Machine Learning und Complex Event Processing: Effiziente Echtzeitauswertung am Beispiel Smart Factory

Durch die Verbindung zwischen physischen Maschinenteilen unddigitalen Services werden mit Cyber-physischen Systemen in Smart Factoriesviele datenbasierte Optimierungen möglich. Ein wichtiger Bestandteil diesersogenannten Smart Factories kann die Technologie Complex Event Processing(CEP) sein. CEP erlaubt Echtzeitauswertungen komplexer Events, i. S. v.kombinierten Datenwerten aus unterschiedlichen Quellen. Damit können u. a.anomale Prozessabläufe identifiziert und lokalisiert werden. Eine aktuelleBeschränkung der Wirkungsfähigkeit ist die hauptsächlich deklarative undreaktive Implementierung von CEP. Eine Erweiterung um Ansätze aus demMachine Learning (ML) ist daher vielversprechend. Es fehlt jedoch an eineraktuellen Übersicht zu Verbindungen von CEP und ML innerhalb der Forschungsowie deren Transferfähigkeit auf Smart Factories. Unser Beitrag liefert (1) eineSynthese der bislang erforschten CEP-ML-Kombinationen, wobei sichSupervised Learning als überwiegender Kombinationsansatz zeigt, und (2) eineÜbertragung der Potenziale für die Verwendung in Smart Factories. Hier zeigtensich reaktive Maßnahmen als bisheriger Forschungsschwerpunkt

Suspicious loitering detection from annotated CCTV feed using CEP based approach

Smart Surveillance System is a critical system that enables automated detection of anomalous activities from live CCTV feed. The main challenge that needs to be addressed by the Smart Surveillance System is the ability to understand and detect the activities that are currently occurring within the CCTV feed. Suspicious loitering is considered one of the anomalous activities that precede unwanted events, such as break-ins, burglary, and robbery. In this research, the Complex Event Processing (CEP) approach was selected as the system development approach for developing a Smart Surveillance System. Four types of similarity search-based event detectors, namely the Multi-Layered Event Detector for General Application (MEGA), Temporally Constrained Template Match Detector (TCD), Sliding Window Detector (SWD), and Weighted Sliding Window Detector (WSWD) were tested and evaluated to determine the best suspicious loitering event detector to be used in the Smart Surveillance System. The input data to the detectors comprised manually annotated real CCTV feed which was subjected to three noise conditions: (i) no-noise (0% noise) annotation, (ii) 25% noisy annotation and (iii) 46.8% noisy annotation. The 46.8% noisy annotation is assumed to reflect the real ambient operating condition of the Smart Surveillance System; while the no-noise condition was assumed to reflect the perfect CCTV feed acquisition and annotation process. The performance of the detectors was measured in terms of sensitivity, specificity, detection accuracy, and the area under the Receiver’s Operating Curve (ROC). The results obtained showed that MEGA is the best overall detector for suspicious loitering detection in ambient operating conditions with detection accuracy of 97.20% and area under ROC curve of 0.6117

Advances in Evolutionary Algorithms

With the recent trends towards massive data sets and significant computational power, combined with evolutionary algorithmic advances evolutionary computation is becoming much more relevant to practice. Aim of the book is to present recent improvements, innovative ideas and concepts in a part of a huge EA field

Real-time Intrusion Detection using Multidimensional Sequence-to-Sequence Machine Learning and Adaptive Stream Processing

A network intrusion is any unauthorized activity on a computer network. There are host-based and network-based Intrusion Detection Systems (IDS\u27s), of which there are each signature-based and anomaly-based detection methods. An anomalous network behavior can be defined as an intentional violation of the expected sequence of packets. In a real-time network-based IDS, incoming packets are treated as a stream of data. A stream processor takes any stream of data or events and extracts interesting patterns on the fly. This representation allows applying statistical anomaly detection using sequence prediction algorithms as well as using a stream processor to perform signature-based intrusion detection and sequence extraction from a stream of packets. In this thesis, a Multidimensional Sequence to Multidimensional Sequence (MSeq2MSeq) encoder-decoder model is proposed to predict sequences of packets and an adaptive and functionally auto-scaling stream processor: Wisdom is proposed to process streams of packets. The proposed MSeq2MSeq model trained on legitimate traffic is able to detect Neptune Denial of Service (DoS) attacks, and Port Scan probes with 100% detection rate using the DARPA 1999 dataset. A hybrid algorithm using Particle Swarm Optimization (PSO) and Bisection algorithms was developed to optimize Complex Event Processing (CEP) rules in Wisdom . Adaptive CEP rules optimized by the above algorithm was able to detect FTP Brute Force attack, Slow Header DoS attack, and Port Scan probe with 100% detection rate while processing over 2.5 million events per second. An adaptive and functionally auto-scaling IDS was built using the MSeq2MSeq model and Wisdom stream processor to detect and prevent attacks based on anomalies and signature in real-time. The proposed IDS adapts itself to obtain best results without human intervention and utilizes available system resources in functionally auto-scaling deployment. Results show that the proposed IDS detects FTP Brute Force attack, Slow Header DoS attack, HTTP Unbearable Load King (HULK) DoS attack, SQL Injection attack, Web Brute Force attack, Cross-site scripting attack, Ares Botnet attack, and Port Scan probe with a 100% detection rate in a real-time environment simulated from the CICIDS 2017 dataset

