AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments

This report considers the application of Articial Intelligence (AI) techniques to the problem of misuse detection and misuse localisation within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, model-based systems, case based reasoning, pattern matching, clustering and feature extraction, articial neural networks, genetic algorithms, arti cial immune systems, agent based systems, data mining and a variety of hybrid approaches. The report then considers the central issue of event correlation, that is at the heart of many misuse detection and localisation systems. The notion of being able to infer misuse by the correlation of individual temporally distributed events within a multiple data stream environment is explored, and a range of techniques, covering model based approaches, `programmed' AI and machine learning paradigms. It is found that, in general, correlation is best achieved via rule based approaches, but that these suffer from a number of drawbacks, such as the difculty of developing and maintaining an appropriate knowledge base, and the lack of ability to generalise from known misuses to new unseen misuses. Two distinct approaches are evident. One attempts to encode knowledge of known misuses, typically within rules, and use this to screen events. This approach cannot generally detect misuses for which it has not been programmed, i.e. it is prone to issuing false negatives. The other attempts to `learn' the features of event patterns that constitute normal behaviour, and, by observing patterns that do not match expected behaviour, detect when a misuse has occurred. This approach is prone to issuing false positives, i.e. inferring misuse from innocent patterns of behaviour that the system was not trained to recognise. Contemporary approaches are seen to favour hybridisation, often combining detection or localisation mechanisms for both abnormal and normal behaviour, the former to capture known cases of misuse, the latter to capture unknown cases. In some systems, these mechanisms even work together to update each other to increase detection rates and lower false positive rates. It is concluded that hybridisation offers the most promising future direction, but that a rule or state based component is likely to remain, being the most natural approach to the correlation of complex events. The challenge, then, is to mitigate the weaknesses of canonical programmed systems such that learning, generalisation and adaptation are more readily facilitated

Bayesian Compressed Regression

As an alternative to variable selection or shrinkage in high dimensional regression, we propose to randomly compress the predictors prior to analysis. This dramatically reduces storage and computational bottlenecks, performing well when the predictors can be projected to a low dimensional linear subspace with minimal loss of information about the response. As opposed to existing Bayesian dimensionality reduction approaches, the exact posterior distribution conditional on the compressed data is available analytically, speeding up computation by many orders of magnitude while also bypassing robustness issues due to convergence and mixing problems with MCMC. Model averaging is used to reduce sensitivity to the random projection matrix, while accommodating uncertainty in the subspace dimension. Strong theoretical support is provided for the approach by showing near parametric convergence rates for the predictive density in the large p small n asymptotic paradigm. Practical performance relative to competitors is illustrated in simulations and real data applications.Comment: 29 pages, 4 figure

Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)

One of the most important metrics in the design of IP mobility protocols is the handover performance. The current Mobile IP (MIP) standard has been shown to exhibit poor handover performance. Most other work attempts to modify MIP to slightly improve its efficiency, while others propose complex techniques to replace MIP. Rather than taking these approaches, we instead propose a new architecture for providing efficient and smooth handover, while being able to co-exist and inter-operate with other technologies. Specifically, we propose an intra-domain multicast-based mobility architecture, where a visiting mobile is assigned a multicast address to use while moving within a domain. Efficient handover is achieved using standard multicast join/prune mechanisms. Two approaches are proposed and contrasted. The first introduces the concept proxy-based mobility, while the other uses algorithmic mapping to obtain the multicast address of visiting mobiles. We show that the algorithmic mapping approach has several advantages over the proxy approach, and provide mechanisms to support it. Network simulation (using NS-2) is used to evaluate our scheme and compare it to other routing-based micro-mobility schemes - CIP and HAWAII. The proactive handover results show that both M&M and CIP shows low handoff delay and packet reordering depth as compared to HAWAII. The reason for M&M's comparable performance with CIP is that both use bi-cast in proactive handover. The M&M, however, handles multiple border routers in a domain, where CIP fails. We also provide a handover algorithm leveraging the proactive path setup capability of M&M, which is expected to outperform CIP in case of reactive handover.Comment: 12 pages, 11 figure

Design of platforms based on blockchain technology applied to different use cases

[EN]The developments of my PhD in this past year are shown in this article. It is studied thoroughly the possibilities and limits of the blockchain protocols when used in IoT platforms. It is commented how the scalability limits of blockchain technology affects the performance of the systems that make use of it. Also, a review of the state of the art has been carried out, pointing out how some solutions make use of a centralization process to improve response time and security of the blockchain. As future remarks, it should be studying the possibility of creating a public blockchain network with the IoT devices of the platform

The Survey, Taxonomy, and Future Directions of Trustworthy AI: A Meta Decision of Strategic Decisions

When making strategic decisions, we are often confronted with overwhelming information to process. The situation can be further complicated when some pieces of evidence are contradicted each other or paradoxical. The challenge then becomes how to determine which information is useful and which ones should be eliminated. This process is known as meta-decision. Likewise, when it comes to using Artificial Intelligence (AI) systems for strategic decision-making, placing trust in the AI itself becomes a meta-decision, given that many AI systems are viewed as opaque "black boxes" that process large amounts of data. Trusting an opaque system involves deciding on the level of Trustworthy AI (TAI). We propose a new approach to address this issue by introducing a novel taxonomy or framework of TAI, which encompasses three crucial domains: articulate, authentic, and basic for different levels of trust. To underpin these domains, we create ten dimensions to measure trust: explainability/transparency, fairness/diversity, generalizability, privacy, data governance, safety/robustness, accountability, reproducibility, reliability, and sustainability. We aim to use this taxonomy to conduct a comprehensive survey and explore different TAI approaches from a strategic decision-making perspective

