Predictive Analysis for Network Data Storm

The project ‘Predictive Analysis for Network Data Storm’ involves the analysis of big data in Splunk, which indexes machine-generated big data and allows efficient querying and visualization, to develop a set of thresholds to predict a network meltdown, or commonly known as a data storm. The WPI team analyzed multiple datasets to spot patterns and determine the major differences between the normal state and the storm state of the network. A set of rules and thresholds were fully developed for the Fixed Income Transversal Tools team in BNP Paribas, who implemented the model in their internal real-time monitoring tool ‘SCADA’ to predict and prevent network data storms

Supporting Telecommunication Alarm Management System with Trouble Ticket Prediction

Fault alarm data emanated from heterogeneous telecommunication network services and infrastructures are exploding with network expansions. Managing and tracking the alarms with Trouble Tickets using manual or expert rule- based methods has become challenging due to increase in the complexity of Alarm Management Systems and demand for deployment of highly trained experts. As the size and complexity of networks hike immensely, identifying semantically identical alarms, generated from heterogeneous network elements from diverse vendors, with data-driven methodologies has become imperative to enhance efficiency. In this paper, a data-driven Trouble Ticket prediction models are proposed to leverage Alarm Management Systems. To improve performance, feature extraction, using a sliding time-window and feature engineering, from related history alarm streams is also introduced. The models were trained and validated with a data-set provided by the largest telecommunication provider in Italy. The experimental results showed the promising efficacy of the proposed approach in suppressing false positive alarms with Trouble Ticket prediction

Internet of things-based framework for public transportation fleet management in the Free State

Thesis (Masters: Information Technology) -- Central University of Technology, Free State, 2019The poor service delivery by the Free State public transportation system inspired us to design a framework solution to improve the current system. This qualitative study focuses on improving the management of the public transportation fleet. One of the most recently developed technologies in Information and Communication Technology (ICT), namely the Internet of Things (IoT), was utilised to develop this framework. Existing problems were identified through research observations, analyses of the current system, analyses of the current problem areas, as well as participants’ questionnaire answers and recommendations, the participants being the passengers, drivers and vehicle owners. The framework was developed in two phases, namely a hardware phase that makes use of ICT sensors (e.g. RFID, GPS, GPRS, IR, Zigbee, WiFi), and a software phase that uses an internet connection to communicate with the different ICT devices. The software utilised a Graphic User Interface (GUI) to ensure that the software is user-friendly and addresses possible problems and barriers such as multiple language interfaces and different ICT skills levels. The newly designed framework offers different services and solutions to meet the participants’ needs, such as real-time tracking for public transport vehicles to help passengers manage their departure and arrival times, as well as for vehicle owners to monitor their own vehicles. In turn, vehicle arrival notifications will encourage passengers to be on time so that vehicles will not be delayed unnecessarily. Another feature is counting devices that can be installed inside the vehicles, which will inform vehicle owners how many passengers are being transported by a vehicle. The passenger pre-booking system will support the drivers when planning their trips/routes. Finally, the framework was designed to fulfil all the participants’ needs that were indicated in the questionnaires in order to achieve the goal of the research study

HeAT PATRL: Network-Agnostic Cyber Attack Campaign Triage With Pseudo-Active Transfer Learning

SOC (Security Operation Center) analysts historically struggled to keep up with the growing sophistication and daily prevalence of cyber attackers. To aid in the detection of cyber threats, many tools like IDS’s (Intrusion Detection Systems) are utilized to monitor cyber threats on a network. However, a common problem with these tools is the volume of the logs generated is extreme and does not stop, further increasing the chance for an adversary to go unnoticed until it’s too late. Typically, the initial evidence of an attack is not an isolated event but a part of a larger attack campaign describing prior events that the attacker took to reach their final goal. If an analyst can quickly identify each step of an attack campaign, a timely response can be made to limit the impact of the attack or future attacks. In this work, we ask the question “Given IDS alerts, can we extract out the cyber-attack kill chain for an observed threat that is meaningful to the analyst?” We present HeAT-PATRL, an IDS attack campaign extractor that leverages multiple deep machine learning techniques, network-agnostic feature engineering, and the analyst’s knowledge of potential threats to extract out cyber-attack campaigns from IDS alert logs. HeAT-PATRL is the culmination of two works. Our first work “PATRL” (Pseudo-Active Transfer Learning), translates the complex alert signature description to the Action-Intent Framework (AIF), a customized set of attack stages. PATRL employs a deep language model with cyber security texts (CVE’s, C-Sec Blogs, etc.) and then uses transfer learning to classify alert descriptions. To further leverage the cyber-context learned in the language model, we develop Pseudo-Active learning to self-label unknown unlabeled alerts to use as additional training data. We show PATRL classifying the entire Suricata database (~70k signatures) with a top-1 of 87\% and top-3 of 99\% with less than 1,200 manually labeled signatures. The final work, HeAT (Heated Alert Triage), captures the analyst’s domain knowledge and opinion of the contribution of IDS events to an attack campaign given a critical IoC (indicator of compromise). We developed network-agnostic features to characterize and generalize attack campaign contributions so that prior triages can aid in identifying attack campaigns for other attack types, new attackers, or network infrastructures. With the use of cyber-attack competition data (CPTC) and data from a real SOC operation, we demonstrate that the HeAT process can identify campaigns reflective of the analysts thinking while greatly reducing the number of actions to be assessed by the analyst. HeAT has the unique ability to uncover attack campaigns meaningful to the analyst across drastically different network structures while maintaining the important attack campaign relationships defined by the analyst

