Your search keyword '"Network Traffic"' showing total 1,579 results

1. The strategy of differential pricing and network utilization: evidence from India’s telecommunications sector

Author

Sengupta, Tapas and Datta Chaudhuri, Dipayan

Published

2024

2. Performance Analysis of Anomaly-Based Network Intrusion Detection Using Feature Selection and Machine Learning Techniques.

Author

Seniaray, Sumedha and Jindal, Rajni

Subjects

MACHINE learning, FEATURE selection, COMPUTER network traffic, SYSTEMS availability, COMPUTER network security, INTRUSION detection systems (Computer security)

Abstract

Data and information, being a critical part of the Internet, are vital to network security. Intrusion Detection System (IDS) is required to preserve confidentiality, data integrity, and system availability from attacks. IDS collects network data from various places that may contain features that are redundant and irrelevant, leading to an increase in processing time and low detection rate. This study proposes a three-phase network-based IDS to counter this issue. Initially, network data is captured and preprocessed. In the second phase, we perform feature extraction, selection, and ranking to obtain the optimal feature set. A novel Dynamic Mutual Information-based Genetic Algorithm for feature selection (DMI-GA), aiming to enhance the performance of machine learning (ML) techniques by identifying an optimal set of features, is also proposed in this work. Finally, well-known ML models are employed to detect intrusions within this refined set of network traffic features. Experimental results demonstrate a significant improvement in detection accuracy when the ML models are trained and tested on an optimal set of features. It is also observed that DMI-GA combined with the Random Forest classifier, achieves the highest detection accuracy of 99.94%, surpassing the performance of existing state-of-the-art anomaly-based network intrusion detection systems. A comprehensive statistical analysis of these ML methods is also conducted using 10-fold and Leave-One-Out cross-validation strategies, as it mitigates overfitting and offers a thorough evaluation of the model's performance, resulting in an average accuracy of 99.91%. [ABSTRACT FROM AUTHOR]

Published

2024

3. An Approach for Anomaly Detection in Network Communications Using k-Path Analysis.

Author

Kasse, Mamadou, Charrier, Rodolphe, Berred, Alexandre, Bertelle, Cyrille, and Delpierre, Christophe

Subjects

ANOMALY detection (Computer security), PATH analysis (Statistics), INTERNET security, MAXIMUM likelihood statistics, TIME series analysis, MARKOV processes

Abstract

In this paper, we present an innovative approach inspired by the Path-scan model to detect paths with k adjacent edges (k-path) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable k-path in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the Path-scan model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable k-path, enabling the accurate detection of anomalies on the k-path. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems. [ABSTRACT FROM AUTHOR]

Published

2024

4. Analysis of Ethernet Traffic Patterns on NTP Servers at CSIR NPL.

Author

Mounabhargav, Praveen, Yadav, Divya Singh, Sharma, Deepak, and Agarwal, Ashish

Abstract

Network Time Protocol (NTP) servers are specialized timekeeping devices that provide synchronized and accurate time information to networked devices, ensuring precise coordination and reliability in various critical applications. CSIR-NPL is the National Metrology Institute of India which has the responsibility of time dissemination to the nation. Network time dissemination is one of the services which provide the time synchronization facility over the network via NTP servers. These NTP servers are designated as stratum 1 NTP servers in the network hierarchy as they are taking time from the authoritative atomic clock. NTP servers at CSIR-NPL are available in public domain for time dissemination. Many critical stakeholders such as internet service providers, data centres, various government organizations are the primary customers of CSIR-NPL for time services over the network. Hence, to understand the traffic dynamics coming towards the NTP servers is essential. This study aims to analyze Ethernet traffic patterns directed towards NTP servers at CSIR NPL using open-source monitoring software, i.e., Zabbix and Grafana. The study captures Ethernet traffic throughput in bits per second (bps) coming on NTP servers located at CSIR-NPL. These NTP servers are part of stacks of NTP servers responsible for disseminating Indian Standard Time over the internet. The study involves an investigation of Ethernet throughput to understand the NTP requests (packets per second) arriving for time synchronization and the pattern of incoming NTP request traffic on these servers. To evaluate NTP requests from Ethernet throughput, the conversion of Ethernet traffic from bps to packets per second (pps) is done and validation of the captured Ethernet throughput with actual traffic values obtained from the OEM software is accomplished. The investigation further explores incoming NTP traffic patterns and identifies regions where traffic reaches maximum and minimum loads, as well as its respective peaks and troughs, utilizing 5-day Ethernet datasets. The Savitzky–Golay filter is employed for data smoothing, and the gradient of the smoothed data is calculated to determine distinct regions of the traffic pattern. The results provide a comprehensive understanding of the traffic behaviour directed towards NTP servers for time synchronization, enabling the monitoring of anomalies associated with cybersecurity and contributing to the optimization of network resource allocation. [ABSTRACT FROM AUTHOR]

Published

2024

5. An Approach for Anomaly Detection in Network Communications Using k-Path Analysis

Author

Mamadou Kasse, Rodolphe Charrier, Alexandre Berred, Cyrille Bertelle, and Christophe Delpierre

Subjects

cybersecurity, cyberattacks, Markovian model, generalized maximum likelihood ratio, computer networks, network traffic, Technology (General), T1-995

Abstract

In this paper, we present an innovative approach inspired by the Path-scan model to detect paths with k adjacent edges (k-path) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable k-path in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the Path-scan model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable k-path, enabling the accurate detection of anomalies on the k-path. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems.

Published

2024

6. Network traffic prediction model based on linear and nonlinear model combination

Author

Lian Lian

Subjects

combined prediction, improved slime mold algorithm, linear model, network traffic, nonlinear model, Telecommunication, TK5101-6720, Electronics, TK7800-8360

Abstract

We propose a network traffic prediction model based on linear and nonlinear model combination. Network traffic is modeled by an autoregressive moving average model, and the error between the measured and predicted network traffic values is obtained. Then, an echo state network is used to fit the prediction error with nonlinear components. In addition, an improved slime mold algorithm is proposed for reservoir parameter optimization of the echo state network, further improving the regression performance. The predictions of the linear (autoregressive moving average) and nonlinear (echo state network) models are added to obtain the final prediction. Compared with other prediction models, test results on two network traffic datasets from mobile and fixed networks show that the proposed prediction model has a smaller error and difference measures. In addition, the coefficient of determination and index of agreement is close to 1, indicating a better data fitting performance. Although the proposed prediction model has a slight increase in time complexity for training and prediction compared with some models, it shows practical applicability.