Data Mining

Data mining is a branch of computer science that is used to automatically extract meaningful, useful knowledge and previously unknown, hidden, interesting patterns from a large amount of data to support the decision-making process. This book presents recent theoretical and practical advances in the field of data mining. It discusses a number of data mining methods, including classification, clustering, and association rule mining. This book brings together many different successful data mining studies in various areas such as health, banking, education, software engineering, animal science, and the environment

Applicability and Interpretability of Logical Analysis of Data in Condition Based Maintenance

Résumé Cette thèse étudie l’applicabilité et l’adaptabilité d’une approche d’exploration de données basée sur l’intelligence artificielle proposée dans [Hammer, 1986] et appelée analyse logique de données (LAD) aux applications diagnostiques dans le domaine de la maintenance conditionnelle CBM). La plupart des technologies utilisées à ce jour pour la prise de décision dans la maintenance conditionnelle ont tendance à automatiser le processus de diagnostic, sans offrir aucune connaissance ajoutée qui pourrait être utile à l’opération de maintenance et au personnel de maintenance. Par comparaison à d’autres techniques de prise de décision dans le domaine de la CBM, la LAD possède deux avantages majeurs : (1) il s’agit d’une approche non statistique, donc les données n’ont pas à satisfaire des suppositions statistiques et (2) elle génère des formes interprétables qui pourraient aider à résoudre les problèmes de maintenance. Une étude sur l’application de la LAD dans la maintenance conditionnelle est présentée dans cette recherche dont l’objectif est (1) d’étudier l’applicabilité de la LAD dans des situations différentes qui nécessitent des considérations particulières concernant les types de données d’entrée et les décisions de maintenance, (2) d’adapter la méthode LAD aux exigences particulières qui se posent à partir de ces applications et (3) d’améliorer la méthodologie LAD afin d’augmenter l’exactitude de diagnostic et d’interprétation de résultats. Les aspects innovants de la recherche présentés dans cette thèse sont (1) l’application de la LAD dans la CBM pour la première fois dans des applications qui bénéficient des propriétés uniques de cette technologie et (2) les modifications innovatrices de la méthodologie de la LAD, en particulier dans le domaine de la génération des formes, afin d’améliorer ses performances dans le cadre de la CBM et dans le domaine de classification multiclasses. La recherche menée dans cette thèse a suivi une approche évolutive afin d’atteindre les objectifs énoncés ci-dessus. La LAD a été utilisée et adaptée à trois applications : (1) la détection des composants malveillants (Rogue) dans l’inventaire de pièces de rechange réparables d’une compagnie aérienne commerciale, (2) la détection et l’identification des défauts dans les transformateurs de puissance en utilisant la DGA et (3) la détection des défauts dans les rotors en utilisant des signaux de vibration. Cette recherche conclut que la LAD est une approche de prise de décision prometteuse qui ajoute d’importants avantages à la mise en oeuvre de la CBM dans l’industrie.----------Abstract This thesis studies the applicability and adaptability of a data mining artificial intelligence approach called Logical Analysis of Data (LAD) to diagnostic applications in Condition Based Maintenance (CBM). Most of the technologies used so far for decision support in CBM tend to automate the diagnostic process without offering any added knowledge that could be helpful to the maintenance operation and maintenance personnel. LAD possesses two key advantages over other decision making technologies used in CBM: (1) it is a non-statistical approach; as such no statistical assumptions are required for the input data, and (2) it generates interpretable patterns that could help solve maintenance problems. A study on the implementation of LAD in CBM is presented in this research whose objective are to study the applicability of LAD in different CBM situations requiring special considerations regarding the types of input data and maintenance decisions, adapt the LAD methodology to the particular requirements that arise from these applications, and improve the LAD methodology in line with the above two objectives in order to increase diagnosis accuracy and result interpretability. The novelty of the research presented in this thesis is (1) the application of LAD to CBM for the first time in applications that stand to benefit from the advantages that this technology provides; and (2) the innovative modifications to LAD methodology, particularly in the area of pattern generation, in order to improve its performance within the context of CBM. The research conducted in this thesis followed an evolutionary approach in order to achieve the objectives stated in the Introduction. The research applied LAD in three applications: (1) the detection of Rogue components within the spare part inventory of reparable components in a commercial airline company, (2) the detection and identification of faults in power transformers using DGA, and (3) the detection of faults in rotor bearings using vibration signals. This research concludes that LAD is a promising decision making approach that adds important benefits to the implementation of CBM in the industry