Pierre Parrend

Introducing multi-layer concatenation as a scheme to combine information in water distribution cyber-physical systems

Abstract

As Water distribution infrastructures are ageing, their modernization process is leading to an increased incorporation of connected devices into these physical systems. This transition is changing the nature of water distribution control systems from physical systems to cyber-physical systems (CPS). However, this evolution is associated with an increased vulnerability to cyber-attacks. Detecting such attacks in CPS is gaining traction in the scientific community with the recent release of cyber-physical datasets that capture simultaneously the network traffic and the physical state of a water distribution testbed. This novel paradigm of conjoint availability of these two types of data from a common source infrastructure opens a new question on how to combine their information when training machine learning models for attack detection. As an alternative approach to previous models that rely on model aggregation, this paper introduces Multi-Layer Concatenation, a combination scheme to merge the information from the physical and network parts of a CPS from a data perspective, through a time-based join operation coupled with a propagation process to keep the coherence of the global system. The evaluation of its impact assesses its benefits for machine learning-based detection on three cyber-physical datasets, by measuring machine learning models’ performances on physical and network data separately, and then on data combined through the proposed scheme.

Continue reading

Combining physical and network data for attack detection in water distribution networks

Abstract

Water distribution infrastructures are increasingly incorporating IoT in the form of sensing and computing power to improve control over the system and achieve a greater adaptability to the water demand. This evolution, from physical towards cyberphysical systems, comes with an attack perimeter extended to the cyberspace. Being able to detect this novel kind of attacks is gaining traction in the scientific community. However, machine learning detection algorithms, which are showing encouraging results in cybersecurity applications, needs training data as close as possible to real world data in order to perform well in production environment. The availability of such data, with complexity levels on par with real world infrastructures, with acquisitions from both from physical and cyber spaces, is a bottleneck for the development of machine learning algorithms. This paper addresses this problem by providing an analysis of the currently available cyberphysical datasets in the water distribution field, together with a multi-layer comparison methodology to assess their complexity. This multi-layer approach to complexity evaluation of datasets is based on three major axes, namely attack scenarios, network topology and network communications, allowing for a precise look at the forces and weaknesses of available datasets across a wide spectrum. The results show that currently available datasets are emphasizing on one aspect of real world complexity but lacks on the others, highlighting the need for a more global approach in further work to propose datasets with an increased complexity on multiple aspects at the same time.

Continue reading

Graph-based spectral analysis for detecting cyber attacks

Abstract

Spectral graph theory delves into graph properties through their spectral signatures. The eigenvalues of a graph’s Laplacian matrix are crucial for grasping its connectivity and overall structural topology. This research capitalizes on the inherent link between graph topology and spectral characteristics to enhance spectral graph analysis applications. In particular, such connectivity information is key to detect low signals that betray the occurrence of cyberattacks. This paper introduces SpectraTW, a novel spectral graph analysis methodology tailored for monitoring anomalies in network traffic. SpectraTW relies on four spectral indicators, Connectedness, Flooding, Wiriness, and Asymmetry, derived from network attributes and topological variations, that are defined and evaluated. This method interprets networks as evolving graphs, leveraging the Laplacian matrix’s spectral insights to detect shifts in network structure over time. The significance of spectral analysis becomes especially pronounced in the medical IoT domains, where the complex web of devices and the critical nature of healthcare data amplify the need for advanced security measures. Spectral analysis’s ability to swiftly pinpoint irregularities and shift in network traffic aligns well with the medical IoT’s requirements for prompt attack detection.

Continue reading

Structural and spectral analysis of dynamic graphs for attack detection

Abstract

At this time, cyberattacks represent a constant threat. Many approaches exist for detecting suspicious behaviors, but very few of them seem to benefit from the huge potential of mathematical approaches like spectral graph analysis, known to be able to extract topological features of a graph using its Laplacian spectrum. For this reason, we consider our network as a dynamic graph composed of nodes (representing the devices) and of edges (representing the requests), and we compute its Laplacian spectrum across time. An important change of topology inducing an important change in the spectrum, this spectrum seems to be the key to detect threats. Dynamic spectrum-based metrics have been developed for this aim.

Continue reading

CRACS: Compaction of rules in anticipatory classifier systems

Abstract

Rule Compaction of populations of Learning Classifier Systems (LCS) has always been a topic of interest to get more insights into the discovered underlying patterns from the data or to remove useless classifiers from the populations. However, these techniques have neither been used nor adapted to Anticipatory Learning Classifier Systems (ALCS). ALCS differ from other LCS in that they build models of their environments from which decision policies to solve their learning tasks are learned. We thus propose CRACS (Compaction of Rules in Anticipatory Classifier Systems), a compaction algorithm for ALCS that aims to reduce the size of their environmental models without impairing these models or the ability of these systems to solve their tasks. CRACS relies on filters applied to classifiers and subsumption principles. The capabilities of our compaction algorithm have been studied with three different ALCS on a thorough benchmark of 23 mazes of various levels of environmental uncertainty. The results show that CRACS reduces the size of populations of classifiers while the learned models of environments and the ability of ALCS to solve their tasks are preserved.

