Tesis

Permanent URI for this communityhttps://hdl.handle.net/11285/345119

Colección de Tesis y Trabajos de grado (informe final del proyecto de investigación, tesina, u otro trabajo académico diferente a Tesis, sujeto a la revisión y aceptación de una comisión dictaminadora) presentados por alumnos para obtener un grado académico del Tecnológico de Monterrey.

Para enviar tu trabajo académico al RITEC, puedes consultar este Infográfico con los pasos generales para que tu tesis sea depositada en el RITEC.

Browse

Filters

2004 - 200922020 - 20245

Settings

¡Quiero depositar mi trabajo!
CONAHCYT Subjects: search.filters.conahcyt.CIENCIAS TECNOLÓGICASAdvisor: search.filters.advisor.Monroy Borja, Raúl

Search Results

Now showing 1 - 8 of 8
  • Thumbnail Image
    Tesis de doctorado
    Botnet detection on twitter: a novel similarity-based clustering mechanism
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2024-12) Samper Escalante, Luis Daniel; Monroy Borja, Raúl; emipsanchez; Castro Espinoza, Félix Agustín; González Mendoza, Miguel; School of Engineering and Sciences; Rectoría Tec de Monterrey; Loyola González, Octavio
    Botnet detection on Twitter represents a critical yet under-explored research problem,as botnets programmed with malicious intent threaten the platform’s security and credibility. Although Twitter has implemented mitigation strategies, such as imposing restrictions andbans, these measures remain insufficient due to botnets’ rapid creation and expansion. Existing solutions proposed by researchers for manual and automated botnet detection typically rely on individual metrics commonly used for detecting bots. However, these approaches lack the necessary group-oriented analysis and metrics critical for effectively identifying botnets of varying sizes and objectives. To address this issue, we have developed an innovative botnet detection mechanism based on similarity, which significantly enhances the detection rate of botnets on Twitter. Each bot, regardless of its complexity, leaves detectable traces of automation in its creation, behavior, or interactions with other accounts. By characterizing these traces, we can establish relationships between bots, enabling effective botnet detection. Our mechanism constructs a regression model to quantify the similarity between bots, leveraging features from user data, tweet patterns, and social interactions on the platform. Then, it uses this similarity measure to build a distance matrix, enabling the formation of groups with shared attributes, connections, and objectives through clustering methods. Our botnet detection mechanism achieved extraordinary success, evidenced by high scores on external Clustering Validation Indices (CVIs) and the Area under the ROC Curve (AUC) compared to existing solutions from the literature. Furthermore, the mechanism proved effective when confronted with unknown botnets with varied objectives. Our experimental findings suggest that this work is well-positioned to strengthen future botnet detection mechanisms, having shown the value of incorporating social interaction features. This integration offers a strategic advantage in the ongoing arms race against botmasters and their malicious objectives. Additionally, our mechanism consistently outperforms other approaches across various metrics, configurations, and algorithms, underscoring its effectiveness and adaptability in different detection scenarios.
  • Thumbnail Image
    Tesis doctorado / doctoral thesis
    A minutiae-based indexing algorithm for latent palmprints
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2024-12-11) Khodadoust, Javad; Monroy Borja, Raúl; emipsanchez; Aparecida Paulino, Alessandra; Valdes Ramírez, Danilo; Rodríguez Ruiz, Jorge; School of Engineering and Sciences; Campus Monterrey; Medina Pérez, Miguel Ángel
    Today, many countries rely on biometric traits for individual authentication, necessitating at least one high-quality sample from each person. However, countries with large populations like China and India, as well as those with high visitor and tourist volumes like France, face challenges such as data storage and database identification. Latent palmprints, comprising about one-third of prints recovered from crime scenes in forensic applications, require inclu sion in law enforcement and forensic databases. Unlike fingerprints, palmprints are larger, and features such as minutiae are approximately ten times more abundant, accompanied by more prominent and wider creases. Consequently, accurately and efficiently identifying la tent palmprints within stored reference palmprints poses significant challenges. Using fre quency domain approaches and deep convolutional neural networks (DCNNs), we present a new palmprint segmentation method in this work that can be used for both latent and full impression prints. The method creates a binary mask. Additionally, we introduce a palmprint quality estimation technique for latent and full impression prints. This method involves parti tioning each palmprint into non-overlapping blocks and considering larger windows centered on each block to derive frequency domain values, effectively accounting for creases and en hancing overall quality mapping. Furthermore, we present a region-growing-based palmprint enhancement approach, starting from high-quality blocks identified through our quality es timation method. Similar to the quality estimation process, this method operates on blocks and windows, transforming high-quality windows into the frequency domain for processing before reverting to the spatial domain, resulting in improved neighboring block outcomes. Finally, we propose two distinct minutiae-based indexing methods and enhance an existing matching-based indexing approach. Our experiments leverage three palmprint datasets, with only one containing latent palmprints, showcasing superior accuracy compared to existing methods
