A Vertical and Horizontal Intelligent Dataset Reduction Approach for Cyber-Physical Power Aware Intrusion Detection Systems

The Cypher Physical Power Systems (CPPS) became vital targets for intruders because of the large volume of high speed heterogeneous data provided from the Wide Area Measurement Systems (WAMS). The Nonnested Generalized Exemplars (NNGE) algorithm is one of the most accurate classification techniques that can work with such data of CPPS. However, NNGE algorithm tends to produce rules that test a large number of input features. This poses some problems for the large volume data and hinders the scalability of any detection system. In this paper, we introduce VHDRA, a Vertical and Horizontal Data Reduction Approach, to improve the classification accuracy and speed of the NNGE algorithm and reduce the computational resource consumption. VHDRA provides the following functionalities: (1) it vertically reduces the dataset features by selecting the most significant features and by reducing the NNGE's hyperrectangles. (2) It horizontally reduces the size of data while preserving original key events and patterns within the datasets using an approach called STEM, State Tracking and Extraction Method. The experiments show that the overall performance of VHDRA using both the vertical and the horizontal reduction reduces the NNGE hyperrectangles by 29.06%, 37.34%, and 26.76% and improves the accuracy of the NNGE by 8.57%, 4.19%, and 3.78% using the Multi-, Binary, and Triple class datasets, respectively.This work was made possible by NPRP Grant # NPRP9-005-1-002 from the Qatar National Research Fund (a member of Qatar Foundation).Scopu

Data-driven curation, learning and analysis for inferring evolving IoT botnets in the wild

The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructure realms. Several challenges impede addressing IoT security at large, including, the lack of IoT-centric data that can be collected, analyzed and correlated, due to the highly heterogeneous nature of such devices and their widespread deployments in Internet-wide environments. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. This not only aims at classifying and inferring Internet-scale compromised IoT devices by solely observing such one-way network traffic, but also endeavors to uncover, track and report on orchestrated "in the wild" IoT botnets. Initially, to prepare the effective utilization of such data, a novel probabilistic model is designed and developed to cleanse such traffic from noise samples (i.e., misconfiguration traffic). Subsequently, several shallow and deep learning models are evaluated to ultimately design and develop a multi-window convolution neural network trained on active and passive measurements to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is deployed by scrutinizing a set of innovative and efficient network feature sets. By analyzing 3.6 TB of recent darknet traffic, the proposed approach uncovers a momentous 440,000 compromised IoT devices and generates evidence-based artifacts related to 350 IoT botnets. While some of these detected botnets refer to previously documented campaigns such as the Hide and Seek, Hajime and Fbot, other events illustrate evolving threats such as those with cryptojacking capabilities and those that are targeting industrial control system communication and control services

Learning of chemistry of solution with help of computer simulation

Le présent article rend compte d'une expérimentation utilisant des simulations informatiques de titrages acide-base dans des situations didactiques d'apprentissage basées sur l'investigation et la participation de l'apprenant dans la construction de son savoir. Deux approches dans l'utilisation des simulations de titrages pH-métriques à l'aide du logiciel «SIMULTI2» sont mises en place et évaluées avec un groupe d'enseignants en formation continue et un groupe d'élèves-professeurs en formation initiale. On montre que les simulations informatiques créent un contexte pédagogique favorisant l'apprentissage par la découverte ou l'exploration basée sur les conflits cognitifs

Deep-Gap: A deep learning framework for forecasting crowdsourcing supply-demand gap based on imaging time series and residual learning

Mobile crowdsourcing has become easier thanks to the widespread of smartphones capable of seamlessly collecting and pushing the desired data to cloud services. However, the success of mobile crowdsourcing relies on balancing the supply and demand by first accurately forecasting spatially and temporally the supply-demand gap, and then providing efficient incentives to encourage participant movements to maintain the desired balance. In this paper, we propose Deep-Gap, a deep learning approach based on residual learning to predict the gap between mobile crowdsourced service supply and demand at a given time and space. The prediction can drive the incentive model to achieve a geographically balanced service coverage in order to avoid the case where some areas are over-supplied while other areas are under-supplied. This allows anticipating the supply-demand gap and redirecting crowdsourced service providers towards target areas. Deep-Gap relies on historical supply-demand time series data as well as available external data such as weather conditions and day type (e.g., weekday, weekend, holiday). First, we roll and encode the time series of supplydemand as images using the Gramian Angular Summation Field (GASF), Gramian Angular Difference Field (GADF) and the Recurrence Plot (REC). These images are then used to train deep Convolutional Neural Networks (CNN) to extract the low and high-level features and forecast the crowdsourced services gap. We conduct comprehensive comparative study by establishing two supply-demand gap forecasting scenarios: with and without external data. Compared to state-of-art approaches, Deep-Gap achieves the lowest forecasting errors in both scenarios. - 2019 IEEE.This publication was made possible by NPRP grant # NPRP9-224-1-049 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.Scopu