Published

2024

7. Unveiling Malicious Network Flows Using Benford's Law.

Author

Fernandes, Pedro, Ciardhuáin, Séamus Ó, and Antunes, Mário

Subjects

*BENFORD'S law (Statistics), *COMPUTER network security, *BAYES' theorem, *COMPUTER network traffic, *TRAFFIC flow

Abstract

The increasing proliferation of cyber-attacks threatening the security of computer networks has driven the development of more effective methods for identifying malicious network flows. The inclusion of statistical laws, such as Benford's Law, and distance functions, applied to the first digits of network flow metadata, such as IP addresses or packet sizes, facilitates the detection of abnormal patterns in the digits. These techniques also allow for quantifying discrepancies between expected and suspicious flows, significantly enhancing the accuracy and speed of threat detection. This paper introduces a novel method for identifying and analyzing anomalies within computer networks. It integrates Benford's Law into the analysis process and incorporates a range of distance functions, namely the Mean Absolute Deviation (MAD), the Kolmogorov–Smirnov test (KS), and the Kullback–Leibler divergence (KL), which serve as dispersion measures for quantifying the extent of anomalies detected in network flows. Benford's Law is recognized for its effectiveness in identifying anomalous patterns, especially in detecting irregularities in the first digit of the data. In addition, Bayes' Theorem was implemented in conjunction with the distance functions to enhance the detection of malicious traffic flows. Bayes' Theorem provides a probabilistic perspective on whether a traffic flow is malicious or benign. This approach is characterized by its flexibility in incorporating new evidence, allowing the model to adapt to emerging malicious behavior patterns as they arise. Meanwhile, the distance functions offer a quantitative assessment, measuring specific differences between traffic flows, such as frequency, packet size, time between packets, and other relevant metadata. Integrating these techniques has increased the model's sensitivity in detecting malicious flows, reducing the number of false positives and negatives, and enhancing the resolution and effectiveness of traffic analysis. Furthermore, these techniques expedite decisions regarding the nature of traffic flows based on a solid statistical foundation and provide a better understanding of the characteristics that define these flows, contributing to the comprehension of attack vectors and aiding in preventing future intrusions. The effectiveness and applicability of this joint method have been demonstrated through experiments with the CICIDS2017 public dataset, which was explicitly designed to simulate real scenarios and provide valuable information to security professionals when analyzing computer networks. The proposed methodology opens up new perspectives in investigating and detecting anomalies and intrusions in computer networks, which are often attributed to cyber-attacks. This development culminates in creating a promising model that stands out for its effectiveness and speed, accurately identifying possible intrusions with an F1 of nearly 80 % , a recall of 99.42 % , and an accuracy of 65.84 % . [ABSTRACT FROM AUTHOR]

Published

2024

8. NMal-Droid: network-based android malware detection system using transfer learning and CNN-BiGRU ensemble.

Author

Ullah, Farhan, Ullah, Shamsher, Srivastava, Gautam, Lin, Jerry Chun-Wei, and Zhao, Yue

Subjects

*CONVOLUTIONAL neural networks, *COMPUTER network traffic, *ARTIFICIAL intelligence, *MALWARE, *SOCIAL structure

Abstract

Currently, malware activities pose a substantial risk to the security of Android applications. These risks are capable of stealing important information and causing chaos in the economy, social structure, and financial sector. Malicious network traffic targets Android applications due to their constant connectivity. This study develops the NMal-Droid approach for network-based Android malware detection and classification. First, we designed a packet parser algorithm that filters the combination of HTTP traces and TCP flows from PCAPs (Packet Capturing) files. Second, the fine-tune embedding approach is developed that uses a word2vec pre-trained model to analyze features' embeddings in three different ways, i.e., random, static, and dynamic. It is used to learn and extract feature-matrix matrices with related meanings. Third, The Convolutional Neural Network (CNN) is used to extract effective features from embedded information. Fourth, the Bi-directional Gated Recurrent Unit (Bi-GRU) neural network is designed to compute gradient computation in the context of time-forward and time-reversed. Finally, a multi-head ensemble of CNN-BiGRU is developed for accurate malware classification and detection. The proposed approach is evaluated on five different activation functions with 100 filters and a range of 1–5 kernel sizes for in-depth investigation. An explainable AI-based experiment is conducted to interpret and validate the proposed approach. The proposed method is tested using two big Android malware datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2k malware and 3.2K benign samples. It is shown that the proposed approach outperforms as compared to the state-of-the-art methods. [ABSTRACT FROM AUTHOR]

Published

2024

9. Enhancing data protection with a distributed storage system based on the redundant residue number system.

Author

Gao, Zhen, Shi, Lu, and Reviriego, Pedro

Subjects

*COMPUTER network traffic, *CHINESE remainder theorem, *UBIQUITOUS computing, *DATA recovery, *DATA protection

Abstract

Big data becomes the key for ubiquitous computing and intelligence, and Distributed Storage Systems (DSS) are widely used in large-scale data centers or in the cloud for efficient data management. However, the data on stored are likely to be unavailable due to hardware failures and cyberattacks, e.g. DDoS. Maximum Distance Separable (MDS) codes are commonly used for the recovery of faulty storage nodes or unavailable data. However, the recovery of data nodes usually involves access to multiple nodes, which introduces significant communication overheads to the DSS. In this paper, a new DSS based on the Redundant Residue Number System (RRNS) is proposed, where efficient recovery is enabled by applying the second version of Chinese Remainder Theorem (CRT-II). The complexity and network traffic of the proposed data protection scheme is analyzed theoretically and compared with that of traditional MDS based DSSs. Experimental results show that the proposed DSS achieves lower encoding complexity, lower recovery complexity and lower network traffic than the MDS based schemes. Although the proposed data protection scheme introduces computation overheads for the case on which there are no failing nodes, its complexity is still lower for scenarios with frequent data updates. In addition, the proposed scheme introduces additional advantages in terms of security and storage flexibility. [ABSTRACT FROM AUTHOR]

Published

2024

10. Fortifying Smart Grids: A Holistic Assessment Strategy against Cyber Attacks and Physical Threats for Intelligent Electronic Devices.

Author

Chen, Yangrong, Li, June, Xia, Yu, Zhang, Ruiwen, Li, Lingling, Li, Xiaoyu, and Ge, Lin

Subjects

GREY relational analysis, COMPUTER network traffic, ANALYTIC hierarchy process, COMPUTER security vulnerabilities, HYBRID securities

Abstract

Intelligent electronic devices (IEDs) are interconnected via communication networks and play pivotal roles in transmitting grid-related operational data and executing control instructions. In the context of the heightened security challenges within smart grids, IEDs pose significant risks due to inherent hardware and software vulnerabilities, as well as the openness and vulnerability of communication protocols. Smart grid security, distinct from traditional internet security, mainly relies on monitoring network security events at the platform layer, lacking an effective assessment mechanism for IEDs. Hence, we incorporate considerations for both cyber-attacks and physical faults, presenting security assessment indicators and methods specifically tailored for IEDs. Initially, we outline the security monitoring technology for IEDs, considering the necessary data sources for their security assessment. Subsequently, we classify IEDs and establish a comprehensive security monitoring index system, incorporating factors such as running states, network traffic, and abnormal behaviors. This index system contains 18 indicators in 3 categories. Additionally, we elucidate quantitative methods for various indicators and propose a hybrid security assessment method known as GRCW-hybrid, combining grey relational analysis (GRA), analytic hierarchy process (AHP), and entropy weight method (EWM). According to the proposed assessment method, the security risk level of IEDs can be graded into 6 levels, namely 0, 1, 2, 3, 4, and 5. The higher the level, the greater the security risk. Finally, we assess and simulate 15 scenarios in 3 categories, which are based on monitoring indicators and real-world situations encountered by IEDs. The results show that calculated security risk level based on the proposed assessment method are consistent with actual simulation. Thus, the reasonableness and effectiveness of the proposed index system and assessment method are validated. Graphic Abstract [ABSTRACT FROM AUTHOR]

