Metodologias para o uso de aprendizagem automática na classificação de entidades de rede com base em padrões de tráfego

For the last years, constant news about information and data leaks are raising public discussion of the safety of the systems that we all nowadays depend on. Communications are increasingly more private; hence next-generation security systems rely on pattern recognition techniques to detect and infer the safety without the need for scrapping its content. This dissertation proposes methodologies to infer entity patterns and their nature according to their network traffic: if they are running according to their previously known safe pattern or if its behavior is uncommon, an indication of a possible breach. There is a strong indication that behavioral pattern recognition will continue to lead the research of security solutions, not only for the network traffic but also for other measurable activities. Other examples are identity access management or programs running on a computer. This dissertation proposes modeling network OSI layers 3 to 5 metadata in features that are later processed by machine learning algorithms to classify the network activity. The classification itself is divided into two groups: the first level is recognizing active entities operating within a network domain and the second if each entity is acting according to each known pattern. The presented methods of inferring if something is acting according to known patterns are transversal to other domains. Although aggregation of metadata and modeling differ, the described process of solving the problem of inferring patterns is generic and can be applied to user use cases rather than to the network, or combined with more complex scenarios. The last chapter includes a proof of concept with a few evaluation metrics using synthetic data, to evaluate if the classification algorithms can successfully distinguish different patterns. The tests showed promising results, ranging from 99% for entity classification and 77% to 98% (depending on the entity nature) for abnormality detection.Nos últimos anos notícias sobre roubos e perdas de informação e de dados têm sido constante, levantando discussão sobre a segurança dos sistemas dos quais hoje dependemos. As comunicações são também cada vez mais privadas, pelo que os sistemas de segurança de última geração têm desenvolvido técnicas de reconhecimento de padrões para detetar e inferir a segurança sem a necessidade de processar conteúdos. Esta dissertação propõe metodologias para inferir os padrões de entidades considerando o seu tráfego de rede: se está enquadrado no comportamento de tráfego previamente conhecido, ou se a atividade gerada é incomum e, por isso, ser indicação de um possível problema. Há uma forte indicação de que o reconhecimento de padrões de comportamento continuará a liderar a investigação no domínio de soluções de segurança, não só para o tráfego de rede, mas também para outras atividades mensuráveis. Outros exemplos englobam a gestão de acesso de identidade ou programas em execução em um computador. As metodologias propõem a modelação de metadados da camada de rede OSI 3 a 5 em contagens que são posteriormente processadas por algoritmos de aprendizagem automática para classificar a atividade da rede. Esta classificação baseia-se em dois níveis: no primeiro o reconhecimento entidades ativas dentro de um domínio de rede e o segundo, se cada entidade corresponde ao padrão conhecido. As metodologias apresentadas para inferir se algo está de acordo com padrões conhecidos são transversais a outros domínios. Embora a agregação de metadados e modelação seja diferente, o processo descrito para inferir padrões é genérico o suficiente para ser aplicado a outros casos de uso, de rede ou não, ou ainda combinado em cenários mais complexos. O último capítulo inclui uma prova de conceito com dados sintéticos e algumas métricas de avaliação, para perceber se os algoritmos de classificação podem distinguir com sucesso padrões diferentes. Os testes mostraram resultados promissores, variando de 99% para classificação de entidades e 77% para 98% (dependendo da natureza da entidade) para deteção de anormalidades.Mestrado em Engenharia de Computadores e Telemátic

Online Handbook of Argumentation for AI: Volume 3

Editors: Federico Castagna, Francesca Mosca, Jack Mumford, Stefan Sarkadi and Andreas Xydis.This volume contains revised versions of the papers selected for the third volume of the Online Handbook of Argumentation for AI (OHAAI). Previously, formal theories of argument and argument interaction have been proposed and studied, and this has led to the more recent study of computational models of argument. Argumentation, as a field within artificial intelligence (AI), is highly relevant for researchers interested in symbolic representations of knowledge and defeasible reasoning. The purpose of this handbook is to provide an open access and curated anthology for the argumentation research community. OHAAI is designed to serve as a research hub to keep track of the latest and upcoming PhD-driven research on the theory and application of argumentation in all areas related to AI

