Guiomar Corral

Explanations of unsupervised learning clustering applied to data security analysis

Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.

Data classification through an evolutionary approach based on multiple criteria

Real-world problems usually present a huge volume of imprecise data. These types of problems may challenge case-based reasoning systems because the knowledge extracted from data is used to identify analogies and solve new problems. Many authors have focused on organizing case memory in patterns to minimize the computational burden and deal with uncertainty. The organization is usually determined by a single criterion, but in some problems, a single criterion can be insufficient to find accurate clusters. This work describes an approach to organize the case memory in patterns based on multiple criteria. This new approach uses the searching capabilities of multiobjective evolutionary algorithms to build a Pareto set of solutions, where each one is a possible organization based on the relevance of objectives. The system shows promising capabilities when it is compared with a successful system based on self-organizing maps. Due to the data set geometry influences, the clustering building process results are analyzed taking into account it. For this reason, some complexity measures are used to categorize data sets according to their topology.

Analysis of vulnerability assessment results based on CAOS

Abstract: Information system security must battle regularly with new threats that jeopardize the protection of those systems. Security tests have to be run periodically not only to identify vulnerabilities but also to control information systems, network devices, services and communications. Vulnerability assessments gather large amounts of data to be further analyzed by security experts, who recently have started using data analysis techniques to extract useful knowledge from these data. With the aim of assisting this process, this work presents CAOS, an evolutionary multiobjective approach to be used to cluster information of security tests. The process enables the clustering of the tested devices with similar vulnerabilities to detect hidden patterns, rogue or risky devices. Two different types of metrics have been selected to guide the discovery process in order to get the best clustering solution: general-purpose and specific-domain objectives. The results of both approaches are compared with the state-of-the-art single-objective clustering techniques to corroborate the benefits of the clustering results to security analysts.

Smart Grid ICT Research Lines out of the European Project INTEGRIS

The Smart Grid is at the same time a part of the Internet of Things and an example of a cyber-physical system where the physical power grid is surrounded by many intelligent and communication devices that allow for an enhanced management of the power network itself. The Smart Grid may bring great performance benefits to the society in terms of enabling the massive introduction of renewable energy sources in the power grid, the reduction of carbon emissions and improved sustainability among others. However, it may also bring big computer networking challenges to achieve the needed high reliability and low latency and even risks in terms of cybersecurity since it opens the power system to at least the same threats faced by the Internet. In fact, it is reasonable to think that the vulnerabilities will be still larger, considering the novel, heterogeneous and distributed nature of the Smart Grid. Furthermore, cybersecurity in Smart Grids is essential for the survival and feasibility of this electricity concept, thus making the risks still more relevant. Such ICT systems and computer networks supporting the Smart Grid concept need to be very efficient and to comply with very stringent requirements, at least for some of the services to be provided. They also need to efficiently integrate and manage in a single network a vast array of technologies among which diverse link layer technologies, meshed and non-meshed Ethernet networks, different cybersecurity protocols, networking at different layers, cognitive systems and storage and replication of data. The objective is to provide a system capable of providing adequate service to the wide array of applications foreseen for the Smart Grid but the complexity of the problem is really impressive and it is not possible to focus all of its aspects in a single paper or even project. The present paper presents these requirements, the solutions and results developed and tested in the FP7 European Project INTEGRIS as well as the future challenges and research lines identified as a result of the project and some prospective solutions.

Multiobjective Evolutionary Clustering Approach to Security Vulnerability Assesments

Network vulnerability assessments collect large amounts of data to be further analyzed by security experts. Data mining and, particularly, unsupervised learning can help experts analyze these data and extract several conclusions. This paper presents a contribution to mine data in this security domain. We have implemented an evolutionary multiobjective approach to cluster data of security assessments. Clusters hold groups of tested devices with similar vulnerabilities to detect hidden patterns. Two different metrics have been selected as objectives to guide the discovery process. The results of this contribution are compared with other single-objective clustering approaches to confirm the value of the obtained clustering structures.