Published

2024

11. RESP: A Recursive Clustering Approach for Edge Server Placement in Mobile Edge Computing.

Author

Vali, Ali Akbar, Azizi, Sadoon, and Shojafar, Mohammad

Subjects

COMPUTER network traffic, EDGE computing, NETWORK performance, SMART cities, 5G networks

Abstract

With the rapid advancement of the Internet of Things and 5G networks in smart cities, the inevitable generation of massive amounts of data, commonly known as big data, has introduced increased latency within the traditional cloud computing paradigm. In response to this challenge, Mobile Edge Computing (MEC) has emerged as a viable solution, offloading a portion of mobile device workloads to nearby edge servers equipped with ample computational resources. Despite significant research in MEC systems, optimizing the placement of edge servers in smart cities to enhance network performance has received little attention. In this article, we propose RESP, a novel Recursive clustering technique for Edge Server Placement in MEC environments. RESP operates based on the median of each cluster determined by the number of base transceiver stations, strategically placing edge servers to achieve workload balance and minimize network traffic between them. Our proposed clustering approach substantially improves load balancing compared to existing methods and demonstrates superior performance in handling traffic dynamics. Through experimental evaluation with real-world data from Shanghai Telecom's base station dataset, our approach outperforms several representative techniques in terms of workload balancing and network traffic optimization. By addressing the ESP problem and introducing an advanced recursive clustering technique, this work makes a substantial contribution to optimizing mobile edge computing networks in smart cities. The proposed algorithm outperforms alternative methodologies, demonstrating a 10% average improvement in optimizing network traffic. Moreover, it achieves a 53% more suitable result in terms of computational load. [ABSTRACT FROM AUTHOR]

Published

2024

12. Enhanced Network Intrusion Detection System for Internet of Things Security Using Multimodal Big Data Representation with Transfer Learning and Game Theory.

Author

Ullah, Farhan, Turab, Ali, Ullah, Shamsher, Cacciagrano, Diletta, and Zhao, Yue

Subjects

*BIG data, *INTERNET security, *INTERNET of things, *GAME theory, *EDUCATIONAL games, *MULTIMODAL user interfaces, *EMAIL security, *MULTISPECTRAL imaging

Abstract

Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally. [ABSTRACT FROM AUTHOR]

Published

2024

13. MATHEMATICAL MODEL AND STRUCTURE OF A NEURAL NETWORK FOR DETECTION OF CYBER ATTACKS ON INFORMATION AND COMMUNICATION SYSTEMS.

Author

Zahoruiko, Lubov, Martianova, Tetiana, Al-Hiari, Mohammad, Polovenko, Lyudmyla, Kovalchuk, Maiia, Merinova, Svitlana, Shakhov, Volodymyr, and Yeraliyeva, Bakhyt

Subjects

COMPUTER network traffic, ARTIFICIAL neural networks, COMPUTER networks, COMPUTER systems, TELECOMMUNICATION systems

Abstract

Copyright of Informatics Control Measurement in Economy & Environment Protection / Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska is the property of Lublin University of Technology and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

14. Integration of simulated annealing into pigeon inspired optimizer algorithm for feature selection in network intrusion detection systems.

Author

Huang, Wanwei, Tian, Haobin, Wang, Sunan, Zhang, Chaoqin, and Zhang, Xiaohui

Subjects

COMPUTER network traffic, BOOSTING algorithms, FEATURE selection, SIMULATED annealing, RANDOM forest algorithms, INTRUSION detection systems (Computer security)

Abstract

In the context of the 5G network, the proliferation of access devices results in heightened network traffic and shifts in traffic patterns, and network intrusion detection faces greater challenges. A feature selection algorithm is proposed for network intrusion detection systems that uses an improved binary pigeon-inspired optimizer (SABPIO) algorithm to tackle the challenges posed by the high dimensionality and complexity of network traffic, resulting in complex models, reduced accuracy, and longer detection times. First, the raw dataset is pre-processed by uniquely one-hot encoded and standardized. Next, feature selection is performed using SABPIO, which employs simulated annealing and the population decay factor to identify the most relevant subset of features for subsequent review and evaluation. Finally, the selected subset of features is fed into decision trees and random forest classifiers to evaluate the effectiveness of SABPIO. The proposed algorithm has been validated through experimentation on three publicly available datasets: UNSW-NB15, NLS-KDD, and CIC-IDS-2017. The experimental findings demonstrate that SABPIO identifies the most indicative subset of features through rational computation. This method significantly abbreviates the system's training duration, enhances detection rates, and compared to the use of all features, minimally reduces the training and testing times by factors of 3.2 and 0.3, respectively. Furthermore, it enhances the F1-score of the feature subset selected by CPIO and Boost algorithms when compared to CPIO and XGBoost, resulting in improvements ranging from 1.21% to 2.19%, and 1.79% to 4.52%. [ABSTRACT FROM AUTHOR]

Published

2024

15. THE EFFECT OF NOISE ON RECURRENT DIAGRAMS OF ENERGY CONSUMPTION OF A METALLURGICAL ENTERPRISE.

Author

Bakurova, Anna and Yuskiv, Olesia

Subjects

*COMPUTER network traffic, *ELECTRIC power consumption, *TIME series analysis, *ENERGY consumption, *CONSUMPTION (Economics)

Abstract

The most common problem faced by modern metallurgical enterprises is the improvement of their energy efficiency, which is based on the management of energy-saving projects. The paper deals with the analysis of the impact of external noise on recurrent diagrams based on short-term time series of daily energy consumption of a metallurgical enterprise. The object of this study is short time series of energy consumption of a metallurgical enterprise. The time series of energy consumption of PJSC «Electrometallurgical Plant «Dniprospetsstal» (Ukraine) for 2018–2021 were used as data. The subject of the study is the method of recurrent diagrams of short time series. In the process of research, methods of short time series analysis based on recurrent analysis were used to study the characteristics of the system state on the example of a metallurgical enterprise. An analysis of the influence of external noise on recurrent diagrams of short-term chaotic time series was carried out using the developed software in the Matlab environment for constructing recurrent diagrams of energy consumption of a metallurgical enterprise. The following tasks were solved in the work: software was developed for constructing recurrent diagrams in the Matlab package with the possibility of analyzing changes in the magnitude of quantitative indicators of recurrent diagrams under the influence of different levels of noise in time series. The obtained results are recommended to be used to characterize the state of the system and analyze the influence of external noise. The practical value of the performed work is determined by the proven usefulness of recurrent analysis for estimating electricity consumption and the improvement of modeling of this process, which will allow increasing the accuracy of forecasting future dynamics verified by empirical data. [ABSTRACT FROM AUTHOR]

