33 research outputs found
Metodologias para o uso de aprendizagem automática na classificação de entidades de rede com base em padrões de tráfego
For the last years, constant news about information and data leaks are raising
public discussion of the safety of the systems that we all nowadays depend
on. Communications are increasingly more private; hence next-generation security
systems rely on pattern recognition techniques to detect and infer the
safety without the need for scrapping its content. This dissertation proposes
methodologies to infer entity patterns and their nature according to their network
traffic: if they are running according to their previously known safe pattern
or if its behavior is uncommon, an indication of a possible breach. There
is a strong indication that behavioral pattern recognition will continue to lead
the research of security solutions, not only for the network traffic but also for
other measurable activities. Other examples are identity access management
or programs running on a computer. This dissertation proposes modeling network
OSI layers 3 to 5 metadata in features that are later processed by machine
learning algorithms to classify the network activity. The classification
itself is divided into two groups: the first level is recognizing active entities
operating within a network domain and the second if each entity is acting according
to each known pattern. The presented methods of inferring if something
is acting according to known patterns are transversal to other domains.
Although aggregation of metadata and modeling differ, the described process
of solving the problem of inferring patterns is generic and can be applied to
user use cases rather than to the network, or combined with more complex
scenarios. The last chapter includes a proof of concept with a few evaluation
metrics using synthetic data, to evaluate if the classification algorithms
can successfully distinguish different patterns. The tests showed promising
results, ranging from 99% for entity classification and 77% to 98% (depending
on the entity nature) for abnormality detection.Nos Ăşltimos anos notĂcias sobre roubos e perdas de informação e de dados
têm sido constante, levantando discussão sobre a segurança dos sistemas
dos quais hoje dependemos. As comunicações são também cada vez mais
privadas, pelo que os sistemas de segurança de última geração têm desenvolvido
técnicas de reconhecimento de padrões para detetar e inferir a segurança
sem a necessidade de processar conteúdos. Esta dissertação propõe
metodologias para inferir os padrões de entidades considerando o seu tráfego
de rede: se está enquadrado no comportamento de tráfego previamente conhecido,
ou se a atividade gerada é incomum e, por isso, ser indicação de
um possĂvel problema. Há uma forte indicação de que o reconhecimento de
padrões de comportamento continuará a liderar a investigação no domĂnio de
soluções de segurança, não só para o tráfego de rede, mas também para outras
atividades mensuráveis. Outros exemplos englobam a gestão de acesso
de identidade ou programas em execução em um computador. As metodologias
propõem a modelação de metadados da camada de rede OSI 3 a 5
em contagens que sĂŁo posteriormente processadas por algoritmos de aprendizagem
automática para classificar a atividade da rede. Esta classificação
baseia-se em dois nĂveis: no primeiro o reconhecimento entidades ativas dentro
de um domĂnio de rede e o segundo, se cada entidade corresponde ao
padrão conhecido. As metodologias apresentadas para inferir se algo está de
acordo com padrões conhecidos sĂŁo transversais a outros domĂnios. Embora
a agregação de metadados e modelação seja diferente, o processo descrito
para inferir padrões é genérico o suficiente para ser aplicado a outros casos
de uso, de rede ou não, ou ainda combinado em cenários mais complexos. O
Ăşltimo capĂtulo inclui uma prova de conceito com dados sintĂ©ticos e algumas
métricas de avaliação, para perceber se os algoritmos de classificação podem
distinguir com sucesso padrões diferentes. Os testes mostraram resultados
promissores, variando de 99% para classificação de entidades e 77% para
98% (dependendo da natureza da entidade) para deteção de anormalidades.Mestrado em Engenharia de Computadores e Telemátic
Recommended from our members
Online Handbook of Argumentation for AI: Volume 3
Editors: Federico Castagna, Francesca Mosca, Jack Mumford, Stefan Sarkadi and Andreas Xydis.This volume contains revised versions of the papers selected for the third volume of the Online Handbook of Argumentation for AI (OHAAI). Previously, formal theories of argument and argument interaction have been proposed and studied, and this has led to the more recent study of computational models of argument. Argumentation, as a field within artificial intelligence (AI), is highly relevant for researchers interested in symbolic representations of knowledge and defeasible reasoning. The purpose of this handbook is to provide an open access and curated anthology for the argumentation research community. OHAAI is designed to serve as a research hub to keep track of the latest and upcoming PhD-driven research on the theory and application of argumentation in all areas related to AI
Modélisation formelle des systèmes de détection d'intrusions
