|
|
Machine Learning in the Monitoring of Computer Clusters
Adam, Martin ; Pilát, Martin (advisor) ; Balcar, Štěpán (referee)
With the explosion of the number of distributed applications, a new dynamic server environment emerged grouping servers into clusters, whose utilization depends on the cur- rent demand for the application. Detecting and fixing erratic server behavior is paramount for providing maximal service stability and availability. Using standard techniques to de- tect such behavior is yielding sub-optimal results. We have collected a dataset of OS-level performance metrics from a cluster running a streaming distributed application and in- jected artificially created anomalies. We then selected a set of various machine learning algorithms and trained them for anomaly detection on said dataset. We evaluated the algorithms performance and proposed a system for generating notifications of possible erratic behavior, based on the analysis of the best performing algorithm. 1
|
|
|
Anomaly Detection in Generated Incident Ticket Volumes
Šurina, Timotej ; Rychlý, Marek (referee) ; Trchalík, Roman (advisor)
Táto bakalárska práca sa zaoberá problematikou detekcie anomálií v časových radoch. Predstavuje metódy STL decomposition, ARIMA, Exponential Smoothing a LSTM Networks. Cieľom je pomocou týchto metód vytvoriť algoritmus, ktorý dokáže analyzovať trend v množstve generovaných záznamov o incidentoch a detekovať anomálie z trendu. Riešenie bolo vytvorené na základe dátovej sady poskytnutej firmou AT&T Global Network Services Czech Republic s.r.o. a implementované v programovacom jazyku Python.
|
|
|
User Behavior Anomaly Detection
Petrovič, Lukáš ; Veselý, Vladimír (referee) ; Pluskal, Jan (advisor)
The aim of this work is to create an application that allows modeling of user behavior and subsequent search for anomalies in this behavior. An application entry is a list of actions the user has executed on his workstation. From this information and from information about the events that occurred on this device the behavioral model for a specific time is created. Subsequently, this model is compared to models in different time periods or with other users' models. From this comparison, we can get additional information about user behavior and also detect anomalous behavior. The information about the anomalies is useful to build security software that prevents valuable data from being stolen (from the corporate enviroment).
|
|
|
Automated Processing of Network Service Logs in Linux
Hodermarsky, Jan ; Jeřábek, Jan (referee) ; Ilgner, Petr (advisor)
This thesis is focused on design and implementation of software for a prophylactic real-time logfile analysis and a consequent threat detection apparent therein. The software is to concentre particularly on network services, respectively, on the log files thereof, on Linux platform. The log files are observed for potential security breach attempts in regard to respective service as defined in the configuration file. The present thesis purports to reach the largest extent of versatility possible for a straightforward configuration of a new service which is to be monitored and protected by the software. An important asset of the work is a web-based interface accessible through HTTP protocol which allows the software to be administered remotely with ease.
|
|
|
Statistical Analysis of Anomalies in Sensor Data
Gregorová, Kateřina ; Čmiel, Vratislav (referee) ; Sekora, Jiří (advisor)
This thesis deals with the failure mode detection of aircraft engines. The main approach to the detection is searching for anomalies in the sensor data. In order to get a comprehensive idea of the system and the particular sensors, the description of the whole system, namely the aircraft engine HTF7000 as well as the description of the sensors, are dealt with at the beginning of the thesis. A proposal of the anomaly detection algorithm based on three different detection methods is discussed in the second chapter. The above-mentioned methods are SVM (Support Vector Machine), K-means a ARIMA (Autoregressive Integrated Moving Average). The implementation of the algorithm including graphical user interface proposal are elaborated on in the next part of the thesis. Finally, statistical analysis of the results,the comparison of efficiency particular models and the discussion of outputs of the proposed algorithm can be found at the end of the thesis.
|
|
|
Data Mining Case Study in Python
Stoika, Anastasiia ; Burgetová, Ivana (referee) ; Zendulka, Jaroslav (advisor)
This thesis focuses on basic concepts and techniques of the process known as knowledge discovery from data. The goal is to demonstrate available resources in Python, which enable to perform the steps of this process. The thesis addresses several methods and techniques focused on detection of unusual observations, based on clustering and classification. It discusses data mining task for data with the limited amount of inspection resources. This inspection activity should be used to detect unusual transactions of sales of some company that may indicate fraud attempts by some of its salespeople.
|
|
|
Deep Neural Networks for Defect Detection
Juřica, Tomáš ; Herout, Adam (referee) ; Hradiš, Michal (advisor)
The goal of this work is to bring automatic defect detection to the manufacturing process of plastic cards. A card is considered defective when it is contaminated with a dust particle or a hair. The main challenges I am facing to accomplish this task are a very few training data samples (214 images), small area of target defects in context of an entire card (average defect area is 0.0068 \% of the card) and also very complex background the detection task is performed on. In order to accomplish the task, I decided to use Mask R-CNN detection algorithm combined with augmentation techniques such as synthetic dataset generation. I trained the model on the synthetic dataset consisting of 20 000 images. This way I was able to create a model performing 0.83 AP at 0.1 IoU on the original data test set.
|
|
|
Anomaly Detection Using Generative Adversarial Networks
Měkota, Ondřej ; Fink, Jiří (advisor) ; Pilát, Martin (referee)
Generative adversarial networks (GANs) are able to capture distribution of its inputs. They are thus used to learn the distribution of normal data and then to detect anoma- lies, even if they are very rare; e.g. Schlegl et al. (2017) proposed an anomaly detection method called AnoGAN. However, a major disadvantage of GANs is instability during training. Therefore, Arjovsky et al. (2017) proposed a new version, called Wasserstein GAN (WGAN). The goal of this work is to propose a model, utilizing WGANs, to detect fraudulent credit card transactions. We develop a new method called AnoWGAN+e, partially based on AnoGAN, and compare it with One Class Support Vector Machines (OC-SVM) (Schöl- kopf et al. (2001)), k-Means ensemble (Porwal et al. (2018)) and other methods. Perfor- mance of studied methods is measured by area under precision-recall curve (AUPRC), and precision at different recall levels on credit card fraud dataset (Pozzolo (2015)). AnoW- GAN+e achieved the highest AUPRC and it is 12% better than the next best method OC-SVM. Furthermore, our model has 20% precision at 80% recall, compared to 8% precision of OC-SVM, and 89% precision at 10% recall as opposed to 79% of k-Means ensemble. 1
|
|
|
Methods for Network Traffic Classification
Jacko, Michal ; Ovšonka, Daniel (referee) ; Barabas, Maroš (advisor)
This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.
|
|
|
Behavioral Analysis of Network Traffic and (D)DoS Attack Detection
Chapčák, David ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
|
guest ::
