1,721,034 research outputs found
A risk mitigation approach for autonomous cloud intrusion response system
No full textCloud computing delivers on-demand resources over the Internet on a pay-for-use basis, intruders may exploit clouds for their advantage. This paper presents Autonomous Cloud Intrusion Response System (ACIRS), a proper defense strategy for cloud systems. ACIRS continuously monitors and analyzes system events and computes security and risk parameters to provide risk assessment and mitigation capabilities with a scalable and elastic architecture with no central coordinator. It detects masquerade, host based and network based attacks and selects the appropriate response to mitigate these attacks. ACIRS is superior to NICE (Network Intrusion Detection and Countermeasure Selection system) in reducing the risk by 38 %. This paper describes the components, architecture, and advantages of ACIRS
INTRUSION RESPONSE FOR CYBER-PHYSICAL SYSTEMS: A MODEL-FREE DEEP REINFORCEMENT LEARNING APPROACH
Full text linkCyberattacks on Cyber-Physical Systems (CPSs) are on the rise due to CPS increased networked connectivity, which may cause costly environmental hazards as well as human and financial loss. Although the connectivity of CPSs has significantly improved production, it introduced new vulnerabilities, which necessitate designing and implementing proper automatic cybersecurity defensive mechanisms to protect CPSs from cyberattacks. This thesis presents the design, implementation, and evaluation of a dynamic Intrusion Response System (IRS) to automatically respond to false data injection attacks against a model-based CPS testbed. The proposed IRS was designed using two approaches: an optimization approach with Genetic algorithm and a model-free Deep Reinforcement Learning-based (DRL) approach using Double Deep Q Networks (DDQN) algorithm. The proposed solutions are evaluated on an online Continuous Stirred Tank Reactor (CSTR) testbed that mimics a real-world CPS. Experimental results demonstrate the effectiveness of the proposed approaches in responding to false data injection attacks and minimize the impact on the system. Finally, the thesis highlights open research questions and sketches directions for future work
QUEUEING THEORY BASED KUBERNETES AUTOSCALER
Full text linkThe microservices architecture is emerging as a new architectural style for designing and developing applications by composing loosely coupled services that exchange standard messages using standard interfaces and protocols. Docker provides a platform to automate microservices deployment into isolated containers. Kubernetes automates the deployment, scaling and management of Docker containers. Unlike current virtual machines (VM) based deployment, containerization allows more effective scaling of resources to meet the requirements of varying workloads. Benefiting from the research advances in VMs consolidation, placement and auto-scaling approaches, as well as the queueing theory, our work provides a custom queueing theory based auto-scaler for Kubernetes, which dynamically make vertical and horizontal scaling decisions. The auto-scaler goal is to achieve the desired Quality of Service (QoS) while optimizing the cloud resources usage
Deep Learning Based Approach For Prediction Of Cloud Resource Needs
Full text linkCloud computing allows scaling applications to serve dynamic and time-varying workloads and to avoid application performance degradation, while keeping low provisioning costs. But, resource demand of applications need to be determined beforehand. Therefore, accurate prediction of cloud resource needs is critical by enabling proactive scaling to efficiently manage cloud resources and to reduce the operational cost. Most of the exiting resource prediction approaches are based on the statistical analysis that employ shallow structure. As a result, the prediction model has poor ability to capture the intrinsic features in the workload data.
