Identification of high-level functional/system requirements for future civil transports

In order to accommodate the rapid growth in commercial aviation throughout the remainder of this century, the Federal Aviation Administration (FAA) is faced with a formidable challenge to upgrade and/or modernize the National Airspace System (NAS) without compromising safety or efficiency. A recurring theme in both the Aviation System Capital Investment Plan (CIP), which has replaced the NAS Plan, and the new FAA Plan for Research, Engineering, and Development (RE&D) rely on the application of new technologies and a greater use of automation. Identifying the high-level functional and system impacts of such modernization efforts on future civil transport operational requirements, particularly in terms of cockpit functionality and information transfer, was the primary objective of this project. The FAA planning documents for the NAS of the 2005 era and beyond were surveyed; major aircraft functional capabilities and system components required for such an operating environment were identified. A hierarchical structured analysis of the information processing and flows emanating from such functional/system components were conducted and the results documented in graphical form depicting the relationships between functions and systems

Toward Building an Intelligent and Secure Network: An Internet Traffic Forecasting Perspective

Internet traffic forecast is a crucial component for the proactive management of self-organizing networks (SON) to ensure better Quality of Service (QoS) and Quality of Experience (QoE). Given the volatile and random nature of traffic data, this forecasting influences strategic development and investment decisions in the Internet Service Provider (ISP) industry. Modern machine learning algorithms have shown potential in dealing with complex Internet traffic prediction tasks, yet challenges persist. This thesis systematically explores these issues over five empirical studies conducted in the past three years, focusing on four key research questions: How do outlier data samples impact prediction accuracy for both short-term and long-term forecasting? How can a denoising mechanism enhance prediction accuracy? How can robust machine learning models be built with limited data? How can out-of-distribution traffic data be used to improve the generalizability of prediction models? Based on extensive experiments, we propose a novel traffic forecast/prediction framework and associated models that integrate outlier management and noise reduction strategies, outperforming traditional machine learning models. Additionally, we suggest a transfer learning-based framework combined with a data augmentation technique to provide robust solutions with smaller datasets. Lastly, we propose a hybrid model with signal decomposition techniques to enhance model generalization for out-of-distribution data samples. We also brought the issue of cyber threats as part of our forecast research, acknowledging their substantial influence on traffic unpredictability and forecasting challenges. Our thesis presents a detailed exploration of cyber-attack detection, employing methods that have been validated using multiple benchmark datasets. Initially, we incorporated ensemble feature selection with ensemble classification to improve DDoS (Distributed Denial-of-Service) attack detection accuracy with minimal false alarms. Our research further introduces a stacking ensemble framework for classifying diverse forms of cyber-attacks. Proceeding further, we proposed a weighted voting mechanism for Android malware detection to secure Mobile Cyber-Physical Systems, which integrates the mobility of various smart devices to exchange information between physical and cyber systems. Lastly, we employed Generative Adversarial Networks for generating flow-based DDoS attacks in Internet of Things environments. By considering the impact of cyber-attacks on traffic volume and their challenges to traffic prediction, our research attempts to bridge the gap between traffic forecasting and cyber security, enhancing proactive management of networks and contributing to resilient and secure internet infrastructure

Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA)

Intrusion detection research over the last twenty years has focused on the threat of individuals illegally hacking into systems. Nowadays, intrusion threat to computer systems has changed radically. Instead of dealing with hackers, most current works focus on defending the system against code-driven attacks. Today’s web script codes such as VBScript are receiving increasing focus as a backdoor for attacking many computers through e-mail attachments or infected web sites. The nature of these malicious codes is that they can spread widely causing serious damages to many applications. Moreover, the majority of anti-virus tools used today are able to detect known attacks but are unable to detect new and unknown attacks. The work in this thesis presents an Anomaly host based Intrusion Detection System (IDS) that provides protection against web attacks from malicious VBScripts. The core of the system treats anomalies as outliers and this IDS model uses a Multivariate Statistical technique, Principal Component Analysis (PCA) to reduce the dimensionality of the problem while keeping the major principal components of benign instances. Hence, the system can easily filter malicious scripts that deviate from normal behavior and allow for normal scripts to bypass; so any future or unknown VBScript attacks are effectively captured while maintaining a low rate of false alarms

