PROFILING - CONCEPTS AND APPLICATIONS

Profiling is an approach to put a label or a set of labels on a subject, considering the characteristics of this subject. The New Oxford American Dictionary defines profiling as: “recording and analysis of a person’s psychological and behavioral characteristics, so as to assess or predict his/her capabilities in a certain sphere or to assist in identifying a particular subgroup of people”. This research extends this definition towards things demonstrating that many methods used for profiling of people may be applied for a different type of subjects, namely things. The goal of this research concerns proposing methods for discovery of profiles of users and things with application of Data Science methods. The profiles are utilized in vertical and 2 horizontal scenarios and concern such domains as smart grid and telecommunication (vertical scenarios), and support provided both for the needs of authorization and personalization (horizontal usage).:The thesis consists of eight chapters including an introduction and a summary. First chapter describes motivation for work that was carried out for the last 8 years together with discussion on its importance both for research and business practice. The motivation for this work is much broader and emerges also from business importance of profiling and personalization. The introduction summarizes major research directions, provides research questions, goals and supplementary objectives addressed in the thesis. Research methodology is also described, showing impact of methodological aspects on the work undertaken. Chapter 2 provides introduction to the notion of profiling. The definition of profiling is introduced. Here, also a relation of a user profile to an identity is discussed. The papers included in this chapter show not only how broadly a profile may be understood, but also how a profile may be constructed considering different data sources. Profiling methods are introduced in Chapter 3. This chapter refers to the notion of a profile developed using the BFI-44 personality test and outcomes of a survey related to color preferences of people with a specific personality. Moreover, insights into profiling of relations between people are provided, with a focus on quality of a relation emerging from contacts between two entities. Chapters from 4 to 7 present different scenarios that benefit from application of profiling methods. Chapter 4 starts with introducing the notion of a public utility company that in the thesis is discussed using examples from smart grid and telecommunication. Then, in chapter 4 follows a description of research results regarding profiling for the smart grid, focusing on a profile of a prosumer and forecasting demand and production of the electric energy in the smart grid what can be influenced e.g. by weather or profiles of appliances. Chapter 5 presents application of profiling techniques in the field of telecommunication. Besides presenting profiling methods based on telecommunication data, in particular on Call Detail Records, also scenarios and issues related to privacy and trust are addressed. Chapter 6 and Chapter 7 target at horizontal applications of profiling that may be of benefit for multiple domains. Chapter 6 concerns profiling for authentication using un-typical data sources such as Call Detail Records or data from a mobile phone describing the user behavior. Besides proposing methods, also limitations are discussed. In addition, as a side research effect a methodology for evaluation of authentication methods is proposed. Chapter 7 concerns personalization and consists of two diverse parts. Firstly, behavioral profiles to change interface and behavior of the system are proposed and applied. The performance of solutions personalizing content either locally or on the server is studied. Then, profiles of customers of shopping centers are created based on paths identified using Call Detail Records. The analysis demonstrates that the data that is collected for one purpose, may significantly influence other business scenarios. Chapter 8 summarizes the research results achieved by the author of this document. It presents contribution over state of the art as well as some insights into the future work planned

