Andrea Bondavalli

Tommaso Zoppi, Andrea Ceccarelli, Andrea Bondavalli

Machine Learning (ML) algorithms that perform classification may predict the wrong class, experiencing misclassifications. It is well-known that misclassifications may have cascading effects on the encompassing system, possibly resulting in critical failures. This paper proposes SPROUT, a Safety wraPper thROugh ensembles of UncertainTy measures, which suspects misclassifications by computing uncertainty measures on the inputs and outputs of a black-box classifier. If a misclassification is detected, SPROUT blocks the propagation of the output of the classifier to the encompassing system. The resulting impact on safety is that SPROUT transforms erratic outputs (misclassifications) into data omission failures, which can be easily managed at the system level. SPROUT has a broad range of applications as it fits binary and multi-class classification, comprising image and tabular datasets. We experimentally show that SPROUT always identifies a huge fraction of the misclassifications of supervised classifiers, and it is able to detect all misclassifications in specific cases. SPROUT implementation contains pre-trained wrappers, it is publicly available and ready to be deployed with minimal effort.

Tommaso Zoppi, Andrea ceccarelli, Tommaso Capecchi et al.

Anomaly detection aims at identifying unexpected fluctuations in the expected behavior of a given system. It is acknowledged as a reliable answer to the identification of zero-day attacks to such extent, several ML algorithms that suit for binary classification have been proposed throughout years. However, the experimental comparison of a wide pool of unsupervised algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets was not investigated yet. To fill such gap, we exercise seventeen unsupervised anomaly detection algorithms on eleven attack datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We conclude that algorithms as Isolation Forests, One-Class Support Vector Machines and Self-Organizing Maps are more effective than their counterparts for intrusion detection, while clustering algorithms represent a good alternative due to their low computational complexity. Further, we detail how attacks with unstable, distributed or non-repeatable behavior as Fuzzing, Worms and Botnets are more difficult to detect. Ultimately, we digress on capabilities of algorithms in detecting anomalies generated by a wide pool of unknown attacks, showing that achieved metric scores do not vary with respect to identifying single attacks.

Mohamad Gharib, Paolo Lollini, Andrea Ceccarelli et al.

One of the main challenges in integrating Cyber-Physical System-of-Systems (CPSoS) to function as a single unified system is the autonomy of its Cyber-Physical Systems (CPSs), which may lead to a lack of coordination among CPSs and results in various kinds of conflicts. We advocate that to efficiently integrate CPSs within the CPSoS, we may need to adjust the autonomy of some CPSs in a way that allows them to coordinate their activities to avoid any potential conflict among one another. To achieve that, we need to incorporate the notion of governance within the design of CPSoS, which defines rules that can be used for clearly specifying who and how can adjust the autonomy of a CPS. In this paper, we try to tackle this problem by proposing a new conceptual model that can be used for performing a governance-based analysis of autonomy for CPSs within CPSoS. We illustrate the utility of the model with an example from the automotive domain.