  • Thumbnail Image
    Tesis de maestría / master thesis
    PassID: A Modular System for Pass Detection with Integrated Player Identification in Football
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2024-12) Gutiérrez Padilla, Benjamín; Monroy Borja, Raúl; emimmayorquin; Gutiérrez Rodríguez, Andrés Eduardo; School of Engineering and Sciences; Campus Monterrey; Conant Pablos, Santiago Enrique
    The analysis of football passes plays a crucial role in understanding team tactics and improving performance. However, current methods for capturing and analyzing this data are often inaccessible due to high costs and reliance on proprietary datasets. This thesis presents the development of an automated system designed to detect passes in football matches using video as the source of information. The system integrates computer vision and machine learning techniques across mul tiple modules, including player and ball detection, object tracking, team identification, and pass detection. Using a hybrid approach with YOLOv9 for player detection, FasterRCNN for the ball, and Norfair for tracking, the system assigns unique identifiers to players and determines passes based on proximity and ball possession changes. Team identification is achieved through color histogram analysis, allowing the system to distinguish valid passes between players of the same team. The modular design enables independent improvements in each component, providing a flexible framework that can be adapted to different match conditions. This work represents a step forward in automating football pass detection, contributing to the growing field of sports analysis with a scalable and efficient solution.
  • Thumbnail Image
    Tesis de doctorado
    A novel functional tree for class imbalance problems
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2022-11) Cañete Sifuentes, Leonardo Mauricio; CAÑETE SIFUENTES, LEONARDO MAURICIO; 787723; Monroy Borja, Raúl; puemcuervo, emipsanchez; Morales Manzanares, Eduardo; Gutiérrez Rodríguez, Andrés Eduardo; Cantú Ortiz, Francisco; Conant Pablos, Santiago; School of Engineering and Sciences; Campus Estado de México; Medina Pérez, Miguel Angel
    Decision trees (DTs) are popular classifiers partly because they provide models that are easy to explain and because they show remarkable performance. To improve the classification performance of individual DTs, researchers have used linear combinations of features in inner nodes (Multivariate Decision Trees), leaf nodes (Model Trees), or both (Functional Trees). Our general objective is to develop a DT using linear feature combinations that outperforms the rest of such DTs in terms of classification performance as measured by the Area Under the ROC Curve (AUC), particularly in class imbalance problems, where one of the classes in the database has few objects compared to another class. We establish that, in terms of classification performance, there exists a hierarchy, where Functional Trees (FTs) surpass Model Trees, that in turn surpass Multivariate Decision Trees. Having shown that Gama's FT, the only FT to date, has the best classification performance, we identify limitations that hinder its classification performance. To improve the classification performance of FTs, we introduce the Functional Tree for class imbalance problems (FT4cip), which takes care in each design decision to improve AUC. The decision of what pruning method to use led us to the design of the AUC-optimizing Cost-Complexity pruning algorithm, a novel pruning algorithm that does not degrade classification performance in class imbalance problems because it optimizes AUC. We show how each design decision taken when building FT4cip contributes to classification performance or to simple tree models. We demonstrate through a set of tests that FT4cip outperforms Gama's FT and excels in class imbalance problems. All our results are supported by a thorough experimental comparison in 110 databases using Bayesian statistical tests.
  • Thumbnail Image
    Tesis de licenciatura
    Videogame Crowdsourcing Approach to Find Strategies Using Repeated Sub-Sequences
    (Instituto Tecnológico y de Estudios Superiores de Monterrey) Silva Gálvez, Arturo; MONROY BORJA, RAUL; 12232; Monroy Borja, Raúl; emipsanchez; Mac Kinney Romero, Rene; Medina Pérez, Miguel Angel; Ramírez Márquez, José Emmanuel
