Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems'

INTRODUCTION In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, antivirus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides an example of a robust, distributed system that provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological paradigm, Danger Theory, and how this concept is inspiring artificial immune systems (AIS). Applications within the context of computer security are outlined drawing direct reference to the underlying principles of Danger Theory and finally, the current state of intrusion detection systems is discussed and improvements suggested.

Goal detection using laser range finder for goalkeeper and striker from CAMBADA team

For a robot be autonomous and mobile, it requires being attached with a set of sensors that helps it to have a better perception of the surrounding world, to manage to localize itself and the surrounding objects. CAMBADA is the robotic soccer team of the IRIS research group, from IEETA, University of Aveiro, that competes in the Middle-Size League of RoboCup. In competition, in order to win, the main objective of the game it's to score more goals than the conceded, so not conceding goals, and score as much as possible it's desirable, thus, this thesis focus on adapt an agent with a better localization capacity in defensive and offensive moments. It was introduced a laser range finder to the CAMBADA robots, making them capable of detecting their own and the opponent goal, and to detect the opponents in specific game situations. With the new information and adapting the Goalie and Penalty behaviors, the CAMBADA goalkeeper is now able to detect and track its own goal and the CAMBADA striker has a better performance in a penalty situation. The developed work was incorporated within the competition software of the robots, which allows the presentation, in this thesis, of the experimental results obtained with physical robots on the laboratory field.

Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems'

INTRODUCTION In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, antivirus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides an example of a robust, distributed system that provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological paradigm, Danger Theory, and how this concept is inspiring artificial immune systems (AIS). Applications within the context of computer security are outlined drawing direct reference to the underlying principles of Danger Theory and finally, the current state of intrusion detection systems is discussed and improvements suggested.

DCA for bot detection

Ensuring the security of computers is a non-trivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a dasiahotpsila - a malicious piece of software which is installed on a host machine and is controlled by a remote attacker, termed the dasiabotmaster of a botnetpsila. In this work, we use the biologically inspired dendritic cell algorithm (DCA) to detect the existence of a single hot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single hot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.

Performance evaluation of DCA and SRC on a single bot detection

Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a “bot”. In this paper, we investigate the correlation of behavioural attributes such as keylogging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying (1) Spearman’s rank correlation (SRC) algorithm and (2) the Dendritic Cell Algorithm (DCA). We also compare the output results generated from these two methods to the detection of a single bot. The results show that the DCA has a better performance in detecting malicious activities.

Intrusion Detection Systems in SDN-based Self-Healing PMU Networks

Nowadays, Power grids are critical infrastructures on which everything else relies, and their correct behavior is of the highest priority. New smart devices are being deployed to be able to manage and control power grids more efficiently and avoid instability. However, the deployment of such smart devices like Phasor Measurement Units (PMU) and Phasor Data Concentrators (PDC), open new opportunities for cyber attackers to exploit network vulnerabilities. If a PDC is compromised, all data coming from PMUs to that PDC is lost, reducing network observability. Our approach to solve this problem is to develop an Intrusion detection System (IDS) in a Software-defined network (SDN). allowing the IDS system to detect compromised devices and use that information as an input for a self-healing SDN controller, which redirects the data of the PMUs to a new, uncompromised PDC, maintaining the maximum possible network observability at every moment. During this research, we have successfully implemented Self-healing in an example network with an SDN controller based on Ryu controller. We have also assessed intrinsic vulnerabilities of Wide Area Management Systems (WAMS) and SCADA networks, and developed some rules for the Intrusion Detection system which specifically protect vulnerabilities of these networks. The integration of the IDS and the SDN controller was also successful. \\To achieve this goal, the first steps will be to implement an existing Self-healing SDN controller and assess intrinsic vulnerabilities of Wide Area Measurement Systems (WAMS) and SCADA networks. After that, we will integrate the Ryu controller with Snort, and create the Snort rules that are specific for SCADA or WAMS systems and protocols.