Published

2024

16. Enhanced security for IoT networks: a hybrid optimized learning model for intrusion classification.

Author

Rajarajan, S and Kavitha, M G

Abstract

The Internet of Things (IoT) features multiple device connectivity and breaks the conventional network connectivity limitations like limited wireless range, scalability specific communication protocol dependency, etc. Multiple devices can be connected in an IoT network without significant infrastructure changes and the devices can communicate with each other through variety of protocols, which could be more beneficial in many organizations, consumers, and governments. However, the rapid development of IoT technology requires a secure network as it must access different devices and communication methods. This diversity and heterogeneity make network intrusions more convenient for intruders. IoT network complexity and security flaws increase when a large volume of data is transferred through a network. Intrusion detection systems (IDS) are used to monitor the network behavior for detecting unusual behaviors or intrusions. Numerous machine learning models are used in IDS for classifying network traffic. However, these methods lag in detection performances due to limited feature handling abilities. Thus, in selecting optimal features that correctly indicate the intrusions in the network, optimization models are used in IDSs. However, due to the limited exploration and exploitation ability of conventional optimization algorithms, this research presents a hybrid optimization algorithm using Salp Swarm Optimization and Bee Foraging (SSA-BF) optimization approaches for optimal feature selection. The optimal features are classified using a multiplicative Long Short-Term Memory (MLSTM) network. To check the robustness of the proposed IDS, accuracy, recall, f1-score, and precision metrics are considered for analysis. Simulation results of the proposed IDS exhibited a maximum accuracy of 95.8%, better than conventional Auto Encoder, Convolutional Neural Network, Gaussian mixture model with Generative adversarial Network, Multi-CNN, and DeepNet-based IDSs. [ABSTRACT FROM AUTHOR]

Published

2024

17. MATHEMATICAL MODEL AND STRUCTURE OF A NEURAL NETWORK FOR DETECTION OF CYBER ATTACKS ON INFORMATION AND COMMUNICATION SYSTEMS

Author

Lubov Zahoruiko, Tetiana Martianova, Mohammad Al-Hiari, Lyudmyla Polovenko, Maiia Kovalchuk, Svitlana Merinova, Volodymyr Shakhov, and Bakhyt Yeraliyeva

Subjects

neural networks, network traffic, network connection, cyber attack, information and communication system., Environmental engineering, TA170-171, Environmental sciences, GE1-350

Abstract

The paper discusses the principles of creating a mathematical model and system architecture by applying the method of artificial intelligence to detect cyberattacks on information and communication systems, where a neural network capable of learning and detecting cyberattacks is used. The proposed approach, based on the application of the developed mathematical model and architecture of artificial neural networks, as a detector of network attacks on information and communication systems, allows to increase the level of detection of network intrusions into computer systems, Web and Internet resources. An algorithm for processing network traffic parameters in real-time systems by structuring a neural network is proposed, which allows to optimize the redundancy of its multi-level structure at the level of inter-element connections.

Published

2024

18. Unveiling Risks and Challenges: The Attention Economy and China’s Tourism Cultural and Creative Innovations

Author

Li, Changhao, Appolloni, Andrea, Series Editor, Caracciolo, Francesco, Series Editor, Ding, Zhuoqi, Series Editor, Gogas, Periklis, Series Editor, Huang, Gordon, Series Editor, Nartea, Gilbert, Series Editor, Ngo, Thanh, Series Editor, Striełkowski, Wadim, Series Editor, Siuta-Tokarska, Barbara, editor, Grigorescu, Adriana, editor, and Zhu, Yifeng, editor

Published

2024

19. Early Detection and Classification of Zero-Day Attacks in Network Traffic Using Convolutional Neural Network

Author

Singh, Mahendra Pratap, Singh, Virendra Pratap, Gupta, Maanak, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Pastor-Escuredo, David, editor, Brigui, Imene, editor, Kesswani, Nishtha, editor, Bordoloi, Sushanta, editor, and Ray, Ashok Kumar, editor

Published

2024

20. Identification of Network Traffic Using Neural Networks

Author

Salimzyanova, Daria, Lisovskaya, Ekaterina, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Dudin, Alexander, editor, Nazarov, Anatoly, editor, and Moiseev, Alexander, editor

Published

2024

21. Unveiling the Unseen: Video Recognition Attacks on Social Software

Author

Zhao, Hangyu, Wu, Hua, Bian, Xuqiong, Liu, Songtao, Cheng, Guang, Hu, Xiaoyan, Tian, Zhiyi, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Zhu, Tianqing, editor, and Li, Yannan, editor

Published

2024

22. A Cost-Sensitive Sparse Auto-encoder Based Feature Extraction for Network Traffic Classification Using CNN

Author

Steffi, P. L., Sam Emmanuel, W. R., Rani, P. Arockia Jansi, Hameurlain, Abdelkader, Editorial Board Member, Rocha, Álvaro, Series Editor, Idri, Ali, Editorial Board Member, Vaseashta, Ashok, Editorial Board Member, Dubey, Ashwani Kumar, Editorial Board Member, Montenegro, Carlos, Editorial Board Member, Laporte, Claude, Editorial Board Member, Moreira, Fernando, Editorial Board Member, Peñalvo, Francisco, Editorial Board Member, Dzemyda, Gintautas, Editorial Board Member, Mejia-Miranda, Jezreel, Editorial Board Member, Hall, Jon, Editorial Board Member, Piattini, Mário, Editorial Board Member, Holanda, Maristela, Editorial Board Member, Tang, Mincong, Editorial Board Member, Ivanovíc, Mirjana, Editorial Board Member, Muñoz, Mirna, Editorial Board Member, Kanth, Rajeev, Editorial Board Member, Anwar, Sajid, Editorial Board Member, Herawan, Tutut, Editorial Board Member, Colla, Valentina, Editorial Board Member, Devedzic, Vladan, Editorial Board Member, Manoharan, S., editor, Tugui, Alexandru, editor, and Baig, Zubair, editor

Published

2024

23. Towards a Supervised Machine Learning Algorithm for Cyberattacks Detection and Prevention in a Smart Grid Cybersecurity System

Author

Vincent Banda, Takudzwa, Blaauw, Dewald, Watson, Bruce W., Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Debelee, Taye Girma, editor, Ibenthal, Achim, editor, Schwenker, Friedhelm, editor, and Megersa Ayano, Yehualashet, editor

Published

2024

24. ZeekFlow: Deep Learning-Based Network Intrusion Detection a Multimodal Approach

Author

Giagkos, Dimitrios, Kompougias, Orestis, Litke, Antonis, Papadakis, Nikolaos, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Katsikas, Sokratis, editor, Abie, Habtamu, editor, Ranise, Silvio, editor, Verderame, Luca, editor, Cambiaso, Enrico, editor, Ugarelli, Rita, editor, Praça, Isabel, editor, Li, Wenjuan, editor, Meng, Weizhi, editor, Furnell, Steven, editor, Katt, Basel, editor, Pirbhulal, Sandeep, editor, Shukla, Ankur, editor, Ianni, Michele, editor, Dalla Preda, Mila, editor, Choo, Kim-Kwang Raymond, editor, Pupo Correia, Miguel, editor, Abhishta, Abhishta, editor, Sileno, Giovanni, editor, Alishahi, Mina, editor, Kalutarage, Harsha, editor, and Yanai, Naoto, editor

Published

2024

25. Machine Learning Based Detection of Hidden Data in Network Packets

Author

Mohan, Akshay, Amritha, P. P., Sethumadhavan, M., Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, So In, Chakchai, editor, Londhe, Narendra D., editor, Bhatt, Nityesh, editor, and Kitsing, Meelis, editor

