Wyniki wyszukiwania - Biblioteka Nauki

1

Improved detection of chemical threats by sensor data fusion

100%

Kopp N. L. , Koch-Eschweiler H.

Security and Defence Quarterly

|

2022

|

tom Vol. 37, No. 1

70--93

EN

This paper presents some aspects of sensor data fusion that were derived from the EU-SENSE project of the European Commission (Horizon 2020, Grant Agreement No 787031). The aim of EU-SENSE was to develop a novel network of sensors for CBRNe applications through the exploitation of chemical detector technologies, advanced machine-learning and modelling algorithms. The high-level objectives of the project include improving the detection capabilities of the novel network of chemical sensors through the use of machine learning algorithms and reducing the impact of environmental noise. The focus in this paper is on the detection and data fusion aspects as well as the machine learning approaches that were used as part of the project. Detection (in the sense of detectto-warn) is a classification task and improvement of detection requires enhancing the discriminatory power of the classifier, that is reducing false alarms, false positives, and false negatives. This was achieved by a two-step procedure, that is a sensitive distance-based anomaly/change detection followed by downstream classification, identification and concentration estimation. Bayesian networks proved to be useful when fusing information from multiple sensors. For validation purposes, experimental data was gathered during the project and the developed approaches were applied successfully. Despite the development of several new, helpful tools within the project, the domain of chemical detection remains challenging, particularly regarding provisioning of the necessary prior-knowledge. It might make sense from a coverage point of view to look into integration of stand-off detection techniques into a sensor network, including data fusion too.

2

Anomaly detection system based on sparse signal representation

100%

Andrysiak T. , Saganowski Ł.

Image Processing & Communications

|

2011

|

tom Vol. 16, no 3-4

37-44

EN

In this paper we present further expansion of our matching pursuit methodology for anomaly detection in computer networks. In our previous work we proposed new signal based algorithm for intrusion detection systems based on anomaly detection approach on the basis of the Matching Pursuit algorithm. This time we present completely different approach to generating base functions (atoms) dictionary. We propose modification of K-SVD [1] algorithm in order to select atoms from real 1-D signal which represents network traffic features. Dictionary atoms selected in this way have the ability to approximate different 1-D signals representing network traffic features. Achieved dictionary was used to detect network anomalies on benchmark data sets. Results were compared to the dictionary based on analytical 1-D Gabor atoms.

3

VoIP Anomaly Detection - selected methods of statistical analysis

100%

Dymora P. , Mazurek M. , Jaskółka S.

Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica

|

2016

|

tom Vol. 16, no. 2

14--19

EN

Self-similarity analysis and anomaly detection in networks are interesting fields of research and scientific work of scientists around the world. Simulation studies have demonstrated that the Hurst parameter estimation can be used to detect traffic anomaly. The actual network traffic is self-similar or long-range dependent. The dramatic expansion of applications on modern networks gives rise to a fundamental challenge to network security. The Hurst values are compared with confidence intervals of normal values to detect anomaly in VoIP.

4

Incoherent Dictionary Learning for Sparse Representation in Network Anomaly Detection

100%

Andrysiak T. , Saganowski Ł.

Schedae Informaticae

|

2015

|

tom Vol. 24

63--71

EN

In this article we present the use of sparse representation of a signal and incoherent dictionary learning method for the purpose of network traffic analysis. In learning process we use 1D INK-SVD algorithm to detect proper dictionary structure. Anomaly detection is realized by parameter estimation of the analyzed signal and its comparative analysis to network traffic profiles. Efficiency of our method is examined with the use of extended set of test traces from real network traffic. Received experimental results confirm effectiveness of the presented method.

5

Anomaly detection in server metrics with use of one-sided median algorithm

100%

Zacher S. , Ryba P.

Journal of Applied Computer Science Methods

|

2017

|

tom Vol. 9 No. 1

5--22

EN

In this paper we consider the problem of anomaly detection over time series metrics data took from one of corporate grade mail service cluster. We propose the algorithm based on one-sided median concept and present some results of experiments showing impact of parameters settings on algorithm performance. In addition we present short description of classes of anomalies discovered in monitored system. Proposed one-sided median based algorithm shows great robustness and good detection rate and can be considered as possible simple production ready solution.

6

Anomalies detection in computer networks with the use of SDN

100%

Bolanowski M. , Twaróg B. , Mlicki R.