Juvenile-mature genetic correlations in Pinus taeda clones propagated via somatic embryogenesis.

Objetivou-se com o presente trabalho, estimar a correlação genética entre idades de seleção (juvenil-adulta) e eficiência da seleção precoce para as características altura, diâmetro e volume de indivíduos de famílias de Pinus taeda propagados via embriogênese somática. O estudo foi realizado por meio de análise genético-estatística pelo procedimento de estimação de componentes de variância (Reml) e de predição de valores genéticos (Blup), usando-se o software Selegen-Reml/Blup. As correlações genéticas entre idades juvenis e idade de rotação foram realizadas aplicando o modelo linear desenvolvido por Lambeth (1980). Segundo os resultados do modelo estabelecido, a seleção precoce pode ser realizada em clones de Pinus taeda com alta eficiência de seleção. As idades de 4 a 6 anos são suficientes para selecionar clones de Pinus taeda propagados via embriogênese somática para colheita aos 8 e 12 anos e, as idades de 6 a 10 anos são suficientes para selecionar para colheita aos 20 anos. De acordo com as estimativas de correlação genotípicaa partir dos ambientes, a seleção de clones de Pinus taeda propagados via embriogênese somática deve ser praticada de forma específica para cada ambiente. Pode-se realizar a seleção de clones considerando o diâmetro, visto a alta correlação observada entre volume e diâmetro.

Sviluppo di un algoritmo di Object Detection per la privacy in ambito industriale

In questa tesi è descritto il lavoro svolto presso un'azienda informatica locale, allo scopo di ricerca ed implementazione di un algoritmo per individuare ed offuscare i volti presenti all'interno di video di e-learning in ambito industriale, al fine di garantire la privacy degli operai presenti. Tale algoritmo sarebbe stato poi da includere in un modulo software da inserire all'interno di un applicazione web già esistente per la gestione di questi video. Si è ricercata una soluzione ad hoc considerando le caratteristiche particolare del problema in questione, studiando le principali tecniche della Computer Vision per comprendere meglio quale strada percorrere. Si è deciso quindi di implementare un algoritmo di Blob Tracking basato sul colore.

Ecografia con mezzo di contrasto dalla ricerca alla pratica clinica: diagnosi di carcinoma epatocellulare con sistema CEUS LI-RADS e con software di quantificazione della perfusione tissutale

Il carcinoma epatocellulare (HCC) rappresenta il tumore epatico primitivo più comune con una incidenza fino all’85%. È uno dei tumori più frequenti al mondo ed è noto per l’elevata letalità soprattutto in stadio avanzato. La diagnosi precoce attraverso la sorveglianza ecografica è necessaria per migliorare la sopravvivenza dei pazienti a rischio. Il mezzo di contrasto ecografico migliora la sensibilità e la specificità diagnostica dell’ecografia convenzionale. L’ecografia con mezzo di contrasto (contrast-enhanced ultrasound, CEUS) è pertanto considerata una metodica valida per la diagnosi di HCC a livello globale per la sua ottima specificità anche a fronte di una sensibilità subottimale. L’aspetto contrastografico delle lesioni focali epatiche ha portato un team di esperti allo sviluppo del sistema Liver Imaging Reporting and Data System (LI-RADS) con l’obiettivo di standardizzare la raccolta dati e la refertazione delle metodiche di imaging per la diagnosi di HCC. La CEUS è una metodica operatore-dipendente e le discordanze diagnostiche con gli imaging panoramici lasciano spazio a nuove tecniche (Dynamic Contrast Enhanced UltraSound, DCE-US) volte a migliorare l’accuratezza diagnostica della metodica e in particolare la sensibilità. Un software di quantificazione della perfusione tissutale potrebbe essere di aiuto nella pratica clinica per individuare il wash-out non visibile anche all’occhio dell’operatore più esperto. Il nostro studio ha due obiettivi: 1) validare il sistema CEUS LI-RADS nella diagnosi di carcinoma epatocellulare in pazienti ad alto rischio di HCC usando come gold-standard l’istologia quando disponibile oppure metodiche di imaging radiologico accettate da tutte le linee guida (tomografia computerizzata o risonanza magnetica con aspetto tipico) eseguite entro quattro settimane dalla CEUS; 2) valutare l’efficacia di un software di quantificazione della perfusione tissutale nel riscontro di wash-out per la diagnosi di HCC in CEUS.

