Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study

The adoption of machine learning and deep learning is on the rise in the cybersecurity domain where these AI methods help strengthen traditional system monitoring and threat detection solutions. However, adversaries too are becoming more effective in concealing malicious behavior amongst large amounts of benign behavior data. To address the increasing time-to-detection of these stealthy attacks, interconnected and federated learning systems can improve the detection of malicious behavior by joining forces and pooling together monitoring data. The major challenge that we address in this work is that in a federated learning setup, an adversary has many more opportunities to poison one of the local machine learning models with malicious training samples, thereby influencing the outcome of the federated learning and evading detection. We present a solution where contributing parties in federated learning can be held accountable and have their model updates audited. We describe a permissioned blockchain-based federated learning method where incremental updates to an anomaly detection machine learning model are chained together on the distributed ledger. By integrating federated learning with blockchain technology, our solution supports the auditing of machine learning models without the necessity to centralize the training data. Experiments with a realistic intrusion detection use case and an autoencoder for anomaly detection illustrate that the increased complexity caused by blockchain technology has a limited performance impact on the federated learning, varying between 5 and 15%, while providing full transparency over the distributed training process of the neural network. Furthermore, our blockchain-based federated learning solution can be generalized and applied to more sophisticated neural network architectures and other use cases

Adversarial Machine Learning

Recent innovations in machine learning enjoy a remarkable rate of adoption across a broad spectrum of applications, including cyber-security. While previous chapters study the application of machine learning solutions to cyber-security, in this chapter we present adversarial machine learning: a field of study concerned with the security of machine learning algorithms when faced with attackers. Likewise, adversarial machine learning enjoys remarkable interest from the community, with a large body of works that either propose attacks against machine learning algorithms, or defenses against adversarial attacks. In particular, adversarial attacks have been mounted in almost all applications of machine learning. Here, we aim to systematize adversarial machine learning, with a pragmatic focus on common computer security applications. Without assuming a strong background in machine learning, we also introduce the basic building blocks and fundamental properties of adversarial machine learning. This study is therefore accessible both to a security audience without in-depth knowledge of machine learning and to a machine learning audience

Leuciscus (Pisces, Cyprinidae) karyotypes: Transect of Portuguese populations

The presently described Iberian chubs - Leuciscus carolitertii and L. pyrenaicus - sampled throughout their distribution ranges in Portugal were cytogenetically analyzed. Their chromosome numbers were consistently 2n = 50, except for two specimens of L. carolitertii, which exhibited a supernumerary chromosome in some of the metaphases. The karyotypes were found to be highly typical for other Leuciscus taxa, as well as for European leuciscine cyprinids: the chromosome sets are dominated by metacentric and submetacentric elements with a reduced number of acrocentric pairs (three to four); the largest pair of the complements belongs typically to this latter category. The chubs from northern drainages, assignable to L. carolitertii, have apparently a more stable karyotype structure (12M:30S:8A) than the chubs from L. pyrenaicus, which have 12M:32S:6A, but may exhibit in the most southern river basins (Guadiana, Mira, Aljezur, Bordeira and Arade) more variable karyotypes. Besides, these data support the very recent discovery of two genetically distinct Leuciscus taxa in this region of the Iberian Peninsula, suggesting the stochastic fixation of structural chromosome rearrangements in these small and isolated drainages, which may be affected by bottlenecks due to significant variations in hydrological regimes. The NORs were apparently located in one small submetacentric pair of chromosomes and the presence of a heteromorphic sex chromosome system of the ZW/ZZ type was also evidenced for the Iberian endemic chubs.<br>A análise citogenética dos dois endemismos de Leuciscus atualmente descritos na Península Ibérica foi efetuada em amostras obtidas ao longo da sua área de distribuição. Apresentaram um valor diplóide de 2n = 50, com exceção de dois exemplares de L. carolitertii, os quais exibiam um cromossomo supranumerário em algumas metáfases. Caracterizaram-se por um padrão cariológico idêntico ao dos restantes táxons do mesmo gênero, igualmente partilhado pelos Leuciscinae europeus: um elevado número de cromossomos metacêntricos e submetacêntricos e um número reduzido de acrocêntricos (três a quatro pares), incluindo-se neste último grupo o maior par do complemento. As NORs localizaram-se tipicamente num par de submetacêntricos de reduzidas dimensões, existindo também evidências de um sistema cromossômico de determinação sexual do tipo ZW/ZZ. Porém, os espécimes do norte, L. carolitertii, aparentaram possuir um cariótipo mais estável em termos estruturais (12M:30S:8A) do que os do sul, pertencentes a L. pyrenaicus (12M:32S:6A). Esta espécie exibiu, nas suas populações mais meridionais que se localizam nas bacias do Mira, Aljezur, Bordeira e Arade, alterações da referida fórmula cromossômica, fato que vem em apoio da recente descoberta de dois taxóns de Leuciscus geneticamente diferenciados no sul da Península Ibérica, sugerindo a fixação de rearranjos cromossômicos estruturais nestas pequenas e isoladas bacias hidrográficas, com grandes variações dos seus regimes hidrológicos produzindo os chamados" efeitos de gargalo"