Reinforcement Learning (RL) refers to a branch of Artificial Intelligence (AI) that is able to achieve complex goals by maximizing a reward function in real-time. Given that RL based approaches can basically be applied to any optimization problem, its enterprise adoption is picking up fast. In this talk, we will focus on Industrial Control Systems, and show why RL is 'best fit' for many control optimization problems, from controlling combustion engines, to robotic arms cutting metals, to air conditioning systems in buildings.
SA is a global optimization technique.
It distinguishes between different local optima.
It is a memory less algorithm & the algorithm does not use any information gathered during the search.
SA is motivated by an analogy to annealing in solids.
& it is an iterative improvement algorithm.
Slides from my presentation of Richard Sutton and Andrew Barto's "Introduction to Reinforcement Learning Chapter 1"
Video (https://www.youtube.com/watch?v=4SLGEq_HZxk&t=2s)
Explainable AI makes the algorithms to be transparent where they interpret, visualize, explain and integrate for fair, secure and trustworthy AI applications.
SA is a global optimization technique.
It distinguishes between different local optima.
It is a memory less algorithm & the algorithm does not use any information gathered during the search.
SA is motivated by an analogy to annealing in solids.
& it is an iterative improvement algorithm.
Slides from my presentation of Richard Sutton and Andrew Barto's "Introduction to Reinforcement Learning Chapter 1"
Video (https://www.youtube.com/watch?v=4SLGEq_HZxk&t=2s)
Explainable AI makes the algorithms to be transparent where they interpret, visualize, explain and integrate for fair, secure and trustworthy AI applications.
The slides defines IoT and show the differnce between M2M and IoT vision. It then describes the different layers that depicts the functional architecture of IoT, standard organizations and bodies and other IoT technology alliances, low power IoT protocols, IoT Platform components, and finally gives a short description to one of IoT low power application protocols (MQTT).
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
This Cybersecurity webinar addresses issues of importance to executive, technical, and academic professionals involved with managing and protecting Electric Utilities and Smart Grids. Cyber threats and vulnerabilities, including cyber attacks, will be addressed; as well as Smart Grid trends, and privacy and data integrity issues. United States, European, and International organizations and initiatives to address cybersecurity for utilities will be discussed. The webinar will conclude with strategies to improve cybersecurity. A second cybersecurity webinar (programmed in September 2017) will address best practices, case studies, and legal and regulatory constraints for architecting smart grids in a secure way.
The GENETIC ALGORITHM is a model of machine learning which derives its behavior from a metaphor of the processes of EVOLUTION in nature. Genetic Algorithm (GA) is a search heuristic that mimics the process of natural selection. This heuristic (also sometimes called a metaheuristic) is routinely used to generate useful solutions to optimization and search problems.
Introductory presentation to Explainable AI, defending its main motivations and importance. We describe briefly the main techniques available in March 2020 and share many references to allow the reader to continue his/her studies.
Explainable AI (XAI) is becoming Must-Have NFR for most AI enabled product or solution deployments. Keen to know viewpoints and collaboration opportunities.
The slides defines IoT and show the differnce between M2M and IoT vision. It then describes the different layers that depicts the functional architecture of IoT, standard organizations and bodies and other IoT technology alliances, low power IoT protocols, IoT Platform components, and finally gives a short description to one of IoT low power application protocols (MQTT).
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
This Cybersecurity webinar addresses issues of importance to executive, technical, and academic professionals involved with managing and protecting Electric Utilities and Smart Grids. Cyber threats and vulnerabilities, including cyber attacks, will be addressed; as well as Smart Grid trends, and privacy and data integrity issues. United States, European, and International organizations and initiatives to address cybersecurity for utilities will be discussed. The webinar will conclude with strategies to improve cybersecurity. A second cybersecurity webinar (programmed in September 2017) will address best practices, case studies, and legal and regulatory constraints for architecting smart grids in a secure way.