Continue reading

Metrics for community dynamics applied to unsupervised attacks detection

Abstract

Attack detection in big networks has become a necessity. Yet, with the ever changing threat landscape and massive amount of data to handle, network intrusion detection systems (NIDS) end up being obsolete. Different machine-learning-based solutions have been developed to answer the detection problem for data with evolving statistical distributions. However, no approach has proved to be both scalable and robust to passing time. In this paper, we propose a scalable and unsupervised approach to detect behavioral patterns without prior knowledge on the nature of attacks. For this purpose, we define novel metrics for graph community dynamics and use them as feature with unsupervised detection algorithm on the UGR’16 dataset. The proposed approach improves existing detection algorithms by 285.56% in precision and 222.82% in recall when compared to usual feature extraction (FE) using isolation forest.

Continue reading

GenIDA, a participatory patient registry for genetic forms of intellectual disability provides detailed caregiver reported information on 237 individuals with Koolen-de Vries syndrome

Abstract

Continue reading

Metrics for evaluating interface explainability models for cyberattack detection in IoT data

Abstract

The importance of machine learning (ML) in detecting cyberattacks lies in its ability to efficiently process and analyze large volumes of IoT data, which is critical in ensuring the security and privacy of sensitive information transmitted between connected devices. However, the lack of explainability of ML algorithms has become a significant concern in the cybersecurity community. Therefore, explainable techniques are developed to make ML algorithms more transparent, thereby improving trust in attack detection systems by its ability to allow cybersecurity analysts to understand the reasons for model predictions and to identify any limitation or error in the model. One of the key artifacts of explainability is interface explainability models such as impurity and permutation feature importance analysis, Local Interpretable Model-agnostic Explanations (LIME), and SHapley Additive exPlanations (SHAP). However, these models are not able to provide enough quantitative information (metrics) to build complete trust and confidence in the explanations they generate. In this paper, we propose and evaluate metrics such as reliability and latency to quantify the trustworthiness of the explanations and to establish confidence in the model’s decisions to accurately detect and explain cyberattacks in IoT data during the ML process.

Continue reading

Towards attack detection in traffic data based on spectral graph analysis

Abstract

Nowadays, cyberattacks have become a significant concern for individuals, organizations, and governments. These attacks can take many forms, and the consequences can be severe. In order to protect ourselves from these threats, it is essential to employ a range of different strategies and techniques like detection of patterns, classification of system behaviors against previously known attacks, and anomaly detection techniques. This way, we can identify unknown forms of attacks. Few of these existing techniques seem to fully utilize the potential of mathematical approaches such as spectral graph analysis. This domain is made of tools able to extract important topological features of a graph by computing its Laplacian matrix and its corresponding spectrum. This framework can provide valuable insights into the underlying structure of a network, which can be used to detect cyberthreats. Indeed, significant changes in the topology of the graph result in significant changes in the spectrum of the Laplacian matrix. For this reason, we propose here to address this issue by considering the network as a dynamic graph composed of nodes (devices) and edges (requests between devices), to study the evolution of the Laplacian spectrum, and to compute metrics on this evolving spectrum. This way, we should be able to detect suspicious behaviors which may indicate that an attack is occurring.

Continue reading

GenIDA: An international participatory database to gain knowledge on health issues related to genetic forms of neurodevelopmental disorders

Abstract

Intellectual disability with or without manifestations of autism and/or epilepsy affects 1-2% of the population, and it is estimated that more than 30-50% of these cases have a single genetic cause. More than 1000 genes and recurrent chromosomal abnormalities are involved in these genetic forms of neurodevelopmental disorders, which often remain insufficiently described in terms of clinical spectrum, associated medical problems, etc., due to their rarity and the often-limited number of patients’ phenotypes reported. GenIDA is an international online participatory database that aims to better characterise the clinical manifestations and natural histories of these rare diseases. Clinical information is reported by parents of affected individuals using a structured questionnaire exploring physical parameters, cognitive and behavioural aspects, the presence or absence of neurological disorders or problems affecting major physiological functions, as well as autonomy and quality of life. This strengthens the implication in research of the concerned families. GenIDA aims to construct international cohorts of significant size of individuals affected by a given condition. As of July 2022, GenIDA counts some 1545 documented patient records from over 60 nationalities and collaborates with clinicians and researchers around the world who have access to the anonymized data collected to generate new, medically meaningful information to improve patient care. We present the GenIDA database here, together with an overview of the possibilities it offers to affected individuals, their families, and professionals in charge of the management of genetic forms of neurodevelopmental disorders. Finally, case studies of cohorts will illustrate the usefulness of GenIDA.

Continue reading