Ciencias Exactas y Ciencias de la Salud
Permanent URI for this collectionhttps://hdl.handle.net/11285/551039
Pertenecen a esta colección Tesis y Trabajos de grado de las Maestrías correspondientes a las Escuelas de Ingeniería y Ciencias así como a Medicina y Ciencias de la Salud.
Browse
Search Results
- Enhancing BGP security with MAD anomaly detection system and machine learning techniques(Instituto Tecnológico y de Estudios Superiores de Monterrey, 2024-12) Romo Chavero, María Andrea; Cantoral Ceballos, José Antonio; emipsanchez; Botero Vega, Juan Felipe; Navarro Barrón, Francisco Javier; School of Engineering and Sciences; Campus Monterrey; Pérez Díaz, Jesús ArturoAnomalies in the Border Gateway Protocol (BGP) represent a signicant vulnerability in the Internet’s infrastructure, as they can cause widespread disruptions, trafc misdirection, and even security breaches. Proactive detection of these anomalies is vital to preserving network stability and preventing potential cyberattacks. In response to this challenge, we present the Median Absolute Deviation (MAD) anomaly detection system, which combines traditional statistical methods with advanced machine learning (ML) techniques for more precise and dynamic detection. Our approach introduces a novel adaptive threshold mechanism, allowing the system to adjust based on the changing conditions of network trafc. This dynamic thresholding signif- icantly improves the accuracy, precision, and F1-score of anomaly detection compared to the previous xed-threshold version. Additionally, we integrate the MAD system with a diverse ML classiers, including Random Forest, XGBoost, LightGBM, CatBoost, and ExtraTrees to enhance the system’s ability to identify complex patterns that indicate unusual BGP behavior.We evaluate our detection system on well-documented BGP anomaly events, such as the Slammer worm, Nimda, Code Red 1 v2, the Moscow blackout, and the Telekom Malaysia misconguration. The results show that our system when combined with ML models achieves an overall accuracy and F1-score of 0.99, demonstrating its effectiveness across various anomaly types. By using both statistical and ML models, the system is able to capture irregularities that could signal security threats, offering a more comprehensive detection solution.This research highlights the importance of combining statistical anomaly detection with ML to obtain a balance between accuracy and computational efciency. The system’s low resource requirements and minimal pre-processing make it highly scalable, allowing it to be potentially deployed in real-time on large-scale networks.
- The identification of DoS and DDoS attacks to IoT devices in software defined networks by using machine learning and deep learning models(Instituto Tecnológico y de Estudios Superiores de Monterrey, 2022-05) Almaraz Rivera, Josué Genaro; PEREZ DIAZ, JESUS ARTURO; 31169; Pérez Díaz, Jesús Arturo; puelquio/mscuervo; Trejo Rodríguez, Luis Ángel; Botero Vega, Juan Felipe; School of Engineering and Sciences; Campus Monterrey; Cantoral Ceballos, José AntonioThis thesis project explores and improves the current state of the art about detection techniques for Distributed Denial of Service (DDoS) attacks to Internet of Things (IoT) devices in Software Defined Networks (SDN), which as far as is known, is a big problem that network providers and data centers are still facing. Our planned solution for this problem started with the selection of strong Machine Learning (ML) and Deep Learning (DL) models from the current literature (such as Decision Trees and Recurrent Neural Networks), and their further evaluation under three feature sets from our balanced version of the Bot-IoT dataset, in order to evaluate the effects of different variables and avoid the dependencies produced by the Argus flow data generator. With this evaluation we achieved an average accuracy greater than 99% for binary and multiclass classifications, leveraging the categories and subcategories present in the Bot-IoT dataset, for the detection and identification of DDoS attacks based on Transport (UDP, TCP) and Application layer (HTTP) protocols. To extend the capacity of this Intrusion Detection System (IDS) we did a research stay in Colombia, with Universidad de Antioquia and in collaboration with Aligo (a cybersecurity company from Medellín). There, we created a new dataset based on real normal and attack traffic to physical IoT devices: the LATAM-DDoS-IoT dataset. We conducted binary and multiclass classifications with the DoS and the DDoS versions of this new dataset, getting an average accuracy of 99.967% and 98.872%, respectively. Then, we did two additional experiments combining our balanced version of the Bot-IoT dataset, applying transfer learning and a datasets concatenation, showing the differences between both domains and the generalization level we accomplished. Finally, we deployed our extended IDS (as a functional app built in Java and connected to an own cloud-hosted Python REST API) into a real-time SDN simulated environment, based on the Open Network Operating System (ONOS) controller and Mininet. We got a best accuracy of 94.608%, where 100% of the flows identified as attackers were correctly classified, and 91.406% of the attack flows were detected. This app can be further enhanced with the creation of an Intrusion Prevention System (IPS) as mitigation management strategy to stop the identified attackers.
- An ensemble forecasting framework for time series(Instituto Tecnológico y de Estudios Superiores de Monterrey, 2021-11) Saldaña Rodríguez, Alejandro; REGIS HERNANDEZ, FABIOLA; 331834; Espinoza García, Juan Carlos; emipsanchez; Regis Hernández, Fabiola; Murrieta Cortés, Beatriz; Escuela de Ingenieria y Ciencias; Campus QuerétaroForecasting for businesses is essential and, because small to medium sized enterprises cannot afford to spend the resources on accurate forecasting, the necessity to build step-by-step procedures that aid in this process is vital. Forecasting using machine learning or more complicated models comes with its own sets of challenges as many of them have parameters that are not directly interpreted to the variables. Ensemble Forecasting is a mixture between machine learning and forecasting and it uses many proven mathematical concepts such as the law of large numbers, the Jury theorem, and proven empirical evidence of these models outperforming the single models counterparts. This thesis proposes a new methodology to modernize and include the data analytics part of the cross industry standard process for data mining described in (CRISP-DM) to the time series analysis methodology proposed by George E. Box. The ensemble methods composed of linear combinations and majority-rule voting made better predictions and the new Ensemble Forecast model proposed in this thesis proved to be more accurate and precise than any other model including the other ensembling methods.