The GENETIC ALGORITHM is a model of machine learning which derives its behavior from a metaphor of the processes of EVOLUTION in nature. Genetic Algorithm (GA) is a search heuristic that mimics the process of natural selection. This heuristic (also sometimes called a metaheuristic) is routinely used to generate useful solutions to optimization and search problems.
Introductory presentation to Explainable AI, defending its main motivations and importance. We describe briefly the main techniques available in March 2020 and share many references to allow the reader to continue his/her studies.
Explainable AI (XAI) is becoming Must-Have NFR for most AI enabled product or solution deployments. Keen to know viewpoints and collaboration opportunities.
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...Oliver Barreto Rodríguez
SLALOM organized two live sessions to present the final versions of our legal terms and technical specifications for #Cloud #SLAs. The sessions provide examples showing how to practically apply SLALOM to improve current practice in the industry for # Cloud #SLAs and support development of cloud computing metrics.
The first webinar covered SLALOM Technical track "Using metrics to improve Cloud SLAs".
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
Achieving quality engineering through descriptive and analytical models
Systems architecture design is a key activity that affect the
overall systems engineering cost. It is hence fundamental
to ensure that the system architecture reaches a proper quality.
In this paper, we leverage on MBSE approaches and complement them
with simulation techniques, as a prom-ising way to improve the quality of the system architecture definition, and to come up with inno-vative solutions while securing the systems engineering process.
Cloud computing business framework
Victor Chang, Leeds Beckett University
International conference on
“DATA, DIGITAL BUSINESS MODELS, CLOUD COMPUTING AND ORGANIZATIONAL DESIGN”
24-25 November 2014 ,
Université Paris –Sud
IMPACT OF RESOURCE MANAGEMENT AND SCALABILITY ON PERFORMANCE OF CLOUD APPLICA...IJCSEA Journal
Cloud computing facilitates service providers to rent their computing capabilities for deploying
applications depending on user requirements. Applications of cloud have diverse composition,
configuration and deployment requirements. Quantifying the performance of applications in Cloud
computing environments is a challenging task. In this paper, we try to identify various parameters
associated with performance of cloud applications and analyse the impact of resource management and
scalability among them.
IMPACT OF RESOURCE MANAGEMENT AND SCALABILITY ON PERFORMANCE OF CLOUD APPLICA...IJCSEA Journal
Cloud computing facilitates service providers to rent their computing capabilities for deploying
applications depending on user requirements. Applications of cloud have diverse composition,
configuration and deployment requirements. Quantifying the performance of applications in Cloud
computing environments is a challenging task. In this paper, we try to identify various parameters
associated with performance of cloud applications and analyse the impact of resource management and
scalability among them.
IMPACT OF RESOURCE MANAGEMENT AND SCALABILITY ON PERFORMANCE OF CLOUD APPLICA...IJCSEA Journal
Cloud computing facilitates service providers to rent their computing capabilities for deploying applications depending on user requirements. Applications of cloud have diverse composition, configuration and deployment requirements. Quantifying the performance of applications in Cloud computing environments is a challenging task. In this paper, we try to identify various parameters associated with performance of cloud applications and analyse the impact of resource management and scalability among them.
Similar to Data-Driven (Reinforcement Learning-Based) Control (20)
Constraints Enabled Autonomous Agent Marketplace: Discovery and MatchmakingDebmalya Biswas
The recent advances in Generative AI have renewed the discussion around Auto-GPT, a form of autonomous agent that can execute complex tasks, e.g., make a sale, plan a trip, etc. We focus on the discovery aspect of agents, i.e., identifying the agent(s) capable of executing a given task. This implies that there exists a
marketplace with a registry of agents - with a well-defined description of the agent capabilities and constraints.
In this paper, we outline a constraints based model to specify agent services. We show how the constraints of a composite agent can be derived and described in a manner consistent with respect to the constraints of its component agents. Finally, we discuss approximate matchmaking, and show how the notion of bounded inconsistency can be exploited to discover agents more efficiently.