Sensor networks optimization and software development for Structural Health Monitoring based on ultrasonic guided waves

The Structural Health Monitoring (SHM) research area is increasingly investigated due to its high potential in reducing the maintenance costs and in ensuring the systems safety in several industrial application fields. A growing demand of new SHM systems, permanently embedded into the structures, for savings in weight and cabling, comes from the aeronautical and aerospace application fields. As consequence, the embedded electronic devices are to be wirelessly connected and battery powered. As result, a low power consumption is requested. At the same time, high performance in defects or impacts detection and localization are to be ensured to assess the structural integrity. To achieve these goals, the design paradigms can be changed together with the associate signal processing. The present thesis proposes design strategies and unconventional solutions, suitable both for real-time monitoring and periodic inspections, relying on piezo-transducers and Ultrasonic Guided Waves. In the first context, arrays of closely located sensors were designed, according to appropriate optimality criteria, by exploiting sensors re-shaping and optimal positioning, to achieve improved damages/impacts localisation performance in noisy environments. An additional sensor re-shaping procedure was developed to tackle another well-known issue which arises in realistic scenario, namely the reverberation. A novel sensor, able to filter undesired mechanical boundaries reflections, was validated via simulations based on the Green's functions formalism and FEM. In the active SHM context, a novel design methodology was used to develop a single transducer, called Spectrum-Scanning Acoustic Transducer, to actively inspect a structure. It can estimate the number of defects and their distances with an accuracy of 2[cm]. It can also estimate the damage angular coordinate with an equivalent mainlobe aperture of 8[deg], when a 24[cm] radial gap between two defects is ensured. A suitable signal processing was developed in order to limit the computational cost, allowing its use with embedded electronic devices.

Real-time anomaly detection of gamma-ray bursts for the Cherenkov Telescope Array using deep learning

The Cherenkov Telescope Array (CTA) will be the next-generation ground-based observatory to study the universe in the very-high-energy domain. The observatory will rely on a Science Alert Generation (SAG) system to analyze the real-time data from the telescopes and generate science alerts. The SAG system will play a crucial role in the search and follow-up of transients from external alerts, enabling multi-wavelength and multi-messenger collaborations. It will maximize the potential for the detection of the rarest phenomena, such as gamma-ray bursts (GRBs), which are the science case for this study. This study presents an anomaly detection method based on deep learning for detecting gamma-ray burst events in real-time. The performance of the proposed method is evaluated and compared against the Li&Ma standard technique in two use cases of serendipitous discoveries and follow-up observations, using short exposure times. The method shows promising results in detecting GRBs and is flexible enough to allow real-time search for transient events on multiple time scales. The method does not assume background nor source models and doe not require a minimum number of photon counts to perform analysis, making it well-suited for real-time analysis. Future improvements involve further tests, relaxing some of the assumptions made in this study as well as post-trials correction of the detection significance. Moreover, the ability to detect other transient classes in different scenarios must be investigated for completeness. The system can be integrated within the SAG system of CTA and deployed on the onsite computing clusters. This would provide valuable insights into the method's performance in a real-world setting and be another valuable tool for discovering new transient events in real-time. Overall, this study makes a significant contribution to the field of astrophysics by demonstrating the effectiveness of deep learning-based anomaly detection techniques for real-time source detection in gamma-ray astronomy.

