Thèses sur le sujet « AI security »

L'émergence des réseaux de cinquième génération (5G) et des réseaux véhiculaire (V2X) a ouvert une ère de connectivité et de services associés sans précédent. Ces réseaux permettent des interactions fluides entre les véhicules, l'infrastructure, et bien plus encore, en fournissant une gamme de services à travers des tranches de réseau (slices), chacune adaptée aux besoins spécifiques de ceux-ci. Les générations futures sont même censées apporter de nouvelles avancées à ces réseaux. Cependant, ce progrès remarquable les expose à une multitude de menaces en matière de cybersécurité, dont bon nombre sont difficiles à détecter et à atténuer efficacement avec les contre mesures actuelles. Cela souligne la nécessité de mettre en oeuvre de nouveaux mécanismes avancés de détection d'intrusion pour garantir l'intégrité, la confidentialité et la disponibilité des données et des services.Un domaine suscitant un intérêt croissant à la fois dans le monde universitaire qu'industriel est l'Intelligence Artificielle (IA), en particulier son application pour faire face aux menaces en cybersécurité. Notamment, les réseaux neuronaux (RN) ont montré des promesses dans ce contexte, même si les solutions basées sur l'IA sont accompagnées de défis majeurs.Ces défis peuvent être résumés comme des préoccupations concernant l'efficacité et l'efficience. Le premier concerne le besoin des Systèmes de Détection d'Intrusions (SDI) de détecter avec précision les menaces, tandis que le second implique d'atteindre l'efficacité en termes de temps et la détection précoce des menaces.Cette thèse représente l'aboutissement de nos recherches sur l'investigation des défis susmentionnés des SDI basés sur l'IA pour les systemes 5G en général et en particulier 5G-V2X. Nous avons entamé notre recherche en réalisant une revue de la littérature existante. Tout au long de cette thèse, nous explorons l'utilisation des systèmes d'inférence floue (SIF) et des RN, en mettant particulièrement l'accent sur cette derniere technique. Nous avons utilisé des techniques de pointe en apprentissage, notamment l'apprentissage profond (AP), en intégrant des réseaux neuronaux récurrents et des mécanismes d'attention. Ces techniques sont utilisées de manière innovante pour réaliser des progrès significatifs dans la résolution des préoccupations liées à l'amélioration de l'efficacité et de l'efficience des SDI. De plus, nos recherches explorent des défis supplémentaires liés à la confidentialité des données lors de l'utilisation des SDIs basés sur l'AP. Nous y parvenons en exploitant les algorithmes d'apprentissage fédéré (AF) les plus récents<br>The emergence of Fifth Generation (5G) and Vehicle-to-Everything (V2X) networks has ushered in an era of unparalleled connectivity and associated services. These networks facilitate seamless interactions among vehicles, infrastructure, and more, providing a range of services through network slices, each tailored to specific requirements. Future generations are even expected to bring further advancements to these networks. However, this remarkable progress also exposes them to a myriad of security threats, many of which current measures struggle to detect and mitigate effectively. This underscores the need for advanced intrusion detection mechanisms to ensure the integrity, confidentiality, and availability of data and services.One area of increasing interest in both academia and industry spheres is Artificial Intelligence (AI), particularly its application in addressing cybersecurity threats. Notably, neural networks (NNs) have demonstrated promise in this context, although AI-based solutions do come with inherent challenges. These challenges can be summarized as concerns about effectiveness and efficiency. The former pertains to the need for Intrusion Detection Systems (IDSs) to accurately detect threats, while the latter involves achieving time efficiency and early threat detection.This dissertation represents the culmination of our research findings on investigating the aforementioned challenges of AI-based IDSs in 5G systems in general and 5G-V2X in particular. We initiated our investigation by conducting a comprehensive review of the existing literature. Throughout this thesis, we explore the utilization of Fuzzy Inference Systems (FISs) and NNs, with a specific emphasis on the latter. We leveraged state-of-the-art NN learning, referred to as Deep Learning (DL), including the incorporation of recurrent neural networks and attention mechanisms. These techniques are innovatively harnessed to making significant progress in addressing the concerns of enhancing the effectiveness and efficiency of IDSs. Moreover, our research delves into additional challenges related to data privacy when employing DL-based IDSs. We achieve this by leveraging and experimenting state-of-the-art federated learning (FL) algorithms

Le développement technologique a ses avantages et ses inconvénients. Nous pouvons facilement partager et télécharger du contenu numérique en utilisant l’Internet. En outre, les utilisateurs malveillants peuvent aussi modifier, dupliquer et diffuser illégalement tout type d'informations, comme des images et des documents. Par conséquent, nous devons protéger ces contenus et arrêter les pirates. Le but de cette thèse est de protéger les documents PDF et les images en utilisant la technique de tatouage numérique Spread Transform Dither Modulation (STDM), tout en tenant compte des exigences principales de transparence, de robustesse et de sécurité.La méthode de tatouage STDM a un bon niveau de transparence et de robustesse contre les attaques de bruit. La clé principale dans cette méthode de tatouage est le vecteur de projection qui vise à diffuser le message sur un ensemble d'éléments. Cependant, un tel vecteur clé peut être estimée par des utilisateurs non autorisés en utilisant les techniques de séparation BSS (Blind Source Separation). Dans notre première contribution, nous présentons notre méthode de tatouage proposé CAR-STDM (Component Analysis Resistant-STDM), qui garantit la sécurité tout en préservant la transparence et la robustesse contre les attaques de bruit.STDM est également affecté par l'attaque FGA (Fixed Gain Attack). Dans la deuxième contribution, nous présentons notre méthode de tatouage proposé N-STDM qui résiste l'attaque FGA et améliore la robustesse contre l'attaque Additive White Gaussian Noise (AWGN), l'attaque de compression JPEG, et diversité d'attaques de filtrage et géométriques. Les expérimentations ont été menées sur des documents PDF et des images dans le domaine spatial et le domaine fréquentiel.Récemment, l’Apprentissage Profond et les Réseaux de Neurones atteints du développement et d'amélioration notable, en particulier dans le traitement d'image, la segmentation et la classification. Des modèles tels que CNN (Convolutional Neural Network) sont utilisés pour la dé-bruitage des images. CNN a une performance adéquate de dé-bruitage, et il pourrait être nocif pour les images tatouées. Dans la troisième contribution, nous présentons l'effet du FCNN (Fully Convolutional Neural Network), comme une attaque de dé-bruitage, sur les images tatouées. Les méthodes de tatouage STDM et SS (Spread Spectrum) sont utilisés durant les expérimentations pour intégrer les messages dans les images en appliquant plusieurs scénarios. Cette évaluation montre qu'un tel type d'attaque de dé-bruitage préserve la qualité de l'image tout en brisant la robustesse des méthodes de tatouages évalués<br>Technological development has its pros and cons. Nowadays, we can easily share, download, and upload digital content using the Internet. Also, malicious users can illegally change, duplicate, and distribute any kind of information, such as images and documents. Therefore, we should protect such contents and arrest the perpetrator. The goal of this thesis is to protect PDF documents and images using the Spread Transform Dither Modulation (STDM), as a digital watermarking technique, while taking into consideration the main requirements of transparency, robustness, and security. STDM watermarking scheme achieved a good level of transparency and robustness against noise attacks. The key to this scheme is the projection vector that aims to spreads the embedded message over a set of cover elements. However, such a key vector can be estimated by unauthorized users using the Blind Source Separation (BSS) techniques. In our first contribution, we present our proposed CAR-STDM (Component Analysis Resistant-STDM) watermarking scheme, which guarantees security while preserving the transparency and robustness against noise attacks. STDM is also affected by the Fixed Gain Attack (FGA). In the second contribution, we present our proposed N-STDM watermarking scheme that resists the FGA attack and enhances the robustness against the Additive White Gaussian Noise (AWGN) attack, JPEG compression attack, and variety of filtering and geometric attacks. Experimentations have been conducted distinctly on PDF documents and images in the spatial domain and frequency domain. Recently, Deep Learning and Neural Networks achieved noticeable development and improvement, especially in image processing, segmentation, and classification. Diverse models such as Convolutional Neural Network (CNN) are exploited for modeling image priors for denoising. CNN has a suitable denoising performance, and it could be harmful to watermarked images. In the third contribution, we present the effect of a Fully Convolutional Neural Network (FCNN), as a denoising attack, on watermarked images. STDM and Spread Spectrum (SS) are used as watermarking schemes to embed the watermarks in the images using several scenarios. This evaluation shows that such type of denoising attack preserves the image quality while breaking the robustness of all evaluated watermarked schemes