    Crowdsourcing surged as a new problem-solving model to better knowledge on how to solve a specific problem. The procedure starts by externalizing the problem from the group that is trying to solve it. Then, people with a variety of skills can help design solutions. The motivation for persons to participate is the key that makes the model work. From giving money to socialization, many options exist to encourage people to contribute to a crowdsourcing model. Studies tested the use of videogames to motivate people to participate in the solution to problems from different domains. These studies report that people can provide competitive solutions, against the experts, even for complex problems. Until now, Videogame Crowdsourcing helped to complement the solution space, but mining the strategies from the users is an area of opportunity. This thesis studies the application of Videogame Crowdsourcing for mining strategies from players’ solutions for a problem. It focuses on a specific one: the Housing Development Problem; it is of interest to the architecture community. It is a single objective problem that consists of placing as many houses as possible, given the land, subject to restrictions of connectivity (from the entrance of the land to all houses). We represented a match of our videogame as a sequence of movements. Each move consists of placing a house on a square of the land, represented as a grid, followed by displacement to another square in which the player puts the next one. This representation abstracts out two types of plays: the ones made to fulfill the restrictions of connectivity and the ones that belong to a correction of a previous one. Our underlying hypothesis is that a player strategy lies within a grammar expression; in particular, it is embedded in the recurrent sub-sequences of the expression. We used the videogame to collect 113 matches. With Sequitur, we found recurrent sub-sequences for each match, a larger sequence. Analyzing the sub-sequences, we have successfully identified the following strategies: Bottom-Left, Top-Right, Top-Left, and others that are not found as heuristics for optimization problems like the one on the videogame. Our results show that the strategy of a player is in the grammar expression of his/her movements. They encourage us to think that recurrent sub-sequences can build the strategies people use for the Housing Development Problem and lead to new algorithms.
  • Thumbnail Image
    Tesis de maestría
    Characterisation of visitors and description of their navigation behaviour using web log mining techniques
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2021-02) Huidobro Espejel, Alicia; MONROY BORJA, RAUL; 12232; Monroy Borja, Raúl; hermlugo, emipsanchez; Loyola González, Octavio; Graff Guerrero, Mario; Escuela de Ingeniería y Ciencias; Campus Estado de México; Cervantes González, Bárbara
    The value of a company’s website depends on visitors performing actions that add value for the company. Those actions are called conversions. We present techniques for both characterising website visitors in terms of the conversions they make, and describing their navigation behaviour in an abstract way, with the aim of making them more amenable to interpretation. Existing web analytics techniques have not been designed to highlight the distinguishing characteristics of a class of visitors. There are no approaches for characterising classes of visitors that take into account specific business goals; further, the navigation behaviour of a visitor, let alone a class of visitors, is conveyed as a sequence of visited pages, without giving this an abstract meaning. In this thesis, we introduce a means of characterising website visitors. To find what the different segments of visitors have or do not have in common, we first separate visitor sessions in terms of conversions and then for each class we mine patterns to contrast one another. We also introduce a simplified description of visitor navigation behaviour. Our technique works by identifying subsequences of visited pages of common occurrence, called ``rules'', and then by shrinking a session replacing those rules with a symbol that is given a representative name. Further, we extended this to an entire class of visitors, creating a graph that collects the class sessions, summarising the class navigation behaviour and enabling an easier contrast of classes. Our results show that a few patterns are enough to characterise a visitor class; since each class is associated with a conversion, an expert can easily draw conclusions as to what makes two classes different from one another. Also, with our abstract representation, a session can be shrinked so that the behaviour of an entire visitor class can be depicted in a moderately small graph. Further work is concerned with incorporating information from other sales channels and completing the analysis provided by existing techniques.
  • Thumbnail Image
    Tesis de maestría
    Algoritmo ID3 en la detección de ataques en aplicaciones Web
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2005-07-01) García Pichardo, Víctor Hugo; MONROY BORJA, RAUL; 720773; Monroy Borja, Raúl; Quintana López, Marisela; Gómez Cárdenas, Roberto; Mac Kinney Romero, René; Campus Estado de México
    Actualmente con el propósito de tener presencia en el mercado mundial, toda empresa cuenta con una página en Internet donde exhibe información sobre sus servicios y aplicaciones. Una empresa de esta índole al menos cuenta con un cortafuegos1 como esquema de protección, permitiendo circular el tráfico HTTP o HTTPS (puertos 80 y 443 respectivamente).En diciembre del 2003, la empresa de seguridad informática española S2ISEC realizó un estudio durante los últimos cinco meses (junio-noviembre), en el que pudo establecerse que de 2113 vulnerabilidades publicadas, 1320 vulnerabilidades tienen su origen en aplicaciones web [1]. Lo cual representa un 62.5% de las vulnerabilidades reportadas. Dicho porcentaje refleja no sólo la gran cantidad de problemas de seguridad en las aplicaciones que soportan o manejan este tipo de servicio, sino también el alto riesgo al que están expuestas las organizaciones con una presencia Web hacia Internet. Las empresas, con la finalidad de disminuir los riesgos que implica exponer sus recursos a usuarios no autorizados, se valen de mecanismos para proteger sus recursos entre ellos se encuentran los sistemas de detección de intrusos2. Una intrusión se define como un conjunto de acciones que intentan poner en riesgo la integridad, la confidencialidad o la disponibilidad de un recurso. Un buen IDS puede tener un gran impacto positivo en la seguridad de la organización. El objetivo de un IDS es identificar posibles intrusiones de manera oportuna, es decir detectar el posible ataque antes que llegue a su destino e identificar el origen del ataque.
  • Thumbnail Image
    Tesis de doctorado
    On an efficient and scalable architecture for mimicry attacks detection using probabilistic methods
    (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2004-11-19) Godínez Delgado, Fernando; MONROY BORJA, RAUL; 720773; Monroy Borja, Raúl; Hutter, Dieter; Giles, Lee; Nolazco, Juan A.; Mex, Carlos; Programa de Graduados en Computación, Información y Comunicaciones; Campus Monterrey
    An intrusion detection system (IDS) aims at signalling an alarm for every activity that compromises a secure state of an IT system. It often amounts to detecting a known pattern of computer misuse, a deviation to ordinary, expected user behaviour, or a combination thereof. Regardless of which of these approaches is adopted, current Intrusion Detection Systems (IDSs) are easy to bypass. This thesis addresses about the three most important limitations of existing IDSs: i) current IDSs are easily overwhelmed by the the amount of information they ought to analyse; ii) current IDSs are not sufficient to monitor dynamic environments where the monitored services are changed according to the needs of the organisation; and iii) current IDSs are easy to bypass using a mimicry attack (attacks that simulate normal sequences of system calls). These kinds of attacks simulate normal activity (eg traffic, interaction) by varying an attack signature in a way that does not affect the harmfulness of the attack. Instead of creating a lightweight detection method capable of dealing with large volumes of information, at the probable cost of loss of accuracy, we focus on making intrusion detection more tractable, scalable and efficient (without compromising accuracy). We make intrusion detection more tractable by pre- processing the information. Whether it is a sequence of network packets or a sequence of system calls, the information an IDS analyses is often redundant in at least, two respects: first, every entry in the sequence may contain spurious information; second, any sequence may contain redundant subsequences. To make probabilistic intrusion detection more scalable, efficient and flexible, we propose a novel architecture that includes a service selection mechanism. Instead of analysing a single stream of data, the stream is partitioned in services, each of which is analysed by a very specialised sensor. New sensors can be added on demand; if a new service needs to be monitored another sensor is placed. To make mimicry attack intrusion detection more accurate (reduce false positives) we propose to divide attacks into smaller segments. For each segmentwe will create a detector that classifies the segment and all its variants. By combining these smaller detectors we hope to detect all variations of an attack. By using rough sets we have identified key attributes to eliminate spurious information, without missing chief details. Using n-gram theory we have identified the most redundant subsequences within a sequence, substitution of these subsequences with a fresh tag results in a reduction of the sequence length. To approach service selection, we suggest the use of hidden Markov models (HMMs), trained to detect a specific service described by a family of n-gram.s In this thesis, we introduce a method which is capable of successfully detecting a significant, interesting sub-class of mimicry attacks. The key behind our method's effectiveness lies on the use of a word network [Pereira and Riley, 1997, Young et al., 2002]. A word network conveniently decomposes a pattern matching problem into a chain of smaller, noise- tolerant pattern matchers, thereby making it more tractable and robust. A word network is realised as a finite state machine, where every state is an HMM. In our experiments, our mechanism shows an accuracy of 93%. .By contrast., the rate of false positive occurrence is only 3%. Our log reduction methods are among the best in reduction ratio and features a minimal loss of information. Ours is one of the first techniques to successfully detect a sub-class of mimicry attacks.
En caso de no señalar algo distinto de manera particular, los materiales son compartidos bajo los siguientes términos: Atribución-No comercial-No derivadas CC BY-NC-ND http://creativecommons.org/licenses/by-nc-nd/4.0
logo

El usuario tiene la obligación de utilizar los servicios y contenidos proporcionados por la Universidad, en particular, los impresos y recursos electrónicos, de conformidad con la legislación vigente y los principios de buena fe y en general usos aceptados, sin contravenir con su realización el orden público, especialmente, en el caso en que, para el adecuado desempeño de su actividad, necesita reproducir, distribuir, comunicar y/o poner a disposición, fragmentos de obras impresas o susceptibles de estar en formato analógico o digital, ya sea en soporte papel o electrónico. Ley 23/2006, de 7 de julio, por la que se modifica el texto revisado de la Ley de Propiedad Intelectual, aprobado

DSpace software copyright © 2002-2025

Licencia