Evaluating Sequential Combination of Two Light-Weight Genetic Algorithm based Solutions to Intrusion Detection

In this work we have presented a genetic algorithm approach for classifying normal connections and intrusions. We have created a serial combination of two light-weight genetic algorithm-based intrusion detection systems where each of the systems exhibits certain deficiency. In this way we have managed to mitigate the deficiencies of both of them. The model was verified on KDD99 intrusion detection dataset, generating a solution competitive with the solutions reported by the state-ofthe- art, while using small subset of features from the original set that contains forty one features. The most significant features were identified by deploying principal component analysis and multi expression programming. Furthermore, our system is adaptable since it permits retraining by using new data

Unsupervised Genetic Algorithm Deployed for Intrusion Detection

This paper represents the first step in an on-going work for designing an unsupervised method based on genetic algorithm for intrusion detection. Its main role in a broader system is to notify of an unusual traffic and in that way provide the possibility of detecting unknown attacks. Most of the machinelearning techniques deployed for intrusion detection are supervised as these techniques are generally more accurate, but this implies the need of labeling the data for training and testing which is time-consuming and error-prone. Hence, our goal is to devise an anomaly detector which would be unsupervised, but at the same time robust and accurate. Genetic algorithms are robust and able to avoid getting stuck in local optima, unlike the rest of clustering techniques. The model is verified on KDD99 benchmark dataset, generating a solution competitive with the solutions of the state-of-the-art which demonstrates high possibilities of the proposed method

Detecting false testimonies in reputation systems using self-organizing maps

It has been demonstrated that rating trust and reputation of individual nodes is an effective approach in distributed environments in order to improve security, support decision-making and promote node collaboration. Nevertheless, these systems are vulnerable to deliberate false or unfair testimonies. In one scenario, the attackers collude to give negative feedback on the victim in order to lower or destroy its reputation. This attack is known as bad mouthing attack. In another scenario, a number of entities agree to give positive feedback on an entity (often with adversarial intentions). This attack is known as ballot stuffing. Both attack types can significantly deteriorate the performances of the network. The existing solutions for coping with these attacks are mainly concentrated on prevention techniques. In this work, we propose a solution that detects and isolates the abovementioned attackers, impeding them in this way to further spread their malicious activity. The approach is based on detecting outliers using clustering, in this case self-organizing maps. An important advantage of this approach is that we have no restrictions on training data, and thus there is no need for any data pre-processing. Testing results demonstrate the capability of the approach in detecting both bad mouthing and ballot stuffing attack in various scenarios

An evolutionary scheduling approach for trading-off accuracy vs. verifiable energy in multicore processors

This work addresses the problem of energy-efficient scheduling and allocation of tasks in multicore environments, where the tasks can allow a certain loss in accuracy in the output, while still providing proper functionality and meeting an energy budget. This margin for accuracy loss is exploited by using computing techniques that reduce the work load, and thus can also result in significant energy savings. To this end, we use the technique of loop perforation, that transforms loops to execute only a subset of their original iterations, and integrate this technique into our existing optimization tool for energy-efficient scheduling. To verify that a schedule meets an energy budget, both safe upper and lower bounds on the energy consumption of the tasks involved are needed. For this reason, we use a parametric approach to estimate safe (and tight) energy bounds that are practical for energy verification (and optimization applications). This approach consists in dividing a program into basic (?branchless?) blocks, establishing the maximal (resp. minimal) energy consumption for each block using an evolutionary algorithm, and combining the obtained values according to the program control flow, by using static analysis to produce energy bound functions on input data sizes. The scheduling tool uses evolutionary algorithms coupled with the energy bound functions for estimating the energy consumption of different schedules. The experiments with our prototype implementation were performed on multicore XMOS chips, but our approach can be adapted to any multicore environment with minor changes. The experimental results show that our new scheduler enhanced with loop perforation improves on the previous one, achieving significant energy savings (31% on average for the test programs) for acceptable levels of accuracy loss

Self-organizing maps versus growing neural Gas in detecting anomalies in data centers

Reliability is one of the key performance factors in data centres. The out-of-scale energy costs of these facilities lead data centre operators to increase the ambient temperature of the data room to decrease cooling costs. However, increasing ambient temperature reduces the safety margins and can result in a higher number of anomalous events. Anomalies in the data centre need to be detected as soon as possible to optimize cooling efficiency and mitigate the harmful effects over servers. This article proposes the usage of clustering-based outlier detection techniques coupled with a trust and reputation system engine to detect anomalies in data centres. We show how self-organizing maps or growing neural gas can be applied to detect cooling and workload anomalies, respectively, in a real data centre scenario with very good detection and isolation rates, in a way that is robust to the malfunction of the sensors that gather server and environmental information

Improving Social Odometry Robot Networks with Distributed Reputation Systems for Collaborative Purposes

