Umeå University's logo

Web application services and networks encounter a broad range of security and performance anomalies, necessitating sophisticated detection strategies. However, performing anomaly detection in edge cloud environments, often constrained by limited resources, presents significant computational challenges and demands minimized detection time for real-time response. In this paper, we propose a model selection approach for resource efficient anomaly detection in edge clouds by leveraging an adapted Deep Q-Network (DQN) reinforcement learning technique. The primary objective is to minimize the computational resources required for accurate anomaly detection while achieving low latency and high detection accuracy. Through extensive experimental evaluation in our testbed setup over different representative scenarios, we demonstrate that our adapted DQN approach can reduce resource usage by up to 45 % and detection time by up to 85 % while incurring less than an 8 % drop in F1 score. These results highlight the potential of the adapted DQN model selection strategy to enable efficient, low-latency anomaly detection in resource-constrained edge cloud environments.

The dynamic nature of Internet of Things (IoT) environments challenges the long-term effectiveness of Machine Learning as a Service (MLaaS) compositions. The uncertainty and variability of IoT environments lead to fluctuations in data distribution, e.g., concept drift and data heterogeneity, and evolving system requirements, e.g., scalability demands and resource limitations. This paper proposes an adaptive MLaaS composition framework to ensure a seamless, efficient, and scalable MLaaS composition. The framework integrates a service assessment model to identify underperforming MLaaS services and a candidate selection model to filter optimal replacements. An adaptive composition mechanism is developed that incrementally updates MLaaS compositions using a contextual multi-armed bandit optimization strategy. By continuously adapting to evolving IoT constraints, the approach maintains Quality of Service (QoS) while reducing the computational cost associated with recomposition from scratch. Experimental results on a real-world dataset demonstrate the efficiency of our proposed approach.

Visual anomaly detection targets to detect images that notably differ from normal pattern, and it has found extensive application in identifying defective parts within the manufacturing industry. These anomaly detection paradigms predominantly focus on training detection models using only clean, unlabeled normal samples, assuming an absence of contamination; a condition often unmet in real-world scenarios. The performance of these methods significantly depends on the quality of the data and usually decreases when exposed to noise. We introduce a systematic adaptive method that employs deviation learning to compute anomaly scores end-to-end while addressing data contamination by assigning relative importance to the weights of individual instances. In this approach, the anomaly scores for normal instances are designed to approximate scalar scores obtained from the known prior distribution. Meanwhile, anomaly scores for anomaly examples are adjusted to exhibit statistically significant deviations from these reference scores. Our approach incorporates a constrained optimization problem within the deviation learning framework to update instance weights, resolving this problem for each mini-batch. Comprehensive experiments on the MVTec and VisA benchmark datasets indicate that our proposed method surpasses competing techniques and exhibits both stability and robustness in the presence of data contamination.

Our source code is available at https://github.com/anindyasdas/ADL4VAD/

The interconnectivity of avionics systems supports the need to incorporate functional safety and information security into airworthiness validation and maintenance protocols, which is critical. This necessity arises from the demanding operational environments and the limitations on defense resource allocation. This study proposes an optimization model for the strategic deployment of defense mechanisms, leveraging the dynamic interplay between attack and defense modeled by non-cooperative game theory and aligning with the maintenance schedules of civil aircraft. By developing an Attack–Defense Tree and conducting a non-cooperative game analysis, this paper outlines strategies from both the attacker’s and defender’s perspectives, assessing the impact of focused defense improvements on the system’s security integrity. The results reveal that the broad expansion of defense measures reduces their effectiveness, whereas targeted deployment significantly enhances protection. Monte Carlo simulations are employed to approximate equilibrium solutions across the strategy space, reducing computational complexity while retaining robustness in capturing equilibrium trends. This approach supports efficient allocation of defense resources, strengthens overall system security, and provides a practical foundation for integrating security analysis into avionics maintenance and certification processes.

The serverless Function-as-a-Service (FaaS) paradigm offers a fine granularity for the pay-per-use billing model, where users are charged based on the actual function execution time and do not have to pay for idle resources. Thereby, FaaS in a serverless environment brings the promise that it completely abstracts infrastructure management. This allows the developers to focus solely on application development. On the other hand, the serverless applications, being deployed as a dense web of FaaS artifacts, increase the attack surface. This makes the FaaS paradigm susceptible to financial exhaustion attacks, also known as Denial of Wallet (DoW), where the attacker attempts to inflate the usage bill by illegitimate escalation of resource consumption. This paper proposes a robust detection method for DoW attacks on the serverless platform using the Neural Ordinary Differential Equation (ODE) with a Liquid Time Constant (LTC). The experiments, conducted on a benchmark dataset, represent real-world attack scenarios, compared with baseline methods. The proposed method outperforms the baselines for multiple evaluation metrics, proving its effectiveness in precision-critical scenarios.

