Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system

Cyber-physical systems (CPS) consist of sensors, actuators, and controllers all communicating over a network; if any subset becomes compromised, an attacker could cause significant damage. With access to data logs and a model of the CPS, the physical effects of an attack could potentially be detected before any damage is done. Manually building a model that is accurate enough in practice, however, is extremely difficult. In this paper, we propose a novel approach for constructing models of CPS automatically, by applying supervised machine learning to data traces obtained after systematically seeding their software components with faults ("mutants"). We demonstrate the efficacy of this approach on the simulator of a real-world water purification plant, presenting a framework that automatically generates mutants, collects data traces, and learns an SVM-based model. Using cross-validation and statistical model checking, we show that the learnt model characterises an invariant physical property of the system. Furthermore, we demonstrate the usefulness of the invariant by subjecting the system to 55 network and code-modification attacks, and showing that it can detect 85% of them from the data logs generated at runtime.Comment: Accepted by IEEE S&P 201

AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments

This report considers the application of Articial Intelligence (AI) techniques to the problem of misuse detection and misuse localisation within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, model-based systems, case based reasoning, pattern matching, clustering and feature extraction, articial neural networks, genetic algorithms, arti cial immune systems, agent based systems, data mining and a variety of hybrid approaches. The report then considers the central issue of event correlation, that is at the heart of many misuse detection and localisation systems. The notion of being able to infer misuse by the correlation of individual temporally distributed events within a multiple data stream environment is explored, and a range of techniques, covering model based approaches, `programmed' AI and machine learning paradigms. It is found that, in general, correlation is best achieved via rule based approaches, but that these suffer from a number of drawbacks, such as the difculty of developing and maintaining an appropriate knowledge base, and the lack of ability to generalise from known misuses to new unseen misuses. Two distinct approaches are evident. One attempts to encode knowledge of known misuses, typically within rules, and use this to screen events. This approach cannot generally detect misuses for which it has not been programmed, i.e. it is prone to issuing false negatives. The other attempts to `learn' the features of event patterns that constitute normal behaviour, and, by observing patterns that do not match expected behaviour, detect when a misuse has occurred. This approach is prone to issuing false positives, i.e. inferring misuse from innocent patterns of behaviour that the system was not trained to recognise. Contemporary approaches are seen to favour hybridisation, often combining detection or localisation mechanisms for both abnormal and normal behaviour, the former to capture known cases of misuse, the latter to capture unknown cases. In some systems, these mechanisms even work together to update each other to increase detection rates and lower false positive rates. It is concluded that hybridisation offers the most promising future direction, but that a rule or state based component is likely to remain, being the most natural approach to the correlation of complex events. The challenge, then, is to mitigate the weaknesses of canonical programmed systems such that learning, generalisation and adaptation are more readily facilitated

Uncovering packaging features of co-regulated modules based on human protein interaction and transcriptional regulatory networks

<p>Abstract</p> <p>Background</p> <p>Network co-regulated modules are believed to have the functionality of packaging multiple biological entities, and can thus be assumed to coordinate many biological functions in their network neighbouring regions.</p> <p>Results</p> <p>Here, we weighted edges of a human protein interaction network and a transcriptional regulatory network to construct an integrated network, and introduce a probabilistic model and a bipartite graph framework to exploit human co-regulated modules and uncover their specific features in packaging different biological entities (genes, protein complexes or metabolic pathways). Finally, we identified 96 human co-regulated modules based on this method, and evaluate its effectiveness by comparing it with four other methods.</p> <p>Conclusions</p> <p>Dysfunctions in co-regulated interactions often occur in the development of cancer. Therefore, we focussed on an example co-regulated module and found that it could integrate a number of cancer-related genes. This was extended to causal dysfunctions of some complexes maintained by several physically interacting proteins, thus coordinating several metabolic pathways that directly underlie cancer.</p

Intelligent network intrusion detection using an evolutionary computation approach