Behavioural Monitoring via Network Communications

It is commonly acknowledged that using Internet applications is an integral part of an individual’s everyday life, with more than three billion users now using Internet services across the world; and this number is growing every year. Unfortunately, with this rise in Internet use comes an increasing rise in cyber-related crime. Whilst significant effort has been expended on protecting systems from outside attack, only more recently have researchers sought to develop countermeasures against insider attack. However, for an organisation, the detection of an attack is merely the start of a process that requires them to investigate and attribute the attack to an individual (or group of individuals). The investigation of an attack typically revolves around the analysis of network traffic, in order to better understand the nature of the traffic flows and importantly resolves this to an IP address of the insider. However, with mobile computing and Dynamic Host Control Protocol (DHCP), which results in Internet Protocol (IP) addresses changing frequently, it is particularly challenging to resolve the traffic back to a specific individual. The thesis explores the feasibility of profiling network traffic in a biometric-manner in order to be able to identify users independently of the IP address. In order to maintain privacy and the issue of encryption (which exists on an increasing volume of network traffic), the proposed approach utilises data derived only from the metadata of packets, not the payload. The research proposed a novel feature extraction approach focussed upon extracting user-oriented application-level features from the wider network traffic. An investigation across nine of the most common web applications (Facebook, Twitter, YouTube, Dropbox, Google, Outlook, Skype, BBC and Wikipedia) was undertaken to determine whether such high-level features could be derived from the low-level network signals. The results showed that whilst some user interactions were not possible to extract due to the complexities of the resulting web application, a majority of them were. Having developed a feature extraction process that focussed more upon the user, rather than machine-to-machine traffic, the research sought to use this information to determine whether a behavioural profile could be developed to enable identification of the users. Network traffic of 27 users over 2 months was collected and processed using the aforementioned feature extraction process. Over 140 million packets were collected and processed into 45 user-level interactions across the nine applications. The results from behavioural profiling showed that the system is capable of identifying users, with an average True Positive Identification Rate (TPIR) in the top three applications of 87.4%, 75% and 61.9% respectively. Whilst the initial study provided some encouraging results, the research continued to develop further refinements which could improve the performance. Two techniques were applied, fusion and timeline analysis techniques. The former approach sought to fuse the output of the classification stage to better incorporate and manage the variability of the classification and resulting decision phases of the biometric system. The latter approach sought to capitalise on the fact that whilst the IP address is not reliable over a period of time due to reallocation, over shorter timeframes (e.g. a few minutes) it is likely to reliable and map to the same user. The results for fusion across the top three applications were 93.3%, 82.5% and 68.9%. The overall performance adding in the timeline analysis (with a 240 second time window) on average across all applications was 72.1%. Whilst in terms of biometric identification in the normal sense, 72.1% is not outstanding, its use within this problem of attributing misuse to an individual provides the investigator with an enormous advantage over existing approaches. At best, it will provide him with a user’s specific traffic and at worst allow them to significantly reduce the volume of traffic to be analysed

Continuous Identity Verification in Cloud Computing Services

Cloud computing has become a hugely popular new paradigm for hosting and delivering services over the internet for individuals and organisations with low cost. However, security is a sensitive issue in cloud computing, as it its services remain accessible to anyone after initial authenticated login and for significant periods. This has led to an increase in the number of attacks on sensitive cus-tomer information. This research identified biometric approaches as a possible solution for security to be maintained beyond the point of entry. Specifically, behaviour profiling has been proposed and applied across various other applications in the area of Transparent Authentication Systems (TAS’s) and Intrusion Detection Systems (IDS’s) to detect account misuse. However, little research has sought to imple-ment this technique within cloud computing services to detect misuse. This research proposes a novel continuous identity verification system as a supporting factor to protect cloud users by operating transparently to detect ab-normal access. The research examines the feasibility of applying a behavioural profiling technique on cloud users with respect to Software as a Service (SaaS) and Infrastructure as a Service (IaaS). Two real-life datasets were collected from 30 and 60 users for SaaS and IaaS studies, respectively. A thorough design and investigation of the biometric techniques was undertaken, including description statistics analysis and pattern classification optimisation. A number of factors were analysed to evaluate the impact on system performance, such as volume of data and type of sample selection. On average, using random sampling, the best experimental result achieved an EER (Equal Error Rate) of as low as 5.8%; six users experienced EERs equal to or less than 0.3%. Moreover, the IaaS study achieved a higher performance than the SaaS study with an overall EER of 0.32%. Based on the intensive analysis of the experimental performance of SaaS and IaaS studies, it has been identified that changes in user behaviour over time can negatively affect the performance of the suggested technique. Therefore, a dy-namic template renewal procedure has been proposed as a novel solution to keep recent user behaviour updated in the current users’ templates. The practi-cal experimental result using the more realistic time-series sampling methodolo-gy has shown the validity of the proposed solution with higher accuracy of 5.77 % EER

Development of a classification algorithm for vehicle impacts: an anomaly detection approach