I dagens samhälle går den tekniska utvecklingen fort framåt. Artificiell intelligens och Internet of Things är två tekniker inom utvecklingen vars popularitet har ökat på senare tid. Dessa tekniker i integration har visat sig kunna bidra med stora verksamhetsnyttor, bland annat i form av ökad precishet vad gäller analyser, bättre kundvärde och effektivisering av ”downtime”. Med ny teknik kommer även utmaningar. I takt med att teknologierna ständigt växer uppstår frågor kring säkerhet och etik och hur detta ska hanteras. Målet med denna studien var att ta reda på hur experter värderar etiska frågor när artificiell intelligens används i kombination med Internet of Things-enheter. Vi fokuserade på följande forskningsfråga för att nå vårt mål: Hur värderas frågor om etik när artificiell intelligens används i kombination med Internet of Things? Resultatet vi kom fram till visar att både forskare och näringslivet värderar de etiska aspekterna högt. Studien visar även att de ansåg att teknikerna kan vara lösningen till många samhällsproblem men att etiken bör vara ett ämne som löpande bör diskuteras.<br>In today's society, technological developments are moving fast. Artificial intelligence and the Internet of Things are two technologies within the development whose popularity has increased in recent years. These technologies in integration have proven to be able to contribute with major business benefits, including in the form of increased precision with regard to analyzes, better customer value and efficiency of downtime. New technology also presents challenges. As the technologies are constantly growing, issues arise regarding safety and ethics and how this should be managed. The aim of this study is to find out how experts value ethical issues when using artificial intelligence in combination with the Internet of Things devices. We focused on the following research question to reach our goal: How are ethical issues evaluated when using artificial intelligence in combination with the Internet of Things? The result we found shows that both researchers and the business world value the ethical aspects highly. The study also shows that they considered the techniques to be the solution to many societal problems, but that ethics should be a topic that should be discussed on an ongoing basis.

Cognitive Radio (CR) is a paradigm shift in wireless communications to resolve the spectrum scarcity issue with the ability to self-organize, self-plan and self-regulate. On the other hand, wireless devices that can learn from their environment can also be taught things by malicious elements of their environment, and hence, malicious attacks are a great concern in the CR, especially for physical layer security. This thesis introduces a data-driven Self-Awareness (SA) module in CR that can support the system to establish secure networks against various attacks from malicious users. Such users can manipulate the radio spectrum to make the CR learn wrong behaviours and take mistaken actions. The SA module consists of several functionalities that allow the radio to learn a hierarchical representation of the environment and grow its long-term memory incrementally. Therefore, this novel SA module is a way forward towards realizing the original vision of CR (i.e. Mitola's Radio) and AI-enabled radios. This thesis starts with a basic SA module implemented in two applications, namely the CR-based IoT and CR-based mmWave. The two applications differ in the data dimensionality (high and low) and the PHY-layer level at which the SA module is implemented. Choosing an appropriate learning algorithm for each application is crucial to achieving good performance. To this purpose, several generative models such as Generative Adversarial Networks, Variational AutoEncoders and Dynamic Bayesian Networks, and unsupervised machine learning algorithms such as Self Organizing Maps Growing Neural Gas with different configurations are proposed, and their performances are analysed. In addition, we studied the integration of CR and UAVs from the physical layer security perspective. It is shown how the acquired knowledge from previous experience within the Bayesian Filtering facilitates the radio spectrum perception and allows the UAV to detect any jamming attacks immediately. Moreover, exploiting the generalized errors during abnormal situations permits characterizing and identifying the jammer at multiple levels and learning a dynamic model that embeds its dynamic behaviour. Besides, a proactive consequence can be drawn after estimating the jammer's signal to act efficiently by mitigating its effects on the received stimuli or by designing an efficient resource allocation for anti-jamming using Active Inference. Experimental results show that introducing the novel SA functionalities provides the high accuracy of characterizing, detecting, classifying and predicting the jammer's activities and outperforms conventional detection methods such as Energy detectors and advanced classification methods such as Long Short-Term Memory (LSTM), Convolutional Neural Network (CNN) and Stacked Autoencoder (SAE). It also verifies that the proposed approach achieves a higher degree of explainability than deep learning techniques and verifies the capability to learn an efficient strategy to avoid future attacks with higher convergence speed compared to conventional Frequency Hopping and Q-learning.