The growing adoption of Gen AI, esp. LLMs, has re-ignited the discussion around AI Regulations — to ensure that AI/ML systems are responsibly trained and deployed. Unfortunately, this effort is complicated by multiple governmental organizations and regulatory bodies releasing their own guidelines and policies with little to no agreement on the definition of terms.
In this talk, we will provide an overview explaining the key Responsible AI aspects: Explainability, Bias, and Accountability. We will then outline the Gen AI usage patterns and show how the three aspects can be integrated at different stages of the LLMOps (MLOps for LLM) pipeline. We summarize the learnings in the form of Gen AI design patterns that can be readily applied to enterprise use-cases.
Enterprise adoption of AI/ML services has significantly accelerated in recent years. However, the majority of ML models are still developed with the goal of solving a single task, e.g., prediction, classification. In this talk, we emphasize on the compositionality aspect that enables seamless composition / orchestration of existing data and models addressing complex multi-domain use-cases. This enables reuse, agility, and efficiency in model development and maintenance efforts. We then extend this concept to the Generative AI world, discussing the different LLMOps architectural patterns enabling composition of Large Language Models (LLMs) and AI Agents.
Regulating Generative AI - LLMOps pipelines with TransparencyDebmalya Biswas
The growing adoption of Gen AI, esp. LLMs, has re-ignited the discussion around AI Regulations — to ensure that AI/ML systems are responsibly trained and deployed. Unfortunately, this effort is complicated by multiple governmental organizations and regulatory bodies releasing their own guidelines and policies with little to no agreement on the definition of terms.
Rather than trying to understand and regulate all types of AI, we recommend a different (and practical) approach in this talk based on AI Transparency —
to transparently outline the capabilities of the AI system based on its training methodology and set realistic expectations with respect to what it can (and cannot) do.
We outline LLMOps architecture patterns and show how the proposed approach can be integrated at different stages of the LLMOps pipeline capturing the model's capabilities. In addition, the AI system provider also specifies scenarios where (they believe that) the system can make mistakes, and recommends a ‘safe’ approach with guardrails for those scenarios.
Enterprise adoption of AI/ML services has significantly accelerated in the last few years. However, the majority of ML models are still developed with the goal of solving a single task, e.g., prediction, classification. In this context, Compositional AI envisions seamless composition of existing AI/ML services, to provide a new (composite) AI/ML service, capable of addressing complex multi-domain use-cases. In this work, we consider two MLOps aspects that need to be enabled to realize Composable AI scenarios: (i) integration of DataOps and MLOps, and (ii) extension of the integrated DataOps-MLOps pipeline such that inferences made by a deployed ML model can be provided as training dataset for a new model. In an enterprise AI/ML environment, this enables reuse, agility, and efficiency in development and maintenance efforts.
A Privacy Framework for Hierarchical Federated LearningDebmalya Biswas
Federated Learning (FL) enables heterogeneous entities to collaboratively develop an optimized (global) model by sharing data and models in a privacy preserving fashion. We consider a Hierarchical Federated Learning (HFL) environment with data ownership split among the entities representing the edge nodes. Each node can train models on the data they own, as well as request access to data and model(s) owned by their descendant nodes-to optimize their models, perform transfer learning on new data, and develop an ensemble model. Unfortunately, a practical realization of HFL is challenging today due to issues with data/model lineage tracking and providing subsequent privacy guarantees. In this paper, we propose a conceptual framework for HFL by capturing the data/model attributes at each node, including their privacy exposure. The framework enables scenarios where a node output may expose certain attributes of its underlying data, as well as identifying models in the hierarchy that need to be updated once a user whose data was used in their training has opted-out. By designing the computations appropriately and limiting the exposure by the nodes, we show that different levels of privacy can be guaranteed.