The improvement of odometry systems in collaborative robotics remains an important challenge for several applications. Social odometry is a social technique which confers the robots the possibility to learn from the others. This paper analyzes social odometry and proposes and follows a methodology to improve its behavior based on cooperative reputation systems. We also provide a reference implementation that allows us to compare the performance of the proposed solution in highly dynamic environments with the performance of standard social odometry techniques. Simulation results quantitatively show the benefits of this collaborative approach that allows us to achieve better performances than social odometry

Bio-inspired enhancement of reputation systems for intelligent environments

Providing security to the emerging field of ambient intelligence will be difficult if we rely only on existing techniques, given their dynamic and heterogeneous nature. Moreover, security demands of these systems are expected to grow, as many applications will require accurate context modeling. In this work we propose an enhancement to the reputation systems traditionally deployed for securing these systems. Different anomaly detectors are combined using the immunological paradigm to optimize reputation system performance in response to evolving security requirements. As an example, the experiments show how a combination of detectors based on unsupervised techniques (self-organizing maps and genetic algorithms) can help to significantly reduce the global response time of the reputation system. The proposed solution offers many benefits: scalability, fast response to adversarial activities, ability to detect unknown attacks, high adaptability, and high ability in detecting and confining attacks. For these reasons, we believe that our solution is capable of coping with the dynamism of ambient intelligence systems and the growing requirements of security demands

Using clustering techniques for intelligent camera-based user interfaces

The area of Human-Machine Interface is growing fast due to its high importance in all technological systems. The basic idea behind designing human-machine interfaces is to enrich the communication with the technology in a natural and easy way. Gesture interfaces are a good example of transparent interfaces. Such interfaces must identify properly the action the user wants to perform, so the proper gesture recognition is of the highest importance. However, most of the systems based on gesture recognition use complex methods requiring high-resource devices. In this work, we propose to model gestures capturing their temporal properties, which significantly reduce storage requirements, and use clustering techniques, namely self-organizing maps and unsupervised genetic algorithm, for their classification. We further propose to train a certain number of algorithms with different parameters and combine their decision using majority voting in order to decrease the false positive rate. The main advantage of the approach is its simplicity, which enables the implementation using devices with limited resources, and therefore low cost. The testing results demonstrate its high potential

Unsupervised intrusion detection for wireless sensor networks based on artificial intelligence techniques