<p>It is believed that many of the mechanisms present in the biological immune system are well suited for adoption to the field of computer intrusion detection, in the form of artificial immune systems. In this report mechanisms in the biological immune system are introduced, their parallels in artificial immune systems are presented, and how they may be applied to intrusion detection in a computer environment is discussed. An artificial immune system is designed, implemented and applied to detect intrusive behavior in real network data in a simulated network environment. The effect of costimulation and clonal proliferation combined with somatic hypermutation to perform affinity maturation of detectors in the artificial immune system is explored through experiments. An exact expression for the probability of a match between two randomly chosen strings using the r-contiguous matching rule is developed. The use of affinity maturation makes it possible to perform anomaly detection by using smaller sets of detectors with a high level of specificity while maintaining a high level of cover and diversity, which increases the number of true positives, while keeping a low level of false negatives.</p>

Recently, Cognitive Radio (CR) has been intended as an intelligent radio endowed with cognition which can be developed by implementing Artificial Intelligence (AI) techniques. Specifically, data-driven Self-Awareness (SA) functionalities, such as detection of spectrum abnormalities, can be effectively implemented as shown by the proposed research. One important application is PHY-layer security since it is essential to establish secure wireless communications against external jamming attacks. In this framework, signals are non-stationary and features from such kind of dynamic spectrum, with multiple high sampling rate signals, are then extracted through the Stockwell Transform (ST) with dual-resolution which has been proposed and validated in this work as part of spectrum sensing techniques. Afterwards, analysis of the state-of-the-art about learning dynamic models from observed features describes theoretical aspects of Machine Learning (ML). In particular, following the recent advances of ML, learning deep generative models with several layers of non-linear processing has been selected as AI method for the proposed spectrum abnormality detection in CR for a brain-inspired, data-driven SA. In the proposed approach, the features extracted from the ST representation of the wideband spectrum are organized in a high-dimensional generalized state vector and, then, a generative model is learned and employed to detect any deviation from normal situations in the analysed spectrum (abnormal signals or behaviours). Specifically, conditional GAN (C-GAN), auxiliary classifier GAN (AC-GAN), and deep VAE have been considered as deep generative models. A dataset of a dynamic spectrum with multi-OFDM signals has been generated by using the National Instruments mm-Wave Transceiver which operates at 28 GHz (central carrier frequency) with 800 MHz frequency range. Training of the deep generative model is performed on the generalized state vector representing the mmWave spectrum with normality pattern without any malicious activity. Testing is based on new and independent data samples corresponding to abnormality pattern where the moving signal follows a different behaviour which has not been observed during training. An abnormality indicator is measured and used for the binary classification (normality hypothesis otherwise abnormality hypothesis), while the performance of the generative models is evaluated and compared through ROC curves and accuracy metrics.

Mobile Crowdsensing (MCS) has emerged as a ubiquitous solution for data collection from embedded sensors of the smart devices to improve the sensing capacity and reduce the sensing costs in large regions. Due to the ubiquitous nature of MCS, smart devices require cyber protection against adversaries that are becoming smarter with the objective of clogging the resources and spreading misinformation in such a non-dedicated sensing environment. In an MCS setting, one of the various adversary types has the primary goal of keeping participant devices occupied by submitting fake/illegitimate sensing tasks so as to clog the participant resources such as the battery, sensing, storage, and computing. With this in mind, this thesis proposes a systematical study of fake task injection in MCS, including modeling, detection, and mitigation of such resource clogging attacks. We introduce modeling of fake task attacks in MCS intending to clog the server and drain battery energy from mobile devices. We creatively grant mobility to the tasks for more extensive coverage of potential participants and propose two take movement patterns, namely Zone-free Movement (ZFM) model and Zone-limited Movement (ZLM) model. Based on the attack model and task movement patterns, we design task features and create structured simulation settings that can be modified to adapt different research scenarios and research purposes. Since the development of a secure sensing campaign highly depends on the existence of a realistic adversarial model. With this in mind, we apply the self-organizing feature map (SOFM) to maximize the number of impacted participants and recruits according to the user movement pattern of these cities. Our simulation results verify the magnified effect of SOFM-based fake task injection comparing with randomly selected attack regions in terms of more affected recruits and participants, and increased energy consumption in the recruited devices due to the illegitimate task submission. For the sake of a secure MCS platform, we introduce Machine Learning (ML) methods into the MCS server to detect and eliminate the fake tasks, making sure the tasks arrived at the user side are legitimate tasks. In our work, two machine learning algorithms, Random Forest and Gradient Boosting are adopted to train the system to predict the legitimacy of a task, and Gradient Boosting is proven to be a more promising algorithm. We have validated the feasibility of ML in differentiating the legitimacy of tasks in terms of precision, recall, and F1 score. By comparing the energy-consuming, effected recruits, and impacted candidates with and without ML, we convince the efficiency of applying ML to mitigate the effect of fake task injection.

Cognitive Radio Internet of Things (CR-IoT) has revolutionized almost every field of life and reshaped the technological world. Several tiny devices are seamlessly connected in a CR-IoT network to perform various tasks in many applications. Nevertheless, CR-IoT surfers from malicious attacks that pulverize communication and perturb network performance. Therefore, recently it is envisaged to introduce higher-level Artificial Intelligence (AI) by incorporating Self-Awareness (SA) capabilities into CR-IoT objects to facilitate CR-IoT networks to establish secure transmission against vicious attacks autonomously. In this context, sub-band information from the Orthogonal Frequency Division Multiplexing (OFDM) modulated transmission in the spectrum has been extracted from the radio device receiver terminal, and a generalized state vector (GS) is formed containing low dimension in-phase and quadrature components. Accordingly, a probabilistic method based on learning a switching Dynamic Bayesian Network (DBN) from OFDM transmission with no abnormalities has been proposed to statistically model signal behaviors inside the CR-IoT spectrum. A Bayesian filter, Markov Jump Particle Filter (MJPF), is implemented to perform state estimation and capture malicious attacks. Subsequently, GS containing a higher number of subcarriers has been investigated. In this connection, Variational autoencoders (VAE) is used as a deep learning technique to extract features from high dimension radio signals into low dimension latent space z, and DBN is learned based on GS containing latent space data. Afterward, to perform state estimation and capture abnormalities in a spectrum, Adapted-Markov Jump Particle Filter (A-MJPF) is deployed. The proposed method can capture anomaly that appears due to either jammer attacks in transmission or cognitive devices in a network experiencing different transmission sources that have not been observed previously. The performance is assessed using the receiver operating characteristic (ROC) curves and the area under the curve (AUC) metrics.