Edge AI Framework for Healthcare ApplicationsDebmalya Biswas
Edge AI enables intelligent solutions to be deployed on edge devices, reducing latency, allowing offline execution, and providing strong privacy guarantees. Unfortunately, achieving efficient and accurate execution of AI algorithms on edge devices, with limited power and computational resources, raises several deployment challenges. Existing solutions are very specific to a hardware platform/vendor. In this work, we present the MATE framework that provides tools to (1) foster model-to-platform adaptations, (2) enable validation of the deployed models proving their alignment with the originals, and (3) empower engineers and architects to do it efficiently using repeated, but rapid development cycles. We finally show the practical utility of the proposal by applying it on a real-life healthcare body-pose estimation app.
Abstract. Enterprise adoption of AI/ML services has significantly accelerated in the last few years. However, the majority of ML models are still developed with the goal of solving a single task, e.g., predictiction, classification. In this talk, Debmalya Biswas will present the emerging paradigm of Compositional AI, also known as, Compositional Learning. Compositional AI envisions seamless composition of existing AI/ML services, to provide a new (composite) AI/ML service, capable of addressing complex multi-domain use-cases. In an enterprise context, this enables reuse, agility, and efficiency in development and maintenance efforts.
Ethical AI: Establish an AI/ML Governance framework addressing Reproducibility, Explainability, Bias & Accountability for Enterprise AI use-cases.
Presentation on “Open Source Enterprise AI/ML Governance” at Linux Foundation’s Open Compliance Summit, Dec 2020 (https://events.linuxfoundation.org/open-compliance-summit/)
Full article: https://towardsdatascience.com/ethical-ai-its-implications-for-enterprise-ai-use-cases-and-governance-81602078f5db
Abstract. With chatbots gaining traction and their adoption growing in different verticals, e.g. Health, Banking, Dating; and users sharing more and more private information with chatbots — studies have started to highlight the privacy risks of chatbots. In this paper, we propose two privacy-preserving approaches for chatbot conversations. The first approach applies ‘entity’ based privacy filtering and transformation, and can be applied directly on the app (client) side. It however requires knowledge of the chatbot design to be enabled. We present a second scheme based on Searchable Encryption that is able to preserve user chat privacy, without requiring any knowledge of the chatbot design. Finally, we present some experimental results based on a real-life employee Help Desk chatbot that validates both the need and feasibility of the proposed approaches.
Reinforcement Learning based HVAC Optimization in FactoriesDebmalya Biswas
Heating, Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the temperature and humidity settings in a building. Studies have shown that HVAC accounts for almost 50% energy consumption in a building and 10% of global electricity usage. HVAC optimization thus has the potential to contribute significantly towards our sustainability goals, reducing energy consumption and CO2 emissions. In this work, we explore ways to optimize the HVAC controls in factories. Unfortunately, this is a complex problem as it requires computing an optimal state considering multiple variable factors, e.g. the occupancy, manufacturing schedule, temperature requirements of operating machines, air flow dynamics within the building, external weather conditions, energy savings, etc. We present a Reinforcement Learning (RL) based energy optimization model that has been applied in our factories. We show that RL is a good fit as it is able to learn and adapt to multi-parameterized system dynamics in real-time. It provides around 25% energy savings on top of the previously used Proportional–Integral–Derivative (PID) controllers.
Delayed Rewards in the context of Reinforcement Learning based Recommender ...Debmalya Biswas
We present a Reinforcement Learning (RL) based approach to implement Recommender systems. The results are based on a real-life Wellness app that is able to provide personalized health / activity related content to users in an interactive fashion. Unfortunately, current recommender systems are unable to adapt to continuously evolving features, e.g. user sentiment, and scenarios where the RL reward needs to computed based on multiple and unreliable feedback channels (e.g., sensors, wearables). To overcome this, we propose three constructs: (i) weighted feedback channels, (ii) delayed rewards, and (iii) rewards boosting, which we believe are essential for RL to be used in Recommender Systems.
