Modélisation formelle des systèmes de détection d'intrusions

L’écosystème de la cybersécurité évolue en permanence en termes du nombre, de la diversité, et de la complexité des attaques. De ce fait, les outils de détection deviennent inefficaces face à certaines attaques. On distingue généralement trois types de systèmes de détection d’intrusions : détection par anomalies, détection par signatures et détection hybride. La détection par anomalies est fondée sur la caractérisation du comportement habituel du système, typiquement de manière statistique. Elle permet de détecter des attaques connues ou inconnues, mais génère aussi un très grand nombre de faux positifs. La détection par signatures permet de détecter des attaques connues en définissant des règles qui décrivent le comportement connu d’un attaquant. Cela demande une bonne connaissance du comportement de l’attaquant. La détection hybride repose sur plusieurs méthodes de détection incluant celles sus-citées. Elle présente l’avantage d’être plus précise pendant la détection. Des outils tels que Snort et Zeek offrent des langages de bas niveau pour l’expression de règles de reconnaissance d’attaques. Le nombre d’attaques potentielles étant très grand, ces bases de règles deviennent rapidement difficiles à gérer et à maintenir. De plus, l’expression de règles avec état dit stateful est particulièrement ardue pour reconnaître une séquence d’événements. Dans cette thèse, nous proposons une approche stateful basée sur les diagrammes d’état-transition algébriques (ASTDs) afin d’identifier des attaques complexes. Les ASTDs permettent de représenter de façon graphique et modulaire une spécification, ce qui facilite la maintenance et la compréhension des règles. Nous étendons la notation ASTD avec de nouvelles fonctionnalités pour représenter des attaques complexes. Ensuite, nous spécifions plusieurs attaques avec la notation étendue et exécutons les spécifications obtenues sur des flots d’événements à l’aide d’un interpréteur pour identifier des attaques. Nous évaluons aussi les performances de l’interpréteur avec des outils industriels tels que Snort et Zeek. Puis, nous réalisons un compilateur afin de générer du code exécutable à partir d’une spécification ASTD, capable d’identifier de façon efficiente les séquences d’événements.Abstract : The cybersecurity ecosystem continuously evolves with the number, the diversity, and the complexity of cyber attacks. Generally, we have three types of Intrusion Detection System (IDS) : anomaly-based detection, signature-based detection, and hybrid detection. Anomaly detection is based on the usual behavior description of the system, typically in a static manner. It enables detecting known or unknown attacks but also generating a large number of false positives. Signature based detection enables detecting known attacks by defining rules that describe known attacker’s behavior. It needs a good knowledge of attacker behavior. Hybrid detection relies on several detection methods including the previous ones. It has the advantage of being more precise during detection. Tools like Snort and Zeek offer low level languages to represent rules for detecting attacks. The number of potential attacks being large, these rule bases become quickly hard to manage and maintain. Moreover, the representation of stateful rules to recognize a sequence of events is particularly arduous. In this thesis, we propose a stateful approach based on algebraic state-transition diagrams (ASTDs) to identify complex attacks. ASTDs allow a graphical and modular representation of a specification, that facilitates maintenance and understanding of rules. We extend the ASTD notation with new features to represent complex attacks. Next, we specify several attacks with the extended notation and run the resulting specifications on event streams using an interpreter to identify attacks. We also evaluate the performance of the interpreter with industrial tools such as Snort and Zeek. Then, we build a compiler in order to generate executable code from an ASTD specification, able to efficiently identify sequences of events

Un processus formel d'intégration de politiques de contrôle d'accès dans les systèmes d'information

Security is a key aspect in information systems (IS) development. One cannot build a bank IS without security in mind. In medical IS, security is one of the most important features of the software. Access control is one of many security aspects of an IS. It defines permitted or forbidden execution of system's actions by an user. Between the conception of an access control policy and its effective deployment on an IS, several steps can introduce unacceptable errors. Using formal methods may be an answer to reduce errors during the modeling of access control policies. Using the process algebra EB[superscript 3], one can formally model IS. Its extension, EB[superscript 3]SEC, was created in order to model access control policies. The ASTD notation combines Harel's Statecharts and EB[superscript 3] operators into a graphical and formal notation that can be used in order to model IS. However, both methods lack tools allowing a designer to prove or verify security properties in order to validate an access control policy. Furthermore, the implementation of an access control policy must correspond to its abstract specification. This thesis defines translation rules from EB[superscript 3] to ASTD, from ASTD to Event-B and from ASTD to B. It also introduces a formal architecture expressed using the B notation in order to enforce a policy over an IS. This modeling of access control policies in B can be used in order to prove properties, thanks to the B prover, but also to verify properties using ProB, a model checker for B. Finally, a refinement strategy for the access control policy into an implementation is proposed. B refinements are proved, this ensures that the implementation corresponds to the initial model of the access control policy