Dissertação de mestrado em Engenharia InformáticaIn the past decade, Machine Learning has been heavily applied to automobile industry solutions, the most promising being development of autonomous vehicles. New mobility services are available today as alternatives to owning a car, like ride hailing and carsharing. High costs associated with the maintenance of the vehicle and the reduced rate of vehicle use throughout the day are some of the factors for the popularity of these services. Car-sharing is self-service mode of transport that provides its members with access to a fleet of vehicles parked in various locations throughout a city. Damages are expected to happen when vehicles are used and the required repair implies costs to fleet operators. Systems able to detect these damages will promote a better use of these vehicles by vehicle users. Vehicle damages result from impacts with other objects, for instance, other vehicles or structures of any kind and these impacts inflict deformations to the vehicle exterior structure. Most of these impacts can be perceived or detected by the forces involved as result of the impact. Anomaly Detection is a technique applicable in a variety of domains, such as intrusion detection, fraud detection, event detection in sensor network or detection ecosystem disturbances. The objective of this thesis is the study and development of a semi-supervised intelligent system for detection and classification of vehicle impacts with an Anomaly Detection approach, using the accelerometer data, and following a strategy that would allow exploring a Machine Learning cycle. This thesis was developed under an internship in the company Bosch Car Multimedia S.A, located in Braga.Na última década, Machine Learning tem sido extensamente utilizado em soluções na indústria automóvel, o mais promissor sendo o desenvolvimento de veículos com condução autônoma. Novos serviços de mobilidade estão disponíveis hoje como alternativas à posse de um carro, como ride hailing ou car-sharing. Os elevados custos associados à manutenção do veículo e a sua reduzida taxa de utilização ao longo do dia são alguns dos fatores que contribuem para a popularidade destes serviços. Car-sharing é um modo de transporte self-service que fornece aos seus membros acesso a uma frota de veículos estacionados em vários locais duma cidade. Danos são espectáveis de ocorrer quando os veículos são usados e a reparação necessária implica custos para os operadores da frota. Sistemas capazes de detectar esses danos irão promover um melhor aproveitamento desses veículos pelos utilizadores dos veículos. Os danos de veículos resultam de impactos com outros objetos como, por exemplo, outros veículos ou estruturas e esses impactos provocam deformações na estrutura externa do veículo. A maioria desses impactos podem ser compreendidos ou detetados pelas forças envolvidas do resultado do impacto. Anomaly Detection é uma técnica aplicável em uma variedade de domínios, como deteção de intrusões, deteção de fraude, deteção de eventos numa rede de sensores ou deteção de distúrbios no ecossistema. O objetivo desta dissertação foi o estudo e desenvolvimento de um sistema inteligente semi-supervisionado para detecção e classificação de impactos de veículos a partir de uma abordagem de Anomaly Detection, utilizando os dados de acelerómetro, e seguindo uma estratégia que permitisse explorar um ciclo de Machine Learning. Esta dissertação foi desenvolvida no âmbito de um estágio na empresa Bosch Car Multimedia S.A, situada em Braga