With the exponential growth of edge devices, the cloud edge continuum provides a natural evolution to the centralised cloud architecture to overcome the bottlenecks created by the growing data that devices generate. Resource constrained edge devices need to be able to offload computational tasks to the cloud edge continuum. Providing resources located at the edge, close to resource-constrained devices, allows devices to offload on demand potentially complex functions with low latency and response time requirements. The COGNIT framework introduces the novel concept of function as a services (FaaS) at the edge and novel AI techniques for cloud-edge management. In this paper, we show how the novel edge FaaS model can be used to offload critical security functions from edge devices and enable them to protect themselves even though they don't have the resources for such protection. The paper's main contribution is to show how the edge FaaS model enables to design multi-layer protection models between edge devices and the cloud-edge continuum AI-based orchestrator. In this model the edge device provides a first layer of defense using application knowledge to protect itself whereas the AI-based orchestrator provides a second layer of defense that is more generic because it does not know much about the edge application. The layered protection model is illustrated and validated on a cybersecurity case study where AI-based anomaly detection is deployed at the edge to secure mobile devices and detect anomalies as early and quickly as possible. This second contribution of the paper shows how continuous security anomaly detection can be designed as multiple functions that are triggered by monitored events to provide continuous detection at the edge for all events.

Due to the tremendous deployment of sensors, actuators, and remote devices, Internet of Things (IoT) networks have gained popularity across a wide range of application domains. As a result, the number of attackers and the dynamics of IoT network attacks are also increasing proportionately. Moreover, IoT networks generate a huge amount of sensitive data that must be carefully protected to prevent potential exploitation and exploration by adversaries. The advent of Federated Learning (FL) paved the way for enhancing data privacy and security of IoT data. Although several FL-based security systems have been developed for IoT networks, many lack effectiveness and efficiency. This limitation is due to the unavailability of up-to-date benchmark IoT network intrusion datasets that accurately reflect real-world IoT network traffic, encompassing a wide range of IoT protocols and recent, diverse attack types. This discrepancy significantly hinders the development, validation, and comparative evaluation of existing security solutions. To meet this critical need, we develop a practical IoT network intrusion dataset called FL-MU using client-specific IoT network testbeds. Each client testbed comprises more than 30 devices communicating over seven different IoT communication protocols. The FL-MU dataset includes eleven types of attacks, comprising over 19 million instances with 121 features. The effectiveness of the dataset is established on multiple state-of-the-art FL-based Intrusion Detection Systems (IDSs). The FL-based IDS models exhibit superior performance when trained on our FL-MU dataset as compared to other existing datasets. This highlights the quality and suitability of the developed FL-MU dataset for training robust and accurate FL-based security systems. The FL-MU dataset and the related implementation codes are made available at the Kaggle repository: https://doi.org/10.34740/kaggle/dsv/13106381, contributing to the research community for the advancement of IoT security.

Conventional standalone approaches for diagnosing individual diseases often fail to achieve robust generalization because they are severely impacted by overfitting. This results in poor adaptability to diverse image representations and an inability to balance performance with computational efficiency. In this study, we propose KDLight, a lightweight, novel CNN model designed for efficient medical image classification across diverse modalities, including MRI, X-ray, radiography, skin images, and histopathology. We employ Knowledge Distillation (KD), where insights from an efficient teacher model (MobileNet) guide the learning process of the KDLight student model. The KDLight model minimizes the number of parameters while enhancing feature learning across diverse medical image representations. Experimental results show that KDLight achieves 95.55% classification accuracy with only 2.96 seconds and a compact 7.5 MB disk size, significantly reducing parameter size, accelerating inference, and lowering computational costs compared to traditional pre-trained models. Additionally, KDLight ability to efficiently learn diverse image representations can be extended to other domains, such as crack classification (e.g., road, window, and building cracks), enabling high-performance detection across different surface defect categories.

Federated Learning (FL) can help train collaborative machine learning models while preserving individual client privacy by keeping data local and private. Among other challenges, data heterogeneity brings extensive hurdles in learning collaborative models, as clients usually own non-independent and identically distributed (non-IID) data. One solution to improve model performance under non-IID data is implicit data augmentation, which requires global distribution modeling. This work proposes FedMGAN, a two-phase novel multi-tier generative adversarial network (GAN) based global data distribution modeling approach to tackle data heterogeneity in FL. In the first phase, FedMGAN utilizes a subset of clients for GAN training, whose generators are further improved against the remaining clients’ discriminators. In the second phase, the trained GAN is used to improve the performance of the global FL model. FedMGAN performs better than the current state-of-the-art FL approaches on four different benchmarking datasets under non-IID data distribution.