Published

2024

26. Cyber-Attacks and Anomaly Detection in Networking Based on Deep Learning—A Survey

Author

Swathi, K., Narsimha, G., Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Tan, Kay Chen, Series Editor, Gunjan, Vinit Kumar, editor, Kumar, Amit, editor, Zurada, Jacek M., editor, and Singh, Sri Niwas, editor

Published

2024

27. IPAssess: A Protocol-Based Fingerprinting Model for Device Identification in the IoT

Author

Ganeriwala, Parth, Bhattacharyya, Siddhartha, Muthalagu, Raja, Nandanwar, Shreya, Gupta, Anubhav, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, and Arai, Kohei, editor

Published

2024

28. Approach on Machine Learning Techniques for Anomaly-Based Web Intrusion Detection Systems: Using CICIDS2017 Dataset

Author

Phulre, Ajay Kumar, Verma, Manoj, Mathur, Jitendra Pratap Singh, Jain, Sanat, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Verma, Om Prakash, editor, Wang, Lipo, editor, Kumar, Rajesh, editor, and Yadav, Anupam, editor

Published

2024

29. Techniques to Share and Store Large Data in Used System to Reduce Network Traffic and Cost

Author

Kamble, Punam S., Sawant, Namdev M., Pawar, Prashant M., editor, Ronge, Babruvahan P., editor, Gidde, Ranjitsinha R., editor, Pawar, Meenakshi M., editor, Misal, Nitin D., editor, Budhewar, Anupama S., editor, More, Vrunal V., editor, and Reddy, P. Venkata, editor

Published

2024

30. Reducing DNS Traffic to Enhance Home IoT Device Privacy.

Author

Moure-Garrido, Marta, Garcia-Rubio, Carlos, and Campo, Celeste

Subjects

*INTERNET domain naming system, *INTERNET of things, *INTERNET servers, *COMPUTER network traffic, *PRIVACY, *CYBERTERRORISM

Abstract

The deployment of Internet of Things (IoT) devices is widespread in different environments, including homes. Although security is incorporated, homes can become targets for cyberattacks because of their vulnerabilities. IoT devices generate Domain Name Server (DNS) traffic primarily for communication with Internet servers. In this paper, we present a detailed analysis of DNS traffic from IoT devices. The queried domains are highly distinctive, enabling attackers to easily identify the IoT device. In addition, we observed an unexpectedly high volume of queries. The analysis reveals that the same domains are repeatedly queried, DNS queries are transmitted in plain text over User Datagram Protocol (UDP) port 53 (Do53), and the excessive generation of traffic poses a security risk by amplifying an attacker's ability to identify IoT devices and execute more precise, targeted attacks, consequently escalating the potential compromise of the entire IoT ecosystem. We propose a simple measure that can be taken to reduce DNS traffic generated by IoT devices, thus preventing it from being used as a vector to identify the types of devices present in the network. This measure is based on the implementation of the DNS cache in the devices; caching few resources increases privacy considerably. [ABSTRACT FROM AUTHOR]

Published

2024

31. Load based dynamic channel allocation model to enhance the performance of device-to-device communication in WPAN.

Author

Logeshwaran, J., Shanmugasundaram, R. N., and Lloret, Jaime

Subjects

*WIRELESS personal area networks, *DYNAMIC loads, *COMPUTER network traffic, *WIRELESS mesh networks

Abstract

The modern communication network has advanced to such an extent that it is now possible for devices within a wireless personal area network (WPAN) to communicate among themselves directly. However, the limited shared radio resources of a WPAN lead to numerous issues, such as cross-layer interference and data collisions, which wind up affecting the quality of communication. A load based dynamic channel allocation (LB-DCA) model has been proposed to enhance the performance of device-to-device communication in WPAN. This model uses several control schemes in collaboration with interference estimation and channel load balancing mechanisms to allocate and manage the radio resources efficiently. The objective of this model is to achieve high throughput, low interference and low energy consumption. The control schemes implemented are based on distributed coordination and a cell-splitting approach. These schemes are utilized to estimate the channel usage and number of active nodes in a network. The interference estimation is done by using a new efficiency formula. Further, channel load balancing takes into account the hops and load factor values. The proposed model obtained 98.58% CSI, 95.86% MCC, 96.35% delta-P, 97.96% FMI, 99.83% BMI, 21.52% enhanced spectrum efficiency, 16.38% enhanced scalability, 18.79% enhanced signal quality, 18.64% enhanced power control and 18.89% enhanced energy efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

32. Integration of Telkom ISP and 3 LTE Using PCC Method to Improve Internet Connection Stability.

Author

Putra, Muh. Fardika Irwan Pratama, Parenreng, Jumadi Mabe, and Yahya, Muhammad

Subjects

INTERNET access, COMPUTER network traffic, NETWORK performance, INTERNET users, INTERNET

Abstract

This research focuses on improving internet connection stability at the Network Laboratory of JTIK, Faculty of Engineering, Universitas Negeri Makassar. The study aims to address the challenges of disruptions and instability frequently faced by users of Telkom WiFi in the laboratory, causing significant disruptions in internet activities. This instability is exacerbated by simultaneous internet usage, leading to network overload and bandwidth competition among users, ultimately reducing the overall network performance. As a solution, the research proposes the implementation of a network system that integrates Telkom ISP and 3 LTE using the PCC method. The system is equipped with a failover mechanism that automatically redirects the network connection to the active ISP when issues are detected. Additionally, the research categorizes users into admin lecturers and students, imposing bandwidth limitations specifically for students to prevent excessive network traffic. Three in-depth testing scenarios were conducted, demonstrating that the system smoothly redirects internet connections to the active ISP during issues, ensuring uninterrupted and effective internet access for users. [ABSTRACT FROM AUTHOR]

Published

2024

33. Time‐based DDoS attack detection through hybrid LSTM‐CNN model architectures: An investigation of many‐to‐one and many‐to‐many approaches.

Author

Habib, Beenish and Khursheed, Farida

Subjects

ARTIFICIAL neural networks, DENIAL of service attacks, CONVOLUTIONAL neural networks, COMPUTER network traffic, ARTIFICIAL intelligence, DEEP learning

Abstract

Summary: Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance. [ABSTRACT FROM AUTHOR]

Published

2024

34. Forecasting of mobile network traffic and spatio–temporal analysis using modLSTM.

Author

Aski, Vidyadhar J., Chavan, Rugved Sanjay, Dhaka, Vijaypal Singh, Rani, Geeta, Zumpano, Ester, and Vocaturo, Eugenio

Subjects

COMPUTER network traffic, DATA scrubbing, INTERNET service providers, RECURRENT neural networks, FORECASTING

Abstract

This paper introduces an innovative system and prediction model for forecasting network traffic in specific geographical locations using historical data. As Internet service providers increasingly rely on data analytics for decision-making, optimized network forecasting faces challenges such as data cleaning and preprocessing. Our approach utilizes an Artificial Recurrent Neural Network-based Modified Long Short-Term Memory model to provide continuous and precise predictions of network traffic. Notably, the proposed model outperforms conventional LSTM models, achieving a 61.9% reduction in Mean Absolute Percent Error. Our approach also integrates an interpolation technique to address the zero-component error. This further enhances the effectiveness and reliability of the model. The model promises to enhance resource utilization and lighten the load on traffic resource provisioning entities, promoting more efficient mobile network traffic management. The low training time of 3.26 min and prediction time of 0.14 s pave the way for real-time implementation of the model for network traffic forecasting and management. The comparative analysis with state-of-the-art models proves the supremacy of the proposed model. [ABSTRACT FROM AUTHOR]

Published

2024

35. Modelling an Improved Swarm Optimizer and Boosted Quantile Estimator For Malicious Flow Monitoring And Prediction In Network.

