Le Machine Learning confronté aux contraintes opérationnelles des systèmes de détection

International audienceLes systèmes de détection d’intrusion, reposant traditionnellementsur des signatures, n’ont pas échappé à l’attrait récent des techniquesde Machine Learning. Si les résultats présentés dans les articles de rechercheacadémique sont souvent excellents, les experts en sécurité ontcependant encore de nombreuses réticences concernant l’utilisation duMachine Learning dans les systèmes de détection d’intrusion. Ils redoutentgénéralement une inadéquation de ces techniques aux contraintes opérationnelles,notamment à cause d’un niveau d’expertise requis important,ou d’un grand nombre de faux positifs.Dans cet article, nous montrons que le Machine Learning peut êtrecompatible avec les contraintes opérationnelles des systèmes de détection.Nous expliquons comment construire un modèle de détection et présentonsde bonnes pratiques pour le valider avant sa mise en production. Laméthodologie est illustrée par un cas d’étude sur la détection de fichiersPDF malveillants et nous proposons un outil libre, SecuML, pour lamettre en oeuvre

Alliages base Cobalt en surfusion sous champ magnétique intense (propriétés magnétiques et comportement à la solidification)

Ce travail est dédié à l'étude de l'effet des champs magnétiques sur les propriétés magnétiques et le comportement à la solidification d'alliages à base de Cobalt en surfusion sous champ magnétique intense. Les alliages à base Co sont d'excellents candidats pour obtenir une surfusion en dessous ou proche du point de Curie sous champ intense en raison du faible écart entre ce point de Curie et la température du liquidus. Dans cette étude, un dispositif haute température de surfusion intégrant une mesure magnétique a été construit dans un aimant supraconducteur, et est utilisé pour la mesure in situ de l'aimantation de liquides surfondus et pour l'étude du sur-refroidissement et de l'évolution de la microstructure de solidification en champ intense. Le cobalt liquide en surfusion est fortement magnétique sous champ, et son aimantation est même supérieure à celle du solide au chauffage à la même température. L'aimantation de l'alliage proche eutectique Co-B en surfusion dépend de la température de surchauffe, tandis que le Co-Sn en surfusion est toujours paramagnétique. La surfusion moyenne et l'étendue de la recalescence de différents métaux et alliages est affectée par un champ externe. En champ magnétique uniforme, la surfusion du Cuivre est amplifiée, tandis que la surfusion du Cobalt et de Co-Sn reste identique. Cependant, l'étendue de la recalescence du Cobalt et de Co-Sn est réduite, et l'effet est d'autant plus important pour des teneurs supérieures en Cobalt. Le champ magnétique promeut la précipitation de la phase dendritique a-Co et la formation d'eutectique anormal dans la microstructure des alliages Co-Sn surfondus. Les processus d'évolution de la microstructure sont affectés par le champ magnétique, et dépendent de l'intensité du champ et de la surfusion. Ce travail offre de nouveaux horizons dans l'étude des propriétés magnétiques d'alliages métalliques en forte surfusion et dans l'étude de la solidification hors équilibre sous champ magnétique intense.This work is devoted to the investigation of the magnetic field effect on the magnetic properties and solidification behavior of undercooled Co based alloys in high magnetic field. Co based alloys are promising candidates to be undercooled below or approaching their Curie point in strong magnetic field due to their small temperature difference between liquid line and Curie point. In this dissertation, a high temperature undercooling facility with magnetization measurement system is built in a superconducting magnet, and is used for in situ measurement of the magnetization of the undercooled melts and study the undercoolability and solidification microstructure evolution in magnetic field. The deep undercooled Co melt is strongly magnetized in magnetic fields, and its magnetization is even larger than the magnetization of heated solid at the same temperature. The magnetization of undercooled Co-B near eutectic alloy is related with overheating temperature while the undercooled Co-Sn melt is always in paramagnetic state. Mean undercooling and recalescence extent of different metals and alloys are affected by external field. In uniform magnetic field, the undercooling of Cu is enhanced while the undercoolings of Co and Co-Sn keep constant. However, the recalescence extents of Co and Co-Sn alloys are reduced, and with the increasing Co content, the effect becomes larger. Magnetic field promotes the precipitation of aCo dendrite phase and the formation of anomalous eutectics in solidified microstructure of undercooled Co-Sn alloys. The microstructure evolution processes are affected by magnetic field depending on the field intensity and undercooling. This work opens a new way to investigate the magnetic properties of deeply undercooled metallic melts and non-equilibrium solidification in strong magnetic fields.SAVOIE-SCD - Bib.électronique (730659901) / SudocGRENOBLE1/INP-Bib.électronique (384210012) / SudocGRENOBLE2/3-Bib.électronique (384219901) / SudocSudocFranceF