Model for polling in noisy multihop systems with application to PLC and AMR

The present paper presents a Markov chain model of polling in noisy multi-hop systems typical of power line communications (PLC) as well as of other systems. The model includes the transmission of a backwards error indication packet (BEIP) to the master when the transmission is blocked in one of the downstream hops as well as the possibility to reduce the global time-out value below that strictly necessary to avoid having two simultaneous polls within the system. Two case studies are presented; the OPERA PLC access broadband specification and a narrow band PLC based automatic meter reading (AMR) system. Explicit formulas for the delay in these systems and curves representing the behavior of the studied cases are given.

Prediction and Control of Short-Term Congestion in ATM Networks Using Artificial Intelligence Techniques

Nowadays high-speed transmissions and heterogeneous traffic are some of the most essential requirements that a communication network must satisfy. Therefore, the design and management of such networks must consider these requirements. Network congestion is a very important point that must be taken into consideration when a management system is designed. ATM networks support different types of services and this fact makes them less predictable networks. Congestion can be defined as a state of network elements in which the network cannot guarantee the established connections the negotiated QoS. This paper proposes a system to reduce short-term congestion in ATM networks. This system uses Artificial Intelligence techniques to predict future states of network congestion in order to take less drastic measures in advance.

Security in OPERA Specification Based PLC Systems

Power Line Communication (PLC) is a broadband telecommunication technology that enables the use of the existing electricity networks for high speed data transmission purposes. European project OPERA (Open PLC European Research Alliance) is a project whose strategic objective is to push PLC technology in all the different and relevant aspects. Within this framework, security is an important aspect that should be taken into account and integrated into the specifications from the very beginning. The project was scheduled in two phases with a duration of two years each. Phase1 produced a first PLC specification, including security. Phase2 produced an improved specification which was submitted to the IEEE as the OPERA PLC proposal within the contest organized by WG P1901. The paper presents the studies related to security in the PLC access technology made within this process that led to the second security specification of OPERA. Finally, an analysis of this specification is performed.

Prototyping a Web-of-Energy Architecture for Smart Integration of Sensor Networks in Smart Grids Domain

Sensor networks and the Internet of Things have driven the evolution of traditional electric power distribution networks towards a new paradigm referred to as Smart Grid. However, the different elements that compose the Information and Communication Technologies (ICTs) layer of a Smart Grid are usually conceived as isolated systems that typically result in rigid hardware architectures which are hard to interoperate, manage, and to adapt to new situations. If the Smart Grid paradigm has to be presented as a solution to the demand for distributed and intelligent energy management system, it is necessary to deploy innovative IT infrastructures to support these smart functions. One of the main issues of Smart Grids is the heterogeneity of communication protocols used by the smart sensor devices that integrate them. The use of the concept of the Web of Things is proposed in this work to tackle this problem. More specifically, the implementation of a Smart Grid’s Web of Things, coined as the Web of Energy is introduced. The purpose of this paper is to propose the usage of Web of Energy by means of the Actor Model paradigm to address the latent deployment and management limitations of Smart Grids. Smart Grid designers can use the Actor Model as a design model for an infrastructure that supports the intelligent functions demanded and is capable of grouping and converting the heterogeneity of traditional infrastructures into the homogeneity feature of the Web of Things. Conducted experimentations endorse the feasibility of this solution and encourage practitioners to point their efforts in this direction.

DERMA: A melanoma diagnosis platform based on collaborative multilabel analog reasoning

The number of melanoma cancer-related death has increased over the last few years due to the new solar habits. Early diagnosis has become the best prevention method. This work presents a melanoma diagnosis architecture based on the collaboration of several multilabel case-based reasoning subsystems called DERMA. The system has to face up several challenges that include data characterization, pattern matching, reliable diagnosis, and self-explanation capabilities. Experiments using subsystems specialized in confocal and dermoscopy images have provided promising results for helping experts to assess melanoma diagnosis.