Toward Building an Intelligent and Secure Network: An Internet Traffic Forecasting Perspective

Internet traffic forecast is a crucial component for the proactive management of self-organizing networks (SON) to ensure better Quality of Service (QoS) and Quality of Experience (QoE). Given the volatile and random nature of traffic data, this forecasting influences strategic development and investment decisions in the Internet Service Provider (ISP) industry. Modern machine learning algorithms have shown potential in dealing with complex Internet traffic prediction tasks, yet challenges persist. This thesis systematically explores these issues over five empirical studies conducted in the past three years, focusing on four key research questions: How do outlier data samples impact prediction accuracy for both short-term and long-term forecasting? How can a denoising mechanism enhance prediction accuracy? How can robust machine learning models be built with limited data? How can out-of-distribution traffic data be used to improve the generalizability of prediction models? Based on extensive experiments, we propose a novel traffic forecast/prediction framework and associated models that integrate outlier management and noise reduction strategies, outperforming traditional machine learning models. Additionally, we suggest a transfer learning-based framework combined with a data augmentation technique to provide robust solutions with smaller datasets. Lastly, we propose a hybrid model with signal decomposition techniques to enhance model generalization for out-of-distribution data samples. We also brought the issue of cyber threats as part of our forecast research, acknowledging their substantial influence on traffic unpredictability and forecasting challenges. Our thesis presents a detailed exploration of cyber-attack detection, employing methods that have been validated using multiple benchmark datasets. Initially, we incorporated ensemble feature selection with ensemble classification to improve DDoS (Distributed Denial-of-Service) attack detection accuracy with minimal false alarms. Our research further introduces a stacking ensemble framework for classifying diverse forms of cyber-attacks. Proceeding further, we proposed a weighted voting mechanism for Android malware detection to secure Mobile Cyber-Physical Systems, which integrates the mobility of various smart devices to exchange information between physical and cyber systems. Lastly, we employed Generative Adversarial Networks for generating flow-based DDoS attacks in Internet of Things environments. By considering the impact of cyber-attacks on traffic volume and their challenges to traffic prediction, our research attempts to bridge the gap between traffic forecasting and cyber security, enhancing proactive management of networks and contributing to resilient and secure internet infrastructure

Identifying The Usage Anomalies For ECG-Based Healthcare Body Sensor Networks

This thesis is looking into the dependability of a Electrocardiogram(ECG) based Healthcare Body Sensor Network system (HC-BSNs). For these type of devices, the dependability is not only depending on the devices themselves, but also heavily depending on how the devices are used. Existing literature has identified that there are around 4% of usage issues when existing ECG devices are used by professionals. The rate of usage issue will not be better for the ECG-Based HC-BSNs as these devices are more likely to be used by untrained people. Subsequently, it is with paramount importance to address the usage issues so that the overall dependability of the ECG-Based HC-BSNs can be assured. Our approach to address the usage issue is to detect the usage-related anomaly, which is contained in the captured signal when erroneous usage is made, and identify the cause to the usage-related anomaly automatically and without human intervention. By doing this, the user can be prompted with clearer and accurate correction instruction. Subsequently, the usage issues can be well corrected by the user. Based on the above concept, in this thesis, we have studied the anomalous signals which can be caused by the usage issues. Two methodologies, names as AID and FFNAID, have been proposed and evaluated to detect the usage-related anomalies. We have also studied how each usage issue can affect the signals on a mote, and we use the knowledge learnt from the study to propose a methodology, named as ACLP, to identify the root cause to the usage-related anomaly. All these methodologies are fully automated and does not require any human intervention once they are deployed. The evaluations have also shown the effectiveness of these methodologies

