A hybrid intrusion detection system

Anomaly intrusion detection normally has high false alarm rates, and a high volume of false alarms will prevent system administrators identifying the real attacks. Machine learning methods provide an effective way to decrease the false alarm rate and improve the detection rate of anomaly intrusion detection. In this research, we propose a novel approach using kernel methods and Support Vector Machine (SVM) for improving anomaly intrusion detectors\u27 accuracy. Two kernels, STIDE kernel and Markov Chain kernel, are developed specially for intrusion detection applications. The experiments show the STIDE and Markov Chain kernel based two class SVM anomaly detectors have better accuracy rate than the original STIDE and Markov Chain anomaly detectors.;Generally, anomaly intrusion detection approaches build normal profiles from labeled training data. However, labeled training data for intrusion detection is expensive and not easy to obtain. We propose an anomaly detection approach, using STIDE kernel and Markov Chain kernel based one class SVM, that does not need labeled training data. To further increase the detection rate and lower the false alarm rate, an approach of integrating specification based intrusion detection with anomaly intrusion detection is also proposed.;This research also establish a platform which generates automatically both misuse and anomaly intrusion detection software agents. In our method, a SIFT representing an intrusion is automatically converted to a Colored Petri Net (CPNs) representing an intrusion detection template, subsequently, the CPN is compiled into code for misuse intrusion detection software agents using a compiler and dynamically loaded and launched for misuse intrusion detection. On the other hand, a model representing a normal profile is automatically generated from training data, subsequently, an anomaly intrusion detection agent which carries this model is generated and launched for anomaly intrusion detection. By engaging both misuse and anomaly intrusion detection agents, our system can detect known attacks as well as novel unknown attacks

Using process mining to learn from process changes in evolutionary systems

Abstract. Traditional information systems struggle with the requirement to provide flexibility and process support while still enforcing some degree of control. Accordingly, adaptive process management systems (PMSs) have emerged that provide some flexibility by enabling dynamic process changes during runtime. Based on the assumption that these process changes are recorded explicitly, we present two techniques for mining change logs in adaptive PMSs; i.e., we do not only analyze the execution logs of the operational processes, but also consider the adaptations made at the process instance level. The change processes discovered through process mining provide an aggregated overview of all changes that happened so far. This, in turn, can serve as basis for integrating the extrinsic drivers of process change (i.e., the stimuli for flexibility) with existing process adaptation approaches (i.e., the intrinsic change mechanisms). Using process mining as an analysis tool we show in this paper how better support can be provided for truly flexible processes by understanding when and why process changes become necessary

Model-Based Guidance for Human-Intensive Processes

Human-intensive processes (HIPs), such as medical processes involving coordination among doctors, nurses, and other medical staff, often play a critical role in society. Despite considerable work and progress in error reduction, human errors are still a major concern for many HIPs. To address this problem of human errors in HIPs, this thesis investigates two approaches for online process guidance, i.e., for guiding process performers while a process is being executed. Both approaches rely on monitoring a process execution and base the guidance they provide on a detailed formal process model that captures the recommended ways to perform the corresponding HIP. The first approach, which we call deviation detection and explanation, automatically detects when an executing HIP deviates from a set of recommended executions of that HIP, as specified by the process model. Such deviations could represent errors and, thus, detecting and reporting deviations as they occur could help catch errors before something bad happens. The approach also provides information to help explain a detected deviation to assist process performers with identifying potential errors and with planning recovery from these errors. The second approach, which we call process state visualization, proactively guides process performers by showing them information relevant to the current process execution, such as the activities that need to be performed at each point of that process execution. The goal of the process state visualization approach is to reduce the number of human errors. The major contributions of this work can be summarized as follows: -- Compared the relative strengths and weaknesses of several techniques for process elicitation and process model validation to help create correct and sufficiently complete process models needed for the proposed online process guidance approaches. -- Developed an approach for deviation detection and explanation and evaluated it with realistic process models and synthetic process executions with seeded errors. * Recognized delayed deviation detection as a potential obstacle for the approach and investigated its frequency and consequences. -- Developed an initial approach for visualization of process execution state and demonstrated it on a medical case study

Computer Science for Continuous Data:Survey, Vision, Theory, and Practice of a Computer Analysis System

Building on George Boole's work, Logic provides a rigorous foundation for the powerful tools in Computer Science that underlie nowadays ubiquitous processing of discrete data, such as strings or graphs. Concerning continuous data, already Alan Turing had applied "his" machines to formalize and study the processing of real numbers: an aspect of his oeuvre that we transform from theory to practice.The present essay surveys the state of the art and envisions the future of Computer Science for continuous data: natively, beyond brute-force discretization, based on and guided by and extending classical discrete Computer Science, as bridge between Pure and Applied Mathematics

Modeling and Solution Methodologies for Mixed-Model Sequencing in Automobile Industry