Author

Harita, U. and Mohammed, Moulana

Subjects

COMPUTER security, COMPUTER network traffic, ARTIFICIAL intelligence, FEATURE selection, FEATURE extraction

Abstract

For a long time, malware has posed a significant risk to computer system security. The effectiveness of conventional detection techniques based on static and dynamic analysis is restricted due to the quick advancement of anti-detection technologies. In recent years, AI-based malware detection has increasingly been employed to combat malware due to its improved predictive ability. Unfortunately, because malware may be so diverse, it can be challenging to extract features from it, which makes using AI for malware detection ineffective. A malware classifier based on an Improved Salp Swarm optimization for feature selection and a Boosted tree with Conditional Quantile Estimation (ISSO-BCQE) is developed to adapt different malware properties to solve the problem. Specifically, the malware code is extracted, and the feature sequence is generated into a boosting tree where the feature map of the node is extracted using BCQE, where a boosting network is used to design a classifier and the method's performance is finally analyzed and compared. The results show that our model works better than other approaches regarding FPR and accuracy. It also shows that the method beats current methods with the highest accuracy of 99.6% in most detecting circumstances. It is also stable in handling malware growth and evolution. [ABSTRACT FROM AUTHOR]

Published

2024

36. ANOMALY DETECTION SYSTEM FOR NETWORK TRANSPORT WITH MACHINE LEARNING APPROACH.

Author

SERENJE, MACDONALD and MKANDAWIRE, MTENDE

Subjects

ANOMALY detection (Computer security), COMPUTER network traffic, NETWORK performance, COMMUNICATION infrastructure, FEATURE extraction, MACHINE learning

Abstract

The rapid growth of network infrastructures and the increasing volume of data transmitted through them have led to a critical need for efficient and accurate anomaly detection systems in network transport. This paper proposes a novel anomaly detection system that utilizes machine learning techniques to identify abnormal patterns and deviations in network traffic. The proposed system follows a multi-layered approach, starting with the collection of network traffic data from various sources, including routers, switches, and gateways. The data is then preprocessed to extract relevant features and eliminate noise. Feature extraction is carried out using statistical, time-series, and flow-based analysis to capture the inherent characteristics of network communication. Machine learning algorithms, such as neural networks, or in this case, auto-encoders, will be trained to learn the patterns of normal network behavior and subsequently detect deviations from these patterns as anomalies. The system provides alerts and notifications to network administrators, allowing prompt investigation and response to potential security threats or network performance issues. It effectively differentiates between benign and malicious network activities, enabling network administrators to take proactive measures to secure their infrastructure and ensure uninterrupted communication. [ABSTRACT FROM AUTHOR]

Published

2024

37. Integration of simulated annealing into pigeon inspired optimizer algorithm for feature selection in network intrusion detection systems

Author

Wanwei Huang, Haobin Tian, Sunan Wang, Chaoqin Zhang, and Xiaohui Zhang

Subjects

Feature selection, Intrusion detection system, Network traffic, Pigeon inspired optimization, Population decay factor, Simulated annealing, Electronic computers. Computer science, QA75.5-76.95

Abstract

In the context of the 5G network, the proliferation of access devices results in heightened network traffic and shifts in traffic patterns, and network intrusion detection faces greater challenges. A feature selection algorithm is proposed for network intrusion detection systems that uses an improved binary pigeon-inspired optimizer (SABPIO) algorithm to tackle the challenges posed by the high dimensionality and complexity of network traffic, resulting in complex models, reduced accuracy, and longer detection times. First, the raw dataset is pre-processed by uniquely one-hot encoded and standardized. Next, feature selection is performed using SABPIO, which employs simulated annealing and the population decay factor to identify the most relevant subset of features for subsequent review and evaluation. Finally, the selected subset of features is fed into decision trees and random forest classifiers to evaluate the effectiveness of SABPIO. The proposed algorithm has been validated through experimentation on three publicly available datasets: UNSW-NB15, NLS-KDD, and CIC-IDS-2017. The experimental findings demonstrate that SABPIO identifies the most indicative subset of features through rational computation. This method significantly abbreviates the system’s training duration, enhances detection rates, and compared to the use of all features, minimally reduces the training and testing times by factors of 3.2 and 0.3, respectively. Furthermore, it enhances the F1-score of the feature subset selected by CPIO and Boost algorithms when compared to CPIO and XGBoost, resulting in improvements ranging from 1.21% to 2.19%, and 1.79% to 4.52%.

Published

2024

38. Security Information Event Management data acquisition and analysis methods with machine learning principles

Author

Noyan Tendikov, Leila Rzayeva, Bilal Saoud, Ibraheem Shayea, Marwan Hadri Azmi, Ali Myrzatay, and Mohammad Alnakhli

Subjects

Machine learning, SIEM, Classification, Clustering, Text vectorizer, Network traffic, Technology

Abstract

In the face of increasing global disruptions, the cybersecurity field is confronting rising threats posed by offensive groups and individual hackers. Traditional security measures often fall short in detecting and mitigating these sophisticated attacks, necessitating advanced intrusion detection methods. The goal of our study is to develop robust network intrusion detection methods using machine learning techniques. In addition, we evaluate the effectiveness of various machine learning models in detecting network intrusions. Model performances are optimized through hyperparameter tuning and feature selection. A range of classification and clustering models have been employed. Data from SIEM systems capturing real-time statistics from cloud-hosted Windows virtual machines has been gathered and augmented with web attack logs from CICIDS2017, each comprising approximately fifteen thousand rows. Hyperparameter tuning, data normalization, standardization and feature selection techniques for model optimization have been used in our study. The research showcases the potential of machine learning in enhancing network intrusion detection capabilities. The findings underscore the effectiveness of the Random Forest Classifier (0.97) and highlight the importance of utilizing diverse datasets and advanced optimization techniques. This study offers valuable insights and sets a foundation for future advancements in cybersecurity strategies and intrusion detection systems.

Published

2024

39. Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature

Author

Taotao LIU, Yu FU, Kun WANG, and Xueyuan DUAN

Subjects

intrusion detection, network traffic, class imbalance, feature selection, fusion of statistical importance, Telecommunication, TK5101-6720

Abstract

Considering the problems of traditional intrusion detection methods limited by the class imbalance of datasets and the poor representation of selected features, a detection method based on VAE-CWGAN and fusion of statistical importance of features was proposed.Firstly, data preprocessing was conducted to enhance data quality.Secondly, a VAE-CWGAN model was constructed to generate new samples, addressing the problem of imbalanced datasets, ensuring that the classification model no longer biased towards the majority class.Next, standard deviation, difference of median and mean were used to rank the features and fusion their statistical importance for feature selection, aiming to obtain more representative features, which made the model can better learn data information.Finally, the mixed data set after feature selection was classified through a one-dimensional convolutional neural network.Experimental results show that the proposed method demonstrates good performance advantages on three datasets, namely NSL-KDD, UNSW-NB15, and CIC-IDS-2017.The accuracy rates are 98.95%, 96.24%, and 99.92%, respectively, effectively improving the performance of intrusion detection.

Published

2024

40. Enhancing Network Traffic Anomaly Detection: Leveraging Temporal Correlation Index in a Hybrid Framework

Author

A. H. Nasreen Fathima, S. P. Syed Ibrahim, and Ansam Khraisat

Subjects

Anomaly detection, deep learning, generative model, network intrusion detection system, network traffic, security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The modern digital environment is becoming increasingly interconnected, underscoring the critical need to safeguard network infrastructures. Detecting anomalies in network traffic remains essential as cyber threats continue to evolve. Analyzing trends, patterns, and relationships in network traffic data over time poses challenges. On the other hand, traditional generative neural networks emphasize detecting network attacks but encounter difficulties due to limitations in capturing the temporal and dynamic aspects of network traffic. This paper introduces a new methodology aimed at enhancing the identification of irregularities in network traffic using a Temporal Metric-Driven GRU Embedded Generative Neural Network (TMG-GRU-VAE). This method incorporates Gated Recurrent Units (GRU) into variational autoencoders to effectively train on the temporal characteristics of network traffic in temporal sequential networks. Moreover, we present a Temporal Correlation Index (TCI) score designed for anomaly detection in Network Intrusion Detection Systems (NIDS). This innovative metric offers a sophisticated and dynamic assessment of temporal behavior within network traffic. TCI’s ability to distinguish between normal and anomalous temporal patterns plays a pivotal role in mitigating false positives. Our proposed method greatly improves the detection of small changes in abnormal sequences over time, enhancing accuracy by making anomalies stand out more clearly and reducing false alarms, thereby making the system more reliable. The proposed work, validated using the CIC-IDS-2017 and CIC-IDS-2018 datasets, demonstrates a significant decrease in False Positives (FP) across all models. Notable improvements range from 7.2% to 12.9% for the CIC-IDS-2017 dataset and from 7.1% to 14.1% for the CIC-IDS-2018 dataset. This highlights its significant impact on decreasing false positive rates.

Published

2024

41. A Human-in-the-Loop Anomaly Detection Architecture for Big Traffic Data of Cellular Network

Author

Shenglong Liu, Yuxiao Xia, and Di Wang

Subjects

Cyber threats, network traffic, network security, big data, SNMDF, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In the era of mobile big data, smart mobile devices have become an integral part of our daily life, which brings many benefits to the digital society. However, their popularity and relatively lax security make them vulnerable to various cyber threats. Traditional network traffic analysis techniques utilizing pattern matching and regular expressions matching algorithms are becoming insufficient for mobile big data. Network traffic anomaly detection is an effective method to replace traditional methods. Network traffic anomaly detection can solve many new challenges brought by future network and protect the security of network. In this article, we propose a streaming network framework for mobile big data, referred to as SNMDF, which provides massive data traffic collection, processing, analysis, and updating functions, to cope with the tremendous amount of data traffic. In particular, by analyzing the specific characteristics of anomaly traffic data from flow and user behavior, our proposed SNMDF demonstrates its capability to offer real data-based advice to address new challenges for future wireless networks from the viewpoints of operators. Tested by real mobile big data, SNMDF has proven its efficiency and reliability. Furthermore, SNMDF is accessed for the digital twin of the space Internet, which validates that it can be generalized to other environments with massive data traffic or big data.

Published

2024

42. Evaluation of firewall performance metrics with ranging the rules for Poisson incoming packet flow and exponential filtering time

Author

Anatoly Yu. Botvinko and Konstantin E. Samouylov

Subjects

firewall, ranging the filtration rules, network traffic, phase service, queuing system, Electronic computers. Computer science, QA75.5-76.95

Abstract

The given article is a continuation of a number of works devoted to the development of models and methods for ranging the filtration rules to prevent a decrease in the firewall performance caused by the use of a sequential scheme for checking packet compliance with the rules, as well as by the heterogeneity and variability of network traffic. The article includes a description of a firewall mathematical model given in the form of a complex system and a queuing system with a phase-type discipline for request servicing, which formalizes the network traffic filtering process with the functionality of ranging the rules. The purpose of modeling is to obtain estimates for major firewall performance metrics for various network traffic behavior scenarios, as well as to evaluate an increase in the firewall performance due to ranging a filtration rule set. Calculation of estimates for the firewall (FW) performance metrics was made using the analytical method for a Poisson request flow. Based on the analysis of the modeling results, conclusions were drawn on the effectiveness of ranging the filtration rules in order to improve the firewall performance for traffic scenarios that are close to real ones.

Published

2023

43. On the utility of probabilistic closed-form proxy models for describing supercomputer network traffic data

Author

Awoleke, Obadare O., Sachdev, Kapil, and Brown, Kevin A.

Published

2024

44. Improving Network Security with Gradient Boosting from KDD Cup Dataset

Author

Dwivedi, Devanshi, Bhushan, Aditya, Singh, Ashutosh Kumar, and Snehlata

Published

2024

45. Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature.

Author

LIU Taotao, FU Yu, WANG Kun, and DUAN Xueyuan

Abstract

Considering the problems of traditional intrusion detection methods limited by the class imbalance of datasets and the poor representation of selected features, a detection method based on VAE-CWGAN and fusion of statistical importance of features was proposed. Firstly, data preprocessing was conducted to enhance data quality. Secondly, a VAE-CWGAN model was constructed to generate new samples, addressing the problem of imbalanced datasets, ensuring that the classification model no longer biased towards the majority class. Next, standard deviation, difference of median and mean were used to rank the features and fusion their statistical importance for feature selection, aiming to obtain more representative features, which made the model can better learn data information. Finally, the mixed data set after feature selection was classified through a one-dimensional convolutional neural network. Experimental results show that the proposed method demonstrates good performance advantages on three datasets, namely NSL-KDD, UNSW-NB15, and CIC-IDS-2017. The accuracy rates are 98.95%, 96.24%, and 99.92%, respectively, effectively improving the performance of intrusion detection. [ABSTRACT FROM AUTHOR]

Published

2024

46. Evaluating Machine Learning and Deep Learning Models for Enhanced DDoS Attack Detection.

Author

Owaid, Mohand Adnan and Hammoodi, Asmaa Salih

Subjects

DEEP learning, DENIAL of service attacks, MACHINE learning, COMPUTER network traffic, CYBERTERRORISM, CONVOLUTIONAL neural networks