Mobility-based Routing Overhead Management in Reconfigurable Wireless Ad hoc Networks

Mobility-Based Routing Overhead Management in Reconfigurable Wireless Ad Hoc Networks Routing Overheads are the non-data message packets whose roles are establishment and maintenance of routes for data packets as well as neighbourhood discovery and maintenance. They have to be broadcasted in the network either through flooding or other techniques that can ensure that a path exists before data packets can be sent to various destinations. They can be sent reactively or periodically to neighbours so as to keep nodes updated on their neighbourhoods. While we cannot do without these overhead packets, they occupy much of the limited wireless bandwidth available in wireless networks. In a reconfigurable wireless ad hoc network scenario, these packets have more negative effects, as links need to be confirmed more frequently than in traditional networks mainly because of the unpredictable behaviour of the ad hoc networks. We therefore need suitable algorithms that will manage these overheads so as to allow data packet to have more access to the wireless medium, save node energy for longer life of the network, increased efficiency, and scalability. Various protocols have been suggested in the research area. They mostly address routing overheads for suitability of particular protocols leading to lack of standardisation and inapplicability to other protocol classes. In this dissertation ways of ensuring that the routing overheads are kept low are investigated. The issue is addressed both at node and network levels with a common goal of improving efficiency and performance of ad hoc networks without dedicating ourselves to a particular class of routing protocol. At node level, a method hereby referred to as "link availability forecast", that minimises routing overheads used for maintenance of neighbourhood, is derived. The targeted packets are packets that are broadcasted periodically (e.g. hello messages). The basic idea in this method is collection of mobility parameters from the neighbours and predictions or forecasts of these parameters in future. Using these parameters in simple calculations helps in identifying link availabilities between nodes participating in maintenance of networks backbone. At the network level, various approaches have been suggested. The first approach is the cone flooding method that broadcasts route request messages through a predetermined cone shaped region. This region is determined through computation using last known mobility parameters of the destination. Another approach is what is hereby referred as "destination search reverse zone method". In this method, a node will keep routes to destinations for a long time and use these routes for tracing the destination. The destination will then initiate route search in a reverse manner, whereby the source selects the best route for next delivery. A modification to this method is for the source node to determine the zone of route search and define the boundaries within which the packet should be broadcasted. The later method has been used for simulation purposes. The protocol used for verification of the improvements offered by the schemes was the AODV. The link availability forecast scheme was implemented on the AODV and labelled AODV_LA while the network level implementation was labelled AODV_RO. A combination of the two schemes was labelled AODV_LARO

Negotiation Between Distributed Agents in a Concurrent Engineering System

Current approaches to design are often serial and iterative in nature, leading to poor quality of design and reduced productivity. Complex artifacts are designed by groups of experts, each with his/her own area of expertise. Hence design can be modeled as a cooperative multi-agent problem-solving task, where different agents possess different expertise and evaluation criteria. New techniques for Concurrent Design, which emphasize parallel interaction among design experts involved, are needed. During this concurrent design process, disagreements may arise among the expert agents as the design is being produced. The process by which these differences are resolve to arrive at a common set of design decisions is called Negotiation. The main issues associated with the negotiation process are, whether negotiation should be centralized or distributed, the language of communication and the negotiation strategy. The goals of this thesis are to study the work done by various researchers in this field, to do a comarative analysis of their work and to design and implement an approach to handle negotiation between expert agents in an existing Concurrent Engineering Design System

Predicting fraud in mobile money transfer using case-based reasoning

This paper proposes an improved CBR approach for the identification of money transfer fraud in Mobile Money Transfer (MMT) environments. Standard CBR capability is augmented by machine learning techniques to assign parameter weights in the sample dataset and automate k-value random selection in k-NN classification to improve CBR performance. The CBR system observes users’ transaction behaviour within the MMT service and tries to detect abnormal patterns in the transaction flows. To capture user behaviour effectively, the CBR system classifies the log information into five contexts and then combines them into a single dimension, instead of using the conventional approach where the transaction amount, time dimensions or features dimension are used individually. The applicability of the proposed augmented CBR system is evaluated using simulation data. From the results, both dimensions show good performance with the context of information weighted CBR system outperforming the individual features approach

Applying CBR to manage argumentation in MAS

[EN] The application of argumentation theories and techniques in multi-agent systems has become a prolific area of research. Argumentation allows agents to harmonise two types of disagreement situations: internal, when the acquisition of new information (e.g., about the environment or about other agents) produces incoherences in the agents' mental state; and external, when agents that have different positions about a topic engage in a discussion. The focus of this paper is on the latter type of disagreement situations. In those settings, agents must be able to generate, select and send arguments to other agents that will evaluate them in their turn. An efficient way for agents to manage these argumentation abilities is by using case-based reasoning, which has been successfully applied to argumentation from its earliest beginnings. This reasoning methodology also allows agents to learn from their experiences and therefore, to improve their argumentation skills. This paper analyses the advantages of applying case-based reasoning to manage arguments in multi-agent systems dialogues, identifies open issues and proposes new ideas to tackle them.This work was partially supported by CONSOLIDERINGENIO 2010 under grant CSD2007-00022 and by the Spanish government and FEDER funds under CICYT TIN2005-03395 and TIN2006-14630-C0301 projects.Heras Barberá, SM.; Julian Inglada, VJ.; Botti Navarro, VJ. (2010). Applying CBR to manage argumentation in MAS. International Journal of Reasoning-based Intelligent Systems. 2(2):110-117. https://doi.org/10.1504/IJRIS.2010.034906S1101172