Assuring medication safety from board to ward – the role of governance and local cultures

Professional cultures – that is, shared values, attitudes, and behaviours among a professional group – have been identified to play an important role in affecting aspects of patient safety in healthcare. It is argued that these cultures can affirm or contradict an organisation’s safety aims. Despite academic and policy interest, there remains a gap in our understanding of the impact of cultures on the governance and assurance of medication safety. This thesis addresses this gap by conceptualising the role of professional and local ward cultures on the governance and assurance of medication safety across three hospitals within one NHS Foundation Trust. Through an ethnographic lens, this thesis generates detailed insights from structured and unstructured observations (271 hours), interviews (20), and documentary analysis at micro (wards), meso (divisions), and macro (Trust) levels within an organisation to identify the different ‘cultures’ that existed and their relationship with medication safety. The role and influence of cultures, for example professional cultures, was studied at all levels in the organisation. Differing professional ownership existed towards medication safety, giving nurses and pharmacists a more ‘present voice’ than doctors. A focus on inter- and intra-professional working around medication safety identified a fluid conceptualisation of hierarchy across the three study sites. Hierarchical barriers existed but professionals used key tactics to flatten this hierarchy to ensure medication safety. This study also identifies the key role professional cultures play in affecting the implementation of external governance. This role was well acknowledged by senior leaders, yet they identified that they struggled to make changes to medication-specific cultures (e.g. not adhering to a guideline as local norms discouraged it). This study is one of the few to specifically consider the effect of cultures on the governance and assurance of medication safety in an NHS Trust. It also contributes to organisational learning literature by following the operationalisation of two cases of external governance through a complex and multi-layer organisation and identifying the role of cultures at every level of the organisation

Between security, law enforcement and harm reduction: drug policing at commercial music festivals in England

In this thesis, I use an ethnographic methodology to explore the implementation of drug policing at commercial music festivals in England. I argue that festival drug policing is primarily concerned with the anticipation and mitigation of drug-related risk, and festivals adopt an array of security, enforcement and harm reduction approaches under the ‘3: Ps’ (Prevent, Pursue and Protect) in pursuit of this. With an lens on the in-situ decision making of policing, security and management actors on the ground, I illustrate how drug policies are negotiated between agencies, in order to satisfy their sometimes competing risk-perceptions and interests in their pursuit of drug security

Machine learning and mixed reality for smart aviation: applications and challenges

The aviation industry is a dynamic and ever-evolving sector. As technology advances and becomes more sophisticated, the aviation industry must keep up with the changing trends. While some airlines have made investments in machine learning and mixed reality technologies, the vast majority of regional airlines continue to rely on inefficient strategies and lack digital applications. This paper investigates the state-of-the-art applications that integrate machine learning and mixed reality into the aviation industry. Smart aerospace engineering design, manufacturing, testing, and services are being explored to increase operator productivity. Autonomous systems, self-service systems, and data visualization systems are being researched to enhance passenger experience. This paper investigate safety, environmental, technological, cost, security, capacity, and regulatory challenges of smart aviation, as well as potential solutions to ensure future quality, reliability, and efficiency

Information Systems for Supporting Fire Emergency Response

Despite recent work on information systems, many first responders in emergency situations are unable to develop sufficient understanding of the situation to enable them to make good decisions. The record of the UK Fire and Rescue Service (FRS) has been particularly poor in terms of providing the information systems support to the fire fighters decision-making during their work. There is very little work on identifying the specific information needs of different types of fire fighters. Consequently, this study has two main aims. The first is to identify the information requirements of several specific members of the FRS hierarchy that lead to better Situation Awareness. The second is to identify how such information should be presented. This study was based on extensive data collected in the FRS brigades of three counties and focused on large buildings having a high-risk of fire and four key fire fighter job roles: Incident Commander, Sector Commander, Breathing Apparatus Entry Control Officer and Breathing Apparatus Wearers. The requirements elicitation process was guided by a Cognitive Task Analysis (CTA) tool: Goal Directed Information Analysis (GDIA), which was developed specifically for this study. Initially appropriate scenarios were developed. Based on the scenarios, 44 semi-structured interviews were carried out in three different elicitation phases with both novice and experienced fire fighters. Together with field observations of fire simulation and training exercises, fire and rescue related documentation; a comprehensive set of information needs of fire fighters was identified. These were validated through two different stages via 34 brainstorming sessions with the participation of a number of subject-matter experts. To explore appropriate presentation methods of information, software mock-up was developed. This mock-up is made up of several human computer interfaces, which were evaluated via 19 walkthrough and workshop sessions, involving 22 potential end-users and 14 other related experts. As a result, many of the methods used in the mock-up were confirmed as useful and appropriate and several refinements proposed. The outcomes of this study include: 1) A set of GDI Diagrams showing goal related information needs for each of the job roles with the link to their decision-making needs, 2) A series of practical recommendations suitable for designing of human computer interfaces of fire emergency response information system, 3) Human computer interface mock-ups for an information system to enhance Situation Awareness of fire fighters and 4) A conceptual architecture for the underlying information system. In addition, this study also developed an enhanced cognitive task analysis tool capable of exploring the needs of emergency first responders. This thesis contributes to our understanding of how information systems could be designed to enhance the Situation Awareness of first responders in a fire emergency. These results will be of particular interest to practicing information systems designers and developers in the FRS in the UK and to the wider academic community