Big data analytics towards predictive maintenance at the INFN-CNAF computing centre

La Fisica delle Alte Energie (HEP) è da lungo tra i precursori nel gestire e processare enormi dataset scientifici e nell'operare alcuni tra i più grandi data centre per applicazioni scientifiche. HEP ha sviluppato una griglia computazionale (Grid) per il calcolo al Large Hadron Collider (LHC) del CERN di Ginevra, che attualmente coordina giornalmente le operazioni di calcolo su oltre 800k processori in 170 centri di calcolo e gestendo mezzo Exabyte di dati su disco distribuito in 5 continenti. Nelle prossime fasi di LHC, soprattutto in vista di Run-4, il quantitativo di dati gestiti dai centri di calcolo aumenterà notevolmente. In questo contesto, la HEP Software Foundation ha redatto un Community White Paper (CWP) che indica il percorso da seguire nell'evoluzione del software moderno e dei modelli di calcolo in preparazione alla fase cosiddetta di High Luminosity di LHC. Questo lavoro ha individuato in tecniche di Big Data Analytics un enorme potenziale per affrontare le sfide future di HEP. Uno degli sviluppi riguarda la cosiddetta Operation Intelligence, ovvero la ricerca di un aumento nel livello di automazione all'interno dei workflow. Questo genere di approcci potrebbe portare al passaggio da un sistema di manutenzione reattiva ad uno, più evoluto, di manutenzione predittiva o addirittura prescrittiva. La tesi presenta il lavoro fatto in collaborazione con il centro di calcolo dell'INFN-CNAF per introdurre un sistema di ingestione, organizzazione e processing dei log del centro su una piattaforma di Big Data Analytics unificata, al fine di prototipizzare un modello di manutenzione predittiva per il centro. Questa tesi contribuisce a tale progetto con lo sviluppo di un algoritmo di clustering dei messaggi di log basato su misure di similarità tra campi testuali, per superare il limite connesso alla verbosità ed eterogeneità dei log raccolti dai vari servizi operativi 24/7 al centro

Development of a model for smart card based access control in multi-user, multi-resource, multi-level access systems

The primary focus of this research is an examination of the issues involved in the granting of access in an environment characterised by multiple users, multiple resources and multiple levels of access permission. Increasing levels of complexity in automotive systems provides opportunities for improving the integration and efficiency of the services provided to the operator. The vehicle lease / hire environment provided a basis for evaluating conditional access to distributed, mobile assets where the principal medium for operating in this environment is the Smart Card. The application of Smart Cards to existing vehicle management systems requires control of access to motor vehicles, control of vehicle operating parameters and secure storage of operating information. The issues addressed include examination of the characteristics of the operating environment, development of a model and design, simulation and evaluation of a multiple application Smart Card. The functions provided by the card include identification and authentication, secure hash and encryption functions which may be applied, in general, to a wide range of access problems. Evaluation of the algorithms implemented indicate that the Smart Card design may be provably secure under single use conditions and conditionally secure under multiple use conditions. The simulation of the card design provided data to support further research and shows the design is practical and able to be implemented on current Smart Card types