With the enormous growth of users\u27 reliance on the Internet, the need for secure and reliable computer networks also increases. Availability of effective automatic tools for carrying out different types of network attacks raises the need for effective intrusion detection systems. Generally, a comprehensive defence mechanism consists of three phases, namely, preparation, detection and reaction. In the preparation phase, network administrators aim to find and fix security vulnerabilities (e.g., insecure protocol and vulnerable computer systems or firewalls), that can be exploited to launch attacks. Although the preparation phase increases the level of security in a network, this will never completely remove the threat of network attacks. A good security mechanism requires an Intrusion Detection System (IDS) in order to monitor security breaches when the prevention schemes in the preparation phase are bypassed. To be able to react to network attacks as fast as possible, an automatic detection system is of paramount importance. The later an attack is detected, the less time network administrators have to update their signatures and reconfigure their detection and remediation systems. An IDS is a tool for monitoring the system with the aim of detecting and alerting intrusive activities in networks. These tools are classified into two major categories of signature-based and anomaly-based. A signature-based IDS stores the signature of known attacks in a database and discovers occurrences of attacks by monitoring and comparing each communication in the network against the database of signatures. On the other hand, mechanisms that deploy anomaly detection have a model of normal behaviour of system and any significant deviation from this model is reported as anomaly. This thesis aims at addressing the major issues in the process of developing signature based IDSs. These are: i) their dependency on experts to create signatures, ii) the complexity of their models, iii) the inflexibility of their models, and iv) their inability to adapt to the changes in the real environment and detect new attacks. To meet the requirements of a good IDS, computational intelligence methods have attracted considerable interest from the research community. This thesis explores a solution to automatically generate compact rulesets for network intrusion detection utilising evolutionary computation techniques. The proposed framework is called ESR-NID (Evolving Statistical Rulesets for Network Intrusion Detection). Using an interval-based structure, this method can be deployed for any continuous-valued input data. Therefore, by choosing appropriate statistical measures (i.e. continuous-valued features) of network trafc as the input to ESRNID, it can effectively detect varied types of attacks since it is not dependent on the signatures of network packets. In ESR-NID, several innovations in the genetic algorithm were developed to keep the ruleset small. A two-stage evaluation component in the evolutionary process takes the cooperation of rules into consideration and results into very compact, easily understood rulesets. The effectiveness of this approach is evaluated against several sources of data for both detection of normal and abnormal behaviour. The results are found to be comparable to those achieved using other machine learning methods from both categories of GA-based and non-GA-based methods. One of the significant advantages of ESR-NIS is that it can be tailored to specific problem domains and the characteristics of the dataset by the use of different fitness and performance functions. This makes the system a more flexible model compared to other learning techniques. Additionally, an IDS must adapt itself to the changing environment with the least amount of configurations. ESR-NID uses an incremental learning approach as new flow of traffic become available. The incremental learning approach benefits from less required storage because it only keeps the generated rules in its database. This is in contrast to the infinitely growing size of repository of raw training data required for traditional learning

AFRANCI : multi-layer architecture for cognitive agents

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 201

Genetic approaches to understanding pain mechanisms: Zfhx2 and peripheral sensory neuron ablation mouse transgenic models

