26838 research outputs found
Sort by
From baselines to breakthroughs : fundamentals and applications of machine learning in cybersecurity
Our digital society is increasingly dependent on online services, used by individuals, businesses, and governments. While this brings many benefits, it also creates vulnerabilities to cyberattacks such as phishing, malware, and denial-of-service. Traditional methods like signature-based detection are struggling to keep up with increasingly sophisticated threats. Cybercriminals exploit weaknesses in systems, networks, and human behavior, making static defenses less effective. Advanced threat detection techniques are therefore crucial to modern cybersecurity. Machine learning (ML), a branch of artificial intelligence, offers strong potential for improving cyber threat detection. ML enables systems to identify patterns in data and make predictions without being explicitly programmed. In cybersecurity, data sources like network traffic logs can reveal attack patterns and detect malicious activity more effectively than conventional approaches. However, challenges remain. Most network traffic is benign, creating a strong class imbalance, and many data points lack labels indicating whether they are malicious. Despite these issues, continuous developments in ML are helping overcome such limitations. This dissertation explores both theoretical and practical applications of ML in cybersecurity. It consists of three parts: baseline methods, intrusion detection, and learning and breakthroughs. Each section addresses key challenges in the development and evaluation of ML-based security systems. Chapter 2 introduces the Dutch Draw (DD), a general-purpose baseline for evaluating binary classifiers. Evaluation metrics like accuracy can be misleading without a reference point. The DD provides a simple, universal benchmark that any meaningful model should surpass. It offers clarity in model evaluation and ensures that performance scores are properly contextualized. Chapter 3 expands on this by studying all input-independent binary classification baselines. These models do not rely on data features. The concept of average-permutation-optimality is introduced to measure the expected performance when data and predictions are randomly ordered. The DD is shown to outperform all other such baselines for any order-invariant evaluation metric, confirming it as the preferred standard. Chapter 4 focuses on the ability of classifiers to detect known and novel variants of cyberattacks, especially distributed denial-of-service (DDoS) and HTTP-based web attacks. It describes how datasets are constructed using features from multiple network layers and presents three experiments: detecting known attacks, detecting unseen variants, and evaluating training with multiple attack types. Results show that classifiers perform well on known threats and can sometimes detect new variants, though not always symmetrically. Training on more attack types does not always improve results, suggesting that carefully selected examples may be more effective. The DD baseline is again used for benchmarking. Chapter 5 introduces the Dutch Scaler (DS), a new performance indicator that measures how much a model has actually learned. The Dutch Scaler Performance Indicator (DSPI) maps evaluation scores between two fixed points: the DD (representing no learning) and the Dutch Oracle (an approximation of an optimal model). This approach enables more meaningful interpretation of model scores and can be extended to other types of ML problems, such as multi-class classification and regression. Chapter 6 presents ULTRA, a framework designed to tackle the cold-start problem in cybersecurity, where labeled data is scarce in new environments. ULTRA combines active and transfer learning by aligning source and target data in a shared space while selecting the most informative instances. It performs well in cold-start scenarios and shows robustness to domain shifts. However, it assumes a shared feature space between source and target domains. Future work should address this limitation and optimize parameter tuning for better adaptability. This dissertation provides valuable contributions to both the theory and practice of machine learning in cybersecurity, aiming to support data scientists and security professionals in building more reliable and effective detection systems
Multivariate sensitivity-adaptive polynomial chaos expansion for high-dimensional surrogate modeling and uncertainty quantification
This work develops a novel basis-adaptive method for constructing anisotropic polynomial chaos expansions of multidimensional (vector-valued, multi-output) model responses. The adaptive basis selection is based on multivariate sensitivity analysis metrics that can be estimated by post-processing the polynomial chaos expansion and results in a common anisotropic polynomial basis for the vector-valued response. This allows the application of the method to problems with up to moderately high-dimensional model inputs (in the order of tens) and up to very high-dimensional model responses (in the order of thousands). The method is applied to different engineering test cases for surrogate modeling and uncertainty quantification, including use cases related to electric machine and power grid modeling and simulation, and is found to produce highly accurate results with comparatively low data and computational demand
De noodzaak van quantumweerbaarheid voor een veilige digitale samenleving - etotaal.nl - 5 December 2025
SIC-XR: workshop on social interaction and collaboration in eXtended Reality
In recent years, the use of immersive technologies is finding wide use in various fields. The workshop Social Interaction and Collaboration in eXtended Reality (SIC-XR) is an opportunity to explore the dynamics of social interaction and collaboration in immersive technologies, with a specific focus on eXtended Reality applications. With the growing adoption of these technologies in fields like remote work, education, and healthcare, it becomes crucial to investigate and enhance the ways people engage and collaborate in virtual environments