Automated and intelligent hacking detection system

Dissertação de mestrado integrado em Informatics EngineeringThe Controller Area Network (CAN) is the backbone of automotive networking, connecting many Electronic ControlUnits (ECUs) that control virtually every vehicle function from fuel injection to parking sensors. It possesses,however, no security functionality such as message encryption or authentication by default. Attackers can easily inject or modify packets in the network, causing vehicle malfunction and endangering the driver and passengers. There is an increasing number of ECUs in modern vehicles, primarily driven by the consumer’s expectation of more features and comfort in their vehicles as well as ever-stricter government regulations on efficiency and emissions. Combined with vehicle connectivity to the exterior via Bluetooth, Wi-Fi, or cellular, this raises the risk of attacks. Traditional networks, such as Internet Protocol (IP), typically have an Intrusion Detection System (IDS) analysing traffic and signalling when an attack occurs. The system here proposed is an adaptation of the traditional IDS into the CAN bus using a One Class Support Vector Machine (OCSVM) trained with live, attack-free traffic. The system is capable of reliably detecting a variety of attacks, both known and unknown, without needing to understand payload syntax, which is largely proprietary and vehicle/model dependent. This allows it to be installed in any vehicle in a plug-and-play fashion while maintaining a large degree of accuracy with very few false positives.A Controller Area Network (CAN) é a principal tecnologia de comunicação interna automóvel, ligando muitas Electronic Control Units (ECUs) que controlam virtualmente todas as funções do veículo desde injeção de combustível até aos sensores de estacionamento. No entanto, não possui por defeito funcionalidades de segurança como cifragem ou autenticação. É possível aos atacantes facilmente injetarem ou modificarem pacotes na rede causando estragos e colocando em perigo tanto o condutor como os passageiros. Existe um número cada vez maior de ECUs nos veículos modernos, impulsionado principalmente pelas expectativas do consumidores quanto ao aumento do conforto nos seus veículos, e pelos cada vez mais exigentes regulamentos de eficiência e emissões. Isto, associada à conexão ao exterior através de tecnologias como o Bluetooth, Wi-Fi, ou redes móveis, aumenta o risco de ataques. Redes tradicionais, como a rede Internet Protocol (IP), tipicamente possuem um Intrusion Detection Systems (IDSs) que analiza o tráfego e assinala a presença de um ataque. O sistema aqui proposto é uma adaptação do IDS tradicional à rede CAN utilizando uma One Class Support Vector Machine (OCSVM) treinada com tráfego real e livre de ataques. O sistema é capaz de detetar com fiabilidade uma variedade de ataques, tanto conhecidos como desconhecidos, sem a necessidade de entender a sintaxe do campo de dados das mensagens, que é maioritariamente proprietária. Isto permite ao sistema ser instalado em qualquer veículo num modo plug-and-play enquanto mantém um elevado nível de desempenho com muito poucos falsos positivos

Models for calculating confidence intervals for neural networks

This research focused on coding and analyzing existing models to calculate confidence intervals on the results of neural networks. The three techniques for determining confidence intervals determination were the non-linear regression, the bootstrapping estimation, and the maximum likelihood estimation. Confidence intervals for non-linear regression, bootstrap estimation, and maximum likelihood were coded in Visual Basic. The neural network used the backpropagation algorithm with an input layer, one hidden layer and an output layer with one unit. The hidden layer had a logistic or binary sigmoidal activation function and the output layer had a linear activation function. These techniques were tested on various data sets with and without additional noise. Out of eight cases studied, non-linear regression and bootstrapping each had the four lowest values for the average coverage probability minus the nominal probability. For the average coverage probabilities minus the nominal probabilities of all data sets, the bootstrapping estimation obtained the lowest values. The ranges and standard deviations of the coverage probabilities over 15 simulations for the three techniques were computed, and it was observed that the non-linear regression obtained consistent results with the least range and standard deviation, and bootstrapping had the largest ranges and standard deviations. The bootstrapping estimation technique gave a slightly better average coverage probability (CP) minus nominal values than the non-linear regression method, but it had considerably more variation in individual simulations. The maximum likelihood estimation had the poorest results with respect to the average CP minus nominal values

Wearables at work:preferences from an employee’s perspective

This exploratory study aims to obtain a first impression of the wishes and needs of employees on the use of wearables at work for health promotion. 76 employ-ees with a mean age of 40 years old (SD ±11.7) filled in a survey after trying out a wearable. Most employees see the potential of using wearable devices for workplace health promotion. However, according to employees, some negative aspects should be overcome before wearables can effectively contribute to health promotion. The most mentioned negative aspects were poor visualization and un-pleasantness of wearing. Specifically for the workplace, employees were con-cerned about the privacy of data collection