Latest cutting-edge sequencing has allowed researchers to obtain a full array of differentially expressed neuronal genes within the peripheral nervous system. Understanding this heterogeneity and functional implication could unveil new therapeutic targets towards a more precise medicine. Combining a novel reporter mouse with Cre recombinase strategies, I examined the spatial and functional organization of transcriptomically different subpopulations of neurons in the mouse DRG in pathological and nonpathological states. Results herein include: confirmation of Cre activity and specificity in all lines studied by RNA scope when compared to previous reports and transcriptomic analysis; significant upregulation of DRG gal expression after Complete Freund's Adjuvant (CFA) induced inflamation; normal weight and exploratory behaviour for all lines tested; motor activity assessed by Rotarod not significant, but further motor coordination tests on animals missing Th DRG neurons showed significant impairment; noxious mechanosensation reduced in animals lacking SCN10aCre and Tmem45b DRG; confirmation of CGRP-positive neurons role in heat and cold perception as well as in the formalin inflammatory model; Von Frey hypersensitivity on animals lacking CGRP; and lastly TrkBpositive neurons responsible for significant deficits in mechanical hypersensitivity in the partial sciatic nerve ligation neuropathic pain model whilst no effect in cancer induced bone pain model. Parallelly, by reverse genetics approach, I explore the contribution of the Zfhx2 gene, whose mutation has been identified as responsible for the Marsili pain insensitivity syndrome, in two different animal models of nociception. Behavioural characterisation of bacterial artificial chromosome (BAC) transgenic mice bearing the orthologous murine mutation, as well as Zfhx2 null mutant mice, shows significant deficits in pain sensitivity in thermal and mechanical tests respectively. In summary, as well as validating several new useful transgenic mouse lines, this thesis provides insights into genes and neuronal subpopulations important in pain pathways and provides potential platforms for translational studies of pain syndromes

DEVELOPMENT OF SPACE-INVARIANT SIGNATURE ALGORITHM (SISA) - AN INNOVATIVE APPROACH FOR PROCESSING THE MEDICAL IMAGES FOR THE DETECTION AND LOCALIZATION OF EARLY ABNORMALITIES IN BIOLOGICAL TISSUES

Early detection, diagnosis and localization are some of the important issues facing the medical profession for diseases such as cancer and cardiac disorders. Therefore, it is vital that a reliable approach, which is economic, safer and less time consuming be developed for the detection and diagnosis of such disorders. In this thesis an innovative approach, Space-Invariant Signature Algorithm (SISA) is proposed and developed to process the medical images for the detection and localization of abnormalities at an early stage in active biological tissues such as cancer, potential tumor growth and damaged tissues. In this proposed SISA approach, if the SISA signature pattern is space-invariant it suggests the absence of any abnormality. A space-variant SISA signature pattern is an indication of the presence of the abnormality. The abnormality in an active system can be defined as the obstacle, which impedes the smooth flow of activities such as blood or electrical signals. In any active system under excitation, abnormalities create extra perturbations, depending on the stage of progression of the abnormality. An abnormality in the final stage or critical stage will create very high perturbations that would largely impede the smooth flow of the excitation, whereas, in early stages, the abnormality will create low perturbations and would slightly impede the smooth flow of the excitation provided to the active system. Using the SISA approach, in the absence of any abnormalities, the signature pattern should have a uniform signature pattern, whereas, in the presences of abnormalities, the SISA signature pattern will be space-variant. The degree and position of the variance in space helps in the detection and localization of the abnormality. The SISA approach was first tested on a liquid vibrating system with various types of obstacles. These abnormalities created perturbations in the system parameters that induced the vibration patterns. Furthermore, the experimental results using the SISA approach were also obtained on ultrasound images to find abnormalities in animal tissues. In each of these cases of ultrasound imaging, the SISA signature patterns were able to localize and detect the tissue abnormality. The experimental results obtained with various types of small and large impedances (obstacles), which represent respectively the early and critical stages of abnormalities in the vibrating liquid system, were very encouraging. This basic SISA study on the liquid vibrating system was extended for processing ultrasound images for the detection and localization of damaged biological tissues. These initial experiments on animal tissues using ultrasound images along with SISA processing indicate that this innovative SISA approach has a great potential for processing other types of medical images such as ultrasound, Magnetic Resonance Elastography (MRE) and Computed Tomography (CT scan) for the detection and localization of abnormalities at an incipient stage

Perspectives and Experiences of Individuals Undergoing Predictive Testing for Hereditary Breast and Ovarian Cancer (HBOC) Syndrome in the Western Cape, South Africa.

