An ontology-driven architecture for data integration and management in home-based telemonitoring scenarios

The shift from traditional medical care to the use of new technology and engineering innovations is nowadays an interesting and growing research area mainly motivated by a growing population with chronic conditions and disabilities. By means of information and communications technologies (ICTs), telemedicine systems offer a good solution for providing medical care at a distance to any person in any place at any time. Although significant contributions have been made in this field in recent decades, telemedicine and in e-health scenarios in general still pose numerous challenges that need to be addressed by researchers in order to take maximum advantage of the benefits that these systems provide and to support their long-term implementation. The goal of this research thesis is to make contributions in the field of home-based telemonitoring scenarios. By periodically collecting patients' clinical data and transferring them to physicians located in remote sites, patient health status supervision and feedback provision is possible. This type of telemedicine system guarantees patient supervision while reducing costs (enabling more autonomous patient care and avoiding hospital over flows). Furthermore, patients' quality of life and empowerment are improved. Specifically, this research investigates how a new architecture based on ontologies can be successfully used to address the main challenges presented in home-based telemonitoring scenarios. The challenges include data integration, personalized care, multi-chronic conditions, clinical and technical management. These are the principal issues presented and discussed in this thesis. The proposed new ontology-based architecture takes into account both practical and conceptual integration issues and the transference of data between the end points of the telemonitoring scenario (i.e, communication and message exchange). The architecture includes two layers: 1) a conceptual layer and 2) a data and communication layer. On the one hand, the conceptual layer based on ontologies is proposed to unify the management procedure and integrate incoming data from all the sources involved in the telemonitoring process. On the other hand, the data and communication layer based on web service technologies is proposed to provide practical back-up to the use of the ontology, to provide a real implementation of the tasks it describes and thus to provide a means of exchanging data. This architecture takes advantage of the combination of ontologies, rules, web services and the autonomic computing paradigm. All are well-known technologies and popular solutions applied in the semantic web domain and network management field. A review of these technologies and related works that have made use of them is presented in this thesis in order to understand how they can be combined successfully to provide a solution for telemonitoring scenarios. The design and development of the ontology used in the conceptual layer led to the study of the autonomic computing paradigm and its combination with ontologies. In addition, the OWL (Ontology Web Language) language was studied and selected to express the required knowledge in the ontology while the SPARQL language was examined for its effective use in defining rules. As an outcome of these research tasks, the HOTMES (Home Ontology for Integrated Management in Telemonitoring Scenarios) ontology, presented in this thesis, was developed. The combination of the HOTMES ontology with SPARQL rules to provide a flexible solution for personalising management tasks and adapting the methodology for different management purposes is also discussed. The use of Web Services (WSs) was investigated to support the exchange of information defined in the conceptual layer of the architecture. A generic ontology based solution was designed to integrate data and management procedures in the data and communication layer of the architecture. This is an innovative REST-inspired architecture that allows information contained in an ontology to be exchanged in a generic manner. This layer structure and its communication method provide the approach with scalability and re-usability features. The application of the HOTMES-based architecture has been studied for clinical purposes following three simple methodological stages described in this thesis. Data and management integration for context-aware and personalized monitoring services for patients with chronic conditions in the telemonitoring scenario are thus addressed. In particular, the extension of the HOTMES ontology defines a patient profile. These profiles in combination with individual rules provide clinical guidelines aiming to monitor and evaluate the evolution of the patient's health status evolution. This research implied a multi-disciplinary collaboration where clinicians had an essential role both in the ontology definition and in the validation of the proposed approach. Patient profiles were defined for 16 types of different diseases. Finally, two solutions were explored and compared in this thesis to address the remote technical management of all devices that comprise the telemonitoring scenario. The first solution was based on the HOTMES ontology-based architecture. The second solution was based on the most popular TCP/IP management architecture, SNMP (Simple Network Management Protocol). As a general conclusion, it has been demonstrated that the combination of ontologies, rules, WSs and the autonomic computing paradigm takes advantage of the main benefits that these technologies can offer in terms of knowledge representation, work flow organization, data transference, personalization of services and self-management capabilities. It has been proven that ontologies can be successfully used to provide clear descriptions of managed data (both clinical and technical) and ways of managing such information. This represents a further step towards the possibility of establishing more effective home-based telemonitoring systems and thus improving the remote care of patients with chronic diseases