Measurement Automation Monitoring

|

2015

|

tom Vol. 61, No. 9

443--445

EN

: In the paper, the authors present a method of anomalies detection and identification in network traffic using statistical signatures. There is also shown a new system architecture based on the Software-Defined Networking (SDN) which allows for application of statistical anomaly detection in computer networks. With the proposed hardware-software model, it becomes possible to implement custom algorithms for the threats detection with the use of recognized and secure communications standards. The proposed architecture has been built based on an open-source solutions and can be used directly in production environments.

7

Detecting anomalies in advertising web traffic with the use of the variational autoencoder

100%

Gabryel M. , Lada D. , Filutowicz Z. , Patora-Wysocka Z. , Kisiel-Dorohinicki M. , Chen G. Y.

Journal of Artificial Intelligence and Soft Computing Research

|

2022

|

tom Vol. 12, No. 4

255--266

EN

This paper presents a neural network model for identifying non-human traffic to a website, which is significantly different from visits made by regular users. Such visits are undesirable from the point of view of the website owner as they are not human activity, and therefore do not bring any value, and, what is more, most often involve costs incurred in connection with the handling of advertising. They are made most often by dishonest publishers using special software (bots) to generate profits. Bots are also used in scraping, which is automatic scanning and downloading of website content, which actually is not in the interest of website authors. The model proposed in this work is learnt by data extracted directly from the web browser during website visits. This data is acquired by using a specially prepared JavaScript that monitors the behavior of the user or bot. The appearance of a bot on a website generates parameter values that are significantly different from those collected during typical visits made by human website users. It is not possible to learn more about the software controlling the bots and to know all the data generated by them. Therefore, this paper proposes a variational autoencoder (VAE) neural network model with modifications to detect the occurrence of abnormal parameter values that deviate from data obtained from human users’ Internet traffic. The algorithm works on the basis of a popular autoencoder method for detecting anomalies, however, a number of original improvements have been implemented. In the study we used authentic data extracted from several large online stores.

8

Database security : combining neural networks and classification approach

100%

Skaruz J.

Studia Informatica : systems and information technology

|

2019

|

tom Vol. 1-2(23)

95--115

EN

In the paper we present a new approach based on application of neural networks to detect SQL attacks. SQL attacks are those attacks that take the advantage of using SQL statements to be performed. The problem of detection of this class of attacks is transformed to time series prediction problem. SQL queries are used as a source of events in a protected environment. To differentiate between normal SQL queries and those sent by an attacker, we divide SQL statements into tokens and pass them to our detection system, which predicts the next token, taking into account previously seen tokens. In the learning phase tokens are passed to a recurrent neural network (RNN) trained by backpropagation through time (BPTT) algorithm. Then, two coefficients of the rule are evaluated. The rule is used to interpret RNN output. In the testing phase RNN with the rule is examined against attacks and legal data to find out how evaluated rule affects efficiency of detecting attacks. All experiments were conducted on Jordan network. Experimental results show the relationship between the rule and a length of SQL queries.

9

Application of the Complex Event Processing system for anomaly detection and network monitoring

100%

Frankowski G. , Jerzak M. , Miłostan M. , Nowak T. , Pawłowski M.

Computer Science

|

2015

|

tom Vol. 16 (4)

351--371

EN

Protection of infrastructures for e-science, including grid environments and NREN facilities, requires the use of novel techniques for anomaly detection and network monitoring. The aim is to raise situational awareness and provide early warning capabilities. The main operational problem that most network operators face is integrating and processing data from multiple sensors and systems placed at critical points of the infrastructure. From a scientific point of view, there is a need for the efficient analysis of large data volumes and automatic reasoning while minimizing detection errors. In this article, we describe two approaches to Complex Event Processing used for network monitoring and anomaly detection and introduce the ongoing SECOR project (Sensor Data Correlation Engine for Attack Detection and Support of Decision Process), supported by examples and test results. The aim is to develop methodology that allows for the construction of next-generation IDS systems with artificial intelligence, capable of performing signature-less intrusion detection.

10

Method for detecting software anomalies based on recurrence plot analysis

100%

Mosdorf M.

Journal of Theoretical and Applied Computer Science

|

2012

|

tom Vol. 6, nr 1

3-12

EN

Presented paper evaluates method for detecting software anomalies based on recurrence plot analysis of trace log generated by software execution. Described method for detecting software anomalies is based on windowed recurrence quantification analysis for selected measures (e.g. Recurrence rate - RR or Determinism - DET). Initial results show that proposed method is useful in detecting silent software anomalies that do not result in typical crashes (e.g. exceptions).