Influence of strong magnetic field on distribution of solid particles in BiZn immiscible alloys with a metastable miscibility gap

International audienceCompositions located in the metastable miscibility gap of BiZn immiscible alloy was investigated under a high static magnetic field (HSMF). BiZn immiscible alloys with uniformly distribution of solid particles in the matrix were obtained under HSMF with 29 T. The results show that the solid Bi particles were uniformly distributed in the matrix because of complete suppression of Stokes sedimentation under the HSMF with 29 T. Segregation in the alloys solidified under 0 T, 1 T and 6 T was mainly owning to Stokes sedimentation, but that solidified under 17.4T and 29 T was dominated by nucleation, growth and Marangoni migration processes of liquid Bi droplets. The segregation mechanism under the effects of HSMF was discussed

End-to-End Active Learning for Computer Security Experts

International audienceLabelling a dataset for supervised learning is particularly expensive in computer security as expert knowledge is required for annotation. Some research works rely on active learning to reduce the labelling cost, but they often assimilate annotators to mere oracles providing ground-truth labels. Most of them completely overlook the user experience while active learning is an interactive procedure. In this paper, we introduce an end-to-end active learning system, ILAB, tailored to the needs of computer security experts. We have designed the active learning strategy and the user interface jointly to effectively reduce the annotation effort. Our user experiments show that ILAB is an efficient active learning system that computer security experts can deploy in real-world annotation projects

End-to-End Active Learning for Computer Security Experts

International audienceSupervised detection models can be deployed in computer security detection systems to strengthen detection. However, acquiring a training dataset is particularly expensive in this context since expert knowledge is required to annotate. Some research works rely on active learning to reduce human effort, but they often assimilate annotators to mere oracles providing ground-truth labels. Most of them completely overlook the user experience while active learning is an interactive procedure. In this paper, we introduce an end-to-end active learning system, ILAB, tailored to computer security experts needs. We have designed the active learning strategy and the user interface jointly to effectively reduce annotation effort. Our user experiments show that ILAB is an efficient active learning system that computer security experts can deploy in real-world annotation projects

ILAB: An Interactive Labelling Strategy for Intrusion Detection

International audienceAcquiring a representative labelled dataset is a hurdle that has to be overcome to learn a supervised detection model. Labelling a dataset is particularly expensive in computer security as expert knowledge is required to perform the annotations. In this paper, we introduce ILAB, a novel interactive labelling strategy that helps experts label large datasets for intrusion detection with a reduced workload. First, we compare ILAB with two state-of-the-art labelling strategies on public labelled datasets and demonstrate it is both an effective and a scalable solution. Second, we show ILAB is workable with a real-world annotation project carried out on a large unlabelled NetFlow dataset originating from a production environment. We provide an open source implementation (https://github.com/ANSSI-FR/SecuML/) to allow security experts to label their own datasets and researchers to compare labelling strategies

Bulk high-Tc superconductors with drilled holes: how to arrange the holes to maximize the trapped magnetic flux ?

