Showing total 204 results

1. A review on graph-based approaches for network security monitoring and botnet detection.

Author

Lagraa, Sofiane, Husák, Martin, Seba, Hamida, Vuppala, Satyanarayana, State, Radu, and Ouedraogo, Moussa

Subjects

BOTNETS, COMPUTER network security, INTRUSION detection systems (Computer security), COMPUTER network traffic, RESEARCH personnel

Abstract

This survey paper provides a comprehensive overview of recent research and development in network security that uses graphs and graph-based data representation and analytics. The paper focuses on the graph-based representation of network traffic records and the application of graph-based analytics in intrusion detection and botnet detection. The paper aims to answer several questions related to graph-based approaches in network security, including the types of graphs used to represent network security data, the approaches used to analyze such graphs, the metrics used for detection and monitoring, and the reproducibility of existing works. The paper presents a survey of graph models used to represent, store, and visualize network security data, a survey of the algorithms and approaches used to analyze such data, and an enumeration of the most important graph features used for network security analytics for monitoring and botnet detection. The paper also discusses the challenges and limitations of using graph-based approaches in network security and identifies potential future research directions. Overall, this survey paper provides a valuable resource for researchers and practitioners in the field of network security who are interested in using graph-based approaches for analyzing and detecting malicious activities in networks. [ABSTRACT FROM AUTHOR]

Published

2024

2. Early web application attack detection using network traffic analysis.

Author

Rajić, Branislav, Stanisavljević, Žarko, and Vuletić, Pavle

Subjects

WEB-based user interfaces, SUPERVISED learning, MACHINE learning, HTTP (Computer network protocol), INTERNET traffic, TRAFFIC monitoring, COMPUTER networks, SCANNING systems

Abstract

The number of deployed web applications and the number of web-based attacks in the last decade are constantly increasing. One group of tools that gained the attention of cyber security specialists are Dynamic Application Security Testing (DAST) tools, which is used to assess the security posture of web applications. DAST tools have similar purpose for web applications as network scanners and mappers have for local networks and computers—to scan web applications, enumerate as much as possible information from them and this way potentially reveal existing vulnerabilities. The tools are not only used by security analysts but also by the attackers in the reconnaissance and enumeration phases of the attack. This paper analyses DAST tools' network behaviour patterns, characteristic features that distinguish them from other traffic and methods to detect their operation using classical supervised machine learning methods. Unlike most of the work related to web application security and web application attack detection, which relies on HTTP logs, the research presented here is based on network traffic traces and flow statistics. This allows malicious scanning detection on the network traffic path even in the case of encrypted web traffic. Experimental results show that an accurate and reliable detection of four analysed DAST tools, ZAP, Nikto, Vega and Arachni, is possible. Flow classification of the existing DAST tools has high precision because DAST tools still do not deploy any mechanisms to hide their operation and mimic web application browsing by human users. Additionally, the paper contains an analysis of fast malicious behaviour detection through an analysis of the detection of malicious behaviour, while the flows are still active. The experimental results show that it is possible to detect malicious behaviour with a relatively high accuracy after only 15 packets in a flow. [ABSTRACT FROM AUTHOR]

Published

2023

3. From zero-shot machine learning to zero-day attack detection.

Author

Sarhan, Mohanad, Layeghy, Siamak, Gallagher, Marcus, and Portmann, Marius

Subjects

MACHINE learning, EVALUATION methodology

Abstract

Machine learning (ML) models have proved efficient in classifying data samples into their respective categories. The standard ML evaluation methodology assumes that test data samples are derived from pre-observed classes used in the training phase. However, in applications such as Network Intrusion Detection Systems (NIDSs), obtaining data samples of all attack classes to be observed is challenging. ML-based NIDSs face new attack traffic known as zero-day attacks that are not used in training due to their non-existence at the time. Therefore, this paper proposes a novel zero-shot learning methodology to evaluate the performance of ML-based NIDSs in recognising zero-day attack scenarios. In the attribute learning stage, the learning models map network data features to semantic attributes that distinguish between known attacks and benign behaviour. In the inference stage, the models construct the relationships between known and zero-day attacks to detect them as malicious. A new evaluation metric is defined as Zero-day Detection Rate (Z-DR) to measure the effectiveness of the learning model in detecting unknown attacks. The proposed framework is evaluated using two key ML models and two modern NIDS data sets. The results demonstrate that for certain zero-day attack groups discovered in this paper, ML-based NIDSs are ineffective in detecting them as malicious. Further analysis shows that attacks with a low Z-DR have a significantly distinct feature distribution and a higher Wasserstein Distance range than the other attack classes. [ABSTRACT FROM AUTHOR]

Published

2023

4. BAPRP: a machine learning approach to blackhole attacks prevention routing protocol in vehicular Ad Hoc networks.

Author

Luong, Ngoc T. and Hoang, Doan

Subjects

MACHINE learning, NETWORK routing protocols, AD hoc computer networks, CLASSIFICATION algorithms, K-nearest neighbor classification, BLACK holes

Abstract

One of the network performance challenges of Vehicular Ad Hoc Networks (VANET) is the Black Hole attack. This destructive attack severely damages the network performance if succeeded. By replying to a route request with the minimum routing cost and the maximum sequence number (SN) value, the malicious vehicle can fool the source vehicle that it has the "freshest" and best cost-effective route to the destination vehicle. As a result, all data packets intended to a legitimate destination are caught and destroyed by the malicious vehicle. This may also cause a serious risk for autonomous vehicle control system or traffic warning applications. Previous published malicious detection algorithms suffer high error rates when the malicious node uses a "close-to-legitimate" SN value to attack or actively change the information in the route reply packet. This paper proposes a Black Hole Attack Detection Algorithm (BADA) based on a machine learning approach. In VANETs, it is a challenge to differentiate the behavior of malicious vehicles as they try to avoid detection by imitating that of the normal vehicles. The BADA classification algorithm outperforms existing solutions because it relies on the history of each vehicle's route request and response behavior, and it deploys the k-Nearest Neighbors machine learning algorithm to identify malicious vehicles. The paper also proposes a Black hole Attack Detection Routing Protocol which utilizes the proposed BADA solution to realize a more secured and improved AODV-based protocol. Using the NS2 simulation system, the paper evaluates the performance of the proposed protocol and compares it with related solutions on the traffic network model in Ho Chi Minh city, Vietnam under black hole attacks using minimum SN values. Simulation results have shown that the proposed algorithm can correctly detect the malicious node higher than 99.0%, outperforming previously published algorithms. [ABSTRACT FROM AUTHOR]

Published

2023

5. Securing MQTT protocol for IoT environment using IDS based on ensemble learning.

Author

Zeghida, Hayette, Boulaiche, Mehdi, and Chikh, Ramdane

Subjects

INTERNET of things, MACHINE learning, STATISTICAL correlation, DECISION making, PUBLIC spaces

Abstract

Nowadays, the world of the Internet of Things (IoT) enables machines to communicate, collect data, and even make decisions which improve significantly daily human life. However, the proliferation of IoT devices coupled with their inherent vulnerabilities makes them highly exposed to cyber-attacks such as network disruptions or Denial of Service (DoS) attacks. Traditional detection methods based on a single machine learning (ML) technique may not be fully efficient due to the sophistication level and the variety of attacks. In this paper, we propose an intrusion detection model based on ensemble learning (EL) trained using a recent public dataset containing various MQTT attacks. EL is a powerful machine learning (ML) technique that consists of training several ML models independently on random subsets of the training data and then averages the predictions to produce the final result. Basically, we propose the use of three known ensemble learning methods, namely bagging, boosting, and stacking. EL principles allow increasing prediction performances by integrating the capabilities of numerous distinct models. In order to train and test the proposed model, we also propose generating a binary balanced MQTT dataset rather than using imbalanced one as usually used in previous work. To the best of our knowledge, the work in this paper is the first that applies ensemble learning method on this MQTT dataset. The experiment results have shown that our EL-based network IDS increases both the detection accuracy and F1-score up to 95% where Matthews's correlation coefficient (MCC) exceeds 90%. [ABSTRACT FROM AUTHOR]

Published

2023

6. Hate speech, toxicity detection in online social media: a recent survey of state of the art and opportunities.

Author

Anjum and Katarya, Rahul

Subjects

*HATE speech, *INFORMATION & communication technologies, *FEATURE selection, *DEEP learning, *NATURAL language processing, *AUTOMATIC speech recognition, *SOCIAL media

Abstract

Information and communication technology has evolved dramatically, and now the majority of people are using internet and sharing their opinion more openly, which has led to the creation, collection and circulation of hate speech over multiple platforms. The anonymity and movability given by these social media platforms allow people to hide themselves behind a screen and spread the hate effortlessly. Online hate speech (OHS) recognition can play a vital role in stopping such activities and can thus restore the position of public platforms as the open marketplace of ideas. To study hate speech detection in social media, we surveyed the related available datasets on the web-based platform. We further analyzed approximately 200 research papers indexed in the different journals from 2010 to 2022. The papers were divided into various sections and approaches used in OHS detection, i.e., feature selection, traditional machine learning (ML) and deep learning (DL). Based on the selected 111 papers, we found that 44 articles used traditional ML and 35 used DL-based approaches. We concluded that most authors used SVM, Naive Bayes, Decision Tree in ML and CNN, LSTM in the DL approach. This survey contributes by providing a systematic approach to help researchers identify a new research direction in online hate speech. [ABSTRACT FROM AUTHOR]

Published

2024

7. Short- versus long-term performance of detection models for obfuscated MSOffice-embedded malware.

Author

Viţel, Silviu, Lupaşcu, Marilena, Gavriluţ, Dragoş Teodor, and Luchian, Henri

Subjects

MACHINE learning, ARTIFICIAL neural networks, RANDOM forest algorithms, DECISION trees, MALWARE

Abstract

This paper analyzes the efficiency of various machine learning models (artificial neural networks, random forest, decision tree, AdaBoost and XGBoost) against the evolution of VBA-based (Visual Basic for Applications) malware over a large period of time (1995–2021). The file set used in our research is comprehensive—approximately 1.9 million files (out of which 944,595 are malicious and the rest are benign)—which allowed to gain insights on the resilience of various machine learning models against the diversity and the evolution of file features that reflect obfuscation techniques in VBA-based malware. In studying detection of VBA-based malware, we focus on characteristics of both the classifiers—proactivity (short-term detection efficiency against future malware), endurance (long-term detection robustness)—and of the detection-wise relevant file features—feature perishability (dynamics of feature relevance). We also describe in some detail—as a prerequisite of the study—various obfuscation techniques used by the malware under investigation during the last decade. [ABSTRACT FROM AUTHOR]

Published

2024

8. Defense against membership inference attack in graph neural networks through graph perturbation.

Author

Wang, Kai, Wu, Jinxia, Zhu, Tianqing, Ren, Wei, and Hong, Ying

Subjects

REPRESENTATIONS of graphs, MACHINE learning, FUZZY graphs, PRIVACY

Abstract

Graph neural networks have demonstrated remarkable performance in learning node or graph representations for various graph-related tasks. However, learning with graph data or its embedded representations may induce privacy issues when the node representations contain sensitive or private user information. Although many machine learning models or techniques have been proposed for privacy preservation of traditional non-graph structured data, there is limited work to address graph privacy concerns. In this paper, we investigate the privacy problem of embedding representations of nodes, in which an adversary can infer the user's privacy by designing an inference attack algorithm. To address this problem, we develop a defense algorithm against white-box membership inference attacks, based on perturbation injection on the graph. In particular, we employ a graph reconstruction model and inject a certain size of noise into the intermediate output of the model, i.e., the latent representations of the nodes. The experimental results obtained on real-world datasets, along with reasonable usability and privacy metrics, demonstrate that our proposed approach can effectively resist membership inference attacks. Meanwhile, based on our method, the trade-off between usability and privacy brought by defense measures can be observed intuitively, which provides a reference for subsequent research in the field of graph privacy protection. [ABSTRACT FROM AUTHOR]

Published

2023

9. Malicious website identification using design attribute learning

Author

Naim, Or, Cohen, Doron, and Ben-Gal, Irad

Published

2023

10. Malware classification approaches utilizing binary and text encoding of permissions.

Author

Zyout, Mo'ath, Shatnawi, Raed, and Najadat, Hassan

Subjects

MALWARE, SUPPORT vector machines, MOBILE apps, ENCODING, TEXT processing (Computer science), CLASSIFICATION

Abstract

With the advancement of smartphone technology, the development of mobile applications is rapidly growing. These apps are designed to help mobile users with a variety of everyday tasks, such as e-commerce and online services. Because these applications are widely used, they are susceptible to malicious user attacks. As a result, new challenges have emerged, such as the inability to differentiate between benign and malicious malware applications. This paper proposes two methods for classifying mobile applications into either benign or malicious: 1D convolution (Conv1d) and long short-term memory (LSTM). The suggested approaches use two encoding techniques, namely binary and text encoding, which were applied to the Android permissions of each application. In addition, the support vector machine and K-nearest-neighbor classifiers are reported as well. The two primary approaches were tested on the well-known CICMalDroid2020 dataset. Conv1d and LSTM with text encoding performed the best in terms of precision and accuracy (98.16%, 97.72%, and 96.63%, 96.69%, respectively). When compared with the Mal-Prem dataset, the Conv1d on binary classification beat the LSTM model. [ABSTRACT FROM AUTHOR]

Published

2023

11. Adversarial attacks against mouse- and keyboard-based biometric authentication: black-box versus domain-specific techniques.

Author

López, Christian, Solano, Jesús, Rivera, Esteban, Tengana, Lizzy, Florez-Lozano, Johana, Castelblanco, Alejandra, and Ochoa, Martín

Subjects

BIOMETRIC identification, MACHINE learning, MICE, BIOMETRY

Abstract

Adversarial attacks have recently gained popularity due to their simplicity, impact, and applicability to a wide range of machine learning scenarios. However, knowledge of a particular security scenario can be advantageous for adversaries to craft better attacks. In other words, in some scenarios, attackers may come up naturally with ad hoc black-box attack techniques inspired directly by problem space characteristics rather than using generic adversarial techniques. This paper explores an intuitive attack technique based on reusing legitimate user inputs and applying it to mouse-based behavioral biometrics and keyboard-based behavioral biometrics. Moreover, it compares the model's effectiveness against adversarial machine learning attacks, achieving attack success rates up to 87 and 86% for the mouse and keyboard settings, respectively. We show that attacks leveraging domain knowledge have higher transferability when applied to various machine-learning techniques and are more challenging to defend against. We also propose countermeasures against such attacks and discuss their effectiveness. [ABSTRACT FROM AUTHOR]

Published

2023

12. cFEM: a cluster based feature extraction method for network intrusion detection.

Author

Mazumder, Md. Mumtahin Habib Ullah, Kadir, Md. Eusha, Sharmin, Sadia, Islam, Md. Shariful, and Alam, Muhammad Mahbub

Subjects

FEATURE extraction, INTRUSION detection systems (Computer security), COMPUTER network traffic, FEATURE selection, MACHINE learning, TRAFFIC flow

Abstract

The recent trend in network intrusion detection leverages key features of machine learning (ML) algorithms to detect network traffic anomalies. Network traffic flows contain high dimensional features which significantly affect data-driven approaches. Therefore, the performance of ML-based approaches mainly depends on the appropriate set of features of network data. Different feature selection and extraction methods are extensively employed to attain the informative and compact set of features. Existing methods often suffer from achieving the expected performance due to the lacking of effectively removing redundant features as well as incorporating features with complementary information. In this paper, we present a cluster-based feature extraction method using Mahalanobis distance (cFEM) that clusters the correlated features and extracts new feature representations based on a distance metric. The extracted features on the transformed dimensions are employed to train different machine learning classifiers. We conducted extensive experiments using three renowned datasets. The results show that cFEM outperforms the state-of-the-art intrusion detection methods in several performance metrics such as detection rate (99.61%) and false alarm rate (0.26%). Further experiments on extracted features show that our extracted features are discriminative, free of redundancy, and able to capture complementary information. [ABSTRACT FROM AUTHOR]

Published

2023

13. A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codes.

Author

Baradaran, Sara, Heidari, Mahdi, Kamali, Ali, and Mouzarani, Maryam

Subjects

COMPUTER security vulnerabilities, CORRUPTION, MEMORY, MACHINE learning

Abstract

Memory corruption is a serious class of software vulnerabilities, which requires careful attention to be detected and removed from applications before getting exploited and harming the system users. Symbolic execution is a well-known method for analyzing programs and detecting various vulnerabilities, e.g., memory corruption. Although this method is sound and complete in theory, it faces some challenges, such as path explosion, when applied to real-world complex programs. In this paper, we present a method for improving the efficiency of symbolic execution and detecting four classes of memory corruption vulnerabilities in executable codes, i.e., heap-based buffer overflow, stack-based buffer overflow, use-after-free, and double-free. We perform symbolic execution only on test units rather than the whole program to lower the chance of path explosion. In our method, test units are considered parts of the program's code, which might contain vulnerable statements and are statically identified based on the specifications of memory corruption vulnerabilities. Then, each test unit is symbolically executed to calculate path and vulnerability constraints for each statement of the unit, which determine the conditions on unit input data for executing that statement or activating vulnerabilities in it, respectively. Solving these constraints gives us input values for the test unit, which execute the desired statements and reveal vulnerabilities in them. Finally, we use machine learning to approximate the correlation between system and unit input data. Thereby, we generate system inputs that enter the program, reach vulnerable instructions in the desired test unit, and reveal vulnerabilities in them. This method is implemented as a plug-in for angr framework and evaluated using a group of benchmark programs. The experiments show its superiority over similar tools in accuracy and performance. [ABSTRACT FROM AUTHOR]

Published

2023

14. Swarm-intelligence for the modern ICT ecosystems

Author

Hatzivasilis, George, Lakka, Eftychia, Athanatos, Manos, Ioannidis, Sotiris, Kalogiannis, Grigoris, Chatzimpyrros, Manolis, Spanoudakis, George, Papastergiou, Spyros, Karagiannis, Stylianos, Alexopoulos, Andreas, Amelin, Dimitry, and Kiefer, Stephan

Published

2024

15. A systematic review on research utilising artificial intelligence for open source intelligence (OSINT) applications

Author

Browne, Thomas Oakley, Abedin, Mohammad, and Chowdhury, Mohammad Jabed Morshed

Published

2024

16. IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications

Author

Bhandari, Guru Prasad, Assres, Gebremariam, Gavric, Nikola, Shalaginov, Andrii, and Grønli, Tor-Morten

Published

2024

17. Model-Agnostic Utility-Preserving Biometric Information Anonymization.

Author

Chen, Chun-Fu, Moriarty, Bill, Hu, Shaohan, Moran, Sean, Pistoia, Marco, Piuri, Vincenzo, and Samarati, Pierangela

Subjects

*BIOMETRIC identification, *BIOMETRY, *MACHINE learning, *USER experience, *LEAKS (Disclosure of information), *RETINA

Abstract

The recent rapid advancements in both sensing and machine learning technologies have given rise to the universal collection and utilization of people's biometrics, such as fingerprints, voices, retina/facial scans, or gait/motion/gestures data, enabling a wide range of applications including authentication, health monitoring, or much more sophisticated analytics. While providing better user experiences and deeper business insights, the use of biometrics has raised serious privacy concerns due to their intrinsic sensitive nature and the accompanying high risk of leaking sensitive information such as identity or medical conditions. In this paper, we propose a novel modality-agnostic data transformation framework that is capable of anonymizing biometric data by suppressing its sensitive attributes while retaining features relevant to downstream machine learning-based analyses that are of research and business values. We carried out a thorough experimental evaluation using publicly available facial, voice, motion, and EEG datasets. Results show that our proposed framework can achieve a high suppression level for sensitive information, while at the same time retain underlying data utility such that subsequent analyses on the anonymized biometric data could still be carried out to yield satisfactory accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

18. Hate speech, toxicity detection in online social media: a recent survey of state of the art and opportunities

Author

Anjum and Katarya, Rahul

Published

2023

19. Causal effect analysis-based intrusion detection system for IoT applications.

Author

Bhaskara, Srividya and Rathore, Santosh Singh

Subjects

CAUSAL inference, MACHINE learning, BAYESIAN analysis, INTERNET of things, ARTIFICIAL intelligence, INTRUSION detection systems (Computer security), PREDICTION models

Abstract

Intrusion detection systems (IDSs) are employed at various levels in the network to either detect or prevent an intrusion that could cause irrecoverable data damage in IoT applications. Nowadays, different machine learning (ML) and artificial intelligence techniques are used to develop prediction models for IDS. However, existing ML-based detection models mostly rely on associative features to determine the relationship between attacks and traffic variables. These features failed to discern correlation from causality, and thus, many times, they generated poor performance on the testing data. The method of drawing causal inferences can be helpful to researchers in focusing on the causes of the intrusion rather than the correlation of the attributes, which provide only limited information. However, the method of drawing causal inferences has few to no implementations in the IDS. This paper explores using a causal analysis method, the Bayesian causal network for the IDS, and attempts to determine the significant attributes that can lead to an accurate prediction model for the IDS. The presented causal inference method is validated via an experimental analysis of the message queuing telemetry transport protocol dataset. The result shows that the Bayesian network implementation of causal inference has achieved an average accuracy, precision, recall, and F1-score of 99.8%, 99.4%, 98.89%, and 99.13%, respectively, for different considered attack scenarios. The analysis of the results shows that the performance of the presented method is equivalent to or better than other machine learning solutions. [ABSTRACT FROM AUTHOR]

Published

2023

20. Phish-Sight: a new approach for phishing detection using dominant colors on web pages and machine learning.

Author

Pandey, Pankaj and Mishra, Nishchol

Subjects

WEBSITES, MACHINE learning, PHISHING, INTERNET traffic, UNIFORM Resource Locators, RANDOM forest algorithms, PHISHING prevention

Abstract

Phishing is one of the most dangerous threats in which a hacker imitates a person, company or government agency to lure and deceive their victims. Machine learning anti-phishing solutions are gaining popularity nowadays. However, most anti-phishing solutions rely heavily on features extracted from third-party services such as whois services, DNS search, and web traffic. As a result, they are slow and require a lot of computing resources. This paper introduces a machine-learning-based framework: Phish-Sight that detects phishing websites through a visual inspection strategy. Phish-Sight uses dominant color features and highly targeted popular brand names embedded in URLs' web pages with machine learning techniques to detect phishing web pages. Prediction performance of the dominant color features and popular brand names from web pages was investigated using five machine learning algorithms. The Random Forest algorithm surpassed the others, with a 98.43% true positive rate and 99.13% accuracy in detecting phishing frauds. The prediction run time per web page measured at 7.6 s suggests that Phish-Sight has potential for real-time applications. [ABSTRACT FROM AUTHOR]

Published

2023

21. Applying NLP techniques to malware detection in a practical environment.

Author

Mimura, Mamoru and Ito, Ryo

Subjects

NATURAL language processing, MALWARE, SUBSPECIES, COMPUTERS, MACHINE learning

Abstract

Executable files still remain popular to compromise the endpoint computers. These executable files are often obfuscated to avoid anti-virus programs. To examine all suspicious files from the Internet, dynamic analysis requires too much time. Therefore, a fast filtering method is required. With the recent development of natural language processing (NLP) techniques, printable strings became more effective to detect malware. The combination of the printable strings and NLP techniques can be used as a filtering method. In this paper, we apply NLP techniques to malware detection. This paper reveals that printable strings with NLP techniques are effective for detecting malware in a practical environment. Our dataset consists of more than 500,000 samples obtained from multiple sources. Our experimental results demonstrate that our method is effective to not only subspecies of the existing malware, but also new malware. Our method is effective against packed malware and anti-debugging techniques. [ABSTRACT FROM AUTHOR]

Published

2022

22. Security bug reports classification using fasttext

Author

Alqahtani, Sultan S.

Published

2024

23. Exploring the potential of deep learning and machine learning techniques for randomness analysis to enhance security on IoT

Author

Ince, Kenan

Published

2024

24. Fairness as a Service (FaaS): verifiable and privacy-preserving fairness auditing of machine learning systems

Author

Toreini, Ehsan, Mehrnezhad, Maryam, and van Moorsel, Aad

Published

2024

25. Feature engineering impact on position falsification attacks detection in vehicular ad-hoc network.

Author

Abdelkreem, Eslam, Hussein, Sherif, and Tammam, Ashraf

Subjects

*FALSIFICATION, *MACHINE learning, *AD hoc computer networks, *ENGINEERING, *ROAD safety measures

Abstract

The vehicular ad-hoc network is a technology that enables vehicles to interact with each other and the surrounding infrastructure, aiming to enhance road safety and driver comfort. However, it is susceptible to various security attacks. Among these attacks, the position falsification attack is regarded as one of the most serious, in which the malicious nodes tamper with their transmitted location. Thus, developing effective misbehavior detection schemes capable of detecting such attacks is crucial. Many of these schemes employ machine learning techniques to detect misbehavior based on the features of the exchanged messages. However, the studies that identify the impact of feature engineering on schemes' performance and highlight the most efficient features and algorithms are limited. This paper conducts a comprehensive literature survey to identify the key features and algorithms used in the literature that lead to the best-performing models. Then, a comparative study using the VeReMi dataset, which is publicly available, is performed to assess six models implemented using three different machine learning algorithms and two feature sets: one comprising selected and derived features and the other including all message features. The findings show that two of the suggested models that employ feature engineering perform almost equally to existing studies in identifying two types of position falsification attacks while exhibiting performance improvements in detecting other types. Furthermore, the results of evaluating the proposed models using another simulation exhibit a substantial improvement achieved by employing feature engineering techniques, where the average accuracy of the models is increased by 6.31–47%, depending on the algorithm used. [ABSTRACT FROM AUTHOR]

Published

2024

26. Attribute inference privacy protection for pre-trained models.

Author

Abedi Khorasgani, Hossein, Mohammed, Noman, and Wang, Yang

Subjects

*DATA privacy, *PRIVACY, *DATA protection laws, *VISUAL fields, *IMAGE processing, *COMPUTER vision, *MACHINE learning

Abstract

With the increasing popularity of machine learning (ML) in image processing, privacy concerns have emerged as a significant issue in deploying and using ML services. However, current privacy protection approaches often require computationally expensive training from scratch or extensive fine-tuning of models, posing significant barriers to the development of privacy-conscious models, particularly for smaller organizations seeking to comply with data privacy laws. In this paper, we address the privacy challenges in computer vision by investigating the effectiveness of two recent fine-tuning methods, Model Reprogramming and Low-Rank Adaptation. We adapt these techniques to provide attribute protection for pre-trained models, minimizing computational overhead and training time. Specifically, we modify the models to produce privacy-preserving latent representations of images that cannot be used to identify unintended attributes. We integrate these methods into an adversarial min–max framework, allowing us to conceal sensitive information from feature outputs without extensive modifications to the pre-trained model, but rather focusing on a small set of new parameters. We demonstrate the effectiveness of our methods by conducting experiments on the CelebA dataset, achieving state-of-the-art performance while significantly reducing computational complexity and cost. Our research provides a valuable contribution to the field of computer vision and privacy, offering practical solutions to enhance the privacy of machine learning services without compromising efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

27. Random forest evaluation using multi-key homomorphic encryption and lookup tables.

Author

Petrean, Diana-Elena and Potolea, Rodica

Subjects

*RANDOM forest algorithms, *DECISION trees, *MACHINE learning, *CLOUD computing, *INTELLECTUAL property, *BLOCK ciphers, *IMAGE encryption

Abstract

In recent years, machine learning (ML) has become increasingly popular in various fields of activity. Cloud platforms have also grown in popularity, as they offer services that are more secure and accessible worldwide. In this context, cloud-based technologies emerged to support ML, giving rise to the machine learning as a service (MLaaS) concept. However, the clients accessing ML services in order to obtain classification results on private data may be reluctant to upload sensitive information to cloud. The model owners may also prefer not to outsource their models in order to prevent model inversion attacks and to protect intellectual property. The privacy-preserving evaluation of ML models is possible through multi-key homomorphic encryption (MKHE), that allows both the client data and the model to be encrypted under different keys. In this paper, we propose an MKHE evaluation method for decision trees and we extend the proposed method for random forests. Each decision tree is evaluated as a single lookup table, and voting is performed at the level of groups of decision trees in the random forest. We provide both theoretical and experimental evaluations for the proposed method. The aim is to minimize the performance degradation introduced by the encrypted model compared to a plaintext model while also obtaining practical classification times. In our experiments with the proposed MKHE random forest evaluation method, we obtained minimal (less than 0.6%) impact on the main ML performance metrics considered for each scenario, while also achieving reasonable classification times (of the order of seconds). [ABSTRACT FROM AUTHOR]

Published

2024

28. A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of Things.

Author

Saheed, Yakub Kayode and Misra, Sanjay

Subjects

*INTRUSION detection systems (Computer security), *GREY Wolf Optimizer algorithm, *WOLVES, *MACHINE learning, *INTERNET of things, *FEATURE selection

Abstract

The Internet of Things (IoT) has garnered considerable attention from academic and industrial circles as a pivotal technology in recent years. The escalation of security risks is observed to be associated with the growing interest in IoT applications. Intrusion detection systems (IDS) have been devised as viable instruments for identifying and averting malicious actions in this context. Several techniques described in academic papers are thought to be very accurate, but they cannot be used in the real world because the datasets used to build and test the models do not accurately reflect and simulate the IoT network. Existing methods, on the other hand, deal with these issues, but they are not good enough for commercial use because of their lack of precision, low detection rate, receiver operating characteristic (ROC), and false acceptance rate (FAR). The effectiveness of these solutions is predominantly dependent on individual learners and is consequently influenced by the inherent limitations of each learning algorithm. This study introduces a new approach for detecting intrusion attacks in an IoT network, which involves the use of an ensemble learning technique based on gray wolf optimizer (GWO). The novelty of this study lies in the proposed voting gray wolf optimizer (GWO) ensemble model, which incorporates two crucial components: a traffic analyzer and a classification phase engine. The model employs a voting technique to combine the probability averages of the base learners. Secondly, the combination of feature selection and feature extraction techniques is to reduce dimensionality. Thirdly, the utilization of GWO is employed to optimize the parameters of ensemble models. Similarly, the approach employs the most authentic intrusion detection datasets that are accessible and amalgamates multiple learners to generate ensemble learners. The hybridization of information gain (IG) and principal component analysis (PCA) was employed to reduce dimensionality. The study utilized a novel GWO ensemble learning approach that incorporated a decision tree, random forest, K-nearest neighbor, and multilayer perceptron for classification. To evaluate the efficacy of the proposed model, two authentic datasets, namely, BoT-IoT and UNSW-NB15, were scrutinized. The GWO-optimized ensemble model demonstrates superior accuracy when compared to other machine learning-based and deep learning models. Specifically, the model achieves an accuracy rate of 99.98%, a DR of 99.97%, a precision rate of 99.94%, an ROC rate of 99.99%, and an FAR rate of 1.30 on the BoT-IoT dataset. According to the experimental results, the proposed ensemble model optimized by GWO achieved an accuracy of 100%, a DR of 99.9%, a precision of 99.59%, an ROC of 99.40%, and an FAR of 1.5 when tested on the UNSW-NB15 dataset. [ABSTRACT FROM AUTHOR]

Published

2024

29. A computationally efficient dimensionality reduction and attack classification approach for network intrusion detection.

Author

Patel, N. D., Mehtre, B. M., and Wankar, Rajeev

Subjects

*INTRUSION detection systems (Computer security), *COMPUTER network traffic, *MACHINE learning, *FEATURE selection, *SYSTEM administrators, *CLASSIFICATION

Abstract

An intrusion detection system (IDS) is a system that monitors network traffic for malicious activity and generates alerts. In anomaly-based detection, machine learning (ML) algorithms exploit various statistical and probabilistic methods to learn from past or historical experience and detect valuable patterns from large, unstructured, and complex datasets. ML-based network intrusion detection aims to identify malicious behavior and alert a system administrator when an intruder tries to penetrate the network. This paper deals with the study, strategic construction, and implementation of a network intrusion detection model based on ML methods. Among the available IDS datasets, five of the most relevant are chosen for the experimental analysis, which are NSL-KDD-2009, CIC-IDS2017, CIC-IDS2018, IoTID20, and UNSW-NB15 datasets. In order to reduce the computation time in the training sample and achieve computational complexity O (N 2.38 ± δ) , we propose a computationally efficient and feasible algorithmic framework for analyzing the network traffic data. The developed approach mainly consists of two phases, i.e., "Scatter Matrices and Eigenvalue Computation based feature Selection" and "Classification procedure for the reduced dimension data." Experimental evaluation of various test case scenarios for the chosen datasets is carried out in the simulation setting. It is observed that the test results outperform the existing intrusion detection methods for detecting certain attack categories. [ABSTRACT FROM AUTHOR]

Published

2024

30. Enhancing detection of malicious profiles and spam tweets with an automated honeypot framework powered by deep learning.

Author

El Mendili, Fatna, Fattah, Mohammed, Berros, Nisrine, Filaly, Youness, and El Bouzekri El Idrissi, Younès

Subjects

*SPAM email, *DEEP learning, *CONVOLUTIONAL neural networks, *MACHINE learning, *RECOMMENDER systems, *SOCIAL networks

Abstract

Social networks are widely used platforms for sharing various information and content, including text, images, and videos.The main challenge in social networking today is the verification of data credibility and the identification of genuine social media profiles. Cybercriminals take advantage of this by utilizing fake profiles to disseminate false information. However, current research mainly concentrates on spam filtering and analyzing malicious behavior separately, disregarding the interrelated nature of these issues. We propose a more desirable global, hybrid solution that encompasses both malicious profile detection and spam detection to mitigate the spread of spam effectively. This paper offers a deep learning-based method for detecting malicious profiles and spam tweets. For the profiles to interact with them as legitimate profiles, we first provide the detection of fake profiles using an automated honeypot. Next, we detect those who make interactions as malicious profiles, and finally, we collect their shared content to find spam tweets using a convolution neural network algorithm. We suggest using collaborative filtering and content filtering algorithms from recommender systems to define accounts similar to harmful profiles and spam similar to spam material picked up by convolution neural networks. We get a highly compelling and intriguing outcome with higher accuracy (99.23%) and lesser loss than typical learning algorithms. [ABSTRACT FROM AUTHOR]

Published

2024

31. Random resampling algorithms for addressing the imbalanced dataset classes in insider threat detection.

Author

Al-Shehari, Taher and Alsowail, Rakan A.

Subjects

MACHINE learning, LEAK detection, ALGORITHMS, STATISTICAL sampling, SAMPLING (Process)

Abstract

Cybersecurity threats can be perpetrated by insiders or outsiders. The threats that could be carried out by insiders are far more serious due to their privileged access, which they may use to cause financial loss and reputation harm for an organization. Thus, insider threats represent a major cybersecurity challenge for private and government organizations. Researchers and cybersecurity practitioners have proposed different approaches for detecting and mitigating insider threats, but they face many challenges (e.g., dataset availability and the highly imbalanced classes of the available dataset). Because the shortcoming of an insider threat dataset, the benchmarking dataset given by The Computer Emergency Response Team (CERT) was used to validate the majority of the insider threat detection approaches. The CERT dataset of insider threat is extremely imbalanced, and hence, once utilized to validate an insider threat detection model, the detection results may be biased and inaccurate. Such imbalance issue of the CERT dataset is ignored by most existing approaches of insider threat detection. As result, effective model is required to detect insider data leakage incidents from an imbalanced dataset more precisely. In this paper an insider data leakage detection model is proposed to leverage various random sampling techniques and well-known machine learning algorithms to deal with the dataset's extremely imbalanced classes. We evaluate the model on CERT r4.2 insider threat dataset utilizing different sampling techniques, and then compare its performance with the baseline and existing work. The empirical results show that by resolving the imbalanced dataset issue, our model enhances the detection performance of insider data leakage events by surpassing existing approaches. [ABSTRACT FROM AUTHOR]

Published

2023

32. Adversarial security mitigations of mmWave beamforming prediction models using defensive distillation and adversarial retraining.

Author

Kuzlu, Murat, Catak, Ferhat Ozgur, Cali, Umit, Catak, Evren, and Guler, Ozgur

Subjects

ARTIFICIAL neural networks, DEEP learning, ARTIFICIAL intelligence, MACHINE learning, BEAMFORMING, PREDICTION models

Abstract

The design of a security scheme for beamforming prediction is critical for next-generation wireless networks (5G, 6G, and beyond). However, there is no consensus about protecting beamforming prediction using deep learning algorithms in these networks. This paper presents the security vulnerabilities in deep learning for beamforming prediction using deep neural networks in 6G wireless networks, which treats the beamforming prediction as a multi-output regression problem. It is indicated that the initial DNN model is vulnerable to adversarial attacks, such as Fast Gradient Sign Method , Basic Iterative Method , Projected Gradient Descent , and Momentum Iterative Method , because the initial DNN model is sensitive to the perturbations of the adversarial samples of the training data. This study offers two mitigation methods, such as adversarial training and defensive distillation, for adversarial attacks against artificial intelligence-based models used in the millimeter-wave (mmWave) beamforming prediction. Furthermore, the proposed scheme can be used in situations where the data are corrupted due to the adversarial examples in the training data. Experimental results show that the proposed methods defend the DNN models against adversarial attacks in next-generation wireless networks. [ABSTRACT FROM AUTHOR]

Published

2023

33. HTTPScout: A Machine Learning based Countermeasure for HTTP Flood Attacks in SDN.

Author

Mohammadi, Reza, Lal, Chhagan, and Conti, Mauro

Subjects

DENIAL of service attacks, HTTP (Computer network protocol), MACHINE learning, SOFTWARE-defined networking, INTERNET servers, TRAFFIC flow

Abstract

Nowadays, the number of Distributed Denial of Service (DDoS) attacks is growing rapidly. The aim of these type of attacks is to make the prominent and critical services unavailable for legitimate users. HTTP flooding is one of the most common DDoS attacks and because of its implementation in application layer, it is difficult to detect and prevent by the current defense mechanisms. This attack not only makes the web servers unavailable, but consumes the computational resources of the network equipment and congests communication links. Recently, the advent of Software Defined Networking (SDN) paradigm has enabled the network providers to detect and mitigate application layer DDoS attacks such as HTTP flooding. In this paper, we propose a defense mechanism named HTTPScout which leverages the benefits of SDN together with Machine Learning (ML) techniques to detect and mitigate HTTP flooding attack. HTTPScout is implemented as a security module in RYU controller and monitors the behavior of HTTP traffic flows. Upon detecting a malicious flow, it blocks the source of the attack at the edge switch and preserves the network resources from the adversarial effects of the attack. Simulation results confirm that HTTPScout brings a significant improvement of 64% in bandwidth consumption and 80% in the number of forwarding rules compared to normal SDN. [ABSTRACT FROM AUTHOR]

Published

2023

34. A study of machine learning-based models for detection, control, and mitigation of cyberbullying in online social media.

Author

Kumar, Raju and Bhat, Aruna

Subjects

CYBERBULLYING, SOCIAL media, DEEP learning, ACTIVE medium, CYBERSPACE, PREDICTION models

Abstract

Online social media (OSM) is an integral part of human life these days. Significantly, the young generation spends most of their time on social media in an active and passive state. The exponential growth of OSM has created an atmosphere of increased cybercrime. Although OSM provides a platform to connect people with similar thoughts and interests, it also exposes vulnerable users to mischievous elements in cyberspace. Social media connects and generates a massive amount of human activity-related data. However, the misuse of OSM introduces a novel way of expressing aggression and violence that exclusively happens online. In this research paper, we briefly discuss the background of Cyberbullying and the various machine and deep learning-based models incorporated to deal with it effectively. We also highlight the main challenges in designing a cyberbullying prediction model and address them. [ABSTRACT FROM AUTHOR]

Published

2022

35. Deep learning based network intrusion detection system: a systematic literature review and future scopes.

Author

Yogesh and Goyal, Lalit Mohan

Subjects

*CONVOLUTIONAL neural networks, *COMPUTER network traffic, *DEEP learning, *COMPUTER network security, *MACHINE learning

Abstract

With the immense growth of the internet, sensitive, confidential, important corporate and individual data passing through the internet has grown rapidly. Due to the limitation of security systems, potential hackers and attackers have possessed vulnerabilities and attacks for intruding into the network to gain confidential and sensitive information to affect the performance of networks by breaching network confidentiality. Thereby, to counterfeit these attacks and abnormal behaviors, a network intrusion detection system (NIDS), acts as a crucial branch of cybersecurity for analysis and monitoring the network traffic regularly to report and detect abnormal and malicious activities in a network. Currently, various reviews and survey papers have covered various techniques for NIDS, out of which, mostly followed a non-systematic way of approach without an in-depth analysis of techniques and evaluation metrics used by deep learning(DL) based NIDS models. In addition, various reviews focused on machine learning (ML) and DL-based methodology, but with less emphasis on DL techniques (i.e. AE, CNN, DNN, DBN, RNN, and Hybrid DL) based classification. Thereby, the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology was used to accomplish this work by providing a comprehensive and detailed overview of DL-based NIDS. Research papers for this work were collected from five well-known databases (ScienceDirect, IEEE, Hindawi, SpringerNature, and MDPI) which were cut among several reputable conference proceedings and reputable journals. Across the 750 articles identified in the literature, 72 research papers were finally marked and selected for synthesis and analysis to find the answers to research questions. In addition, we identified various potential research challenges in the current domain based on research findings. Lastly, to design an efficient NIDS, we concluded our study by identifying high-impact and promising future research areas in the NIDS domain. [ABSTRACT FROM AUTHOR]

Published

2024

36. MAPAS: a practical deep learning-based android malware detection system.

Author

Kim, Jinsung, Ban, Younghoon, Ko, Eunbyeol, Cho, Haehyun, and Yi, Jeong Hyun

Subjects

DEEP learning, CONVOLUTIONAL neural networks, MALWARE, MACHINE learning

Abstract

A lot of malicious applications appears every day, threatening numerous users. Therefore, a surge of studies have been conducted to protect users from newly emerging malware by using machine learning algorithms. Albeit existing machine or deep learning-based Android malware detection approaches achieve high accuracy by using a combination of multiple features, it is not possible to employ them on our mobile devices due to the high cost for using them. In this paper, we propose MAPAS, a malware detection system, that achieves high accuracy and adaptable usages of computing resources. MAPAS analyzes behaviors of malicious applications based on API call graphs of them by using convolution neural networks (CNN). However, MAPAS does not use a classifier model generated by CNN, it only utilizes CNN for discovering common features of API call graphs of malware. For efficiently detecting malware, MAPAS employs a lightweight classifier that calculates a similarity between API call graphs used for malicious activities and API call graphs of applications that are going to be classified. To demonstrate the effectiveness and efficiency of MAPAS, we implement a prototype and thoroughly evaluate it. And, we compare MAPAS with a state-of-the-art Android malware detection approach, MaMaDroid. Our evaluation results demonstrate that MAPAS can classify applications 145.8% faster and uses memory around ten times lower than MaMaDroid. Also, MAPAS achieves higher accuracy (91.27%) than MaMaDroid (84.99%) for detecting unknown malware. In addition, MAPAS can generally detect any type of malware with high accuracy. [ABSTRACT FROM AUTHOR]

Published

2022

37. IoT-oriented high-efficient anti-malware hardware focusing on time series metadata extractable from inside a processor core.

Author

Koike, Kazuki, Kobayashi, Ryotaro, and Katoh, Masahiko

Subjects

ANTI-malware (Computer software), TIME series analysis, METADATA, MACHINE learning, MALWARE

Abstract

We aim to improve the efficiency of our previously proposed anti-malware hardware; it is a hardware-implemented malware detection mechanism that uses information inside the processor. We previously evaluated a prototype, but, due to its prototypical nature, there remain limitations, such as only detecting certain behaviors, high power consumption, and a tendency to bloat the training model. In this paper, we propose a circuit and a learning method to achieve high efficiency, low power consumption, and light weight for the model. In considering these three issues, we focus on time-series metadata obtained by transforming the processor information. To improve efficiency, we implement predictive detection to predict the behavior of metadata in the malware detection component. This lets the model detect malware within less than 19% of the number of execution cycles of the conventional method. To reduce power consumption, we implement a sampling circuit that interrupts the input to the detection circuit at regular intervals, reducing the system's uptime by 99% while maintaining judgment accuracy. Finally, for a light weight, we focus on the training process of the metadata generator based on a machine-learning model. By applying sampling learning and feature dimensionality reduction in the training process, a metadata generator approximately 16% smaller than the previous version is created. [ABSTRACT FROM AUTHOR]

Published

2022

38. A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information.

Author

Takase, Hayate, Kobayashi, Ryotaro, Kato, Masahiko, and Ohmura, Ren

Subjects

HOUSEHOLD appliances, INTERNET of things, PROTOTYPES, COMPUTER security vulnerabilities, MALWARE prevention

Abstract

Due to the popularization of Internet of Things (IoT) devices, numerous and varied devices have been connected to the Internet. While various devices including home appliances operate via the Internet, attacks targeting many IoT devices are increasing because the vulnerabilities exist in them. Furthermore, there is a problem that introducing a security mechanism as software is difficult because they have few hardware resources. Therefore, a security mechanism which does not consume hardware resources such as CPU and memory is required. We propose a malware detection mechanism using values extracted from the processor. We aim to offload the malware detection mechanism to hardware by using the processor information and aim to suppress the consumption of hardware resources. In this paper, we implemented a prototype of our proposed mechanism using QEMU, which is a virtual machine. We show that our proposed mechanism can classify malware or benign programs by using the processor information as well as detect malware variant belonging to the same family. [ABSTRACT FROM AUTHOR]

Published

2020

39. DNS exfiltration detection in the presence of adversarial attacks and modified exfiltrator behaviour

Author

Žiža, Kristijan, Tadić, Predrag, and Vuletić, Pavle

Published

2023

40. DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation.

Author

Aamir, Muhammad and Zaidi, Syed Mustafa Ali

Subjects

DENIAL of service attacks, K-nearest neighbor classification, MACHINE learning, SUPERVISED learning, FEATURE selection, SUPPORT vector machines, FAULT-tolerant computing

Abstract

This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy. [ABSTRACT FROM AUTHOR]

Published

2019

41. AIHGAT: A novel method of malware detection and homology analysis using assembly instruction heterogeneous graph.

Author

Wang, Runzheng, Gao, Jian, and Huang, Shuhua

Subjects

*COMPUTER network security, *FAMILY research, *MACHINE learning, *MALWARE, *FEATURE extraction

Abstract

At present, the trend of familiarization of malicious code is becoming more and more obvious, and the research on the homology of malware (the classification of malicious code family) is of great significance for maintaining network security. In order to better express the overall characteristics of malicious code and improve the effect of detection and homology analysis, this paper proposes a method for detection and homology analysis of malware based on heterogeneous graphs of assembly instructions (AIHGAT). We take the assembly instructions of malicious families as the research object and analyze the importance and correlation of assembly instructions of different malicious families. The malware detection and homology analysis are carried out in three aspects: feature extraction, feature preprocessing, and model construction. In the feature extraction of malicious code, in order to alleviate the problem that it is difficult to extract static features of malicious samples that contain countermeasures such as packing and obfuscation, we obtain binary files from dynamic memory through sandbox and then, analyze its assembly instruction set. In feature preprocessing, we divide the assembly instructions into N-tuples and construct a heterogeneous graph based on assembly instructions according to the internal correlation of the gene sequence composed of the assembly N-grams features. Finally, in terms of model construction, we analyze the homology determination effect of the traditional graph neural network and construct the Graph Attention Network based on residual connection named ResGAT to analyze the homology of malicious code. The experimental results show that the ResGAT can gather the core characteristics of malicious families and enhance the ability to recognize malicious family variants. Our model has an accuracy rate of 98.83%, which is better than traditional machine learning detection methods, and can effectively determine the homology of malicious code families. [ABSTRACT FROM AUTHOR]

Published

2023

42. Defeating traffic analysis via differential privacy: a case study on streaming traffic.

Author

Zhang, Xiaokuan, Hamm, Jihun, Reiter, Michael K., and Zhang, Yinqian

Subjects

PRIVACY, MACHINE learning, CITY traffic, PHYSIOLOGICAL adaptation

Abstract

In this paper, we explore the adaption of techniques previously used in the domains of adversarial machine learning and differential privacy to mitigate the ML-powered analysis of streaming traffic. Our findings are twofold. First, constructing adversarial samples effectively confounds an adversary with a predetermined classifier but is less effective when the adversary can adapt to the defense by using alternative classifiers or training the classifier with adversarial samples. Second, differential-privacy guarantees are very effective against such statistical-inference-based traffic analysis, while remaining agnostic to the machine learning classifiers used by the adversary. We propose three mechanisms for enforcing differential privacy for encrypted streaming traffic and evaluate their security and utility. Our empirical implementation and evaluation suggest that the proposed statistical privacy approaches are promising solutions in the underlying scenarios [ABSTRACT FROM AUTHOR]

Published

2022

43. Evaluating differentially private decision tree model over model inversion attack.

Author

Park, Cheolhee, Hong, Dowon, and Seo, Changho

Subjects

DECISION trees, RIGHT of privacy, MACHINE learning, PRIVACY

Abstract

Machine learning techniques have been widely used and shown remarkable performance in various fields. Along with the widespread utilization of machine learning, concerns about privacy violations have been raised. Recently, as privacy invasion attacks on machine learning models have been reported, research on privacy-preserving machine learning has been conducted. In particular, in the field of differential privacy, which is the rigorous notion of privacy, various mechanisms have been proposed to preserve privacy of machine learning models. However, there is a lack of research that analyzes the relationship between the degree of privacy guarantee and substantial privacy breach attacks. In this paper, we analyze the relationship between differentially private models and privacy breach attacks according to the degree of privacy preservation and study how to set appropriate privacy parameters. In particular, we focus on the model inversion attack for decision trees and analyze various differentially private decision tree algorithms over the attack. Our main finding from investigating the trade-off between data privacy and model utility is that well-designed differentially private algorithms can significantly mitigate the substantial privacy invasion attack while preserving model utility. [ABSTRACT FROM AUTHOR]

Published

2022

44. The Agent Web Model: modeling web hacking for reinforcement learning.

Author

Erdődi, László and Zennaro, Fabio Massimo

Subjects

COMPUTER hacking, REINFORCEMENT learning, WEBSITES, MACHINE learning, LEARNING problems

Abstract

Website hacking is a frequent attack type used by malicious actors to obtain confidential information, modify the integrity of web pages or make websites unavailable. The tools used by attackers are becoming more and more automated and sophisticated, and malicious machine learning agents seem to be the next development in this line. In order to provide ethical hackers with similar tools, and to understand the impact and the limitations of artificial agents, we present in this paper a model that formalizes web hacking tasks for reinforcement learning agents. Our model, named Agent Web Model, considers web hacking as a capture-the-flag style challenge, and it defines reinforcement learning problems at seven different levels of abstraction. We discuss the complexity of these problems in terms of actions and states an agent has to deal with, and we show that such a model allows to represent most of the relevant web vulnerabilities. Aware that the driver of advances in reinforcement learning is the availability of standardized challenges, we provide an implementation for the first three abstraction layers, in the hope that the community would consider these challenges in order to develop intelligent web hacking agents. [ABSTRACT FROM AUTHOR]

Published

2022

45. An SSH predictive model using machine learning with web proxy session logs.

Author

Lee, Junwon and Lee, Heejo

Subjects

MACHINE learning, PREDICTION models, SUPERVISED learning, DEEP learning, DECISION trees, RANDOM forest algorithms

Abstract

An adversary can use SSH communication as a route for information leakage or hacking. Many studies have focused on TCP header analysis to detect encrypted communication. However, SSH detection using TCP header analysis is limited when changing TCP port information or modifying components of the SSH protocol. Various machine-learning (ML) techniques have been introduced to enhance network traffic classification by analyzing TCP headers. Most ML-based traffic classification research has analyzed network packet flows. However, because of the complex structures and the various implementations of the TCP protocol, a lot of time and resources are required for the recombination of network packet flows. This paper presents a novel contribution to overcome the problems of network packet analysis that employs web proxy session logs, which do not require the recombination of packets to prepare a dataset for analysis. Moreover, we propose a hybrid predictive model that is useful for web proxy session log analysis. In the modeling process, we collected the web proxy logs from an actual network of ICT companies (more than 10,000 employees, Seoul, South Korea) and used the random forest and decision tree algorithms for the supervised learning. The detection rate (DR) for the training dataset was 99.9%, which is similar to or higher than that of other studies using ML and deep learning. Using the dataset of DARPA99, we proved that the DR and FPR for our proposed model were better than those achieved by Alshammari et al.'s model. We expect that the proposed predictive model can be used to block illegal attempts at SSH communication over HTTP CONNECT by changing the destination port and to detect novel illegal communication protocols. [ABSTRACT FROM AUTHOR]

Published

2022

46. A semantic-aware log generation method for network activities.

Author

Yichiet, Aun, Khaw, Yen-Min Jasmina, Gan, Ming-Lee, and Ponnusamy, Vasaki

Subjects

ARTIFICIAL neural networks, DECODING algorithms, SAWLOGS, MULTIPLE scattering (Physics), MACHINE learning

Abstract

Context-aware network logging is becoming more prevalent for enterprise networks, data centers, and forensics. Monitoring agents are strategically placed to generate log files from the activity of interests from various network points. In a distributed architecture, these agents are scattered across multiple nodes, and they have limited network visibility. Consequently, the resulting logs become fragmented and less perceptible without a unified network context. Besides, aggregating useful information from a diverse management protocol with various languages, syntax styles, and notations requires complex semantic understanding to synthesize these log files. Currently, general-purpose logs like SNMP's logs only provide parametric values at connection levels but lacks incident-specific information. Meanwhile, proprietary services like AWS CloudTrail identify more contexts at the incident-level, but they only work on selected products and infrastructure. This paper proposed a platform-agnostic log decoding and generation algorithm (SAG) for network logging that is semantic aware using context aggregation. Firstly, a protocol-agnostic controller acts as a master to collect logs from agents running in routers, firewall, IDS/IPS, load balancers, managed switches, and servers. From these logs, three traffic models, namely (1) service-activity model (SaM), (2) general-activity model (GaM), and (3) device-activity model (DaM), are trained using artificial neural network (ANN). The log generator then uses the context-filling technique to resolve and construct log entries using a generic sentence template while inferring from these machine-learning models. A sentence smoothing technique is designed to restructure entities in the logs based on traffic directionality for semantic correctness. The experimental result shows that SAG's logs have 1.8 times more contexts resolved for improved log's perceptibility. [ABSTRACT FROM AUTHOR]

Published

2022

47. Machine learning approach to vulnerability detection in OAuth 2.0 authentication and authorization flow.

Author

Munonye, Kindson and Péter, Martinek

Subjects

MACHINE learning, WEB-based user interfaces, SUPERVISED learning

Abstract

Technologies for integrating enterprise web applications have improved rapidly over the years. The OAuth framework provides authentication and authorization using the users' profile and credentials in an existing identity provider. This makes it possible for attackers to exploit any vulnerability arising from exchange of data with the provider. Vulnerability in OAuth authorization flow allows an attacker to alter the normal flow sequence of the OAuth protocol. In this paper, a machine learning-based approach was applied in the detection of potential vulnerability in the OAuth authentication and authorization flow by analyzing the relationship between changes in the OAuth parameters and the final output. This research models the OAuth protocol as a supervised learning problem where seven classification models were developed, tuned and evaluated. Exploratory Data Analytics (EDA) techniques were applied in the extraction and analysis of specific OAuth features so that each output class could be evaluated to determine the effect of the identified OAuth features. The models developed in this research were trained, tuned and tested. A performance accuracy above 90% was attained for detection of vulnerabilities in the OAuth authentication and authorization flow. Comparison with known vulnerability resulted in a 54% match. [ABSTRACT FROM AUTHOR]

Published

2022

48. Stealing PINs via mobile sensors: actual risk versus user perception

Author

Mehrnezhad, Maryam, Toreini, Ehsan, Shahandashti, Siamak F., and Hao, Feng

Published

2018

49. Supervised machine learning using encrypted training data.

Author

González-Serrano, Francisco-Javier, Amor-Martín, Adrián, and Casamayón-Antón, Jorge

Subjects

DATA encryption, DATA protection, DATA security, CLOUD computing, MACHINE learning

Abstract

Preservation of privacy in data mining and machine learning has emerged as an absolute prerequisite in many practical scenarios, especially when the processing of sensitive data is outsourced to an external third party. Currently, privacy preservation methods are mainly based on randomization and/or perturbation, secure multiparty computations and cryptographic methods. In this paper, we take advantage of the partial homomorphic property of some cryptosystems to train simple machine learning models with encrypted data. Our basic scenario has three parties: multiple Data Owners, which provide encrypted training examples; the Algorithm Owner (or Application), which processes them to adjust the parameters of its models; and a semi-trusted third party, which provides privacy and secure computation services to the Application in some operations not supported by the homomorphic cryptosystem. In particular, we focus on two issues: the use of multiple-key cryptosystems, and the impact of the quantization of real-valued input data required before encryption. In addition, we develop primitives based on the outsourcing of a reduced set of operations that allows to implement general machine learning algorithms using efficient dedicated hardware. As applications, we consider the training of classifiers using privacy-protected data and the tracking of a moving target using encrypted distance measurements. [ABSTRACT FROM AUTHOR]

Published

2018

50. A formalization of card-based cryptographic protocols via abstract machine.

Author

Mizuki, Takaaki and Shizuya, Hiroki

Subjects

MACHINE theory, COMPUTATIONAL intelligence, COMPUTATIONAL learning theory, MACHINE learning, COMPUTER security software, DATA encryption, CRYPTOGRAPHY

Abstract

Consider a face-down card lying on the table such that we do not know whether its suit color is black or red. Then, how do we make identical copies of the card while keeping its color secret? A partial solution has been devised: using a number of additional black and red cards, Niemi and Renvall proposed an excellent protocol which can copy a face-down card while allowing only a small probability of revealing its color. In contrast, this paper shows the nonexistence of a perfect solution, namely, the impossibility of copying a face-down card with perfect secrecy. To prove such an impossibility result, we construct a rigorous mathematical model of card-based cryptographic protocols; giving this general computational model is the main result of this paper. [ABSTRACT FROM AUTHOR]

Published

2014