Breast cancer is the most common malignancy affecting females globally. Hereditary breast and ovarian cancer (HBOC) syndrome is caused by pathogenic variants in BRCA1 and BRCA2 and is seen in approximately 50% of families with a strong history of breast and ovarian cancers. Predictive testing (PT) is offered to unaffected individuals with a positive family history of HBOC, with an already identified BRCA1 or BRCA2 mutation in an affected family member. There is an overwhelming amount of research that has focused on the after-effects of diagnostic genetic testing for HBOC but there has been little investigation into how individuals experience the actual PT process. The present study therefore aimed to investigate individuals’ decisions for undergoing and their experiences of PT for HBOC in a local context, by focusing on at-risk South African individuals residing in the Western Cape Province. Sixteen participants were recruited retrospectively from the breast cancer and/or clinical genetics clinics at Groote Schuur Hospital, Tygerberg Hospital and private genetic counselling practices in Cape Town. Semi structured interviews were conducted, and the interview transcripts were analysed using the framework approach for qualitative data analysis. Using this approach, five themes were identified relating to the perspectives and experiences of individuals undergoing PT for HBOC, in selected settings in the Western Cape. While some participants felt that their decision to pursue PT was influenced by their family history of cancer and the associated cancer-related distress, others felt that their decision was made out of a sense of duty to their families or in solidarity with those that were affected or received a positive test result. Overall, the participants felt that the pre-test counselling was beneficial in allowing for an improved understanding of HBOC, however not all participants felt that the pre-test counselling prepared them for receiving their results. Receiving a negative test result was often accompanied by feelings of guilt and did not exempt participants from the fear of developing cancer. Some of the concerns raised by participants that received a positive test result were centred around prophylactic intervention and its effect on body image. Overall, participants felt empowered by their mutation status and felt that they were better able to manage their risk. The need for additional support, both practical and emotional support, was particularly evident amongst mutation-carriers. The findings of this study provide valuable insight into the perspectives and experiences of this population, which could potentially impact the services that are provided to individuals undergoing PT for HBOC in similar settings

Positron emission tomography imaging biomarkers of frontotemporal dementia

There are currently no disease modifying treatments available for frontotemporal dementia (FTD). Pathological heterogeneity within and between FTD phenotypes and genotypes makes accurate diagnosis challenging. Biomarkers that can aid diagnosis and monitor disease progression will be critical for clinical trials of potential treatments. Positron emission tomography (PET) imaging provides insights into molecular changes in the brain during life that are otherwise only directly quantifiable at postmortem. In this thesis I aimed to identify potential biomarkers of FTD using PET imaging. In Chapter 3 I use PET imaging of glucose metabolism to identify early neuronal dysfunction in presymptomatic genetic FTD, revealing specific involvement of the anterior cingulate in a subgroup of mutation carriers. In Chapter 4 I evaluate the utility of a PET tracer of tau protein deposition in genetic FTD against volumetric imaging, which appears to provide a more sensitive biomarker of disease than this tau PET tracer in FTD. In Chapter 5 I investigate neuroinflammation via PET imaging and identify different areas of neuroinflammation in different FTD genotypes, suggesting an association between neuroinflammation and protein deposition and that PET imaging of neuroinflammation might provide a sensitive biomarker in MAPT-related FTD. In Chapter 6 I investigate synaptic and mitochondrial dysfunction via PET imaging in FTD, the latter of which has been previously unexplored. I reveal marked differences in both markers in FTD versus controls which suggests both might provide sensitive biomarkers of disease. Furthermore, in Chapter 7 I evaluate the same biomarkers at longitudinal follow up where I find continued reductions in mitochondrial function over time suggesting mitochondrial PET imaging may provide a biomarker of disease progression in FTD. Future replication of the findings in this thesis in larger cohorts might facilitate the advancement of clinical trials in FTD