Drilling holes in a bulk high-Tc superconductor enhances the oxygen annealing and the heat exchange with the cooling liquid. However, drilling holes also reduces the amount of magnetic flux that can be trapped in the sample. In this paper, we use the Bean model to study the magnetization and the current line distribution in drilled samples, as a function of the hole positions. A single hole perturbs the critical current flow over an extended region that is bounded by a discontinuity line, where the direction of the current density changes abruptly. We demonstrate that the trapped magnetic flux is maximized if the center of each hole is positioned on one of the discontinuity lines produced by the neighbouring holes. For a cylindrical sample, we construct a polar triangular hole pattern that exploits this principle; in such a lattice, the trapped field is ~20% higher than in a squared lattice, for which the holes do not lie on discontinuity lines. This result indicates that one can simultaneously enhance the oxygen annealing, the heat transfer, and maximize the trapped field

From SSA to Synchronous Concurrency and Back

We are interested in the programming and compilation of reactive, real-time systems. More specifically, we would like to understand the fundamental principles common to generalpurpose and synchronous languages—used to model reactive control systems—and from this to derive a compilation flow suitable for both high-performance and reactive aspects of a modern control application. To this end, we first identify the key operational mechanisms of synchronous languages that SSA does not cover: synchronization of computations with an external time base, cyclic I/O, and the semantic notion of absent value which allows the natural representation of variables whose initialization does not follow simple structural rules such as control flow dominance. Then, we show how the SSA form in its MLIR implementation can be seamlessly extended tocover these mechanisms, enabling the application of all SSA-based transformations and optimizations. We illustrate this on the representation and compilation of the Lustre dataflow synchronous language. Most notably, in the analysis and compilation of Lustre embedded into MLIR, theinitialization-related static analysis and code generation aspects can be fully separated from memory allocation and causality aspects, the latter being covered by the existing dominance-based algorithms of MLIR/SSA, resulting in a high degree of conceptual and code reuse. Our work allowsthe specification of both computational and control aspects of high-performance real-time applications. It paves the way for the definition of more efficient design and implementation flows where real-time ressource allocation drives parallelization and optimization.Nous traitons de la programmation et de la compilation de systèmes réactifs, temps-réel. En particulier, nous cherchons à comprendre les principes fondamentaux communs à la programmation généraliste et aux langages synchrones—utilisés pour modéliser les systèmes de contrôle—et de là nous dérivons une méthode de compilation adaptée aux aspects réactifs et haute performance d’une application moderne. À cette fin, nous commençons par identifier les mécanismes des langages synchrones que SSA n’implémente pas : la synchronisation des calculs avec une base de temps externe, les entrées-sorties cycliques, et la notion sémantique de valeur absente, qui permet la représentation naturelle de variables dont l’initialisation ne suit pas de simples règles structurelles. Ensuite, nous montrons de quelle manière la forme SSA, dans l’implémentation de MLIR, peut être étendue pour implémenter ces mécanismes et leur appliquer toutes les transformations et optimisations basées sur SSA. Nous illustrons ces mécanismes par la représentation et la compilation du langage synchrone, flot de données Lustre. Nous montrons que les problèmes d’analyse statique pour l’initialisation, de génération de code, peuvent être entièrement distingués des problèmes d’allocation mémoire et de causalité, ces derniers étant pris en charge par les algorithmes d’analyse de la dominance de MLIR/SSA, ce qui permet un haut niveau de réutilisation du code et des concepts. Notre travail permet la spécification d’applications temps-réel, du point de vue du contrôle comme du calcul. Il ouvre la voie à ladéfinition de processus de conception et d’implémentation plus efficaces, où la parallélisation et l’optimisation procèdent de l’allocation des ressources temps-réel

Optimization Space Pruning without Regrets

International audienceMany computationally-intensive algorithms benefit from the wide parallelism offered by Graphical Processing Units (GPUs). However , the search for a close-to-optimal implementation remains extremely tedious due to the specialization and complexity of GPU architectures.We present a novel approach to automatically discover the best performing code from a given set of possible implementations. It involves a branch and bound algorithm with two distinctive features: (1) an analytic performance model of a lower bound on the execution time, and (2) the ability to estimate such bounds on a partially-specified implementation.The unique features of this performance model allow to aggressively prune the optimization space without eliminating the best performing implementation. While the space considered in this paper focuses on GPUs, the approach is generic enough to be applied to other architectures.We implemented our algorithm in a tool called Telamon and demonstrate its effectiveness on a huge, architecture-specific and input-sensitive optimization space. The information provided by the performance model also helps to identify ways to enrich the search space to consider better candidates, or to highlight architectural bottlenecks