Deep learning has emerged as an alternative approach that promise to produce more accurate prediction. This project designed, implemented and evaluated a deep learning based approach for prediction of cloud resources using Long Short-Term Memory (LSTM) and Multilayer Perceptron (MLP). Moreover, a statistical prediction model Autoregressive Integrated Moving Average (ARIMA) is developed and evaluated. Expensive experimental studies were performed to evaluate the accuracy of deep learning prediction models compared to traditional ARIMA approach. The result of the experiments shows that the prediction accuracy of LSTM, MLP and ARIMA models depend on the pattern of the incoming workload. Specifically, the result shows that LSTM model outperforms other prediction models for periodic workload patterns, while ARIMA has better prediction accuracy for growing and unpredicted workload patterns
Multimodal Intrusion Detection System for Cyber Physical Systems
Full text linkCyber-Physical Systems (CPS) are deployed to control critical infrastructure in many fields, including industry and manufacturing. In recent years, CPS have been affected by cyberattacks due to the increased connectivity of these systems to the Internet. This work aims to develop a deep learning-based Intrusion Detection System (IDS) for detecting cyberattacks on CPS using multimodal learning techniques. This thesis reports the design, implementation, and evaluation of two IDS solutions based on different deep learning networks: Convolution Neural Network (CNN) and Recurrent Neural Network (RNN). For the first IDS, Gramian Angular Field (GAF) is used to convert CPS time-series data to images that are fed to a 3D CNN to train the attack detection classifier. The second IDS uses RNN with a multimodal attention approach for training the attack detector. Both solutions utilize CPS process data and network
data to improve the attack detection accuracy. The performance of the proposed approaches is evaluated on SWaT datasets collected from a testbed that represents real world CPS. Experimental results demonstrate that both IDSs achieved improved performance and higher detection capability compared to related work
Building a Test Collection for Significant-Event Detection in Arabic Tweets
Full text linkWith the increasing popularity of microblogging services like Twitter, researchers discov-
ered a rich medium for tackling real-life problems like event detection. However, event
detection in Twitter is often obstructed by the lack of public evaluation mechanisms
such as test collections (set of tweets, labels, and queries to measure the eectiveness of
an information retrieval system). The problem is more evident when non-English lan-
guages, e.g., Arabic, are concerned. With the recent surge of signicant events in the
Arab world, news agencies and decision makers rely on Twitters microblogging service to
obtain recent information on events. In this thesis, we address the problem of building a
test collection of Arabic tweets (named EveTAR) for the task of event detection.
To build EveTAR, we rst adopted an adequate denition of an event, which is a
signicant occurrence that takes place at a certain time. An occurrence is signicant if
there are news articles about it. We collected Arabic tweets using Twitter's streaming
API. Then, we identied a set of events from the Arabic data collection using Wikipedias
current events portal. Corresponding tweets were extracted by querying the Arabic data
collection with a set of manually-constructed queries. To obtain relevance judgments for
those tweets, we leveraged CrowdFlower's crowdsourcing platform.
Over a period of 4 weeks, we crawled over 590M tweets, from which we identied 66
events that cover 8 dierent categories and gathered more than 134k relevance judgments.
Each event contains an average of 779 relevant tweets. Over all events, we got an average
Kappa of 0.6, which is a substantially acceptable value. EveTAR was used to evalu-
ate three state-of-the-art event detection algorithms. The best performing algorithms
achieved 0.60 in F1 measure and 0.80 in both precision and recall. We plan to make
our test collection available for research, including events description, manually-crafted
queries to extract potentially-relevant tweets, and all judgments per tweet. EveTAR is
the rst Arabic test collection built from scratch for the task of event detection. Addi-
tionally, we show in our experiments that it supports other tasks like ad-hoc search
Time-Aware Workload Charactrization And Prediction For Proactive Auto-Scaling Of Web Applications
Full text linkProactive auto-scaling techniques aim to predict the future workload of web
applications to provision the required resources, such as virtual machines (VMs), ahead
of time. Nevertheless, deciding the optimal number of resources to allocate is a
challenging task due to the dynamic nature of workload characteristics and the
difficulty of predicting them. Most of the existing workload approaches only consider
one workload feature which is typically the volume of requests to characterize and
predict the workload. In this thesis, we report the design and development of a time
aware workload prediction model that considers the request time features in order to
achieve better workload characterization and prediction. We explore two different
approaches, namely Time-Aware Single-Modeling and Time-Aware Multi-Modeling.
