Incremental learning for large-scale stream data and its application to cybersecurity

As many human currently depend on technologies to assist with daily tasks, there are more and more applications which have been developed to be fit in one small gadget such as smart phone and tablet. Thus, by carrying this small gadget alone, most of our tasks are able to be settled efficiently and fast. Until the end of 20th century, mobile phones are only used to call and to send short message service (sms). However, in early 21st century, a rapid revolution of communi�cation technology from mobile phone into smart phone has been seen in which the smart phone is equipped by 4G Internet line along with the telephone service provider line. Thus, the users are able to make a phone call, send messages using variety of application such as Whatsapp and Line, send email, serving websites, accessing maps and handling some daily tasks via online using online banking, online shopping and online meetings via video conferences. In previous years, if there are cases of missing children or missing cars, the victims would rely on the police investigation. But now, as easy as uploading a notification about the loss on Facebook and spread the news among Facebook users, there are more people are able to help in the search. Despite the advantages that can be obtained using these technologies, there are a group of irresponsible people who take advan�tage of current technologies for their own self-interest. Among the applications that are usually being used by almost Internet users and also are often misused by cyber criminals are email and websites. Therefore, we take this initiative to make enhancement in cyber security application to avoid the Internet users from being trapped and deceived by the trick of cyber criminals by developing detec�tion system of malicious spam email and Distributed Denial of Services (DDoS) 377$3(53867$.1781.8781$0,1$+ iii backscatter. Imagine that a notice with a logo of Mobile Phone company is received by an email informing that the customer had recently run up a large mobile phone bill. A link regarding the bill is attached for him/her to find out the details. Since, the customer thinks that the billing might be wrong, thus the link is clicked. However, the link is directed to a webpage which displays a status that currently the webpage is under construction. Then the customer closes the page and thinking of to visit the website again at other time. Unfortunately, after a single click actually a malicious file is downloaded and installed without the customer aware of it. That malicious file most probably is a Trojan that capable to steal confidential information from victim’s computer. On the next day, when the same person is using the same computer to log in the online banking, all of a sudden find out that his/her money is lost totally. This is one of a worst case scenario of malicious spam email which is usually handled by cybersecurity field. Another different case of cybersecurity is the Distributed Denial of Services (DDoS) attack. Let say, Company X is selling flowers via online in which the market is from the local and international customer. The online business of Company X is running normally as usual, until a day before mother’s day, the webpage of Company X is totally down and the prospective customers could not open the webpage to make order to be sent specially for their beloved mother. Thus, the customers would search another company that sells the same item. The Company X server is down, most probably because of the DDoS attack where a junk traffic is sent to that company server which makes that server could not serve the request by the legitimate customers. This attack effect not only the profit of the company, but also reputation damage, regular customer turnover and productivity decline. Unfortunately, it is difficult for a normal user like us to detect malicious spam 377$ 3(53867$.1781.8781$0,1$+ email or DDoS attack with naked eyes. It is because recently the spammers and attacker had improved their strategy so that the malicious email and the DDoS packets are hardly able to be differentiated with the normal email and data packets. Once the Social Engineering is used by the spammers to create relevant email content in the malicious spam email and when a new campaign of DDoS attack is launched by the attacker, no normal users are capable to distinguish the benign and malicious email or data packets. This is where my Ph.D project comes in handy. My Ph.d is focusing on constructing a detection system of malicious spam email and DDoS attack using a large number of dataset which are obtained by a server that collect double-bounce email and darknet for malicious spam email detection system and DDoS backscatter detection system, respectively. As many up-to-date data are used during the learning, the detection system would become more robust to the latest strategy of the cybercriminal. Therefore, the scenario mentioned above can be avoided by assisting the user with important information at the user-end such as malicious spam email filter or at the server firewall. First of all, the method to learn large-scale stream data must be solved before implementing it in the detection system. Therefore, in Chapter 2, the general learning strategy of large-scale data is introduced to be used in the cybersecurity applications which are discussed in Chapter 3 and Chapter 4, respectively. One of a critical criterion of the detection system is capable to learn fast because after the learning, the updated information needs to be passed to user to avoid the user from being deceived by the cybercriminal. To process large-scale data sequences, it is important to choose a suitable learning algorithm that is capable to learn in real time. Incremental learning has an ability to process large data in chunk and update the parameters after learning each chunk. Such type of learning keep and update only the minimum information on a classifier model. 