Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10400.6/13115 |
Resumo: | Nowadays, companies are increasingly deploying more Internet of Things (IoT) devices into the market without considering the security requirements of these systems. Platforms like the SECURIoTESIGN framework attempt to minimize the number of devices that are released with these vulnerabilities, by informing and guiding interested developers about possible secure implementations without needing to contact a security expert (even though it does not replace his knowledge). The modules use questionnaires, whose answers generate a set of recommendations, obtained using heuristics or fixed rules. To facilitate the development of this modules and the provided recommendations, as well as minimizing the need of a security expert, embedding of Machine Learning (ML) was proposed and pursued, being applied to two modules of the platform. In this dissertation the research needed to implement ML in this context is explored and explained, along with the implementation details on both modules, including the creation of a dataset containing all possible answer combinations, automatically. Furthermore, an analysis of the generated dataset was made, how to artificially augment it, and its usage examined, using different variations of available data, for training and testing various multiclass and multioutput models, therefore allowing to simulate situations where resources could not be obtained or an expert was not available. It was possible to conclude that the usage of multiclass and multioutput algorithms presented positive results, when performed with different variations of training data, allowing to conclude that implementing ML in this context may bring advantages to the platform. |
id |
RCAP_225b49f17be737e6c1754f9d0680eb19 |
---|---|
oai_identifier_str |
oai:ubibliorum.ubi.pt:10400.6/13115 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best PracticesClassificação MulticlasseAlgoritmos MultioutputAprendizagem AutomáticaCibersegurançaClassificação MultilabelEstrutura de SegurançaInternet das CoisasSegurança por DesenhoDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaNowadays, companies are increasingly deploying more Internet of Things (IoT) devices into the market without considering the security requirements of these systems. Platforms like the SECURIoTESIGN framework attempt to minimize the number of devices that are released with these vulnerabilities, by informing and guiding interested developers about possible secure implementations without needing to contact a security expert (even though it does not replace his knowledge). The modules use questionnaires, whose answers generate a set of recommendations, obtained using heuristics or fixed rules. To facilitate the development of this modules and the provided recommendations, as well as minimizing the need of a security expert, embedding of Machine Learning (ML) was proposed and pursued, being applied to two modules of the platform. In this dissertation the research needed to implement ML in this context is explored and explained, along with the implementation details on both modules, including the creation of a dataset containing all possible answer combinations, automatically. Furthermore, an analysis of the generated dataset was made, how to artificially augment it, and its usage examined, using different variations of available data, for training and testing various multiclass and multioutput models, therefore allowing to simulate situations where resources could not be obtained or an expert was not available. It was possible to conclude that the usage of multiclass and multioutput algorithms presented positive results, when performed with different variations of training data, allowing to conclude that implementing ML in this context may bring advantages to the platform.A Internet das Coisas está em constante crescimento, devido aos benefícios e vantagens que traz aos utilizadores no seu dia a dia. A popularidade de dispositivos pertencentes a este paradigma fez com que fosse cobiçado o seu fabrico e venda, muitas vezes de uma maneira acelerada e pouco cuidada. De maneira a tentar minimizar este problema, o projeto SECURIoTESIGN foi desenvolvido, onde se encontra a plataforma Security Advisory Modules (SAM), que contém vários módulos relevantes para diferentes partes do desenvolvimento de uma aplicação, os quais fazem certas recomendações do que implementar de maneira a tornar estes dispositivos mais seguros. Os módulos utilizam questionários, cujas respostas geram um conjunto de recomendações, sendo este conjunto alcançado utilizando heurísticas ou regras fixas. De maneira a facilitar o desenvolvimento destes módulos e as recomendações fornecidas, bem como minimizar a necessidade de um especialista em segurança, foi sugerida a implementação de aprendizagem automática para efetuar essa atribuição. Nesta dissertação é relatada a pesquisa efetuada