In practical situations, computer vision technique is applied to solve various tasks, including image classification, object detection, image segmentation, and so on. The commonly used supervised learning training paradigm for the network models used to solve these tasks requires training data as well as the ground truth labels specifying the data samples' reference information for the task. However, getting labels for every task would be expensive or even almost impossible, such as medical images due to privacy reasons and expert annotations from medical professionals and facial recognition also because of privacy concerns. Many large-scale general datasets exist, like ILSVRC2012 for both image classification and object detection tasks and COCO also for objection tasks. , and the corresponding pre-trained models whose knowledge can be transferred to other fields. While deeper models typically have better performance and can learn better feature representation from the same tasks, increasing network models introduces difficulties in practical deployment, especially regarding resource limitation and response latency. We hope to explore the learning methods in knowledge distillation to help the smaller student network learn better features from the unlabeled training data and have better transfer performance on downstream tasks. With the remarkable success of contrastive learning, it has become one of the most promising methods of learning from unlabeled data. In this thesis, we proposed an unsupervised knowledge distillation method that applies a contrastive learning method to construct and extract relational knowledge from the feature representations of the intermediate layers as well as the final layer. The evaluation with the ILSVRC2012 dataset proves the effectiveness of the proposed method on feature learning as the method helped the ResNet-18 model achieve a 2% improvement in linear evaluation accuracy compared to the baseline model. Extensive experiments were conducted on eight transfer learning tasks, and the model trained by the proposed method outperformed its baseline model in all the eight classification tasks and also achieved better fine-tuning accuracy in the situation where only a small fraction of the ground truth label was available for fine-tuning.

With the rise of new space, space missions are becoming increasingly more accessible. This is caused by the increased use of commercial-off-the-shelf components as well as the possibility of having multiple parties operating on a single satellite platform. This development combined with a new attitude towards the security of these systems has exposed some flaws in current designs. These concerns are in the lack of defense-in-depth measures on board the satellite and the fully trusted nature of the internal bus. In this thesis we perform a high-level risk analysis for CubeSat missions and map them to the SPACE-SHIELD framework. We then implement several mitigations based on the identified risks, with a focus on less explored research areas. The performance of the mitigations is then evaluated in order to test their viability for use in the industry. We provide a simulator setup for testing and evaluating the mitigations. In order to improve the security of CubeSats we ran several fuzzing campaigns, which have led to the discovery of potentially vulnerable sections of code. Furthermore, we implemented mitigations to achieve network segmentation and end-to-end security on the internal bus of the device. The authenticated encryption scheme implemented for end-to-end security uses the NIST standard for lightweight cryptography known as Ascon. The measurements show that our reference implementation of this AEAD scheme has an overhead of 15% for message payload sizes of 200 bytes. Lastly, we contribute to several entries in the SPACE-SHIELD framework which were lacking before.

In this research, we propose a new method for detecting slow, distributed port scanners by utilizing clustering techniques based on the behavioral characteristics of scan sources. Traditional methods often rely on identifying sources within the same subnet and using frequency-based algorithms; however, our method operates independently of source address correlations. We assign numeric features based on these characteristics to packet sources observed through our network telescope. These features are then processed using a clustering algorithm to identify distributed scans without depending on the origin of source addresses.

Our findings demonstrate the effectiveness of this method in accurately clustering and identifying slow scanners. We verified the results by comparing the detected scan clusters against the expected behavior derived from our simulations. This approach not only reveals complete distributed scans but also offers insight into different scanning strategies employed across the internet.

The implications of our research are significant for network security, enabling early detection and mitigation of potential cyber threats. Our methodology lays a foundation for further research and optimization, offering a valuable tool for both understanding and securing internet infrastructure against scanning techniques.

Amplification Denial of Service (DoS) attacks have been a persistent challenge in network security, with the consequences ranging from causing minor disruptions to substantial financial losses and irreparable damage to reputation.

In today's network environment, many infrastructures are not primary targets of amplification attacks but unwittingly aid them by sending large responses generated by spoofed packets to the potential victims. The ever-growing number of servers makes manual detection of vulnerable components impractical, emphasizing the urgent need for automated tools, which are currently lacking.