Il sistema Penitenziario Italiano è attualmente interessato da profondi mutamenti organizzativi che riguardano, in particolar modo, le modalità operative del personale di polizia penitenziaria. L’introduzione della sorveglianza dinamica in carcere ha rappresentato un importante cambiamento organizzativo capace di ridefinire gli spazi, i tempi e le modalità di interazione all’interno delle sezioni detentive. Quest’ ultima fa riferimento ad una modalità operativa incentrata non più sul controllo statico della persona detenuta, ma piuttosto sulla conoscenza e l’osservazione della stessa. Nella mente dei suoi ideatori, essa rappresenta non solo un nuovo modo di “fare” sorveglianza, ma anche e soprattutto “un nuovo modo d’essere lavorativo ed organizzativo” (de Pascalis 2013) che chiama direttamente in causa le competenze dei professionisti della sorveglianza. Questi ultimi, nel quotidiano esercizio dell’autorità nei confronti della popolazione detenuta, si interfacciano dunque con un contesto in continua trasformazione. Per tali motivi, l’ attuazione nelle sezioni detentive di questa nuova modalità operativa solleva una serie di interrogativi, soprattutto rispetto all’ influenza che essa può esercitare sulla quotidianità degli individui detenuti e del personale che opera a stretto contatto con gli stessi, ovvero, gli agenti penitenziari. La presente ricerca ha preso avvio proprio dalla constatazione dell’importanza di questo cambiamento organizzativo, e dell’influenza che lo stesso può esercitare sulle modalità attraverso cui gli agenti penitenziari concepiscono il proprio ruolo e svolgono i propri doveri professionali all’interno delle sezioni detentive. Più precisamente, la ricerca è guidata dall’intento di comprendere come si evolve la percezione dell’ identità di ruolo dei poliziotti penitenziari entro un quadro istituzionale in profondo mutamento. Questo elaborato porta quindi alla luce la dimensione identitaria del mestiere degli agenti penitenziari entro un contesto che si è definito “liminale” poiché strutturato attorno alla coesistenza di fini istituzionali sostanzialmente antitetici. Non è infatti possibile comprendere le risposte ad un cambiamento organizzativo, né tanto meno l’impatto di questo sul benessere del personale, senza prendere in considerazione come gli agenti concepiscono la propria identità di ruolo e in quali condizioni e attraverso quali dinamiche tale concezione si sviluppa. Questa ricerca permette dunque di evidenziare le condizioni che possono facilitare la transizione al nuovo modello operativo e incrementare il benessere del personale di polizia penitenziaria in relazione ad esso.<br>The Italian prison system is affected by deep organisational changes which affect the work of prison officers. The implementation of the so called “dynamic security” within detention wings is likely to redefine the interaction patterns between the staff and offenders. The “dynamic security” is regarded as an innovative surveillance procedure which relies on the observation and the knowledge of the offenders, rather than on their physical control. According to policy makers, the “dynamic security” is not just an innovative way of ensuring security, but it should also represent a “new way of being” of prison officers (de Pascalis 2013). The implementation of this organisational change raises questions regarding its influence on the daily life of offenders and prison guards and their interaction within a changing environment. This research focuses on the influence of the implementation of the “dynamic security” on prison officers role identity. It aims to shed light on the identity related dimension of the prison work within a context that I defined as “liminal” by virtue of the coexistence of two antithetical institutional objectives, that is to say, rehabilitation and reclusion. Indeed, responses to organizational changes cannot be understood and interpreted without taking into consideration the dynamics and processes of identification in the role of prison officer. This research will highlight the conditions which can facilitate the transition to new work practices and foster prison officer wellbeing, through the analysis of the processes of identification within the changing environment of prison.

Avec les avancées technologiques apportées par les réseaux 5G, une nouvelle ère de communications de Vehicle-to-Everything (V2X) est apparue, offrant des applications nouvelles et avancées en matière de sécurité, d'efficacité et d'autres expériences de conduite dans les systèmes de transport intelligents (ITS). Cependant, les nouvelles fonctionnalités s'accompagnent de nouveaux défis en matière de sécurité, en particulier dans le domaine des communications Vehicle-to-Network (V2N).Cette thèse se concentre sur l'application des systèmes de misbehavior detection dans les communications V2X au sein des réseaux 5G. Tout d'abord, nous présentons un nouveau système de misbehavior detection, intégré au réseau central 5G pour détecter et prévenir les attaques V2X. Ensuite, nous proposons un schéma de collaboration entre les nœuds de détection afin d'améliorer les résultats de la détection dans les réseaux 5G edge. Enfin, nous proposons d'utiliser le Federated Learning pour permettre un entraînement distribué et nous évaluons les performances sur une grande variété d'attaques V2X<br>The introduction of 5G networks has brought significant technical improvements; a new era of Vehicle-to-Everything (V2X) communications has emerged, offering new and advanced safety, efficiency, and other driving experience applications in the Intelligent Transport Systems (ITS). However, with new features come new security challenges, especially in the realm of Vehicle-to-Network (V2N) communications.This thesis focuses on the application of misbehavior detection in V2X communications within 5G networks. First, we introduce a novel misbehavior detection system integrated with 5G core (5GC) network to detect and prevent V2X attacks. Then, we propose a collaboration scheme between detection nodes to improve detection results in 5G edge networks. Last, we leverage Federated Learning to enable distributed training, and we assess the performance on a wide variety of V2X attacks