para aplicar aprendizagem automática, os detalhes dessa implementação em dois módulos desta plataforma, inclusive a criação de um conjunto de dados, referente às possibilidades de resposta ao questionário, automaticamente. Adicionalmente foi feita a análise desse conjunto de dados, o aumento artificial do conjunto e o uso dos mesmos para treinar e testar vários modelos multiclasse e multioutput com várias variações no tamanho dos dados utilizados, de maneira a testar várias possibilidades de disponibilização de talento e recursos no projeto. Foi concluído que o uso de algoritmos multiclasse e multioutput apresentou resultados positivos com o uso de diferentes tamanhos do conjunto de dados, levando à conclusão que a implementação destes modelos nestes módulos pode ser uma maisvalia e ajudar no desenvolvimento futuro de módulos nesta plataforma.Inácio, Pedro Ricardo MoraisProença, Hugo Pedro Martins CarriçouBibliorumBatista, Pedro Miguel Marques2023-02-20T16:43:17Z2022-07-182022-06-242022-07-18T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.6/13115TID:203226259enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-12-15T09:56:33Zoai:ubibliorum.ubi.pt:10400.6/13115Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T00:52:36.808792Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
title |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
spellingShingle |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices Batista, Pedro Miguel Marques Classificação Multiclasse Algoritmos Multioutput Aprendizagem Automática Cibersegurança Classificação Multilabel Estrutura de Segurança Internet das Coisas Segurança por Desenho Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
title_short |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
title_full |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
title_fullStr |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
title_full_unstemmed |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
title_sort |
Applying and Testing Mult-iClass and Multi-Output Algorithms in the Mapping of Security Requirements with Technologies and Best Practices |
author |
Batista, Pedro Miguel Marques |
author_facet |
Batista, Pedro Miguel Marques |
author_role |
author |
dc.contributor.none.fl_str_mv |
Inácio, Pedro Ricardo Morais Proença, Hugo Pedro Martins Carriço uBibliorum |
dc.contributor.author.fl_str_mv |
Batista, Pedro Miguel Marques |
dc.subject.por.fl_str_mv |
Classificação Multiclasse Algoritmos Multioutput Aprendizagem Automática Cibersegurança Classificação Multilabel Estrutura de Segurança Internet das Coisas Segurança por Desenho Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
topic |
Classificação Multiclasse Algoritmos Multioutput Aprendizagem Automática Cibersegurança Classificação Multilabel Estrutura de Segurança Internet das Coisas Segurança por Desenho Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
description |
Nowadays, companies are increasingly deploying more Internet of Things (IoT) devices into the market without considering the security requirements of these systems. Platforms like the SECURIoTESIGN framework attempt to minimize the number of devices that are released with these vulnerabilities, by informing and guiding interested developers about possible secure implementations without needing to contact a security expert (even though it does not replace his knowledge). The modules use questionnaires, whose answers generate a set of recommendations, obtained using heuristics or fixed rules. To facilitate the development of this modules and the provided recommendations, as well as minimizing the need of a security expert, embedding of Machine Learning (ML) was proposed and pursued, being applied to two modules of the platform. In this dissertation the research needed to implement ML in this context is explored and explained, along with the implementation details on both modules, including the creation of a dataset containing all possible answer combinations, automatically. Furthermore, an analysis of the generated dataset was made, how to artificially augment it, and its usage examined, using different variations of available data, for training and testing various multiclass and multioutput models, therefore allowing to simulate situations where resources could not be obtained or an expert was not available. It was possible to conclude that the usage of multiclass and multioutput algorithms presented positive results, when performed with different variations of training data, allowing to conclude that implementing ML in this context may bring advantages to the platform. |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022-07-18 2022-06-24 2022-07-18T00:00:00Z 2023-02-20T16:43:17Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.6/13115 TID:203226259 |
url |
http://hdl.handle.net/10400.6/13115 |
identifier_str_mv |
TID:203226259 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799136414187651072 |