The Time-Aware Single-Modeling approach builds one model for the entire time-space
and has three variations: multivariate regression, univariate Long Short-Term Memory
Neural Networks (LSTM), and multivariate LSTM neural network model. While, Time
Aware Multi-Modeling approach develops a prediction model for each time partition
discovered using a periodicity detection component.
The proposed solutions are evaluated using two real workload datasets: Library
portal at Qatar University and NewsLink portal in Pakistan. The results demonstrate
that the time-aware approaches achieve more accurate predictions of the workload patterns compared to other existing approaches. Also, it has been shown that the
achieved improvements are statistically different than existing approaches
Policy-Based Customization and Corrective Adaptation of Composite Web Services
No full textDue to the typical long-running character of business processes, it is often desirable to be able to change a running process. Common scenarios include the occurrence of faults, the change of business requirements and company policies that need to be reflected in running process instances. Hence, running process instances often need to be adapted to keep fulfilling the functional and QoS requirements of their dynamic business environment. However, current process orchestration engines do not provide the flexibility and dynamism needed to support ad-hoc changes (e.g., add, shift or delete activities) to a pre-defined service flow in order to deal with an exceptional situation that may occur during process execution. In this paper, we advocate a policy-based framework to manage customization and corrective adaptation of Web services in a controlled and reliable way. WS-Policy4MASC language is used to define process-level adaptation requirements. The latter are enforced by MASC (Manageable and Adaptable Service Compositions) middleware both at creation time and during an instance’s lifecycle. MASC middleware can be deployed as a transparent and configurable add-on to a BPEL engine to support the detection of a need to adapt and manage the adaptation. This paper also presents MASC middleware prototype implementation and some experimental results showing its viability and scalability. Several experimental results using a Stock Trading process illustrate the usefulness and effectiveness of our approach to providing adaptive services
Policy-driven framework for manageable and adaptive service-oriented processes
Full text linkDynamic selection and composition of autonomous and loosely-coupled Web services is increasingly used to automate business processes. The typical long-running characteristic of business processes imposes new management challenges such as dynamic adaptation of running process instances. However, current process orchestration engines provide limited flexibility to dynamically adapt to changing runtime conditions (e.g., presence of faults). Additionally, current process specification languages exhibit some limitations regarding modularity of crosscutting management concerns. In particular, monitoring and adaptation logic is often scattered across several process definitions and intertwined with the business logic. This leads to monolithic and complex processes that are hard to understand, reuse, maintain, and evolve.
To address these limitations, we developed a policy-based change management framework, named Manageable and Adaptable Service Compositions (MASC), to declaratively express crosscutting monitoring and process adaptation concerns in a separate and modular way. MASC policies use a set of simple, but flexible and relatively powerful, constructs to declaratively specify policies that govern: (1) discovery and selection of services to be used, (2) monitoring to detect the need for adaptation, (3) reconfiguration and adaptation of the process to handle special cases (e.g., context-dependant behaviour) and recover from typical faults in service-based processes. The identified constructs are executed by a lightweight service-oriented management middleware named MASC middleware. The adaptation is transparent because it preserves the original functional behaviour of the business process and does not tangle the adaptation logic with that of the business process. Additionally, policies do not have to be necessarily defined when designing the process; they can also be introduced later during deployment or at runtime.
We implemented a MASC proof-of-concept prototype and evaluated it on Stock Trading case study scenarios. We conducted extensive studies to demonstrate the feasibility of the proposed techniques and illustrate the benefits of our approach in providing adaptive composite services using the policy-based approach. Our performance and scalability studies indicate that MASC middleware is scalable and the introduced overhead are acceptable
A predictive control approach for fault management of computing systems
No full textIn this paper, a model-based predictive control approach for fault management in computing systems is presented. The proposed approach can incorporate existing fault diagnosis methods and fault recovery actions to facilitate the recovery process. When a fault is identified, the proposed algorithm uses utility cost functions to compute the optimal recovery solution that minimizes fault impacts on the system's Quality of Service. The proposed approach has been demonstrated on a Web service testbed under various faults. Copyright is held by author/owner(s).Scopu
- …