La liste des appareils connectés (ou IoT) s’allonge avec le temps, de même que leur vulnérabilité face aux attaques ciblées provenant du réseau ou de l’accès physique, communément appelées attaques Cyber Physique (CPS). Alors que les capteurs visant à détecter les attaques, et les techniques d’obscurcissement existent pour contrecarrer et améliorer la sécurité, il est possible de contourner ces contre-mesures avec des équipements et des méthodologies d’attaque sophistiqués, comme le montre la littérature récente. De plus, la conception des systèmes intégrés est soumise aux contraintes de complexité et évolutivité, ce qui rend difficile l’adjonction d’un mécanisme de détection complexe contre les attaques CPS. Une solution pour améliorer la sécurité est d’utiliser l’Intelligence Artificielle (IA) (au niveau logiciel et matériel) pour surveiller le comportement des données en interne à partir de divers capteurs. L’approche IA permettrait d’analyser le comportement général du système à l’aide des capteurs , afin de détecter toute activité aberrante, et de proposer une réaction appropriée en cas d’attaque. L’intelligence artificielle dans le domaine de la sécurité matérielle n’est pas encore très utilisée en raison du comportement probabiliste. Ce travail vise à établir une preuve de concept visant à montrer l’efficacité de l’IA en matière de sécurité.Une partie de l’étude consiste à comparer et choisir différentes techniques d’apprentissage automatique (Machine Learning ML) et leurs cas d’utilisation dans la sécurité matérielle. Plusieurs études de cas seront considérées pour analyser finement l’intérêt et de l’ IA sur les systèmes intégrés. Les applications seront notamment l’utilisation des PUF (Physically Unclonable Function), la fusion de capteurs, les attaques par canal caché (SCA), la détection de chevaux de Troie, l’intégrité du flux de contrôle, etc<br>The list of connected devices (or IoT) is growing longer with time and so is the intense vulnerability to security of the devices against targeted attacks originating from network or physical penetration, popularly known as Cyber Physical Security (CPS) attacks. While security sensors and obfuscation techniques exist to counteract and enhance security, it is possible to fool these classical security countermeasures with sophisticated attack equipment and methodologies as shown in recent literature. Additionally, end node embedded systems design is bound by area and is required to be scalable, thus, making it difficult to adjoin complex sensing mechanism against cyberphysical attacks. The solution may lie in Artificial Intelligence (AI) security core (soft or hard) to monitor data behaviour internally from various components. Additionally the AI core can monitor the overall device behaviour, including attached sensors, to detect any outlier activity and provide a smart sensing approach to attacks. AI in hardware security domain is still not widely acceptable due to the probabilistic behaviour of the advanced deep learning techniques, there have been works showing practical implementations for the same. This work is targeted to establish a proof of concept and build trust of AI in security by detailed analysis of different Machine Learning (ML) techniques and their use cases in hardware security followed by a series of case studies to provide practical framework and guidelines to use AI in various embedded security fronts. Applications can be in PUFpredictability assessment, sensor fusion, Side Channel Attacks (SCA), Hardware Trojan detection, Control flow integrity, Adversarial AI, etc

In the development of advanced driver assistance systems, computer vision problemsneed to be optimized to run efficiently on embedded platforms. Convolutional neural network(CNN) accelerators have proven to be very efficient for embedded camera platforms,such as the ones used for automotive vision systems. Therefore, the focus of this thesisis to evaluate the efficiency of a CNN on a future embedded heterogeneous processingdevice. The memory size in an embedded system is often very limited, and it is necessary todivide the input into multiple tiles. In addition, there are power and speed constraintsthat needs to be met to be able to use a computer vision system in a car. To increaseefficiency and optimize the memory usage, different methods for CNN layer fusion areproposed and evaluated for a variety of tile sizes. Several different layer fusion methods and input tile sizes are chosen as optimal solutions,depending on the depth of the layers in the CNN. The solutions investigated inthe thesis are most efficient for deep CNN layers, where the number of channels is high.

Au cours de la dernière décennie, l'apprentissage profond a été à l'origine de percées dans de nombreux domaines différents, tels que le traitement du langage naturel, la vision par ordinateur et la reconnaissance vocale. Cependant, il est désormais connu que les modèles basés sur l'apprentissage profond sont extrêmement sensibles aux perturbations, en particulier lorsque la perturbation est bien conçue et générée par un agent malveillant. Cette faiblesse des réseaux neuronaux profonds tend à empêcher leur utilisation dans des applications critiques, où des informations sensibles sont disponibles, ou lorsque le système interagit directement avec la vie quotidienne des gens. Dans cette thèse, nous nous concentrons sur la protection des réseaux neuronaux profonds contre les agents malveillants de deux manières principales. La première méthode vise à protéger un modèle des attaques en augmentant sa robustesse, c'est-à-dire la capacité du modèle à prédire la bonne classe même en cas d'attaques. Nous observons que la sortie d'un réseau neuronal profond forme une variété statistique et que la décision est prise sur cette variété. Nous exploitons cette connaissance en utilisant la mesure de Fisher-Rao, qui calcule la distance géodésique entre deux distributions de probabilité sur la variété statistique auquel elles appartiennent. Nous utilisons la mesure de Fisher-Rao pour régulariser la fonction coût utilisée lors de l'apprentissage et augmenter la robustesse du modèle. Nous adaptons ensuite cette méthode à une autre application critique : les réseaux intelligents (Smart Grids), qui, en raison de divers besoins de la surveillance et de service, reposent sur des composants cybernétiques, tels qu'un estimateur d'état, ce qui les rend sensibles aux attaques. Nous construisons donc des estimateurs d'état robustes en utilisant des autoencodeurs variationnels et l'extension de notre méthode proposée au cas de la régression. La deuxième méthode sur laquelle nous nous concentrons et qui vise à protéger les modèles basés sur l'apprentissage profond est la détection d'échantillons adverses. En ajoutant un détecteur au modèle, il est possible d'augmenter la fiabilité des décisions prises par les réseaux neuronaux profonds. De multiples méthodes de détection sont disponibles aujourd'hui, mais elles reposent souvent sur un entraînement lourd et des heuristiques ad-hoc. Dans notre travail, nous utilisons des outils statistiques simples appelés les profondeurs de données (data-depth) pour construire des méthodes de détection efficaces supervisées (c'est-à-dire que les attaques sont fournies pendant l'entraînement du détecteur) et non supervisées (c'est-à-dire que l'entraînement ne peut s'appuyer que sur des échantillons propres)<br>Over the last decade, Deep Learning has been the source of breakthroughs in many different fields, such as Natural Language Processing, Computer Vision, and Speech Recognition. However, Deep Learning-based models have now been recognized to be extremely sensitive to perturbations, especially when the perturbation is well-designed and generated by a malicious agent. This weakness of Deep Neural Networks tends to prevent their use in critical applications, where sensitive information is available, or when the system interacts directly with people's everyday life. In this thesis, we focus on protecting Deep Neural Networks against malicious agents in two main ways. The first method aims at protecting a model from attacks by increasing its robustness, i.e., the ability of the model to predict the right class even under threats. We observe that the output of a Deep Neural Network forms a statistical manifold and that the decision is taken on this manifold. We leverage this knowledge by using the Fisher-Rao measure, which computes the geodesic distance between two probability distributions on the statistical manifold to which they belong. We exploit the Fisher-Rao measure to regularize the training loss to increase the model robustness. We then adapt this method to another critical application: the Smart Grids, which, due to monitoring and various service needs, rely on cyber components, such as a state estimator, making them sensitive to attacks. We, therefore, build robust state estimators using Variational AutoEncoders and the extension of our proposed method to the regression case. The second method we focus on that intends to protect Deep-Learning-based models is the detection of adversarial samples. By augmenting the model with a detector, it is possible to increase the reliability of decisions made by Deep Neural Networks. Multiple detection methods are available nowadays but often rely on heavy training and ad-hoc heuristics. In our work, we make use of a simple statistical tool called the data-depth to build efficient supervised (i.e., attacks are provided during training) and unsupervised (i.e., training can only rely on clean samples) detection methods

