Your search keyword '"Network Security"' showing total 27,170 results

1. Design of Secure IoMT Networks Using a Federated Learning Approach

Author

Sahu, Hemant, Joshi, N. K., Chande, Swati V., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Goar, Vishal, editor, Kuri, Manoj, editor, Kumar, Rajesh, editor, and Senjyu, Tomonobu, editor

Published

2025

2. A Comparative Analysis of Phishing Tools: Features and Countermeasures

Author

Sahay, Rishikesh, Meng, Weizhi, Li, Wenjuan, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xia, Zhe, editor, and Chen, Jiageng, editor

Published

2025

3. SNIPER: Detect Complex Attacks Accurately from Traffic

Author

Yu, Changlong, Zhang, Bo, Kuang, Boyu, Fu, Anmin, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xia, Zhe, editor, and Chen, Jiageng, editor

Published

2025

4. Integrating Non-encrypted and Encrypted Features for Enhanced Detection of Encrypted Network Attacks

Author

Amamra, Abdelfattah, Khettab, Rym, Mezine, Raissa, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Neri, Filippo, editor, Du, Ke-Lin, editor, San-Blas, Angel-Antonio, editor, and Jiang, Zhiyu, editor

Published

2025

5. A Comparative Evaluation of Machine Learning Techniques for Detecting Malicious Network Traffic

Author

Tayal, Prince, Kumar, Rohan, Hemlata, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Bairwa, Amit Kumar, editor, Tiwari, Varun, editor, Vishwakarma, Santosh Kumar, editor, Tuba, Milan, editor, and Ganokratanaa, Thittaporn, editor

Published

2025

6. Application of Network Security Technology in the Operation Information System of Digital Economy

Author

Wang, Dan, Sun, Xuemei, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Sharma, Bikash, editor, Do, Dinh-Thuan, editor, Sur, Samarendra Nath, editor, and Liu, Chuan-Ming, editor

Published

2025

7. Blockchain-Based Anomaly Detection and Intrusion Prevention in IoT Networks

Author

Ganesh Kumar, G., Kanakaprabha, S., Venu Gopal, Gaddam, Shaik, Riaz, Senthil Kumar, T., Udhaya Kumar, T., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Lin, Frank, editor, Pastor, David, editor, Kesswani, Nishtha, editor, Patel, Ashok, editor, Bordoloi, Sushanta, editor, and Koley, Chaitali, editor

Published

2025

8. Vulnerability Assessment and Penetration Testing of University Network

Author

Khurshudov, Dursun, Imanov, Akif, Nuraliyev, Jamalladdin, Nagiyeva, Malahat, Aliyeva, Samira, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Mammadova, Gulchohra, editor, Aliev, Telman, editor, and Aida-zade, Kamil, editor

Published

2025

9. Classify Me Correctly if You Can: Evaluating Adversarial Machine Learning Threats in NIDS

Author

Rusch, Neea, Akbarfam, Asma Jodeiri, Maleki, Hoda, Agrawal, Gagan, Dorai, Gokila, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

10. Intrusion Tolerance as a Two-Level Game

Author

Hammar, Kim, Stadler, Rolf, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sinha, Arunesh, editor, Fu, Jie, editor, Zhu, Quanyan, editor, and Zhang, Tao, editor

Published

2025

11. Application of Crawler Algorithm for Situational Awareness in Network Security

Author

Jagadish, Sripelli, Madanan, Mukesh, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Kumar, Amit, editor, Gunjan, Vinit Kumar, editor, Senatore, Sabrina, editor, and Hu, Yu-Chen, editor

Published

2025

12. Online Network Intrusion Detection System for IOT Structure Using Machine Learning Techniques

Author

Mahalakshmi, K., Jaison, B., Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Geetha, R., editor, Dao, Nhu-Ngoc, editor, and Khalid, Saeed, editor

Published

2025

13. Importance of Machine Learning and Network Security for Communication Systems

Author

Wahab, Fazal, Hayat, Umar, Khan, Mosa, Ullah, Inam, Yasir, Muhammad, Kumar, Amit, Series Editor, Suganthan, Ponnuthurai Nagaratnam, Series Editor, Haase, Jan, Series Editor, Senatore, Sabrina, Editorial Board Member, Gao, Xiao-Zhi, Editorial Board Member, Mozar, Stefan, Editorial Board Member, Srivastava, Pradeep Kumar, Editorial Board Member, El Hajjami, Salma, editor, Kaushik, Keshav, editor, and Khan, Inam Ullah, editor

Published

2025

14. Building an intrusion detection system on UNSW‐NB15: Reducing the margin of error to deal with data overlap and imbalance.

Author

Zoghi, Zeinab and Serpen, Gursel

Subjects

ANOMALY detection (Computer security), COMPUTER network security, RANDOM forest algorithms, SECURITY classification (Government documents), MACHINE learning, INTRUSION detection systems (Computer security)

Abstract

Summary: This study addresses the challenge of data imbalance and class overlap in machine learning for intrusion detection, proposing that targeted algorithmic adjustments can significantly enhance model performance. Our hypothesis contends that an ensemble framework, adeptly integrating novel threshold‐adjustment algorithms, can improve classification sensitivity and specificity. To test this, we developed an ensemble model comprising Balanced Bagging (BB), eXtreme Gradient Boosting (XGBoost), and Random Forest (RF), fine‐tuned using grid search for BB and XGBoost, and augmented with the Hellinger metric for RF to tackle data imbalance. The innovation lies in our algorithms, which adeptly adjust the discrimination threshold to rectify the class overlap problem, enhancing the model's ability to discern between negative and positive classes. Utilizing the UNSW‐NB15 dataset, we conducted a comparative analysis for binary and multi‐category classification. Our ensemble model achieved a binary classification accuracy of 97.80%, with a sensitivity rate of 98.26% for detecting attacks, and a multi‐category classification accuracy and sensitivity that reached up to 99.73% and 97.24% for certain attack types. These results substantially surpass those of existing models on the same dataset, affirming our model's superiority in dealing with complex data distributions prevalent in network security domains. [ABSTRACT FROM AUTHOR]

Published

2024

15. An improved federated transfer learning model for intrusion detection in edge computing empowered wireless sensor networks.

Author

Raja, L., Sakthi, G., Vimalnath, S., and Subramaniam, Gnanasaravanan

Subjects

CONVOLUTIONAL neural networks, WIRELESS sensor network security, PROCESS capability, DEEP learning, EDGE computing, INTRUSION detection systems (Computer security)

Abstract

Summary: Intrusion Detection (ID) is a critical component in cybersecurity, tasked with identifying and thwarting unauthorized access or malicious activities within networked systems. The advent of Edge Computing (EC) has introduced a paradigm shift, empowering Wireless Sensor Networks (WSNs) with decentralized processing capabilities. However, this transition presents new challenges for ID due to the dynamic and resource‐constrained nature of Edge environments. In response to these challenges, this study presents a pioneering approach: an Improved Federated Transfer Learning Model. This model integrates a pre‐trained ResNet‐18 for transfer learning with a meticulously designed Convolutional Neural Network (CNN), tailored to the intricacies of the NSL‐KDD dataset. The collaborative synergy of these models culminates in an Intrusion Detection System (IDS) with an impressive accuracy of 96.54%. Implemented in Python, the proposed model not only demonstrates its technical prowess but also underscores its practical applicability in fortifying EC‐empowered WSNs against evolving security threats. This research contributes to the ongoing discourse on enhancing cybersecurity measures within emerging computing paradigms. [ABSTRACT FROM AUTHOR]

Published

2024

16. Enhancing network security with hybrid feedback systems in chaotic optical communication.

Author

Ashraf, M. Wasim Abbas, Singh, Arvind R., Pandian, A., Bajaj, Mohit, Zaitsev, Ievgen, and Rathore, Rajkumar Singh

Subjects

*OPTICAL communications, *OPTICAL feedback, *CHAOTIC communication, *CHAOS synchronization, *COMPUTER network protocols

Abstract

This paper presents a pioneering approach to bolstering network security and privacy by implementing chaotic optical communication with a hybrid optical feedback system (HOFS). The current baseline methods in network security are often less feasible for hybrid feedback systems, including limited robustness, compromised security, and synchronization challenges. Therefore, this paper proposes a hybrid approach to address these shortcomings by integrating the HOFS into chaotic optical communication systems (HOFS-COCS) to overcome the baseline challenges. This paper aims to improve network security while significantly maintaining efficient communication channels. Moreover, We designed two algorithms, one for chaotic maps generation and another for text encryption and decryption, to improve security in the hybrid feedback system. Our findings demonstrate through rigorous experimentation and analysis that the proposed (HOFS-COCS) method significantly improves network security by enabling reliable chaos generation, synchronization, and secure message transmission in chaotic optical communication systems. This research represents a significant advancement towards enhanced secrecy and synchronization in chaotic optical communication systems, promising a paradigm shift in network security protocols. [ABSTRACT FROM AUTHOR]

Published

2024

17. Explainable AI-based innovative hybrid ensemble model for intrusion detection.

Author

Ahmed, Usman, Jiangbin, Zheng, Almogren, Ahmad, Khan, Sheharyar, Sadiq, Muhammad Tariq, Altameem, Ayman, and Rehman, Ateeq Ur

Subjects

COMPUTER network traffic, ARTIFICIAL intelligence, COMPUTER networks, COMPUTER network security, FEATURE selection, INTRUSION detection systems (Computer security)

Abstract

Cybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or anomalous behaviour within computer network systems, consequently opposing sensitive information. Traditional IDS approaches often struggle with high false positive rates and the ability to adapt embryonic attack patterns. This work asserts a novel Hybrid Adaptive Ensemble for Intrusion Detection (HAEnID), an innovative and powerful method to enhance intrusion detection, different from the conventional techniques. HAEnID is composed of a string of multi-layered ensemble, which consists of a Stacking Ensemble (SEM), a Bayesian Model Averaging (BMA), and a Conditional Ensemble method (CEM). HAEnID combines the best of these three ensemble techniques for ultimate success in detection with a considerable cut in false alarms. A key feature of HAEnID is an adaptive mechanism that allows ensemble components to change over time as network traffic patterns vary and new threats appear. This way, HAEnID would provide adequate protection as attack vectors change. Furthermore, the model would become more interpretable and explainable using Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed Ensemble model for intrusion detection on CIC-IDS 2017 achieves excellent accuracy (97-98%), demonstrating effectiveness and consistency across various configurations. Feature selection further enhances performance, with BMA-M (20) reaching 98.79% accuracy. These results highlight the potential of the ensemble model for accurate and reliable intrusion detection and, hence, is a state-of-the-art choice for accuracy and explainability. [ABSTRACT FROM AUTHOR]

Published

2024

18. Semi-Supervised Encrypted Malicious Traffic Detection Based on Multimodal Traffic Characteristics.

Author

Liu, Ming, Yang, Qichao, Wang, Wenqing, and Liu, Shengli

Subjects

*SUPERVISED learning, *TRAFFIC monitoring, *COMPUTER network traffic, *COMPUTER network security, *DATA distribution

Abstract

The exponential growth of encrypted network traffic poses significant challenges for detecting malicious activities online. The scale of emerging malicious traffic is significantly smaller than that of normal traffic, and the imbalanced data distribution poses challenges for detection. However, most existing methods rely on single-category features for classification, which struggle to detect covert malicious traffic behaviors. In this paper, we introduce a novel semi-supervised approach to identify malicious traffic by leveraging multimodal traffic characteristics. By integrating the sequence and topological information inherent in the traffic, we achieve a multifaceted representation of encrypted traffic. We design two independent neural networks to learn the corresponding sequence and topological features from the traffic. This dual-feature extraction enhances the model's robustness in detecting anomalies within encrypted traffic. The model is trained using a joint strategy that minimizes both the reconstruction error from the autoencoder and the classification loss, allowing it to effectively utilize limited labeled data alongside a large amount of unlabeled data. A confidence-estimation module enhances the classifier's ability to detect unknown attacks. Finally, our method is evaluated on two benchmark datasets, UNSW-NB15 and CICIDS2017, under various scenarios, including different training set label ratios and the presence of unknown attacks. Our model outperforms other models by 3.49% and 5.69% in F1 score at labeling rates of 1% and 0.1%, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

19. 基于字段感知的文本协议灰盒模糊测试方法.

Author

孙语韬 and 徐向华

Subjects

*CONCEPT learning, *ENCYCLOPEDIAS & dictionaries, *COMPUTER network protocols, *COMPUTER network security

Abstract

The mutation-based grey-box protocol fuzzing methods are convenient and highly scalable. However, they lack the message format information of the protocol under test, resulting in most of the messages in test cases being rejected by the target protocol implementation, severely affecting the testing efficiency. To address this issue, this paper proposed a greybox fuzzing method for text protocol based on field perception. This method incorporated the concept of template learning into mutation-based protocol fuzzing. It used delimiters to segment message fields and utilized a field dictionary to obtain valid values for each field. Subsequently, this paper designed multiple field-level mutation strategies for the segmented messages and calculated the corresponding field mutation energy based on the number of valid values and coverage feedback. Moreover, this approach leveraged the results of message field segmentation to provide a more fine-grained characterization of the protocol implementation state. Experimental results demonstrate that this method can improve the proportion of test cases accepted by the target protocol implementation generated by the classic mutation-based protocol fuzzing framework AFLNET, thereby increasing testing efficiency over five times. It proves that the low acceptance rate of test cases in the commonly used mutation-based protocol fuzzing methods decrease the overall testing efficiency, and increasing the test case acceptance rate can improve the testing efficiency significantly. [ABSTRACT FROM AUTHOR]

Published

2024

20. Machine Learning Using Autoencoder Method: An Application to Detecting Anomalies in Internet Traffic.

Author

Bashurov, Vadim and Safonov, Paul

Abstract

This study presents a method to detect unusual activity in Internet traffic using an autoencoder, a type of neural network. We use the publicly available UNSW-NB15 dataset, which includes network traffic data and labels indicating hacker attacks. The data is processed using an entropy method to prepare it for the autoencoder. Our analysis involves training the autoencoder to reconstruct the input data. By measuring the difference between the original data and the reconstructed data we can identify anomalies. Namely, large differences, or errors, suggest anomalies, which often correspond to malicious activities. This method leverages the autoencoder's ability to learn and represent data efficiently, making it a strong tool for detecting unusual activities, and thus provides a way to enhance network security. [ABSTRACT FROM AUTHOR]

Published

2024

21. A Secure Key Exchange and Authentication Scheme for Securing Communications in the Internet of Things Environment.

Author

Peivandizadeh, Ali, Y. Adarbah, Haitham, Molavi, Behzad, Mohajerzadeh, Amirhossein, and H. Al-Badi, Ali

Subjects

ELLIPTIC curve cryptography, DIGITAL technology, CYBERTERRORISM, INTERNET of things, ELLIPTIC curves

Abstract

In today's advanced network and digital age, the Internet of Things network is experiencing a significant growing trend and, due to its wide range of services and network coverage, has been able to take a special place in today's technology era. Among the applications that can be mentioned for this network are the field of electronic health, smart residential complexes, and a wide level of connections that have connected the inner-city infrastructure in a complex way to make it smart. The notable and critical issue that exists in this network is the extent of the elements that make up the network and, due to this, the strong and massive data exchanges at the network level. With the increasing deployment of the Internet of Things, a wide range of challenges arise, especially in the discussion of establishing network security. Regarding security concerns, ensuring the confidentiality of the data being exchanged in the network, maintaining the privacy of the network nodes, protecting the identity of the network nodes, and finally implementing the security policies required to deal with a wide range of network cyber threats are of great importance. A fundamental element in the security of IoT networks is the authentication process, wherein nodes are required to validate each other's identities to ensure the establishment of secure communication channels. Through the enforcement of security prerequisites, in this study, we suggested a security protocol focused on reinforcing security characteristics and safeguarding IoT nodes. By utilizing the security features provided by Elliptic Curve Cryptography (ECC) and employing the Elliptic Curve Diffie–Hellman (ECDH) key-exchange mechanism, we designed a protocol for authenticating nodes and establishing encryption keys for every communication session within the Internet of Things. To substantiate the effectiveness and resilience of our proposed protocol in withstanding attacks and network vulnerabilities, we conducted evaluations utilizing both formal and informal means. Furthermore, our results demonstrate that the protocol is characterized by low computational and communication demands, which makes it especially well-suited for IoT nodes operating under resource constraints. [ABSTRACT FROM AUTHOR]

Published

2024

22. 多通道10G 网络安全设备的设计与实现.

Author

王硕, 胡现刚, 杨欢, 黄毅龙, and 姬胜凯

Abstract

Copyright of Cyber Security & Data Governance is the property of Editorial Office of Information Technology & Network Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

23. Adaptive Update Distribution Estimation under Probability Byzantine Attack.

Author

Gang Long and Zhaoxin Zhang

Subjects

BINOMIAL distribution, COMPUTER network security, MULTISENSOR data fusion, PARAMETER estimation, ENERGY consumption

Abstract

The secure and normal operation of distributed networks is crucial for accurate parameter estimation. However, distributed networks are frequently susceptible to Byzantine attacks. Considering real-life scenarios, this paper investigates a probability Byzantine (PB) attack, utilizing a Bernoulli distribution to simulate the attack probability. Historically, additional detection mechanisms are used to mitigate such attacks, leading to increased energy consumption and burdens on distributed nodes, consequently diminishing operational efficiency. Differing from these approaches, an adaptive updating distributed estimation algorithm is proposed to mitigate the impact of PB attacks. In the proposed algorithm, a penalty strategy is initially incorporated during data updates to weaken the influence of the attack. Subsequently, an adaptive fusion weight is employed during data fusion to merge the estimations. Additionally, the reason why this penalty term weakens the attack has been analyzed, and the performance of the proposed algorithm is validated through simulation experiments. [ABSTRACT FROM AUTHOR]

Published

2024

24. Harnessing DBSCAN and auto-encoder for hyper intrusion detection in cloud computing.

Author

Kaliyaperumal, Prabu, Periyasamy, Sudhakar, Periyasamy, Muthusamy, and Alagarsamy, Abinaya

Subjects

COMPUTER network traffic, COMPUTER network security, DEEP learning, CLOUD computing, SCALABILITY, DENIAL of service attacks

Abstract

The widespread availability of internet services has led to a surge in network attacks, raising serious concerns about cybersecurity. Intrusion detection systems (IDS) are pivotal in safeguarding networks by identifying malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, probe, remote-to-local, and user-to-root attacks. To counter these threats effectively, this research focuses on utilizing unsupervised learning to train detection models. The proposed method involves employing auto-encoders (AE) for attack detection and densitybased spatial clustering of applications with noise (DBSCAN) for attack clustering. By using preprocessed and unlabeled normal network traffic data, the approach enables the identification of unknown attacks while minimizing the impact of imbalanced training data on model performance. The autoencoder method utilizes the reconstruction error as an anomaly detection metric, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determine cluster count, ensure scalability, and minimize false positives. Tested on standard datasets such as KDDCup99, UNSW-NB15, CICIDS2017, and CSE-CIC-IDS2018, this proposed model achieves accuracies exceeding 98.36%, 98.22%, 98.45%, and 98.51%, respectively. These results demonstrate the effectiveness of unsupervised learning in detecting and clustering novel intrusions while managing imbalanced data. [ABSTRACT FROM AUTHOR]

Published

2024

25. Optimizing intrusion detection in 5G networks using dimensionality reduction techniques.

Author

Salah, Zaher, Elsoud, Esraa, Al-Sit, Waleed, Alhenawi, Esraa, Alshraiedeh, Fuad, and Alshdaifat, Nawaf

Subjects

COMPUTER network traffic, IEEE 802.11 (Standard), COMPUTER network security, CYBERTERRORISM, 5G networks, INTRUSION detection systems (Computer security)

Abstract

The proliferation of internet of things (IoT) technologies has expanded the user base of the internet, but it has also exposed users to increased cyber threats. Intrusion detection systems (IDSs) play a vital role in safeguarding against cybercrimes by enabling early threat response. This research uniquely centers on the critical dimensionality aspects of wireless datasets. This study focuses on the intricate interplay between feature dimensionality and intrusion detection systems. We rely on the renowned IEEE 802.11 security-oriented AWID3 dataset to implement our experiments since AWID was the first dataset created from wireless network traffic and has been developed into AWID3 by capturing and studying traces of a wide variety of attacks sent into the IEEE 802.1X extensible authentication protocol (EAP) environment. This research unfolds in three distinct phases, each strategically designed to enhance the efficacy of our framework, using multinominal class, multi-numeric class, and binary class. The best accuracy achieved was 99% in the three phases, while the lowest accuracy was 89.1%, 60%, and 86.7% for the three phases consecutively. These results offer a comprehensive understanding of the intricate relationship between wireless dataset dimensionality and intrusion detection effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

26. VAE-WACGAN: An Improved Data Augmentation Method Based on VAEGAN for Intrusion Detection.

Author

Tian, Wuxin, Shen, Yanping, Guo, Na, Yuan, Jing, and Yang, Yanqing

Subjects

*GENERATIVE adversarial networks, *COMPUTER network traffic, *DATA augmentation, *DEEP learning, *COMPUTER network security, *INTRUSION detection systems (Computer security)

Abstract

To address the class imbalance issue in network intrusion detection, which degrades performance of intrusion detection models, this paper proposes a novel generative model called VAE-WACGAN to generate minority class samples and balance the dataset. This model extends the Variational Autoencoder Generative Adversarial Network (VAEGAN) by integrating key features from the Auxiliary Classifier Generative Adversarial Network (ACGAN) and the Wasserstein Generative Adversarial Network with Gradient Penalty (WGAN-GP). These enhancements significantly improve both the quality of generated samples and the stability of the training process. By utilizing the VAE-WACGAN model to oversample anomalous data, more realistic synthetic anomalies that closely mirror the actual network traffic distribution can be generated. This approach effectively balances the network traffic dataset and enhances the overall performance of the intrusion detection model. Experimental validation was conducted using two widely utilized intrusion detection datasets, UNSW-NB15 and CIC-IDS2017. The results demonstrate that the VAE-WACGAN method effectively enhances the performance metrics of the intrusion detection model. Furthermore, the VAE-WACGAN-based intrusion detection approach surpasses several other advanced methods, underscoring its effectiveness in tackling network security challenges. [ABSTRACT FROM AUTHOR]

Published

2024

27. Anti-jamming for cognitive radio networks with Stackelberg game-assisted DSSS approach.

Author

Imran, Muhammad, Zhiwen, Pan, Nan, Liu, Sajjad, Muhammad, and Butt, Faisal Mehmood

Subjects

*RADIO networks, *COMPUTER network security, *NASH equilibrium, *RESOURCE allocation, *SIGNALS & signaling

Abstract

The proposed study introduces a novel anti-jamming approach for cognitive radio networks (CRNs) by integrating the Stackelberg game model with direct sequence spread spectrum (DSSS) techniques. This innovative combination enhances the security and performance of CRNs by optimizing resource allocation and fortifying network resilience against jamming attacks. The Stackelberg game model provides a strategic framework where the Defender and Adversary dynamically adjust their strategies to achieve Nash equilibrium, ensuring strategic stability. The application of DSSS further improves signal robustness, mitigating interference from jamming attempts. Simulation results demonstrate significant improvements in network security, resource utilization, and overall performance, validating the efficacy and advantages of the proposed scheme in maintaining reliable communication in the presence of adversarial threats. [ABSTRACT FROM AUTHOR]

Published

2024

28. VGGIncepNet: Enhancing Network Intrusion Detection and Network Security through Non-Image-to-Image Conversion and Deep Learning.

Author

Chen, Jialong, Xiao, Jingjing, and Xu, Jiaxin

Subjects

CONVOLUTIONAL neural networks, COMPUTER network security, FEATURE extraction, LEARNING modules, INTRUSION detection systems (Computer security), DEEP learning, INTERNET of things

Abstract

This paper presents an innovative model, VGGIncepNet, which integrates non-image-to-image conversion techniques with deep learning modules, specifically VGG16 and Inception, aiming to enhance performance in network intrusion detection and IoT security analysis. By converting non-image data into image data, the model leverages the powerful feature extraction capabilities of convolutional neural networks, thereby improving the multi-class classification of network attacks. We conducted extensive experiments on the NSL-KDD and CICIoT2023 datasets, and the results demonstrate that VGGIncepNet outperforms existing models, including BERT, DistilBERT, XLNet, and T5, across evaluation metrics such as accuracy, precision, recall, and F1-Score. VGGIncepNet exhibits outstanding classification performance, particularly excelling in precision and F1-Score. The experimental results validate VGGIncepNet's adaptability and robustness in complex network environments, providing an effective solution for the real-time detection of malicious activities in network systems. This study offers new methods and tools for network security and IoT security analysis, with broad application prospects. [ABSTRACT FROM AUTHOR]

Published

2024

29. Research on Multi-Layer Defense against DDoS Attacks in Intelligent Distribution Networks.

Author

Xu, Kai, Li, Zemin, Liang, Nan, Kong, Fanchun, Lei, Shaobo, Wang, Shengjie, Paul, Agyemang, and Wu, Zhefu

Subjects

POWER distribution networks, DENIAL of service attacks, CONVOLUTIONAL neural networks, RENYI'S entropy, INTELLIGENT networks

Abstract

With the continuous development of new power systems, the intelligence of distribution networks has been increasingly enhanced. However, network security issues, especially distributed denial-of-service (DDoS) attacks, pose a significant threat to the safe operation of distribution networks. This paper proposes a novel DDoS attack defense mechanism based on software-defined network (SDN) architecture, combining Rényi entropy and multi-level convolutional neural networks, and performs fine-grained analysis and screening of traffic data according to the amount of calculation to improve the accuracy of attack detection and response speed. Experimental verification shows that the proposed method excels in various metrics such as accuracy, precision, recall, and F1-score. It demonstrates significant advantages in dealing with different intensities of DDoS attacks, effectively enhancing the network security of user-side devices in power distribution networks. [ABSTRACT FROM AUTHOR]

Published

2024

30. DeepRoughNetID: A Robust Framework for Network Anomaly Intrusion Detection with High Detection Rates.

Author

Nalini, M., Yamini, B., Sinthia, P., and S, Praveena Rachel Kamala

Subjects

*ANOMALY detection (Computer security), *COMPUTER network security, *TELECOMMUNICATION systems, *TELECOMMUNICATION, *INTERNET security, *INTRUSION detection systems (Computer security)

Abstract

Network security faces challenges, including reduced true positives, increased false positives, and inadequate anomaly detection efficacy. This paper introduces the DeepRoughNetID (DRNID) approach to address these issues and confront the increasing cyberattack threat in modern communication systems. DRNID presents an innovative framework for network intrusion detection, incorporating kNNImputer, GreedyRoughSelector, DeepVAEEnsembler, and IntrusionNet components. kNNImputer enables adaptable data preprocessing by leveraging instance-based learning, facilitating efficient handling of evolving datasets without necessitating full retraining. GreedyRoughSelector enhances classifier performance through systematic attribute selection, focusing on relevant features while eliminating redundancies. DeepVAEEnsembler leverages Variational Autoencoders (VAEs) to learn underlying data distributions, enabling robust anomaly detection. IntrusionNet utilizes VAEs to classify intrusions, providing a comprehensive solution to network security challenges. By integrating these components, DRNID offers a refined approach that promises significant advancements in network intrusion detection. The experimental results demonstrate the effectiveness of DRNID, with an impressive accuracy of 98.8% achieved through 10-fold cross-validation. DRNID exhibits superior performance compared to existing methods across various datasets, showcasing its robust anomaly detection capabilities. This methodology empowers organizations to proactively prevent security violations and safeguard sensitive data from malicious entities. Beyond its theoretical contributions, our research carries tangible implications for strengthening cybersecurity defenses across diverse sectors, including telecommunications, finance, and healthcare. [ABSTRACT FROM AUTHOR]

Published

2024

31. Optimizing Network Security with Machine Learning and Multi-Factor Authentication for Enhanced Intrusion Detection.

Author

Mahmood, Rafah Kareem, Mahameed, Ans Ibrahim, Lateef, Noor Q., Jasim, Hasanain M., Radhi, Ahmed Dheyaa, Ahmed, Saadaldeen Rashid, and Tupe-Waghmare, Priyanka

Abstract

This study examines the utilization of machine learning methodologies and multi-factor authentication (MFA) to bolster network security, specifically targeting network intrusion detection. We analyze the way in which the integration of these technologies effectively tackles existing security concerns and constraints. The research highlights the importance of incorporating energy conservation and environmental impact reduction into security solutions, in addition to traditional cryptography and biometric methods. In addition, we tackle the limitations of centralized systems, such as vulnerabilities to security breaches and instances of system failures. The study examines different security models, encompassing categories, frameworks, consensus protocols, applications, services, and deployment goals in order to determine their impact on network security. In addition, we offer a detailed comparison of seven machine learning models, showcasing their effectiveness in enhancing network intrusion detection and overall security. The objective of this study is to provide in-depth understanding and actionable suggestions for utilizing machine learning with MFA (Multi-Factor Authentication) to enhance network defensive tactics. [ABSTRACT FROM AUTHOR]

Published

2024

32. BLSAE-SNIDS: A Bi-LSTM Sparse Autoencoder Framework for Satellite Network Intrusion Detection.

Author

Shi Shuxin, Han Bing, Wu Zhongdai, Han Dezhi, Wu Huafeng, and Mei Xiaojun

Abstract

Due to disparities in tolerance, resource availability, and acquisition of labeled training data between satellite-terrestrial integrated networks (STINs) and terrestrial networks, the application of traditional terrestrial network intrusion detection techniques to satellite networks poses significant challenges. This paper presents a satellite network intrusion detection system named Bi-LSTM sparse selfencoder (BLSAE-SNIDS) to address this issue. Through the development of an innovative unsupervised training Bi-LSTM stacked self-encoder, BLSAE-SNIDS facilitates feature extraction from satellite network traffic, diminishes dimensionality, considerably reduces training and testing durations, and enhances the attack prediction accuracy of the classifier. To assess the efficacy of the proposed model, we conduct comprehensive experiments utilizing STIN and UNSW-NB15 datasets. The results obtained from the STIN dataset demonstrate that BLSAE-SNIDS achieves 99.99% accuracy with reduced computational and transmission overheads alongside enhanced flexibility. Furthermore, results from the UNSW-NB15 dataset exhibit BLSAE-SNIDS’ proficiency in detecting various network intrusion attacks efficiently. These findings indicate that BLSAE-SNIDS suits general satellite security networks and offers a novel approach to designing security systems for polar satellite networks, thus exhibiting practical utility. [ABSTRACT FROM AUTHOR]

Published

2024

33. A Survey of Bug Bounty Programs in Strengthening Cybersecurity and Privacy in the Blockchain Industry.

Author

Arshad, Junaid, Talha, Muhammad, Saleem, Bilal, Shah, Zoha, Zaman, Huzaifa, and Muhammad, Zia

Subjects

BLOCKCHAINS, COMPUTER hackers, INTERNET security, COMPUTER security vulnerabilities, CROWDSOURCING

Abstract

The increasing reliance on computer networks and blockchain technology has led to a growing concern for cybersecurity and privacy. The emergence of zero-day vulnerabilities and unexpected exploits has highlighted the need for innovative solutions to combat these threats. Bug bounty programs have gained popularity as a cost-effective way to crowdsource the task of identifying vulnerabilities, providing a secure and efficient means of enhancing cybersecurity. This paper provides a comprehensive survey of various free and paid bug bounty programs in the computer networks and blockchain industry, evaluating their effectiveness, impact, and credibility. The study explores the structure, incentives, and nature of vulnerabilities uncovered by these programs, as well as their unique value proposition. A comparative analysis is conducted to identify advantages and disadvantages, highlighting the strengths and weaknesses of each program. The paper also examines the role of ethical hackers in bug bounty programs and their contributions to strengthening cybersecurity and privacy. Finally, the study concludes with recommendations for addressing the challenges faced by bug bounty programs and suggests potential future directions to enhance their impact on computer networks and blockchain security. [ABSTRACT FROM AUTHOR]

Published

2024

34. A Network Device Identification Method Based on Packet Temporal Features and Machine Learning.

Author

Hu, Lin, Zhao, Baoqi, and Wang, Guangji

Subjects

COMPUTER network security, DEEP learning, MACHINE learning, FINGERPRINT databases, LABOR costs, BOTNETS, HUMAN fingerprints

Abstract

With the rapid development of the Internet of Things (IoT) technology, the number and types of devices accessing the Internet are increasing, leading to increased network security problems such as hacker attacks and botnets. Usually, these attacks are related to the type of device, and the risk can be effectively reduced if the type of network device can be efficiently identified and controlled. The traditional network device identification method uses active detection technology to obtain information about the device and match it with a manually defined fingerprint database to achieve network device identification. This method impacts the smoothness of the network and requires the manual establishment of fingerprint libraries, which imposes a large labor cost but only achieves a low identification efficiency. The traditional machine learning method only considers the information of individual packets; it does not consider the timing relationship between packets, and the recognition effect is poor. Based on the above research, in this paper, we considered the packet temporal relationship, proposed the TCN model of the Inception structure, extracted the packet temporal relationship, and designed a multi-head self-attention mechanism to fuse the features to generate device fingerprints for device identification. Experiments were conducted on the publicly available UNSW dataset, and the results showed that this method achieved notable improvements compared to the traditional machine learning method, with F1 reaching 96.76%. [ABSTRACT FROM AUTHOR]

Published

2024

35. Machine Learning Enabled Novel Real-Time IoT Targeted DoS/DDoS Cyber Attack Detection System.

Author

Alabdulatif, Abdullah, Thilakarathne, Navod Neranjan, and Aashiq, Mohamed

Subjects

DENIAL of service attacks, COMPUTER network traffic, CYBERTERRORISM, COMPUTER network security, PARTICLE swarm optimization, FEATURE selection

Abstract

The increasing prevalence of Internet of Things (IoT) devices has introduced a new phase of connectivity in recent years and, concurrently, has opened the floodgates for growing cyber threats. Among the myriad of potential attacks, Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic. As IoT devices often lack the inherent security measures found in more mature computing platforms, the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves. In this study, we investigate the effectiveness of three machine learning (ML) algorithms: extreme gradient boosting (XGB), multilayer perceptron (MLP) and random forest (RF), for the detection of IoT-targeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing state-of-the-art, and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks. The CICIoT2023 dataset was derived from the latest real-world IoT traffic, incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering, the data was fed into our models for both training and validation, where findings suggest that while all three models exhibit commendable accuracy in detecting DoS/DDoS attacks, the use of particle swarm optimization (PSO) for feature selection has made great improvements in the performance (accuracy, precsion recall and F1-score of 99.93% for XGB) of the ML models and their execution time (491.023 sceonds for XGB) compared to recursive feature elimination (RFE) and random forest feature importance (RFI) methods. The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time. This involves employing the best-performing ML algorithm for detection and the integration of warning mechanisms. We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments. [ABSTRACT FROM AUTHOR]

Published

2024

36. Research on intent-driven resilience network security.

Author

SONG Yanbo, GAO Xianming, YANG Chungang, and LI Pengcheng

Subjects

INTERNET security

Abstract

In the future, network will necessitate flexible, resilient, and scalable frameworks to accommodate evolving and diverse services. Intent-driven network provides a practical and feasible new idea for addressing this challenge. Specifically, intent-driven loop allows network administrators to focus less on intricate configuration details and more on expressing service requirements, facilitating autonomous and reliable services. Firstly, this work analyzes new challenges emerging in the field of cybersecurity. Subsequently, it introduces the methodology and key technologies of intent-driven network, proposing a lifecyle intent-driven architecture based on intent-driven network. Secondly, a method of reasoning for resilience strategies in introduced in intent-driven network security services. The practical application of intent-driven network involves the generation, transition, policy formulation, and deployment of intents, thereby ensuring the continuous online availability of network services even in the event of network failures. This reflects the entire lifecyle of an intent-driven network. [ABSTRACT FROM AUTHOR]

Published

2024

37. Increasing the Security of Network Data Transmission with a Configurable Hardware Firewall Based on Field Programmable Gate Arrays.

Author

Grossi, Marco, Alfonsi, Fabrizio, Prandini, Marco, and Gabrielli, Alessandro

Subjects

FIELD programmable gate arrays, COMPUTER network traffic, COMPUTER network security, SECURITY classification (Government documents), DATA transmission systems

Abstract

One of the most common mitigations against network-borne security threats is the deployment of firewalls, i.e., systems that can observe traffic and apply rules to let it through if it is benign or drop packets that are recognized as malicious. Cheap and open-source (a feature that is greatly appreciated in the security world) software solutions are available but may be too slow for high-rate channels. Hardware appliances are efficient but opaque and they are often very expensive. In this paper, an open-hardware approach is proposed for the design of a firewall, implemented on off-the-shelf components such as an FPGA (the Xilinx KC705 development board), and it is tested using controlled Ethernet traffic created with a packet generator as well as with real internet traffic. The proposed system can filter packets based on a set of rules that can use the whitelist or blacklist approach. It generates a set of statistics, such as the number of received/transmitted packets and the amount of received/transmitted data, which can be used to detect potential anomalies in the network traffic. The firewall has been experimentally validated in the case of a network data throughput of 1 Gb/s, and preliminary simulations have shown that the system can be upgraded with minor modifications to work at 10 Gb/s. Test results have shown that the proposed firewall features a latency of 627 ns and a maximum data throughput of 0.982 Gb/s. [ABSTRACT FROM AUTHOR]

Published

2024

38. Enhancing network security with hybrid feedback systems in chaotic optical communication

Author

M. Wasim Abbas Ashraf, Arvind R. Singh, A. Pandian, Mohit Bajaj, Ievgen Zaitsev, and Rajkumar Singh Rathore

Subjects

Hybrid optical feedback system, Chaotic optical communication, Network security, Protocols, Medicine, Science

Abstract

Abstract This paper presents a pioneering approach to bolstering network security and privacy by implementing chaotic optical communication with a hybrid optical feedback system (HOFS). The current baseline methods in network security are often less feasible for hybrid feedback systems, including limited robustness, compromised security, and synchronization challenges. Therefore, this paper proposes a hybrid approach to address these shortcomings by integrating the HOFS into chaotic optical communication systems (HOFS-COCS) to overcome the baseline challenges. This paper aims to improve network security while significantly maintaining efficient communication channels. Moreover, We designed two algorithms, one for chaotic maps generation and another for text encryption and decryption, to improve security in the hybrid feedback system. Our findings demonstrate through rigorous experimentation and analysis that the proposed (HOFS-COCS) method significantly improves network security by enabling reliable chaos generation, synchronization, and secure message transmission in chaotic optical communication systems. This research represents a significant advancement towards enhanced secrecy and synchronization in chaotic optical communication systems, promising a paradigm shift in network security protocols.

Published

2024

39. Explainable AI-based innovative hybrid ensemble model for intrusion detection

Author

Usman Ahmed, Zheng Jiangbin, Ahmad Almogren, Sheharyar Khan, Muhammad Tariq Sadiq, Ayman Altameem, and Ateeq Ur Rehman

Subjects

Stacking ensemble, Bayesian model averaging, Conditional ensemble method, Machine learning, Explainable AI, Network security, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Cybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or anomalous behaviour within computer network systems, consequently opposing sensitive information. Traditional IDS approaches often struggle with high false positive rates and the ability to adapt embryonic attack patterns. This work asserts a novel Hybrid Adaptive Ensemble for Intrusion Detection (HAEnID), an innovative and powerful method to enhance intrusion detection, different from the conventional techniques. HAEnID is composed of a string of multi-layered ensemble, which consists of a Stacking Ensemble (SEM), a Bayesian Model Averaging (BMA), and a Conditional Ensemble method (CEM). HAEnID combines the best of these three ensemble techniques for ultimate success in detection with a considerable cut in false alarms. A key feature of HAEnID is an adaptive mechanism that allows ensemble components to change over time as network traffic patterns vary and new threats appear. This way, HAEnID would provide adequate protection as attack vectors change. Furthermore, the model would become more interpretable and explainable using Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed Ensemble model for intrusion detection on CIC-IDS 2017 achieves excellent accuracy (97-98%), demonstrating effectiveness and consistency across various configurations. Feature selection further enhances performance, with BMA-M (20) reaching 98.79% accuracy. These results highlight the potential of the ensemble model for accurate and reliable intrusion detection and, hence, is a state-of-the-art choice for accuracy and explainability.

Published

2024

40. Enhanced anomaly detection in network security: a comprehensive ensemble approach

Author

Rashmikiran Pandey, Mrinal Pandey, and Alexey N. Nazarov

Subjects

anomaly detection, bagging and boosting, ensemble approach, network security, neural network, Optics. Light, QC350-467, Electronic computers. Computer science, QA75.5-76.95

Abstract

Detection and handling of anomalous behavior in the network systems are peremptory efforts to ensure security for vulnerable infrastructures amidst the dynamic context of cybersecurity. In this paper, we propose an ensemble machine learning model architecture that leverages the strengths of XGBoost, Gradient Boosting, Random Forest, and Support Vector Machine models to identify anomalies in the dataset. This method utilizes an ensemble of these models with weighted voting based on accuracy to enhance anomaly detection for robust and adaptive real-world network security. The proposed ensemble learning model is evaluated on standard metrics and demonstrates exceptional efficacy, achieving an impressive accuracy of 99.68 % on NSL KDD dataset. This remarkable performance extends the model prowess in discerning anomalies within network traffic showcasing its potential as a robust tool for enhancing cybersecurity measures against evolving threats.

Published

2024

41. Anti-jamming for cognitive radio networks with Stackelberg game-assisted DSSS approach

Author

Muhammad Imran, Pan Zhiwen, Liu Nan, Muhammad Sajjad, and Faisal Mehmood Butt

Subjects

Cognitive radio networks, Resource allocation, Network security, Anti-jamming, DSSS, Stackelberg game, Telecommunication, TK5101-6720, Electronics, TK7800-8360

Abstract

Abstract The proposed study introduces a novel anti-jamming approach for cognitive radio networks (CRNs) by integrating the Stackelberg game model with direct sequence spread spectrum (DSSS) techniques. This innovative combination enhances the security and performance of CRNs by optimizing resource allocation and fortifying network resilience against jamming attacks. The Stackelberg game model provides a strategic framework where the Defender and Adversary dynamically adjust their strategies to achieve Nash equilibrium, ensuring strategic stability. The application of DSSS further improves signal robustness, mitigating interference from jamming attempts. Simulation results demonstrate significant improvements in network security, resource utilization, and overall performance, validating the efficacy and advantages of the proposed scheme in maintaining reliable communication in the presence of adversarial threats.

Published

2024

42. Rivest-Shamir-Adleman Algorithm Optimized to Protect IoT Devices from Specific Attacks

Author

R. Rita Jenifer and V. Sinthu Janita Prakash

Subjects

internet-of-things (iot), network security, fuzzy anomaly detection, naïve bayes classification, rsa, Electronic computers. Computer science, QA75.5-76.95

Abstract

IoT devices are crucial in this modern world in many ways, as they provide support for environmental sensing, automation, and responsible resource conservation. The immense presence of IoT devices in everyday life is inevitable in the smart world. The predominant usage of IoT devices lurks the prying eyes of intentional hackers. Though there are several precautionary security systems and protocols available for generic wireless networks, it is observed that there is a need to formulate a state-of-the-art security mechanism exclusively for IoT network environments. This work is submitted here for the betterment of IoT network security. Three dedicated contributions are integrated in this work to achieve higher security scores in IoT network environments. Fast Fuzzy Anomaly Detector, Legacy Naïve Bayes Attack Classifiers, and Variable Security Schemer of Rivest-Shamir-Adleman algorithm are the novel modules introduced in this work abbreviated as ASORI. Captivating the advantages of the onboard IoT certification mechanism and selecting a dynamic security strategy are the novelties introduced in this work. ASORI model is tested with industrial standard network simulator OPNET to ensure the improved security along with vital network performance parameter betterments.

Published

2024

43. Exploiting TTPs to Design an Extensible and Explainable Malware Detection System

Author

Yashovardhan Sharma, Simon Birnbach, and Ivan Martinovic

Subjects

Malware, Intrusion Detection, Network Security, MI, Electronic computers. Computer science, QA75.5-76.95

Abstract

In recent years, numerous sophisticated malware detection systems have been proposed, many of which are based on machine learning. Though such systems attain impressive results, they are often designed having effectiveness as the main, if not only, requirement. As a result, the effectiveness of such systems, especially if based on deep learning models, often comes with (i) poor extensibility, being very difficult to adapt and/or extend to other settings, and (ii) poor explainability, since it is often not possible for humans to understand the reasons behind the model’s predictions, making further analysis of threats a challenge. In this paper we show how it is possible to design an extensible and explainable yet effective malware detection system. Extensibility is obtained thanks to the exploitation of TTPs (Tactics, Techniques, and Procedures) from the popular MITRE ATT&CK framework, which is an ontology of adversarial behaviour that allows us to divide the general problem of malware detection into the smaller problems of detecting the different types of malicious activity that can be carried out. Explainability is obtained by returning (i) which TTPs have been detected and are responsible for the classification of the entire behaviour as malicious, and (ii) why such TTPs have been classified as malicious. To demonstrate the viability of this approach we implement these ideas in a system called RADAR. We evaluate RADAR on a very large dataset comprising of 2,286,907 malicious and benign samples, representing a total of 84,792,452 network flows. The experimental analysis confirms that the proposed methodology can be effectively exploited: RADAR’s ability to detect malware is comparable to other state-of-the-art non-interpretable systems’ capabilities. To the best of our knowledge, RADAR is the first TTP-based system for malware detection that uses machine learning while being extensible and explainable.

Published

2024

44. Editorial: Fighting Cybersecurity Risks from a Multidisciplinary Perspective

Author

Steffen Wendzel, Aleksandra Mileva, Virginia N. L. Franqueira, and Martin Gilje Jaatun

Subjects

Cyber Security, Network Security, Cyber Law, Infor, Electronic computers. Computer science, QA75.5-76.95

Abstract

Digitization, powered by the Internet, artificial intelligence, inter-operabile data formats and communication standards, high-bandwidth mobile technology, and nano-technology, allows for an increasing number of new services that are tailored to the particular demands of end-users, industry and government organizations.However, these new digital services have also become the major focus of cyber-crime. Whereas traditional research mostly covered pure technical aspects of cybercrime, it is becoming increasingly important to address cybercrime and cybersecurity in a multidisciplinary fashion, including legal, behavioral, technical and sociological aspects.This special issue aims to offer a mixture of selected extended versions of papers presented at the European Interdisciplinary Cybersecurity Conference (EICC’23), which took place in Stavanger, Norway, as well as submissions from an open call. We considered papers dealing with the above-mentioned risks and problems, new challenges, interdisciplinary issues, and innovative multidisciplinary solutions (defense mechanisms, methods, and countermeasures) for promoting cybersecurity in the cyberspace.Overall, we received 15 submissions. Each accepted paper received at least three reviews. After a first round of reviews, eight where rejected. The remaining seven papers underwent another round of reviews (five papers underwent a major revision and only two papers were scheduled to undergo a minor revision). Finally, the authors of these seven papers adequately addressed the reviewers’ comments and they thus have been accepted for inclusion in this special issue. We like to thank all authors who submitted their work to this special issue and all reviewers for their contributions. Further, we like to thank the J.UCS team for accepting our special issue for inclusion in their journal. We hope that all readers will enjoy this special issue.

Published

2024

45. E-GRACL: an IoT intrusion detection system based on graph neural networks.

Author

Lin, Lieqing, Zhong, Qi, Qiu, Jiasheng, and Liang, Zhenyu

Abstract

With the advancement of Internet of Things (IoT) technology, IoT systems have been widely infiltrating and deployed on a large scale globally. Consequently, network attacks on IoT devices and the intermediary communication media have increased significantly, making the focus on IoT network security particularly important. This paper introduces a novel IoT Network Intrusion Detection System (NIDS) based on Graph Neural Networks (GNNs). GNNs leverage the topological structure of graph-based data to build correlations between traffic flows. The data can be represented in a flow-based form, where such data can construct a graph’s network structure representation based on source and destination addresses. This paper proposes a new improved GNN, incorporating global attention mechanisms and local gating mechanisms into the edge-based graph neural network model GraphSAGE, improving the sampling strategy of graph embeddings. Then, graph contrastive learning is applied to enhance feature representation, capturing edge features and topological information of the graph more comprehensively, achieving IoT network intrusion detection. We call this method E-GRACL (Edge-based GraphSAGE with residual connections, global attention, gating mechanisms, and contrastive learning). Our method applies GNN to the problem of IoT network intrusion detection using flow-based data. We conducted extensive experimental evaluations on three recent benchmark datasets, and the results demonstrate that our method has certain advantages in both binary and multi-class classification metrics, proving the great potential of GNN in IoT intrusion detection. [ABSTRACT FROM AUTHOR]

Published

2025

46. Deep learning based network intrusion detection system: a systematic literature review and future scopes.

Author

Yogesh and Goyal, Lalit Mohan

Subjects

*CONVOLUTIONAL neural networks, *COMPUTER network traffic, *DEEP learning, *COMPUTER network security, *MACHINE learning

Abstract

With the immense growth of the internet, sensitive, confidential, important corporate and individual data passing through the internet has grown rapidly. Due to the limitation of security systems, potential hackers and attackers have possessed vulnerabilities and attacks for intruding into the network to gain confidential and sensitive information to affect the performance of networks by breaching network confidentiality. Thereby, to counterfeit these attacks and abnormal behaviors, a network intrusion detection system (NIDS), acts as a crucial branch of cybersecurity for analysis and monitoring the network traffic regularly to report and detect abnormal and malicious activities in a network. Currently, various reviews and survey papers have covered various techniques for NIDS, out of which, mostly followed a non-systematic way of approach without an in-depth analysis of techniques and evaluation metrics used by deep learning(DL) based NIDS models. In addition, various reviews focused on machine learning (ML) and DL-based methodology, but with less emphasis on DL techniques (i.e. AE, CNN, DNN, DBN, RNN, and Hybrid DL) based classification. Thereby, the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology was used to accomplish this work by providing a comprehensive and detailed overview of DL-based NIDS. Research papers for this work were collected from five well-known databases (ScienceDirect, IEEE, Hindawi, SpringerNature, and MDPI) which were cut among several reputable conference proceedings and reputable journals. Across the 750 articles identified in the literature, 72 research papers were finally marked and selected for synthesis and analysis to find the answers to research questions. In addition, we identified various potential research challenges in the current domain based on research findings. Lastly, to design an efficient NIDS, we concluded our study by identifying high-impact and promising future research areas in the NIDS domain. [ABSTRACT FROM AUTHOR]

Published

2024

47. Anomaly detection system based on deep learning for cyber physical systems on sensory and network datasets.

Author

Almendli, Muhammed and Mohasefi, Jamshid Bagherzadeh

Subjects

ARTIFICIAL neural networks, CONVOLUTIONAL neural networks, CYBER physical systems, COMPUTER systems, ANOMALY detection (Computer security), DEEP learning

Abstract

Cyber-physical systems (CPSs), a type of computing system integrated with physical devices, are widely used in many areas such as manufacturing, traffic control, and energy. The integration of CPS and networks has expanded the range of cyber threats. Intrusion detection systems (IDSs), use signature based and machine learning based techniques to protect networks, against threats in CPSs. Water purifying plants are among the important CPSs. In this context some research uses a dataset obtained from secure water treatment (SWaT) an operational water treatment testbed. These works usually focus solely on sensory dataset and omit the analysis of network dataset, or they focus on network information and omit sensory data. In this paper we work on both datasets. We have created IDSs using five traditional machine learning techniques, decision tree, support vector machine (SVM), random forest, naïve Bayes, and artificial neural network along with two deep methods, deep neural network, and convolutional neural network. We experimented with IDSs, on three different datasets obtained from SWaT, including network data, sensory data, and Modbus data. The accuracies of proposed methods show higher values on all datasets especially on sensory (99.9%) and Modbus data (95%) and superiority of random forest and deep learning methods compared to others. [ABSTRACT FROM AUTHOR]

Published

2024

48. The impact of blockchain and artificial intelligence technologies in network security for e-voting.

Author

Ainur, Jumagaliyeva, Gulzhan, Muratova, Amandos, Tulegulov, Venera, Rystygulova, Bulat, Serimbetov, Zauresh, Yersultanova, and Aizhan, Shegetayeva

Subjects

ARTIFICIAL intelligence, ELECTRONIC voting, COMPUTER network security, CYBERTERRORISM, MACHINE learning

Abstract

This study explored the integration of blockchain and artificial intelligence technologies to enhance the security framework of electronic voting (e-voting) systems. Amid increasing vulnerabilities and cyber threats to electoral integrity, these technologies provided robust solutions by ensuring the immutability of voting records and enabling real-time anomaly detection. Blockchain technology secured votes in a decentralized, tamper-proof ledger, preventing unauthorized modifications, and enhancing transparency. Concurrently, artificial intelligence leveraged predictive analytics to dynamically monitor and respond to potential security threats, thereby ensuring the reliability and integrity of the voting process. This paper presented a dual-technology approach where blockchain's transparency complemented artificial intelligence's (AI) threat detection capabilities, providing a comprehensive security solution for e-voting systems. Through theoretical models and empirical data, we demonstrated significant improvements in transaction throughput, threat detection accuracy, and system scalability. The findings suggested that the strategic application of these technologies could substantially mitigate current e-voting vulnerabilities, offering a pathway to more secure, transparent, and efficient electoral processes globally. [ABSTRACT FROM AUTHOR]

Published

2024

49. Game theory in network security for digital twins in industry

Author

Hailin Feng, Dongliang Chen, Haibin Lv, and Zhihan Lv

Subjects

Digital twins, Industrial internet of things, Network security, Game theory, Attack and defense, Information technology, T58.5-58.64

Abstract

To ensure the safe operation of industrial digital twins network and avoid the harm to the system caused by hacker invasion, a series of discussions on network security issues are carried out based on game theory. From the perspective of the life cycle of network vulnerabilities, mining and repairing vulnerabilities are analyzed by applying evolutionary game theory. The evolution process of knowledge sharing among white hats under various conditions is simulated, and a game model of the vulnerability patch cooperative development strategy among manufacturers is constructed. On this basis, the differential evolution is introduced into the update mechanism of the Wolf Colony Algorithm (WCA) to produce better replacement individuals with greater probability from the perspective of both attack and defense. Through the simulation experiment, it is found that the convergence speed of the probability (X) of white Hat 1 choosing the knowledge sharing policy is related to the probability (x0) of white Hat 2 choosing the knowledge sharing policy initially, and the probability (y0) of white hat 2 choosing the knowledge sharing policy initially. When y0 ​= ​0.9, X converges rapidly in a relatively short time. When y0 is constant and x0 is small, the probability curve of the “cooperative development” strategy converges to 0. It is concluded that the higher the trust among the white hat members in the temporary team, the stronger their willingness to share knowledge, which is conducive to the mining of loopholes in the system. The greater the probability of a hacker attacking the vulnerability before it is fully disclosed, the lower the willingness of manufacturers to choose the ''cooperative development'' of vulnerability patches. Applying the improved wolf colony-co-evolution algorithm can obtain the equilibrium solution of the ''attack and defense game model'', and allocate the security protection resources according to the importance of nodes. This study can provide an effective solution to protect the network security for digital twins in the industry.

Published

2024

50. Network Security Challenges and Countermeasures for Software-Defined Smart Grids: A Survey

Author

Dennis Agnew, Sharon Boamah, Arturo Bretas, and Janise McNair

Subjects

smart grid, software-defined networking, network security, cybersecurity, Engineering (General). Civil engineering (General), TA1-2040

Abstract

The rise of grid modernization has been prompted by the escalating demand for power, the deteriorating state of infrastructure, and the growing concern regarding the reliability of electric utilities. The smart grid encompasses recent advancements in electronics, technology, telecommunications, and computer capabilities. Smart grid telecommunication frameworks provide bidirectional communication to facilitate grid operations. Software-defined networking (SDN) is a proposed approach for monitoring and regulating telecommunication networks, which allows for enhanced visibility, control, and security in smart grid systems. Nevertheless, the integration of telecommunications infrastructure exposes smart grid networks to potential cyberattacks. Unauthorized individuals may exploit unauthorized access to intercept communications, introduce fabricated data into system measurements, overwhelm communication channels with false data packets, or attack centralized controllers to disable network control. An ongoing, thorough examination of cyber attacks and protection strategies for smart grid networks is essential due to the ever-changing nature of these threats. Previous surveys on smart grid security lack modern methodologies and, to the best of our knowledge, most, if not all, focus on only one sort of attack or protection. This survey examines the most recent security techniques, simultaneous multi-pronged cyber attacks, and defense utilities in order to address the challenges of future SDN smart grid research. The objective is to identify future research requirements, describe the existing security challenges, and highlight emerging threats and their potential impact on the deployment of software-defined smart grid (SD-SG).

Published

2024