This paper investigates factors that affect amplification DoS attacks on three UDP-based protocols, DNS, NTP, and Memcached. Our analysis indicates that for DNS, factors such as the buffer size, replying to ANY queries, Resource Records (RR), and Name Servers (NS) per domain significantly impact the amplification potential. For Memcached, the key and value lengths substantially affect the amplification factor. Regarding NTP, the magnitude of amplification is influenced by the number of recently contacted clients, with the version being a critical determinant for the likelihood of attack success for both NTP and Memcached.

By incorporating these parameters, we propose the development of an automated tool capable of identifying such vulnerable components within network infrastructures.

Distributed Reflection Denial-of-Service (DRDoS) attacks remain among the most damaging cyber threats, leveraging vulnerable UDP-based protocols to amplify traffic and overwhelm targets. Our measurement study investigates the amplification potential of three commonly exploited protocols: DNS, NTP, and Memcached, within the context of the network infrastructure in Belgium and Luxembourg. By analysing amplification factors through various query strategies, we aim to identify potential vulnerabilities and correlations between factors that influence the weaponisation of these protocols. We also investigated application-layer looping vulnerabilities, also known as “Loopy”. Our findings indicate that despite protocol hardening, significant risks remain, particularly with improperly configured DNS servers and not updated NTP and Memcached versions.

Amplification Distributed Denial of Service attacks require networks that do not drop packets with spoofed IP addresses and servers open to the Internet running UDP protocols with amplification potential. These attacks have the potential to overwhelm large network links and disrupt the availability of the largest network infrastructures. While multiple studies exist addressing vulnerable protocols and exploring solutions for collaborative mitigation of such attacks, there is the unaddressed issue of stopping exploitable servers from being deployed in the first place. In this paper, we investigate such servers located in Sweden running DNS, NTP, and Memcached services to learn what makes them vulnerable. After analyzing thousands of servers, we give insights into the current state of the Swedish network and find multiple DNS recursive resolvers amplifying bandwidth more than 100 times, authoritative DNS servers hosting domains with huge amounts of data, and NTP servers patched against old attacks but still providing significant amplification. We find that important parameters that shape the large DNS amplifiers include the choice of the EDNS buffer size, the truncation of responses exceeding it, and a lack of the “ANY” query limitation. NTP servers with debug commands accessible from the Internet have amplification potential, and no vulnerable Memcached servers were found in Sweden.

This paper explores Distributed Reflective Denial-of-Service (DRDoS) attacks, a variant of Distributed Denial-of-Service (DDoS) attacks that leverage publicly accessible UDP servers to amplify traffic towards a target. These attacks, accounting for over half of all DDoS cases in 2023, are significant threats to online services due to their potential to generate traffic volumes in the Tbps range. Despite existing research on DDoS attack vectors and techniques, there remains a gap in tools for identifying potential amplification sources within specific networks. This paper aims to fill that gap by identifying and measuring amplification hazards in the Dutch IP range, focusing on DNS, NTP, and Memcached protocols. Our findings reveal significant amplification potentials, particularly within NTP and Memcached servers, and highlight the influence of factors such as EDNS0 buffer size on DNS amplification.

Distributed reflection denial-of-service (DRDoS) attacks are a type of cyberattack where a malicious actor sends requests to public and open servers on behalf of the victim by spoofing their IP address. The traffic generated by the corresponding responses is directed towards the victim (whose IP address appeared as the source address of the initial packets), potentially exhausting their bandwidth. These attacks have kept becoming more powerful over the years.
This thesis presents a measurement study of three well-known protocols, where we assess the amplification potential of hosts located in Greece running these protocols. We find that DNS remains the most vulnerable protocol to amplification; the top 250 hosts can cumulatively amplify the traffic by 32,000×. Furthermore, we discover that the “ANY” query type and the improperly configured DNS extension (EDNS0) are two significant causes of DNS amplification. Lastly, we also find hosts vulnerable to looping attacks, a novel threat in the context of DDoS attacks.