Cost Optimization Algorithms for Hot and Cool Tiers Cloud Storage Services

In this paper, we consider the data placement problem in the new generation tiered cloud storage services offering hot and cool tiers that are characterized by differentiated Quality of Service (i.e, access latency, availability and throughput) and the corresponding storage and access costs. Given a sequence of read and write requests for an object, we propose an optimal off-line dynamic programming based algorithm to determine the optimal placement of an object in the hot or cool tier and the potential transfer of the object between the tiers in order to minimize the monetary cost comprised of storage and access costs. Additionally, we propose two practical online object placement algorithms that assume no knowledge of future data access. The first online cost optimization algorithm uses no replication (NR) and initially places the object in the hot tier then based on read/write access pattern it may decide to move it to the cool tier to optimize the storage service cost. The second algorithm with replication (WR) initially places the object in the cool tier then it replicates it in the hot tier upon receiving read/write requests. Using a real Twitter workload and a 2-tier storage service pricing, the experimental evaluation shows that the proposed algorithms yield significant cost savings compared to storing data in the hot tier all the time.This work was made possible by NPRP grant # 7-481-1-088 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors

An efficient hybrid prediction approach for predicting cloud consumer resource needs

The prediction of cloud consumer resource needs is a vital step for several cloud deployment applications such as capacity planning, workload management, and dynamic allocation of cloud resources. In this paper, we develop a new prediction model for predicting cloud consumer resource needs. The new model uses a new hybrid prediction approach that combines the Multiple Support Vector Regression (MSVR) model and the Autoregressive Integrated Moving Average (ARIMA) model to predict with higher accuracy the resource needs of a cloud consumer in terms of CPU, memory, and disk storage utilization. The new model is also able to predict the response time and throughput which in turn enable the cloud consumers to make a better scaling decision. The new model elucidated a better prediction accuracy than the current prediction models. In terms of CPU utilization prediction, it outperforms the accuracy of the existing cloud consumer prediction models that uses Linear Regression, Neural Network, and Support Vector Machines approaches by 72.66%, 44.24%, and 56.78% respectively according to MAPE and 56.95%, 80.42%, and 63.86% according to RMSE. The analysis, architecture, and experiment results of the new model are discussed in details in this paper. 2016 IEEE.Scopu

A cost-aware model for risk mitigation in Cloud computing systems

Security is an important element in Cloud computing. Intruders may exploit clouds for their advantage. This paper presents a cost-aware model for risk mitigation in cloud computing systems. The proposed model is integrated with our Autonomous Cloud Intrusion detection Framework, ACIDF, which continuously monitors and analyzes system events and computes security and risk parameters to provide risk assessment capabilities with a scalable and elastic architecture. The proposed model helps ACIDF to select the appropriate response to mitigate the detected attacks by considering the costs of deploying a response and the costs of damage caused by a non-responded attack. The proposed model reduces the risk by 18.9%. This paper describes the proposed model functions and advantages. 2015 IEEE.Scopu

Unsupervised learning approach for web application auto-decomposition into microservices

Nowadays, large monolithic web applications are manually decomposed into microservices for many reasons including adopting a modern architecture to ease maintenance and increase reusability. However, the existing approaches to refactor a monolithic application do not inherently consider the application scalability and performance. We devise a novel method to automatically decompose a monolithic application into microservices to improve the application scalability and performance. Our proposed decomposition method is based on a black-box approach that uses the application access logs and an unsupervised machine-learning method to auto-decompose the application into microservices mapped to URL partitions having similar performance and resource requirements. In particular, we propose a complete automated system to decompose an application into microservices, deploy the microservices using appropriate resources, and auto-scale the microservices to maintain the desired response time. We evaluate the proposed system using real web applications on a public cloud infrastructure. The experimental evaluation shows an improved performance of the auto-created microservices compared with the monolithic version of the application and the manually created microservices.This work was made possible by NPRP grant # 7-481-1-088 from the [Qatar National Research Fund] a member of Qatar Foundation).Scopu

Dynamic workload patterns prediction for proactive auto-scaling of web applications