Integrating formal methods into medical software development : the ASM approach

Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification

The impact of required competencies and some selected variables on the quality of training among trainers in business and industry: a factor analytic approach

The investigation was designed to analyze the impact of two main issues namely: (1) the possession and application of the ASTD required competencies on the quality and effectiveness of training in business and industry; and (2) the importance of these competencies to the trainers;The survey research design was used and a questionnaire was developed by the researcher and administered to a random sample of 200 trainers and managers/supervisors in business and industry, who also hold membership in the Iowa Chapter of ASTD;The 31 competencies were subjected to a factor analysis for the importance and application variables. Using the mineigenvalue criterion, 11 factors were originally retained for both the importance and application variables. However, when the orthogonal (varimax) rotation was applied, one factor of importance variables, (leadership) and two factors of application variables, (managerial and analytical) were obtained;Findings indicate that no significant relationship was found between the application of the competencies and the reported quality of training. A significant relationship was found between educational level and the cluster of managerial application variables. A significant relationship was also found between the competencies applied by trainers when doing technical, clerical, line and staff, and other training and the managerial cluster of variables. However, no significant relationship was found between the importance attached to the competencies among trainers and their educational background. There was no significant difference between managers/supervisors and trainers on the criteria for measuring training effectiveness and purpose;These findings suggest that trainers with higher educational levels do apply more of the competencies to training; that different types of training may require different competencies; and that trainers from any academic discipline can be trained to be effective

Twitter Analysis to Predict the Satisfaction of Saudi Telecommunication Companies’ Customers

The flexibility in mobile communications allows customers to quickly switch from one service provider to another, making customer churn one of the most critical challenges for the data and voice telecommunication service industry. In 2019, the percentage of post-paid telecommunication customers in Saudi Arabia decreased; this represents a great deal of customer dissatisfaction and subsequent corporate fiscal losses. Many studies correlate customer satisfaction with customer churn. The Telecom companies have depended on historical customer data to measure customer churn. However, historical data does not reveal current customer satisfaction or future likeliness to switch between telecom companies. Current methods of analysing churn rates are inadequate and faced some issues, particularly in the Saudi market. This research was conducted to realize the relationship between customer satisfaction and customer churn and how to use social media mining to measure customer satisfaction and predict customer churn. This research conducted a systematic review to address the churn prediction models problems and their relation to Arabic Sentiment Analysis. The findings show that the current churn models lack integrating structural data frameworks with real-time analytics to target customers in real-time. In addition, the findings show that the specific issues in the existing churn prediction models in Saudi Arabia relate to the Arabic language itself, its complexity, and lack of resources. As a result, I have constructed the first gold standard corpus of Saudi tweets related to telecom companies, comprising 20,000 manually annotated tweets. It has been generated as a dialect sentiment lexicon extracted from a larger Twitter dataset collected by me to capture text characteristics in social media. I developed a new ASA prediction model for telecommunication that fills the detected gaps in the ASA literature and fits the telecommunication field. The proposed model proved its effectiveness for Arabic sentiment analysis and churn prediction. This is the first work using Twitter mining to predict potential customer loss (churn) in Saudi telecom companies, which has not been attempted before. Different fields, such as education, have different features, making applying the proposed model is interesting because it based on text-mining

Lost and found : re-searching and re-scoring proteomics data aids genome annotation and improves proteome coverage