This paper explores the effect of forecasting methods on the Optimistic Follow The Regularized Leader (OFTRL) caching policy. It has been theoretically proven that the performance of OFTRL improves with accurate forecasters. However, the forecasters were portrayed as black boxes. In this paper, we do not treat forecasters as a black box but rather use recommender systems and temporal convolutional networks (TCN) implementations as forecasters for OFTRL in the caching context. The said forecasters predict the next file requests directly from the request trace rather than monitoring popularity. Using request traces extracted from the well-known MovieLens dataset, it was found that incorporating a forecaster into an optimistic learning algorithm is not straightforward. In fact, it was found that simpler approaches such as one that predicts the most requested file, can outperform more complicated deep learning models in terms of regret even if they possess a lower accuracy.

Group work is an integral part of Computing Education, but introduces problems when students either fail to participate enough or dominate, not allowing their team members to contribute. This research focuses on identifying the participation level of the students, allowing the teacher or teaching assistant who monitors the group throughout the project to identify and resolve problems. The software metrics that can be extracted from the code repository are often used in this monitoring process. Therefore, this study investigates the correlation between the software metrics and the participation level. Furthermore, this study aims to understand the correlation between programming experience and the participation level in the project.

To this end, four project groups were observed over several weeks, followed by interviews with their teaching assistants. A questionnaire assessed each student’s programming experience and collected data about confounding factors. A selection of software metrics to collect was made based on the literature and the teaching assistant interviews. Per contributor, we collected and analysed the number of lines of code, amount of issue comments, amount of MR comments, amount of commits, cumulative cyclomatic complexity, maximum cyclomatic complexity, amount of pipelines triggered, and pipeline failure ratio.

Of the twenty students in the observed groups, eight were classified as high participation, and six were identified as low participation. No significant correlation was found between participation level and gender, age, nationality, GPA, or group familiarity. Programming experience also did not predict participation, suggesting that a lack of experience is not a valid reason for low engagement. Furthermore, the number of lines of code students wrote, the number of commits students made, and the number of comments that students posted on merge requests are correlated with the participation level. This means these metrics can be used for monitoring student software groups and can indicate more than just code contribution.

Accurate traffic forecasts are a key element in improving the traffic flow of urban cities. An efficient approach to this problem is to use a deep learning Long Short Term Memory (LSTM) model. Including weather data in the model can improve prediction accuracy because traffic volumes are sensitive to weather changes. The aim of this study is to show how such a model can be constructed for traffic flow predictions, and how it can be improved with the use of weather data. Results show that an LSTM model gives accurate predictions as a baseline model, and the inclusion of weather data gives a slight improvement in accuracy when predicting single sensors. The improvement was higher on long term predictions of 2.5 hours, and the best prediction results were obtained when adding a lag of 30 minutes to the rain data.

Due to the increasing popularity of various types of sensors in traffic management, it has become significantly easier to collect data on traffic flow. However, the integrity of these data sets is often compromised due to missing values resulting from sensor failures, communication errors, and other malfunctions. This study investigates the effect of missing data on the performance of Long Short-Term Memory (LSTM) models in traffic flow prediction and assesses strategies to handle these missing values. By actively removing values from a complete data set, three strategies to handle these missing values are evaluated: dropping null values, replacing them with zero, and linear interpolation. We show that LSTM models are surprisingly resilient to missing data, with little impact on prediction accuracy for up to 40% of missing data, irrespective of the strategy used. For higher proportions of missing data, dropping null values leads to significant performance degradation, while zero-filling and interpolation maintain predictive accuracy. This paper provides insights into the choice of missing data handling strategies in time-series prediction tasks, demonstrating the potential of LSTM models for traffic forecasting under less-than-ideal data conditions

Traffic prediction plays a big role in efficient transport planning capabilities and can reduce traffic congestion. In this study the application of Long Short-Term Memory (LSTM) models for predicting traffic volumes across varying prediction horizons is investigated. The data used is collected by the municipality of The Hague for a single month. The study focuses on comparing the performance of the LSTM across different time horizons up to 10 hours in the future. To evaluate the performance of the LSTM models, two common evaluation measures are employed: Root Mean Square Error (RMSE) and Symmetric Mean Absolute Percentage Error (SMAPE). The baseline for the predictions is set at a 15-minute future forecast. Comparing the 1-hour prediction against the 10-hour predictions relative to the baseline RMSE, the RMSE increased threefold. However, the SMAPE first increases, but surprisingly after 6 hours starts to decrease again.