Detection of Anomalous Behavior of IoT/CPS Devices Using Their Power Signals

Embedded computing devices, in the Internet of Things (IoT) or Cyber-Physical Systems (CPS), are becoming pervasive in many domains around the world. Their wide deployment in simple applications (e.g., smart buildings, fleet management, and smart agriculture) or in more critical operations (e.g., industrial control, smart power grids, and self-driving cars) creates significant market potential ($ 4-11 trillion in annual revenue is expected by 2025). A main requirement for the success of such systems and applications is the capacity to ensure the performance of these devices. This task includes equipping them to be resilient against security threats and failures. Globally, several critical infrastructure applications have been the target of cyber attacks. These recent incidents, as well as the rich applicable literature, confirm that more research is needed to overcome such challenges. Consequently, the need for robust approaches that detect anomalous behaving devices in security and safety-critical applications has become paramount. Solving such a problem minimizes different kinds of losses (e.g., confidential data theft, financial loss, service access restriction, or even casualties). In light of the aforementioned motivation and discussion, this thesis focuses on the problem of detecting the anomalous behavior of IoT/CPS devices by considering their side-channel information. Solving such a problem is extremely important in maintaining the security and dependability of critical systems and applications. Although several side-channel based approaches are found in the literature, there are still important research gaps that need to be addressed. First, the intrusive nature of the monitoring in some of the proposed techniques results in resources overhead and requires instrumentation of the internal components of a device, which makes them impractical. It also raises a data integrity flag. Second, the lack of realistic experimental power consumption datasets that reflect the normal and anomalous behaviors of IoT and CPS devices has prevented fair and coherent comparisons with the state of the art in this domain. Finally, most of the research to date has concentrated on the accuracy of detection and not the novelty of detecting new anomalies. Such a direction relies on: (i) the availability of labeled datasets; (ii) the complexity of the extracted features; and (iii) the available compute resources. These assumptions and requirements are usually unrealistic and unrepresentative. This research aims to bridge these gaps as follows. First, this study extends the state of the art that adopts the idea of leveraging the power consumption of devices as a signal and the concept of decoupling the monitoring system and the devices to be monitored to detect and classify the "operational health'' of the devices. Second, this thesis provides and builds power consumption-based datasets that can be utilized by AI as well as security research communities to validate newly developed detection techniques. The collected datasets cover a wide range of anomalous device behavior due to the main aspects of device security (i.e., confidentiality, integrity, and availability) and partial system failures. The extensive experiments include: a wide spectrum of various emulated malware scenarios; five real malware applications taken from the well-known Drebin dataset; distributed denial of service attack (DDOS) where an IoT device is treated as: (1) a victim of a DDOS attack, and (2) the source of a DDOS attack; cryptomining malware where the resources of an IoT device are being hijacked to be used to advantage of the attacker’s wish and desire; and faulty CPU cores. This level of extensive validation has not yet been reported in any study in the literature. Third, this research presents a novel supervised technique to detect anomalous device behavior based on transforming the problem into an image classification problem. The main aim of this methodology is to improve the detection performance. In order to achieve the goals of this study, the methodology combines two powerful computer vision tools, namely Histograms of Oriented Gradients (HOG) and a Convolutional Neural Network (CNN). Such a detection technique is not only useful in this present case but can contribute to most time-series classification (TSC) problems. Finally, this thesis proposes a novel unsupervised detection technique that requires only the normal behavior of a device in the training phase. Therefore, this methodology aims at detecting new/unseen anomalous behavior. The methodology leverages the power consumption of a device and Restricted Boltzmann Machine (RBM) AutoEncoders (AE) to build a model that makes them more robust to the presence of security threats. The methodology makes use of stacked RBM AE and Principal Component Analysis (PCA) to extract feature vector based on AE's reconstruction errors. A One-Class Support Vector Machine (OC-SVM) classifier is then trained to perform the detection task. Across 18 different datasets, both of our proposed detection techniques demonstrated high detection performance with at least ~ 88% accuracy and 85% F-Score on average. The empirical results indicate the effectiveness of the proposed techniques and demonstrated improved detection performance gain of 9% - 17% over results reported in other methods

Towards Remote Gait Analysis: Combining Physics and Probabilistic Models for Estimating Human Joint Mechanics

The connected health movement and remote patient monitoring promise to revolutionize patient care in multiple clinical contexts. In orthopedics, continuous monitoring of human joint and muscle tissue loading in free-living conditions will enable novel insight concerning musculoskeletal disease etiology. These developments are necessary for comprehensive patient characterization, progression monitoring, and personalized therapy. This vision has motivated many recent advances in wearable sensor-based algorithm development that aim to perform biomechanical analyses traditionally restricted to confined laboratory spaces. However, these techniques have not translated to practical deployment for remote monitoring. Several barriers to translation have been identified including complex sensor arrays. Thus, the aim of this work was to lay the foundation for remote gait analysis and techniques for estimating clinically relevant biomechanics with a reduced sensor array. The first step in this process was to develop an open-source platform that generalized the processing pipeline for automated remote biomechanical analysis. The clinical utility of the platform was demonstrated for monitoring patient gait following knee surgery using continuous recordings of thighworn accelerometer data and rectus femoris electromyograms (EMG) during free-living conditions. Individual walking bouts were identified from which strides were extracted and characterized for patient evaluation. A novel, multifactorial asymmetry index was proposed based on temporal, EMG, and kinematic descriptors of gait that was able to differentiate between patients at different stages of recovery and that was more sensitive to recovery time than were indices of cumulative physical activity. The remainder of the work focused on algorithms for estimating joint moment and simulating muscle contraction dynamics using a reduced sensor array. A hybrid technique was proposed that combined both physics and probabilistic models in a complementary fashion. Specifically, the notion of a muscle synergy function was introduced that describes the mapping between excitations from a subset of muscles and excitations from other synergistic muscles. A novel model of these synergy functions was developed that enabled estimation of unmeasured muscle excitations using a measured subset. Data from thigh- and shank-worn inertial sensors were used to estimate segment kinematics and muscle-tendon unit (MTU) lengths using physics-based techniques and a model of the musculoskeletal geometry. These estimates of muscle excitation and MTU length were used as inputs for EMG-driven simulation of muscle contraction. Estimates of muscle force, power, and work as well as net joint moment from the proposed hybrid technique were compared to estimates from laboratory-based techniques. This presents the first sensor-only (four EMG and two inertial sensors) simulation of muscle contraction dynamics and joint moment estimation using machine learning only for estimating unmeasured muscle excitations. This work provides the basis for automated remote biomechanical analysis with reduced sensor arrays; from raw sensor recordings to estimates of muscle moment, force, and power. The proposed hybrid technique requires data from only four EMG and two inertial sensors and work has begun to seamlessly integrate these sensors into a knee brace for monitoring patients following knee surgery. Future work should build on these developments including further validation and design of methods utilizing remotely and longitudinally observed biomechanics for prognosis and optimizing patient-specific interventions