Artificial intelligence tools, which are fast, robust and adaptive can overcome the drawbacks of traditional solutions for several power systems problems. In this work, applications of AI techniques have been studied for solving two important problems in power systems. The first problem is static security evaluation (SSE). The objective of SSE is to identify the contingencies in planning and operations of power systems. Numerical conventional solutions are time-consuming, computationally expensive, and are not suitable for online applications. SSE may be considered as a binary-classification, multi-classification or regression problem. In this work, multi-support vector machine is combined with several evolutionary computation algorithms, including particle swarm optimization (PSO), differential evolution, Ant colony optimization for the continuous domain, and harmony search techniques to solve the SSE. Moreover, support vector regression is combined with modified PSO with a proposed modification on the inertia weight in order to solve the SSE. Also, the correct accuracy of classification, the speed of training, and the final cost of using power equipment heavily depend on the selected input features. In this dissertation, multi-object PSO has been used to solve this problem. Furthermore, a multi-classifier voting scheme is proposed to get the final test output. The classifiers participating in the voting scheme include multi-SVM with different types of kernels and random forests with an adaptive number of trees. In short, the development and performance of different machine learning tools combined with evolutionary computation techniques have been studied to solve the online SSE. The performance of the proposed techniques is tested on several benchmark systems, namely the IEEE 9-bus, 14-bus, 39-bus, 57-bus, 118-bus, and 300-bus power systems. The second problem is the non-convex, nonlinear, and non-differentiable economic dispatch (ED) problem. The purpose of solving the ED is to improve the cost-effectiveness of power generation. To solve ED with multi-fuel options, prohibited operating zones, valve point effect, and transmission line losses, genetic algorithm (GA) variant-based methods, such as breeder GA, fast navigating GA, twin removal GA, kite GA, and United GA are used. The IEEE systems with 6-units, 10-units, and 15-units are used to study the efficiency of the algorithms.

La tesi descrive i risultati dell’attività di ricerca e sviluppo di nuove tecnologie basate su tecniche di intelligenza artificiale, capaci di raggiungere un’interazione empatica e una connessione emotiva tra l’uomo e “le macchine” così da migliorare il comfort e la sicurezza a bordo di uno yacht. Tale interazione è ottenuta grazie al riconoscimento di emozioni e comportamenti e alla successiva attivazione di tutti quegli apparati multimediali presenti nell’ambiente a bordo, che si adattano al mood del soggetto all’interno della stanza. Il sistema prototipale sviluppato durante i tre anni di dottorato è oggi in grado di gestire i contenuti multimediali (ad es. brani musicali, video riprodotti nei LED screen) e scenari di luce, basati sull'emozione dell'utente, riconosciute dalle espressioni facciali riprese da una qualsiasi fotocamera installata all’interno dello spazio. Per poter rendere l’interazione adattativa, il sistema sviluppato implementa algoritmi di Deep Learning per riconoscere l’identità degli utenti a bordo (riconoscimento facciale), il grado di attenzione del comandante (Gaze Detection e Drowsiness) e gli oggetti con cui egli interagisce (telefono, auricolari, ecc.). Tali informazioni vengono processate all’interno del sistema per identificare eventuali situazioni di rischio per la sicurezza delle persone presenti a bordo e per controllare l’intero ambiente. L’applicazione di queste tecnologie, in questo settore sempre aperto all’introduzione delle ultime innovazioni a bordo, apre a diverse sfide di ricerca.<br>The thesis describes the results of the research and development of new technologies based on artificial intelligence techniques, able to achieve an empathic interaction and an emotional connection between man and "the machines" in order to improve comfort and safety on board of yachts. This interaction is achieved through the recognition of emotions and behaviors and the following activation of all those multimedia devices available in the environment on board, which are adapted to the mood of the subject inside the room. The prototype system developed during the three years of PhD is now able to manage multimedia content (e.g. music tracks, videos played on LED screens) and light scenarios, based on the user's emotion, recognized by facial expressions taken from any camera installed inside the space. In order to make the interaction adaptive, the developed system implements Deep Learning algorithms to recognize the identity of the users on board (Facial Recognition), the degree of attention of the commander (Gaze Detection and Drowsiness) and the objects with which he interacts (phone, earphones, etc.). This information is processed within the system to identify any situations of risk to the safety of people on board and to monitor the entire environment. The application of these technologies, in this domain that is always open to the introduction of the latest innovations on board, opens up several research challenges.