377$3(53867$.1781.8781$0,1$+ Therefore, it requires relatively small memory and short learning time. On the other hand, batch learning is not suitable because it needs to store all training data, which consume a large memory capacity. Due to the limited memory, it is certainly impossible to process online large-scale data sequences using the batch learning. Therefore, the learning of large-scale stream data should be conducted incrementally. This dissertation contains of five chapters. In Chapter 1, the concept of in�cremental learning is briefly described and basic theories on Resource Allocating Network (RAN) and conventional data selection method are discussed in this chapter. Besides that, the overview of this dissertation is also elaborated in this chapter. In Chapter 2, we propose a new algorithm based on incremental Radial Basis Function Network (RBFN) to accelerate the learning in stream data. The data sequences are represented as a large chunk size of data given continuously within a short time. In order to learn such data, the learning should be carried out incrementally. Since it is certainly impossible to learn all data in a short pe�riod, selecting essential data from a given chunk can shorten the learning time. In our method, we select data that are located in untrained or “not well-learned” region and discard data at trained or “well-learned” region. These regions are represented by margin flag. Each region is consisted of similar data which are near to each other. To search the similar data, the well-known LSH method pro�posed by Andoni et al. is used. The LSH method indeed has proven be able to quickly find similar objects in a large database. Moreover, we utilize the LSH ʼs properties; hash value and Hash Table to further reduced the processing time. A flag as a criterion to decide whether to choose or not the training data is added in the Hash Table and is updated in each chunk sequence. Whereas, the hash value of RBF bases that is identical with the hash value of the training data is used to select the RBF bases that is near to the training data. The performance results of 377$ 3(53867$.1781.8781$0,1$+ vi the numerical simulation on nine UC Irvine (UCI) Machine Learning Repository datasets indicate that the proposed method can reduce the learning time, while keeping the similar accuracy rate to the conventional method. These results indi�cate that the proposed method can improve the RAN learning algorithm towards the large-scale stream data processing. In Chapter 3, we propose a new online system to detect malicious spam emails and to adapt to the changes of malicious URLs in the body of spam emails by updating the system daily. For this purpose, we develop an autonomous system that learns from double-bounce emails collected at a mail server. To adapt to new malicious campaigns, only new types of spam emails are learned by introducing an active learning scheme into a classifier model. Here, we adopt Resource Allocating Network with Locality Sensitive Hashing (RAN-LSH) as a classifier model with data selection. In this data selection, the same or similar spam emails that have already been learned are quickly searched for a hash table using Locally Sensitive Hashing, and such spam emails are discarded without learning. On the other hand, malicious spam emails are sometimes drastically changed along with a new arrival of malicious campaign. In this case, it is not appropriate to classify such spam emails into malicious or benign by a classifier. It should be analyzed by using a more reliable method such as a malware analyzer. In order to find new types of spam emails, an outlier detection mechanism is implemented in RAN-LSH. To analyze email contents, we adopt the Bag-of-Words (BoW) approach and generate feature vectors whose attributes are transformed based on the normalized term frequency-inverse document frequency. To evaluate the developed system, we use a dataset of double-bounce spam emails which are collected from March 1, 2013 to May 10, 2013. In the experiment, we study the effect of introducing the outlier detection in RAN-LSH. As a result, by introducing the outlier detection, we confirm that the detection accuracy is enhanced on 377$3(53867$.$$1781.8781$0,1$+ average over the testing period. In Chapter 4, we propose a fast Distributed Denial of Service (DDoS) backscat�ter detection system to detect DDoS backscatter from a combination of protocols and ports other than the following two labeled packets: Transmission Control Protocol (TCP) Port 80 (80/TCP) and User datagram Protocol (UDP) Port 53 (53/UDP). Usually, it is hard to detect DDoS backscatter from the unlabeled packets, where an expert is needed to analyze every packet manually. Since it is a costly approach, we propose a detection system using Resource Allocating Network (RAN) with data selection to select essential data. Using this method, the learning time is shorten, and thus, the DDoS backscatter can be detected fast. This detection system consists of two modules which are pre-processing and classifier. With the former module, the packets information are transformed into 17 feature-vectors. With the latter module, the RAN-LSH classifier is used, where only data located at untrained region are selected. The performance of the proposed detection system is evaluated using 9,968 training data from 80/TCP and 53/UDP, whereas 5,933 test data are from unlabeled packets which are col�lected from January 1st, 2013 until January 20th, 2014 at National Institute of Information and Communications Technology (NICT), Japan. The results indi�cate that detection system can detect the DDoS backscatter from both labeled and unlabeled packets with high recall and precision rate within a short time. Finally, in Chapter 5, we discussed the conclusions and the future work of our study: RAN-LSH classifier, malicious spam email detection system and DDoS backscatter detection system