Proceedings Of The 18th Annual Meeting Of The Asia Oceania Geosciences Society (Aogs 2021)

The 18th Annual Meeting of the Asia Oceania Geosciences Society (AOGS 2021) was held from 1st to 6th August 2021. This proceedings volume includes selected extended abstracts from a challenging array of presentations at this conference. The AOGS Annual Meeting is a leading venue for professional interaction among researchers and practitioners, covering diverse disciplines of geosciences

Comparison of Correlation for Asian Shariah Indices Using DCC-GARCH and Rolling Window Correlation.

This paper aims to compare the capability of correlation in capturing the volatility using rolling window correlation and Dynamic Conditional Correlation - Generalized Autoregressive Conditional Heteroscedasticity (DCC-GARCH) approach. This study will perform a DCC-GARCH to estimate the dynamic conditional correlation between the Asian Shariah indices. The Asian Shariah index comprises FTSE SGX Asia Shariah 100, FTSE Bursa Malaysia Emas Shariah Index, FTSE Greater China Shariah Index, and FTSE Stock Exchange of Thailand (SET) Shariah Index. The correlation estimation considers the FTSE SGX Asia Shariah 100 as a proxy. The World Health Organization (WHO) declared the Coronavirus 2019 (COVID-19) as pandemic on 11th March 2020. Therefore, the data used covers six months before and after 11th March 2020, from 11th September 2019 until 11th September 2020. The output of both effected correlations towards the Covid-19 will be evaluated based on their ability to capture the time-varying changes through graph plotting. The empirical findings show that the DCC-GARCH is better at capturing the highly changes volatility than the rolling window correlation

Abstracts on Radio Direction Finding (1899 - 1995)

The files on this record represent the various databases that originally composed the CD-ROM issue of "Abstracts on Radio Direction Finding" database, which is now part of the Dudley Knox Library's Abstracts and Selected Full Text Documents on Radio Direction Finding (1899 - 1995) Collection. (See Calhoun record https://calhoun.nps.edu/handle/10945/57364 for further information on this collection and the bibliography). Due to issues of technological obsolescence preventing current and future audiences from accessing the bibliography, DKL exported and converted into the three files on this record the various databases contained in the CD-ROM. The contents of these files are: 1) RDFA_CompleteBibliography_xls.zip [RDFA_CompleteBibliography.xls: Metadata for the complete bibliography, in Excel 97-2003 Workbook format; RDFA_Glossary.xls: Glossary of terms, in Excel 97-2003 Workbookformat; RDFA_Biographies.xls: Biographies of leading figures, in Excel 97-2003 Workbook format]; 2) RDFA_CompleteBibliography_csv.zip [RDFA_CompleteBibliography.TXT: Metadata for the complete bibliography, in CSV format; RDFA_Glossary.TXT: Glossary of terms, in CSV format; RDFA_Biographies.TXT: Biographies of leading figures, in CSV format]; 3) RDFA_CompleteBibliography.pdf: A human readable display of the bibliographic data, as a means of double-checking any possible deviations due to conversion

AVATAR - Machine Learning Pipeline Evaluation Using Surrogate Model

© 2020, The Author(s). The evaluation of machine learning (ML) pipelines is essential during automatic ML pipeline composition and optimisation. The previous methods such as Bayesian-based and genetic-based optimisation, which are implemented in Auto-Weka, Auto-sklearn and TPOT, evaluate pipelines by executing them. Therefore, the pipeline composition and optimisation of these methods requires a tremendous amount of time that prevents them from exploring complex pipelines to find better predictive models. To further explore this research challenge, we have conducted experiments showing that many of the generated pipelines are invalid, and it is unnecessary to execute them to find out whether they are good pipelines. To address this issue, we propose a novel method to evaluate the validity of ML pipelines using a surrogate model (AVATAR). The AVATAR enables to accelerate automatic ML pipeline composition and optimisation by quickly ignoring invalid pipelines. Our experiments show that the AVATAR is more efficient in evaluating complex pipelines in comparison with the traditional evaluation approaches requiring their execution