The objective of this work is to design an autonomous intrusion detection system for wireless sensor networks that would be able to detect wide range of attacks, including the previously unseen ones. The existing solutions have limited scope, in a sense they provide protection against already identified attacks, which renders the system vulnerable to unknown attacks. Furthermore, in those that can be adjusted in order to expand their scope, the modification has to be done through human interaction. We deal with this problem by proposing an artificial intelligence approach for detecting and confining attacks on the core protocols of wireless sensor networks: aggregation, routing and time synchronization. The approach is based on four main contributions. First of all, the attacks are treated as data outliers. To this end, the spaces of sensed values and the routing information of each node are mapped into vector spaces, which enable definition of distance-based analysis for outlier detection. Second, we develop unsupervised machine learning techniques for detecting outliers using defined distance based analysis. Third, we further envision distributed intrusion detection system, given the distributed nature of WSNs. Every node is being examined by agents that reside on the nodes in its vicinity and listen to its communication in a promiscuous manner, where each agent executes one of the unsupervised algorithms. Considering the optimal algorithm parameters cannot be guessed from the start, the immune system paradigm is used to obtain a set of high quality agents. And finally forth, the system of agents is coupled with a reputation system, in a way the output of an agent assigns lower reputation to the nodes where it detects adversarial activities and vice versa. It is further advocated to avoid any contact with low reputation nodes, which provides implicit response to adversarial activities, since compromised nodes remain isolated from the network. A prototype of the approach is implemented and connected to the sensor network simulator called AmiSim developed by our research group. The approach has been tested on the mentioned simulator on a group of representative attacks on each of the core network protocols. The detection and complete confinement of all the attacks was observed, while maintaining low level of false positives. It is also important to mention that the algorithms have been trained on both clean and unclean (i.e. data with traces of attack presence) data, being able to detect and confine the attacks in both cases, which provides its robustness. Moreover, it has been proven that the resulting reputation system has advantages over the conventional ones in the terms of lower redundancy necessary for correct operations, as well as its robustness to attacks on reputation systems, such as bad mouthing or ballot stuffing, given that it does not use any second hand information. Finally, we have proposed various ways of embedding the approach into a realistic environment, which adapts it to the environment resources, both computational and power, and we have proven its viability. We have provided estimations of resource consumption, which can help in choosing processors that can support the implementation. To summarize, the proposed approach can be expanded and adapted in an easy and rapid way in order to detect new attacks. Furthermore, with the intelligence and the level of uncertainty introduced by the proposed techniques, the solution offers possibilities to address the security problem in a more profound way. Thus, although in the current state this solution does not detect attacks that make no change in sensed value that is forwarded to the base station, nor in the routing paths used to send the values to the base station, it can be used to complement the conventional techniques, which will permit better detection of new attacks and react more rapidly to security incidents. Resumen El objetivo de esta tesis es diseñar un sistema autonomo de deteccion de intrusos para redes de sensores, que tambien seria capaz de detectar una amplia coleccion de ataques, incluyendo los que no se han observado anteriormente. Las soluciones existentes son limitadas en el sentido de que son capaces de proteger la red solo de los ataques previamente identificados, lo que los hace vulnerables a los ataques desconocidos. Asimismo, en los que se pueden ajustar y de esa manera ampliar sus posibilidades de deteccion, la modificacion tiene que hacerse de manera manual. La tesis propone un enfoque basado en la inteligencia artificial para detectar y confinar los ataques a los protocolos clave de las redes de sensores inalambricas, que son la agregacion, el rutado y la sincronizacion temporal. El enfoque se basa en cuatro contribuciones principales. En primer lugar, los ataques se tratan como datos atipicos. Por eso, los valores sensados, asi como la informacion del rutado de cada nodo son mapeados en espacios vectoriales, lo que permite definir el analisis basado en distancia para detectar los datos atipicos. En segundo lugar, se han desarrollado tecnicas de aprendizaje automatico sin supervision, capaces de detectar los datos atipicos utilizando dicho analisis basado en distancias. En tercer lugar, dado el caracter distribuido de las redes de sensores, se propone la deteccion de intrusos organizada de manera distribuida, de manera que cada nodo se examina por agentes que se encuentran en los nodos vecinos y que escuchan su comunicacion de manera promiscua, donde cada agente ejecuta uno de los algoritmos de aprendizaje automatico sin supervision. Ademas, teniendo en cuenta que los parametros optimos de los algoritmos no se pueden adivinar desde el principio, se utiliza el paradigma de los sistemas inmunes para obtener un conjunto de agentes de alta calidad. Por ultimo, el sistema de agentes se une a un sistema de reputacion, de manera que la decision de cualquier agente puede asignar un valor de reputacion mas bajo a los nodos donde encuentra indicios de intrusion, o viceversa. Ademas, se aconseja evitar cualquier contacto con los nodos que tienen reputacion baja, lo que permite tener una respuesta implicita ante actividades adversas, de manera que los nodos comprometidos quedan aislados de la red. El prototipo del enfoque se ha implementado y conectado al simulador de redes de sensores denominado AmiSim, que fue desarrollado por nuestro grupo de investigacion. El enfoque se ha comprobado en el simulador, bajo la presencia de varios ataques característicos para cado uno de los protocolos clave de la red. La detección y el confinamiento completo de todos los ataques fue observado, mientras se mantenía la tasa de falsos positivos en un nivel bajo. Asimismo, es importante mencionar que los algoritmos fueron entrenados con datos “limpios”, pero también con datos “sucios” (los datos que contienen trazas de ataques), siendo capaz de detectar y confinar los ataques en ambos casos, lo que demuestra su robustez. Ademas, se ha demostrado que el sistema de reputacion derivado tiene ventajas sobre los sistemas convencionales, tanto por necesitar menos redundancia para funcionar correctamente, como por su robustez ante ataques al sistema de reputacion, por ejemplo, ante la propagacion de informacion falsa sobre otro elemento de la red, puesto que no utiliza la informacion de segunda mano. Por ultimo, se han propuesto varias maneras de implementar este enfoque en entornos reales, que se adaptan a los recursos de los que dispone cada entorno, tanto computacionales como de potencia, y se ha demostrado su viabilidad. Ademas, se han proporcionado estimaciones del consumo de recursos, que puede ayudar a la hora de elegir el procesador capaz de implementar el enfoque propuesto. En resumen, el sistema propuesto es facilmente ampliable y puede adaptarse de forma rapida para detectar nuevas amenazas. Ademas, con la inteligencia propia de estas tecnicas y el nivel de incertidumbre que se introduce, la solucion que se plantea ofrece alternativas reales para abordar el problema de seguridad con mayor profundidad. Por eso, la idea principal de esta investigacion es complementar las tecnicas de seguridad convencionales con estos metodos, lo que permitira detectar mejor los nuevos ataques y reaccionar de manera mas rapida ante posibles incidentes de seguridad

Inferring energy bounds statically by evolutionary analysis of basic blocks

devices, including in some cases mission critical systems, for which there is a need to optimize their energy consumption and verify that they will perform their function within the available energy budget. In this work we propose a novel parametric approach to estimating tight energy bounds (both upper and lower) that are practical for energy verification and optimization applications in embedded systems. Our approach consists in dividing a program into basic (“branchless”) blocks, establishing the maximal (resp. minimal) energy consumption for each block using an evolutionary algorithm, and combining the obtained values according to the program control flow, using static analysis, to produce energy bound functions. Such functions depend on input data sizes, and return upper or lower bounds on the energy consumption of the program for any given set of input values of those sizes, without running the program. The approach has been tested on XMOS chips, but is general enough to be applied to any microprocessor and programming language. Our experimental results show that the bounds obtained by our prototype tool can be tight while remaining on the safe side of budgets in practice