Human-Computer Interaction: Security Aspects

Along with the rapid development of intelligent information age, users are having a growing interaction with smart devices. Such smart devices are interconnected together in the Internet of Things (IoT). The sensors of IoT devices collect information about users' behaviors from the interaction between users and devices. Since users interact with IoT smart devices for the daily communication and social network activities, such interaction generates a huge amount of network traffic. Hence, users' behaviors are playing an important role in the security of IoT smart devices, and the security aspects of Human-Computer Interaction are becoming significant. In this dissertation, we provide a threefold contribution: (1) we review security challenges of HCI-based authentication, and design a tool to detect deceitful users via keystroke dynamics; (2) we present the impact of users' behaviors on network traffic, and propose a framework to manage such network traffic; (3) we illustrate a proposal for energy-constrained IoT smart devices to be resilient against energy attack and efficient in network communication. More in detail, in the first part of this thesis, we investigate how users' behaviors impact on the way they interact with a device. Then we review the work related to security challenges of HCI-based authentication on smartphones, and Brain-Computer Interfaces (BCI). Moreover, we design a tool to assess the truthfulness of the information that users input using a computer keyboard. This tool is based on keystroke dynamics and it relies on machine learning technique to achieve this goal. To the best of our knowledge, this is the first work that associates the typing users' behaviors with the production of deceptive personal information. We reached an overall accuracy of 76% in the classification of a single answer as truthful or deceptive. In the second part of this thesis, we review the analysis of network traffic, especially related to the interaction between mobile devices and users. Since the interaction generates a huge amount of network traffic, we propose an innovative framework, GolfEngine, to manage and control the impact of users behavior on the network relying on Software Defined Networking (SDN) techniques. GolfEngine provides users a tool to build their security applications and offers Graphical User Interface (GUI) for managing and monitoring the network. In particular, GolfEngine provides the function of checking policy conflicts when users design security applications and the mechanism to check data storage redundancy. GolfEngine not only prevents the malicious inputting policies but also it enforces the security about network management of network traffic. The results of our simulation underline that GolfEngine provides an efficient, secure, and robust performance for managing network traffic via SDN. In the third and last part of this dissertation, we analyze the security aspects of battery-equipped IoT devices from the energy consumption perspective. Although most of the energy consumption of IoT devices is due to user interaction, there is still a significant amount of energy consumed by point-to-point communication and IoT network management. In this scenario, an adversary may hijack an IoT device and conduct a Denial of Service attack (DoS) that aims to run out batteries of other devices. Therefore, we propose EnergIoT, a novel method based on energetic policies that prevent such attacks and, at the same time, optimizes the communication between users and IoT devices, and extends the lifetime of the network. EnergIoT relies on a hierarchical clustering approach, based on different duty cycle ratios, to maximize network lifetime of energy-constrained smart devices. The results show that EnergIoT enhances the security and improves the network lifetime by 32%, compared to the earlier used approach, without sacrificing the network performance (i.e., end-to-end delay)

Artificial Intelligence and Cognitive Computing

Artificial intelligence (AI) is a subject garnering increasing attention in both academia and the industry today. The understanding is that AI-enhanced methods and techniques create a variety of opportunities related to improving basic and advanced business functions, including production processes, logistics, financial management and others. As this collection demonstrates, AI-enhanced tools and methods tend to offer more precise results in the fields of engineering, financial accounting, tourism, air-pollution management and many more. The objective of this collection is to bring these topics together to offer the reader a useful primer on how AI-enhanced tools and applications can be of use in today’s world. In the context of the frequently fearful, skeptical and emotion-laden debates on AI and its value added, this volume promotes a positive perspective on AI and its impact on society. AI is a part of a broader ecosystem of sophisticated tools, techniques and technologies, and therefore, it is not immune to developments in that ecosystem. It is thus imperative that inter- and multidisciplinary research on AI and its ecosystem is encouraged. This collection contributes to that

Analyzing Granger causality in climate data with time series classification methods

Attribution studies in climate science aim for scientifically ascertaining the influence of climatic variations on natural or anthropogenic factors. Many of those studies adopt the concept of Granger causality to infer statistical cause-effect relationships, while utilizing traditional autoregressive models. In this article, we investigate the potential of state-of-the-art time series classification techniques to enhance causal inference in climate science. We conduct a comparative experimental study of different types of algorithms on a large test suite that comprises a unique collection of datasets from the area of climate-vegetation dynamics. The results indicate that specialized time series classification methods are able to improve existing inference procedures. Substantial differences are observed among the methods that were tested

Latitude, longitude, and beyond:mining mobile objects' behavior

Rapid advancements in Micro-Electro-Mechanical Systems (MEMS), and wireless communications, have resulted in a surge in data generation. Mobility data is one of the various forms of data, which are ubiquitously collected by different location sensing devices. Extensive knowledge about the behavior of humans and wildlife is buried in raw mobility data. This knowledge can be used for realizing numerous viable applications ranging from wildlife movement analysis, to various location-based recommendation systems, urban planning, and disaster relief. With respect to what mentioned above, in this thesis, we mainly focus on providing data analytics for understanding the behavior and interaction of mobile entities (humans and animals). To this end, the main research question to be addressed is: How can behaviors and interactions of mobile entities be determined from mobility data acquired by (mobile) wireless sensor nodes in an accurate and efficient manner? To answer the above-mentioned question, both application requirements and technological constraints are considered in this thesis. On the one hand, applications requirements call for accurate data analytics to uncover hidden information about individual behavior and social interaction of mobile entities, and to deal with the uncertainties in mobility data. Technological constraints, on the other hand, require these data analytics to be efficient in terms of their energy consumption and to have low memory footprint, and processing complexity