Abstract

In the realm of network security, distributed denial of service (DDoS) attacks pose a formidable threat, often resulting in operational disruptions and substantial financial losses. Traditional methods for DDoS detection struggle to adapt to the rapidly evolving attack methodologies, leading to compromised detection robustness and accuracy. The urgent need for more sophisticated detection mechanisms is evident. This investigation explores the effectiveness of advanced deep learning and ensemble machine learning models in identifying DDoS threats. A comprehensive approach is employed, leveraging a multitude of base classifiers to construct a robust and precise detection system. Integral to this study is the application of convolutional neural networks (CNNs), a deep learning variant, adept at discerning complex patterns and relationships within network traffic data. These models excel in autonomously extracting pertinent features, thereby enabling efficient detection of intricate DDoS attacks. A critical step in this methodology involves the collection of a comprehensive network traffic dataset, encompassing both normal and DDoS attack scenarios. This dataset undergoes a rigorous preprocessing and enhancement phase to ensure a balanced and representative training set. Subsequently, the augmented data is utilized to train the proposed models. The performance of these models is evaluated using a variety of metrics. Results from the experiments demonstrate that both machine learning and deep learning models significantly surpass existing techniques in DDoS detection. By amalgamating the strengths of various classifiers and neural networks, the method enhances detection precision and resistance to diverse attack variations. Comparative analyses reveal impressive performance metrics, with models such as CNN 1D and Alex Net achieving high levels of accuracy and precision. The outcomes of this study underscore the superiority of deep learning models in identifying both prevalent and novel DDoS attack patterns, thereby highlighting their potential in countering evolving cyber threats. The findings advocate for the enhanced precision and adaptability of the proposed approach in DDoS detection, marking a significant advancement in the field. [ABSTRACT FROM AUTHOR]

Published

2024

47. A Stacked Ensemble Model to Detect Network Intrusions.

Author

Sneha, S., Roshni, A., and Padmavathi, G.

Subjects

SUPERVISED learning, MACHINE learning, BOOSTING algorithms, K-nearest neighbor classification, INTRUSION detection systems (Computer security), COMPUTER network traffic, FEATURE selection

Abstract

A stacked ensemble machine learning framework using supervised machine learning method is presented to detect the different attack types. This paper deals with the development of supervised machine learning algorithms to detect network traffic intrusion from the CICIDS2017 and NSLKDD datasets. The detection of network traffic intrusion using a supervised machine learning approach comprises of five phases. Phase 1 is Data Acquisition. Phase 2 is the Data pre-processing method, which transforms the dataset and resamples the minority of attacks on the datasets (CIC- IDS2017 and NSLKDD).Wrapper- based feature selection methods are used to select the important Features in phase 3.The supervised machine learning models are developed with stacked ensemble learning methods such as Random Forest, Decision Tree, K Nearest Neighbors and Extreme Gradient Boosting algorithms. The developed models are then validated with appropriate performance evaluation metrics. The output of the different algorithms is then evaluated in phase 5 with metrics such as precision, recall, F1 Score, accuracy and ROC curve. With the proposed framework in CICIDS2017 dataset, the highest accuracy is attained by the K Nearest Neighbor model with 93.06% and the weighted average score of the stacked model is 97.83%. In NSLKDD Dataset, the highest accuracy is attained by the Extreme Gradient Boosting Model is 92.63% and the weighted average score of the stacked model is 97.24%. [ABSTRACT FROM AUTHOR]

Published

2024

48. ASSESSMENT OF QOS INDICATORS OF A NETWORK WITH UDP AND TCP TRAFFIC UNDER A NODE PEAK LOAD MODE.

Author

Pustovoitov, Pavlo, Voronets, Vitalii, Voronets, Oleksandr, Sokol, Halyna, and Okhrymenko, Maksym

Subjects

PEAK load, COMPUTER networks, TCP/IP, MARKOV processes, QUALITY of service

Abstract

The object of research is Markov models of network nodes with UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) traffic and their differences. The task solved is the lack of Markov models of network nodes describing the behavior of TCP traffic from the point of view of packet retransmissions and packet delivery guarantees. Markov models of network nodes describing traffic behavior with guaranteed packet delivery have been further advanced. Given the comparison of the models, the differences from the classic models serving TCP traffic were shown, for each packet flow, an additional dimensionally was added to the graph of states and transitions, which takes into account the retransmission of a lost packet. The comparison graph shows similar behavior of queue length and packet loss for both types of traffic. But the nature of the curves is different. With TCP traffic, packet loss can exceed 5 percent. In addition, lost packets must be retransmitted, which increases the load on the network node. More failures and packet queue lengths at a network node during peak load typically occur with TCP traffic compared to UDP traffic. At peak load, the difference in service failures can reach 20–30 percent. The main reason is that TCP uses flow control and rate-limiting mechanisms to avoid network congestion and ensure efficient data transfer between nodes. The Markov model of TCP traffic requires an additional dimensionally on the graph of states and transitions, which affects the behavior of queues and packet failures. The investigated problem was solved due to the universality and diversity of the mathematical apparatus of Markov mass service systems. The results could be used in network modeling software products for building and reengineering the topology of electronic communications networks at enterprises and organizations. [ABSTRACT FROM AUTHOR]

Published

2024

49. Enhancing Network Security: A Novel Hybrid ML Approach for DDoS Attack Detection.

Author

S., Rakesh V. and U., Vasanthakumar G.

Subjects

DENIAL of service attacks, COMPUTER network traffic, HYBRID securities, MACHINE learning, HYBRID systems, COMPUTER network security, SOFTWARE-defined networking

Abstract

Software-defined networking represents a ground breaking advancement in network technology, characterized by its desirable attributes such as enhanced flexibility and manageability. Although ongoing, the issue of DDoS assaults in SDN is characterized by malicious and obtrusive network traffic that overwhelms SDN resources. Despite numerous security methodologies aimed at detecting DDoS attacks, the challenge of effectively addressing this issue continues to persist as an active area of research. The XG-Light Hybrid, a unique hybrid system, has been developed in this work as a solution to this problem. This discovery is significant because it has the potential to dramatically increase the reliability of DDoS attack detection in SDN environments, hence boosting network security and stability. Key findings reveal that the proposed hybrid approach outperforms individual machine learning algorithms with respect to DDoS detection. [ABSTRACT FROM AUTHOR]

Published

2024

50. DETECTION OF OPERATING SYSTEM VULNERABILITIES AND NETWORK TRAFFIC ANALYSIS METHODS.

Author

Makulova, A., Sharipova, B., Othman, M., Pyrkova, A., and Ordabaveva, G.

Subjects

COMPUTER network traffic, INFORMATION processing, VIRTUAL machine systems, SCHOOL enrollment, COMPUTER systems

Abstract

Researchers and experts on information protection develop antivirus programs and applications to improve the security of operating systems and security policies. Threats will be relevant to organizations that do not consider security policies and regular software updates. This paper discusses applications for scanning and analyzing network traffic, such as Netdiscover, Wireshark, and Nmap. The model network is based on a virtual machine. This research aims to determine methods for scanning and analyzing network traffic and detecting network vulnerabilities. This study conducted a penetration test for Windows 10 using the Kali Purple operating system and identified the vulnerability of the operating system. The calculation of network traffic is performed with (1) the determination of the arithmetic means of network traffic, (2) the calculation of the variance, and (3) the determination of the magnitude of fluctuations relative to the average M; the range of maximum and minimum values of D; and the Hurst coefficient. As a result of the conducted research on students enrolled in the educational program 6B06301 -- Information Security Systems at Farabi University, the proficiency in MS Excel and C# skills amounted to 77.11%. The research results can be used in the field of information security systems. [ABSTRACT FROM AUTHOR]

Published

2024