Adaptive virtual protocol stacks for intrusion detection applications

None provided

Analyse de sécurité et QoS dans les réseaux à contraintes temporelles

Dans le domaine des réseaux, deux précieux objectifs doivent être atteints, à savoir la QoS et la sécurité, plus particulièrement lorsqu’il s’agit des réseaux à caractère critique et à fortes contraintes temporelles. Malheureusement, un conflit existe : tandis que la QoS œuvre à réduire les temps de traitement, les mécanismes de sécurité quant à eux requièrent d’importants temps de traitement et causent, par conséquent, des délais et dégradent la QoS. Par ailleurs, les systèmes temps réel, la QoS et la sécurité ont très souvent été étudiés séparément, par des communautés différentes. Dans le contexte des réseaux avioniques de données, de nombreux domaines et applications, de criticités différentes, échangent mutuellement des informations, souvent à travers des passerelles. Il apparaît clairement que ces informations présentent différents niveaux de sensibilité en termes de sécurité et de QoS. Tenant compte de cela, le but de cette thèse est d’accroître la robustesse des futures générations de réseaux avioniques de données en contrant les menaces de sécurité et évitant les ruptures de trafic de données. A cet effet, nous avons réalisé un état de l’art des mécanismes de sécurité, de la QoS et des applications à contraintes temporelles. Nous avons, ensuite étudié la nouvelle génération des réseaux avioniques de données. Chose qui nous a permis de déterminer correctement les différentes menaces de sécurité. Sur la base de cette étude, nous avons identifié à la fois les exigences de sécurité et de QoS de cette nouvelle génération de réseaux avioniques. Afin de les satisfaire, nous avons proposé une architecture de passerelle de sécurité tenant compte de la QoS pour protéger ces réseaux avioniques et assurer une haute disponibilité en faveur des données critiques. Pour assurer l’intégration des différentes composantes de la passerelle, nous avons développé une table de session intégrée permettant de stocker toutes les informations nécessaires relatives aux sessions et d’accélérer les traitements appliqués aux paquets (filtrage à états, les traductions d’adresses NAT, la classification QoS et le routage). Cela a donc nécessité, en premier lieu, l'étude de la structure existante de la table de session puis, en second lieu, la proposition d'une toute nouvelle structure répondant à nos objectifs. Aussi, avons-nous présenté un algorithme permettant l’accès et l’exploitation de la nouvelle table de session intégrée. En ce qui concerne le composant VPN IPSec, nous avons détecté que le trafic chiffré par le protocole ESP d’IPSec ne peut pas être classé correctement par les routeurs de bordure. Afin de surmonter ce problème, nous avons développé un protocole, Q-ESP, permettant la classification des trafics chiffrés et offrant les services de sécurité fournis par les protocoles AH et ESP combinés. Plusieurs techniques de gestion de bande passante ont été développées en vue d’optimiser la gestion du trafic réseau. Pour évaluer les performances offertes par ces techniques et identifier laquelle serait la plus appropriée dans notre cas, nous avons effectué une comparaison basée sur le critère du délai, par le biais de tests expérimentaux. En dernière étape, nous avons évalué et comparé les performances de la passerelle de sécurité que nous proposons par rapport à trois produits commerciaux offrant les fonctions de passerelle de sécurité logicielle en vue de déterminer les points forts et faibles de notre implémentation pour la développer ultérieurement. Le manuscrit s’organise en deux parties : la première est rédigée en français et représente un résumé détaillé de la deuxième partie qui est, quant à elle, rédigée en anglais. ABSTRACT : QoS and security are two precious objectives for network systems to attain, especially for critical networks with temporal constraints. Unfortunately, they often conflict; while QoS tries to minimize the processing delay, strong security protection requires more processing time and causes traffic delay and QoS degradation. Moreover, real-time systems, QoS and security have often been studied separately and by different communities. In the context of the avionic data network various domains and heterogeneous applications with different levels of criticality cooperate for the mutual exchange of information, often through gateways. It is clear that this information has different levels of sensitivity in terms of security and QoS constraints. Given this context, the major goal of this thesis is then to increase the robustness of the next generation e-enabled avionic data network with respect to security threats and ruptures in traffic characteristics. From this perspective, we surveyed the literature to establish state of the art network security, QoS and applications with time constraints. Then, we studied the next generation e-enabled avionic data network. This allowed us to draw a map of the field, and to understand security threats. Based on this study we identified both security and QoS requirements of the next generation e-enabled avionic data network. In order to satisfy these requirements we proposed the architecture of QoS capable integrated security gateway to protect the next generation e-enabled avionic data network and ensure the availability of critical traffic. To provide for a true integration between the different gateway components we built an integrated session table to store all the needed session information and to speed up the packet processing (firewall stateful inspection, NAT mapping, QoS classification and routing). This necessitates the study of the existing session table structure and the proposition of a new structure to fulfill our objective. Also, we present the necessary processing algorithms to access the new integrated session table. In IPSec VPN component we identified the problem that IPSec ESP encrypted traffic cannot be classified appropriately by QoS edge routers. To overcome this problem, we developed a Q-ESP protocol which allows the classifications of encrypted traffic and combines the security services provided by IPSec ESP and AH. To manage the network traffic wisely, a variety of bandwidth management techniques have been developed. To assess their performance and identify which bandwidth management technique is the most suitable given our context we performed a delay-based comparison using experimental tests. In the final stage, we benchmarked our implemented security gateway against three commercially available software gateways. The goal of this benchmark test is to evaluate performance and identify problems for future research work. This dissertation is divided into two parts: in French and in English respectively. Both parts follow the same structure where the first is an extended summary of the second