À mesure que les modèles d'apprentissage automatique (ML) sont de plus en plus intégrés dans un large éventail d'applications, il devient plus important que jamais de garantir la confidentialité des données des individus. Cependant, les techniques actuelles entraînent souvent une perte d'utilité et peuvent affecter des facteurs comme l'équité et l'interprétabilité. Cette thèse vise à approfondir la compréhension des compromis dans trois techniques de ML respectueuses de la vie privée : la confidentialité différentielle, les défenses empiriques, et l'apprentissage fédéré, et à proposer des méthodes qui améliorent leur efficacité tout en maintenant la protection de la vie privée. La première étude examine l'impact de la confidentialité différentielle sur l'équité entre les groupes définis par des attributs sensibles. Alors que certaines hypothèses précédentes suggéraient que la confidentialité différentielle pourrait exacerber l'injustice dans les modèles ML, nos expériences montrent que la sélection d'une architecture de modèle optimale et le réglage des hyperparamètres pour DP-SGD (Descente de Gradient Stochastique Différentiellement Privée) peuvent atténuer les disparités d'équité. En utilisant des ensembles de données standards dans la littérature sur l'équité du ML, nous montrons que les disparités entre les groupes pour les métriques telles que la parité démographique, l'égalité des chances et la parité prédictive sont souvent réduites ou négligeables par rapport aux modèles non privés. La deuxième étude se concentre sur les défenses empiriques de la vie privée, qui visent à protéger les données d'entraînement tout en minimisant la perte d'utilité. La plupart des défenses existantes supposent l'accès à des données de référence — un ensemble de données supplémentaire provenant de la même distribution (ou similaire) que les données d'entraînement. Cependant, les travaux antérieurs n'ont que rarement évalué les risques de confidentialité associés aux données de référence. Pour y remédier, nous avons réalisé la première analyse complète de la confidentialité des données de référence dans les défenses empiriques. Nous avons proposé une méthode de défense de référence, la minimisation du risque empirique pondéré (WERM), qui permet de mieux comprendre les compromis entre l'utilité du modèle, la confidentialité des données d'entraînement et celle des données de référence. En plus d'offrir des garanties théoriques, WERM surpasse régulièrement les défenses empiriques de pointe dans presque tous les régimes de confidentialité relatifs. La troisième étude aborde les compromis liés à la convergence dans les systèmes d'inférence collaborative (CIS), de plus en plus utilisés dans l'Internet des objets (IoT) pour permettre aux nœuds plus petits de décharger une partie de leurs tâches d'inférence vers des nœuds plus puissants. Alors que l'apprentissage fédéré (FL) est souvent utilisé pour entraîner conjointement les modèles dans ces systèmes, les méthodes traditionnelles ont négligé la dynamique opérationnelle, comme l'hétérogénéité des taux de service entre les nœuds. Nous proposons une approche FL novatrice, spécialement conçue pour les CIS, qui prend en compte les taux de service variables et la disponibilité inégale des données. Notre cadre offre des garanties théoriques et surpasse systématiquement les algorithmes de pointe, en particulier dans les scénarios où les appareils finaux gèrent des taux de requêtes d'inférence élevés. En conclusion, cette thèse contribue à l'amélioration des techniques de ML respectueuses de la vie privée en analysant les compromis entre confidentialité, utilité et autres facteurs. Les méthodes proposées offrent des solutions pratiques pour intégrer ces techniques dans des applications réelles, en assurant une meilleure protection des données personnelles<br>As machine learning (ML) models are increasingly integrated into a wide range of applications, ensuring the privacy of individuals' data is becoming more important than ever. However, privacy-preserving ML techniques often result in reduced task-specific utility and may negatively impact other essential factors like fairness, robustness, and interpretability. These challenges have limited the widespread adoption of privacy-preserving methods. This thesis aims to address these challenges through two primary goals: (1) to deepen the understanding of key trade-offs in three privacy-preserving ML techniques—differential privacy, empirical privacy defenses, and federated learning; (2) to propose novel methods and algorithms that improve utility and effectiveness while maintaining privacy protections. The first study in this thesis investigates how differential privacy impacts fairness across groups defined by sensitive attributes. While previous assumptions suggested that differential privacy could exacerbate unfairness in ML models, our experiments demonstrate that selecting an optimal model architecture and tuning hyperparameters for DP-SGD (Differentially Private Stochastic Gradient Descent) can mitigate fairness disparities. Using standard ML fairness datasets, we show that group disparities in metrics like demographic parity, equalized odds, and predictive parity are often reduced or remain negligible when compared to non-private baselines, challenging the prevailing notion that differential privacy worsens fairness for underrepresented groups. The second study focuses on empirical privacy defenses, which aim to protect training data privacy while minimizing utility loss. Most existing defenses assume access to reference data---an additional dataset from the same or a similar distribution as the training data. However, previous works have largely neglected to evaluate the privacy risks associated with reference data. To address this, we conducted the first comprehensive analysis of reference data privacy in empirical defenses. We proposed a baseline defense method, Weighted Empirical Risk Minimization (WERM), which allows for a clearer understanding of the trade-offs between model utility, training data privacy, and reference data privacy. In addition to offering theoretical guarantees on model utility and the relative privacy of training and reference data, WERM consistently outperforms state-of-the-art empirical privacy defenses in nearly all relative privacy regimes.The third study addresses the convergence-related trade-offs in Collaborative Inference Systems (CISs), which are increasingly used in the Internet of Things (IoT) to enable smaller nodes in a network to offload part of their inference tasks to more powerful nodes. While Federated Learning (FL) is often used to jointly train models within CISs, traditional methods have overlooked the operational dynamics of these systems, such as heterogeneity in serving rates across nodes. We propose a novel FL approach explicitly designed for CISs, which accounts for varying serving rates and uneven data availability. Our framework provides theoretical guarantees and consistently outperforms state-of-the-art algorithms, particularly in scenarios where end devices handle high inference request rates.In conclusion, this thesis advances the field of privacy-preserving ML by addressing key trade-offs in differential privacy, empirical privacy defenses, and federated learning. The proposed methods provide new insights into balancing privacy with utility and other critical factors, offering practical solutions for integrating privacy-preserving techniques into real-world applications. These contributions aim to support the responsible and ethical deployment of AI technologies that prioritize data privacy and protection

V dnešním světě je neustále se zvyšující poptávka po spolehlivých automatizovaných mechanismech pro detekci a lokalizaci osob pro různé účely -- od analýzy pohybu návštěvníků v muzeích přes ovládání chytrých domovů až po hlídání nebezpečných oblastí, jimiž jsou například nástupiště vlakových stanic. Představujeme metodu detekce a lokalizace osob s pomocí nízkonákladových termálních kamer FLIR Lepton 3.5 a malých počítačů Raspberry Pi 3B+. Tento projekt, navazující na předchozí bakalářský projekt "Detekce lidí v místnosti za použití nízkonákladové termální kamery", nově podporuje modelování komplexních scén s polygonálními okraji a více termálními kamerami. V této práci představujeme vylepšenou knihovnu řízení a snímání pro kameru Lepton 3.5, novou techniku detekce lidí používající nejmodernější YOLO (You Only Look Once) detektor objektů v reálném čase, založený na hlubokých neuronových sítích, dále novou automaticky konfigurovatelnou termální jednotku, chráněnou schránkou z 3D tiskárny pro bezpečnou manipulaci, a v neposlední řadě také podrobný návod instalace detekčního systému do nového prostředí a další podpůrné nástroje a vylepšení. Výsledky nového systému demonstrujeme příkladem analýzy pohybu osob v Národním muzeu v Praze.

This research presents a novel technique termed Multi-Agent Malicious Behaviour Detection. The goal of Multi-Agent Malicious Behaviour Detection is to provide infrastructure to allow for the detection and observation of malicious multi-agent systems in computer network environments. This research explores combinations of machine learning techniques and fuses them with a multi-agent approach to malicious behaviour detection that effectively blends human expertise from network defenders with modern artificial intelligence. Success of the approach depends on the Multi-Agent Malicious Behaviour Detection system's capability to adapt to evolving malicious multi-agent system communications, even as the malicious software agents in network environments vary in their degree of autonomy and intelligence. This thesis research involves the design of this framework, its implementation into a working tool, and its evaluation using network data generated by an enterprise class network appliance to simulate both a standard educational network and an educational network containing malware traffic.