11

Double Layered Priority based Gray Wolf Algorithm (PrGWO-SK) for safety management in IoT network through anomaly detection

100%

Agrawal A. P. , Singh N.

Eksploatacja i Niezawodność

|

2022

|

tom Vol. 24, no. 4

641--654

EN

For mitigating and managing risk failures due to Internet of Things (IoT) attacks, many Machine Learning (ML) and Deep Learning (DL) solutions have been used to detect attacks but mostly suffer from the problem of high dimensionality. The problem is even more acute for resource starved IoT nodes to work with high dimension data. Motivated by this problem, in the present work a priority based Gray Wolf Optimizer is proposed for effectively reducing the input feature vector of the dataset. At each iteration all the wolves leverage the relative importance of their leader wolves’ position vector for updating their own positions. Also, a new inclusive fitness function is hereby proposed which incorporates all the important quality metrics along with the accuracy measure. In a first, SVM is used to initialize the proposed PrGWO population and kNN is used as the fitness wrapper technique. The proposed approach is tested on NSL-KDD, DS2OS and BoTIoT datasets and the best accuracies are found to be 99.60%, 99.71% and 99.97% with number of features as 12,6 and 9 respectively which are better than most of the existing algorithms.

12

Network anomaly detection based on signal processing techniques

100%

Andrysiak T. , Saganowski Ł. , Maszewski M.

Image Processing & Communications

|

2013

|

tom Vol. 18, no. 1

15--21

EN

The article depicts possibility of using Matching Pursuit decomposition in order to recognize unspecified hazards in network traffic. Furthermore, the work aims to present feasible enhancements to the anomaly detection method, as well as their efficiency on the basis of a wide collection of pattern test traces.

13

A Big Data processing strategy for hybrid interpretation of flood embankment multisensor data

88%

Chuchro M. , Franczyk A. , Dwornik M. , Leśniak A.

Geology, Geophysics and Environment

|

2016

|

tom Vol. 42, no. 3

269--277

EN

The assessment of flood embankments is a key component of a country’s comprehensive flood protection. Proper and early information on the possible instability of a flood embankment can make it possible to take preventative action. The assessment method proposed by the ISMOP project is based on a strategy of processing huge data sets (Big Data). The detection of flood embankment anomalies can take two analysis paths. The first involves the computation of numerical models and comparing them with real data measured on a flood embankment. This is the path of model-driven analysis. The second solution is data-driven, meaning time series are analysed in order to detect deviations from average values. Flood embankments are assessed based on the results of model-driven and data-driven analyses and information from preprocessing. An alarm is triggered if a critical value is exceeded in one or both paths of analysis. Tests on synthetic data demonstrate the high efficiency of the chosen methods for assessing the state of flood embankments.

14

Detecting Insider Malicious Activities in Cloud Collaboration Systems

88%

Smrithy G. S. , Cuzzocrea A. , Balakrishnan R.

Fundamenta Informaticae

|

2018

|

tom Vol. 161, nr 3

299--316

EN

Cloud Collaboration Systems (CCS) offer efficient coordination among users to work on shared tasks in diverse distributed environments such as social networking, healthcare, wikis, and intelligent systems. Many cloud collaboration systems services are basically loosely coupled in nature. The flexibility of such CCS lead to various vulnerabilities in the system since the users are given broad access privileges. This may result in catastrophic activities from malicious insiders which in turn result in major misuse and abuse of information. While many sophisticated security mechanisms have been established to detect outsider threats in various systems, a very few works have been reported so far to detect anomalous insider activities in complex CCS. In this paper, we propose a Sliding Window based Anomaly Detection using Maximum Mean Discrepancy or SWAD-MMD model to detect anomalous insider activities via access network of users and objects. The main scope of this paper is to exploit information theoretic and statistical techniques to address the above security issues in order to provide information theoretically provable security (i.e., anomaly detection with vanishing probability of error) based on graph based Maximum Mean Discrepancy (MMD) that measures the distance between mean embedding of distributions into a Reproducing Kernel Hilbert Space (RKHS). The theoretical aspects show that the proposed approach is suitable for detecting anomalous insider activities in dynamic cloud collaborative systems. Finally we validate the proposed model using two publicly available datasets from Wikipedia and present a performance evaluation in terms of accuracy of the proposed model.

