Solving unstructured classification problems with multicriteria decision aiding

Tese de mestrado integrado. Engenharia Electrotécnica e de Computadores (Automação). Universidade do Porto. Faculdade de Engenharia. 201

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy

Cyber-Deception and Attribution in Capture-the-Flag Exercises

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.Comment: 4 pages Short name accepted to FOSINT-SI 201

Construction and refinement of preference ordered decision classes

Preference learning methods are commonly used in multicriteria analysis. The working principle of these methods is similar to classical machine learning techniques. A common issue to both machine learning and preference learning methods is the difficulty of the definition of decision classes and the assignment of objects to these classes, especially for large datasets. This paper proposes two procedures permitting to automatize the construction of decision classes. It also proposes two simple refinement procedures, that rely on the 80-20 principle, permitting to map the output of the construction procedures into a manageable set of decision classes. The proposed construction procedures rely on the most elementary preference relation, namely dominance relation, which avoids the need for additional information or distance/(di)similarity functions, as with most of existing clustering methods. Furthermore, the simplicity of the 80-20 principle on which the refinement procedures are based, make them very adequate to large datasets. Proposed procedures are illustrated and validated using real-world datasets

Partitioning networks into cliques: a randomized heuristic approach

In the context of community detection in social networks, the term community can be grounded in the strict way that simply everybody should know each other within the community. We consider the corresponding community detection problem. We search for a partitioning of a network into the minimum number of non-overlapping cliques, such that the cliques cover all vertices. This problem is called the clique covering problem (CCP) and is one of the classical NP-hard problems. For CCP, we propose a randomized heuristic approach. To construct a high quality solution to CCP, we present an iterated greedy (IG) algorithm. IG can also be combined with a heuristic used to determine how far the algorithm is from the optimum in the worst case. Randomized local search (RLS) for maximum independent set was proposed to find such a bound. The experimental results of IG and the bounds obtained by RLS indicate that IG is a very suitable technique for solving CCP in real-world graphs. In addition, we summarize our basic rigorous results, which were developed for analysis of IG and understanding of its behavior on several relevant graph classes

Solving enterprise management problem with cluster technologies and ERP-systems (in the context of capital CSE system)

The article is dedicated to a problem of mass data management in large corporations. The introduction describes the aim and objectives of this article, defines the object and subject of the research, as well as research methodology. The main part of the article considers core operating principles of ‘Capital CSE’ applications along with functional elements of one of the most important contours of Capital CSE complex. The article provides an analysis of the relevance and effectiveness of cluster technology and ERP-systems on the example of a large enterprise of the Perm region – Permenergo OJSC. This work also presents the analysis of a change to a new technology on the example of the enterprise abovementioned. The paper reviews functionality of Capital CSE system applications and the principles of implementation and use of cluster systems in the context of Permenergo OJSC. The article formulates the application features of cluster system technology in solving modern problems within enterprise. Following the analysis results, the reasons for the relevance of the proposed tool, namely cluster technology, for solving applied problems by large corporations, were defined.peer-reviewe