Power Quality Improvement of Distributed Generation Integrated Network with Unified Power Quality Conditioner.

With the increased penetration of small scale renewable energy sources in the electrical distribution network, maintenance or improvement of power quality has become more critical than ever where the level of voltage and current harmonics or disturbances can vary widely. For this reason, Custom Power Devices (CPDs) such as the Unified Power Quality Conditioner (UPQC) can be the most appropriate solution for enhancing the dynamic performance of the distribution network, where accurate prior knowledge may not be available. Therefore, the main objective of the present research is to investigate the (i) placement (ii) integration (iii) capacity enhancement and (iv) real time control of the Unified Power Quality Conditioner (UPQC) to improve the power quality (PQ) of a distributed generation (DG) network connected to the grid or microgrid

Improving skills in rounding off the whole number

This study was conducted to address teaching and learning skills in rounding off a whole number. This study consisted of 15 years 4 students from the Kong Nan Chinese Primary School, Parit Raja, Johor, Malaysia. Initial survey to identify this problem was carried out by analyzing the exercise books and exercises in pre-test. Based on these analyses, a large number of students were not proficient in relevant skills. A ‘q’ technique was introduced as an approach in teaching and learning to help students master the skills of rounding whole numbers. In summary, this technique helps students to remember the sequence of processes and process in rounding numbers. A total of four sessions of teaching and learning activities that take less than an hour have been implemented specifically to help students to master this technique. Results of the implementation of these activities have shown very positive results among the students. Two post tests were carried out to see the effectiveness of techniques and the results shows that 100% of students were able to answer correctly at least three questions correctly. The t-test analysis was clearly showed the effectiveness of ‘q’ technique. This technique also indirectly helps to maintain and increase student interest in learning Mathematics. This is shown with the active involvement of students in answering questions given by the teacher

Mitigation of Power Quality Problems Using Custom Power Devices: A Review

Electrical power quality (EPQ) in distribution systems is a critical issue for commercial, industrial and residential applications. The new concept of advanced power electronic based Custom Power Devices (CPDs) mainly distributed static synchronous compensator (D-STATCOM), dynamic voltage restorer (DVR) and unified power quality conditioner (UPQC) have been developed due to lacking the performance of traditional compensating devices to minimize power quality disturbances. This paper presents a comprehensive review on D-STATCOM, DVR and UPQC to solve the electrical power quality problems of the distribution networks. This is intended to present a broad overview of the various possible DSTATCOM, DVR and UPQC configurations for single-phase (two wire) and three-phase (three-wire and four-wire) networks and control strategies for the compensation of various power quality disturbances. Apart from this, comprehensive explanation, comparison, and discussion on D-STATCOM, DVR, and UPQC are presented. This paper is aimed to explore a broad prospective on the status of D-STATCOMs, DVRs, and UPQCs to researchers, engineers and the community dealing with the power quality enhancement. A classified list of some latest research publications on the topic is also appended for a quick reference

Power quality and electromagnetic compatibility: special report, session 2

The scope of Session 2 (S2) has been defined as follows by the Session Advisory Group and the Technical Committee: Power Quality (PQ), with the more general concept of electromagnetic compatibility (EMC) and with some related safety problems in electricity distribution systems. Special focus is put on voltage continuity (supply reliability, problem of outages) and voltage quality (voltage level, flicker, unbalance, harmonics). This session will also look at electromagnetic compatibility (mains frequency to 150 kHz), electromagnetic interferences and electric and magnetic fields issues. Also addressed in this session are electrical safety and immunity concerns (lightning issues, step, touch and transferred voltages). The aim of this special report is to present a synthesis of the present concerns in PQ&EMC, based on all selected papers of session 2 and related papers from other sessions, (152 papers in total). The report is divided in the following 4 blocks: Block 1: Electric and Magnetic Fields, EMC, Earthing systems Block 2: Harmonics Block 3: Voltage Variation Block 4: Power Quality Monitoring Two Round Tables will be organised: - Power quality and EMC in the Future Grid (CIGRE/CIRED WG C4.24, RT 13) - Reliability Benchmarking - why we should do it? What should be done in future? (RT 15

Dynamic Voltage Restorer Application for Power Quality Improvement in Electrical Distribution System: An Overview

Dynamic Voltage Restorer (DVR) is a custom power device that is used to improve voltage disturbances in electrical distribution system. The components of the DVR consist of voltage source inverter (VSI), injection transformers, passive filters and energy storage. The main function of the DVR is used to inject three phase voltage in series and in synchronism with the grid voltages in order to compensate voltage disturbances. The Development of (DVR) has been proposed by many researchers. This paper presents a review of the researches on the DVR application for power quality Improvement in electrical distribution network. The types of DVR control strategies and its configuration has been discussed and may assist the researchers in this area to develop and proposed their new idea in order to build the prototype and controller

Design And Simulation Of Interline Unified Power Quality Conditioner (Iupqc) By Using Fuzzy Logic Controller

This paper proposes anew connection for a unified power quality conditioner (UPQC) to improve the power quality of two feeders in a distribution system. The interline custom power devices named Interline Unified Power Quality Conditioner (IUPQC) is improved for various power quality disturbances and modeled in MATLAB/SIMULINK by using fuzzy logic controller. The developed topology can be used for simultaneous compensation of voltage and current imperfections in a multi bus/multi feeder system.  The proposed IUPQC is designed for medium voltage level (11 kV) and effective Enhanced Phase Locked Loop (EPLL) with Fuzzy based control technique is used to detect and extract the PQ disturbances. The performance of Series Compensator of IUPQC is evaluated through extensive simulations for mitigating unbalanced voltage sags with phase jumps and interruption.             The performance of Shunt Compensator of IUPQC is also tested for harmonic and reactive power compensation that are not investigated before in literature. It is verified that IUPQC which is connected to two feeders, can compensate current and voltage distortions successfully in these feeders according to the results obtained using MATLAB/SIMULINK