Proactive auto-scaling methods dynamically manage the resources for an application according to the current and future load predictions to preserve the desired performance at a reduced cost. However, auto-scaling web applications remain challenging mainly due to dynamic workload intensity and characteristics which are difficult to predict. Most existing methods mainly predict the request arrival rate which only partially captures the workload characteristics and the changing system dynamics that influence the resource needs. This may lead to inappropriate resource provisioning decisions. In this paper, we address these challenges by proposing a framework for prediction of dynamic workload patterns as follows. First, we use an unsupervised learning method to analyze the web application access logs to discover URI (Uniform Resource Identifier) space partitions based on the response time and the document size features. Then for each application URI, we compute its distribution across these partitions based on historical access logs to accurately capture the workload characteristics compared to just representing the workload using the request arrival rate. These URI distributions are then used to compute the Probabilistic Workload Pattern (PWP), which is a probability vector describing the overall distribution of incoming requests across URI partitions. Finally, the identified workload patterns for a specific number of last time intervals are used to predict the workload pattern of the next interval. The latter is used for future resource demand prediction and proactive auto-scaling to dynamically control the provisioning of resources. The framework is implemented and experimentally evaluated using historical access logs of three real web applications, each with increasing, decreasing, periodic, and randomly varying arrival rate behaviors. Results show that the proposed solution yields significantly more accurate predictions of workload patterns and resource demands of web applications compared to existing approaches. ? 2018 Elsevier LtdThis work was made possible by NPRP grant # 7-481-1-088 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors. Waheed Iqbal is a Postdoc researcher with the Department of Computer Science and Engineering, Qatar University. He also holds a position of Assistant Professor at Punjab University College of Information Technology, University of the Punjab, Lahore, Pakistan. His research interests lie in cloud computing, distribute systems, machine learning, and large scale system performance evaluation. Waheed received his Ph.D. degree from the Asian Institute of Technology, Thailand. He received dual Masters degrees in Computer Science and Information Technology from the Asian Institute of Technology and the Technical University of Catalonia (UPC), Barcelona, Spain, respectively. Abdelkarim Erradi is an Assistant Professor in the Computer Science and Engineering Department at Qatar University. His research and development activities and interests focus on autonomic computing, self-managing systems and cybersecurity. He leads several funded research projects in these areas. He has authored several scientific papers in international conferences and journals. He received his Ph.D. in computer science from the University of New South Wales, Sydney, Australia. Besides his academic experience, he possesses 12 years professional experience as a Designer and a Developer of large scale enterprise applications. Arif Mahmood is an Associate Professor in the Department of Computer Science, Information Technology University (ITU). He received his Masters and the PhD degrees in Computer Science from the Lahore University of Management Sciences in 2003 and 2011 respectively with Gold Medal and academic distinction. He also worked as Postdoc researcher with Qatar University and as Research Assistant Professor with the School of Mathematics and Statistics, and with the College of Computer Science and Software Engineering, the University of the Western Australia (UWA). His major research interests are in Computer Vision and Pattern Recognition. More specifically he has performed research in data clustering, classification, action and object recognition using image sets, scene background modeling, and person segmentation and action recognition in crowds.Scopu

Detecting False Data Injection Attacks in Linear Parameter Varying Cyber-Physical Systems

In this paper, we investigate the process of detection of False Data Injection (FDI) in a Linear Parameter Varying (LPV) cyber-physical system (CPS). We design a model based FDI detector capable of detecting false data injections on output measurements and scheduling variables. To improve the detection accuracy of FDI attacks, the attack detector design uses the performance metric H- to maximize the detection capability of the detector module to effectively detect FDI attacks. On the other hand, it uses the H? metric to minimize the effect of disturbance on the detector module given an unreliable network. We assume that the network unreliability comes from packet dropout that we modeled as Bernoulli process. The FDI attack detector is designed such that H- and H? performance metrics are maintained despite packet dropout. Based on stochastic stability, we define a set of sufficient Linear Matrix Inequalities (LMI) that we solve as a multi-objective optimization problem to obtain the detector gain. The obtained detector gain is used for estimating the current system state and current output measurement using the system input, manipulated measurements and manipulated scheduling variables. Then, the output of the detector is compared with the actual sensor measurement. The resulting residual signal carries the information about the FDI attack. The proposed approach is tested and validated on a two-tank system. The evaluation results demonstrate that the proposed detector is able to detect FDI attacks. - 2019 IEEE.This work was made possible by NPRP grant # NPRP9-005-1-002 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.Scopu