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Mechanism design and game theoretical models for intrusion detection

In this thesis, we study the problems related to intrusion detection systems in Mobile Ad hoc Networks (MANETs). Specifically, we are addressing the leader election in the presence of selfish nodes, the tradeoff between security and IDS's resource consumption, and the multi-fragment intrusion detection via sampling. To balance the resource consumption among all the nodes and prolong the lifetime of a MANET, the nodes with the most remaining resources should be elected as the leaders. Selfishness is one of the main problems facing such a model where nodes can behave selfishly during the election or after. To address this issue, we present a solution based on the theory of mechanism design. More specifically, the solution provides nodes with incentives in the form of reputations to encourage nodes in participating honestly in the election process. The amount of incentives is based on the Vickrey-Clarke-Groves (VCG) mechanism to ensure that truth-telling is the dominant strategy of any node. To catch and punish a misbehaving elected leader, checkers are selected randomly to monitor the behavior of a leader. To reduce the false-positive rate, a cooperative game-theoretic model is proposed to analyze the contribution of each checker on the catch decision. A multi-stage catch mechanism is also introduced to reduce the performance overhead of checkers. Additionally, we propose a series of local election algorithms that lead to globally optimal election results. Note that the leader election model, which is known as moderate model is only suitable when the probability of attacks is low. Once the probability of attacks is high, victims should launch their own IDSs. Such a robust model is, however, costly with respect to energy, which leads nodes to die fast. Clearly, to reduce the resource consumption of IDSs and yet keep its effectiveness, a critical issue is: When should we shift from moderate to robust mode? Here, we formalize this issue as a nonzero-sum non-cooperative game-theoretical model that takes into consideration the tradeoff between security and IDS resource consumption. Last but not least, we consider the problem of detecting multi-fragments intrusions that are launched from a MANET targeting another network. To generalize our solution, we consider the intrusion to be launched from any type of networks. The detection is accomplished by sampling a subset of the transmitted packets over selected network links or router interfaces. Given a sampling budget, our framework aims at developing a network packet sampling strategy to effectively reduce the success chances of an intruder. Non-cooperative game theory is used to express the problem formally. Finally, empirical results are provided to support our solutions

Advances in Intelligent Vehicle Control

This book is a printed edition of the Special Issue Advances in Intelligent Vehicle Control that was published in the journal Sensors. It presents a collection of eleven papers that covers a range of topics, such as the development of intelligent control algorithms for active safety systems, smart sensors, and intelligent and efficient driving. The contributions presented in these papers can serve as useful tools for researchers who are interested in new vehicle technology and in the improvement of vehicle control systems