Prokaryotic genome annotation is heavily dependent on automated gene annotation pipelines that are prone to propagate errors and underestimate genome complexity. We describe an optimized proteogenomic workflow that uses ribosome profiling (ribo-seq) and proteomic data for Salmonella enterica serovar Typhimurium to identify unannotated proteins or alternative protein forms. This data analysis encompasses the searching of cofragmenting peptides and postprocessing with extended peptide-to-spectrum quality features, including comparison to predicted fragment ion intensities. When this strategy is applied, an enhanced proteome depth is achieved, as well as greater confidence for unannotated peptide hits. We demonstrate the general applicability of our pipeline by reanalyzing public Deinococcus radiodurans data sets. Taken together, our results show that systematic reanalysis using available prokaryotic (proteome) data sets holds great promise to assist in experimentally based genome annotation

Genome wide mining of alternative splicing in metazoan model organisms

Tese de doutoramento, Ciências Biomédicas (Ciências Morfológicas), Universidade de Lisboa, Faculdade de Medicina, 2009Background: Mining current mRNA and EST databases for novel alternatively spliced isoforms is of paramount importance for shedding light on the way in which the maturation of RNA is used to regulate gene expression. Preliminary observations revealed a tendency for greater amounts of potentially non protein-coding alternative transcripts in human genes than in orthologous genes from other organisms. However, many of these isoforms did not appear in recently published alternative splicing databases on account of constraints imposed in the selection of transcripts. This prompted us to develop a less constrained database with the aim of contributing to the identification of the full repertoire of splice variants in the transcriptome of different organisms. Given that mechanisms of control of gene expression involving non-protein-coding splice variants have been described in a variety of genes, this information may be crucial to deciphering more intricate layers of gene regulation in complex organisms brought about by alternative splicing. Description: An algorithm was developed to cluster mRNA and EST BLAT alignments to annotated gene regions. Consensus splice sites were the main requirement imposed on the selection of transcripts. The method was applied to thirteen model organisms. The alternative splicing information generated has been incorporated into a database with clear graphical displays representing the splicing patterns and is available from the ExonMine website (http://www.imm.fm.ul.pt/exonmine). It incorporates information on constitutive exons, poly-A signals, open reading frames and translation, expression specificity of any exon or splicing pattern relative to biological source of mRNA/EST, alternative splicing events and respective exon and junction sequences for microarray probe design. The ExonMine interface also provides several tools to support laboratory validation of splicing patterns. Conclusions: ExonMine detects a higher percentage of spliced genes and isoforms than currently available alternative splicing databases. The analysis reveals a marked increase, in complex organisms, of splice variants with either retained introns or incorporating novel exons with no apparent protein-coding potential. About 18% of unannotated exons detected in ExonMine were found expressed in primary human cells using tiling arrays. Validation of some of these results for the U2AF family of splicing factors was successfully performed in collaboration with members of the lab revealing primate specific transcripts and an alternatively spliced transcript carrying a microRNA. The database was also successfully used for genome wide analysis of sequence elements involved in the regulation of alternative splicing and for custom alternative splicing microarray design. Matching of ExonMine data to a commercial exon microarray platform covering the majority of human exons was also performed and will assist in large-scale analysis of alternative splicing data. The algorithm developed also provides for easy updatability, taking only 48 hours to generate data for the whole human genome and far less time for less complex organisms. In conclusion, ExonMine represents a new useful resource for future research on alternative splicing and gene regulation.Muscular Dystrophy Association (MDA3662), European Commission (LSHG-CT-2005-518238, EURASNET) and Fundação para a Ciência e Tecnologia, Portugal (PTDC/SAU-GMG/69739/2006)

Competencies of expert web-based instruction designers

Web-based instruction has been increasingly accepted in education, business and industry, military and government, healthcare and other sectors as a dominant means to deliver instruction beyond time and geographical constraints. However, the overall quality of WBI courses or programs remains a concern. The reasons for the ineffectiveness can be many, of which is the lack of sufficient competencies and skills in existing professionals. This study attempts to identify the domains, competencies, performance statement for instructional designers in WBI at the expert level. IBSTPI competency model has been used as the conceptual framework, utilizing mixed methods. As a result, 91 performance statements, 20 competencies and four domains were identified. The communication skill has been rated as the most important competency for expert instructional designers in WBI. It was revealed that professional foundation domain has the highest level of support, while the planning and analysis has the least. The study indicates that the work environment has certain impact on the performance statements and competencies. In particular, the size of company and project team are two possible factors determining the unique presentation or absence of some competencies and performance statements, as well as the patterns of the most demonstrated competencies and performance statements. Overall, the bigger a company or instructional project team gets, the more project management skills have been demonstrated by the WBI experts. It is increasingly demanding of WBI expert instructional designers to take many different responsibilities as the project team gets smaller. The opinions on future direction for WBI suggest social media for instruction, mobile learning, cloud learning and collaboration, virtual or online classrooms, and more on-demand and engaging WBI, as the five prevailing trends. To prepare for the future, expert instructional designers in WBI must keep getting involved, networking professionally and be open minded for emerging tools and techniques

