RT Dissertation/Thesis
T1 Applications of data analytics and machine learning tools to the enhanced design of modern communication networks and security applications
A1 Martín Martínez, Ignacio
AB Lately, Artificial Intelligence and Machine Learning (ML) have become game-changingtechnologies due to their ability to generalize from data and infer algorithmic behaviors that consider larger casuistic that humans are able to. In short, these technologies pursue the installation of human-like intelligence to computer tasks so they can overtake different functions. Despite, their implantation and development in many fields is still too early stage, not to mention the requirements and needs they entail.Therefore, the aim of this thesis is to advance in the application of these technologiesand for that we will consider an specific field: The Internet Infrastructure.To this aim, contributions focus on two main specific areas, namely cybersecurityand optical WDM networks.On the security side, we propose a new approach for malware detection and application quality assessment that relies in application meta-information, that is, thedata describing the application (such as description, category, permissions...) insteadof application code. This approach is detailed and validated in two specific applications: ML-based detection of malware and scalable repackaging detectionthrough meta-data semantic clustering.The first application consists on the usage of meta-data as Machine Learningfeatures with a labeled collection of malware applications to detect whether theyare malware or not. Resulting algorithms are capable of detecting malware to agood extent in certain conditions, reaching F-score values of nearly 0.9.Arising from the observations from Machine Learning analysis, Antivirus (AV)engines coming from multi-scanner tools are inspected using data analytics and AItechnologies aiming at the understanding of their lack of consensus at the detectionand categorization levels. The main aim for this study is twofold: advancing on theunderstanding of AV detection patterns and policies and the improvement multienginedetection by proposing different aggregation and cleaning tools.Initially, AV engine detections are inspected, showing that most engines disagreewhen detecting malware to the extent of not completely agreeing in the detection ofa single application. Moreover, different detection patterns are observed, namelyleader, follower and eccentric engines. At the end, an estimation of the risk of malwareper application based on Structural Equation models is proposed.On the family side, we propose a lightweight categorization scheme that achievescomparable scores to other alternatives in the literature at a smaller train cost: SignatureMiner.Using such system, we normalize and categorize AV signatures into 41 distinct families and three broader categories, namely adware, harmful and unknown.Then, an ML classifier to assign and specific category to unknown malwareis proposed with high performance.Another application explored for meta-data is that of repackaging detection. Usingsimilarity clustering, a large collection of unlabeled applications from Google Play are inspected and compared to detect potential repackaged applications and their victims. This approach is capable to unveil nearly 420K applications potentially cloned within the Google Play application market.On the network side, we contribute to the introduction of Machine Learning in the field by proposing an integral pipeline framework that improves the developmentof ML-powered network protocols as enhanced heuristics that emulate optimalsolutions in many areas. Such framework is based on data generation, modelingand validation and network implementation. In this thesis, we focus on the first twosteps by developing proof of concept solutions for both.Dataset generation and data labeling is addressed with Netgen, a versatile networkdata generator based on Net2Plan. Netgen functionality is presented and performanceand abilities demonstrated. Finally, this thesis addresses the modelingof Routing and Wavelength Assignment (RWA) in its ILP version as an ML problem.The assumption is that ML can be useful to develop an ML-powered heuristicfor RWA that performs better than regular heuristics and much faster than ILP andheuristics. Results support the viability of this approach, opening the scheme forother complex network protocols.In sum, this thesis builds different AI-based components to enhance the functionalitiesand capabilities of different elements in the proposed fields, defining systematicapproaches and methodologies to this aim. That way, all works in this documentcontribute to the design and development of the concept of AI as a Service(AIaaS), that proposes a paradigm for the integration of AI technologies over specificknowledge areas with limited expertise in both AI and the specific area.
YR 2019
FD 2019-06
LK https://hdl.handle.net/10016/30758
UL https://hdl.handle.net/10016/30758
LA eng
NO Mención Internacional en el título de doctor
DS e-Archivo
RD 30 jun. 2024