Accurate short-term traffic forecasting plays a crucial role in Intelligent Transportation Systems for effective traffic management and planning. In this study, the performances of three popular forecasting models are explored: Long Short-Term Memory (LSTM), Autoregressive Integrated Moving Average (ARIMA), and Facebook's Prophet, for short-term traffic prediction. The models were trained and evaluated using a dataset of traffic flow data collected from 161 detectors over a specific time period. The experimental results reveal that ARIMA outperformed LSTM and Prophet in terms of Root Mean Squared Error (RMSE) and Mean Absolute Percentage Error (MAPE). This suggests that while deep learning methods, such as LSTM, are generally acknowledged to outperform ARIMA in short-term traffic forecasting, this study reveals that there are specific scenarios where such well-accepted fact needs to be tested.

The amount of cars on the roads is increasing at a rapid pace, causing traffic jams to become commonplace. One way to decrease the amount of traffic congestion is by building an Intelligent Transportation System (ITS) which helps traffic flow optimally. An important tool for an ITS is short term traffic forecasting. Better forecasts will enable the ITS to proactively prevent congestion. Recent years have seen a great increase in the availability of traffic data. As a result deep learning approaches have begun to emerge as models of choice in the short term traffic forecasting domain. Among deep learning approaches Long Short Term Memory (LSTM) and Temporal Convolutional Networks (TCN) have both shown state-of-the-art performance in general forecasting tasks as well as promising results in traffic forecasting. This work has compared both of these approaches in terms of capturing the temporal spatial correlation and scalability. The LSTM showed more ability to capture the temporal spatial correlation while both architectures seemed equally scalable.

Improving the energy efficiency of electric vehicles has various significant benefits, such as increasing the driving range. The Thermal Management System (TMS) plays a large role in optimizing the vehicle energy consumption and battery lifetime. In this thesis, a nonlinear Model Predictive control (MPC) strategy is presented to regulate the battery, motor and inverter temperatures to minimize vehicle energy consumption and maximize battery lifetime, two conflicting objectives traded off by a single tunable parameter, whilst staying
within temperature limits to ensure safety. The control dynamics are nonlinear and discontinuous, due to valves in the system that can only be fully opened or fully closed, leading to a nonlinear mixed-integer optimization problem. A nonlinear model of the TMS including actuators and electric components is formulated that is validated by using simulation results over three drive cycles for moderate and hot ambient conditions. Mean temperature deviations between -0.22 and 0.25 °C are achieved for the battery, and between 0.14 and 1.48 °C for the motors, depending on the drive cycle. Using outer convexification, the optimization problem is reformulated as a continuous problem, which can be solved efficiently. The control strategy is tested in a simulation environment for both moderate and hot ambient temperatures and three different drive cycles. The strategy is compared to a benchmark strategy that uses a finite-state machine and PID-based control loops. A decrease in power consumption between 7% and 11% is achieved for 5 out of 6 use cases whilst additionally decreasing the ageing rate by 0% to 7%. For one use case, an increase in
energy consumption is achieved by 2.5%, but the relative ageing rate is decreased by 44%. At hot temperatures, improvements are mostly achieved due to finding an energy-efficient battery cooling trajectory. At moderate temperatures, improvements are mostly achieved by increased motor cooling to take advantage of the temperature-dependent motor losses. The results obtained using a continuous solver are also compared to those obtained using a
mixed-integer solver. Minimal loss in performance is seen compared to the mixed-integer solver, whilst requiring a significantly lower computation time that is within the sample time, making the MPC strategy fast enough for real-time control in the simulation environment. Finally, the effect of using noisy forecast information is used to test the robustness of the controller. Using noisy forecast information instead of perfect forecast information, the energy consumption and ageing rate increase by 0.0% to 1.2%.

Distributed Energy Resources (DER), like solar panels, are projected to take over power generation responsibilities. This will happen during the transition of the current power grid to the Smart Grid. Due to the importance of this power to society, it is crucial that the grid stays stable.

DER devices are similar to IoT devices in scale, low user interaction and the use of firmware. IoT cyberattacks have been shown to have the ability to scale horizontally quickly. A vulnerability in DER devices could lead to such a scalable attack if the market for DER is oligopolistic. Due to the same underlying economic drivers such as economy-of-scale, market-for-lemons, first-mover-advantage and tragedy-of-the-commons, DER devices will likely have the same issues as IoT devices had if nothing is changed.

This research focuses on the role of the grid’s transition state and the DER market’s state in introducing this risk. Eight thousand one hundred (8100) scenarios were created based on a combination of parameters describing these states. An agent-based model created for this research simulated the grid and obtained the required data.

Results indicate that the grid and market parameters can introduce a cyber risk into the Smart Grid. The results show that if 5% of the households are infected, an attacker could abuse them to manipulate the grid, perhaps a blackout.

Furthermore, related work did not show any references to this particular risk and some proposed grid monitoring solutions include the usage of neighbouring DER to monitor. An attack of this nature would be able to manipulate such a monitoring solution. If the risk of an oligopolistic DER market is not considered, the Smart Grid may not have any ways of effective monitoring or mitigation.

Recommendations for policymakers and regulators were made as part of this research. The first recommendation is to allow the collection of real-time information on the grid-connected DER by grid operators. Furthermore, consideration has to be made to the usage of forced patching on DER. A delay in patching could impact the grid too much. Finally, the recommendation is to develop a policy on the local diversity of DER.  Devices with the same firmware should not be allowed to obtain a critical mass in a region.

Since the introduction of networking protocols for Low-power and Lossy Networks (LLN), many implementations have been created in the form of (real-time) Operating Systems (OS), simplifying their usage and making the technology more widely available. The low cost and low complexity of LLNs allow for large-scaled wireless sensor deployments, making it infeasible to frequently renew the deployed hardware. In addition to this, the low processing and memory requirements of the hardware increase the difficulty of patching their software or adding new security features to it, making them useful targets for hackers. The knowledge of what OS is running on a device is valuable, as each OS will have their own set of security issues and mitigation methods. We investigate the possibilities of OS fingerprinting in the LLN space by simulating networks of devices running a variety of OSes. Focusing specifically on the RPL routing protocol, we build a classifier based on packet headers and communication meta-data, able to differentiate between the investigated OSes. From the results, we illustrate the feasibility of OS fingerprinting based on RPL control frame header contents.

Research has shown that the Border Gateway Protocol (BGP) is vulnerable to a new attack that exploits the community attribute. These community attacks can influence BGP routing in unintended ways. Currently, there are no effective mitigations against these attacks which do not limit the normal usage of BGP communities or offer cryptographic authorization of community values. In this thesis, we are the first to design and evaluate a new Resource Public Key Infrastructure (RPKI) object that provides these properties, called a Route Community Authorization (RCA). Autonomous Systems (ASes) can sign and upload an RCA that includes which communities are authorized to be used and under which conditions to reduce the attack surface. The approach does not alter BGP itself and ASes that deploy the security solution can verify if route announcements with community values are allowed to use those communities. With the RPKI construction of our solution, cryptographic operations are offloaded from the router to a separate server. This is because most BGP routers deployed on the internet are not capable yet of performing cryptographic operations on every announcement.

We simulate attack scenarios and evaluate the developed solution to see if it is a viable option to be deployed on the internet. The results show that the developed solution can block the community attacks, on the condition that ASes have properly configured the RCA and at least the target, or an AS between the attacker and the target, deploys the solution. If ASes configure the RCAs too broad, then there is still room for an attacker to abuse the community values. We show that the performance of the solution using properly configured RCAs can keep up with the rate of announcements seen on the internet. Since experiments were performed in simulations, additional experiments are needed in the future on hardware routers and by ASes on the internet to see if the results are the same. The biggest issue for the developed solution is the initial adoption by ASes since security benefits are low in the beginning, but increase once more ASes participate.

Once deployed BGP routers can handle cryptographic operations on every announcement, we suggest using BGPsec and extending it to include the community attribute. Using a BGPsec approach will improve security and provide integrity of the community attribute, which RCA does not provide.