ABSTRACT
Cybersecurity has become a central concern in the contemporary digital era due to the exponential increase in cyber threats. These threats, ranging from simple malware to advanced persistent attacks, put individuals and organizations at risk. This study explores the potential of artificial intelligence to detect anomalies in network traffic in a university environment. The effectiveness of automatic detection of unconventional activities was evaluated through extensive simulations and advanced artificial intelligence models. In addition, the importance of cybersecurity awareness and education is highlighted, introducing CyberEduPlatform, a tool designed to improve users' cyber awareness. The results indicate that, while AI models show high precision in detecting anomalies, complementary education and awareness play a crucial role in fortifying the first lines of defense against cyber threats. This research highlights the need for an integrated approach to cybersecurity, combining advanced technological solutions with robust educational strategies.
ABSTRACT
The Industrial Revolution 4.0 has catapulted the integration of advanced technologies in industrial operations, where interconnected systems rely heavily on sensor information. However, this dependency has revealed an essential vulnerability: Sabotaging these sensors can lead to costly and dangerous interruptions in the production chain. To address this threat, we introduce an innovative methodological approach focused on developing an anomaly detection algorithm specifically designed to track manipulations in industrial sensors. Through a series of meticulous tests in an industrial environment, we validate the robustness and accuracy of our proposal. What distinguishes this study is its unique adaptability to various sensor conditions, achieving high detection accuracy and prompt response. Our algorithm demonstrates superiority in accuracy and sensitivity compared to previously established methodologies. Beyond detection, we incorporate a proactive alert and response system, guaranteeing timely action against detected anomalies. This work offers a tangible solution to a growing challenge. It lays the foundation for strengthening security in industrial systems of the digital age, harmonizing efficiency with protection in the Industry 4.0 landscape.
ABSTRACT
In an increasingly technology-driven world, the security of Internet-of-Things systems has become a top priority. This article presents a study on the implementation of security solutions in an innovative manufacturing plant using IoT and machine learning. The research was based on collecting historical data from telemetry sensors, IoT cameras, and control devices in a smart manufacturing plant. The data provided the basis for training machine learning models, which were used for real-time anomaly detection. After training the machine learning models, we achieved a 13% improvement in the anomaly detection rate and a 3% decrease in the false positive rate. These results significantly impacted plant efficiency and safety, with faster and more effective responses seen to unusual events. The results showed that there was a significant impact on the efficiency and safety of the smart manufacturing plant. Improved anomaly detection enabled faster and more effective responses to unusual events, decreasing critical incidents and improving overall security. Additionally, algorithm optimization and IoT infrastructure improved operational efficiency by reducing unscheduled downtime and increasing resource utilization. This study highlights the effectiveness of machine learning-based security solutions by comparing the results with those of previous research on IoT security and anomaly detection in industrial environments. The adaptability of these solutions makes them applicable in various industrial and commercial environments.
ABSTRACT
Monitoring water quality in reservoirs is essential for the maintenance of aquatic ecosystems and socioeconomic services. In this scenario, the observation of abrupt elevations of physicochemical parameters, such as turbidity and other indicators, can signal anomalies associated with the occurrence of critical events, requiring operational actions and planning to mitigate negative environmental impacts on water resources. This work aims to integrate Machine Learning methods specialized in anomaly detection with data obtained from remote sensing images to identify with high turbidity events in the surface water of the Três Marias Hydroelectric Reservoir. Four distinct threshold-based scenarios were evaluated, in which the overall performance, based on F1-score, showed decreasing trends as the thresholds became more restrictive. In general, the anomaly identification maps generated through the models ratified the applicability of the methods in the diagnosis of surface water in reservoirs in distinct hydrological contexts (dry and wet), effectively identifying locations with anomalous turbidity values.
ABSTRACT
In this paper, we introduce a one-class learning approach for detecting modifications in assembled printed circuit boards (PCBs) based on photographs taken without tight control over perspective and illumination conditions. Anomaly detection and segmentation are essential for several applications, where collecting anomalous samples for supervised training is infeasible. Given the uncontrolled environment and the huge number of possible modifications, we address the problem as a case of anomaly detection, proposing an approach that is directed towards the characteristics of that scenario, while being well suited for other similar applications. We propose a loss function that can be used to train a deep convolutional autoencoder based only on images of the unmodified board-which allows overcoming the challenge of producing a representative set of samples containing anomalies for supervised learning. We also propose a function that explores higher-level features for comparing the input image and the reconstruction produced by the autoencoder, allowing the segmentation of structures and components that differ between them. Experiments performed on a dataset built to represent real-world situations (which we made publicly available) show that our approach outperforms other state-of-the-art approaches for anomaly segmentation in the considered scenario, while producing comparable results on a more general object anomaly detection task.