碩士<br>國立臺灣海洋大學<br>河海工程學系<br>106<br>Abstract In recent years, National Army has transformed and executed the "Pure Scenarios." In order to build up the defense organization, to meet the needs of possible war in the future, From 100 to 103 years of the Republic of China, according to the planning of relevant factors such as threats from the enemy, national security situation, entire resource allocation and fundraising promotion,. The streamlining of human resource has increase time of duty among all units of guards. Traditional paper identification card and vehicles are time-consuming, therefore it has caused：Firstly people in duty tiredness , secondly resulting in many accidents caused by negligence on the part of the authorities. Especially for some organization set same fixed work time, people come and leave office at the same time, the security check may not be thoroughly operate also stop the traffic in peak time at the entrance, lead to failure to implement access security. Hence, this thesis evaluates the combination of face recognition and license plate recognition technology installed in the Army camp entrance to reduce manpower burden and enhance security management control as the research case. The development of contactless access control technology has allowed the certain persons or vehicles to entry under restricted conditions. Use human faces and vehicles number plate to identify and control the access to entrance. People no longer need to carry a proximity card or paper certificate, nor have any contact with the test device. People only need to use a simple photo camera device to capture the needed information for identification. Therefore, this identification methods is convenient, efficient and safe, It can provide a reference for entrance security improvement to the national army . Keywords: Artificial Intelligence, Face Recognition, License Plate Recognition, Entrance Guard, Army Camp

Cooperation between independent agents depends upon establishing adegree of security. Each of the cooperating agents needs assurance that the cooperation will not endanger resources of value to that agent. In a computer system, a computational mechanism can assure safe cooperation among the system's users by mediating resource access according to desired security policy. Such a mechanism, which is called a security kernel, lies at the heart of many operating systems and programming environments.The report describes Scheme 48, a programming environment whose design is guided by established principles of operating system security. Scheme 48's security kernel is small, consisting of the call-by-value $lambda$-calculus with a few simple extensions to support abstract data types, object mutation, and access to hardware resources. Each agent (user or subsystem) has a separate evaluation environment that holds objects representing privileges granted to that agent. Because environments ultimately determine availability of object references, protection and sharing can be controlled largely by the way in which environments are constructed. I will describe experience with Scheme 48 that shows how it serves as a robust and flexible experimental platform. Two successful applications of Scheme 48 are the programming environment for the Cornell mobile robots, where Scheme 48 runs with no (other) operating system support; and a secure multi-user environment that runs on workstations.

Artificial Intelligence(“AI”)is a rapidly evolving technology and iscurrently the most promisingmarket opportunity in the worldeconomy. The study examines the relationship of customers knowledge aboutAI with theiropenness to interact with AI-enabled products/services. The author analyzes whether customer beliefs about efficiency, convenience, privacy protection and data security act as a mediator of this relationship. Analyzing primary data (n=331)throughregression models, the study suggests that thesignificantrelationship between knowledge and opennessispartially mediated by customer beliefs, and they additionallyhave a significant direct relationship with openness. Implications for governments and businesses are derived.

abstract: The field of cyber-defenses has played catch-up in the cat-and-mouse game of finding vulnerabilities followed by the invention of patches to defend against them. With the complexity and scale of modern-day software, it is difficult to ensure that all known vulnerabilities are patched; moreover, the attacker, with reconnaissance on their side, will eventually discover and leverage them. To take away the attacker's inherent advantage of reconnaissance, researchers have proposed the notion of proactive defenses such as Moving Target Defense (MTD) in cyber-security. In this thesis, I make three key contributions that help to improve the effectiveness of MTD. First, I argue that naive movement strategies for MTD systems, designed based on intuition, are detrimental to both security and performance. To answer the question of how to move, I (1) model MTD as a leader-follower game and formally characterize the notion of optimal movement strategies, (2) leverage expert-curated public data and formal representation methods used in cyber-security to obtain parameters of the game, and (3) propose optimization methods to infer strategies at Strong Stackelberg Equilibrium, addressing issues pertaining to scalability and switching costs. Second, when one cannot readily obtain the parameters of the game-theoretic model but can interact with a system, I propose a novel multi-agent reinforcement learning approach that finds the optimal movement strategy. Third, I investigate the novel use of MTD in three domains-- cyber-deception, machine learning, and critical infrastructure networks. I show that the question of what to move poses non-trivial challenges in these domains. To address them, I propose methods for patch-set selection in the deployment of honey-patches, characterize the notion of differential immunity in deep neural networks, and develop optimization problems that guarantee differential immunity for dynamic sensor placement in power-networks.<br>Dissertation/Thesis<br>Doctoral Dissertation Computer Science 2020

Yes<br>The Sustainable Development Goals (SDGs) present the emerging need to explore new ways of AgriFood production and food security as ultimate targets for feeding future generations. The study adopts a Design Science methodology and proposes Artificial Intelligence (AI) techniques as a solution to food security problems. Specifically, the proposed artefact presents the collective use of Agricultural Technology (AgriTech) drones inspired by the biomimetic ways of bird swarms. The design (artefact) appears here as a solution for supporting farming operations in inaccessible land, so as unmanned aerial devices contribute and improve the productivity of farming areas with limited capacity. The proposed design is developed through a scenario of drone swarms applying AI techniques to address food security issues. The study concludes by presenting a research agenda and the sectoral challenges triggered by the applications of AI in Agriculture.<br>European Union's H2020 research and innovation programme under the Marie Skłodowska-Curie grant (agreement No. 746667)<br>The full-text of this article will be released for public view at the end of the publisher embargo on 25 Feb 2022.

<div><div><div><p>Provenance collection and analysis is one of the most important techniques used in analyzing computation system behaviors. For forensic analysis in enterprise environment, existing provenance systems are limited. On one hand, they tend to log many redundant and irrelevant events causing high runtime and space overhead as well as long investigation time. On the other hand, they lack the application specific provenance data, leading to ineffective investigation process. Moreover, emerging machine learning especially deep learning based artificial intelligence systems are hard to interpret and vulnerable to adversarial attacks. Using provenance information to analyze such systems and defend adversarial attacks is potentially very promising but not well-studied yet.</p><p><br></p><div><div><div><p>In this dissertation, I try to address the aforementioned challenges. I present an effective and efficient operating system level provenance data collector, ProTracer. It features the idea of alternating between logging and tainting to perform on-the-fly log filtering and reduction to achieve low runtime and storage overhead. Tainting is used to track the dependence relationships between system call events, and logging is performed only when useful dependencies are detected. I also develop MPI, an LLVM based analysis and instrumentation framework which automatically transfers existing applications to be provenance-aware. It requires the programmers to annotate the desired data structures used for partitioning, and then instruments the program to actively emit application specific semantics to provenance collectors which can be used for multiple perspective attack investigation. In the end, I propose a new technique named NIC, a provenance collection and analysis technique for deep learning systems. It analyzes deep learning system internal variables to generate system invariants as provenance for such systems, which can be then used to as a general way to detect adversarial attacks.</p></div></div></div></div></div></div>