Building an enterprise Natural Language Search Engine with ElasticSearch and ...Debmalya Biswas
Presented at Berlin Buzzwords 2019
https://berlinbuzzwords.de/19/session/building-enterprise-natural-language-search-engine-elasticsearch-and-facebooks-drqa
Personalized services attract high-value customers. Knowing the preferences and habits of an individual customer, it is possible to offer to that customer well customized and adapted services, matching his needs and desires. This is advantageous for the entity offering the service (e.g., a retailer) as well, as it helps in creating additional sales or improve customer retention. The main unsolved problem today is that the profile of each individual customer would be necessary in order to create such services, posing severe risks regarding privacy and data protection. This paper proposes efficient encryption schemes that allow profiling to be outsourced while preserving privacy. The schemes ensure that the customer is always in control of his profile data, at the same time making shopping data across multiple retailers available to third party service providers to be able to provide targeted services.
Privacy Policies Change Management for SmartphonesDebmalya Biswas
The ever increasing popularity of apps stems from their ability to provide highly customized services for the user.
The flip side is that to provide such customized services, apps need access to very sensitive personal user information. This has led to a lot of rogue apps that e.g. pass personal information to 3rd party Ad servers in the background. Studies have shown that current app vetting processes which are mainly restricted to install time verification mechanisms are incapable of detecting and preventing such attacks. We argue that the missing fundamental aspect here is the inability to capture and control runtime characteristics of apps, e.g. we need to know not only the list of sensors that need to be accessed by an app but also their frequency of access. This leads to the need for an expressive policy language that in addition to the list of sensors, also allows specifying when, where and how frequently can they be accessed.
An expressive policy language has the disadvantage of making the task of an average user more difficult in setting and analyzing the consequences of his privacy settings. Further, privacy polices evolve over time. Over time, users are likely to change their privacy settings, as a response to a recently discovered vulnerability, or to be able to install that “much desired” app, etc. Such a policy change affects both already installed (may no longer be compliant) and previously rejected apps (may be compliant now).
In this paper, we propose an integrated privacy add-on that (i) compares the apps profiles vs. user’s privacy settings, outlining the points of conflict as well as the different ways in which they can be resolved. And (ii) provides efficient change management with respect to any changes in user privacy settings.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Data-Driven (Reinforcement Learning-Based) Control
1. DATA DRIVEN (REINFORCEMENT LEARNING BASED)
CONTROL
INDUSTRIAL APPLICATIONS OF REINFORCEMENT LEARNING
DEBMALYA BISWAS
WIPRO AI
2. AGENDA
Introduction
Reinforcement Learning (RL) Fundamentals
Industrial Control Systems
Control Theory Limitations
RL/Data-driven Control to the Rescue
Case Study: RL based HVAC Energy Optimization
3. INTRODUCTION
Knowledge
Base
Synthesize
Response
(Natural
Language
Generation -
NLG)
Understand User
Intent
(Natural Language
Understanding -
NLU)
Prompt (Natural
Language Query - NLQ)
Return Response
S
E
C
U
R
I
T
Y
User feedback loop
(Reinforcement
Learning with Human
Feedback - RLHF)
E
X
P
L
A
I
N
Reinforcement
Learning in
ChatGPT
A significant amount of
manual effort has been
incorporated in the
form of user feedback,
to improve the accuracy
of ChatGPT
leveraging
Reinforcement
Learning*.”
*E. Ricciardelli, D. Biswas. Self-improving Chatbots based
on Reinforcement Learning. 4th Multidisciplinary
Conference on Reinforcement Learning and Decision
Making (RLDM), 2019.
4. BACKGROUND
Reinforcement Learning (RL) Basics
- RL refers to a branch of AI/ML, which are targeted towards
goal-oriented problems.
- RL algorithms are able to achieve complex goals by
maximizing a reward function over many steps, e.g. the
points won in a game over many steps.
- The reward function works similar to incentivizing a child
with candy and spankings, such that the algorithm is
penalized when it takes a wrong decision and rewarded
when it takes a right one – this is reinforcement.
5. RL FORMULATION
RL Policy and Rewards Functions
- Reward: refers to the feedback by which we measure the
success or failure of an agent’s recommended action.
- Policy: is the strategy that the agent employs to select
the next best action.
- The roles and responsibilities of the Reward function vs. RL
Agent policies are not very well defined, and can vary
between architectures. A naïve understanding would be
that given an associated reward / cost with every state-
action pair, the policy would always try to minimize the
overall cost. Apparently, it seems that sometimes
keeping the ecosystem in a stable state can be
more important than minimizing the cost (e.g. in a
climate control use-case).
6. RL IN RECOMMENDATION SYSTEMS
Recommendation Systems
- Recommenders: Given a user profile and
categorized content, the system makes a
recommendation based on popularity,
interests, demographics, frequency and other
features.
- The reinforcement aspect of RL allows it to
adapt faster to real-time changes in user
sentiment and profile, without need for
explicit (re-)training.
- Enterprise adoption also seems to be gaining
momentum with the availability of Cloud APIs
(e.g. Azure Personalizer) and Google’s RecSim.
Article recommendation based on Azure
Personalizer
*D. Biswas. Delayed Rewards in the Context of Reinforcement
Learning based Recommender Systems. AAI4H@ECAI 2020: 49-
53
7. RL FOR INDUSTRIAL CONTROL
RL is a good fit for Industrial Control Systems as it is able to learn and adapt
to multi-parameterized system dynamics in real-time, without requiring any
knowledge of the underlying system model.
Leading to widespread adoption of RL in Control systems, from controlling
combustion engines, to robotic arms cutting metals, to air conditioning systems in
buildings.
“We define Data Driven Control as simply Machine Learning (ML) techniques
applied to Control Systems.”
We deep dive into the underlying reasons / trends, starting with an understanding of
the limitations of Control Theory for Control Systems.
8. CONTROL THEORY
System & Controller
A Control System consists of a System & Controller:
- System to control
- Controller applies a control strategy to control the system
in an optimal fashion.
Any strategy that the Controller can apply is constrained by:
- its knowledge of the system state — in most cases,
provided by the System Sensors;
- and the system parameters that it can control — also
referred to as the System Actuators. E.g., an engine can
only drive a car within a certain speed range, at a certain
acceleration..
9. CONTROL THEORY - LIMITATIONS
Linear Equations
Designing a control strategy then consists of solving the equations
characterizing the system behavior — often modeled in the form of
linear equations.
Most of Control Theory is targeted towards solving linear
equations.
Unfortunately, real-world systems are (mostly) non-linear. E.g., even
the equation to capture the motion of a pendulum is non-linear.
There has been a lot of research on linearization methods, basically
techniques to convert non-linear equations to linear ones and then
trying to solve them using linear state space control theory.
Unfortunately, such linearization methods are very
limited to specific classes of non-linear equations and
cannot be generalized easily.
10. CONTROL THEORY – LIMITATIONS (2)
Model Driven Control
A model of the system and its corresponding
equations are required.
This is the reason that traditional control strategies,
also referred to as Model Driven Control, still
exclude a lot of systems that we do not know how to
model (whose system equations are not known).
And, the complexity of such systems is only increasing
day by day, where we want to solve hyper-scale
problems, e.g., climate control, disease control,
automated vehicles, financial markets, etc.
11. MACHINE LEARNING (ML) TO THE RESCUE
Data Driven Control
ML/Data based approaches show a lot of
promise in this context.
The underlying logic here is that even for a very high
dimensional system that we cannot model, there are
dominant patterns that characterize the system
behavior — and Machine Learning (Deep
Learning) is very good at learning these
patterns.
This would (most likely) be an approximation, and
while we still would not understand the system fully
— it is good enough for most real-life use-cases
(including predictions), barring some exceptional
scenarios.
12. MODEL BASED RL
Offline Training
RL allows further fine-tuning the
developed ML Model.
In Model based RL, it is possible to develop a
model of the problem scenario, and bootstrap
initial RL training based on the model
simulation values.
For complex scenarios (e.g. games, robotic tasks),
where it is not possible to build a model of the
problem scenario, it might still be possible to
bootstrap an RL model based on historical values –
referred to as Offline Training.
Structured
Raw /
Staging
(Bronze)
Cleansed /
Standardize
d (Silver)
Transformed
/ Modeled
(Gold)
Unstructure
d
BI / Reporting
AI/ML
Feature
extraction
Training
dataset
Test
dataset
Model
Training
Exploratory
Data
Analysis
Model
Serving
(Inference)
Model
Monitoring
DataOps DQ/Validation Filtering
Historization Aggregation
RL based Model
Improvement
DQ/Cleaning Encoding
Selection Normalization
ML Outputs
(Inferences,
Predictions )
*D. Biswas. MLOps for Compositional AI. NeurIPS Workshop on
Challenges in Deploying and Monitoring Machine Learning Systems
(DMML), 2022.
13. CASE STUDY: RL BASED HVAC ENERGY OPTIMIZATION
HVAC Optimization
The primary goal of the the HVAC (Heating, Ventilation and Air
Conditioning) units is to keep the temperature and
(relative) humidity within the prescribed manufacturing
tolerance ranges.
By controlling 4 Output valves: Cooling, Heating, Re-
heating and Humidifier. This needs to be balanced with
energy savings and CO2 emission reductions to offset
the environmental impact of running them.
This is a complex problem as it requires computing an
optimal state taking into account multiple variable factors,
e.g. the occupancy in a building zone, temperature
requirements of operating machines, air flow dynamics within
the building, external weather conditions, etc.
D. Biswas. Reinforcement Learning based Energy Optimization in
Factories. In proceedings of the 11th ACM e-Energy Conference, Jun
2020.
14. CASE STUDY: RL BASED HVAC ENERGY OPTIMIZATION (2)
HVAC -RL Formulation
At any point in time, a factory zone is in a state
characterized by the temperature and (relative)
humidity values observed inside and outside the
zone.
The game environment in this case corresponds
to the temperature and humidity tolerance levels,
which basically mandate that the zone temperature
and humidity values should be within the
range: 19–25 degrees and 45–55%.
The set of available actions in this case are the
Cooling, Heating, Re-heating and Humidifier valve
opening percentages (%).
15. CASE STUDY: RL BASED HVAC ENERGY OPTIMIZATION (3)
The Reward Function assigns a reward to each action based on the following three parameters:
A control strategy is to decide on the weightage of the three parameters: Setpoint Closeness (SC), Energy Cost
(EC), Tolerance Violation (TV). The Energy Cost is captured in terms of electricity consumption and CO2 emission.
Setpoint Closeness encourages a "business friendly" policy where the RL model attempts to keep the zone temperature
as close as possible to the temperature / humidity setpoints, implicitly reducing the risk of violations, but at a higher
Energy Cost.
We opt for a "balanced” control policy which maximizes Energy Savings and Setpoint Closeness, while
minimizing the risk of Tolerance Violations.
16. CASE STUDY: RL BASED HVAC ENERGY OPTIMIZATION (4)
Optimization Results
Within a 6-month pilot, we were able to develop
and operationalize a RL based HVAC controller
that is able to learn and adapt to real-life factory
settings, without the need for any offline training.
It showcases the successful transition of an
Industrial Control System run by a traditional
PID controller for the last 10+ years, to a more
efficient RL based controller.
Benchmarking results show the potential to
save up to 25% in energy efficiency (as
compared to when they were operated by
PID controllers).