Modélisation formelle des systèmes de détection d'intrusions

L’écosystème de la cybersécurité évolue en permanence en termes du nombre, de la diversité, et de la complexité des attaques. De ce fait, les outils de détection deviennent inefficaces face à certaines attaques. On distingue généralement trois types de systèmes de détection d’intrusions : détection par anomalies, détection par signatures et détection hybride. La détection par anomalies est fondée sur la caractérisation du comportement habituel du système, typiquement de manière statistique. Elle permet de détecter des attaques connues ou inconnues, mais génère aussi un très grand nombre de faux positifs. La détection par signatures permet de détecter des attaques connues en définissant des règles qui décrivent le comportement connu d’un attaquant. Cela demande une bonne connaissance du comportement de l’attaquant. La détection hybride repose sur plusieurs méthodes de détection incluant celles sus-citées. Elle présente l’avantage d’être plus précise pendant la détection. Des outils tels que Snort et Zeek offrent des langages de bas niveau pour l’expression de règles de reconnaissance d’attaques. Le nombre d’attaques potentielles étant très grand, ces bases de règles deviennent rapidement difficiles à gérer et à maintenir. De plus, l’expression de règles avec état dit stateful est particulièrement ardue pour reconnaître une séquence d’événements. Dans cette thèse, nous proposons une approche stateful basée sur les diagrammes d’état-transition algébriques (ASTDs) afin d’identifier des attaques complexes. Les ASTDs permettent de représenter de façon graphique et modulaire une spécification, ce qui facilite la maintenance et la compréhension des règles. Nous étendons la notation ASTD avec de nouvelles fonctionnalités pour représenter des attaques complexes. Ensuite, nous spécifions plusieurs attaques avec la notation étendue et exécutons les spécifications obtenues sur des flots d’événements à l’aide d’un interpréteur pour identifier des attaques. Nous évaluons aussi les performances de l’interpréteur avec des outils industriels tels que Snort et Zeek. Puis, nous réalisons un compilateur afin de générer du code exécutable à partir d’une spécification ASTD, capable d’identifier de façon efficiente les séquences d’événements.Abstract : The cybersecurity ecosystem continuously evolves with the number, the diversity, and the complexity of cyber attacks. Generally, we have three types of Intrusion Detection System (IDS) : anomaly-based detection, signature-based detection, and hybrid detection. Anomaly detection is based on the usual behavior description of the system, typically in a static manner. It enables detecting known or unknown attacks but also generating a large number of false positives. Signature based detection enables detecting known attacks by defining rules that describe known attacker’s behavior. It needs a good knowledge of attacker behavior. Hybrid detection relies on several detection methods including the previous ones. It has the advantage of being more precise during detection. Tools like Snort and Zeek offer low level languages to represent rules for detecting attacks. The number of potential attacks being large, these rule bases become quickly hard to manage and maintain. Moreover, the representation of stateful rules to recognize a sequence of events is particularly arduous. In this thesis, we propose a stateful approach based on algebraic state-transition diagrams (ASTDs) to identify complex attacks. ASTDs allow a graphical and modular representation of a specification, that facilitates maintenance and understanding of rules. We extend the ASTD notation with new features to represent complex attacks. Next, we specify several attacks with the extended notation and run the resulting specifications on event streams using an interpreter to identify attacks. We also evaluate the performance of the interpreter with industrial tools such as Snort and Zeek. Then, we build a compiler in order to generate executable code from an ASTD specification, able to efficiently identify sequences of events

Aeronautical Engineering. A continuing bibliography with indexes, supplement 156

This bibliography lists 288 reports, articles and other documents introduced into the NASA scientific and technical information system in December 1982

Air Force Institute of Technology Research Report 2003

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, and Engineering Physics

Nutrition and national development : an evaluation of nutrition planning in Malawi from 1936 - 1990

This thesis involves an evaluation of the nutrition planning attempts made in the small central African country of Malawi from 1936 to 1990. The fulfillment of four prerequisites necessary for development planning to be successful was evaluated at different points in time. These prerequisites include the existence of I.) mutually agreed objectives, 2) the political will to achieve those objectives, 3) relevant planning theories and 4) the means and capacity to take the required actions. Overall this study has shown that despite Malawi's long history of nutrition planning the attempts made over the past six decades have not be successful since child malnutrition levels are much the same today as during colonial times. From independence in 1964 up until the late 1980s a substantial part of the problem has been the lack of political will to address the poverty and household food insecurity aspects of the problem. Another major weakness has been the lack of adequate assessment and analysis of the nutrition situation in the country. As a result inappropriate actions were taken which often involved the importation of irrelevant nutrition activities by donors. An important lesson of this study is the important role that research and evaluation has in providing the empirical basis on which to plan actions as well as to assess past efforts.One conclusion of this thesis is that the problem of malnutrition in Malawi can not be viewed as a small issue since the costs to the individual and to the nation are too great. Instead improvement in nutritional status needs to be viewed as an objective in a variety of sectors. Similarly its solution should not solely be limited to nutritionists since development planners in all sectors must be involved. In addition, considering the seriousness of the nutrition problem found in the country the time horizon for improvement to be evident should realistically be framed in terms of decades.</p

Winona Daily News

https://openriver.winona.edu/winonadailynews/1869/thumbnail.jp

Air Force Institute of Technology Research Report 2007

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Air Force Institute of Technology Research Report 2006

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics