo, marcado por uma competição global intensificada e pela constante evolução do cenário de globalização, torna-se imperativo para as indústrias, incluindo as Pequenas e Médias Empresas (PMEs), empreender esforços para aprimorar seus processos operacionais, frequentemente pela via da adaptação tecnológica digital. O presente estudo insere-se dentro do escopo do projeto denominado “Wood Work 4.0”, cujo propósito é infundir inovação na indústria de fabricação de móveis de madeira por meio da otimização de processos e da adoção de tecnologias digitais. Este projeto obteve financiamento do Fundo de Desenvolvimento da União Europeia, em colaboração com o programa Regional do Norte 2020 e foi realizado na empresa Carpintaria Mofreita, localizada em Macedo de Cavaleiros, Portugal. Nesse sentido, este estudo introduz uma arquitetura de software que oferece suporte à rastreabilidade de projetos na indústria de móveis de madeira, e simultaneamente emprega um sistema para identificar e gerenciar sobras de material, objetivando uma gestão de resíduos mais eficiente. Para o desenvolvimento dessa arquitetura de software, adotou-se uma abordagem que integra a plataforma Fiware, especializada em sistemas para a Internet das Coisas (IoT), com uma Interface de Programação de Aplicações (API) criada especificamente para gerenciar informações de usuários, projetos, e arquivos de mídia associados. O sistema de identificação de sobras de material emprega técnicas de processamento de imagem para extrair características geométricas dos materiais. Adicionalmente, esses dados são integrados ao banco de dados da empresa. Desta forma, foi possível desenvolver uma arquitetura que permite não só capturar informações de projetos, mas também gerenciá-las de forma eficaz. No caso da identificação de sobras de material, o sistema foi capaz de estabelecer, com um grau de precisão satisfatório, as dimensões dos materiais, possibilitando a inserção desses dados no banco de dados da empresa para gestão e otimização do uso de recursos

Machine Learning for Cyber Physical Systems

This open access proceedings presents new approaches to Machine Learning for Cyber Physical Systems, experiences and visions. It contains selected papers from the fifth international Conference ML4CPS – Machine Learning for Cyber Physical Systems, which was held in Berlin, March 12-13, 2020. Cyber Physical Systems are characterized by their ability to adapt and to learn: They analyze their environment and, based on observations, they learn patterns, correlations and predictive models. Typical applications are condition monitoring, predictive maintenance, image processing and diagnosis. Machine Learning is the key technology for these developments

Enabling Auditing and Intrusion Detection of Proprietary Controller Area Networks

The goal of this dissertation is to provide automated methods for security researchers to overcome ‘security through obscurity’ used by manufacturers of proprietary Industrial Control Systems (ICS). `White hat\u27 security analysts waste significant time reverse engineering these systems\u27 opaque network configurations instead of performing meaningful security auditing tasks. Automating the process of documenting proprietary protocol configurations is intended to improve independent security auditing of ICS networks. The major contributions of this dissertation are a novel approach for unsupervised lexical analysis of binary network data flows and analysis of the time series data extracted as a result. We demonstrate the utility of these methods using Controller Area Network (CAN) data sampled from passenger vehicles

A multi-dimensional trust-model for dynamic, scalable and resources-efficient trust-management in social internet of things

L'internet des Objets (IoT) est un paradigme qui a rendu les objets du quotidien, intelligents en leur offrant la possibilité de se connecter à Internet, de communiquer et d'interagir. L'intégration de la composante sociale dans l'IoT a donné naissance à l'Internet des Objets Social (SIoT), qui a permis de surmonter diverse problématiques telles que l'interopérabilité et la découverte de ressources. Dans ce type d'environnement, les participants rivalisent afin d'offrir une variété de services attrayants. Certains d'entre eux ont recours à des comportements malveillants afin de propager des services de mauvaise qualité. Ils lancent des attaques, dites de confiance, et brisent les fonctionnalités de base du système. Plusieurs travaux de la littérature ont abordé ce problème et ont proposé différents modèles de confiance. La majorité d'entre eux ont tenté de réappliquer des modèles de confiance conçus pour les réseaux sociaux ou les réseaux pair-à-pair. Malgré les similitudes entre ces types de réseaux, les réseaux SIoT présentent des particularités spécifiques. Dans les SIoT, nous avons différents types d'entités qui collaborent, à savoir des humains, des dispositifs et des services. Les dispositifs peuvent présenter des capacités de calcul et de stockage très limitées et leur nombre peut atteindre des millions. Le réseau qui en résulte est complexe et très dynamique et les répercussions des attaques de confiance peuvent être plus importantes. Nous proposons un nouveau modèle de confiance, multidimensionnel, dynamique et scalable, spécifiquement conçu pour les environnements SIoT. Nous proposons, en premier lieu, des facteurs permettant de décrire le comportement des trois types de nœuds impliqués dans les réseaux SIoT et de quantifier le degré de confiance selon les trois dimensions de confiance résultantes. Nous proposons, ensuite, une méthode d'agrégation basée sur l'apprentissage automatique et l'apprentissage profond qui permet d'une part d'agréger les facteurs proposés pour obtenir un score de confiance permettant de classer les nœuds, mais aussi de détecter les types d'attaques de confiance et de les contrer. Nous proposons, ensuite, une méthode de propagation hybride qui permet de diffuser les valeurs de confiance dans le réseau, tout en remédiant aux inconvénients des méthodes centralisée et distribuée. Cette méthode permet d'une part d'assurer la scalabilité et le dynamisme et d'autre part, de minimiser la consommation des ressources. Les expérimentations appliquées sur des de données synthétiques nous ont permis de valider le modèle proposé.The Internet of Things (IoT) is a paradigm that has made everyday objects intelligent by giving them the ability to connect to the Internet, communicate and interact. The integration of the social component in the IoT has given rise to the Social Internet of Things (SIoT), which has overcome various issues such as interoperability, navigability and resource/service discovery. In this type of environment, participants compete to offer a variety of attractive services. Some of them resort to malicious behavior to propagate poor quality services. They launch so-called Trust-Attacks (TA) and break the basic functionality of the system. Several works in the literature have addressed this problem and have proposed different trust-models. Most of them have attempted to adapt and reapply trust models designed for traditional social networks or peer-to-peer networks. Despite the similarities between these types of networks, SIoT ones have specific particularities. In SIoT, there are different types of entities that collaborate: humans, devices, and services. Devices can have very limited computing and storage capacities, and their number can be as high as a few million. The resulting network is complex and highly dynamic, and the impact of Trust-Attacks can be more compromising. In this work, we propose a Multidimensional, Dynamic, Resources-efficient and Scalable trust-model that is specifically designed for SIoT environments. We, first, propose features to describe the behavior of the three types of nodes involved in SIoT networks and to quantify the degree of trust according to the three resulting Trust-Dimensions. We propose, secondly, an aggregation method based on Supervised Machine-Learning and Deep Learning that allows, on the one hand, to aggregate the proposed features to obtain a trust score allowing to rank the nodes, but also to detect the different types of Trust-Attacks and to counter them. We then propose a hybrid propagation method that allows spreading trust values in the network, while overcoming the drawbacks of centralized and distributed methods. The proposed method ensures scalability and dynamism on the one hand, and minimizes resource consumption (computing and storage), on the other. Experiments applied to synthetic data have enabled us to validate the resilience and performance of the proposed model