ABSTRACT
Cardiovascular diseases are among the leading causes of mortality worldwide, with more than 23 million related deaths per year by 2030, according to the World Heart Federation. Although most of these diseases may be prevented, population awareness strategies are still ineffective. In this context, we propose the CML-Cardio tool, a machine learning application to automate the risk classification process of developing CVDs. For this, researchers in our group collected data on diabetes, blood pressure, and other risk factors in a private company. Our final model consists of a cascade system to handle highly imbalanced data. In the first stage, a binary model is responsible for predicting whether a patient has a low risk of developing CVDs or if has a risk that needs attention. In this step, we use six algorithms: logistic regression, SVM, random forest, XGBoost, CatBoost, and multilayer perceptron. The better results presented an average accuracy of 0.86 ± 0.03 and f-score of 0.85 ± 0.04. We interpret each feature's impact on the models' output and validate the subsystem for the next step. In the second stage, we use an anomaly detection model to learn the intermediate risk patterns present in the instances that need attention. The cascade model presented an average accuracy of 0.80 ± 0.07 and f-score of 0.70 ± 0.07. Finally, we develop the CML-Cardio prototype of an actual application as a primary prevention strategy. Graphical abstract In this work, we propose the CML-Cardio tool, a cascade machine learning method to classify cardiovascular disease risk.
Subject(s)
Cardiovascular Diseases , Humans , Cardiovascular Diseases/prevention & control , Algorithms , Blood Pressure , Machine Learning , Primary PreventionABSTRACT
(1) Background: The research area of video surveillance anomaly detection aims to automatically detect the moment when a video surveillance camera captures something that does not fit the normal pattern. This is a difficult task, but it is important to automate, improve, and lower the cost of the detection of crimes and other accidents. The UCF-Crime dataset is currently the most realistic crime dataset, and it contains hundreds of videos distributed in several categories; it includes a robbery category, which contains videos of people stealing material goods using violence, but this category only includes a few videos. (2) Methods: This work focuses only on the robbery category, presenting a new weakly labelled dataset that contains 486 new real-world robbery surveillance videos acquired from public sources. (3) Results: We have modified and applied three state-of-the-art video surveillance anomaly detection methods to create a benchmark for future studies. We showed that in the best scenario, taking into account only the anomaly videos in our dataset, the best method achieved an AUC of 66.35%. When all anomaly and normal videos were taken into account, the best method achieved an AUC of 88.75%. (4) Conclusion: This result shows that there is a huge research opportunity to create new methods and approaches that can improve robbery detection in video surveillance.
Subject(s)
Crime , Theft , Humans , Benchmarking , Videotape RecordingABSTRACT
The residential environment is constantly evolving technologically. With this evolution, sensors have become intelligent interconnecting home appliances, personal computers, and mobile devices. Despite the benefits of this interaction, these devices are also prone to security threats and vulnerabilities. Ensuring the security of smart homes is challenging due to the heterogeneity of applications and protocols involved in this environment. This work proposes the FamilyGuard architecture to add a new layer of security and simplify management of the home environment by detecting network traffic anomalies. Experiments are carried out to validate the main components of the architecture. An anomaly detection module is also developed by using machine learning through one-class classifiers based on the network flow. The results show that the proposed solution can offer smart home users additional and personalized security features using low-cost devices.
Subject(s)
Internet of Things , Computer Security , Machine LearningABSTRACT
Anomaly detection in computer networks is a complex task that requires the distinction of normality and anomaly. Network attack detection in information systems is a constant challenge in computer security research, as information systems provide essential services for enterprises and individuals. The consequences of these attacks could be the access, disclosure, or modification of information, as well as denial of computer services and resources. Intrusion Detection Systems (IDS) are developed as solutions to detect anomalous behavior, such as denial of service, and backdoors. The proposed model was inspired by the behavior of dendritic cells and their interactions with the human immune system, known as Dendritic Cell Algorithm (DCA), and combines the use of Multiresolution Analysis (MRA) Maximal Overlap Discrete Wavelet Transform (MODWT), as well as the segmented deterministic DCA approach (S-dDCA). The proposed approach is a binary classifier that aims to analyze a time-frequency representation of time-series data obtained from high-level network features, in order to classify data as normal or anomalous. The MODWT was used to extract the approximations of two input signal categories at different levels of decomposition, and are used as processing elements for the multi resolution DCA. The model was evaluated using the NSL-KDD, UNSW-NB15, CIC-IDS2017 and CSE-CIC-IDS2018 datasets, containing contemporary network traffic and attacks. The proposed MRA S-dDCA model achieved an accuracy of 97.37%, 99.97%, 99.56%, and 99.75% for the tested datasets, respectively. Comparisons with the DCA and state-of-the-art approaches for network anomaly detection are presented. The proposed approach was able to surpass state-of-the-art approaches with UNSW-NB15 and CSECIC-IDS2018 datasets, whereas the results obtained with the NSL-KDD and CIC-IDS2017 datasets are competitive with machine learning approaches.