15

On tuning redundant dictionary parameters in signal-based anomaly detection system

88%

Saganowski Ł. , Choraś M. , Renk R. , Hołubowicz W.

Image Processing & Communications

|

2009

|

tom Vol. 14, no 4

29-34

EN

In our previous work innovative recognition algorithm applied to Anomaly Detection System has been presented. We proposed to use Matching Pursuit Mean Projection (MP-MP) of the reconstructed network signal to recognize anomalies in network traffic. In this paper we focus on evaluation of parameters of the redundant dictionary used in our methodology. In the experimental section we present the results of tuning the parameters of the redundant dictionary used in our system.

16

Offline-online pattern recognition for enabling time series anomaly detection on older NC machine tools

88%

Netzer M. , Palenga Y. , Goennheimer P. , Fleischer J.

Journal of Machine Engineering

|

2021

|

tom Vol. 21, No. 1

98--108

EN

Intelligent IoT functions for increased availability, productivity and component quality offer significant added value to the industry. Unfortunately, many old machines and systems are characterized by insufficient, inconsistent IoT connectivity and heterogeneous parameter naming. Furthermore, the data is only available in unstructured form. In the following, a new approach for standardizing information models from existing plants with machine learning methods is described and an offline-online pattern recognition system for enabling anomaly detection under varying machine conditions is introduced. The system can enable the local calculation of signal thresholds that allow more granular anomaly detection than using only single indexing and aims to improve the detection of anomalous machine behaviour especially in finish machining.

17

Transfer Learning Methods as a New Approach in Computer Vision Tasks with Small Datasets

88%

Brodzicki A. , Piekarski M. , Kucharski D. , Jaworek-Korjakowska J. , Gorgon M.

Foundations of Computing and Decision Sciences

|

2020

|

tom Vol. 45, No. 3

179--193

EN

Deep learning methods, used in machine vision challenges, often face the problem of the amount and quality of data. To address this issue, we investigate the transfer learning method. In this study, we briefly describe the idea and introduce two main strategies of transfer learning. We also present the widely-used neural network models, that in recent years performed best in ImageNet classification challenges. Furthermore, we shortly describe three different experiments from computer vision field, that confirm the developed algorithms ability to classify images with overall accuracy 87.2-95%. Achieved numbers are state-of-the-art results in melanoma thick- ness prediction, anomaly detection and Clostridium difficile cytotoxicity classification problems

18

Anomaly Detection Framework Based on Matching Pursuit for Network Security Enhancement

88%

Renk R. , Hołubowicz W.

Journal of Telecommunications and Information Technology

|

2011

|

tom nr 1

32-36

EN

In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0-day attacks and reduce false positives. Moreover, we propose to combine statistical and signal-based features. The major contribution of this paper are: novel framework for network security based on the correlation approach as well as new signal based algorithm for intrusion detection using matching pursuit.

19

Negative feature selection algorithm for anomaly detection in real time

88%

Hryniów K. , Dzieliński A.

Studia Informatica : systems and information technology

|

2011

|

tom Vol. 1-2(15)

15--23

EN

Anomaly detection methods are of common use in many fields, including databases and large computer systems. This article presents new algorithm based on negative feature selection, which can be used to find anomalies in real time. Proposed algorithm, called Negative Feature Selection algorithm (NegFS) can be also used as first step for preprocessing data analyzed by neural networks, rule-based systems or other anomaly detection tools, to speed up the process for large and very large datasets of different types.

20

Crowdsourced Driving Comfort Monitoring

88%

Badurowicz M. , Montusiewicz J. , Przyłucki S.

Advances in Science and Technology. Research Journal

|

2021

|

tom Vol. 15, no 3

309--317

EN

In this paper, the authors are showing a calculation of the road quality index called Simple Road Quality Index (SRQI) using the weight provided by the amateur drivers to best possibly rate their comfort on driving on that road. The index is calculated from acceleration data acquired by the smartphone application and is aggregated in a crowdsourcing system for the classification of road quality using the fuzzy membership function. The paper shows that the proposed index correctly shows road quality changes over time and may be used as a way to mark roads to be avoided or needs to be repaired. The numerical experiment was based on the same street in Lublin, Poland, in 2015-2021 and is correctly showing that the quality of analyzed roads deteriorated over time, especially in the winter season.