A mid-level framework for independent network services configuration management

Tese doutoramento do Programa Doutoral em TelecomunicaçõesDecades of evolution in communication network’s resulted in a high diversity of solutions, not only in terms of network elements but also in terms of the way they are managed. From a management perspective, having heterogeneous elements was a feasible scenario over the last decades, where management activities were mostly considered as additional features. However, with the most recent advances on network technology, that includes proposals for future Internet as well as requirements for automation, scale and efficiency, new management methods are required and integrated network management became an essential issue. Most recent solutions aiming to integrate the management of heterogeneous network elements, rely on the application of semantic data translations to obtain a common representation between heterogeneous managed elements, thus enabling their management integration. However, the realization of semantic translations is very complex to be effectively achieved, requiring extensive processing of data to find equivalent representation, besides requiring the administrator’s intervention to create and validate conversions, since contemporary data models lack a formal semantic representation. From these constrains a research question arose: Is it possible to integrate the con g- uration management of heterogeneous network elements overcoming the use of manage- ment translations? In this thesis the author uses a network service abstraction to propose a framework for network service management, which comprehends the two essential management operations: monitoring and configuring. This thesis focus on describing and experimenting the subsystem responsible for the network services configurations management, named Mid-level Network Service Configuration (MiNSC), being the thesis most important contribution. The MiNSC subsystem proposes a new configuration management interface for integrated network service management based on standard technologies that includes an universal information model implemented on unique data models. This overcomes the use of management translations while providing advanced management functionalities, only available in more advanced research projects, that includes scalability and resilience improvement methods. Such functionalities are provided by using a two-layer distributed architecture, as well as over-provisioning of network elements. To demonstrate MiNSC’s management capabilities, a group of experiments was conducted, that included, configuration deployment, instance migration and expansion using a DNS management system as test bed. Since MiNSC represents a new architectural approach, with no direct reference for a quantitative evaluation, a theoretical analysis was conducted in order to evaluate it against important integrated network management perspectives. It was concluded that there is a tendency to apply management translations, being the most straightforward solution when integrating the management of heterogeneous management interfaces and/or data models. However, management translations are very complex to be realized, being its effectiveness questionable for highly heterogeneous environments. The implementation of MiNSC’s standard configuration management interface provides a simplified perspective that, by using universal configurations, removes translations from the management system. Its distributed architecture uses independent/universal configurations and over-provisioning of network elements to improve the service’s resilience and scalability, enabling as well a more efficient resource management by dynamically allocating resources as needed

Model-based provisioning and management of adaptive distributed communication in mobile cooperative systems

Adaptation of communication is required to maintain the reliable connection and to ensure the minimum quality in collaborative activities. Within the framework of wireless environment, how can host entities be handled in the event of a sudden unexpected change in communication and reliable sources? This challenging issue is addressed in the context of Emergency rescue system carried out by mobile devices and robots during calamities or disaster. For this kind of scenario, this book proposes an adaptive middleware to support reconfigurable, reliable group communications. Here, the system structure has been viewed at two different states, a control center with high processing power and uninterrupted energy level is responsible for global task and entities like autonomous robots and firemen owning smart devices act locally in the mission. Adaptation at control center is handled by semantic modeling whereas at local entities, it is managed by a software module called communication agent (CA). Modeling follows the well-known SWRL instructions which establish the degree of importance of each communication link or component. Providing generic and scalable solutions for automated self-configuration is driven by rule-based reconfiguration policies. To perform dynamically in changing environment, a trigger mechanism should force this model to take an adaptive action in order to accomplish a certain task, for example, the group chosen in the beginning of a mission need not be the same one during the whole mission. Local entity adaptive mechanisms are handled by CA that manages internal service APIs to configure, set up, and monitors communication services and manages the internal resources to satisfy telecom service requirements

Ontology-driven knowledge based autonomic management for telecommunication networks : theory, implementation, and applications

Current telecommunication networks are heterogeneous, with devices manufactured by different vendors, operating on di↵erent protocols, and recorded by databases with different schemas. This heterogeneity has resulted in current network managements system becoming enormously complicated and often relying on human intervention. Knowledge based network management, which relies on a universally accepted knowledge base of the network, has been discussed extensively as a promising solution for autonomic network management. To build an autonomic network management system, a universally-shared and machine interpretable knowledge base is required which describes the resources inside the telecommunication system. Semantic web technologies, especially ontologies, have been used for many years in building autonomic knowledge based systems in Artificial Intelligence. There is a pressing need for a standard ontology to enable technology agnostic, autonomic control in telecommunication networks. Network clients need to describe the resource they require, while resource providers need to describe the resource they can provide. With semantic technologies, the data inside complex hybrid networks can be treated as a distributed knowledge graph, where an SQL-like language – SPARQL is ready to search, locate, and configure a node or link of the network. The goal of this thesis is two-fold. The first goal is to build a formal, machine interpretable information model for the current heterogeneous networks. Thus, we propose an ontology, describing resources inside the hybrid telecommunication networks with different technology domains. This ontology follows the Device-Interface-Link pattern, which we identified during the modelling process for networks within different technology domains. The second goal is to develop a system that can use this ontology to build a knowledge base automatically and enable autonomic reasoning over it. We develop a Semantic Enabled Autonomic management system of software defined NETworks (SEANET), a lightweight, plug-and-play, technology-independent solution for knowledge-based autonomic network management that uses the proposed ontology. SEANET abstracts details of network management into a formally defined knowledge graph augmented by inference rules. SEANET’s architecture consists of three components: a knowledge base generator, a SPARQL engine, and an open API. With the open API developed, SEANET enables users without knowledge of Semantic Web or telecommunication networks to develop semantic-intelligent applications on their production networks. Use cases of the proposed ontology and system are demonstrated in the thesis, ranging from network management task and social applications

Toward an efficient ontology-based event correlation in SIEM

Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontolog

Toward an efficient ontology-based event correlation in SIEM

Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontolog

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages