Browsing by Author "Takko, Tuomas"

Filter results by typing the first few letters
Now showing 1 - 10 of 10
  • Application of AI in the cyber security risk assessment process
    (2024-12-12) Keränen, Oskari
     Perustieteiden korkeakoulu | Bachelor's thesis
    The ever-increasing frequency and sophistication of cyber attacks have amplified their financial and societal impact on a global scale. Operational and statutory requirements urge organizations to enhance their management of cyber risks jeopardizing their key business objectives. As modern systems and attack methods grow increasingly complex, the effectiveness of traditional risk assessment methods declines. AI-driven automation presents a potential solution for enhancing the efficiency and quality of risk assessment processes. This thesis explores the research question: What is the state of the art of AI application in cyber security risk assessment? The thesis provides an in-depth examination of risk assessment, detailing its fundamental stages and activities based on standardized definitions from the ISO/IEC 27000 series of publications. A consistent framework is established to reduce ambiguity and enhance clarity throughout the analysis. Subsequently, various AI methods identified in literature are examined, evaluating their benefits and potential shortcomings within the risk assessment stages. Natural language processing and language models are recognized as valuable tools for generating critical insights to support risk analysts. AI integration and automation have the potential to optimize and streamline activities such as data collection, validation, processing, and summarization. Data-driven predictive modeling techniques further assist in characterizing risks, their consequences and probabilities. However, challenges such as data privacy and security concerns, along with errors and biases in AI models, continue to pose significant obstacles to the optimal use of AI. While AI demonstrates potential in providing supplementary insights and partial automation for the risk assessment process, the review suggest that fully autonomous AI-driven solutions are yet to be realized.
  • Botit ja informaatiovaikuttaminen Twitterissä Suomen eduskunta- ja EU-vaaleissa 2019 - ELEBOT-hanke
    (2019) Salloum, Ali; Takko, Tuomas; Peuhkuri, Markus; Kantola, Raimo; Kivelä, Mikko
     School of Science | D4 Julkaistu kehittämis- tai tutkimusraportti tai -selvitys
    Sosiaalisessa mediassa toimivat botit ovat mahdollinen tapa yrittää vaikuttaa vaaleihin. Tässä raportissa tutkittiin Suomen eduskunta- ja EU-vaaleihin liittyvää Twitterissä tapahtuvaa automatisoitua toimintaa. Tulosten perusteella tällaista toimintaa esiintyi. Toiminnan määrä ja vaikuttavuus olivat kuitenkin huomattavasti alhaisempia kuin vastaavilla menetelmillä tehdyissä tutkimuksissa esimerkiksi Yhdysvaltojen vuoden 2018 vaaleissa. Boteiksi luokiteltujen tilien tuottaman sisällön eroavaisuuksia normaalien käyttäjien tuottamaan sisältöön tutkittiin. Kummatkin ryhmät keskustelivat pääosin samoista aiheista mutta eri suhteissa. Botit esimerkiksi puhuivat selkeästi suuremmalla todennäköisyydellä tietyistä aiheista kuin normaalit käyttäjät. Havaintojemme perusteella automatisoidut tilit erosivat normaaleista tileistä myös seuraajien lukumäärän, tilin luomispäivän sekä jaettujen linkkien lähteiden suhteen. Tutkitut vuorovaikutusverkostot olivat polarisoituneita, ja automatisoitu toiminta jakautui verkon sisällä epätasaisesti. Automatisoidun vaikuttamisen tutkiminen sosiaalisessa mediassa sisältää haasteita ja vaatii jatkuvaa kehitystyötä.
  • Data-driven modelling of human behaviour with complex networks
    (2024) Takko, Tuomas
     School of Science | Doctoral dissertation (article-based)
    Evolving environments and a growing number of sources for data offer new and interesting possibilities for studying the behaviour of individuals, groups and populations. This data from mobile phones, websites and social media provides opportunities for creating data-driven models where the occurring events, such as pandemics, can be considered as natural experiments in the given system altering the human behaviour therein. In addition to observational data, conducting controlled game experiments with agents and humans can be used for studying micro-level actions and decisions in order to understand the behavioural aspects relevant to emerging sociotechnical systems. Data-driven modelling typically focuses on prediction and explanation of the studied phenomena. Where models with high complexity have been shown to excel in prediction accuracy, interpretable and explainable models are appropriate for studying the complex human behaviour. This doctoral thesis presents data-driven modelling paradigms in studying human behaviour in cooperative games, mobility and cyber space using complex networks. The four research articles focus on interpreting human behaviour and decision-making in the sets of data through the modelling frameworks. The first two publications study the human decision making in a cooperative game with non-overlapping information and the effects from the presence of autonomous agents by conducting two game experiments. First we present a computational model based on probability matching and show that the human perception of risk during the experiment was near optimal while the rationality of choices was not. In the second publication the model is used for agents in a human-agent hybrid experiment. The group composition of humans and agents was shown to affect the game performance and the adaptation to the strategies of the agents with different game objective. The third publication studies human mobility during the COVID-19 pandemic in Finland using aggregated data from mobile phones. We consider the activity data as a set of bipartite networks and investigate projected exposure networks between postal code areas. The projected networks are modelled using gravity and radiation models with population data over the years 2019--2021 and the changes in the networks and model coefficients are analyzed in relation to the pandemic and the related effects of non-pharmaceutical interventions. The model parameters are shown to remain stable before the pandemic and once the pandemic begins they show a correlation to indices of intervention stringency. The final article of this dissertation presents a novel framework for constructing knowledge graphs from unstructured reports of cyber-attacks to create a systemic model for visual analysis for domain experts and for estimating risk in the network of entities connected by their high-level relationships and attributes. We implement the framework pipeline and evaluate the risk measure using a collected set of news reports.
  • Human-agent coordination in a group formation game
    (2021-05-24) Takko, Tuomas; Bhattacharya, Kunal; Monsivais, Daniel; Kaski, Kimmo
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Coordination and cooperation between humans and autonomous agents in cooperative games raise interesting questions on human decision making and behaviour changes. Here we report our findings from a group formation game in a small-world network of different mixes of human and agent players, aiming to achieve connected clusters of the same colour by swapping places with neighbouring players using non-overlapping information. In the experiments the human players are incentivized by rewarding to prioritize their own cluster while the model of agents’ decision making is derived from our previous experiment of purely cooperative game between human players. The experiments were performed by grouping the players in three different setups to investigate the overall effect of having cooperative autonomous agents within teams. We observe that the human subjects adjust to autonomous agents by being less risk averse, while keeping the overall performance efficient by splitting the behaviour into selfish and cooperative actions performed during the rounds of the game. Moreover, results from two hybrid human-agent setups suggest that the group composition affects the evolution of clusters. Our findings indicate that in purely or lesser cooperative settings, providing more control to humans could help in maximizing the overall performance of hybrid systems.
  • Knowledge mining of unstructured information: application to cyber domain
    (2023-12) Takko, Tuomas; Bhattacharya, Kunal; Lehto, Martti; Jalasvirta, Pertti; Cederberg, Aapo; Kaski, Kimmo
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Information on cyber-related crimes, incidents, and conflicts is abundantly available in numerous open online sources. However, processing large volumes and streams of data is a challenging task for the analysts and experts, and entails the need for newer methods and techniques. In this article we present and implement a novel knowledge graph and knowledge mining framework for extracting the relevant information from free-form text about incidents in the cyber domain. The computational framework includes a machine learning-based pipeline for generating graphs of organizations, countries, industries, products and attackers with a non-technical cyber-ontology. The extracted knowledge graph is utilized to estimate the incidence of cyberattacks within a given graph configuration. We use publicly available collections of real cyber-incident reports to test the efficacy of our methods. The knowledge extraction is found to be sufficiently accurate, and the graph-based threat estimation demonstrates a level of correlation with the actual records of attacks. In practical use, an analyst utilizing the presented framework can infer additional information from the current cyber-landscape in terms of the risk to various entities and its propagation between industries and countries.
  • Koneoppiminen aivokäyttöliittymässä
    (2016-09-18) Takko, Tuomas
     Sähkötekniikan korkeakoulu | Bachelor's thesis
  • Modelling exposure between populations using networks of mobility during COVID-19
    (2023) Takko, Tuomas; Bhattacharya, Kunal; Kaski, Kimmo
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    The use of mobile phone call detail records and device location data for the calling patterns, movements, and social contacts of individuals, have proven to be valuable for devising models and understanding of their mobility and behaviour patterns. In this study we investigate weighted exposure networks of human daily activities in the capital region of Finland as a proxy for contacts between postal code areas during the pre-pandemic year 2019 and pandemic years 2020, 2021 and early 2022. We investigate the suitability of gravity and radiation type models for reconstructing the exposure networks based on geo-spatial and population mobility information. For this we use a mobile phone dataset of aggregated daily visits from a postal code area to cellphone grid locations, and treat it as a bipartite network to create weighted one mode projections using a weighted co-occurrence function. We fit a classical gravity model and a radiation model to the averaged weekly and yearly projection networks with geo-spatial and socioeconomic variables of the postal code areas and their populations. We also consider an extended gravity type model comprising of additional postal area information such as distance via public transportation and population density. The results show that the co-occurrence of human activities, or exposure, between postal code areas follows both the gravity and radiation type interactions, once fitted to the empirical network. The effects of the pandemic beginning in 2020 can be observed as a decrease of the overall activity as well as of the exposure of the projected networks. These effects can also be observed in the network structure as changes towards lower clustering and higher assortativity. Evaluating the parameters of the fitted models over time shows on average a shift towards a higher exposure of areas in closer proximity as well as a higher exposure towards areas with larger population. In general, the results show that the postal code level networks changed to be more proximity weighted after the pandemic began, following the government imposed non-pharmaceutical interventions, with differences based on the geo-spatial and socioeconomic structure of the areas.
  • Sentence Embeddings in Topic Modeling: Analysing News Articles through Cybersecurity Concepts
    (2023-01-16) Pykälä, Lauri
     Perustieteiden korkeakoulu | Master's thesis
    Emerging cybersecurity threats warrant a rethinking of effective countermeasures at the strategic level. Treating technology as isolated from geopolitics carries the risk of neglecting the vital role that mutual trust sustains in the security of critical infrastructure like 5G networks. National cybersecurity strategies serve a dual purpose. Primarily, they are guidelines for tackling practical concerns. Moreover, they can inform the public about the necessity of the compromise between liberty and security. Mass media have a vital role as the ‘fourth branch of government’ in framing the public debate around potentially controversial policies. Hundreds of articles published between 2011 and 2020 by the Finnish public service media company include mentions of Huawei, a Chinese telecommunications company entangled in a debate of cybersecurity, geopolitics and technologies. Computational text analysis is a toolkit to facilitate qualitative research on corpuses that are too large for manual analysis. One widely adopted approach, known as topic modelling, is based on analyzing statistical patterns of co-occurring words to obtain higher-level themes. Modern language models are trained on enormous volumes of textual data to become capable of ‘filling in the blanks’ for new sentences. As an intermediate step, numerical representations of text called embeddings are produced. Repurposing sentence embeddings from such models is being investigated as an alternative approach to topic modeling. In this thesis, embeddings from a BERT type language model were computed for all sentences in the Yle news dataset that mentioned Huawei. The 768-dimensional sentence vectors were projected into lower-dimensional representations using UMAP. A graphical interface was developed to explore the 2D vectors as scatter plots, and the corresponding 5D ones were clustered with HDBSCAN. This visualization was interactively probed to fine-tune the collection of parameters in order to obtain interpretable groupings of sentences. Keyword lists were compiled for each cluster using a version of TF-IDF to describe each sentence clusters’ characteristic nouns, verbs and adjectives. A workflow based on thematic analysis was developed to refine the computational results into conceptual abstractions. The cluster keywords were categorized, based on which three general themes were then found. Themes included allegations of misconduct levied at the company and their responses to them, discussion of the telecommunications market as well as coverage of products from a consumer perspective. The significance of these themes is discussed in relation to the background concepts from cybersecurity strategies.
  • Study on Modelling Human Behavior in Cooperative Games
    (2019-08-19) Takko, Tuomas
     Perustieteiden korkeakoulu | Master's thesis
    Modelling human behavior provides insight into the underlying decision making mechanisms, allows evaluation of performance and provides a framework for replicat- ing the behaviour with autonomous agents. The behaviour can be observed from game situations, where the human subjects are making decisions in order to obtain rewards, for example. In this thesis we introduce a novel network-based game of group formation. The game is a limited information game that requires interactions between players with non-overlapping information. The game was implemented as an application for experiments and two different sessions with varying incentives were held in 2017 and 2018. The results from the 2017’s fully cooperative experiment were used to develop a data driven model based on probability matching for evaluating the effectiveness of the human behaviour as well as constructing autonomous agents or bots replicating the human subjects. The experiment in 2018 had an individualistic reward function and 3 treatments with varying hybrid groups of humans and bots. The behaviour of the human subjects was analyzed and compared to the previous cooperative setting and the differences between hybrid and non-hybrid treatments were measured. The study also includes a novel learning model in the style of Q-learning. The model was used as a benchmark for the probability matching model as well as a prior evaluation tool for the 2018 experiment. The results show that the human subjects’ risk perception is close to optimal, but the rationality behind decision making is not, when measured using the proposed framework. In an individualistic experiment, the human subjects’ behaviour was observed to be changed by the bots.
  • Version-Sensitive Network Traffic Classification for Kubernetes Applications
    (2024-12-31) Hirvensalo, Aleksi
     School of Science | Master's thesis
    Network traffic classification is a crucial area in cybersecurity and network management, enabling effective monitoring and analysis of data flows. However, existing methods often lack the granularity needed to identify subtle differences, such as those between application versions, limiting their utility in dynamic, real-life scenarios. Despite the growing importance of detailed traffic analysis, there has been no research into fine-grained classification methods to differentiate between application versions. Current techniques fall short in addressing the subtle nuances in network behavior introduced by different versions of the same application. Furthermore, there are no suitable datasets that would allow exploring version-sensitive network traffic classification. This thesis introduces a novel, version-sensitive framework for network traffic classification. The framework is designed to detect and distinguish subtle changes between application versions by integrating machine learning and fingerprinting mechanisms. The methodology involves data collection, fingerprint generation, and classification using a custom experimental setup within a Kubernetes environment. The proposed framework demonstrates the ability to accurately classify and differentiate application versions, achieving an accuracy rate of 95.9\%, even in dynamic network scenarios. Additionally, the research contributes to the field by publishing a new dataset, which provides a foundation for future studies on fine-grained traffic analysis. This research underscores the potential for enhancing network security and management through advanced traffic classification techniques. By paving the way for more adaptive and precise systems, this work contributes a significant step forward in the development of fine-grained network traffic analysis tools.