L’écosystème de la cybersécurité évolue en permanence en termes du nombre, de la diversité, et de la complexité des attaques. De ce fait, les outils de détection deviennent inefficaces face à certaines attaques. On distingue généralement trois types de systèmes de détection d’intrusions : détection par anomalies, détection par signatures et détection hybride. La détection par anomalies est fondée sur la caractérisation du comportement habituel du système, typiquement de manière statistique. Elle permet de détecter des attaques connues ou inconnues, mais génère aussi un très grand nombre de faux positifs. La détection par signatures permet de détecter des attaques connues en définissant des règles qui décrivent le comportement connu d’un attaquant. Cela demande une bonne connaissance du comportement de l’attaquant. La détection hybride repose sur plusieurs méthodes de détection incluant celles sus-citées. Elle présente l’avantage d’être plus précise pendant la détection. Des outils tels que Snort et Zeek offrent des langages de bas niveau pour l’expression de règles de reconnaissance d’attaques. Le nombre d’attaques potentielles étant très grand, ces bases de règles deviennent rapidement difficiles à gérer et à maintenir. De plus, l’expression de règles avec état dit stateful est particulièrement ardue pour reconnaître une séquence d’événements. Dans cette thèse, nous proposons une approche stateful basée sur les diagrammes d’état-transition algébriques (ASTDs) afin d’identifier des attaques complexes. Les ASTDs permettent de représenter de façon graphique et modulaire une spécification, ce qui facilite la maintenance et la compréhension des règles. Nous étendons la notation ASTD avec de nouvelles fonctionnalités pour représenter des attaques complexes. Ensuite, nous spécifions plusieurs attaques avec la notation étendue et exécutons les spécifications obtenues sur des flots d’événements à l’aide d’un interpréteur pour identifier des attaques. Nous évaluons aussi les performances de l’interpréteur avec des outils industriels tels que Snort et Zeek. Puis, nous réalisons un compilateur afin de générer du code exécutable à partir d’une spécification ASTD, capable d’identifier de façon efficiente les séquences d’événements.Abstract : The cybersecurity ecosystem continuously evolves with the number, the diversity,
and the complexity of cyber attacks. Generally, we have three types of Intrusion
Detection System (IDS) : anomaly-based detection, signature-based detection, and
hybrid detection. Anomaly detection is based on the usual behavior description of
the system, typically in a static manner. It enables detecting known or unknown attacks
but also generating a large number of false positives. Signature based detection
enables detecting known attacks by defining rules that describe known attacker’s behavior.
It needs a good knowledge of attacker behavior. Hybrid detection relies on
several detection methods including the previous ones. It has the advantage of being
more precise during detection. Tools like Snort and Zeek offer low level languages to
represent rules for detecting attacks. The number of potential attacks being large,
these rule bases become quickly hard to manage and maintain. Moreover, the representation
of stateful rules to recognize a sequence of events is particularly arduous. In this thesis, we propose a stateful approach based on algebraic state-transition
diagrams (ASTDs) to identify complex attacks. ASTDs allow a graphical and modular
representation of a specification, that facilitates maintenance and understanding of
rules. We extend the ASTD notation with new features to represent complex attacks.
Next, we specify several attacks with the extended notation and run the resulting specifications
on event streams using an interpreter to identify attacks. We also evaluate
the performance of the interpreter with industrial tools such as Snort and Zeek. Then,
we build a compiler in order to generate executable code from an ASTD specification,
able to efficiently identify sequences of events
Aeronautical Engineering. A continuing bibliography with indexes, supplement 156
This bibliography lists 288 reports, articles and other documents introduced into the NASA scientific and technical information system in December 1982
Air Force Institute of Technology Research Report 2003
This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, and Engineering Physics
Nutrition and national development : an evaluation of nutrition planning in Malawi from 1936 - 1990
This thesis involves an evaluation of the nutrition planning attempts made in the small central African country of Malawi from 1936 to 1990. The fulfillment of four prerequisites necessary for development planning to be successful was evaluated at different points in time. These prerequisites include the existence of I.) mutually agreed objectives, 2) the political will to achieve those objectives, 3) relevant planning theories and 4) the means and capacity to take the required actions. Overall this study has shown that despite Malawi's long history of nutrition planning the attempts made over the past six decades have not be successful since child malnutrition levels are much the same today as during colonial times. From independence in 1964 up until the late 1980s a substantial part of the problem has been the lack of political will to address the poverty and household food insecurity aspects of the problem. Another major weakness has been the lack of adequate assessment and analysis of the nutrition situation in the country. As a result inappropriate actions were taken which often involved the importation of irrelevant nutrition activities by donors. An important lesson of this study is the important role that research and evaluation has in providing the empirical basis on which to plan actions as well as to assess past efforts.One conclusion of this thesis is that the problem of malnutrition in Malawi can not be viewed as a small issue since the costs to the individual and to the nation are too great. Instead improvement in nutritional status needs to be viewed as an objective in a variety of sectors. Similarly its solution should not solely be limited to nutritionists since development planners in all sectors must be involved. In addition, considering the seriousness of the nutrition problem found in the country the time horizon for improvement to be evident should realistically be framed in terms of decades.</p
Winona Daily News
https://openriver.winona.edu/winonadailynews/1869/thumbnail.jp
Air Force Institute of Technology Research Report 2007
This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics
Internet of Things From Hype to Reality
The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions
Air Force Institute of Technology Research Report 2006
This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics