Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Nonparametric Bayesian models for security anomaly detection
KTH, School of Electrical Engineering and Computer Science (EECS).
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Icke-parametriska Bayesianska modeller för upptäckt av säkerhetsavvikelser (Swedish)
Abstract [en]

Avionics systems are growing ever more complex to accommodate to the evolving needs of airlines. As such, their attack surface has greatly expanded, and the potential impact of a security incident touching these systems has become a critical concern for the aerospace industry. Countermeasures include defining security perimeters and monitoring network traffic, and in turn inspecting the logs generated by these systems to reveal security incidents and respond quickly accordingly. However, processing the large amount of system logs to extract valuable information is intractable through conventional means such as manual human investigation or regular expression matching.

This thesis tackles the problem of automation of anomaly detection on security and functional system logs using advanced machine learning techniques. It investigates new methods to improve on the work done during a previous project at Collins Aerospace on Markov chains and LSTM neural networks. In particular, it evaluates the use of nonparametric Bayesian methods to perform this task, specifically the Hidden Dirichlet Process Hidden Markov Model. A complete log analysis system is proposed based on these models, and their performance is evaluated on real-life datasets using this framework.

Abstract [sv]

Allteftersom flygbolagens krav utvecklas, blir flygelektroniska system mer komplexa. Till följd av detta, har dessa systems utsatthet ökat och risken för säkerhetsincidenter har blivit en av flygindustrins största bekymmer. För att förebygga säkerhetsincidenter kan man, bland annat, bygga system för att skapa säkerhetsgränser och bevaka nätverkstrafik.

Dessa förebyggande system generar loggar som man i sin tur analyserar för att upptäcka och lösa säkerhetsproblem. Det visar sig dock svårt att med konventionella metoder, som manuell undersökning eller mönstermatchning, behandla och finna värdefull information i de stora mängder loggar som genereras av dessa system.

Genom att använda avancerade maskininlärningsalgoritmer, försöker detta examensarbete automatisera behandlingen av systemloggar. Detta examensarbete undersöker nya metoder för att förbättra ett projekt som tidigare utförts vid Collins Aerospace. Det tidigare projektet använde Markovkedjor och neurala nätverk av LSTM-typ, men i detta arbete undersöks istället icke-parametriska Bayesianska metoder för uppgiften, specifikt den modell som kallas Hidden Dirichlet Process Hidden Markov Model. Ett fullständigt logghanteringssystem baserat på denna modell föreslås och utvärderas i detta examensarbete.

Place, publisher, year, edition, pages
2019. , p. 53
Series
TRITA-EECS-EX ; 2019:636
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-264995OAI: oai:DiVA.org:kth-264995DiVA, id: diva2:1376524
Educational program
Master of Science in Engineering - Computer Science and Technology
Supervisors
Examiners
Available from: 2019-12-09 Created: 2019-12-09

Open Access in DiVA

fulltext(755 kB)11 downloads
File information
File name FULLTEXT01.pdfFile size 755 kBChecksum SHA-512
b4e992d7f03dd75bca6c1c0518f45d0bdd41772c3cbea3caa178c620254e05cd7c251f7f060874c7a2d09fea78fe5047d9162dc25c1bbf0ff2b2329e93b980af
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 11 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 44 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf