School of Information Technology and Engineering
Permanent URI for this collection
Browse
Browsing School of Information Technology and Engineering by Issue Date
Now showing 1 - 20 of 30
Results Per Page
Sort Options
Item Reinforcement Learning Based Layer Skipping Vision Transformer for Efficient Inference(Addis Ababa University, 2023-05) Amanuel Negash; Sammy Assefa (PhD)Recent advancements in language and vision tasks owe their success largely to the Transformer architecture. However, the computational requirements of these models have limited their applicability in resource-constrained environments. To address this issue, various techniques, such as Weight pruning, have been proven effective in reducing the deployment cost of such models. Additionally, methods tailored just for transformers, such as linear self-attention and token early exiting, have shown promise in making transformers more cost-effective. Nevertheless, these techniques often come with drawbacks such as decreased performance or additional training costs. This thesis proposes a layer-skipping dynamic vision transformer (ViT) network that skips layers depending on the given input based on decisions made by a reinforcement learning agent (RL). To the best of our knowledge, this work is the first to introduce such a model that not only significantly reduces the computational demands of transformers, but also improves performance. The proposed technique is extensively tested on various model sizes and three standard benchmarking datasets: CIFAR-10, CIFAR-100, and Tiny-ImageNet. First, we show that the dynamic models improve performance when compared to their state-of-the-art static counterparts. Second, we show that in comparison to these static models, they achieve an average inference speed boost of 53% across different model sizes, datasets, and batch sizes. Similarly, the technique lowers working space memory consumption by 53%, enabling larger input processing at a time without imposing an accuracy-speed trade-off. In addition, these models achieve very high accuracy when tested in transfer learning scenarios. We then show that, although these models have high accuracy, they can be optimized even more through post-training using genetic algorithms (NSGA-II). As such, we propose the joint RL-NSGA-II optimization technique, where the GA is aware of the dynamics of skipping through the RL reward. These optimized models achieve competitive performance compared to the already high-performing dynamic models while reducing the number of layers by 33%. In real-world applications, the technique translates to an average of 53% faster throughput, reduced power consumption, or lower computing costs without loss of accuracy.Item Improving Knowledge Distillation For Smaller Networks Via Reducing Regularization(Addis Ababa University, 2023-05) Mubarek Mohammed; Beakal Gizachew(PhD)Knowledge Distillation (KD) is one of the numerous model compression methods that help reduce the size of models to address problems that come with large models. In KD a bigger model termed the teacher, transfers its knowledge, referred to as the Dark Knowledge (DK), to a smaller network usually termed the student network. The key part of the mechanism is a Distillation Loss added in the loss term that plays adual role: one as a regularizer and one as a carrier of the categorical information to be transferred from the teacher to the student which is sometimes termed DK [1]. It is known that the conventional KD does not produce high compression rates. Existing works focus on improving the general mechanism of KD and neglect the strong regularization entangled with the DK in the KD mechanism. The impact of reducing the regularization effect that comes entangled with DK remained unexplored. This research proposes a novel approach, which we termed Dark Knowledge Pruning (DKP), to lower this regularization effect in the form of a newly added term on the Distillation Loss. Experiments done across representative and benchmark datasets and models demonstrate the effectiveness of the proposed mechanism. We find that it can help improve the performance of a student against the baseline KD even in extreme compression, a phenomenon normally considered not well suited for KD. An increment of 3% is achieved in performance with a less regularized network on CIFAR 10 dataset with ResNet teacher and student models against the baseline KD. It also improves the current reported smallest result on ResNET 8 on the CIFAR-100 dataset from 61.82% to 62.4%. To the best of our knowledge, we are also the first to study the effect of reducing the regularizing nature of the distillation loss in KD when distilling into very small students. Beyond bridging Pruning and KD in an entirely new way, the proposed approach improves the understanding of knowledge transfer, helps achieve better performance out of very small students via KD, and poses questions for further research in the areas of model efficiency and knowledge transfer. Furthermore, it is model agnostic and showed interesting properties, and can potentially be extended for other interesting research such as quantifying DK.Item A Hybrid Approach to Strike a Balance of Sampling Time and Diversity in Floorplan Generation(Addis Ababa University, 2024-05) Azmeraw Bekele; Beakal Gizachew. (PhD)Generative models have revolutionized various industries by enabling the generation of diverse outputs, and floorplan generation is one such application. Different methods, including GANs, diffusion models, and others, have been employed for floorplan generation. However, each method faces specific challenges, such as mode collapse in GANs and sampling time in diffusion models. Efforts to mitigate these issues have led to the exploration of techniques such as regularization methods, architectural modifications, knowledge distillation, and adaptive noise schedules. However, existing methods often struggle to effectively balance both sampling time and diversity simultaneously. In response, this thesis proposes a novel hybrid approach that amalgamates GANs and diffusion models to address the dual challenges of diversity and sampling time in floorplan generation. To the best of our knowledge, this work is the first to introduce a solution that not only balances sampling time and diversity but also enhances the realism of the generated floorplans. The proposed method is trained on the RPLAN dataset and combines the advantages of GANs and diffusion models while incorporating different techniques such as regularization methods and architectural modifications to optimize our objectives. To evaluate the effect of the denoising step, we experimented with different time steps and found better diversity results at T=20. The diversity of generated floorplans was evaluated using FID across the number of rooms, and the results of our model demonstrate an average 15.5% improvement over the state-of-the-art houseDiffusion model. Additionally, it reduces the time required for generation by 41% compared to the housediffusion model. Despite these advancements, it is acknowledged that the proposed research may encounter limitations in generating non-Manhattan floorplans and when dealing with complex layouts.Item Enhancing Neural Machine Translation Through Incorporation of Unsupervised Language Understanding and Generation Techniques: The Case of English-Afaan Oromo Translation(2024-05) Chala Bekabil; Fantahun Bogale (PhD)Breaking down language barriers is a paramount pursuit in the realm of Artificial Intelligence. Machine Translation (MT), a domain within Natural Language Processing (NLP), holds the potential to bridge linguistic gaps and foster global communication. Enhancing cross-cultural communication through MT will be realized only if we succeed in developing accurate and adaptable techniques which in turn demands adequate availability of linguistic resources. Unluckily, under-resourced languages face challenges due to limited linguistic resources and sparse parallel data. Previous studies tried to solve this problem by using monolingual pre-training techniques. However, such studies solely rely on either Language Understanding (LU) or Language Generation (LG) techniques resulting in skewed translation. This study aims to enhance translation outcomes beyond the capabilities of previous studies by marrying the concepts of LU and LG and hence boosting the quality of MT in both directions. Our proposed model, the BERT-GPT incorporated Transformer, combines SOTA language models, BERT and GPT, trained on monolingual data into the original Transformer model and demonstrates substantial improvements. Experimental results shows that translation quality leaps forward, as evidenced by a significant increase in the BLEU score reaching 42.09, from the baseline score of 35.75 for English to Afaan Oromo translation, and 44.51 from the baseline score of 40.35 for Afaan Oromo to English translation on test dataset. Notably, our model unveils a deep understanding of Afaan Oromo’s linguistic nuances, resulting in translations that are precise, contextually appropriate, and faithful to the original intent. By leveraging the power of unsupervised pre-training and incorporation of unsupervised LU and LG techniques to the transformer model, we pave the way for enhanced cross-cultural communication, advanced understanding and inclusivity in our interconnected world.Item Cybersecurity Incident Management Framework for Smart Grid Systems in Ethiopia(Addis Ababa University, 2024-06) Getinet Admassu; Henock Mulugeta (ጵህD)Merging OT and IT into smart grid systems brought along new advantages. Smart grids will be able to use this amalgamation to manage energy generation and transmission with minimal loss of energy, a factor that results in high efficiency. Besides that, integrating IT and OT into the smart grid presents real-time infrastructure management monitoring. On the other hand, this digital change subjected smart grids to many cybersecurity threats. This will be achieved by developing and implementing stable cybersecurity incident management systems to secure key infrastructures. Based on evidence from existing literature and expert judgments, this paper enumerates the principal challenges power utilities face in managing cybersecurity incidents. Then, it outlines a comprehensive cybersecurity incident management framework. This framework will, hence, enable power utilities to take on an active role and deal with relevant powers regarding cybersecurity incidents. Also, the model ensures that cybersecurity, concerning all strategic, engineering, procurement, construction, and operational aspects and involving all parties and resources concerned, is put together systematically. The underlying design science qualitative approach facilitated the development of this framework. It organizes sophisticated threat detection techniques and counter-threat strategies and correlates with Risk Management, Threat Analysis, Security Controls, Operational Models, and Management. They also involve real-time network traffic and system log monitoring, anomaly detection algorithms, intrusion detection, and prevention systems. Power utilities will significantly improve the ability to effectively detect and respond to cybersecurity-related events. The following threat scenarios, including organized DDoS and ransomware attacks as a taxonomy against the various components of the proposed framework, show how these smart grid technologies mentioned above can be used to develop effective solutions in response to cyber security incidents. It is indeed a systematic framework; it gives good advice. The recommendations will target particular challenge areas within the electric power industry and underpin its cybersecurity posture, with a view that our critical energy infrastructure will be reliable and capable of being counted upon in grace. This research encourages sustainable development and social welfare by resilience in cybersecurity for smart grid systems.Item Integrating Hierarchical Attention and Context-Aware Embedding For Improved Word Sense Disambiguation Performance Using BiLSTM Model(Addis Ababa University, 2024-06) Robbel Habtamu; Beakal Gizachew (PhD)Word Sense Disambiguation is a fundamental task in natural language processing, aiming to determine the correct sense of a word based on its context. Word sense ambiguity, such as polysomy, and semantic ambiguity poses significant challenges in the task of WSD. Recent advancements in research have focused on utilizing deep contextual models to address these challenges. However, despite this positive progress, semantical ambiguity remains a challenge, especially when dealing with polysomy words. This research introduces a new approach that integrates hierarchical attention mechanisms and BERT embeddings to enhance WSD accuracy. Our model, incorporating both local and global attention, demonstrates significant improvements in accuracy, particularly in complex sentence structures. To the best of our knowledge, our model is the first to incorporate hierarchical attention mechanisms integrated with contextual embedding. This integration enhances the model’s performance, especially when combined with the contextual model BERT as word embeddings. Through extensive experimentation, we demonstrate the effectiveness of our proposed model. Our research highlights several key points. First, we showcase the effectiveness of hierarchical attention and contextual embeddings for WSD. Second, we adapted the model to Amharic word sense disambiguation, demonstrating strong performance. Despite the lack of a standard benchmark dataset for Amharic WSD, our model performs 92.4% Accuracy on a self-prepared dataset. Third, our findings emphasize the importance of linguistic features in capturing relevant contextual information for WSD. We also note that Part-of-Speech (POS) tagging has a less significant impact on our English data, while word embeddings significantly impact model performance. Furthermore, applying local and global attention leads to better results, with local attention at the word level showing promising results. Overall, our model achieves state-of-the-art results in WSD within the same framework. Our results demonstrate a significant improvement of 1.8% to 2.9% F1 score over baseline models. We also achieve state-of-the-art performance on the Italian language by achieving 0.5% to 0.7% F1 score over baseline papers. These findings underscore the importance of considering contextual information in WSD, paving the way for more sophisticated and context-aware natural language processing systems.Item Identification and Classification of Illegal Dark Web Activities in East Africa Region(Addis Ababa University, 2024-08) Tariku Eshetu; Fitsum Assamnew (PhD)Online criminal activity manifests in various forms across the Surface, Deep, and Dark Web layers of the Internet. The darknet environment is notorious for various illegal activities, including financial crimes, hacking, recruitment for terrorism and extremism, child pornography, human organ trafficking, drug trafficking, and illegal arms trading. Law enforcement faces significant challenges in identifying specific criminal websites due to the ineffectiveness of traditional investigative techniques. In East Africa, the growth of technology has created economic and social opportunities, but it has also led to increased internet penetration and connectivity, making the region an attractive target for cybercriminals. Compounding the issue are the insufficient readiness of security organizations and a lack of user awareness, which further facilitate cybercrime. This thesis investigates the landscape of cybercrime on the Dark Web, focusing specifically on East African Internet Protocol (IP) address spaces, an area that has been largely under-researched in the existing literature. This research seeks to address a pronounced gap in knowledge regarding the types of illegal activities and associated protocols on the Dark Web, particularly given existing studies’ inadequacies in contextualizing research within East African socio-political frameworks. The research pivots around two key questions: (1) What types of protocols operate through the Dark Web in East African IP address spaces? and (2) What illegal activities are conducted through these protocols? The objectives of this study are multifaceted, aiming to develop a robust methodology for data collection and analysis from Tor exit nodes within the East African, classify the prevalent communication protocols, and categorize the diverse illegal activities identified. Through thorough examination of Tor network traffic, the study reveals crucial patterns, including a dominance of TCP and TLS protocols, smaller percentages using other protocols such as DATA, Bitcoin, HTTP, DNS, and SSH and with illicit activities significantly associated with drug, violence, and software piracy. The findings underscore the pressing need for tailored law enforcement strategies, informed policymaking, and collaborative regional approaches to manage the escalating threats. By innovatively integrating advanced data analytics techniques and multithreaded computing, this thesis provides a unique framework for ongoing cybercrime analysis, enhancing situational awareness for stakeholders and facilitating more effective monitoring of the Dark Web. The implications of this research extend beyond academic inquiry; it offers practical resources for law enforcement agencies, policymakers, and researchers in mitigating cyber threats, thereby contributing to a safer digital environment in East Africa.Item Framework for PKI Implementation: Optimizing Project Management in Ethiopia(Addis Ababa University, 2024-09) Binyam Ayele; Henock Mulugeta (PhD)In today's increasingly digital world, the security of online communications and transactions is paramount. Public Key Infrastructure (PKI) has emerged as a cornerstone technology for ensuring secure, authenticated, and confidential digital interactions. However, the implementation of PKI projects remains challenging due to its inherent complexities, including certificate management, key distribution, and system integration, National legal framework contradictions & Limitations, lack of interoperability. The lack of a standardized implementation framework further exacerbates these challenges, leading to inconsistent and often flawed deployments that fail to leverage the full potential of PKI. This study investigates the importance of optimizing a PKI Project implementation framework that support the establishment of a national or organizational PKI project at national or organizational level by developing a comprehensive framework that mitigate PKI project implementation challenges. The study seeks to address the critical need for a comprehensive PKI Project Implementation Framework that can guide organizations in navigating the complexities of PKI deployment. The problem under investigation is the absence of standardized and generic framework and best practices for PKI implementation, which has resulted in varied levels of security and effectiveness across different sectors. The study aims to develop a framework that is adaptable to diverse organizational contexts, ensuring that PKI systems are implemented in a manner that is both secure and scalable. To achieve this goal, a systematic literature review (SLR) methodology will be employed as the primary research method. The SLR will systematically identify, evaluate, and synthesize existing research on PKI implementation, focusing on the challenges, best practices, and potential solutions proposed in the literature. By analyzing a wide range of studies, the SLR will provide a comprehensive understanding of the current state of PKI implementation and identify gaps that the proposed framework can address. This method will ensure a rigorous and evidence-based approach to the development of the PKI Project Implementation Framework. This research focused on developing a PKI implementation framework that assist PKI project management. A case study and Key Performance Indictor (KPI) is incorporated to evaluate the proposed framework. As a direct outcome of this study, stakeholders who have plans to implement PKI within Ethiopia or other country will obtain a proactive understanding of potential implementation considerations that should be taken.Item Optimizing Intrusion Detection Systems with Ensemble Deep Learning: A Comparative Study of RNN and LSTM Architectures(Addis Ababa University, 2024-10) Admasu Awash; Henock Mulugeta (PhD)Nowadays, due to the complexity and severity of security attacks on computer networks attackers can launch a variety of attacks against organizational networks using a variety of methods in order to access, modify, or delete crucial data. The rise in cyberattacks has made it necessary to create reliable and effective intrusion detection systems (IDS) that can instantly recognize malicious activity. IDS, which can automatically and quickly detect and categorize cyberattacks at host and network levels, has made substantial use of machine learning techniques. Although ML techniques like K Nearest Neighbor and Support Vector Machines have been used to building IDSs, those systems still have a high false alarm rate and poor accuracy. Many security researchers are integrating different machine learning approaches to protect the data and reputation of the organizations. Deep learning algorithms have emerged as a forceful instrument in this field and these can detect with better precision than conventional techniques. Recently, Deep learning has become more well-known in network-based intrusion detection systems, enhancing their efficiency in safeguarding hosts and computer networks. In the field of deep learning, ensemble learning has appeared as a potent method that improves the performance of single models by combining several of them. The present study employed two architectures of recurrent neural networks (RNNs), namely simple recurrent neural networks and long shortterm memory (LSTM), in order to investigate the possible applicability of ensemble learning in intrusion detection systems (IDS). RNNs are suited for predicting sequential data in IDS by identifying temporal relations in network traffic. LSTMs, which are a kind of RNN, can deal with long-term dependencies well and help avoid vanishing gradient problem that is important in identifying complicated intrusion model.The performance of designed model and the IDS were evaluated using LITNET2020 publicly available dataset under performance evaluation metrics. In multiclass classification the ensemble model fared better than LSTM, yielding accuracy and precious 99.981% and 99.965%, respectively, whereas LSTM provided accuracy and precious of 99.638% and 99.451 %, respectively. Additionally, the suggested ensemble approach produced superior in multi-classification results for the various types of intrusions.Item Cybersecurity Maturity Assessment Framework: The Case of Ethiopian Banks(Addis Ababa University, 2024-10) Yafet Ashebir; Elefelious Getachew (PhD)As the banking sector becomes a key player in globalized cyberspace with increasing reliance on digital services, it is prone to a wide range of emerging cybersecurity risks. As cybersecurity can only be achieved through a well-organized set of controls; existing cybersecurity maturity frameworks, while comprehensive and vague, fail to address the unique cybersecurity challenges faced by Ethiopian banks. The literature review discovered that no study has proposed a cybersecurity maturity assessment framework for the Ethiopian banking sector. This study aims to propose a customized framework by reviewing multiple cybersecurity maturity assessment frameworks to identify their weaknesses and strengths. After a thorough assessment, we have identified the major limitations of the existing frameworks and they are not easy to understand, expensive to implement, require intensive and equipped human resources, and are not tailored to the banking sectors to fix operational challenges. Moreover, to assess existing cybersecurity maturity frameworks in banks, data was collected from 9 selected governmental and private banks, and a thematic analysis approach was utilized for the qualitative data collected. As the findings reveal, all selected banks don’t have a proper cybersecurity maturity assessment framework as well as improper adoption of international standards. To address identified weaknesses, a customized cybersecurity maturity assessment framework is proposed to enable banks to identify their security posture and manage their security risks. The proposed framework comprises various components such as regulatory requirements, personal data protection, supply chain security, awareness and culture development, cyber governance, cyber risk management, business continuity and disaster recovery, incident response plan, information sharing, and collaboration, and incorporates international best practices like General Data Protection Regulation (GDPR). To evaluate the framework expert review has been done as the framework contributes to both academic literature and industry practice by providing a customized framework for banks to assess and improve their cybersecurity maturity.Item Assessing Cybersecurity Readiness in Ethiopia Fintech Sector(Addis Ababa University, 2024-10) Teklehymanot Meheret; Elefelious Getachew (PhD)Ethiopian fintech sector brought a significant transformation on the financial transaction and payment instrument business. This change however poses concerns on various stakeholders that the country’s ability to protect the business and to mitigate the risks caused by bad actors to exploited the vulnerability. The research aim to investigate the cybersecurity readiness and preparedness of fintech and also how their practice is met the international standard through answering three research questions.Regulators and fintech companies the major stakeholders this study utilized the proposes of got the relevant information. The research identified governance, resilience and competency as a core variable to evaluates the readiness of the sector which is very much mapped with the international standard including NIST CSF, ISO/IEC 27001 and FFIEC. The study also prepared two separates the questionnaires to address the two participants current cybersecurity practice. The collected data analyzed and observed that there is clear gap and lack of readiness. The sector lacks comprehensive framework that meet the international standard according to the research findings. There was limited practice of the backup, business continuity plan and an incident response plan which impact the resilience of the sector. The other challenge this research identified was inadequate skilled cybersecurity experts and awareness level that impacted the competency of fintech ecosystem to enhance the awareness level as well as creating cybersecurity culture. The research developed a cybersecurity assessment framework that help the sector to protect their critical assets through a proper evaluation and assessment their risk and weakness. The proposed framework subjected to went through a validation process to make sure the framework relevance to the challenged identified in the research and met the basic global standard. The research concludes with valuable recommendations and consideration to enhance cybersecurity practice, collaboration and developed tailored cybersecurity framework for continuous improvement..Item Lightweight Intrusion Detection System for IoT with Improved Feature Engineering and Advanced Dynamic Quantization(Addis Ababa University, 2024-11) Semachew Fasika; Henock Mulugeta (PhD)In recent years, the proliferation of Internet of Things (IoT) devices and applications has experienced a significant surge globally, owing to their inherent advantages in enhancing both business and industrial landscapes, as well as facilitating improvements in individuals’ daily routines. Nevertheless, IoT devices are not immune to malicious attacks, which results potential negative consequences and malfunctioning of IoT devices, therefore, attack detection and classification becomes an important issue in IoT devices. This research proposes a lightweight hybrid deep learning model (DNN-BiLSTM) to detect and classify attacks in an IoT system with improved feature engineering and advanced quantization. Although leveraging hybrid deep learning model which combines DNN alongside BiLSTM, facilitates the extraction of intricate network features in a nonlinear and bidirectional manner, aiding in the identification of complex attack patterns and behaviors, its implementation on IoT devices remains challenging. To mitigate the constraints inherent in IoT devices, this research incorporates improved feature engineering, specifically Redundancy-Adjusted Logistic Mutual Information Feature Selection (RAL-MIFS) combined with a two-stage IPCA algorithm. Additionally, advanced quantization (QAT + PTDQ) techniques, alongside advanced Optuna for hyperparameter optimization, are utilized to enhance computational efficiency without compromising detection accuracy. Experimental evaluations were conducted on the CIC IDS2017 and CICIoT2023 datasets to assess the performance of a quantized DNN-BiLSTMQ model. The model demonstrated superior detection accuracy & computational efficiency compared to state-ofthe- art methods. On the CIC IDS2017 dataset, it achieved a detection accuracy of 99.73% with a model size of 25.6 KB, while on the CICIoT2023 dataset, it achieved a detection accuracy of 93.95% with a model size of 31.3 KB. These results highlight the potential of the quantized DNN-BiLSTMQ model for efficient and accurate cyber attack detection on IoT.Item A Cyber Insurance Framework for Ethiopia: Key Components and Recommendations(Addis Ababa University, 2024-11) Ephrem Baheru; Sileshi Demesie (PhD)The exponential rise in cyber threats such as ransomware, identity theft, and other forms of cybercrime has driven many organizations to seek cyber insurance as an extra layer of protection. Cyber insurance has emerged as a means of mitigating residual risks that remain after implementing various cyber risk mitigation strategies. Cyber-attacks in Ethiopia have been rising steadily each year, driven by a surge in digital transformation initiatives across various sectors, including government, financial institutes, and other critical infrastructure. This highlights the urgent need for cyber insurance services in the country, as it could help organizations manage financial losses and recover more effectively from cyber incidents. This study reveals that no insurance provider in the country currently offers cyber insurance services. This research envisioned promoting cyber insurance practice in Ethiopia by developing a cyber insurance framework that could be used by public and private organizations. To develop the framework, data was collected through a face-to-face interview with insurers, potential insureds, and regulatory bodies, and the data was analyzed using a qualitative approach. We also studied global best practices and trends in cyber insurance. The framework is designed to help Ethiopian organizations manage cyber risks and effectively recover from cyber incidents and reputational damage. The framework includes key components such as stakeholder engagement, insurance coverage, risk assessment and underwriting, premium calculation, risk mitigation and loss prevention, incident response and claims process, regulatory compliance, awareness and education, review and iteration, collaboration, and information sharing. A case study is used to demonstrate how a company successfully implemented the cybersecurity framework.Item A Multimodal Security Information and Event Management Solution Empowered by Deep Learning and Alert Fusion(Addis Ababa University, 2024-11) Behailu Adugna; Sileshi Demisie (PhD)The cybersecurity threat landscape is marked by a growing number of increasingly complex and sophisticated attacks affecting organizations across various sectors. In response, solutions like SIEM systems are essential for providing centralized threat detection, real-time analysis, and compliance support, making them integral to modern cybersecurity strategies. One of the reasons for this is that SIEM solutions collect and aggregate log data from across an organization's IT infrastructure, providing a single pane of glass for monitoring security events. And this centralized approach is essential for identifying threats that span multiple systems and environments, identifying indicative patterns of attacks such as privilege escalation and polymorphic malware, helping proactively identify signs of unusual data accesses or exfiltration before significant damage occurs. Furthermore, SIEM solutions support compliance by maintaining detailed audit logs and providing preconfigured reporting tools. However, SIEM systems usually encounter significant challenges in effectively identifying and responding to sophisticated cyberattacks. Since they rely heavily on predefined rules, even if complex correlations, and signatures, they struggle to adapt to novel attack techniques that do not match the predefined patterns. They often lack sophisticated analytics capabilities such as deep learning and behavioral analysis, which deprives them of the effectiveness at detecting advanced threats. Furthermore, they frequently produce an overwhelming volume of alerts, many of which are irrelevant or false positives. This leads to alert fatigue, causing cybersecurity analysts to become desensitized to alerts and increase the risk of overlooking critical incidents. This research proposes a multimodal architecture of SIEM designed to overcome current limitations in threat detection by integrating diverse data sources, including network traffic and event logs. The solution utilizes advanced neural networks to analyze intricate relationships within network connection features and their temporal dependencies. By further employing alert fusion, it creates a melting-pot for alerts from different sources that can provide a more comprehensive and complementary understanding of potential threats that can address the issue of false positives.Item A Structured Framework for Email Forensic Investigations(Addis Ababa University, 2025) Biruk Bekele; Henok Mulugeta (PhD)Email forensics investigations become vital regarding legal, cybersecurity, and corporate challenges. However, most of the existing frameworks are suffering from inefficiency problems, data integrity, and handling such diverse data sources with complexity, considering encrypted emails and metadata. This thesis applied the Design Science Methodology to develop a structured framework that enhanced efficiency and effectiveness in email forensic investigations. These specifically deal with data quality, diversity in data management, and integrity of evidence. Among others, one key component is case management, which systemizes and keeps track of the investigation from the very outset to the last step in an appropriate manner and ensures each step is conducted methodically. The framework comprises key phases: case management, governance, identification, preservation, classification, analysis, presentation and compliance that address critical challenges such as ensuring data quality, managing diverse data sources, and maintaining evidence integrity. Case management forms the core part of the proposed framework for organizing, tracking the investigation process from start to finish in order ensuring that evidence is handled properly, and all phases are executed in a systematic manner. It integrates open-source tools, case studies of different varieties, and best practices to be relevant to different real-world scenarios. The effectiveness of the artifact can also be demonstrated in practical application, performance being measured in terms of speed of investigation, data quality, accuracy, and user satisfaction, among other metrics. This research underscores that the suggested framework decreases the time of investigation, reduces the rate of errors, increases the quality of data management, and guarantees the effective access of various data sources. This thesis contributes on both practical and theoretical levels, guiding practitioners and researchers comprehensively in the area of digital forensics to bring current email forensic investigations into a more efficient, accountable, and adaptable condition.Item Leveraging Intel SGX and Hybrid Design for Secure National ID Systems(Addis Ababa University, 2025-01) Tesfalem Fekadu; Sileshi Demesie (PhD)Globally, 1.1 billion individuals, including 21 million refugees, lack proof of legal identity, disproportionately affecting children and women in rural areas of Asia and Africa. Without official identification, access to essential services such as education, healthcare, banking, and public distribution systems becomes nearly impossible. The increasing reliance on digital identity management systems demands robust security measures to safeguard sensitive personal data. The Modular Open-Source Identity Platform (MOSIP) is a widely adopted solution due to its flexibility and scalability. However, protecting sensitive data during National ID enrollment, registration, and authentication processes remains a significant challenge. Specifically, decrypting biometric data before feature comparison in server environments exposes this data to critical vulnerabilities, increasing the risk of potential attacks. The reliance on software-based Software Development Kits (SDKs) for biometric matching exacerbates the issue, as these SDKs often operate alongside other software modules, expanding the attack surface. Software-based approaches are inherently risky due to the high likelihood of exploitable bugs, which attackers can use to compromise data integrity or gain unauthorized access. This study addresses these security challenges by integrating Trusted Execution Environments (TEEs) to enhance data protection during processing. A hybrid architecture is proposed, incorporating an SGX-based solution named SGX-BioShield to improve the security and hybrid architecture for performance enhancement. A prototype of the proposed security solution has been developed and tested, demonstrating that SGX-BioShield significantly reduces the risk of unauthorized access and data breaches by isolating sensitive operations within a hardware-protected environment. Intel SGX ensures that data remains secure even if the operating system or hypervisor is compromised. This research contributes to the field of identity management by presenting a novel approach to securing platforms like MOSIP. It provides practical insights into improving data security and overall system performance through the implementation of a hybrid architecture in digital identity systems.Item Lightweight IOT Security With Deep Learning-Driven Biometric for Human Authentication(Addis Ababa University, 2025-02) Girma Alemu; Henock Mulugeta (PhD)Now today the number of Internet of Things (IoT) devices increases in number, as the number of IoT device increase there is also a rise in risk with these IoT devices. IoT devices have a great impact on daily lives of human being. Huge number of data can be stored, transmitted and used through IoT devices. Some of the data are very sensitive which are vulnerable to different attacks. To protect IoT devices from these attacks, different counter measures are conduct through previous researches. Conventional biometric authentication methods like possession-based (tokens) and knowledge-based (passwords/PINs) are used to tackle the problem of access control which are prone to loss, duplication, guesswork, and forgetfulness. Similarly, single-modality biometric identification—like fingerprint or facial recognition—is insufficient due to its susceptibility to spoofing attacks. When merging and comparing large amounts of biometric data, it is important to consider variations in the quantity and caliber of data sources, even though multi-biometric systems improve security. Our proposed solution to these problems combines a lightweight deep learning algorithm designed for Internet of Things devices with multimodal biometrics that are using fingerprint and face. By conducting an experiment on both training and unseen datasets, the model demonstrated good classification ability with 82.5% validation accuracy and 99.3% training accuracy. The suggested solution addresses the security issues of IoT devices through modeling and experimental validation. Through hands-on testing, we assessed the system's performance, and the outcomes showed a robust IoT security solution. In the end, the combination of deep learning algorithms and dual biometric modalities has greatly improved secure authentication procedures for IoT applications. At the end, secure authentication techniques for IoT applications have advanced significantly with the combination of deep learning algorithms and dual biometric modalities.Item Investigating Malicious Capabilities of Android Malwares that Utilize Accessibility Services(Addis Ababa University, 2025-02) Tekeste Fekadu; Fitsum Assamnew (PhD)The Android accessibility service provides a range of powerful capabilities. These include observing user actions, reading on-screen content, and executing actions on behalf of the user. Although these features are designed to enhance the user experience for individuals with disabilities, they introduce design vulnerabilities that make the accessibility service susceptible to malicious exploitation. This research investigates how Android malware leverages accessibility services for malicious purposes. By analyzing a dataset of malicious applications, we identified common patterns of accessibility service abuse and developed a machine learning-based detection approach using TinyBERT and XGBoost models. We first manually compiled a base dataset of 134 accessibility service event patterns comprising source and sink API calls. These patterns were labeled according to specific malicious functionalities: BlockAccess, ManipulateUI, and ContentEavesdrop. To address data limitations, we generated callgraph from 121 malware samples using Flow- Droid taint analysis and applied agglomerative clustering and fuzzy matching, ultimately expanding the dataset size to 1,497 patterns. Our classification experiments compared the performance of TinyBERT, a transformer-based model, and XGBoost, a gradient-boosted decision tree model, in classifying malicious functionalities. Results show TinyBERT’s outstanding performance, achieving an accuracy of 97.7% and an F1 score of 97.6% over ten-fold cross-validation, compared to XGBoost’s 90.4% accuracy and 90.0% F1 score. This study demonstrates the potential of transformer-based models in capturing sequential dependencies and contextual characteristics in API call patterns, enabling robust detection of accessibility service misuse. Our findings contribute a novel approach to detecting malicious behavior in Android malware and a valuable dataset that may aid similar research.Item Framework for Identifying Forensic Artifacts from Ride-hailing Android Applications(Addis Ababa University, 2025-03) Munir Kemal; Fitsum Assamnew (PhD)Different services are offered through our mobile devices as a result of the increasing usage of smartphones in this world. One of these services is the ride-hailing service in which the taxi transportation service is managed from a common operation center with the help of driver and passenger applications that the end users have installed on their smartphones. In our country, Ethiopia, there are many companies that offer this service, such as Ride, Feres, ZayRide, Seregela, Safe, Taxiye, and others. Today, many crimes such as theft, murder, etc. are committed against drivers or riders while working or using this transportation service in Ethiopia. Current research focuses mainly on the forensic investigation of social networks and banking applications. A research by K. Kiptoo proposed a forensic investigation framework to identify forensic artifacts from Android on-demand ride applications such as Uber, Little and Bolt that operate in Kenya. In this research, we propose a forensic framework by customizing the existing framework proposed by K. Kiptoo to enhance the identification of forensic artifacts from Android based ride-hailing applications after experimentation with ride-hailing applications such as Ride, Zayride and Feres. The proposed forensic framework for ride-hailing applications involves six phases: Collection, Setting up and Configuration, Extraction and Preservation, Application Database Location, Examination and Analysis, and finally Reporting. While experimenting, we were able to recover valuable artifacts such as passenger profile information, passenger device details, location data, time information, and driver-related data from ride-hailing applications, which are crucial digital evidence in the investigation of digital crimes. This research also investigated the level of role and the challenges of using digital forensic evidence to close a criminal case by Ethiopian law enforcement agencies using a specially designed questionnaire distributed to them. The research findings show that even though its role as evidence usage is increasing, we were able to identify major issues such as legal and procedural inconsistencies, lack of expertise, resource limitation, and lack of clear forensic standards that may hinder the use of digital evidence obtained from digital systems such as ride-hailing applications in a digital world full of complex digital crimes.Item Optimizing Explainable Deep Q-Learning via SHAP, LIME, & Policy Visualization(Addis Ababa University, 2025-06) Tesfahun Yemisrach; Beakal Gizachew (PhD); Natnael Argaw (PhD) Co-AdvisorReinforcement learning (RL) has demonstrated remarkable promise in sequential decision-making tasks; however, its interpretability issues continue to be a hindrance in high-stakes domains that demand regulatory compliance, transparency, and trust. Posthoc explainability has been investigated in recent research using techniques like SHAP and LIME; however, these methods are frequently isolated from the training process and lack cross-domain evaluation. In order to fill this gap, we propose an explainable Deep Q-Learning (DQL) framework that incorporates explanation-aligned reward shaping and model-agnostic explanation techniques into the agent’s learning pipeline. The framework exhibits broad applicability as it is tested in both financial settings and traditional control environments. According to experimental findings, the explainable agent continuously performs better than the baseline in terms of explanation fidelity, average reward, and convergence speed. In CartPole, the agent obtained a LIME fidelity score of 87.2% versus 63.5% and an average reward of 190 versus 130 for the baseline. It produced an 89.10% win ratio, a Sharpe Ratio of 0.4782, and a return of 154.32% in the financial domain. The development of transparent and reliable reinforcement learning systems is aided by these results, which demonstrate that incorporating explainability into RL enhances interpretability as well as stability and performance across domains.