An Image Recognition Software for Identification of Vehicle Homologation Tags

In recent years, we have witnessed great changes in the industrial environment as a result of the innovations introduced by Industry 4.0, especially in the integration of Internet of Things, Automation and Robotics in the manufacturing field. The project presented in this thesis lies within this innovation context and describes the implementation of an Image Recognition application focused on the automotive field. The project aims at helping the supply chain operator to perform an effective and efficient check of the homologation tags present on vehicles. The user contribution consists in taking a picture of the tag and the application will automatically, exploiting Amazon Web Services, return the result of the control about the correctness of the tag, the correct positioning within the vehicle and the presence of faults or defects on the tag. To implement this application we ombined two IoT platforms widely used in industrial field: Amazon Web Services(AWS) and ThingWorx. AWS exploits Convolutional Neural Networks to perform Text Detection and Image Recognition, while PTC ThingWorx manages the user interface and the data manipulation.

AGV Safety Areas Obstacle Detection and Interaction with Point Cloud Derived Map

This thesis project aims to the development of an algorithm for the obstacle detection and the interaction between the safety areas of an Automated Guided Vehicles (AGV) and a Point Cloud derived map inside the context of a CAD software. The first part of the project focuses on the implementation of an algorithm for the clipping of general polygons, with which has been possible to: construct the safety areas polygon, derive the sweep of this areas along the navigation path performing a union and detect the intersections with line or polygon representing the obstacles. The second part is about the construction of a map in terms of geometric entities (lines and polygons) starting from a point cloud given by the 3D scan of the environment. The point cloud is processed using: filters, clustering algorithms and concave/convex hull derived algorithms in order to extract line and polygon entities representing obstacles. Finally, the last part aims to use the a priori knowledge of possible obstacle detections on a given segment, to predict the behavior of the AGV and use this prediction to optimize the choice of the vehicle's assigned velocity in that segment, minimizing the travel time.

Progettazione di un sistema per la configurazione centralizzata di intrusion detection system

Il rilevamento di intrusioni nel contesto delle pratiche di Network Security Monitoring è il processo attraverso cui, passando per la raccolta e l'analisi di dati prodotti da una o più fonti di varia natura, (p.e. copie del traffico di rete, copie dei log degli applicativi/servizi, etc..) vengono identificati, correlati e analizzati eventi di sicurezza con l'obiettivo di rilevare potenziali tenativi di compromissione al fine di proteggere l'asset tecnologico all'interno di una data infrastruttura di rete. Questo processo è il prodotto di una combinazione di hardware, software e fattore umano. Spetta a quest'ultimo nello specifico il compito più arduo, ovvero quello di restare al passo con una realtà in continua crescita ed estremamente dinamica: il crimine informatico. Spetta all'analista filtrare e analizzare le informazioni raccolte in merito per contestualizzarle successivamente all'interno della realta che intende proteggere, con il fine ultimo di arricchire e perfezionare le logiche di rilevamento implementate sui sistemi utilizzati. È necessario comprendere come il mantenimento e l'aggiornamento di questi sistemi sia un'attività che segue l'evolversi delle tecnologie e delle strategie di attacco. Un suo svolgimento efficacie ed efficiente risulta di primaria importanza per consentire agli analisti di focalizzare le proprie risorse sulle attività di investigazione di eventi di sicurezza, ricerca e aggiornamento delle logiche di rilevamento, minimizzando quelle ripetitive, "time consuming", e potenzialmente automatizzabili. Questa tesi ha come obiettivo quello di presentare un possibile approccio ad una gestione automatizzata e centralizzata di sistemi per il rilevamento delle intrusioni, ponendo particolare attenzione alle tecnologie IDS presenti sul panorama open source oltre a rapportare tra loro gli aspetti di scalabilità e personalizzazione che ci si trova ad affrontare quando la gestione viene estesa ad infrastrutture di rete eterogenee e distribuite.