“Translation in the ‘contact zone’ between accounting and human resource management:The nebulous idea of humans as assets and resources

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Purpose The purpose of this paper is to develop an understanding of the process through which ideas are translated across disciplines. It does this by focussing on how the idea that people are corporate assets was translated between the accounting and human resource management (HRM) disciplines. Design/methodology/approach This paper is based on the interpretation of a historical case study of the travel of ideas between the accounting and HRM disciplines. Translation is used as an analytical lens as opposed to being the object of the study and is theorised drawing on insights from the Scandinavian Institutionalist School, Skopos theory and linguistic translation techniques. Findings Translation by individual translators involved the translator stepping across disciplinary boundaries. However, translation performed by interdisciplinary teams occurs in the “contact zone” between disciplines. In this zone, both disciplines are, at once, source and target. Ideas are translated by editing and fusing them. In both cases, translation is value laden as the motives of the translators determine the translation techniques used. Legitimacy and gravitas of the translator, as well as contextual opportunities, influence the spread of the idea while disciplinary norms limit its ability to become institutionalised. Also, differential application of the same translation rule leads to heterogeneous outcomes. Originality/value This is the first accounting translation study to use the theories of the Scandinavian Institutionalist School or indeed combine these with linguistic translation techniques. It is also the first study in accounting which explores the translation of ideas across disciplines

EXPLORING THE PRACTICE OF HUMAN RESOURCE DEVELOPMENT IN FINNISH MUNICIPALITY ORGANIZATION: Case of Vaasa City Organization

This qualitative study explored the practice of human resource development (HRD) in Vaasa city organization (VCO) including its five service organizations (Health, Social, Education, General administration and Technical services) to develop clear understanding of their HRD infrastructure and nature of activities occurring within them. The purpose was to produce HRD profile of a Vaasa city organization that clearly describe occurrence of activities related to all three functions of HRD described by Mclagan (1989); Training and Development, Organizational Development and Career Development. In addition, this study investigated the kind of challenges HRD professionals are facing in implementation of practices by identifying the major barriers to use HRD programs in VCO. Study posed a question to local HRD professionals to obtain key suggestions which can potentially lead to improve HRD in VCO to achieve performance, workforce capacity in attempt to deal with challenges related to human resources posed by changes in workforce demographics (e.g. work force aging and their continual mass retirements). HRD professionals described a potential role of HRD functions in integrating New Municipality Vision 2017 which aims to improve performance of local governments by increasing their financial and workforce efficiency to provide quality services to community. The conceptual framework of this study was based on contingency perspective of HRD proposed by Kuchinke (2003: 299). 12 HRD professionals were interviewed who were responsible for planning and organizing HRD activities in five different Service organizations (SOs) of Vaasa city. Qualitative data collected from respondents was used to advance empirical analysis, findings derived from analysis were used to answer all the research questions. The findings suggested that SOs were engaged differently in conducting range of HRD programs on regular basis. However, the HRD activities including planning process, nature and execution of those HRD activities reflected similarities among them in most cases. Interviewees from different SOs reported generic and specific occurrence of HRD activities by exhibiting a fairly comprehensive perspective towards some HRD practices while opportunistic approach towards others in Vaasa city organization. SOs indicated top three barriers to use and implement HRD programs, they ranked lack of integrated use of HRD functions as top barrier fallowed by llimited staff and expertise to conduct HRD activities second highest, these two were identified to be the most common barriers hindering the effective implementation of HRD programs. Overall suggestions given by HRD professional of different SOs to advance HRD practices in Vaasa city organization were linked to improve the management of HRD in service units. Due to pro-active workforce planning and city organization’s HRD policy being aligned with National HRD policy, SOs seem confident to effectively deal with challenges of workforces’ recruitment, training and development on large scale.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format