The global competitive environment leads companies to consider how to produce high-quality products at a lower cost. Mixed-model assembly lines are often designed such that average station work satisfies the time allocated to each station, but some models with work-intensive options require more than the allocated time. Sequencing varying models in a mixed-model assembly line, mixed-model sequencing (MMS), is a short-term decision problem that has the objective of preventing line stoppage resulting from a station work overload. Accordingly, a good allocation of models is necessary to avoid work overload. The car sequencing problem (CSP) is a specific version of the MMS that minimizes work overload by controlling the sequence of models. In order to do that, CSP restricts the number of work-intensive options by applying capacity rules. Consequently, the objective is to find the sequence with the minimum number of capacity rule violations. In this dissertation, we provide exact and heuristic solution approaches to solve different variants of MMS and CSP. First, we provide five improved lower bounds for benchmark CSP instances by solving problems optimally with a subset of options. We present four local search metaheuristics adapting efficient transformation operators to solve CSP. The computational experiments show that the Adaptive Local Search provides a significant advantage by not requiring tuning on the operator weights due to its adaptive control mechanism. Additionally, we propose a two-stage stochastic program for the mixed-model sequencing (MMS) problem with stochastic product failures, and provide improvements to the second-stage problem. To tackle the exponential number of scenarios, we employ the sample average approximation approach and two solution methodologies. On one hand, we develop an L-shaped decomposition-based algorithm, where the computational experiments show its superiority over solving the deterministic equivalent formulation with an off-the-shelf solver. We also provide a tabu search algorithm in addition to a greedy heuristic to tackle case study instances inspired by our car manufacturer partner. Numerical experiments show that the proposed solution methodologies generate high-quality solutions by utilizing a sample of scenarios. Particularly, a robust sequence that is generated by considering car failures can decrease the expected work overload by more than 20\% for both small- and large-sized instances. To the best of our knowledge, this is the first study that considers stochastic failures of products in MMS. Moreover, we propose a two-stage stochastic program and formulation improvements for a mixed-model sequencing problem with stochastic product failures and integrated reinsertion process. We present a bi-objective evolutionary optimization algorithm, a two-stage bi-objective local search algorithm, and a hybrid local search integrated evolutionary optimization algorithm to tackle the proposed problem. Numerical experiments over a case study show that while the hybrid algorithm provides a better exploration of the Pareto front representation and more reliable solutions in terms of waiting time of failed vehicles, the local search algorithm provides more reliable solutions in terms of work overload objective. Finally, dynamic reinsertion simulations are executed over industry-inspired instances to assess the quality of the solutions. The results show that integrating the reinsertion process in addition to considering vehicle failures can keep reducing the work overload by around 20\% while significantly decreasing the waiting time of the failed vehicles

Applications of AI planning in genome rearrangement and in multi-robot systems

In AI planning the aim is to plan the actions of an agent to achieve the given goals from a given initial state. We use AI planning to solve two challenging problems: the genome rearrangement problem in computational biology and the decoupled planning problem in multi-robot systems. Motivated by the reconstruction of phylogenies, the genome rearrangement problem seeks to find the minimum number of rearrangement events (i.e., genome-wide mutations) between two given genomes. We introduce a novel method (called GENOMEPLAN) to solve this problem for single chromosome circular genomes with unequal gene content and/or duplicate genes, by formulating the pairwise comparison of entire genomes as an AI planning problem and using the AI planner TLPlan to compute solutions. The idea is to plan genome rearrangement events to transform one genome to the other. To improve computational efficiency, GENOMEPLAN embeds several heuristics in the descriptions of these events. To better understand the evolutionary history of species and to find more plausible solutions, GENOMEPLAN allows assigning costs and priorities to rearrangement events. The applicability of GENOMEPLAN is shown by some experiments on real data sets as well as randomly generated instances. In multi-robot systems, multiple teams of heterogeneous robots work in separate workspaces towards different goals. The teams are allowed to lend robots to one another. The goal is to find an overall plan of minimum length where each team completes its assigned task. We introduce an intelligent algorithm to solve this problem. The idea is, on the one hand, to allow each team to autonomously find its own plan and, on the other hand, to allow a central agent to communicate with the representatives of the teams to find an optimal decoupled plan. We prove the soundness and completeness of our decoupled planning algorithm, and analyze its computational complexity. We show the applicability of our approach on an intelligent factory scenario, using the action description language C+ for representing the domain and the causal reasoner CCALC for reasoning about the domain

複数バージョンのあるソフトウェアの自動検証・検査 : 複数バージョン管理時代のソフトウェアの品質向上

学位の種別: 課程博士審査委員会委員 : (主査)東京大学准教授 佐藤 周行, 東京大学教授 相田 仁, 東京大学教授 峯松 信明, 東京大学准教授 小川 剛史, 東京大学准教授 鶴岡 慶雅, 東京大学准教授 近山 隆, 日本IBMシニアリサーチャー 河内谷 清久仁University of Tokyo(東京大学