ABSTRACT
BACKGROUND: The amount of data and behavior changes in society happens at a swift pace in this interconnected world. Consequently, machine learning algorithms lose accuracy because they do not know these new patterns. This change in the data pattern is known as concept drift. There exist many approaches for dealing with these drifts. Usually, these methods are costly to implement because they require (i) knowledge of drift detection algorithms, (ii) software engineering strategies, and (iii) continuous maintenance concerning new drifts. RESULTS: This article proposes to create Driftage: a new framework using multi-agent systems to simplify the implementation of concept drift detectors considerably and divide concept drift detection responsibilities between agents, enhancing explainability of each part of drift detection. As a case study, we illustrate our strategy using a muscle activity monitor of electromyography. We show a reduction in the number of false-positive drifts detected, improving detection interpretability, and enabling concept drift detectors' interactivity with other knowledge bases. CONCLUSION: We conclude that using Driftage, arises a new paradigm to implement concept drift algorithms with multi-agent architecture that contributes to split drift detection responsability, algorithms interpretability and more dynamic algorithms adaptation.
Subject(s)
Algorithms , Machine Learning , SoftwareABSTRACT
Benford Law (BL) states that the occurrence of significant digits in many natural and human phenomena data sets are not uniformly scattered, as one could naively expect, but follow a logarithmic-type distribution. Here, we present a method that consists of the use of BL analysis over first and first-two digits, three statistical conformity tests - Z-statistics, Mean Absolute Deviation (MAD) and Chi-square (χ2) as well as the summation test which looks for excessively large numbers, having fraud detection as one of its application. We developed the method for fraud detection in the case of the Brazilian Bolsa Familia welfare program. In this case, we submitted four periods of Brazilian welfare program payments to the method with a dataset of 13,442,529 records. We provide a practical implementation of the method based on open-source R library released on a public repository. Furthermore, code implementation of the algorithm as well as datasets are freely available. Advantages of the algorithm are listed below: ⢠The method was developed based on open source libraries ⢠The technique is simple, rapid and ease of use ⢠Easily applicable to other social welfare program auditing.
ABSTRACT
Several brain disorders are associated with abnormal brain asymmetries (asymmetric anomalies). Several computer-based methods aim to detect such anomalies automatically. Recent advances in this area use automatic unsupervised techniques that extract pairs of symmetric supervoxels in the hemispheres, model normal brain asymmetries for each pair from healthy subjects, and treat outliers as anomalies. Yet, there is no deep understanding of the impact of the supervoxel segmentation quality for abnormal asymmetry detection, especially for small anomalies, nor of the added value of using a specialized model for each supervoxel pair instead of a single global appearance model. We aim to answer these questions by a detailed evaluation of different scenarios for supervoxel segmentation and classification for detecting abnormal brain asymmetries. Experimental results on 3D MR-T1 brain images of stroke patients confirm the importance of high-quality supervoxels fit anomalies and the use of a specific classifier for each supervoxel. Next, we present a refinement of the detection method that reduces the number of false-positive supervoxels, thereby making the detection method easier to use for visual inspection and analysis of the found anomalies.
Subject(s)
Algorithms , Brain , Brain/diagnostic imaging , Healthy Volunteers , Humans , Imaging, Three-Dimensional , Magnetic Resonance ImagingABSTRACT
Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device's behaviour, the approach extracts features from the device's CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device's energy consumption, and CPU and memory utilisation.
ABSTRACT
AIM AND OBJECTIVE: A common method used for massive detection of cellulolytic microorganisms is based on the formation of halos on solid medium. However, this is a subjective method and real-time monitoring is not possible. The objective of this work was to develop a method of computational analysis of the visual patterns created by cellulolytic activity through artificial neural networks description. MATERIALS AND METHODS: Our method learns by an adaptive prediction model and automatically determines when enzymatic activity on a chromogenic indicator such as the hydrolysis halo occurs. To achieve this goal, we generated a data library with absorbance readings and RGB values of enzymatic hydrolysis, obtained by spectrophotometry and a prototype camera-based equipment (Enzyme Vision), respectively. We used the first part of the library to generate a linear regression model, which was able to predict theoretical absorbances using the RGB color patterns, which agreed with values obtained by spectrophotometry. The second part was used to train, validate, and test the neural network model in order to predict cellulolytic activity based on color patterns. RESULTS: As a result of our model, we were able to establish six new descriptors useful for the prediction of the temporal changes in the enzymatic activity. Finally, our model was evaluated on one halo from cellulolytic microorganisms, achieving the regional classification of the generated halo in three of the six classes learned by our model. CONCLUSION: We assume that our approach can be a viable alternative for high throughput screening of enzymatic activity in real time.
Subject(s)
Cellulose/chemistry , Gene Library , Neural Networks, Computer , Pattern Recognition, Automated , Cellulose/metabolism , Color , Coloring Agents/chemistry , Congo Red/chemistry , Hydrolysis , Machine Learning , Models, MolecularABSTRACT
We propose a definition of entropy for stochastic processes. We provide a reproducing kernel Hilbert space model to estimate entropy from a random sample of realizations of a stochastic process, namely functional data, and introduce two approaches to estimate minimum entropy sets. These sets are relevant to detect anomalous or outlier functional data. A numerical experiment illustrates the performance of the proposed method; in addition, we conduct an analysis of mortality rate curves as an interesting application in a real-data context to explore functional anomaly detection.
ABSTRACT
The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS). The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting) and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.